/*
 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package jdk.internal.net.http;

import java.net.InetSocketAddress;
import java.util.Arrays;
import java.util.ArrayDeque;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

import jdk.internal.net.http.common.SSLTube;
import jdk.internal.net.http.common.Log;
import jdk.internal.net.http.common.Utils;
import static jdk.internal.net.http.common.Utils.ServerName;

Asynchronous version of SSLConnection. There are two concrete implementations of this class: AsyncSSLConnection and AsyncSSLTunnelConnection. This abstraction is useful when downgrading from HTTP/2 to HTTP/1.1 over an SSL connection. See ExchangeImpl::get in the case where an ALPNException is thrown. Note: An AsyncSSLConnection wraps a PlainHttpConnection, while an AsyncSSLTunnelConnection wraps a PlainTunnelingConnection. If both these wrapped classes where made to inherit from a common abstraction then it might be possible to merge AsyncSSLConnection and AsyncSSLTunnelConnection back into a single class - and simply use different factory methods to create different wrappees, but this is left up for further cleanup.
/** * Asynchronous version of SSLConnection. * * There are two concrete implementations of this class: AsyncSSLConnection * and AsyncSSLTunnelConnection. * This abstraction is useful when downgrading from HTTP/2 to HTTP/1.1 over * an SSL connection. See ExchangeImpl::get in the case where an ALPNException * is thrown. * * Note: An AsyncSSLConnection wraps a PlainHttpConnection, while an * AsyncSSLTunnelConnection wraps a PlainTunnelingConnection. * If both these wrapped classes where made to inherit from a * common abstraction then it might be possible to merge * AsyncSSLConnection and AsyncSSLTunnelConnection back into * a single class - and simply use different factory methods to * create different wrappees, but this is left up for further cleanup. * */
abstract class AbstractAsyncSSLConnection extends HttpConnection { protected final SSLEngine engine; protected final String serverName; protected final SSLParameters sslParameters; // Setting this property disables HTTPS hostname verification. Use with care. private static final boolean disableHostnameVerification = Utils.isHostnameVerificationDisabled(); AbstractAsyncSSLConnection(InetSocketAddress addr, HttpClientImpl client, ServerName serverName, int port, String[] alpn) { super(addr, client); this.serverName = serverName.getName(); SSLContext context = client.theSSLContext(); sslParameters = createSSLParameters(client, serverName, alpn); Log.logParams(sslParameters); engine = createEngine(context, serverName.getName(), port, sslParameters); } abstract SSLTube getConnectionFlow(); final CompletableFuture<String> getALPN() { return getConnectionFlow().getALPN(); } final SSLEngine getEngine() { return engine; } private static boolean contains(String[] rr, String target) { for (String s : rr) if (target.equalsIgnoreCase(s)) return true; return false; } private static SSLParameters createSSLParameters(HttpClientImpl client, ServerName serverName, String[] alpn) { SSLParameters sslp = client.sslParameters(); SSLParameters sslParameters = Utils.copySSLParameters(sslp); // filter out unwanted protocols, if h2 only if (alpn != null && alpn.length != 0 && !contains(alpn, "http/1.1")) { ArrayDeque<String> l = new ArrayDeque<>(); for (String proto : sslParameters.getProtocols()) { if (!proto.startsWith("SSL") && !proto.endsWith("v1.1") && !proto.endsWith("v1")) { l.add(proto); } } String[] a1 = l.toArray(new String[0]); sslParameters.setProtocols(a1); } if (!disableHostnameVerification) sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); if (alpn != null) { Log.logSSL("AbstractAsyncSSLConnection: Setting application protocols: {0}", Arrays.toString(alpn)); sslParameters.setApplicationProtocols(alpn); } else { Log.logSSL("AbstractAsyncSSLConnection: no applications set!"); } if (!serverName.isLiteral()) { String name = serverName.getName(); if (name != null && name.length() > 0) { sslParameters.setServerNames(List.of(new SNIHostName(name))); } } return sslParameters; } private static SSLEngine createEngine(SSLContext context, String serverName, int port, SSLParameters sslParameters) { SSLEngine engine = context.createSSLEngine(serverName, port); engine.setUseClientMode(true); engine.setSSLParameters(sslParameters); return engine; } @Override final boolean isSecure() { return true; } }