You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2020/09/12 12:38:57 UTC
[httpcomponents-core] 04/18: Deprecated SecurePortStrategy
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/httpcomponents-core.git
commit b44e1da29284bf1124e8150d01174539f72f10c4
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Sun Apr 12 16:01:59 2020 +0200
Deprecated SecurePortStrategy
---
.../impl/nio/bootstrap/H2ServerBootstrap.java | 3 +-
.../http2/ssl/ConscryptServerTlsStrategy.java | 54 ++++++++++++++++++-
.../hc/core5/http2/ssl/H2ServerTlsStrategy.java | 58 ++++++++++++++++++++-
.../apache/hc/core5/testing/nio/H2AlpnTest.java | 4 +-
.../testing/nio/H2ProtocolNegotiationTest.java | 6 +--
.../nio/H2ServerAndMultiplexingRequesterTest.java | 5 +-
.../testing/nio/H2ServerAndRequesterTest.java | 5 +-
.../hc/core5/testing/nio/H2TLSIntegrationTest.java | 7 +--
.../testing/nio/Http1ServerAndRequesterTest.java | 5 +-
.../core5/testing/nio/SecureAllPortsStrategy.java | 43 ----------------
.../core5/http/nio/ssl/BasicServerTlsStrategy.java | 60 +++++++++++++++++++++-
.../hc/core5/http/nio/ssl/FixedPortStrategy.java | 3 ++
.../hc/core5/http/nio/ssl/SecurePortStrategy.java | 3 ++
13 files changed, 188 insertions(+), 68 deletions(-)
diff --git a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/bootstrap/H2ServerBootstrap.java b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/bootstrap/H2ServerBootstrap.java
index 6b2c8d9..e458a91 100644
--- a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/bootstrap/H2ServerBootstrap.java
+++ b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/bootstrap/H2ServerBootstrap.java
@@ -66,7 +66,6 @@ import org.apache.hc.core5.http2.impl.H2Processors;
import org.apache.hc.core5.http2.impl.nio.H2StreamListener;
import org.apache.hc.core5.http2.impl.nio.ServerH2StreamMultiplexerFactory;
import org.apache.hc.core5.http2.impl.nio.ServerHttpProtocolNegotiatorFactory;
-import org.apache.hc.core5.http2.ssl.H2ServerTlsStrategy;
import org.apache.hc.core5.net.InetAddressUtils;
import org.apache.hc.core5.reactor.IOEventHandlerFactory;
import org.apache.hc.core5.reactor.IOReactorConfig;
@@ -440,7 +439,7 @@ public class H2ServerBootstrap {
http1StreamHandlerFactory,
http2StreamHandlerFactory,
versionPolicy != null ? versionPolicy : HttpVersionPolicy.NEGOTIATE,
- tlsStrategy != null ? tlsStrategy : new H2ServerTlsStrategy(443, 8443),
+ tlsStrategy,
handshakeTimeout);
return new HttpAsyncServer(ioEventHandlerFactory, ioReactorConfig, ioSessionDecorator, exceptionCallback,
sessionListener);
diff --git a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/ConscryptServerTlsStrategy.java b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/ConscryptServerTlsStrategy.java
index a93a373..dba69b8 100644
--- a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/ConscryptServerTlsStrategy.java
+++ b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/ConscryptServerTlsStrategy.java
@@ -51,11 +51,16 @@ import org.apache.hc.core5.util.Timeout;
public class ConscryptServerTlsStrategy implements TlsStrategy {
private final SSLContext sslContext;
+ @SuppressWarnings("deprecation")
private final SecurePortStrategy securePortStrategy;
private final SSLBufferMode sslBufferMode;
private final SSLSessionInitializer initializer;
private final SSLSessionVerifier verifier;
+ /**
+ * @deprecated Use {@link ConscryptServerTlsStrategy#ConscryptServerTlsStrategy(SSLContext, SSLBufferMode, SSLSessionInitializer, SSLSessionVerifier)}
+ */
+ @Deprecated
public ConscryptServerTlsStrategy(
final SSLContext sslContext,
final SecurePortStrategy securePortStrategy,
@@ -69,6 +74,10 @@ public class ConscryptServerTlsStrategy implements TlsStrategy {
this.verifier = verifier;
}
+ /**
+ * @deprecated Use {@link ConscryptServerTlsStrategy#ConscryptServerTlsStrategy(SSLContext, SSLSessionInitializer, SSLSessionVerifier)}
+ */
+ @Deprecated
public ConscryptServerTlsStrategy(
final SSLContext sslContext,
final SecurePortStrategy securePortStrategy,
@@ -77,6 +86,10 @@ public class ConscryptServerTlsStrategy implements TlsStrategy {
this(sslContext, securePortStrategy, null, initializer, verifier);
}
+ /**
+ * @deprecated Use {@link ConscryptServerTlsStrategy#ConscryptServerTlsStrategy(SSLContext, SSLSessionVerifier)}
+ */
+ @Deprecated
public ConscryptServerTlsStrategy(
final SSLContext sslContext,
final SecurePortStrategy securePortStrategy,
@@ -84,14 +97,53 @@ public class ConscryptServerTlsStrategy implements TlsStrategy {
this(sslContext, securePortStrategy, null, null, verifier);
}
+ /**
+ * @deprecated Use {@link ConscryptServerTlsStrategy#ConscryptServerTlsStrategy(SSLContext)}
+ */
+ @Deprecated
public ConscryptServerTlsStrategy(final SSLContext sslContext, final SecurePortStrategy securePortStrategy) {
this(sslContext, securePortStrategy, null, null, null);
}
+ /**
+ * @deprecated Use {@link ConscryptServerTlsStrategy#ConscryptServerTlsStrategy(SSLContext)}
+ */
+ @Deprecated
public ConscryptServerTlsStrategy(final SSLContext sslContext, final int... securePorts) {
this(sslContext, new FixedPortStrategy(securePorts));
}
+ public ConscryptServerTlsStrategy(
+ final SSLContext sslContext,
+ final SSLBufferMode sslBufferMode,
+ final SSLSessionInitializer initializer,
+ final SSLSessionVerifier verifier) {
+ this.sslContext = Args.notNull(sslContext, "SSL context");
+ this.sslBufferMode = sslBufferMode;
+ this.initializer = initializer;
+ this.verifier = verifier;
+ this.securePortStrategy = null;
+ }
+
+ public ConscryptServerTlsStrategy(
+ final SSLContext sslContext,
+ final SSLSessionInitializer initializer,
+ final SSLSessionVerifier verifier) {
+ this(sslContext, (SSLBufferMode) null, initializer, verifier);
+ }
+
+ public ConscryptServerTlsStrategy(final SSLContext sslContext, final SSLSessionVerifier verifier) {
+ this(sslContext, (SSLBufferMode) null, null, verifier);
+ }
+
+ public ConscryptServerTlsStrategy(final SSLContext sslContext) {
+ this(sslContext, (SSLBufferMode) null, null, null);
+ }
+
+ private boolean isApplicable(final SocketAddress localAddress) {
+ return securePortStrategy == null || securePortStrategy.isSecure(localAddress);
+ }
+
@Override
public boolean upgrade(
final TransportSecurityLayer tlsSession,
@@ -100,7 +152,7 @@ public class ConscryptServerTlsStrategy implements TlsStrategy {
final SocketAddress remoteAddress,
final Object attachment,
final Timeout handshakeTimeout) {
- if (securePortStrategy != null && securePortStrategy.isSecure(localAddress)) {
+ if (isApplicable(localAddress)) {
tlsSession.startTls(
sslContext,
host,
diff --git a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java
index 1b1d4a7..f4e7f6f 100644
--- a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java
+++ b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java
@@ -52,11 +52,16 @@ import org.apache.hc.core5.util.Timeout;
public class H2ServerTlsStrategy implements TlsStrategy {
private final SSLContext sslContext;
+ @SuppressWarnings("deprecation")
private final SecurePortStrategy securePortStrategy;
private final SSLBufferMode sslBufferMode;
private final SSLSessionInitializer initializer;
private final SSLSessionVerifier verifier;
+ /**
+ * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext, SSLBufferMode, SSLSessionInitializer, SSLSessionVerifier)}
+ */
+ @Deprecated
public H2ServerTlsStrategy(
final SSLContext sslContext,
final SecurePortStrategy securePortStrategy,
@@ -70,6 +75,10 @@ public class H2ServerTlsStrategy implements TlsStrategy {
this.verifier = verifier;
}
+ /**
+ * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext, SSLSessionInitializer, SSLSessionVerifier)}
+ */
+ @Deprecated
public H2ServerTlsStrategy(
final SSLContext sslContext,
final SecurePortStrategy securePortStrategy,
@@ -78,6 +87,10 @@ public class H2ServerTlsStrategy implements TlsStrategy {
this(sslContext, securePortStrategy, null, initializer, verifier);
}
+ /**
+ * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext, SSLSessionVerifier)}
+ */
+ @Deprecated
public H2ServerTlsStrategy(
final SSLContext sslContext,
final SecurePortStrategy securePortStrategy,
@@ -85,14 +98,57 @@ public class H2ServerTlsStrategy implements TlsStrategy {
this(sslContext, securePortStrategy, null, null, verifier);
}
+ /**
+ * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy(SSLContext)}
+ */
+ @Deprecated
public H2ServerTlsStrategy(final SSLContext sslContext, final SecurePortStrategy securePortStrategy) {
this(sslContext, securePortStrategy, null, null, null);
}
+ /**
+ * @deprecated Use {@link H2ServerTlsStrategy#H2ServerTlsStrategy()}
+ */
+ @Deprecated
public H2ServerTlsStrategy(final int... securePorts) {
this(SSLContexts.createSystemDefault(), new FixedPortStrategy(securePorts));
}
+ public H2ServerTlsStrategy(
+ final SSLContext sslContext,
+ final SSLBufferMode sslBufferMode,
+ final SSLSessionInitializer initializer,
+ final SSLSessionVerifier verifier) {
+ this.sslContext = Args.notNull(sslContext, "SSL context");
+ this.sslBufferMode = sslBufferMode;
+ this.initializer = initializer;
+ this.verifier = verifier;
+ this.securePortStrategy = null;
+ }
+
+ public H2ServerTlsStrategy(
+ final SSLContext sslContext,
+ final SSLSessionInitializer initializer,
+ final SSLSessionVerifier verifier) {
+ this(sslContext, (SSLBufferMode) null, initializer, verifier);
+ }
+
+ public H2ServerTlsStrategy(final SSLContext sslContext, final SSLSessionVerifier verifier) {
+ this(sslContext, (SSLBufferMode) null, null, verifier);
+ }
+
+ public H2ServerTlsStrategy(final SSLContext sslContext) {
+ this(sslContext, (SSLBufferMode) null, null, null);
+ }
+
+ public H2ServerTlsStrategy() {
+ this(SSLContexts.createSystemDefault());
+ }
+
+ private boolean isApplicable(final SocketAddress localAddress) {
+ return securePortStrategy == null || securePortStrategy.isSecure(localAddress);
+ }
+
@Override
public boolean upgrade(
final TransportSecurityLayer tlsSession,
@@ -101,7 +157,7 @@ public class H2ServerTlsStrategy implements TlsStrategy {
final SocketAddress remoteAddress,
final Object attachment,
final Timeout handshakeTimeout) {
- if (securePortStrategy != null && securePortStrategy.isSecure(localAddress)) {
+ if (isApplicable(localAddress)) {
tlsSession.startTls(
sslContext,
host,
diff --git a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2AlpnTest.java b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2AlpnTest.java
index 6f139da..f923c36 100644
--- a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2AlpnTest.java
+++ b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2AlpnTest.java
@@ -109,8 +109,8 @@ public class H2AlpnTest {
protected void before() throws Throwable {
log.debug("Starting up test server");
final TlsStrategy tlsStrategy = h2Allowed ?
- new H2ServerTlsStrategy(SSLTestContexts.createServerSSLContext(), SecureAllPortsStrategy.INSTANCE) :
- new BasicServerTlsStrategy(SSLTestContexts.createServerSSLContext(), SecureAllPortsStrategy.INSTANCE);
+ new H2ServerTlsStrategy(SSLTestContexts.createServerSSLContext()) :
+ new BasicServerTlsStrategy(SSLTestContexts.createServerSSLContext());
server = H2ServerBootstrap.bootstrap()
.setIOReactorConfig(
IOReactorConfig.custom()
diff --git a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ProtocolNegotiationTest.java b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ProtocolNegotiationTest.java
index e8eccd2..b77d390 100644
--- a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ProtocolNegotiationTest.java
+++ b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ProtocolNegotiationTest.java
@@ -88,15 +88,13 @@ public class H2ProtocolNegotiationTest {
protected void before() throws Throwable {
log.debug("Starting up test server");
server = H2ServerBootstrap.bootstrap()
- .setTlsStrategy(new H2ServerTlsStrategy(SSLTestContexts.createServerSSLContext(), SecureAllPortsStrategy.INSTANCE))
+ .setTlsStrategy(new H2ServerTlsStrategy(SSLTestContexts.createServerSSLContext()))
.setVersionPolicy(HttpVersionPolicy.NEGOTIATE)
.setIOReactorConfig(
IOReactorConfig.custom()
.setSoTimeout(TIMEOUT)
.build())
- .setTlsStrategy(new H2ServerTlsStrategy(
- SSLTestContexts.createServerSSLContext(),
- SecureAllPortsStrategy.INSTANCE))
+ .setTlsStrategy(new H2ServerTlsStrategy(SSLTestContexts.createServerSSLContext()))
.register("*", new Supplier<AsyncServerExchangeHandler>() {
@Override
diff --git a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ServerAndMultiplexingRequesterTest.java b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ServerAndMultiplexingRequesterTest.java
index a572fce..6a60017 100644
--- a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ServerAndMultiplexingRequesterTest.java
+++ b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ServerAndMultiplexingRequesterTest.java
@@ -112,9 +112,8 @@ public class H2ServerAndMultiplexingRequesterTest {
IOReactorConfig.custom()
.setSoTimeout(TIMEOUT)
.build())
- .setTlsStrategy(scheme == URIScheme.HTTPS ? new H2ServerTlsStrategy(
- SSLTestContexts.createServerSSLContext(),
- SecureAllPortsStrategy.INSTANCE) : null)
+ .setTlsStrategy(scheme == URIScheme.HTTPS ?
+ new H2ServerTlsStrategy(SSLTestContexts.createServerSSLContext()) : null)
.setIOSessionListener(LoggingIOSessionListener.INSTANCE)
.setIOSessionDecorator(LoggingIOSessionDecorator.INSTANCE)
.setExceptionCallback(LoggingExceptionCallback.INSTANCE)
diff --git a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ServerAndRequesterTest.java b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ServerAndRequesterTest.java
index 88cc3ce..fc8a0d0 100644
--- a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ServerAndRequesterTest.java
+++ b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2ServerAndRequesterTest.java
@@ -111,9 +111,8 @@ public class H2ServerAndRequesterTest {
IOReactorConfig.custom()
.setSoTimeout(TIMEOUT)
.build())
- .setTlsStrategy(scheme == URIScheme.HTTPS ? new H2ServerTlsStrategy(
- SSLTestContexts.createServerSSLContext(),
- SecureAllPortsStrategy.INSTANCE) : null)
+ .setTlsStrategy(scheme == URIScheme.HTTPS ?
+ new H2ServerTlsStrategy(SSLTestContexts.createServerSSLContext()) : null)
.setStreamListener(LoggingHttp1StreamListener.INSTANCE_SERVER)
.setStreamListener(LoggingH2StreamListener.INSTANCE)
.setIOSessionDecorator(LoggingIOSessionDecorator.INSTANCE)
diff --git a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2TLSIntegrationTest.java b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2TLSIntegrationTest.java
index 9bcfb9d..0833c57 100644
--- a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2TLSIntegrationTest.java
+++ b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/H2TLSIntegrationTest.java
@@ -123,7 +123,7 @@ public class H2TLSIntegrationTest {
IOReactorConfig.custom()
.setSoTimeout(TIMEOUT)
.build())
- .setTlsStrategy(new BasicServerTlsStrategy(SSLTestContexts.createServerSSLContext(), SecureAllPortsStrategy.INSTANCE))
+ .setTlsStrategy(new BasicServerTlsStrategy(SSLTestContexts.createServerSSLContext()))
.setStreamListener(LoggingHttp1StreamListener.INSTANCE_SERVER)
.setIOSessionDecorator(LoggingIOSessionDecorator.INSTANCE)
.setExceptionCallback(LoggingExceptionCallback.INSTANCE)
@@ -197,7 +197,7 @@ public class H2TLSIntegrationTest {
IOReactorConfig.custom()
.setSoTimeout(TIMEOUT)
.build())
- .setTlsStrategy(new BasicServerTlsStrategy(SSLTestContexts.createServerSSLContext(), SecureAllPortsStrategy.INSTANCE))
+ .setTlsStrategy(new BasicServerTlsStrategy(SSLTestContexts.createServerSSLContext()))
.setStreamListener(LoggingHttp1StreamListener.INSTANCE_SERVER)
.setIOSessionDecorator(LoggingIOSessionDecorator.INSTANCE)
.setExceptionCallback(LoggingExceptionCallback.INSTANCE)
@@ -255,7 +255,6 @@ public class H2TLSIntegrationTest {
.build())
.setTlsStrategy(new BasicServerTlsStrategy(
SSLTestContexts.createServerSSLContext(),
- SecureAllPortsStrategy.INSTANCE,
new SSLSessionInitializer() {
@Override
@@ -321,7 +320,6 @@ public class H2TLSIntegrationTest {
.build())
.setTlsStrategy(new BasicServerTlsStrategy(
SSLTestContexts.createServerSSLContext(),
- SecureAllPortsStrategy.INSTANCE,
new SSLSessionInitializer() {
@Override
@@ -419,7 +417,6 @@ public class H2TLSIntegrationTest {
.build())
.setTlsStrategy(new BasicServerTlsStrategy(
SSLTestContexts.createServerSSLContext(),
- SecureAllPortsStrategy.INSTANCE,
new SSLSessionInitializer() {
@Override
diff --git a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/Http1ServerAndRequesterTest.java b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/Http1ServerAndRequesterTest.java
index 1741d91..2d961d7 100644
--- a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/Http1ServerAndRequesterTest.java
+++ b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/Http1ServerAndRequesterTest.java
@@ -164,9 +164,8 @@ public class Http1ServerAndRequesterTest {
});
}
})
- .setTlsStrategy(scheme == URIScheme.HTTPS ? new BasicServerTlsStrategy(
- SSLTestContexts.createServerSSLContext(),
- SecureAllPortsStrategy.INSTANCE) : null)
+ .setTlsStrategy(scheme == URIScheme.HTTPS ?
+ new BasicServerTlsStrategy(SSLTestContexts.createServerSSLContext()) : null)
.setStreamListener(LoggingHttp1StreamListener.INSTANCE_SERVER)
.setIOSessionDecorator(LoggingIOSessionDecorator.INSTANCE)
.setExceptionCallback(LoggingExceptionCallback.INSTANCE)
diff --git a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/SecureAllPortsStrategy.java b/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/SecureAllPortsStrategy.java
deleted file mode 100644
index 16b697a..0000000
--- a/httpcore5-testing/src/test/java/org/apache/hc/core5/testing/nio/SecureAllPortsStrategy.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-
-package org.apache.hc.core5.testing.nio;
-
-import java.net.SocketAddress;
-
-import org.apache.hc.core5.http.nio.ssl.SecurePortStrategy;
-
-public class SecureAllPortsStrategy implements SecurePortStrategy {
-
- public static final SecureAllPortsStrategy INSTANCE = new SecureAllPortsStrategy();
-
- @Override
- public boolean isSecure(final SocketAddress localAddress) {
- return true;
- }
-
-}
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/BasicServerTlsStrategy.java b/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/BasicServerTlsStrategy.java
index a10351e..06cd6b4 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/BasicServerTlsStrategy.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/BasicServerTlsStrategy.java
@@ -49,11 +49,16 @@ import org.apache.hc.core5.util.Timeout;
public class BasicServerTlsStrategy implements TlsStrategy {
private final SSLContext sslContext;
+ @SuppressWarnings("deprecation")
private final SecurePortStrategy securePortStrategy;
private final SSLBufferMode sslBufferMode;
private final SSLSessionInitializer initializer;
private final SSLSessionVerifier verifier;
+ /**
+ * @deprecated Use {@link BasicServerTlsStrategy#BasicServerTlsStrategy(SSLContext, SSLBufferMode, SSLSessionInitializer, SSLSessionVerifier)}
+ */
+ @Deprecated
public BasicServerTlsStrategy(
final SSLContext sslContext,
final SecurePortStrategy securePortStrategy,
@@ -67,6 +72,10 @@ public class BasicServerTlsStrategy implements TlsStrategy {
this.verifier = verifier;
}
+ /**
+ * @deprecated Use {@link BasicServerTlsStrategy#BasicServerTlsStrategy(SSLContext, SSLSessionInitializer, SSLSessionVerifier)}
+ */
+ @Deprecated
public BasicServerTlsStrategy(
final SSLContext sslContext,
final SecurePortStrategy securePortStrategy,
@@ -75,6 +84,10 @@ public class BasicServerTlsStrategy implements TlsStrategy {
this(sslContext, securePortStrategy, null, initializer, verifier);
}
+ /**
+ * @deprecated Use {@link BasicServerTlsStrategy#BasicServerTlsStrategy(SSLContext, SSLSessionVerifier)}
+ */
+ @Deprecated
public BasicServerTlsStrategy(
final SSLContext sslContext,
final SecurePortStrategy securePortStrategy,
@@ -82,14 +95,59 @@ public class BasicServerTlsStrategy implements TlsStrategy {
this(sslContext, securePortStrategy, null, null, verifier);
}
+ /**
+ * @deprecated Use {@link BasicServerTlsStrategy#BasicServerTlsStrategy(SSLContext)}
+ */
+ @Deprecated
public BasicServerTlsStrategy(final SSLContext sslContext, final SecurePortStrategy securePortStrategy) {
this(sslContext, securePortStrategy, null, null, null);
}
+ /**
+ * @deprecated Use {@link BasicServerTlsStrategy#BasicServerTlsStrategy()}
+ */
+ @Deprecated
public BasicServerTlsStrategy(final SecurePortStrategy securePortStrategy) {
this(SSLContexts.createSystemDefault(), securePortStrategy);
}
+ public BasicServerTlsStrategy(
+ final SSLContext sslContext,
+ final SSLBufferMode sslBufferMode,
+ final SSLSessionInitializer initializer,
+ final SSLSessionVerifier verifier) {
+ this.sslContext = Args.notNull(sslContext, "SSL context");
+ this.sslBufferMode = sslBufferMode;
+ this.initializer = initializer;
+ this.verifier = verifier;
+ this.securePortStrategy = null;
+ }
+
+ public BasicServerTlsStrategy(
+ final SSLContext sslContext,
+ final SSLSessionInitializer initializer,
+ final SSLSessionVerifier verifier) {
+ this(sslContext, (SSLBufferMode) null, initializer, verifier);
+ }
+
+ public BasicServerTlsStrategy(
+ final SSLContext sslContext,
+ final SSLSessionVerifier verifier) {
+ this(sslContext, (SSLBufferMode) null, null, verifier);
+ }
+
+ public BasicServerTlsStrategy(final SSLContext sslContext) {
+ this(sslContext, null, null, null, null);
+ }
+
+ public BasicServerTlsStrategy() {
+ this(SSLContexts.createSystemDefault());
+ }
+
+ private boolean isApplicable(final SocketAddress localAddress) {
+ return securePortStrategy == null || securePortStrategy.isSecure(localAddress);
+ }
+
@Override
public boolean upgrade(
final TransportSecurityLayer tlsSession,
@@ -98,7 +156,7 @@ public class BasicServerTlsStrategy implements TlsStrategy {
final SocketAddress remoteAddress,
final Object attachment,
final Timeout handshakeTimeout) {
- if (securePortStrategy != null && securePortStrategy.isSecure(localAddress)) {
+ if (isApplicable(localAddress)) {
tlsSession.startTls(sslContext, host, sslBufferMode,
TlsSupport.enforceStrongSecurity(initializer), verifier, handshakeTimeout);
return true;
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/FixedPortStrategy.java b/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/FixedPortStrategy.java
index ea62106..7d45df2 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/FixedPortStrategy.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/FixedPortStrategy.java
@@ -36,7 +36,10 @@ import org.apache.hc.core5.util.Args;
* Basic implementation of {@link SecurePortStrategy} with a fixed list of secure ports.
*
* @since 5.0
+ *
+ * @deprecated Use configuration parameters provided by connection listeners.
*/
+@Deprecated
public final class FixedPortStrategy implements SecurePortStrategy {
private final int[] securePorts;
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/SecurePortStrategy.java b/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/SecurePortStrategy.java
index a06aa4b..b560275 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/SecurePortStrategy.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/http/nio/ssl/SecurePortStrategy.java
@@ -33,7 +33,10 @@ import java.net.SocketAddress;
* Side-side strategy to determine if local endpoint should be secured with TLS.
*
* @since 5.0
+ *
+ * @deprecated Use configuration parameters provided by connection listeners.
*/
+@Deprecated
public interface SecurePortStrategy {
/**