1 /** 2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 * SPDX-License-Identifier: Apache-2.0. 4 */ 5 package software.amazon.awssdk.crt.io; 6 7 import java.util.List; 8 import java.util.ArrayList; 9 10 import software.amazon.awssdk.crt.CrtResource; 11 import software.amazon.awssdk.crt.utils.StringUtils; 12 13 /** 14 * Connection-specific TLS options. 15 */ 16 public class TlsConnectionOptions extends CrtResource { 17 private List<String> alpnList = new ArrayList<>(); 18 private String serverName = null; 19 private int timeoutMs = 0; 20 private TlsContext tlsContext; 21 22 /** 23 * Initialize the connection-specific TLS options with TLSContext. 24 * @param tlsContext the TLS configuration contexts in the AWS Common Runtime. 25 */ TlsConnectionOptions(TlsContext tlsContext)26 public TlsConnectionOptions(TlsContext tlsContext) { 27 this.tlsContext = tlsContext; 28 } 29 30 /** 31 * Note: Once this gets invoked the native resource will not be able to changed. 32 */ 33 @Override getNativeHandle()34 public long getNativeHandle() { 35 if (super.getNativeHandle() == 0) { 36 acquireNativeHandle(tlsConnectionOptionsNew( 37 alpnList.size() > 0 ? StringUtils.join(";", alpnList) : null, 38 serverName, 39 timeoutMs, 40 tlsContext.getNativeHandle())); 41 } 42 return super.getNativeHandle(); 43 } 44 45 /** 46 * Sets alpn list in the form protocol1;protocol2;.... A maximum of 4 47 * protocols are supported. 48 * alpnList is copied. This value is already inherited from TlsContext, but the 49 * TlsContext is expensive, and should be used across as many connections as 50 * possible. If you want to set this per connection, set it here. 51 * @param alpnList Semi-colon delimited list of supported ALPN protocols 52 * @return this 53 */ withAlpnList(String alpnList)54 public TlsConnectionOptions withAlpnList(String alpnList) { 55 String[] parts = alpnList.split(";"); 56 for (String part : parts) { 57 this.alpnList.add(part); 58 } 59 return this; 60 } 61 62 /** 63 * Sets server name to use for the SNI extension (supported everywhere), as well 64 * as x.509 validation. If you don't set this, your x.509 validation will likely 65 * fail. 66 * @param serverName The server name to use for the SNI extension 67 * @return this 68 */ withServerName(String serverName)69 public TlsConnectionOptions withServerName(String serverName) { 70 this.serverName = serverName; 71 return this; 72 } 73 /** 74 * Set the TLS negotiation timeout 75 * @param timeoutMs The time out in ms 76 * @return this 77 */ withTimeoutMs(int timeoutMs)78 public TlsConnectionOptions withTimeoutMs(int timeoutMs) { 79 this.timeoutMs = timeoutMs; 80 return this; 81 } 82 83 /** 84 * Determines whether a resource releases its dependencies at the same time the 85 * native handle is released or if it waits. 86 * Resources that wait are responsible for calling releaseReferences() manually. 87 */ 88 @Override canReleaseReferencesImmediately()89 protected boolean canReleaseReferencesImmediately() { 90 return true; 91 } 92 93 /** 94 * Cleans up the client bootstrap's associated native handle 95 */ 96 @Override releaseNativeHandle()97 protected void releaseNativeHandle() { 98 if (!isNull()) { 99 tlsConnectionOptionsDestroy(getNativeHandle()); 100 } 101 } 102 103 /******************************************************************************* 104 * native methods 105 ******************************************************************************/ tlsConnectionOptionsNew( String alpn, String serverName, int connectTimeoutMs, long tlsContext)106 private static native long tlsConnectionOptionsNew( 107 String alpn, String serverName, int connectTimeoutMs, long tlsContext); 108 tlsConnectionOptionsDestroy(long tlsOptions)109 private static native void tlsConnectionOptionsDestroy(long tlsOptions); 110 } 111