1 /*
2 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package jdk.internal.net.http;
27
28 import java.net.InetSocketAddress;
29 import java.util.Arrays;
30 import java.util.ArrayDeque;
31 import java.util.List;
32 import java.util.concurrent.CompletableFuture;
33 import javax.net.ssl.SNIHostName;
34 import javax.net.ssl.SSLContext;
35 import javax.net.ssl.SSLEngine;
36 import javax.net.ssl.SSLParameters;
37
38 import jdk.internal.net.http.common.SSLTube;
39 import jdk.internal.net.http.common.Log;
40 import jdk.internal.net.http.common.Utils;
41 import static jdk.internal.net.http.common.Utils.ServerName;
42
43 /**
44 * Asynchronous version of SSLConnection.
45 *
46 * There are two concrete implementations of this class: AsyncSSLConnection
47 * and AsyncSSLTunnelConnection.
48 * This abstraction is useful when downgrading from HTTP/2 to HTTP/1.1 over
49 * an SSL connection. See ExchangeImpl::get in the case where an ALPNException
50 * is thrown.
51 *
52 * Note: An AsyncSSLConnection wraps a PlainHttpConnection, while an
53 * AsyncSSLTunnelConnection wraps a PlainTunnelingConnection.
54 * If both these wrapped classes where made to inherit from a
55 * common abstraction then it might be possible to merge
56 * AsyncSSLConnection and AsyncSSLTunnelConnection back into
57 * a single class - and simply use different factory methods to
58 * create different wrappees, but this is left up for further cleanup.
59 *
60 */
61 abstract class AbstractAsyncSSLConnection extends HttpConnection
62 {
63 protected final SSLEngine engine;
64 protected final String serverName;
65 protected final SSLParameters sslParameters;
66
67 // Setting this property disables HTTPS hostname verification. Use with care.
68 private static final boolean disableHostnameVerification
69 = Utils.isHostnameVerificationDisabled();
70
71 AbstractAsyncSSLConnection(InetSocketAddress addr,
72 HttpClientImpl client,
73 ServerName serverName, int port,
74 String[] alpn) {
75 super(addr, client);
76 this.serverName = serverName.getName();
77 SSLContext context = client.theSSLContext();
78 sslParameters = createSSLParameters(client, serverName, alpn);
79 Log.logParams(sslParameters);
80 engine = createEngine(context, serverName.getName(), port, sslParameters);
81 }
82
83 abstract SSLTube getConnectionFlow();
84
85 final CompletableFuture<String> getALPN() {
86 return getConnectionFlow().getALPN();
87 }
88
89 final SSLEngine getEngine() { return engine; }
90
91 private static boolean contains(String[] rr, String target) {
92 for (String s : rr)
93 if (target.equalsIgnoreCase(s))
94 return true;
95 return false;
96 }
97
98 private static SSLParameters createSSLParameters(HttpClientImpl client,
99 ServerName serverName,
100 String[] alpn) {
101 SSLParameters sslp = client.sslParameters();
102 SSLParameters sslParameters = Utils.copySSLParameters(sslp);
103 // filter out unwanted protocols, if h2 only
104 if (alpn != null && alpn.length != 0 && !contains(alpn, "http/1.1")) {
105 ArrayDeque<String> l = new ArrayDeque<>();
106 for (String proto : sslParameters.getProtocols()) {
107 if (!proto.startsWith("SSL") && !proto.endsWith("v1.1") && !proto.endsWith("v1")) {
108 l.add(proto);
109 }
110 }
111 String[] a1 = l.toArray(new String[0]);
112 sslParameters.setProtocols(a1);
113 }
114
115 if (!disableHostnameVerification)
116 sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
117 if (alpn != null) {
118 Log.logSSL("AbstractAsyncSSLConnection: Setting application protocols: {0}",
119 Arrays.toString(alpn));
120 sslParameters.setApplicationProtocols(alpn);
121 } else {
122 Log.logSSL("AbstractAsyncSSLConnection: no applications set!");
123 }
124 if (!serverName.isLiteral()) {
125 String name = serverName.getName();
126 if (name != null && name.length() > 0) {
127 sslParameters.setServerNames(List.of(new SNIHostName(name)));
128 }
129 }
130 return sslParameters;
131 }
132
133
134 private static SSLEngine createEngine(SSLContext context, String serverName, int port,
135 SSLParameters sslParameters) {
136 SSLEngine engine = context.createSSLEngine(serverName, port);
137 engine.setUseClientMode(true);
138
139 engine.setSSLParameters(sslParameters);
140 return engine;
141 }
142
143 @Override
144 final boolean isSecure() {
145 return true;
146 }
147
148 }