author | mbaesken |
Thu, 28 Nov 2019 13:02:39 +0100 | |
changeset 59323 | ae2eb76c486d |
parent 51364 | 31d9e82b2e64 |
child 56868 | 67c7659ecda5 |
permissions | -rw-r--r-- |
46157 | 1 |
/* |
49765 | 2 |
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. |
46157 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. Oracle designates this |
|
8 |
* particular file as subject to the "Classpath" exception as provided |
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
|
10 |
* |
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
24 |
*/ |
|
25 |
||
49765 | 26 |
package jdk.internal.net.http; |
46157 | 27 |
|
28 |
import java.net.InetSocketAddress; |
|
48083 | 29 |
import java.util.Arrays; |
50985
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
30 |
import java.util.ArrayDeque; |
48083 | 31 |
import java.util.List; |
46157 | 32 |
import java.util.concurrent.CompletableFuture; |
48083 | 33 |
import javax.net.ssl.SNIHostName; |
34 |
import javax.net.ssl.SSLContext; |
|
46157 | 35 |
import javax.net.ssl.SSLEngine; |
48083 | 36 |
import javax.net.ssl.SSLParameters; |
37 |
||
49765 | 38 |
import jdk.internal.net.http.common.SSLTube; |
39 |
import jdk.internal.net.http.common.Log; |
|
40 |
import jdk.internal.net.http.common.Utils; |
|
41 |
import static jdk.internal.net.http.common.Utils.ServerName; |
|
46157 | 42 |
|
43 |
/** |
|
44 |
* Asynchronous version of SSLConnection. |
|
45 |
* |
|
46 |
* There are two concrete implementations of this class: AsyncSSLConnection |
|
47 |
* and AsyncSSLTunnelConnection. |
|
48 |
* This abstraction is useful when downgrading from HTTP/2 to HTTP/1.1 over |
|
49 |
* an SSL connection. See ExchangeImpl::get in the case where an ALPNException |
|
50 |
* is thrown. |
|
51 |
* |
|
52 |
* Note: An AsyncSSLConnection wraps a PlainHttpConnection, while an |
|
53 |
* AsyncSSLTunnelConnection wraps a PlainTunnelingConnection. |
|
54 |
* If both these wrapped classes where made to inherit from a |
|
55 |
* common abstraction then it might be possible to merge |
|
56 |
* AsyncSSLConnection and AsyncSSLTunnelConnection back into |
|
57 |
* a single class - and simply use different factory methods to |
|
58 |
* create different wrappees, but this is left up for further cleanup. |
|
59 |
* |
|
60 |
*/ |
|
61 |
abstract class AbstractAsyncSSLConnection extends HttpConnection |
|
48083 | 62 |
{ |
63 |
protected final SSLEngine engine; |
|
64 |
protected final String serverName; |
|
65 |
protected final SSLParameters sslParameters; |
|
46157 | 66 |
|
49765 | 67 |
// Setting this property disables HTTPS hostname verification. Use with care. |
68 |
private static final boolean disableHostnameVerification |
|
69 |
= Utils.isHostnameVerificationDisabled(); |
|
70 |
||
48083 | 71 |
AbstractAsyncSSLConnection(InetSocketAddress addr, |
72 |
HttpClientImpl client, |
|
49765 | 73 |
ServerName serverName, int port, |
48083 | 74 |
String[] alpn) { |
46157 | 75 |
super(addr, client); |
49765 | 76 |
this.serverName = serverName.getName(); |
48083 | 77 |
SSLContext context = client.theSSLContext(); |
78 |
sslParameters = createSSLParameters(client, serverName, alpn); |
|
79 |
Log.logParams(sslParameters); |
|
49765 | 80 |
engine = createEngine(context, serverName.getName(), port, sslParameters); |
48083 | 81 |
} |
82 |
||
83 |
abstract SSLTube getConnectionFlow(); |
|
84 |
||
85 |
final CompletableFuture<String> getALPN() { |
|
86 |
return getConnectionFlow().getALPN(); |
|
46157 | 87 |
} |
88 |
||
48083 | 89 |
final SSLEngine getEngine() { return engine; } |
90 |
||
50985
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
91 |
private static boolean contains(String[] rr, String target) { |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
92 |
for (String s : rr) |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
93 |
if (target.equalsIgnoreCase(s)) |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
94 |
return true; |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
95 |
return false; |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
96 |
} |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
97 |
|
48083 | 98 |
private static SSLParameters createSSLParameters(HttpClientImpl client, |
49765 | 99 |
ServerName serverName, |
48083 | 100 |
String[] alpn) { |
101 |
SSLParameters sslp = client.sslParameters(); |
|
102 |
SSLParameters sslParameters = Utils.copySSLParameters(sslp); |
|
50985
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
103 |
// filter out unwanted protocols, if h2 only |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
104 |
if (alpn != null && alpn.length != 0 && !contains(alpn, "http/1.1")) { |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
105 |
ArrayDeque<String> l = new ArrayDeque<>(); |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
106 |
for (String proto : sslParameters.getProtocols()) { |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
107 |
if (!proto.startsWith("SSL") && !proto.endsWith("v1.1") && !proto.endsWith("v1")) { |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
108 |
l.add(proto); |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
109 |
} |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
110 |
} |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
111 |
String[] a1 = l.toArray(new String[0]); |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
112 |
sslParameters.setProtocols(a1); |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
113 |
} |
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
114 |
|
49765 | 115 |
if (!disableHostnameVerification) |
116 |
sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); |
|
48083 | 117 |
if (alpn != null) { |
118 |
Log.logSSL("AbstractAsyncSSLConnection: Setting application protocols: {0}", |
|
119 |
Arrays.toString(alpn)); |
|
120 |
sslParameters.setApplicationProtocols(alpn); |
|
121 |
} else { |
|
122 |
Log.logSSL("AbstractAsyncSSLConnection: no applications set!"); |
|
123 |
} |
|
49765 | 124 |
if (!serverName.isLiteral()) { |
125 |
String name = serverName.getName(); |
|
126 |
if (name != null && name.length() > 0) { |
|
127 |
sslParameters.setServerNames(List.of(new SNIHostName(name))); |
|
128 |
} |
|
48083 | 129 |
} |
130 |
return sslParameters; |
|
131 |
} |
|
132 |
||
50985
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
133 |
|
49765 | 134 |
private static SSLEngine createEngine(SSLContext context, String serverName, int port, |
48083 | 135 |
SSLParameters sslParameters) { |
49765 | 136 |
SSLEngine engine = context.createSSLEngine(serverName, port); |
48083 | 137 |
engine.setUseClientMode(true); |
50985
cd41f34e548c
8206001: Enable TLS1.3 by default in Http Client
michaelm
parents:
49765
diff
changeset
|
138 |
|
48083 | 139 |
engine.setSSLParameters(sslParameters); |
140 |
return engine; |
|
141 |
} |
|
46157 | 142 |
|
143 |
@Override |
|
144 |
final boolean isSecure() { |
|
145 |
return true; |
|
146 |
} |
|
147 |
||
148 |
} |