View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  
28  package org.apache.hc.core5.http2.ssl;
29  
30  import java.net.SocketAddress;
31  
32  import javax.net.ssl.SSLContext;
33  
34  import org.apache.hc.core5.concurrent.FutureCallback;
35  import org.apache.hc.core5.http.HttpHost;
36  import org.apache.hc.core5.http.URIScheme;
37  import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
38  import org.apache.hc.core5.net.NamedEndpoint;
39  import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
40  import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
41  import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
42  import org.apache.hc.core5.reactor.ssl.TransportSecurityLayer;
43  import org.apache.hc.core5.ssl.SSLContexts;
44  import org.apache.hc.core5.util.Args;
45  import org.apache.hc.core5.util.Timeout;
46  
47  /**
48   * Basic client-side implementation of {@link TlsStrategy} that upgrades to TLS for all endpoints
49   * with {@code HTTPS} scheme.
50   *
51   * @since 5.0
52   */
53  public class ConscryptClientTlsStrategy implements TlsStrategy {
54  
55      private final SSLContext sslContext;
56      private final SSLBufferMode sslBufferMode;
57      private final SSLSessionInitializer initializer;
58      private final SSLSessionVerifier verifier;
59  
60      public ConscryptClientTlsStrategy(
61              final SSLContext sslContext,
62              final SSLBufferMode sslBufferMode,
63              final SSLSessionInitializer initializer,
64              final SSLSessionVerifier verifier) {
65          this.sslContext = Args.notNull(sslContext, "SSL context");
66          this.sslBufferMode = sslBufferMode;
67          this.initializer = initializer;
68          this.verifier = verifier;
69      }
70  
71      public ConscryptClientTlsStrategy(
72              final SSLContext sslContext,
73              final SSLSessionInitializer initializer,
74              final SSLSessionVerifier verifier) {
75          this(sslContext, null, initializer, verifier);
76      }
77  
78      public ConscryptClientTlsStrategy(
79              final SSLContext sslContext,
80              final SSLSessionVerifier verifier) {
81          this(sslContext, null, null, verifier);
82      }
83  
84      public ConscryptClientTlsStrategy(final SSLContext sslContext) {
85          this(sslContext, null, null, null);
86      }
87  
88      /**
89       * Empty constructor with the default SSL context based on system properties.
90       * @see SSLContext
91       * @since 5.2
92       */
93      public ConscryptClientTlsStrategy() {
94          this(SSLContexts.createSystemDefault(), null, null, null);
95      }
96  
97      /**
98       * Constructor with the default SSL context based on system properties and custom {@link  SSLSessionVerifier} verifier.
99       * @param verifier the custom {@link SSLSessionVerifier}.
100      * @since 5.2
101      */
102     public ConscryptClientTlsStrategy(final SSLSessionVerifier verifier) {
103         this(SSLContexts.createSystemDefault(), verifier);
104     }
105 
106     @Override
107     public void upgrade(
108             final TransportSecurityLayer tlsSession,
109             final NamedEndpoint endpoint,
110             final Object attachment,
111             final Timeout handshakeTimeout,
112             final FutureCallback<TransportSecurityLayer> callback) {
113         tlsSession.startTls(
114                 sslContext,
115                 endpoint,
116                 sslBufferMode,
117                 ConscryptSupport.initialize(attachment, initializer),
118                 ConscryptSupport.verify(verifier),
119                 handshakeTimeout,
120                 callback);
121     }
122 
123     /**
124      * @deprecated use {@link #upgrade(TransportSecurityLayer, NamedEndpoint, Object, Timeout, FutureCallback)}
125      */
126     @Deprecated
127     @Override
128     public boolean upgrade(
129             final TransportSecurityLayer tlsSession,
130             final HttpHost host,
131             final SocketAddress localAddress,
132             final SocketAddress remoteAddress,
133             final Object attachment,
134             final Timeout handshakeTimeout) {
135         final String scheme = host != null ? host.getSchemeName() : null;
136         if (URIScheme.HTTPS.same(scheme)) {
137             upgrade(tlsSession, host, attachment, handshakeTimeout, null);
138             return true;
139         }
140         return false;
141     }
142 
143 }