This is an automated email from the ASF dual-hosted git repository. reta pushed a commit to branch http.client5 in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 6728078498c28ed46c02da883c028b1b6f3b332b Author: Andriy Redko <[email protected]> AuthorDate: Thu Nov 21 20:05:44 2024 -0500 Update Apache HttpClient5 to 5.4.1 and Apache HttpCore5 to 5.3.1 --- parent/pom.xml | 4 +- .../http/asyncclient/hc5/AsyncHTTPConduit.java | 45 ++++++++-------------- .../asyncclient/hc5/AsyncHTTPConduitFactory.java | 2 +- .../hc5/URLConnectionAsyncHTTPConduit.java | 45 ++++++++-------------- 4 files changed, 37 insertions(+), 59 deletions(-) diff --git a/parent/pom.xml b/parent/pom.xml index ed48cc09a7..57c1ab949f 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -129,8 +129,8 @@ <cxf.httpcomponents.client.version>4.5.14</cxf.httpcomponents.client.version> <cxf.httpcomponents.core.version.range>[4.3,4.5.0)</cxf.httpcomponents.core.version.range> <cxf.httpcomponents.core.version>4.4.16</cxf.httpcomponents.core.version> - <cxf.httpcomponents.client5.version>5.3.1</cxf.httpcomponents.client5.version> - <cxf.httpcomponents.core5.version>5.2.5</cxf.httpcomponents.core5.version> + <cxf.httpcomponents.client5.version>5.4.1</cxf.httpcomponents.client5.version> + <cxf.httpcomponents.core5.version>5.3.1</cxf.httpcomponents.core5.version> <cxf.jackson.version>2.17.2</cxf.jackson.version> <cxf.jackson.databind.version>2.17.2</cxf.jackson.databind.version> <cxf.jacorb.version>3.9</cxf.jacorb.version> diff --git a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java index 8b27ffeea1..52739f6099 100644 --- a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java +++ b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java @@ -44,7 +44,6 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLException; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; @@ -78,19 +77,16 @@ import org.apache.hc.client5.http.config.RequestConfig; import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient; import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; import org.apache.hc.client5.http.protocol.HttpClientContext; +import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy; import org.apache.hc.core5.concurrent.BasicFuture; import org.apache.hc.core5.concurrent.FutureCallback; import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.HttpResponse; import org.apache.hc.core5.http.config.Registry; -import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.apache.hc.core5.http.protocol.HttpContext; -import org.apache.hc.core5.net.NamedEndpoint; -import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer; -import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier; -import org.apache.hc.core5.reactor.ssl.TlsDetails; +import org.apache.hc.core5.reactor.ssl.SSLBufferMode; import org.apache.hc.core5.util.Timeout; /** @@ -571,28 +567,21 @@ public class AsyncHTTPConduit extends HttpClientHTTPConduit { final HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils .getHostnameVerifier(tlsClientParameters); - tlsStrategy = new BasicClientTlsStrategy(sslcontext, - new SSLSessionInitializer() { - @Override - public void initialize(NamedEndpoint endpoint, SSLEngine engine) { - initializeSSLEngine(sslcontext, engine); - } - }, - new SSLSessionVerifier() { - @Override - public TlsDetails verify(NamedEndpoint endpoint, SSLEngine engine) - throws SSLException { - final SSLSession sslsession = engine.getSession(); - - if (!verifier.verify(endpoint.getHostName(), sslsession)) { - throw new SSLException("Could not verify host " + endpoint.getHostName()); - } - - setSSLSession(sslsession); - return new TlsDetails(sslsession, engine.getApplicationProtocol()); - } - } - ); + String[] cipherSuites = + SSLUtils.getCiphersuitesToInclude(tlsClientParameters.getCipherSuites(), + tlsClientParameters.getCipherSuitesFilter(), + sslcontext.getSocketFactory().getDefaultCipherSuites(), + SSLUtils.getSupportedCipherSuites(sslcontext), + LOG); + + final String protocol = tlsClientParameters.getSecureSocketProtocol() != null ? tlsClientParameters + .getSecureSocketProtocol() : sslcontext.getProtocol(); + + final String[] protocols = findProtocols(protocol, + sslContext.getSupportedSSLParameters().getProtocols()); + + tlsStrategy = new DefaultClientTlsStrategy(sslcontext, protocols, + cipherSuites, SSLBufferMode.STATIC, verifier); } catch (final GeneralSecurityException e) { LOG.warning(e.getMessage()); } diff --git a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduitFactory.java b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduitFactory.java index 634843dc19..5b98bf1434 100644 --- a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduitFactory.java +++ b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduitFactory.java @@ -346,7 +346,7 @@ public class AsyncHTTPConduitFactory implements HTTPConduitFactory { final Lookup<TlsStrategy> tlsLookupStrategy = RegistryBuilder.<TlsStrategy>create() - .register("https", (tlsStrategy != null) ? tlsStrategy : DefaultClientTlsStrategy.getSystemDefault()) + .register("https", (tlsStrategy != null) ? tlsStrategy : DefaultClientTlsStrategy.createSystemDefault()) .build(); final PoolingAsyncClientConnectionManager connectionManager = new PoolingAsyncClientConnectionManager( diff --git a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/URLConnectionAsyncHTTPConduit.java b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/URLConnectionAsyncHTTPConduit.java index 6732f1e124..09c8dd2a45 100644 --- a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/URLConnectionAsyncHTTPConduit.java +++ b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/URLConnectionAsyncHTTPConduit.java @@ -44,7 +44,6 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLException; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; @@ -78,19 +77,16 @@ import org.apache.hc.client5.http.config.RequestConfig; import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient; import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; import org.apache.hc.client5.http.protocol.HttpClientContext; +import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy; import org.apache.hc.core5.concurrent.BasicFuture; import org.apache.hc.core5.concurrent.FutureCallback; import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.HttpResponse; import org.apache.hc.core5.http.config.Registry; -import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.apache.hc.core5.http.protocol.HttpContext; -import org.apache.hc.core5.net.NamedEndpoint; -import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer; -import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier; -import org.apache.hc.core5.reactor.ssl.TlsDetails; +import org.apache.hc.core5.reactor.ssl.SSLBufferMode; import org.apache.hc.core5.util.Timeout; /** @@ -574,28 +570,21 @@ public class URLConnectionAsyncHTTPConduit extends URLConnectionHTTPConduit { final HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils .getHostnameVerifier(tlsClientParameters); - tlsStrategy = new BasicClientTlsStrategy(sslcontext, - new SSLSessionInitializer() { - @Override - public void initialize(NamedEndpoint endpoint, SSLEngine engine) { - initializeSSLEngine(sslcontext, engine); - } - }, - new SSLSessionVerifier() { - @Override - public TlsDetails verify(NamedEndpoint endpoint, SSLEngine engine) - throws SSLException { - final SSLSession sslsession = engine.getSession(); - - if (!verifier.verify(endpoint.getHostName(), sslsession)) { - throw new SSLException("Could not verify host " + endpoint.getHostName()); - } - - setSSLSession(sslsession); - return new TlsDetails(sslsession, engine.getApplicationProtocol()); - } - } - ); + String[] cipherSuites = + SSLUtils.getCiphersuitesToInclude(tlsClientParameters.getCipherSuites(), + tlsClientParameters.getCipherSuitesFilter(), + sslcontext.getSocketFactory().getDefaultCipherSuites(), + SSLUtils.getSupportedCipherSuites(sslcontext), + LOG); + + final String protocol = tlsClientParameters.getSecureSocketProtocol() != null ? tlsClientParameters + .getSecureSocketProtocol() : sslcontext.getProtocol(); + + final String[] protocols = findProtocols(protocol, + sslContext.getSupportedSSLParameters().getProtocols()); + + tlsStrategy = new DefaultClientTlsStrategy(sslcontext, protocols, + cipherSuites, SSLBufferMode.STATIC, verifier); } catch (final GeneralSecurityException e) { LOG.warning(e.getMessage()); }
