hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject svn commit: r1791944 - in /httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl: H2ClientTlsStrategy.java H2ServerTlsStrategy.java H2TlsSupport.java
Date Wed, 19 Apr 2017 16:40:01 GMT
Author: olegk
Date: Wed Apr 19 16:40:01 2017
New Revision: 1791944

URL: http://svn.apache.org/viewvc?rev=1791944&view=rev
Log:
Support TLS ALPN and disable TLS renegotiation via reflection on Java 1.9+

Modified:
    httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ClientTlsStrategy.java
    httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java
    httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2TlsSupport.java

Modified: httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ClientTlsStrategy.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ClientTlsStrategy.java?rev=1791944&r1=1791943&r2=1791944&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ClientTlsStrategy.java
(original)
+++ httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ClientTlsStrategy.java
Wed Apr 19 16:40:01 2017
@@ -95,7 +95,8 @@ public class H2ClientTlsStrategy impleme
         final String scheme = host != null ? host.getSchemeName() : null;
         if ("https".equalsIgnoreCase(scheme)) {
             tlsSession.startTls(sslContext, sslBufferManagement,
-                    H2TlsSupport.decorateInitializer(initializer), verifier);
+                    H2TlsSupport.enforceRequirements(initializer),
+                    verifier);
         }
     }
 

Modified: httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java?rev=1791944&r1=1791943&r2=1791944&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java
(original)
+++ httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java
Wed Apr 19 16:40:01 2017
@@ -102,7 +102,8 @@ public class H2ServerTlsStrategy impleme
         for (final int securePort: securePorts) {
             if (port == securePort) {
                 tlsSession.startTls(sslContext, sslBufferManagement,
-                        H2TlsSupport.decorateInitializer(initializer), verifier);
+                        H2TlsSupport.enforceRequirements(initializer),
+                        verifier);
                 break;
             }
         }

Modified: httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2TlsSupport.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2TlsSupport.java?rev=1791944&r1=1791943&r2=1791944&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2TlsSupport.java
(original)
+++ httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2TlsSupport.java
Wed Apr 19 16:40:01 2017
@@ -27,6 +27,7 @@
 
 package org.apache.hc.core5.http2.ssl;
 
+import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -358,13 +359,52 @@ public final class H2TlsSupport {
         return enabledCiphers != null ? enabledCiphers.toArray(new String[enabledCiphers.size()])
: ciphers;
     }
 
-    public static SSLSessionInitializer decorateInitializer(final SSLSessionInitializer initializer)
{
+    static void applyParameter(final SSLParameters sslParameters, final String name, final
Class type, final Object value) {
+        try {
+            final Class<? extends SSLParameters> clazz = sslParameters.getClass();
+            final Method method = clazz.getMethod("set" + name, type);
+            method.invoke(sslParameters, value);
+        } catch (final Exception ignore) {
+        }
+    }
+
+    @SuppressWarnings("unchecked")
+    static <T> T getParameter(final SSLParameters sslParameters, final String name,
final Class<T> resultType) {
+        try {
+            final Class<? extends SSLParameters> clazz = sslParameters.getClass();
+            final Method method = clazz.getMethod("get" + name);
+            return resultType.cast(method.invoke(sslParameters));
+        } catch (final Exception ignore) {
+            return null;
+        }
+    }
+
+    public static void setEnableRetransmissions(final SSLParameters sslParameters, final
boolean value) {
+        applyParameter(sslParameters, "EnableRetransmissions", Boolean.TYPE, value);
+    }
+
+    public static void setApplicationProtocols(final SSLParameters sslParameters, final String[]
values) {
+        applyParameter(sslParameters, "ApplicationProtocols", String[].class, values);
+    }
+
+    public static Boolean getEnableRetransmissions(final SSLParameters sslParameters) {
+        return getParameter(sslParameters, "EnableRetransmissions", Boolean.class);
+    }
+
+    public static String[] getApplicationProtocols(final SSLParameters sslParameters) {
+        return getParameter(sslParameters, "ApplicationProtocols", String[].class);
+    }
+
+    public static SSLSessionInitializer enforceRequirements(final SSLSessionInitializer initializer)
{
         return new SSLSessionInitializer() {
 
             @Override
             public void initialize(final NamedEndpoint endpoint, final SSLParameters sslParameters)
{
-                sslParameters.setProtocols(H2TlsSupport.excludeBlacklistedProtocols(sslParameters.getProtocols()));
-                sslParameters.setCipherSuites(H2TlsSupport.excludeBlacklistedCiphers(sslParameters.getCipherSuites()));
+                sslParameters.setProtocols(excludeBlacklistedProtocols(sslParameters.getProtocols()));
+                sslParameters.setCipherSuites(excludeBlacklistedCiphers(sslParameters.getCipherSuites()));
+                setEnableRetransmissions(sslParameters, false);
+                setApplicationProtocols(sslParameters, new String[] { "h2" });
+
                 if (initializer != null) {
                     initializer.initialize(endpoint, sslParameters);
                 }



Mime
View raw message