You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2017/04/19 16:40:01 UTC
svn commit: r1791944 - in
/httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl:
H2ClientTlsStrategy.java H2ServerTlsStrategy.java H2TlsSupport.java
Author: olegk
Date: Wed Apr 19 16:40:01 2017
New Revision: 1791944
URL: http://svn.apache.org/viewvc?rev=1791944&view=rev
Log:
Support TLS ALPN and disable TLS renegotiation via reflection on Java 1.9+
Modified:
httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ClientTlsStrategy.java
httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java
httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2TlsSupport.java
Modified: httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ClientTlsStrategy.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ClientTlsStrategy.java?rev=1791944&r1=1791943&r2=1791944&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ClientTlsStrategy.java (original)
+++ httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ClientTlsStrategy.java Wed Apr 19 16:40:01 2017
@@ -95,7 +95,8 @@ public class H2ClientTlsStrategy impleme
final String scheme = host != null ? host.getSchemeName() : null;
if ("https".equalsIgnoreCase(scheme)) {
tlsSession.startTls(sslContext, sslBufferManagement,
- H2TlsSupport.decorateInitializer(initializer), verifier);
+ H2TlsSupport.enforceRequirements(initializer),
+ verifier);
}
}
Modified: httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java?rev=1791944&r1=1791943&r2=1791944&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java (original)
+++ httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2ServerTlsStrategy.java Wed Apr 19 16:40:01 2017
@@ -102,7 +102,8 @@ public class H2ServerTlsStrategy impleme
for (final int securePort: securePorts) {
if (port == securePort) {
tlsSession.startTls(sslContext, sslBufferManagement,
- H2TlsSupport.decorateInitializer(initializer), verifier);
+ H2TlsSupport.enforceRequirements(initializer),
+ verifier);
break;
}
}
Modified: httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2TlsSupport.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2TlsSupport.java?rev=1791944&r1=1791943&r2=1791944&view=diff
==============================================================================
--- httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2TlsSupport.java (original)
+++ httpcomponents/httpcore/trunk/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/ssl/H2TlsSupport.java Wed Apr 19 16:40:01 2017
@@ -27,6 +27,7 @@
package org.apache.hc.core5.http2.ssl;
+import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -358,13 +359,52 @@ public final class H2TlsSupport {
return enabledCiphers != null ? enabledCiphers.toArray(new String[enabledCiphers.size()]) : ciphers;
}
- public static SSLSessionInitializer decorateInitializer(final SSLSessionInitializer initializer) {
+ static void applyParameter(final SSLParameters sslParameters, final String name, final Class type, final Object value) {
+ try {
+ final Class<? extends SSLParameters> clazz = sslParameters.getClass();
+ final Method method = clazz.getMethod("set" + name, type);
+ method.invoke(sslParameters, value);
+ } catch (final Exception ignore) {
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ static <T> T getParameter(final SSLParameters sslParameters, final String name, final Class<T> resultType) {
+ try {
+ final Class<? extends SSLParameters> clazz = sslParameters.getClass();
+ final Method method = clazz.getMethod("get" + name);
+ return resultType.cast(method.invoke(sslParameters));
+ } catch (final Exception ignore) {
+ return null;
+ }
+ }
+
+ public static void setEnableRetransmissions(final SSLParameters sslParameters, final boolean value) {
+ applyParameter(sslParameters, "EnableRetransmissions", Boolean.TYPE, value);
+ }
+
+ public static void setApplicationProtocols(final SSLParameters sslParameters, final String[] values) {
+ applyParameter(sslParameters, "ApplicationProtocols", String[].class, values);
+ }
+
+ public static Boolean getEnableRetransmissions(final SSLParameters sslParameters) {
+ return getParameter(sslParameters, "EnableRetransmissions", Boolean.class);
+ }
+
+ public static String[] getApplicationProtocols(final SSLParameters sslParameters) {
+ return getParameter(sslParameters, "ApplicationProtocols", String[].class);
+ }
+
+ public static SSLSessionInitializer enforceRequirements(final SSLSessionInitializer initializer) {
return new SSLSessionInitializer() {
@Override
public void initialize(final NamedEndpoint endpoint, final SSLParameters sslParameters) {
- sslParameters.setProtocols(H2TlsSupport.excludeBlacklistedProtocols(sslParameters.getProtocols()));
- sslParameters.setCipherSuites(H2TlsSupport.excludeBlacklistedCiphers(sslParameters.getCipherSuites()));
+ sslParameters.setProtocols(excludeBlacklistedProtocols(sslParameters.getProtocols()));
+ sslParameters.setCipherSuites(excludeBlacklistedCiphers(sslParameters.getCipherSuites()));
+ setEnableRetransmissions(sslParameters, false);
+ setApplicationProtocols(sslParameters, new String[] { "h2" });
+
if (initializer != null) {
initializer.initialize(endpoint, sslParameters);
}