You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2021/10/23 16:34:44 UTC
[httpcomponents-client] 02/08: HTTPCLIENT-2182: access to
SSLSession attributes via reflection disallowed as of Java 16. Core TLS
functions now use new Java 1.8 API introduced by 8u251 update
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git
commit 8b73f6b83ca85193662b26204cf57d8d025a8465
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Wed Oct 13 11:44:33 2021 +0200
HTTPCLIENT-2182: access to SSLSession attributes via reflection disallowed as of Java 16. Core TLS functions now use new Java 1.8 API introduced by 8u251 update
---
.../client5/http/ssl/ClientTlsStrategyBuilder.java | 23 ++--
.../client5/http/ssl/DefaultClientTlsStrategy.java | 14 ++-
.../http/examples/AsyncClientCustomSSL.java | 12 --
.../client5/http/examples/AsyncClientTlsAlpn.java | 125 ---------------------
4 files changed, 20 insertions(+), 154 deletions(-)
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java
index 52657e3..3f4e35a 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/ClientTlsStrategyBuilder.java
@@ -30,7 +30,6 @@ package org.apache.hc.client5.http.ssl;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLSession;
import org.apache.hc.core5.function.Factory;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
@@ -38,7 +37,6 @@ import org.apache.hc.core5.http.ssl.TLS;
import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
import org.apache.hc.core5.reactor.ssl.TlsDetails;
import org.apache.hc.core5.ssl.SSLContexts;
-import org.apache.hc.core5.util.ReflectionUtils;
/**
* Builder for client {@link TlsStrategy} instances.
@@ -77,6 +75,10 @@ public class ClientTlsStrategyBuilder {
private String[] ciphers;
private SSLBufferMode sslBufferMode;
private HostnameVerifier hostnameVerifier;
+ /**
+ * @deprecated To be removed.
+ */
+ @Deprecated
private Factory<SSLEngine, TlsDetails> tlsDetailsFactory;
private boolean systemProperties;
@@ -133,7 +135,10 @@ public class ClientTlsStrategyBuilder {
/**
* Assigns {@link TlsDetails} {@link Factory} instance.
+ *
+ * @deprecated Do not use.
*/
+ @Deprecated
public ClientTlsStrategyBuilder setTlsDetailsFactory(final Factory<SSLEngine, TlsDetails> tlsDetailsFactory) {
this.tlsDetailsFactory = tlsDetailsFactory;
return this;
@@ -148,6 +153,7 @@ public class ClientTlsStrategyBuilder {
return this;
}
+ @SuppressWarnings("deprecation")
public TlsStrategy build() {
final SSLContext sslContextCopy;
if (sslContext != null) {
@@ -167,24 +173,13 @@ public class ClientTlsStrategyBuilder {
} else {
ciphersCopy = systemProperties ? HttpsSupport.getSystemCipherSuits() : null;
}
- final Factory<SSLEngine, TlsDetails> tlsDetailsFactoryCopy;
- if (tlsDetailsFactory != null) {
- tlsDetailsFactoryCopy = tlsDetailsFactory;
- } else {
- tlsDetailsFactoryCopy = sslEngine -> {
- final SSLSession sslSession = sslEngine.getSession();
- final String applicationProtocol = ReflectionUtils.callGetter(sslEngine,
- "ApplicationProtocol", String.class);
- return new TlsDetails(sslSession, applicationProtocol);
- };
- }
return new DefaultClientTlsStrategy(
sslContextCopy,
tlsVersionsCopy,
ciphersCopy,
sslBufferMode != null ? sslBufferMode : SSLBufferMode.STATIC,
hostnameVerifier != null ? hostnameVerifier : HttpsSupport.getDefaultHostnameVerifier(),
- tlsDetailsFactoryCopy);
+ tlsDetailsFactory);
}
}
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java
index 872605d..dfa2664 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultClientTlsStrategy.java
@@ -63,8 +63,16 @@ public class DefaultClientTlsStrategy extends AbstractClientTlsStrategy {
HttpsSupport.getDefaultHostnameVerifier());
}
- private final Factory<SSLEngine, TlsDetails> tlsDetailsFactory;
+ /**
+ * @deprecated To be removed.
+ */
+ @Deprecated
+ private Factory<SSLEngine, TlsDetails> tlsDetailsFactory;
+ /**
+ * @deprecated Use {@link DefaultClientTlsStrategy#DefaultClientTlsStrategy(SSLContext, String[], String[], SSLBufferMode, HostnameVerifier)}
+ */
+ @Deprecated
public DefaultClientTlsStrategy(
final SSLContext sslContext,
final String[] supportedProtocols,
@@ -82,13 +90,13 @@ public class DefaultClientTlsStrategy extends AbstractClientTlsStrategy {
final String[] supportedCipherSuites,
final SSLBufferMode sslBufferManagement,
final HostnameVerifier hostnameVerifier) {
- this(sslContext, supportedProtocols, supportedCipherSuites, sslBufferManagement, hostnameVerifier, null);
+ super(sslContext, supportedProtocols, supportedCipherSuites, sslBufferManagement, hostnameVerifier);
}
public DefaultClientTlsStrategy(
final SSLContext sslcontext,
final HostnameVerifier hostnameVerifier) {
- this(sslcontext, null, null, SSLBufferMode.STATIC, hostnameVerifier, null);
+ this(sslcontext, null, null, SSLBufferMode.STATIC, hostnameVerifier);
}
public DefaultClientTlsStrategy(final SSLContext sslcontext) {
diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientCustomSSL.java b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientCustomSSL.java
index 34176e4..12e28eb 100644
--- a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientCustomSSL.java
+++ b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientCustomSSL.java
@@ -66,18 +66,6 @@ public class AsyncClientCustomSSL {
.build();
final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
.setSslContext(sslcontext)
- // IMPORTANT uncomment the following method when running Java 9 or older
- // in order for ALPN support to work and avoid the illegal reflective
- // access operation warning
- /*
- .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
-
- @Override
- public TlsDetails create(final SSLEngine sslEngine) {
- return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
- }
- })
- */
.build();
final PoolingAsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientTlsAlpn.java b/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientTlsAlpn.java
deleted file mode 100644
index 97db267..0000000
--- a/httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientTlsAlpn.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * ====================================================================
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- */
-package org.apache.hc.client5.http.examples;
-
-import java.util.concurrent.Future;
-
-import javax.net.ssl.SSLSession;
-
-import org.apache.hc.client5.http.async.methods.SimpleHttpRequest;
-import org.apache.hc.client5.http.async.methods.SimpleHttpResponse;
-import org.apache.hc.client5.http.async.methods.SimpleRequestBuilder;
-import org.apache.hc.client5.http.async.methods.SimpleRequestProducer;
-import org.apache.hc.client5.http.async.methods.SimpleResponseConsumer;
-import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
-import org.apache.hc.client5.http.impl.async.HttpAsyncClients;
-import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
-import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
-import org.apache.hc.client5.http.protocol.HttpClientContext;
-import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
-import org.apache.hc.core5.concurrent.FutureCallback;
-import org.apache.hc.core5.http.HttpHost;
-import org.apache.hc.core5.http.message.StatusLine;
-import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
-import org.apache.hc.core5.io.CloseMode;
-
-/**
- * This example demonstrates how to avoid the illegal reflective access operation warning
- * when running with Oracle JRE 9 or newer.
- */
-public class AsyncClientTlsAlpn {
-
- public final static void main(final String[] args) throws Exception {
- final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
- .useSystemProperties()
- // IMPORTANT uncomment the following method when running Java 9 or older
- // in order for ALPN support to work and avoid the illegal reflective
- // access operation warning
- /*
- .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
-
- @Override
- public TlsDetails create(final SSLEngine sslEngine) {
- return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
- }
- })
- */
- .build();
- final PoolingAsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
- .setTlsStrategy(tlsStrategy)
- .build();
- try (final CloseableHttpAsyncClient client = HttpAsyncClients.custom()
- .setConnectionManager(cm)
- .build()) {
-
- client.start();
-
- final HttpHost target = new HttpHost("https", "nghttp2.org");
- final HttpClientContext clientContext = HttpClientContext.create();
-
- final SimpleHttpRequest request = SimpleRequestBuilder.get()
- .setHttpHost(target)
- .setPath("/httpbin/")
- .build();
-
- System.out.println("Executing request " + request);
- final Future<SimpleHttpResponse> future = client.execute(
- SimpleRequestProducer.create(request),
- SimpleResponseConsumer.create(),
- clientContext,
- new FutureCallback<SimpleHttpResponse>() {
-
- @Override
- public void completed(final SimpleHttpResponse response) {
- System.out.println(request + "->" + new StatusLine(response));
- final SSLSession sslSession = clientContext.getSSLSession();
- if (sslSession != null) {
- System.out.println("SSL protocol " + sslSession.getProtocol());
- System.out.println("SSL cipher suite " + sslSession.getCipherSuite());
- }
- System.out.println(response.getBody());
- }
-
- @Override
- public void failed(final Exception ex) {
- System.out.println(request + "->" + ex);
- }
-
- @Override
- public void cancelled() {
- System.out.println(request + " cancelled");
- }
-
- });
- future.get();
-
- System.out.println("Shutting down");
- client.close(CloseMode.GRACEFUL);
- }
- }
-
-}