View Javadoc
1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  
28  package org.apache.hc.client5.http.ssl;
29  
30  import javax.net.ssl.HostnameVerifier;
31  import javax.net.ssl.SSLContext;
32  import javax.net.ssl.SSLEngine;
33  
34  import org.apache.hc.core5.function.Factory;
35  import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
36  import org.apache.hc.core5.http.ssl.TLS;
37  import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
38  import org.apache.hc.core5.reactor.ssl.TlsDetails;
39  import org.apache.hc.core5.ssl.SSLContexts;
40  
41  /**
42   * Builder for client TLS strategy instances.
43   * <p>
44   * When a particular component is not explicitly set this class will
45   * use its default implementation. System properties will be taken
46   * into account when configuring the default implementations when
47   * {@link #useSystemProperties()} method is called prior to calling
48   * {@link #buildAsync()} or {@link #buildClassic()}.
49   * </p>
50   * <ul>
51   *  <li>ssl.TrustManagerFactory.algorithm</li>
52   *  <li>javax.net.ssl.trustStoreType</li>
53   *  <li>javax.net.ssl.trustStore</li>
54   *  <li>javax.net.ssl.trustStoreProvider</li>
55   *  <li>javax.net.ssl.trustStorePassword</li>
56   *  <li>ssl.KeyManagerFactory.algorithm</li>
57   *  <li>javax.net.ssl.keyStoreType</li>
58   *  <li>javax.net.ssl.keyStore</li>
59   *  <li>javax.net.ssl.keyStoreProvider</li>
60   *  <li>javax.net.ssl.keyStorePassword</li>
61   *  <li>https.protocols</li>
62   *  <li>https.cipherSuites</li>
63   * </ul>
64   *
65   * @since 5.0
66   */
67  public class ClientTlsStrategyBuilder {
68  
69      public static ClientTlsStrategyBuilder create() {
70          return new ClientTlsStrategyBuilder();
71      }
72  
73      private SSLContext sslContext;
74      private String[] tlsVersions;
75      private String[] ciphers;
76      private SSLBufferMode sslBufferMode;
77      private HostnameVerificationPolicy hostnameVerificationPolicy;
78      private HostnameVerifier hostnameVerifier;
79      private boolean systemProperties;
80  
81      /**
82       * Sets {@link SSLContext} instance.
83       *
84       * @return this instance.
85       */
86      public ClientTlsStrategyBuilder setSslContext(final SSLContext sslContext) {
87          this.sslContext = sslContext;
88          return this;
89      }
90  
91      /**
92       * Sets enabled {@code TLS} versions.
93       *
94       * @return this instance.
95       */
96      public final ClientTlsStrategyBuilder setTlsVersions(final String... tlslVersions) {
97          this.tlsVersions = tlslVersions;
98          return this;
99      }
100 
101     /**
102      * Sets enabled {@code TLS} versions.
103      *
104      * @return this instance.
105      */
106     public final ClientTlsStrategyBuilder setTlsVersions(final TLS... tlslVersions) {
107         this.tlsVersions = new String[tlslVersions.length];
108         for (int i = 0; i < tlslVersions.length; i++) {
109             this.tlsVersions[i] = tlslVersions[i].id;
110         }
111         return this;
112     }
113 
114     /**
115      * Sets enabled ciphers.
116      *
117      * @return this instance.
118      */
119     public final ClientTlsStrategyBuilder setCiphers(final String... ciphers) {
120         this.ciphers = ciphers;
121         return this;
122     }
123 
124     /**
125      * Sets {@link SSLBufferMode} value.
126      *
127      * @return this instance.
128      */
129     public ClientTlsStrategyBuilder setSslBufferMode(final SSLBufferMode sslBufferMode) {
130         this.sslBufferMode = sslBufferMode;
131         return this;
132     }
133 
134     /**
135      * Sets {@link HostnameVerificationPolicy} value.
136      *
137      * @deprecated Use #setHostVerificationPolicy
138      */
139     @Deprecated
140     public void setHostnameVerificationPolicy(final HostnameVerificationPolicy hostnameVerificationPolicy) {
141         this.hostnameVerificationPolicy = hostnameVerificationPolicy;
142     }
143 
144     /**
145      * Sets {@link HostnameVerificationPolicy} value.
146      *
147      * @since 5.5
148      */
149     public ClientTlsStrategyBuilder setHostVerificationPolicy(final HostnameVerificationPolicy hostnameVerificationPolicy) {
150         this.hostnameVerificationPolicy = hostnameVerificationPolicy;
151         return this;
152     }
153 
154     /**
155      * Sets {@link HostnameVerifier} instance.
156      *
157      * @return this instance.
158      */
159     public ClientTlsStrategyBuilder setHostnameVerifier(final HostnameVerifier hostnameVerifier) {
160         this.hostnameVerifier = hostnameVerifier;
161         return this;
162     }
163 
164     /**
165      * Sets {@link TlsDetails} {@link Factory} instance.
166      *
167      * @return this instance.
168      * @deprecated Do not use. This method has no effect.
169      */
170     @Deprecated
171     public ClientTlsStrategyBuilder setTlsDetailsFactory(final Factory<SSLEngine, TlsDetails> tlsDetailsFactory) {
172         return this;
173     }
174 
175     /**
176      * Use system properties when creating and configuring default
177      * implementations.
178      *
179      * @return this instance.
180      */
181     public final ClientTlsStrategyBuilder useSystemProperties() {
182         this.systemProperties = true;
183         return this;
184     }
185 
186     /**
187      * @deprecated Use {@link #buildAsync()} or {@link #buildClassic()}.
188      */
189     @Deprecated
190     public TlsStrategy build() {
191         return buildImpl();
192     }
193 
194     /**
195      * @since 5.5
196      */
197     public TlsStrategy buildAsync() {
198         return buildImpl();
199     }
200 
201     /**
202      * @since 5.5
203      */
204     public TlsSocketStrategy buildClassic() {
205         return buildImpl();
206     }
207 
208     private DefaultClientTlsStrategy buildImpl() {
209         final SSLContext sslContextCopy;
210         if (sslContext != null) {
211             sslContextCopy = sslContext;
212         } else {
213             sslContextCopy = systemProperties ? SSLContexts.createSystemDefault() : SSLContexts.createDefault();
214         }
215         final String[] tlsVersionsCopy;
216         if (tlsVersions != null) {
217             tlsVersionsCopy = tlsVersions;
218         } else {
219             tlsVersionsCopy = systemProperties ? HttpsSupport.getSystemProtocols() : null;
220         }
221         final String[] ciphersCopy;
222         if (ciphers != null) {
223             ciphersCopy = ciphers;
224         } else {
225             ciphersCopy = systemProperties ? HttpsSupport.getSystemCipherSuits() : null;
226         }
227         final HostnameVerificationPolicy hostnameVerificationPolicyCopy = hostnameVerificationPolicy != null ? hostnameVerificationPolicy :
228                 (hostnameVerifier == null ? HostnameVerificationPolicy.BUILTIN : HostnameVerificationPolicy.BOTH);
229         final HostnameVerifier hostnameVerifierCopy = hostnameVerifier != null ? hostnameVerifier :
230                 (hostnameVerificationPolicyCopy == HostnameVerificationPolicy.CLIENT || hostnameVerificationPolicyCopy == HostnameVerificationPolicy.BOTH ?
231                         HttpsSupport.getDefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE);
232         return new DefaultClientTlsStrategy(
233                 sslContextCopy,
234                 tlsVersionsCopy,
235                 ciphersCopy,
236                 sslBufferMode != null ? sslBufferMode : SSLBufferMode.STATIC,
237                 hostnameVerificationPolicyCopy,
238                 hostnameVerifierCopy);
239     }
240 
241 }