You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2017/04/19 16:39:19 UTC

svn commit: r1791940 [2/2] - in /httpcomponents/httpcore/trunk: httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/nio/ httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/ httpcore5-testing/src/main/java/org/apache/hc/core5/testing/nio/ ht...

Modified: httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java?rev=1791940&r1=1791939&r2=1791940&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java (original)
+++ httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java Wed Apr 19 16:39:18 2017
@@ -41,10 +41,12 @@ import javax.net.ssl.SSLEngineResult;
 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
 import javax.net.ssl.SSLEngineResult.Status;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
 
 import org.apache.hc.core5.annotation.Contract;
 import org.apache.hc.core5.annotation.ThreadingBehavior;
+import org.apache.hc.core5.function.Callback;
 import org.apache.hc.core5.io.ShutdownType;
 import org.apache.hc.core5.net.NamedEndpoint;
 import org.apache.hc.core5.reactor.Command;
@@ -66,6 +68,7 @@ public class SSLIOSession implements IOS
 
     private static final ByteBuffer EMPTY_BUFFER = ByteBuffer.allocate(0);
 
+    private final NamedEndpoint targetEndpoint;
     private final IOSession session;
     private final SSLEngine sslEngine;
     private final SSLBuffer inEncrypted;
@@ -75,6 +78,7 @@ public class SSLIOSession implements IOS
     private final ByteChannel channel;
     private final SSLSessionInitializer initializer;
     private final SSLSessionVerifier verifier;
+    private final Callback<SSLIOSession> callback;
 
     private int appEventMask;
 
@@ -101,8 +105,9 @@ public class SSLIOSession implements IOS
             final SSLMode sslMode,
             final SSLContext sslContext,
             final SSLSessionInitializer initializer,
-            final SSLSessionVerifier verifier) {
-        this(targetEndpoint, session, sslMode, sslContext, SSLBufferManagement.STATIC, initializer, verifier);
+            final SSLSessionVerifier verifier,
+            final Callback<SSLIOSession> callback) {
+        this(targetEndpoint, session, sslMode, sslContext, SSLBufferManagement.STATIC, initializer, verifier, callback);
     }
 
     /**
@@ -125,14 +130,17 @@ public class SSLIOSession implements IOS
             final SSLContext sslContext,
             final SSLBufferManagement sslBufferManagement,
             final SSLSessionInitializer initializer,
-            final SSLSessionVerifier verifier) {
+            final SSLSessionVerifier verifier,
+            final Callback<SSLIOSession> callback) {
         super();
         Args.notNull(session, "IO session");
         Args.notNull(sslContext, "SSL context");
+        this.targetEndpoint = targetEndpoint;
         this.session = session;
         this.sslMode = sslMode;
         this.initializer = initializer;
         this.verifier = verifier;
+        this.callback = callback;
 
         this.appEventMask = session.getEventMask();
         if (this.sslMode == SSLMode.CLIENT && targetEndpoint != null) {
@@ -191,8 +199,8 @@ public class SSLIOSession implements IOS
 
     /**
      * Initializes the session. This method invokes the {@link
-     * SSLSessionInitializer#initialize(SSLEngine)} callback if an instance of
-     * {@link SSLSessionInitializer} was specified at the construction time.
+     * SSLSessionInitializer#initialize(NamedEndpoint, SSLParameters)} callback
+     * if an instance of {@link SSLSessionInitializer} was specified at the construction time.
      *
      * @throws SSLException in case of a SSL protocol exception.
      * @throws IllegalStateException if the session has already been initialized.
@@ -211,7 +219,9 @@ public class SSLIOSession implements IOS
             break;
         }
         if (this.initializer != null) {
-            this.initializer.initialize(this.sslEngine);
+            final SSLParameters sslParameters = this.sslEngine.getSSLParameters();
+            this.initializer.initialize(this.targetEndpoint, sslParameters);
+            this.sslEngine.setSSLParameters(sslParameters);
         }
         this.initialized = true;
         this.sslEngine.beginHandshake();
@@ -341,7 +351,10 @@ public class SSLIOSession implements IOS
         // It is never generated by SSLEngine.getHandshakeStatus().
         if (result != null && result.getHandshakeStatus() == HandshakeStatus.FINISHED) {
             if (this.verifier != null) {
-                this.verifier.verify(this.session, this.sslEngine.getSession());
+                this.verifier.verify(this.targetEndpoint, this.sslEngine.getSession());
+            }
+            if (this.callback != null) {
+                this.callback.execute(this);
             }
         }
     }

Modified: httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLSessionInitializer.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLSessionInitializer.java?rev=1791940&r1=1791939&r2=1791940&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLSessionInitializer.java (original)
+++ httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLSessionInitializer.java Wed Apr 19 16:39:18 2017
@@ -27,8 +27,9 @@
 
 package org.apache.hc.core5.reactor.ssl;
 
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
+
+import org.apache.hc.core5.net.NamedEndpoint;
 
 /**
  * Callback interface that can be used to customize various aspects of
@@ -40,12 +41,14 @@ public interface SSLSessionInitializer {
 
     /**
      * Triggered when the SSL connection is being initialized. Custom handlers
-     * can use this callback to customize properties of the {@link SSLEngine}
-     * used to establish the SSL session.
+     * can use this callback to customize properties of the {@link javax.net.ssl.SSLEngine}
+     * used to establish the SSL session by modifying the given
+     * {@link SSLParameters}.
      *
-     * @param sslengine the SSL engine.
-     * @throws SSLException if case of SSL protocol error.
+     * @param endpoint the endpoint name for a client side session or {@code null}
+     *                 for a server side session.
+     * @param sslParameters the actual SSL parameters.
      */
-    void initialize(SSLEngine sslengine) throws SSLException;
+    void initialize(NamedEndpoint endpoint, SSLParameters sslParameters);
 
 }

Modified: httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLSessionVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLSessionVerifier.java?rev=1791940&r1=1791939&r2=1791940&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLSessionVerifier.java (original)
+++ httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLSessionVerifier.java Wed Apr 19 16:39:18 2017
@@ -30,7 +30,7 @@ package org.apache.hc.core5.reactor.ssl;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLSession;
 
-import org.apache.hc.core5.reactor.IOSession;
+import org.apache.hc.core5.net.NamedEndpoint;
 
 /**
  * Callback interface that can be used to customize various aspects of
@@ -47,10 +47,11 @@ public interface SSLSessionVerifier {
      * For instance this would be the right place to enforce SSL cipher
      * strength, validate certificate chain and do hostname checks.
      *
-     * @param iosession the underlying IOSession for the SSL connection.
+     * @param endpoint the endpoint name for a client side session or {@code null}
+     *                 for a server side session.
      * @param sslsession newly created SSL session.
      * @throws SSLException if case of SSL protocol error.
      */
-    void verify(IOSession iosession, SSLSession sslsession) throws SSLException;
+    void verify(NamedEndpoint endpoint, SSLSession sslsession) throws SSLException;
 
 }

Modified: httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/TransportSecurityLayer.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/TransportSecurityLayer.java?rev=1791940&r1=1791939&r2=1791940&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/TransportSecurityLayer.java (original)
+++ httpcomponents/httpcore/trunk/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/TransportSecurityLayer.java Wed Apr 19 16:39:18 2017
@@ -37,7 +37,7 @@ import javax.net.ssl.SSLSession;
  */
 public interface TransportSecurityLayer {
 
-    void start(
+    void startTls(
             SSLContext sslContext,
             SSLBufferManagement sslBufferManagement,
             SSLSessionInitializer initializer,