Index: httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSessionHandlerExt.java =================================================================== --- httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSessionHandlerExt.java (revision 910178) +++ httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSessionHandlerExt.java (working copy) @@ -1,29 +0,0 @@ -package org.apache.http.impl.nio.reactor; - -import org.apache.http.nio.reactor.IOSession; - -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSession; -import java.net.SocketAddress; - -/** - * This is an extended interface of the SSLIOSessionHandler - to maintain backwards compatibility but yet solve HTTPCORE-217 - */ -public interface SSLIOSessionHandlerExt extends SSLIOSessionHandler { - /** - * Triggered when the SSL connection has been established and initial SSL - * handshake has been successfully completed. Custom handlers can use - * this callback to verify properties of the {@link javax.net.ssl.SSLSession} - * and optionally set properties on the IOSession to be processed later. - * For instance this would be the right place to enforce SSL cipher - * strength, validate certificate chain and do hostname checks, and to optionally - * set the client DN as an IOSession attribute - * - * @param remoteAddress the remote address of the connection. - * @param session newly created SSL session. - * @param iosession the underlying IOSession for the SSL connection. - * @throws javax.net.ssl.SSLException if case of SSL protocol error. - */ - void verify(SocketAddress remoteAddress, SSLSession session, IOSession iosession) - throws SSLException; -} Index: httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLSetupHandler.java =================================================================== --- httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLSetupHandler.java (revision 0) +++ httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLSetupHandler.java (revision 0) @@ -0,0 +1,71 @@ +/* + * ==================================================================== + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * . + * + */ + +package org.apache.http.impl.nio.reactor; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLSession; + +import org.apache.http.nio.reactor.IOSession; +import org.apache.http.params.HttpParams; + +/** + * Callback interface that can be used to customize various aspects of + * the TLS/SSl protocol. + * + * @since 4.1 + */ +public interface SSLSetupHandler { + + /** + * Triggered when the SSL connection is being initialized. Custom handlers + * can use this callback to customize properties of the {@link SSLEngine} + * used to establish the SSL session. + * + * @param sslengine the SSL engine. + * @param params HTTP parameters. + * @throws SSLException if case of SSL protocol error. + */ + void initalize(SSLEngine sslengine, HttpParams params) + throws SSLException; + + /** + * Triggered when the SSL connection has been established and initial SSL + * handshake has been successfully completed. Custom handlers can use + * this callback to verify properties of the {@link SSLSession}. + * For instance this would be the right place to enforce SSL cipher + * strength, validate certificate chain and do hostname checks. + * + * @param iosession the underlying IOSession for the SSL connection. + * @param sslsession newly created SSL session. + * @throws SSLException if case of SSL protocol error. + */ + void verify(IOSession iosession, SSLSession sslsession) + throws SSLException; + +} Property changes on: httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLSetupHandler.java ___________________________________________________________________ Added: svn:executable + * Index: httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSessionHandler.java =================================================================== --- httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSessionHandler.java (revision 910178) +++ httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSessionHandler.java (working copy) @@ -40,7 +40,10 @@ * the TLS/SSl protocol. * * @since 4.0 + * + * @deprecated Use {@link SSLSetupHandler} */ +@Deprecated public interface SSLIOSessionHandler { /** Index: httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSession.java =================================================================== --- httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSession.java (revision 910178) +++ httpcore-nio/src/main/java/org/apache/http/impl/nio/reactor/SSLIOSession.java (working copy) @@ -60,7 +60,7 @@ private final ByteBuffer inPlain; private final ByteBuffer outPlain; private final InternalByteChannel channel; - private final SSLIOSessionHandler handler; + private final SSLSetupHandler handler; private int appEventMask; private SessionBufferStatus appBufferStatus; @@ -68,10 +68,13 @@ private boolean endOfStream; private volatile int status; + /** + * @since 4.1 + */ public SSLIOSession( final IOSession session, final SSLContext sslContext, - final SSLIOSessionHandler handler) { + final SSLSetupHandler handler) { super(); if (session == null) { throw new IllegalArgumentException("IO session may not be null"); @@ -107,6 +110,19 @@ this.outPlain = ByteBuffer.allocate(appBuffersize); } + /** + * @since 4.1 + * + * @deprecated + */ + @Deprecated + public SSLIOSession( + final IOSession session, + final SSLContext sslContext, + final SSLIOSessionHandler handler) { + this(session, sslContext, handler != null ? new SSLIOSessionHandlerAdaptor(handler) : null); + } + public synchronized void bind( final SSLMode mode, final HttpParams params) throws SSLException { @@ -178,16 +194,7 @@ // It is never generated by SSLEngine.getHandshakeStatus(). if (result != null && result.getHandshakeStatus() == HandshakeStatus.FINISHED) { if (this.handler != null) { - if (this.handler instanceof SSLIOSessionHandlerExt) { - ((SSLIOSessionHandlerExt) this.handler).verify( - this.session.getRemoteAddress(), - this.sslEngine.getSession(), - this.session); - } else { - this.handler.verify( - this.session.getRemoteAddress(), - this.sslEngine.getSession()); - } + this.handler.verify(this.session, this.sslEngine.getSession()); } } }