You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2013/04/18 16:04:05 UTC
svn commit: r1469333 - in
/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl:
SSLContextBuilder.java SSLContexts.java SSLSocketFactory.java
Author: olegk
Date: Thu Apr 18 14:04:04 2013
New Revision: 1469333
URL: http://svn.apache.org/r1469333
Log:
HTTPCLIENT-1343: deprecated SSLSocketFactory overloaded constructors in favor of SSLContextBuilder
Added:
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java (with props)
Modified:
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContexts.java
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java
Added: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java?rev=1469333&view=auto
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java (added)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java Thu Apr 18 14:04:04 2013
@@ -0,0 +1,127 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.http.conn.ssl;
+
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.http.annotation.NotThreadSafe;
+
+/**
+ * Builder for {@link SSLContext} instances.
+ *
+ * @since 4.3
+ */
+@NotThreadSafe
+public class SSLContextBuilder {
+
+ static final String TLS = "TLS";
+ static final String SSL = "SSL";
+
+ private String protocol;
+ private KeyManager[] keymanagers;
+ private TrustManager[] trustmanagers;
+ private SecureRandom secureRandom;
+
+ public SSLContextBuilder useTLS() {
+ this.protocol = TLS;
+ return this;
+ }
+
+ public SSLContextBuilder useSSL() {
+ this.protocol = SSL;
+ return this;
+ }
+
+ public SSLContextBuilder useProtocol(final String protocol) {
+ this.protocol = protocol;
+ return this;
+ }
+
+ public SSLContextBuilder loadTrustMaterial(
+ final KeyStore truststore,
+ final char[] truststorePassword,
+ final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException {
+ final TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
+ TrustManagerFactory.getDefaultAlgorithm());
+ tmfactory.init(truststore);
+ final TrustManager[] trustmanagers = tmfactory.getTrustManagers();
+ if (trustmanagers != null && trustStrategy != null) {
+ for (int i = 0; i < trustmanagers.length; i++) {
+ final TrustManager tm = trustmanagers[i];
+ if (tm instanceof X509TrustManager) {
+ trustmanagers[i] = new TrustManagerDecorator(
+ (X509TrustManager) tm, trustStrategy);
+ }
+ }
+ }
+ this.trustmanagers = trustmanagers;
+ return this;
+ }
+
+ public SSLContextBuilder loadTrustMaterial(
+ final KeyStore truststore,
+ final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException {
+ return loadTrustMaterial(truststore, null, trustStrategy);
+ }
+
+ public SSLContextBuilder loadTrustMaterial(
+ final KeyStore truststore) throws NoSuchAlgorithmException, KeyStoreException {
+ return loadTrustMaterial(truststore, null, null);
+ }
+
+ public SSLContextBuilder loadKeyMaterial(
+ final KeyStore keystore,
+ final char[] keystorePassword)
+ throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
+ final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
+ KeyManagerFactory.getDefaultAlgorithm());
+ kmfactory.init(keystore, keystorePassword);
+ this.keymanagers = kmfactory.getKeyManagers();
+ return this;
+ }
+
+ public SSLContext build() throws NoSuchAlgorithmException, KeyManagementException {
+ final SSLContext sslcontext = SSLContext.getInstance(
+ this.protocol != null ? this.protocol : TLS);
+ sslcontext.init(keymanagers, trustmanagers, secureRandom);
+ return sslcontext;
+ }
+
+}
Propchange: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContexts.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContexts.java?rev=1469333&r1=1469332&r2=1469333&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContexts.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLContexts.java Thu Apr 18 14:04:04 2013
@@ -51,7 +51,7 @@ public class SSLContexts {
*/
public static final SSLContext createDefault() throws SSLInitializationException {
try {
- final SSLContext sslcontext = SSLContext.getInstance("TLS");
+ final SSLContext sslcontext = SSLContext.getInstance(SSLContextBuilder.TLS);
sslcontext.init(null, null, null);
return sslcontext;
} catch (final NoSuchAlgorithmException ex) {
@@ -78,4 +78,13 @@ public class SSLContexts {
}
}
+ /**
+ * Creates custom SSL context.
+ *
+ * @return default system SSL context
+ */
+ public static final SSLContextBuilder custom() {
+ return new SSLContextBuilder();
+ }
+
}
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java?rev=1469333&r1=1469332&r2=1469333&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java Thu Apr 18 14:04:04 2013
@@ -40,13 +40,8 @@ import java.security.NoSuchAlgorithmExce
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpHost;
import org.apache.http.annotation.ThreadSafe;
@@ -187,59 +182,8 @@ public class SSLSocketFactory implements
// TODO: make final
private volatile X509HostnameVerifier hostnameVerifier;
- private static SSLContext createSSLContext(
- String algorithm,
- final KeyStore keystore,
- final char[] keystorePassword,
- final KeyStore truststore,
- final SecureRandom random,
- final TrustStrategy trustStrategy)
- throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
- if (algorithm == null) {
- algorithm = TLS;
- }
- final KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
- KeyManagerFactory.getDefaultAlgorithm());
- kmfactory.init(keystore, keystorePassword);
- final KeyManager[] keymanagers = kmfactory.getKeyManagers();
- final TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
- TrustManagerFactory.getDefaultAlgorithm());
- tmfactory.init(truststore);
- final TrustManager[] trustmanagers = tmfactory.getTrustManagers();
- if (trustmanagers != null && trustStrategy != null) {
- for (int i = 0; i < trustmanagers.length; i++) {
- final TrustManager tm = trustmanagers[i];
- if (tm instanceof X509TrustManager) {
- trustmanagers[i] = new TrustManagerDecorator(
- (X509TrustManager) tm, trustStrategy);
- }
- }
- }
-
- final SSLContext sslcontext = SSLContext.getInstance(algorithm);
- sslcontext.init(keymanagers, trustmanagers, random);
- return sslcontext;
- }
-
- /**
- * @since 4.3
- */
- public SSLSocketFactory(
- final String algorithm,
- final KeyStore keystore,
- final char[] keystorePassword,
- final KeyStore truststore,
- final SecureRandom random,
- final TrustStrategy trustStrategy,
- final X509HostnameVerifier hostnameVerifier)
- throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
- this(createSSLContext(algorithm, keystore, keystorePassword, truststore, random, trustStrategy),
- hostnameVerifier);
- }
-
/**
- * @deprecated (4.1) Use {@link #SSLSocketFactory(String, KeyStore, char[], KeyStore,
- * SecureRandom, X509HostnameVerifier)}
+ * @deprecated (4.1) Use {@link SSLContextBuilder} and {@link #SSLSocketFactory(SSLContext))}.
*/
@Deprecated
public SSLSocketFactory(
@@ -250,16 +194,19 @@ public class SSLSocketFactory implements
final SecureRandom random,
final HostNameResolver nameResolver)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
- this(createSSLContext(
- algorithm, keystore, keystorePassword != null ? keystorePassword.toCharArray() : null,
- truststore, random, null), nameResolver);
+ this(SSLContexts.custom()
+ .useProtocol(algorithm)
+ .loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
+ .loadTrustMaterial(truststore)
+ .build(),
+ nameResolver);
}
/**
* @since 4.1
*
- * @deprecated (4.3) Use {@link SSLSocketFactory#SSLSocketFactory(String, KeyStore, char[],
- * KeyStore, SecureRandom, TrustStrategy, X509HostnameVerifier)}
+ * @deprecated (4.3) Use {@link SSLContextBuilder} and {@link #SSLSocketFactory(SSLContext,
+ * X509HostnameVerifier)))}
*/
@Deprecated
public SSLSocketFactory(
@@ -271,16 +218,19 @@ public class SSLSocketFactory implements
final TrustStrategy trustStrategy,
final X509HostnameVerifier hostnameVerifier)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
- this(createSSLContext(
- algorithm, keystore, keystorePassword != null ? keystorePassword.toCharArray() : null,
- truststore, random, trustStrategy), hostnameVerifier);
+ this(SSLContexts.custom()
+ .useProtocol(algorithm)
+ .loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
+ .loadTrustMaterial(truststore, trustStrategy)
+ .build(),
+ hostnameVerifier);
}
/**
* @since 4.1
*
- * @deprecated (4.3) Use {@link SSLSocketFactory#SSLSocketFactory(String, KeyStore, char[],
- * KeyStore, SecureRandom, X509HostnameVerifier)}
+ * @deprecated (4.3) Use {@link SSLContextBuilder} and {@link #SSLSocketFactory(SSLContext,
+ * X509HostnameVerifier)))}
*/
@Deprecated
public SSLSocketFactory(
@@ -291,28 +241,16 @@ public class SSLSocketFactory implements
final SecureRandom random,
final X509HostnameVerifier hostnameVerifier)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
- this(createSSLContext(
- algorithm, keystore, keystorePassword != null ? keystorePassword.toCharArray() : null,
- truststore, random, null), hostnameVerifier);
- }
-
- /**
- * @since 4.3
- */
- public SSLSocketFactory(
- final String algorithm,
- final KeyStore keystore,
- final char[] keystorePassword,
- final KeyStore truststore,
- final SecureRandom random,
- final X509HostnameVerifier hostnameVerifier)
- throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
- this(createSSLContext(algorithm, keystore, keystorePassword, truststore, random, null),
+ this(SSLContexts.custom()
+ .useProtocol(algorithm)
+ .loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
+ .loadTrustMaterial(truststore)
+ .build(),
hostnameVerifier);
}
/**
- * @deprecated (4.3) Use {@link SSLSocketFactory#SSLSocketFactory(KeyStore, char[], KeyStore)}
+ * @deprecated (4.3) Use {@link SSLContextBuilder} and {@link #SSLSocketFactory(SSLContext)))}
*/
@Deprecated
public SSLSocketFactory(
@@ -320,69 +258,69 @@ public class SSLSocketFactory implements
final String keystorePassword,
final KeyStore truststore)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
- this(TLS, keystore, keystorePassword, truststore, null, null, BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
- }
-
- /**
- * @since 4.3
- */
- public SSLSocketFactory(
- final KeyStore keystore,
- final char[] keystorePassword,
- final KeyStore truststore)
- throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException{
- this(createSSLContext(TLS, keystore, keystorePassword, truststore, null, null),
+ this(SSLContexts.custom()
+ .loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
+ .loadTrustMaterial(truststore)
+ .build(),
BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
}
/**
- * @deprecated (4.3) Use {@link SSLSocketFactory#SSLSocketFactory(KeyStore, char[])}
+ * @deprecated (4.3) Use {@link SSLContextBuilder} and {@link #SSLSocketFactory(SSLContext)))}
*/
@Deprecated
public SSLSocketFactory(
final KeyStore keystore,
final String keystorePassword)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException{
- this(createSSLContext(TLS, keystore, keystorePassword != null ? keystorePassword.toCharArray() : null,
- null, null, null),
+ this(SSLContexts.custom()
+ .loadKeyMaterial(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null)
+ .build(),
BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
}
/**
- * @since 4.3
+ * @deprecated (4.3) Use {@link SSLContextBuilder} and {@link #SSLSocketFactory(SSLContext)))}
*/
- public SSLSocketFactory(
- final KeyStore keystore,
- final char[] keystorePassword)
- throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException{
- this(createSSLContext(TLS, keystore, keystorePassword, null, null, null),
- BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
- }
-
+ @Deprecated
public SSLSocketFactory(
final KeyStore truststore)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
- this(createSSLContext(TLS, null, null, truststore, null, null),
+ this(SSLContexts.custom()
+ .loadTrustMaterial(truststore)
+ .build(),
BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
}
/**
* @since 4.1
+ *
+ * @deprecated (4.3) Use {@link SSLContextBuilder} and {@link #SSLSocketFactory(SSLContext, X509HostnameVerifier))))}
*/
+ @Deprecated
public SSLSocketFactory(
final TrustStrategy trustStrategy,
final X509HostnameVerifier hostnameVerifier)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
- this(createSSLContext(TLS, null, null, null, null, trustStrategy), hostnameVerifier);
+ this(SSLContexts.custom()
+ .loadTrustMaterial(null, null, trustStrategy)
+ .build(),
+ hostnameVerifier);
}
/**
* @since 4.1
+ *
+ * @deprecated (4.3) Use {@link SSLContextBuilder} and {@link #SSLSocketFactory(SSLContext))))}
*/
+ @Deprecated
public SSLSocketFactory(
final TrustStrategy trustStrategy)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
- this(createSSLContext(TLS, null, null, null, null, trustStrategy), BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
+ this(SSLContexts.custom()
+ .loadTrustMaterial(null, null, trustStrategy)
+ .build(),
+ BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
}
public SSLSocketFactory(final SSLContext sslContext) {