diff options
Diffstat (limited to 'http-utils/src/main/java/ai/vespa/util/http/hc5/SslConnectionSocketFactory.java')
-rw-r--r-- | http-utils/src/main/java/ai/vespa/util/http/hc5/SslConnectionSocketFactory.java | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc5/SslConnectionSocketFactory.java b/http-utils/src/main/java/ai/vespa/util/http/hc5/SslConnectionSocketFactory.java new file mode 100644 index 00000000000..7ba408c260b --- /dev/null +++ b/http-utils/src/main/java/ai/vespa/util/http/hc5/SslConnectionSocketFactory.java @@ -0,0 +1,57 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package ai.vespa.util.http.hc5; + +import ai.vespa.util.http.AcceptAllHostnamesVerifier; +import com.yahoo.security.tls.TlsContext; +import org.apache.hc.client5.http.ssl.HttpsSupport; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; + +import java.util.Collection; + +import static com.yahoo.security.tls.TlsContext.getAllowedCipherSuites; +import static com.yahoo.security.tls.TlsContext.getAllowedProtocols; + +/** + * Provides {@link SSLConnectionSocketFactory} that applies protocol restrictions from {@link TlsContext}. + * + * @author bjorncs + */ +public class SslConnectionSocketFactory { + private SslConnectionSocketFactory() {} + + public static SSLConnectionSocketFactory of(SSLContext ctx, HostnameVerifier verifier) { + return new SSLConnectionSocketFactory(ctx, protocols(ctx), cipherSuites(ctx), verifier); + } + + public static SSLConnectionSocketFactory of(SSLContext ctx) { return of(ctx, defaultVerifier()); } + + public static SSLConnectionSocketFactory of(TlsContext ctx, HostnameVerifier verifier) { + return new SSLConnectionSocketFactory( + ctx.context(), ctx.parameters().getProtocols(), ctx.parameters().getCipherSuites(), verifier); + } + + public static SSLConnectionSocketFactory of(TlsContext ctx) { return of(ctx, defaultVerifier()); } + + public static SSLConnectionSocketFactory of(SSLSocketFactory fac, HostnameVerifier verifier) { + return new SSLConnectionSocketFactory(fac, protocols(), cipherSuites(), verifier); + } + + public static SSLConnectionSocketFactory of(HostnameVerifier verifier) { + return of(TlsContext.defaultSslContext(), verifier); + } + + public static HostnameVerifier defaultVerifier() { return HttpsSupport.getDefaultHostnameVerifier(); } + + public static HostnameVerifier noopVerifier() { return AcceptAllHostnamesVerifier.instance(); } + + private static String[] cipherSuites(SSLContext ctx) { return array(getAllowedCipherSuites(ctx)); } + private static String[] protocols(SSLContext ctx) { return array(getAllowedProtocols(ctx)); } + private static String[] cipherSuites() { return array(getAllowedCipherSuites()); } + private static String[] protocols() { return array(getAllowedProtocols()); } + private static String[] array(Collection<String> c) { return c.toArray(String[]::new); } + +} |