1 /* 2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"). 5 * You may not use this file except in compliance with the License. 6 * A copy of the License is located at 7 * 8 * http://aws.amazon.com/apache2.0 9 * 10 * or in the "license" file accompanying this file. This file is distributed 11 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either 12 * express or implied. See the License for the specific language governing 13 * permissions and limitations under the License. 14 */ 15 16 package software.amazon.awssdk.http.crt.internal; 17 18 19 import java.time.Duration; 20 import software.amazon.awssdk.annotations.SdkInternalApi; 21 import software.amazon.awssdk.crt.io.SocketOptions; 22 import software.amazon.awssdk.crt.io.TlsCipherPreference; 23 import software.amazon.awssdk.http.crt.AwsCrtAsyncHttpClient; 24 import software.amazon.awssdk.http.crt.TcpKeepAliveConfiguration; 25 import software.amazon.awssdk.utils.Logger; 26 import software.amazon.awssdk.utils.NumericUtils; 27 28 @SdkInternalApi 29 public final class AwsCrtConfigurationUtils { 30 private static final Logger log = Logger.loggerFor(AwsCrtAsyncHttpClient.class); 31 AwsCrtConfigurationUtils()32 private AwsCrtConfigurationUtils() { 33 } 34 buildSocketOptions(TcpKeepAliveConfiguration tcpKeepAliveConfiguration, Duration connectionTimeout)35 public static SocketOptions buildSocketOptions(TcpKeepAliveConfiguration tcpKeepAliveConfiguration, 36 Duration connectionTimeout) { 37 SocketOptions clientSocketOptions = new SocketOptions(); 38 39 if (connectionTimeout != null) { 40 clientSocketOptions.connectTimeoutMs = NumericUtils.saturatedCast(connectionTimeout.toMillis()); 41 } 42 43 if (tcpKeepAliveConfiguration != null) { 44 clientSocketOptions.keepAliveIntervalSecs = 45 NumericUtils.saturatedCast(tcpKeepAliveConfiguration.keepAliveInterval().getSeconds()); 46 clientSocketOptions.keepAliveTimeoutSecs = 47 NumericUtils.saturatedCast(tcpKeepAliveConfiguration.keepAliveTimeout().getSeconds()); 48 49 } 50 51 return clientSocketOptions; 52 } 53 resolveCipherPreference(Boolean postQuantumTlsEnabled)54 public static TlsCipherPreference resolveCipherPreference(Boolean postQuantumTlsEnabled) { 55 TlsCipherPreference defaultTls = TlsCipherPreference.TLS_CIPHER_SYSTEM_DEFAULT; 56 if (postQuantumTlsEnabled == null || !postQuantumTlsEnabled) { 57 return defaultTls; 58 } 59 60 // TODO: change this to the new PQ TLS Policy that stays up to date when it's ready 61 TlsCipherPreference pqTls = TlsCipherPreference.TLS_CIPHER_PREF_PQ_TLSv1_0_2021_05; 62 if (!pqTls.isSupported()) { 63 log.warn(() -> "Hybrid post-quantum cipher suites are not supported on this platform. The SDK will use the system " 64 + "default cipher suites instead"); 65 return defaultTls; 66 } 67 68 return pqTls; 69 } 70 71 } 72