This is an automated email from the ASF dual-hosted git repository.
reta pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push:
new 3352d1fa6d Update Apache HttpClient5 to 5.4.1 and Apache HttpCore5 to
5.3.1 (#2161)
3352d1fa6d is described below
commit 3352d1fa6dbfb89e166787628b480d1a73c00cf6
Author: Andriy Redko <[email protected]>
AuthorDate: Fri Nov 22 13:47:19 2024 -0500
Update Apache HttpClient5 to 5.4.1 and Apache HttpCore5 to 5.3.1 (#2161)
---
distribution/src/main/release/samples/pom.xml | 18 ++-------
parent/pom.xml | 4 +-
.../http/asyncclient/hc5/AsyncHTTPConduit.java | 45 ++++++++--------------
.../asyncclient/hc5/AsyncHTTPConduitFactory.java | 2 +-
.../hc5/URLConnectionAsyncHTTPConduit.java | 45 ++++++++--------------
5 files changed, 40 insertions(+), 74 deletions(-)
diff --git a/distribution/src/main/release/samples/pom.xml
b/distribution/src/main/release/samples/pom.xml
index 8f97642b2c..36f8a4c77f 100644
--- a/distribution/src/main/release/samples/pom.xml
+++ b/distribution/src/main/release/samples/pom.xml
@@ -32,7 +32,7 @@
<maven.deploy.skip>true</maven.deploy.skip>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<cxf.spring.boot.version>3.4.0</cxf.spring.boot.version>
-
<cxf.spring.cloud.eureka.version>4.1.3</cxf.spring.cloud.eureka.version>
+
<cxf.spring.cloud.eureka.version>4.2.0-RC1</cxf.spring.cloud.eureka.version>
<cxf.jetty12.version>12.0.15</cxf.jetty12.version>
<cxf.netty.version>4.1.115.Final</cxf.netty.version>
<cxf.httpcomponents.client.version>4.5.14</cxf.httpcomponents.client.version>
@@ -276,28 +276,16 @@
</pluginRepositories>
</profile>
<profile>
- <id>jdk11</id>
+ <id>jdk17</id>
<activation>
- <jdk>[11,16)</jdk>
+ <jdk>[17,)</jdk>
</activation>
- <properties>
- <cxf.spring.boot.version>2.7.6</cxf.spring.boot.version>
- <cxf.spring.version>5.3.24</cxf.spring.version>
- <spring.boot.version>2.7.6</spring.boot.version>
- </properties>
<repositories>
<repository>
<id>spring.milestone</id>
<url>https://repo.spring.io/milestone/</url>
<name>Spring Milestone Repo</name>
</repository>
- <repository>
- <id>netflix.candidates</id>
-
<url>https://artifactory-oss.prod.netflix.net/artifactory/maven-oss-candidates</url>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
</repositories>
</profile>
</profiles>
diff --git a/parent/pom.xml b/parent/pom.xml
index 54147913a9..f18d904f5d 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -128,8 +128,8 @@
<cxf.httpcomponents.client.version>4.5.14</cxf.httpcomponents.client.version>
<cxf.httpcomponents.core.version.range>[4.3,4.5.0)</cxf.httpcomponents.core.version.range>
<cxf.httpcomponents.core.version>4.4.16</cxf.httpcomponents.core.version>
-
<cxf.httpcomponents.client5.version>5.3.1</cxf.httpcomponents.client5.version>
-
<cxf.httpcomponents.core5.version>5.2.5</cxf.httpcomponents.core5.version>
+
<cxf.httpcomponents.client5.version>5.4.1</cxf.httpcomponents.client5.version>
+
<cxf.httpcomponents.core5.version>5.3.1</cxf.httpcomponents.core5.version>
<cxf.jackson.version>2.17.2</cxf.jackson.version>
<cxf.jackson.databind.version>2.17.2</cxf.jackson.databind.version>
<cxf.jacorb.version>3.9</cxf.jacorb.version>
diff --git
a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java
b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java
index 8b27ffeea1..52739f6099 100644
---
a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java
+++
b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduit.java
@@ -44,7 +44,6 @@ import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
@@ -78,19 +77,16 @@ import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.protocol.HttpClientContext;
+import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.core5.concurrent.BasicFuture;
import org.apache.hc.core5.concurrent.FutureCallback;
import org.apache.hc.core5.http.Header;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.HttpResponse;
import org.apache.hc.core5.http.config.Registry;
-import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
import org.apache.hc.core5.http.protocol.HttpContext;
-import org.apache.hc.core5.net.NamedEndpoint;
-import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
-import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
-import org.apache.hc.core5.reactor.ssl.TlsDetails;
+import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
import org.apache.hc.core5.util.Timeout;
/**
@@ -571,28 +567,21 @@ public class AsyncHTTPConduit extends
HttpClientHTTPConduit {
final HostnameVerifier verifier =
org.apache.cxf.transport.https.SSLUtils
.getHostnameVerifier(tlsClientParameters);
- tlsStrategy = new BasicClientTlsStrategy(sslcontext,
- new SSLSessionInitializer() {
- @Override
- public void initialize(NamedEndpoint endpoint,
SSLEngine engine) {
- initializeSSLEngine(sslcontext, engine);
- }
- },
- new SSLSessionVerifier() {
- @Override
- public TlsDetails verify(NamedEndpoint endpoint,
SSLEngine engine)
- throws SSLException {
- final SSLSession sslsession =
engine.getSession();
-
- if (!verifier.verify(endpoint.getHostName(),
sslsession)) {
- throw new SSLException("Could not verify
host " + endpoint.getHostName());
- }
-
- setSSLSession(sslsession);
- return new TlsDetails(sslsession,
engine.getApplicationProtocol());
- }
- }
- );
+ String[] cipherSuites =
+
SSLUtils.getCiphersuitesToInclude(tlsClientParameters.getCipherSuites(),
+
tlsClientParameters.getCipherSuitesFilter(),
+
sslcontext.getSocketFactory().getDefaultCipherSuites(),
+
SSLUtils.getSupportedCipherSuites(sslcontext),
+ LOG);
+
+ final String protocol =
tlsClientParameters.getSecureSocketProtocol() != null ? tlsClientParameters
+ .getSecureSocketProtocol() : sslcontext.getProtocol();
+
+ final String[] protocols = findProtocols(protocol,
+ sslContext.getSupportedSSLParameters().getProtocols());
+
+ tlsStrategy = new DefaultClientTlsStrategy(sslcontext,
protocols,
+ cipherSuites, SSLBufferMode.STATIC, verifier);
} catch (final GeneralSecurityException e) {
LOG.warning(e.getMessage());
}
diff --git
a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduitFactory.java
b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduitFactory.java
index 634843dc19..5b98bf1434 100644
---
a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduitFactory.java
+++
b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/AsyncHTTPConduitFactory.java
@@ -346,7 +346,7 @@ public class AsyncHTTPConduitFactory implements
HTTPConduitFactory {
final Lookup<TlsStrategy> tlsLookupStrategy =
RegistryBuilder.<TlsStrategy>create()
- .register("https", (tlsStrategy != null) ? tlsStrategy :
DefaultClientTlsStrategy.getSystemDefault())
+ .register("https", (tlsStrategy != null) ? tlsStrategy :
DefaultClientTlsStrategy.createSystemDefault())
.build();
final PoolingAsyncClientConnectionManager connectionManager = new
PoolingAsyncClientConnectionManager(
diff --git
a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/URLConnectionAsyncHTTPConduit.java
b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/URLConnectionAsyncHTTPConduit.java
index 6732f1e124..09c8dd2a45 100644
---
a/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/URLConnectionAsyncHTTPConduit.java
+++
b/rt/transports/http-hc5/src/main/java/org/apache/cxf/transport/http/asyncclient/hc5/URLConnectionAsyncHTTPConduit.java
@@ -44,7 +44,6 @@ import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
@@ -78,19 +77,16 @@ import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.protocol.HttpClientContext;
+import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.core5.concurrent.BasicFuture;
import org.apache.hc.core5.concurrent.FutureCallback;
import org.apache.hc.core5.http.Header;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.HttpResponse;
import org.apache.hc.core5.http.config.Registry;
-import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
import org.apache.hc.core5.http.protocol.HttpContext;
-import org.apache.hc.core5.net.NamedEndpoint;
-import org.apache.hc.core5.reactor.ssl.SSLSessionInitializer;
-import org.apache.hc.core5.reactor.ssl.SSLSessionVerifier;
-import org.apache.hc.core5.reactor.ssl.TlsDetails;
+import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
import org.apache.hc.core5.util.Timeout;
/**
@@ -574,28 +570,21 @@ public class URLConnectionAsyncHTTPConduit extends
URLConnectionHTTPConduit {
final HostnameVerifier verifier =
org.apache.cxf.transport.https.SSLUtils
.getHostnameVerifier(tlsClientParameters);
- tlsStrategy = new BasicClientTlsStrategy(sslcontext,
- new SSLSessionInitializer() {
- @Override
- public void initialize(NamedEndpoint endpoint,
SSLEngine engine) {
- initializeSSLEngine(sslcontext, engine);
- }
- },
- new SSLSessionVerifier() {
- @Override
- public TlsDetails verify(NamedEndpoint endpoint,
SSLEngine engine)
- throws SSLException {
- final SSLSession sslsession =
engine.getSession();
-
- if (!verifier.verify(endpoint.getHostName(),
sslsession)) {
- throw new SSLException("Could not verify
host " + endpoint.getHostName());
- }
-
- setSSLSession(sslsession);
- return new TlsDetails(sslsession,
engine.getApplicationProtocol());
- }
- }
- );
+ String[] cipherSuites =
+
SSLUtils.getCiphersuitesToInclude(tlsClientParameters.getCipherSuites(),
+
tlsClientParameters.getCipherSuitesFilter(),
+
sslcontext.getSocketFactory().getDefaultCipherSuites(),
+
SSLUtils.getSupportedCipherSuites(sslcontext),
+ LOG);
+
+ final String protocol =
tlsClientParameters.getSecureSocketProtocol() != null ? tlsClientParameters
+ .getSecureSocketProtocol() : sslcontext.getProtocol();
+
+ final String[] protocols = findProtocols(protocol,
+ sslContext.getSupportedSSLParameters().getProtocols());
+
+ tlsStrategy = new DefaultClientTlsStrategy(sslcontext,
protocols,
+ cipherSuites, SSLBufferMode.STATIC, verifier);
} catch (final GeneralSecurityException e) {
LOG.warning(e.getMessage());
}
