Path: blob/master/src/java.net.http/share/classes/jdk/internal/net/http/AbstractAsyncSSLConnection.java
41171 views
/*1* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package jdk.internal.net.http;2627import java.net.InetSocketAddress;28import java.util.Arrays;29import java.util.ArrayDeque;30import java.util.List;31import java.util.concurrent.CompletableFuture;32import javax.net.ssl.SNIHostName;33import javax.net.ssl.SSLContext;34import javax.net.ssl.SSLEngine;35import javax.net.ssl.SSLParameters;3637import jdk.internal.net.http.common.SSLTube;38import jdk.internal.net.http.common.Log;39import jdk.internal.net.http.common.Utils;40import static jdk.internal.net.http.common.Utils.ServerName;4142/**43* Asynchronous version of SSLConnection.44*45* There are two concrete implementations of this class: AsyncSSLConnection46* and AsyncSSLTunnelConnection.47* This abstraction is useful when downgrading from HTTP/2 to HTTP/1.1 over48* an SSL connection. See ExchangeImpl::get in the case where an ALPNException49* is thrown.50*51* Note: An AsyncSSLConnection wraps a PlainHttpConnection, while an52* AsyncSSLTunnelConnection wraps a PlainTunnelingConnection.53* If both these wrapped classes where made to inherit from a54* common abstraction then it might be possible to merge55* AsyncSSLConnection and AsyncSSLTunnelConnection back into56* a single class - and simply use different factory methods to57* create different wrappees, but this is left up for further cleanup.58*59*/60abstract class AbstractAsyncSSLConnection extends HttpConnection61{62protected final SSLEngine engine;63protected final String serverName;64protected final SSLParameters sslParameters;6566// Setting this property disables HTTPS hostname verification. Use with care.67private static final boolean disableHostnameVerification68= Utils.isHostnameVerificationDisabled();6970AbstractAsyncSSLConnection(InetSocketAddress addr,71HttpClientImpl client,72ServerName serverName, int port,73String[] alpn) {74super(addr, client);75this.serverName = serverName.getName();76SSLContext context = client.theSSLContext();77sslParameters = createSSLParameters(client, serverName, alpn);78Log.logParams(sslParameters);79engine = createEngine(context, serverName.getName(), port, sslParameters);80}8182abstract SSLTube getConnectionFlow();8384final CompletableFuture<String> getALPN() {85return getConnectionFlow().getALPN();86}8788final SSLEngine getEngine() { return engine; }8990private static boolean contains(String[] rr, String target) {91for (String s : rr)92if (target.equalsIgnoreCase(s))93return true;94return false;95}9697private static SSLParameters createSSLParameters(HttpClientImpl client,98ServerName serverName,99String[] alpn) {100SSLParameters sslp = client.sslParameters();101SSLParameters sslParameters = Utils.copySSLParameters(sslp);102// filter out unwanted protocols, if h2 only103if (alpn != null && alpn.length != 0 && !contains(alpn, "http/1.1")) {104ArrayDeque<String> l = new ArrayDeque<>();105for (String proto : sslParameters.getProtocols()) {106if (!proto.startsWith("SSL") && !proto.endsWith("v1.1") && !proto.endsWith("v1")) {107l.add(proto);108}109}110String[] a1 = l.toArray(new String[0]);111sslParameters.setProtocols(a1);112}113114if (!disableHostnameVerification)115sslParameters.setEndpointIdentificationAlgorithm("HTTPS");116if (alpn != null) {117Log.logSSL("AbstractAsyncSSLConnection: Setting application protocols: {0}",118Arrays.toString(alpn));119sslParameters.setApplicationProtocols(alpn);120} else {121Log.logSSL("AbstractAsyncSSLConnection: no applications set!");122}123if (!serverName.isLiteral()) {124String name = serverName.getName();125if (name != null && name.length() > 0) {126sslParameters.setServerNames(List.of(new SNIHostName(name)));127}128}129return sslParameters;130}131132133private static SSLEngine createEngine(SSLContext context, String serverName, int port,134SSLParameters sslParameters) {135SSLEngine engine = context.createSSLEngine(serverName, port);136engine.setUseClientMode(true);137138engine.setSSLParameters(sslParameters);139return engine;140}141142@Override143final boolean isSecure() {144return true;145}146147}148149150