MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow callers to specify a TLS version when constructing a FaultTolerantHttpClient.

This commit is contained in:
Jon Chambers 2021-03-08 15:53:55 -05:00 committed by Jon Chambers
parent a1434524a4
commit 933dd81d82
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
service/src/main/java/org/whispersystems/textsecuregcm/http/FaultTolerantHttpClient.java
View File

@ -37,6 +37,9 @@ public class FaultTolerantHttpClient {
private final Retry retry; private final Retry retry;
private final CircuitBreaker breaker; private final CircuitBreaker breaker;
public static final String SECURITY_PROTOCOL_TLS_1_2 = "TLSv1.2";
public static final String SECURITY_PROTOCOL_TLS_1_3 = "TLSv1.3";
public static Builder newBuilder() { public static Builder newBuilder() {
return new Builder(); return new Builder();
} }
@ -86,6 +89,7 @@ public class FaultTolerantHttpClient {
private String name; private String name;
private Executor executor; private Executor executor;
private KeyStore trustStore; private KeyStore trustStore;
private String securityProtocol = SECURITY_PROTOCOL_TLS_1_2;
private RetryConfiguration retryConfiguration; private RetryConfiguration retryConfiguration;
private CircuitBreakerConfiguration circuitBreakerConfiguration; private CircuitBreakerConfiguration circuitBreakerConfiguration;
@ -126,6 +130,11 @@ public class FaultTolerantHttpClient {
return this; return this;
} }
public Builder withSecurityProtocol(final String securityProtocol) {
this.securityProtocol = securityProtocol;
return this;
}
public Builder withTrustedServerCertificate(final String certificatePem) throws CertificateException { public Builder withTrustedServerCertificate(final String certificatePem) throws CertificateException {
this.trustStore = CertificateUtil.buildKeyStoreForPem(certificatePem); this.trustStore = CertificateUtil.buildKeyStoreForPem(certificatePem);
return this; return this;
@ -142,13 +151,14 @@ public class FaultTolerantHttpClient {
.version(version) .version(version)
.executor(executor); .executor(executor);
final SslConfigurator sslConfigurator = SslConfigurator.newInstance().securityProtocol(securityProtocol);
if (this.trustStore != null) { if (this.trustStore != null) {
builder.sslContext(SslConfigurator.newInstance() sslConfigurator.trustStore(trustStore);
.securityProtocol("TLSv1.2")
.trustStore(trustStore)
.createSSLContext());
} }
builder.sslContext(sslConfigurator.createSSLContext());
return new FaultTolerantHttpClient(name, builder.build(), retryConfiguration, circuitBreakerConfiguration); return new FaultTolerantHttpClient(name, builder.build(), retryConfiguration, circuitBreakerConfiguration);
} }

1
service/src/main/java/org/whispersystems/textsecuregcm/securestorage/SecureStorageClient.java
View File

@ -46,6 +46,7 @@ public class SecureStorageClient {
.withRedirect(HttpClient.Redirect.NEVER) .withRedirect(HttpClient.Redirect.NEVER)
.withExecutor(executor) .withExecutor(executor)
.withName("secure-storage") .withName("secure-storage")
.withSecurityProtocol(FaultTolerantHttpClient.SECURITY_PROTOCOL_TLS_1_3)
.withTrustedServerCertificate(configuration.getStorageCaCertificate()) .withTrustedServerCertificate(configuration.getStorageCaCertificate())
.build(); .build();
} }