1 /* 2 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package jdk.internal.net.http; 27 28 import java.net.InetSocketAddress; 29 import java.util.Arrays; 30 import java.util.ArrayDeque; 31 import java.util.List; 32 import java.util.concurrent.CompletableFuture; 33 import javax.net.ssl.SNIHostName; 34 import javax.net.ssl.SSLContext; 35 import javax.net.ssl.SSLEngine; 36 import javax.net.ssl.SSLParameters; 37 38 import jdk.internal.net.http.common.SSLTube; 39 import jdk.internal.net.http.common.Log; 40 import jdk.internal.net.http.common.Utils; 41 import static jdk.internal.net.http.common.Utils.ServerName; 42 43 /** 44 * Asynchronous version of SSLConnection. 45 * 46 * There are two concrete implementations of this class: AsyncSSLConnection 47 * and AsyncSSLTunnelConnection. 48 * This abstraction is useful when downgrading from HTTP/2 to HTTP/1.1 over 49 * an SSL connection. See ExchangeImpl::get in the case where an ALPNException 50 * is thrown. 51 * 52 * Note: An AsyncSSLConnection wraps a PlainHttpConnection, while an 53 * AsyncSSLTunnelConnection wraps a PlainTunnelingConnection. 54 * If both these wrapped classes where made to inherit from a 55 * common abstraction then it might be possible to merge 56 * AsyncSSLConnection and AsyncSSLTunnelConnection back into 57 * a single class - and simply use different factory methods to 58 * create different wrappees, but this is left up for further cleanup. 59 * 60 */ 61 abstract class AbstractAsyncSSLConnection extends HttpConnection 62 { 63 protected final SSLEngine engine; 64 protected final String serverName; 65 protected final SSLParameters sslParameters; 66 67 // Setting this property disables HTTPS hostname verification. Use with care. 68 private static final boolean disableHostnameVerification 69 = Utils.isHostnameVerificationDisabled(); 70 71 AbstractAsyncSSLConnection(InetSocketAddress addr, 72 HttpClientImpl client, 73 ServerName serverName, int port, 74 String[] alpn) { 75 super(addr, client); 76 this.serverName = serverName.getName(); 77 SSLContext context = client.theSSLContext(); 78 sslParameters = createSSLParameters(client, serverName, alpn); 79 Log.logParams(sslParameters); 80 engine = createEngine(context, serverName.getName(), port, sslParameters); 81 } 82 83 abstract SSLTube getConnectionFlow(); 84 85 final CompletableFuture<String> getALPN() { 86 return getConnectionFlow().getALPN(); 87 } 88 89 final SSLEngine getEngine() { return engine; } 90 91 private static boolean contains(String[] rr, String target) { 92 for (String s : rr) 93 if (target.equalsIgnoreCase(s)) 94 return true; 95 return false; 96 } 97 98 private static SSLParameters createSSLParameters(HttpClientImpl client, 99 ServerName serverName, 100 String[] alpn) { 101 SSLParameters sslp = client.sslParameters(); 102 SSLParameters sslParameters = Utils.copySSLParameters(sslp); 103 // filter out unwanted protocols, if h2 only 104 if (alpn != null && alpn.length != 0 && !contains(alpn, "http/1.1")) { 105 ArrayDeque<String> l = new ArrayDeque<>(); 106 for (String proto : sslParameters.getProtocols()) { 107 if (!proto.startsWith("SSL") && !proto.endsWith("v1.1") && !proto.endsWith("v1")) { 108 l.add(proto); 109 } 110 } 111 String[] a1 = l.toArray(new String[0]); 112 sslParameters.setProtocols(a1); 113 } 114 115 if (!disableHostnameVerification) 116 sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); 117 if (alpn != null) { 118 Log.logSSL("AbstractAsyncSSLConnection: Setting application protocols: {0}", 119 Arrays.toString(alpn)); 120 sslParameters.setApplicationProtocols(alpn); 121 } else { 122 Log.logSSL("AbstractAsyncSSLConnection: no applications set!"); 123 } 124 if (!serverName.isLiteral()) { 125 String name = serverName.getName(); 126 if (name != null && name.length() > 0) { 127 sslParameters.setServerNames(List.of(new SNIHostName(name))); 128 } 129 } 130 return sslParameters; 131 } 132 133 134 private static SSLEngine createEngine(SSLContext context, String serverName, int port, 135 SSLParameters sslParameters) { 136 SSLEngine engine = context.createSSLEngine(serverName, port); 137 engine.setUseClientMode(true); 138 139 engine.setSSLParameters(sslParameters); 140 return engine; 141 } 142 143 @Override 144 final boolean isSecure() { 145 return true; 146 } 147 148 }