56
56
import org .apache .hc .client5 .http .ssl .DefaultHostnameVerifier ;
57
57
import org .apache .hc .client5 .http .ssl .NoopHostnameVerifier ;
58
58
import org .apache .hc .client5 .http .ssl .SSLConnectionSocketFactory ;
59
+ import org .apache .hc .client5 .http .ssl .TlsSocketStrategy ;
59
60
import org .apache .hc .core5 .http .ClassicHttpResponse ;
60
61
import org .apache .hc .core5 .http .Header ;
61
62
import org .apache .hc .core5 .http .HttpEntity ;
90
91
import software .amazon .awssdk .http .apache5 .internal .conn .IdleConnectionReaper ;
91
92
import software .amazon .awssdk .http .apache5 .internal .conn .SdkConnectionKeepAliveStrategy ;
92
93
import software .amazon .awssdk .http .apache5 .internal .conn .SdkTlsSocketFactory ;
94
+ import software .amazon .awssdk .http .apache5 .internal .conn .SslSocketFactoryToTlsStrategyAdapter ;
93
95
import software .amazon .awssdk .http .apache5 .internal .impl .Apache5HttpRequestFactory ;
94
96
import software .amazon .awssdk .http .apache5 .internal .impl .Apache5SdkHttpClient ;
95
97
import software .amazon .awssdk .http .apache5 .internal .impl .ConnectionManagerAwareHttpClient ;
@@ -457,8 +459,12 @@ public interface Builder extends SdkHttpClient.Builder<Apache5HttpClient.Builder
457
459
* When set to a non-null value, the use of a custom factory implies the configuration options TRUST_ALL_CERTIFICATES,
458
460
* TLS_TRUST_MANAGERS_PROVIDER, and TLS_KEY_MANAGERS_PROVIDER are ignored.
459
461
*/
462
+ @ Deprecated
460
463
Builder socketFactory (SSLConnectionSocketFactory socketFactory );
461
464
465
+
466
+ Builder tlsStrategy (TlsSocketStrategy tlsStrategy );
467
+
462
468
/**
463
469
* Configuration that defines an HTTP route planner that computes the route an HTTP request should take.
464
470
* May not be used in conjunction with {@link #proxyConfiguration(ProxyConfiguration)}.
@@ -515,7 +521,8 @@ private static final class DefaultBuilder implements Builder {
515
521
private HttpRoutePlanner httpRoutePlanner ;
516
522
private CredentialsProvider credentialsProvider ;
517
523
private DnsResolver dnsResolver ;
518
- private SSLConnectionSocketFactory socketFactory ;
524
+ private SSLConnectionSocketFactory legacySocketFactory ;
525
+ private TlsSocketStrategy tlsStrategy ;
519
526
520
527
private DefaultBuilder () {
521
528
}
@@ -638,12 +645,23 @@ public void setDnsResolver(DnsResolver dnsResolver) {
638
645
639
646
@ Override
640
647
public Builder socketFactory (SSLConnectionSocketFactory socketFactory ) {
641
- this .socketFactory = socketFactory ;
648
+ log .warn (() -> "SSLConnectionSocketFactory is deprecated. Consider migrating to tlsStrategy()." );
649
+ this .legacySocketFactory = socketFactory ;
650
+ this .tlsStrategy = null ; // Clear any previously set strategy
642
651
return this ;
643
652
}
644
653
645
- public void setSocketFactory (SSLConnectionSocketFactory socketFactory ) {
646
- socketFactory (socketFactory );
654
+ @ Override
655
+ public Builder tlsStrategy (TlsSocketStrategy tlsStrategy ) {
656
+ this .tlsStrategy = tlsStrategy ;
657
+ this .legacySocketFactory = null ; // Clear any legacy factory
658
+ return this ;
659
+ }
660
+
661
+
662
+
663
+ public void setLegacySocketFactory (SSLConnectionSocketFactory legacySocketFactory ) {
664
+ socketFactory (legacySocketFactory );
647
665
}
648
666
649
667
@ Override
@@ -714,20 +732,36 @@ public SdkHttpClient buildWithDefaults(AttributeMap serviceDefaults) {
714
732
SdkHttpConfigurationOption .GLOBAL_HTTP_DEFAULTS );
715
733
return new Apache5HttpClient (this , resolvedOptions );
716
734
}
735
+
736
+ // Internal method to get the effective TLS strategy
737
+
738
+ TlsSocketStrategy getEffectiveTlsStrategy () {
739
+ if (tlsStrategy != null ) {
740
+ return tlsStrategy ;
741
+ }
742
+ if (legacySocketFactory != null ) {
743
+ return new SslSocketFactoryToTlsStrategyAdapter (legacySocketFactory );
744
+ }
745
+ return null ;
746
+ }
747
+
748
+
717
749
}
718
750
719
751
private static class ApacheConnectionManagerFactory {
720
752
721
753
public PoolingHttpClientConnectionManager create (Apache5HttpClient .DefaultBuilder configuration ,
722
- AttributeMap standardOptions ) {
723
- // TODO : Deprecated method needs to be removed with new replacements
724
- SSLConnectionSocketFactory sslsf = getPreferredSocketFactory (configuration , standardOptions );
754
+ AttributeMap standardOptions ) {
755
+
756
+ TlsSocketStrategy tlsStrategy = getPreferredTlsStrategy (configuration , standardOptions );
725
757
726
758
PoolingHttpClientConnectionManagerBuilder builder =
727
759
PoolingHttpClientConnectionManagerBuilder .create ()
728
- .setSSLSocketFactory ( sslsf )
760
+ .setTlsSocketStrategy ( tlsStrategy )
729
761
.setSchemePortResolver (DefaultSchemePortResolver .INSTANCE )
730
762
.setDnsResolver (configuration .dnsResolver );
763
+
764
+
731
765
Duration connectionTtl = standardOptions .get (SdkHttpConfigurationOption .CONNECTION_TIME_TO_LIVE );
732
766
if (!connectionTtl .isZero ()) {
733
767
// Skip TTL=0 to maintain backward compatibility (infinite in 4.x vs immediate expiration in 5.x)
@@ -739,11 +773,15 @@ public PoolingHttpClientConnectionManager create(Apache5HttpClient.DefaultBuilde
739
773
return builder .build ();
740
774
}
741
775
742
- private SSLConnectionSocketFactory getPreferredSocketFactory (Apache5HttpClient .DefaultBuilder configuration ,
743
- AttributeMap standardOptions ) {
744
- return Optional .ofNullable (configuration .socketFactory )
745
- .orElseGet (() -> new SdkTlsSocketFactory (getSslContext (standardOptions ),
746
- getHostNameVerifier (standardOptions )));
776
+ private TlsSocketStrategy getPreferredTlsStrategy (Apache5HttpClient .DefaultBuilder configuration ,
777
+ AttributeMap standardOptions ) {
778
+ // Use the effective strategy which handles both legacy and new approaches
779
+ TlsSocketStrategy configuredStrategy = configuration .getEffectiveTlsStrategy ();
780
+ if (configuredStrategy != null ) {
781
+ return configuredStrategy ;
782
+ }
783
+ return new SdkTlsSocketFactory (getSslContext (standardOptions ),
784
+ getHostNameVerifier (standardOptions ));
747
785
}
748
786
749
787
@@ -815,6 +853,7 @@ private SocketConfig buildSocketConfig(AttributeMap standardOptions) {
815
853
.build ();
816
854
}
817
855
856
+
818
857
}
819
858
820
859
private static class LocalAddressRoutePlanner extends DefaultRoutePlanner {
0 commit comments