add TlsSocketStrategyBuilder

2025-07-21 15:09:48 +08:00 · 2024-10-03 10:47:39 +08:00
parent 33a4746dc6
commit c7e0ef67aa
11 changed files with 222 additions and 71 deletions
--- a/hutool-http/src/main/java/org/dromara/hutool/http/client/engine/httpclient5/HttpClient5Engine.java
+++ b/hutool-http/src/main/java/org/dromara/hutool/http/client/engine/httpclient5/HttpClient5Engine.java
@@ -28,7 +28,6 @@ import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
 import org.apache.hc.client5.http.impl.classic.HttpClients;
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
-import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
 import org.apache.hc.core5.http.ClassicHttpRequest;
 import org.apache.hc.core5.http.Header;
 import org.apache.hc.core5.http.HttpHost;
@@ -203,11 +202,17 @@ public class HttpClient5Engine extends AbstractClientEngine {
 		// SSL配置
 		final SSLInfo sslInfo = config.getSslInfo();
 		if (null != sslInfo) {
-			connectionManagerBuilder.setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create()
-				.setTlsVersions(sslInfo.getProtocols())
+//			connectionManagerBuilder.setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create()
+//				.setTlsVersions(sslInfo.getProtocols())
+//				.setSslContext(sslInfo.getSslContext())
+//				.setHostnameVerifier(sslInfo.getHostnameVerifier())
+//				.build());
+			connectionManagerBuilder.setTlsSocketStrategy(TlsSocketStrategyBuilder.of()
 				.setSslContext(sslInfo.getSslContext())
+				.setSupportedProtocols(sslInfo.getProtocols())
 				.setHostnameVerifier(sslInfo.getHostnameVerifier())
-				.build());
+				.build()
+			);
 		}
 		// 连接超时配置
 		final int connectionTimeout = config.getConnectionTimeout();
--- a/hutool-http/src/main/java/org/dromara/hutool/http/client/engine/httpclient5/TlsSocketStrategyBuilder.java
+++ b/hutool-http/src/main/java/org/dromara/hutool/http/client/engine/httpclient5/TlsSocketStrategyBuilder.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2024 Hutool Team and hutool.cn
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.dromara.hutool.http.client.engine.httpclient5;
+
+import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
+import org.apache.hc.client5.http.ssl.HostnameVerificationPolicy;
+import org.apache.hc.client5.http.ssl.HttpsSupport;
+import org.apache.hc.client5.http.ssl.TlsSocketStrategy;
+import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
+import org.apache.hc.core5.ssl.SSLContexts;
+import org.dromara.hutool.core.lang.builder.Builder;
+import org.dromara.hutool.core.util.ObjUtil;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+
+/**
+ * TLS Socket 策略构建器
+ *
+ * @author looly
+ * @since 6.0.0
+ */
+public class TlsSocketStrategyBuilder implements Builder<TlsSocketStrategy> {
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * 创建TLS Socket策略构建器
+	 *
+	 * @return TlsSocketStrategyBuilder
+	 */
+	public static TlsSocketStrategyBuilder of() {
+		return new TlsSocketStrategyBuilder();
+	}
+
+	private SSLContext sslContext;
+	private String[] supportedProtocols;
+	private String[] supportedCipherSuites;
+	private SSLBufferMode sslBufferMode;
+	private HostnameVerificationPolicy hostnameVerificationPolicy;
+	private HostnameVerifier hostnameVerifier;
+
+	/**
+	 * 设置SSL上下文
+	 *
+	 * @param sslContext SSL上下文
+	 * @return this
+	 */
+	public TlsSocketStrategyBuilder setSslContext(final SSLContext sslContext) {
+		this.sslContext = sslContext;
+		return this;
+	}
+
+	/**
+	 * 设置支持的协议版本
+	 *
+	 * @param supportedProtocols 支持的协议版本
+	 * @return this
+	 */
+	public TlsSocketStrategyBuilder setSupportedProtocols(final String[] supportedProtocols) {
+		this.supportedProtocols = supportedProtocols;
+		return this;
+	}
+
+	/**
+	 * 设置支持的加密套件
+	 *
+	 * @param supportedCipherSuites 支持的加密套件
+	 * @return this
+	 */
+	public TlsSocketStrategyBuilder setSupportedCipherSuites(final String[] supportedCipherSuites) {
+		this.supportedCipherSuites = supportedCipherSuites;
+		return this;
+	}
+
+	/**
+	 * 设置SSL缓冲模式
+	 *
+	 * @param sslBufferMode SSL缓冲模式
+	 * @return this
+	 */
+	public TlsSocketStrategyBuilder setSslBufferMode(final SSLBufferMode sslBufferMode) {
+		this.sslBufferMode = sslBufferMode;
+		return this;
+	}
+
+	/**
+	 * 设置主机名验证策略
+	 *
+	 * @param hostnameVerificationPolicy 主机名验证策略
+	 * @return this
+	 */
+	public TlsSocketStrategyBuilder setHostnameVerificationPolicy(final HostnameVerificationPolicy hostnameVerificationPolicy) {
+		this.hostnameVerificationPolicy = hostnameVerificationPolicy;
+		return this;
+	}
+
+	/**
+	 * 设置主机名验证器
+	 *
+	 * @param hostnameVerifier 主机名验证器
+	 * @return this
+	 */
+	public TlsSocketStrategyBuilder setHostnameVerifier(final HostnameVerifier hostnameVerifier) {
+		this.hostnameVerifier = hostnameVerifier;
+		return this;
+	}
+
+	@Override
+	public TlsSocketStrategy build() {
+		return new DefaultClientTlsStrategy(
+			ObjUtil.defaultIfNull(sslContext, SSLContexts::createDefault),
+			supportedProtocols,
+			supportedCipherSuites,
+			ObjUtil.defaultIfNull(sslBufferMode, SSLBufferMode.STATIC),
+			ObjUtil.defaultIfNull(hostnameVerificationPolicy, HostnameVerificationPolicy.BOTH),
+			ObjUtil.defaultIfNull(hostnameVerifier, HttpsSupport::getDefaultHostnameVerifier)
+		);
+	}
+}