jetty-alpn/jetty-alpn-server/src/main/java/org/eclipse/jetty/alpn/server/ALPNServerConnection.java - jetty - Git at Google

 //
 //  ========================================================================
 //  Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
 //  ------------------------------------------------------------------------
 //  All rights reserved. This program and the accompanying materials
 //  are made available under the terms of the Eclipse Public License v1.0
 //  and Apache License v2.0 which accompanies this distribution.
 //
 //      The Eclipse Public License is available at
 //      http://www.eclipse.org/legal/epl-v10.html
 //
 //      The Apache License v2.0 is available at
 //      http://www.opensource.org/licenses/apache2.0.php
 //
 //  You may elect to redistribute this code under either of these licenses.
 //  ========================================================================
 //

 package org.eclipse.jetty.alpn.server;

 import java.util.Collections;
 import java.util.List;

 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLSession;

 import org.eclipse.jetty.alpn.ALPN;
 import org.eclipse.jetty.io.EndPoint;
 import org.eclipse.jetty.server.ConnectionFactory;
 import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.NegotiatingServerConnection;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;

 public class ALPNServerConnection extends NegotiatingServerConnection implements ALPN.ServerProvider
 {
     private static final Logger LOG = Log.getLogger(ALPNServerConnection.class);

     public ALPNServerConnection(Connector connector, EndPoint endPoint, SSLEngine engine, List<String> protocols, String defaultProtocol)
     {
         super(connector, endPoint, engine, protocols, defaultProtocol);
         ALPN.put(engine, this);
     }

     @Override
     public void unsupported()
     {
         select(Collections.emptyList());
     }

     @Override
     public String select(List<String> clientProtocols)
     {
         SSLEngine sslEngine = getSSLEngine();
         List<String> serverProtocols = getProtocols();
         SSLSession sslSession = sslEngine.getHandshakeSession();
         if (sslSession == null)
             sslSession = sslEngine.getSession();
         String tlsProtocol = sslSession.getProtocol();
         String tlsCipher = sslSession.getCipherSuite();
         String negotiated = null;

         // RFC 7301 states that the server picks the protocol
         // that it prefers that is also supported by the client.
         for (String serverProtocol : serverProtocols)
         {
             if (clientProtocols.contains(serverProtocol))
             {
                 ConnectionFactory factory = getConnector().getConnectionFactory(serverProtocol);
                 if (factory instanceof CipherDiscriminator && !((CipherDiscriminator)factory).isAcceptable(serverProtocol, tlsProtocol, tlsCipher))
                 {
                     if (LOG.isDebugEnabled())
                         LOG.debug("{} protocol {} not acceptable to {} for {}/{}", this, serverProtocol, factory, tlsProtocol, tlsCipher);
                     continue;
                 }

                 negotiated = serverProtocol;
                 break;
             }
         }
         if (negotiated == null)
         {
             if (clientProtocols.isEmpty())
             {
                 negotiated = getDefaultProtocol();
             }
             else
             {
                 if (LOG.isDebugEnabled())
                     LOG.debug("{} could not negotiate protocol among client{} and server{}", this, clientProtocols, serverProtocols);
                 throw new IllegalStateException();
             }
         }
         if (LOG.isDebugEnabled())
             LOG.debug("{} protocol selected {} among client{} and server{}", this, negotiated, clientProtocols, serverProtocols);
         setProtocol(negotiated);
         ALPN.remove(sslEngine);
         return negotiated;
     }

     @Override
     public void close()
     {
         ALPN.remove(getSSLEngine());
         super.close();
     }
 }
	//
	// ========================================================================
	// Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd.
	// ------------------------------------------------------------------------
	// All rights reserved. This program and the accompanying materials
	// are made available under the terms of the Eclipse Public License v1.0
	// and Apache License v2.0 which accompanies this distribution.
	//
	// The Eclipse Public License is available at
	// http://www.eclipse.org/legal/epl-v10.html
	//
	// The Apache License v2.0 is available at
	// http://www.opensource.org/licenses/apache2.0.php
	//
	// You may elect to redistribute this code under either of these licenses.
	// ========================================================================
	//

	package org.eclipse.jetty.alpn.server;

	import java.util.Collections;
	import java.util.List;

	import javax.net.ssl.SSLEngine;
	import javax.net.ssl.SSLSession;

	import org.eclipse.jetty.alpn.ALPN;
	import org.eclipse.jetty.io.EndPoint;
	import org.eclipse.jetty.server.ConnectionFactory;
	import org.eclipse.jetty.server.Connector;
	import org.eclipse.jetty.server.NegotiatingServerConnection;
	import org.eclipse.jetty.util.log.Log;
	import org.eclipse.jetty.util.log.Logger;

	public class ALPNServerConnection extends NegotiatingServerConnection implements ALPN.ServerProvider
	{
	private static final Logger LOG = Log.getLogger(ALPNServerConnection.class);

	public ALPNServerConnection(Connector connector, EndPoint endPoint, SSLEngine engine, List<String> protocols, String defaultProtocol)
	{
	super(connector, endPoint, engine, protocols, defaultProtocol);
	ALPN.put(engine, this);
	}

	@Override
	public void unsupported()
	{
	select(Collections.emptyList());
	}

	@Override
	public String select(List<String> clientProtocols)
	{
	SSLEngine sslEngine = getSSLEngine();
	List<String> serverProtocols = getProtocols();
	SSLSession sslSession = sslEngine.getHandshakeSession();
	if (sslSession == null)
	sslSession = sslEngine.getSession();
	String tlsProtocol = sslSession.getProtocol();
	String tlsCipher = sslSession.getCipherSuite();
	String negotiated = null;

	// RFC 7301 states that the server picks the protocol
	// that it prefers that is also supported by the client.
	for (String serverProtocol : serverProtocols)
	{
	if (clientProtocols.contains(serverProtocol))
	{
	ConnectionFactory factory = getConnector().getConnectionFactory(serverProtocol);
	if (factory instanceof CipherDiscriminator && !((CipherDiscriminator)factory).isAcceptable(serverProtocol, tlsProtocol, tlsCipher))
	{
	if (LOG.isDebugEnabled())
	LOG.debug("{} protocol {} not acceptable to {} for {}/{}", this, serverProtocol, factory, tlsProtocol, tlsCipher);
	continue;
	}

	negotiated = serverProtocol;
	break;
	}
	}
	if (negotiated == null)
	{
	if (clientProtocols.isEmpty())
	{
	negotiated = getDefaultProtocol();
	}
	else
	{
	if (LOG.isDebugEnabled())
	LOG.debug("{} could not negotiate protocol among client{} and server{}", this, clientProtocols, serverProtocols);
	throw new IllegalStateException();
	}
	}
	if (LOG.isDebugEnabled())
	LOG.debug("{} protocol selected {} among client{} and server{}", this, negotiated, clientProtocols, serverProtocols);
	setProtocol(negotiated);
	ALPN.remove(sslEngine);
	return negotiated;
	}

	@Override
	public void close()
	{
	ALPN.remove(getSSLEngine());
	super.close();
	}
	}