Simplify ProtocolSwitchStrategy by Leveraging ProtocolVersionParser

arturobernalg · arturobernalg · commit 429759f51833 · 2025-03-31T19:36:00.000+02:00
Unify HTTP and TLS token parsing in the Upgrade header by replacing custom version parsing with ProtocolVersionParser.
This change removes redundant code and ensures that only supported protocols (HTTP/ and TLS tokens) are accepted,
while all other upgrade protocols are rejected as unsupported.
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/ProtocolSwitchStrategy.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/ProtocolSwitchStrategy.java
@@ -31,11 +31,15 @@
 import org.apache.hc.core5.annotation.Internal;
 import org.apache.hc.core5.http.HttpHeaders;
 import org.apache.hc.core5.http.HttpMessage;
+import org.apache.hc.core5.http.HttpVersion;
 import org.apache.hc.core5.http.ParseException;
 import org.apache.hc.core5.http.ProtocolException;
 import org.apache.hc.core5.http.ProtocolVersion;
+import org.apache.hc.core5.http.ProtocolVersionParser;
 import org.apache.hc.core5.http.message.MessageSupport;
 import org.apache.hc.core5.http.ssl.TLS;
+import org.apache.hc.core5.util.CharArrayBuffer;
+import org.apache.hc.core5.util.Tokenizer;
 
 /**
  * Protocol switch handler.
@@ -45,31 +49,55 @@
 @Internal
 public final class ProtocolSwitchStrategy {
 
-    enum ProtocolSwitch { FAILURE, TLS }
+    private static final ProtocolVersionParser PROTOCOL_VERSION_PARSER = ProtocolVersionParser.INSTANCE;
 
     public ProtocolVersion switchProtocol(final HttpMessage response) throws ProtocolException {
         final Iterator<String> it = MessageSupport.iterateTokens(response, HttpHeaders.UPGRADE);
 
         ProtocolVersion tlsUpgrade = null;
+
         while (it.hasNext()) {
             final String token = it.next();
-            if (token.startsWith("TLS")) {
-                // TODO: Improve handling of HTTP protocol token once HttpVersion has a #parse method
-                try {
-                    tlsUpgrade = token.length() == 3 ? TLS.V_1_2.getVersion() : TLS.parse(token.replace("TLS/", "TLSv"));
-                } catch (final ParseException ex) {
-                    throw new ProtocolException("Invalid protocol: " + token);
+            final ProtocolVersion version = parseProtocolToken(token);
+            if (version != null) {
+                if ("TLS".equalsIgnoreCase(version.getProtocol())) {
+                    tlsUpgrade = version;
                 }
-            } else if (token.equals("HTTP/1.1")) {
-                // TODO: Improve handling of HTTP protocol token once HttpVersion has a #parse method
-            } else {
-                throw new ProtocolException("Unsupported protocol: " + token);
             }
         }
-        if (tlsUpgrade == null) {
-            throw new ProtocolException("Invalid protocol switch response");
+
+        if (tlsUpgrade != null) {
+            return tlsUpgrade;
+        } else {
+            throw new ProtocolException("Invalid protocol switch response: no TLS version found");
         }
-        return tlsUpgrade;
     }
 
-}
+    private ProtocolVersion parseProtocolToken(final String token) throws ProtocolException {
+        if (token == null || token.trim().isEmpty()) {
+            return null;
+        }
+
+        try {
+            if ("TLS".equalsIgnoreCase(token)) {
+                return TLS.V_1_2.getVersion();
+            }
+
+            final CharArrayBuffer buffer = new CharArrayBuffer(token.length());
+            buffer.append(token);
+            final Tokenizer.Cursor cursor = new Tokenizer.Cursor(0, token.length());
+
+            final ProtocolVersion version = PROTOCOL_VERSION_PARSER.parse(buffer, cursor, null);
+
+            if ("TLS".equalsIgnoreCase(version.getProtocol())) {
+                return version;
+            } else if (version.equals(HttpVersion.HTTP_1_1)) {
+                return null;
+            } else {
+                throw new ProtocolException("Unsupported protocol or HTTP version: " + token);
+            }
+        } catch (final ParseException ex) {
+            throw new ProtocolException("Invalid protocol: " + token, ex);
+        }
+    }
+}
diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/impl/TestProtocolSwitchStrategy.java b/httpclient5/src/test/java/org/apache/hc/client5/http/impl/TestProtocolSwitchStrategy.java
@@ -30,14 +30,15 @@
 import org.apache.hc.core5.http.HttpResponse;
 import org.apache.hc.core5.http.HttpStatus;
 import org.apache.hc.core5.http.ProtocolException;
+import org.apache.hc.core5.http.ProtocolVersion;
 import org.apache.hc.core5.http.message.BasicHttpResponse;
 import org.apache.hc.core5.http.ssl.TLS;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
 /**
- * Simple tests for {@link DefaultAuthenticationStrategy}.
+ * Simple tests for {@link ProtocolSwitchStrategy}.
  */
 class TestProtocolSwitchStrategy {
 
@@ -95,4 +96,120 @@ void testSwitchInvalid() {
         Assertions.assertThrows(ProtocolException.class, () -> switchStrategy.switchProtocol(response3));
     }
 
+    @Test
+    void testNullToken() throws ProtocolException {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS,");
+        response.addHeader(HttpHeaders.UPGRADE, null);
+        Assertions.assertEquals(TLS.V_1_2.getVersion(), switchStrategy.switchProtocol(response));
+    }
+
+    @Test
+    void testWhitespaceOnlyToken() throws ProtocolException {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "   , TLS");
+        Assertions.assertEquals(TLS.V_1_2.getVersion(), switchStrategy.switchProtocol(response));
+    }
+
+    @Test
+    void testUnsupportedTlsVersion() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/1.4");
+        Assertions.assertEquals(new ProtocolVersion("TLS", 1, 4), switchStrategy.switchProtocol(response));
+    }
+
+    @Test
+    void testUnsupportedTlsMajorVersion() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/2.0");
+        Assertions.assertEquals(new ProtocolVersion("TLS", 2, 0), switchStrategy.switchProtocol(response));
+    }
+
+    @Test
+    void testUnsupportedHttpVersion() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "HTTP/2.0");
+        Assertions.assertThrows(ProtocolException.class, () -> switchStrategy.switchProtocol(response),
+                "Unsupported HTTP version: HTTP/2.0");
+    }
+
+    @Test
+    void testInvalidTlsFormat() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/abc");
+        Assertions.assertThrows(ProtocolException.class, () -> switchStrategy.switchProtocol(response),
+                "Invalid protocol: TLS/abc");
+    }
+
+    @Test
+    void testHttp11Only() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "HTTP/1.1");
+        Assertions.assertThrows(ProtocolException.class, () -> switchStrategy.switchProtocol(response),
+                "Invalid protocol switch response: no TLS version found");
+    }
+
+    @Test
+    void testSwitchToTlsValid_TLS_1_2() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/1.2");
+        final ProtocolVersion result = switchStrategy.switchProtocol(response);
+        Assertions.assertEquals(TLS.V_1_2.getVersion(), result);
+    }
+
+    @Test
+    void testSwitchToTlsValid_TLS_1_0() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/1.0");
+        final ProtocolVersion result = switchStrategy.switchProtocol(response);
+        Assertions.assertEquals(TLS.V_1_0.getVersion(), result);
+    }
+
+    @Test
+    void testSwitchToTlsValid_TLS_1_1() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/1.1");
+        final ProtocolVersion result = switchStrategy.switchProtocol(response);
+        Assertions.assertEquals(TLS.V_1_1.getVersion(), result);
+    }
+
+    @Test
+    void testInvalidTlsFormat_NoSlash() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLSv1");
+        Assertions.assertThrows(ProtocolException.class, () -> switchStrategy.switchProtocol(response),
+                "Invalid protocol: TLSv1");
+    }
+
+    @Test
+    void testSwitchToTlsValid_TLS_1() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/1");
+        final ProtocolVersion result = switchStrategy.switchProtocol(response);
+        Assertions.assertEquals(TLS.V_1_0.getVersion(), result);
+    }
+
+    @Test
+    void testInvalidTlsFormat_MissingMajor() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/.1");
+        Assertions.assertThrows(ProtocolException.class, () -> switchStrategy.switchProtocol(response),
+                "Invalid protocol: TLS/.1");
+    }
+
+    @Test
+    void testMultipleHttp11Tokens() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "HTTP/1.1, HTTP/1.1");
+        Assertions.assertThrows(ProtocolException.class, () -> switchStrategy.switchProtocol(response),
+                "Invalid protocol switch response: no TLS version found");
+    }
+
+    @Test
+    void testMixedInvalidAndValidTokens() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "Crap, TLS/1.2, Invalid");
+        Assertions.assertThrows(ProtocolException.class, () -> switchStrategy.switchProtocol(response),
+                "Invalid protocol: Crap");
+    }
 }
