From d6f50a6019238c9f004d05501b386605f0432c70 Mon Sep 17 00:00:00 2001 From: Oleg Kalnichevski Date: Mon, 22 Jan 2024 12:24:11 +0100 Subject: [PATCH] Realigned the behavior of TLS upgrade in the classic and async connection operators --- .../DefaultHttpClientConnectionOperator.java | 19 +++++++++---------- .../DefaultAsyncClientConnectionOperator.java | 7 ++++--- .../io/TestHttpClientConnectionOperator.java | 6 ++++++ 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/DefaultHttpClientConnectionOperator.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/DefaultHttpClientConnectionOperator.java index e2189d64d..64f0a6483 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/DefaultHttpClientConnectionOperator.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/io/DefaultHttpClientConnectionOperator.java @@ -53,7 +53,6 @@ import org.apache.hc.core5.annotation.ThreadingBehavior; import org.apache.hc.core5.http.ConnectionClosedException; import org.apache.hc.core5.http.HttpHost; -import org.apache.hc.core5.http.URIScheme; import org.apache.hc.core5.http.config.Lookup; import org.apache.hc.core5.http.io.SocketConfig; import org.apache.hc.core5.http.protocol.HttpContext; @@ -226,7 +225,7 @@ public void connect( host.getHostName(), host.getPort(), localAddress, remoteAddress, ConnPoolSupport.getId(conn)); } final TlsSocketStrategy tlsSocketStrategy = tlsSocketStrategyLookup != null ? tlsSocketStrategyLookup.lookup(host.getSchemeName()) : null; - if (tlsSocketStrategy != null && URIScheme.HTTPS.same(host.getSchemeName())) { + if (tlsSocketStrategy != null) { final Socket upgradedSocket = tlsSocketStrategy.upgrade(socket, host.getHostName(), port, attachment, context); conn.bind(upgradedSocket); } @@ -266,18 +265,18 @@ public void upgrade( final HttpHost host, final Object attachment, final HttpContext context) throws IOException { - final TlsSocketStrategy tlsSocketStrategy = tlsSocketStrategyLookup != null ? tlsSocketStrategyLookup.lookup(host.getSchemeName()) : null; - if (tlsSocketStrategy == null) { - throw new UnsupportedSchemeException(host.getSchemeName() + - " protocol is not supported"); - } final Socket socket = conn.getSocket(); if (socket == null) { throw new ConnectionClosedException("Connection is closed"); } - final int port = this.schemePortResolver.resolve(host); - final SSLSocket upgradedSocket = tlsSocketStrategy.upgrade(socket, host.getHostName(), port, attachment, context); - conn.bind(upgradedSocket); + final TlsSocketStrategy tlsSocketStrategy = tlsSocketStrategyLookup != null ? tlsSocketStrategyLookup.lookup(host.getSchemeName()) : null; + if (tlsSocketStrategy != null) { + final int port = this.schemePortResolver.resolve(host); + final SSLSocket upgradedSocket = tlsSocketStrategy.upgrade(socket, host.getHostName(), port, attachment, context); + conn.bind(upgradedSocket); + } else { + throw new UnsupportedSchemeException(host.getSchemeName() + " protocol is not supported"); + } } } diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/DefaultAsyncClientConnectionOperator.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/DefaultAsyncClientConnectionOperator.java index 9571af4e2..0a046887d 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/DefaultAsyncClientConnectionOperator.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/DefaultAsyncClientConnectionOperator.java @@ -34,6 +34,7 @@ import org.apache.hc.client5.http.DnsResolver; import org.apache.hc.client5.http.SchemePortResolver; +import org.apache.hc.client5.http.UnsupportedSchemeException; import org.apache.hc.client5.http.config.TlsConfig; import org.apache.hc.client5.http.impl.DefaultSchemePortResolver; import org.apache.hc.client5.http.nio.AsyncClientConnectionOperator; @@ -44,7 +45,6 @@ import org.apache.hc.core5.concurrent.FutureCallback; import org.apache.hc.core5.concurrent.FutureContribution; import org.apache.hc.core5.http.HttpHost; -import org.apache.hc.core5.http.URIScheme; import org.apache.hc.core5.http.config.Lookup; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.apache.hc.core5.http.protocol.HttpContext; @@ -109,7 +109,7 @@ public Future connect( public void completed(final IOSession session) { final DefaultManagedAsyncClientConnection connection = new DefaultManagedAsyncClientConnection(session); final TlsStrategy tlsStrategy = tlsStrategyLookup != null ? tlsStrategyLookup.lookup(host.getSchemeName()) : null; - if (tlsStrategy != null && URIScheme.HTTPS.same(host.getSchemeName())) { + if (tlsStrategy != null) { try { final Timeout socketTimeout = connection.getSocketTimeout(); final Timeout handshakeTimeout = tlsConfig.getHandshakeTimeout(); @@ -191,8 +191,9 @@ public void completed(final TransportSecurityLayer transportSecurityLayer) { } }); + } else { + callback.failed(new UnsupportedSchemeException(host.getSchemeName() + " protocol is not supported")); } - } } diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/impl/io/TestHttpClientConnectionOperator.java b/httpclient5/src/test/java/org/apache/hc/client5/http/impl/io/TestHttpClientConnectionOperator.java index fd5f1e600..28a40fa31 100644 --- a/httpclient5/src/test/java/org/apache/hc/client5/http/impl/io/TestHttpClientConnectionOperator.java +++ b/httpclient5/src/test/java/org/apache/hc/client5/http/impl/io/TestHttpClientConnectionOperator.java @@ -262,6 +262,9 @@ public void testUpgradeUpsupportedScheme() throws Exception { final HttpContext context = new BasicHttpContext(); final HttpHost host = new HttpHost("httpsssss", "somehost", -1); + Mockito.when(conn.isOpen()).thenReturn(true); + Mockito.when(conn.getSocket()).thenReturn(socket); + Assertions.assertThrows(UnsupportedSchemeException.class, () -> connectionOperator.upgrade(conn, host, context)); } @@ -271,6 +274,9 @@ public void testUpgradeNonLayeringScheme() throws Exception { final HttpContext context = new BasicHttpContext(); final HttpHost host = new HttpHost("http", "somehost", -1); + Mockito.when(conn.isOpen()).thenReturn(true); + Mockito.when(conn.getSocket()).thenReturn(socket); + Assertions.assertThrows(UnsupportedSchemeException.class, () -> connectionOperator.upgrade(conn, host, context)); }