8349910: Implement JEP 517: HTTP/3 for the HTTP Client API

src/java.base/share/classes/jdk/internal/net/quic/QuicKeyUnavailableException.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2024, 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package jdk.internal.net.quic;
+
+
+import java.util.Objects;
+
+import jdk.internal.net.quic.QuicTLSEngine.KeySpace;
+
+/**
+ * Thrown when an operation on {@link QuicTLSEngine} doesn't have the necessary
+ * QUIC keys for encrypting or decrypting packets. This can either be because
+ * the keys aren't available for a particular {@linkplain KeySpace keyspace} or
+ * the keys for the {@code keyspace} have been discarded.
+ */
+public final class QuicKeyUnavailableException extends Exception {
+    @java.io.Serial
+    private static final long serialVersionUID = 8553365136999153478L;
+
+    public QuicKeyUnavailableException(final String message, final KeySpace keySpace) {
+        super(Objects.requireNonNull(keySpace) + " keyspace: " + message);
+    }
+}

src/java.base/share/classes/jdk/internal/net/quic/QuicOneRttContext.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2023, 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package jdk.internal.net.quic;
+
+/**
+ * Supplies contextual 1-RTT information that's available in the QUIC implementation of the
+ * {@code java.net.http} module, to the QUIC TLS layer in the {@code java.base} module.
+ */
+public interface QuicOneRttContext {
+
+    /**
+     * {@return the largest packet number that was acknowledged by
+     * the peer in the 1-RTT packet space}
+     */
+    long getLargestPeerAckedPN();
+}

src/java.base/share/classes/jdk/internal/net/quic/QuicTLSContext.java

@@ -0,0 +1,152 @@
+/*
+ * Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package jdk.internal.net.quic;
+
+import java.lang.invoke.MethodHandles;
+import java.lang.invoke.VarHandle;
+import java.util.Arrays;
+import java.util.Objects;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLContextSpi;
+import javax.net.ssl.SSLParameters;
+
+import sun.security.ssl.QuicTLSEngineImpl;
+import sun.security.ssl.SSLContextImpl;
+
+/**
+ * Instances of this class act as a factory for creation
+ * of {@link QuicTLSEngine QUIC TLS engine}.
+ */
+public final class QuicTLSContext {
+
+    // In this implementation, we have a dependency on
+    // sun.security.ssl.SSLContextImpl. We can only support
+    // Quic on SSLContext instances created by the default
+    // SunJSSE Provider
+    private final SSLContextImpl sslCtxImpl;
+
+    /**
+     * {@return {@code true} if the given {@code sslContext} supports QUIC TLS, {@code false} otherwise}
+     * @param sslContext an {@link SSLContext}
+     */
+    public static boolean isQuicCompatible(final SSLContext sslContext) {
+        boolean parametersSupported = isQuicCompatible(sslContext.getSupportedSSLParameters());
+        if (!parametersSupported) {
+            return false;
+        }
+        // horrible hack - what we do here is try and get hold of a SSLContext
+        // that has already been initialised and configured with the HttpClient.
+        // We see if that SSLContext is created using an implementation of
+        // sun.security.ssl.SSLContextImpl. Since there's no API
+        // available to get hold of that underlying implementation, we use
+        // MethodHandle lookup to get access to the field which holds that
+        // detail.
+        final Object underlyingImpl = CONTEXT_SPI.get(sslContext);
+        if (!(underlyingImpl instanceof SSLContextImpl ssci)) {
+            return false;
+        }
+        return ssci.isUsableWithQuic();
+    }
+
+    /**
+     * {@return {@code true} if protocols of the given {@code parameters} support QUIC TLS, {@code false} otherwise}
+     */
+    public static boolean isQuicCompatible(SSLParameters parameters) {
+        String[] protocols = parameters.getProtocols();
+        return protocols != null && Arrays.asList(protocols).contains("TLSv1.3");
+    }
+
+    private static SSLContextImpl getSSLContextImpl(
+            final SSLContext sslContext) {
+        final Object underlyingImpl = CONTEXT_SPI.get(sslContext);
+        assert underlyingImpl instanceof SSLContextImpl;
+        return (SSLContextImpl) underlyingImpl;
+    }
+
+    /**
+     * Constructs a QuicTLSContext for the given {@code sslContext}
+     *
+     * @param sslContext The SSLContext
+     * @throws IllegalArgumentException If the passed {@code sslContext} isn't
+     *                                  supported by the QuicTLSContext
+     * @see #isQuicCompatible(SSLContext)
+     */
+    public QuicTLSContext(final SSLContext sslContext) {
+        Objects.requireNonNull(sslContext);
+        if (!isQuicCompatible(sslContext)) {
+            throw new IllegalArgumentException(
+                    "Cannot construct a QUIC TLS context with the given SSLContext");
+        }
+        this.sslCtxImpl = getSSLContextImpl(sslContext);
+    }
+
+    /**
+     * Creates a {@link QuicTLSEngine} using this context
+     * <p>
+     * This method does not provide hints for session caching.
+     *
+     * @return the newly created QuicTLSEngine
+     */
+    public QuicTLSEngine createEngine() {
+        return createEngine(null, -1);
+    }
+
+    /**
+     * Creates a {@link QuicTLSEngine} using this context using
+     * advisory peer information.
+     * <p>
+     * The provided parameters will be used as hints for session caching.
+     * The {@code peerHost} parameter will be used in the server_name extension,
+     * unless overridden later.
+     *
+     * @param peerHost The peer hostname or IP address. Can be null.
+     * @param peerPort The peer port, can be -1 if the port is unknown
+     * @return the newly created QuicTLSEngine
+     */
+    public QuicTLSEngine createEngine(final String peerHost, final int peerPort) {
+        return new QuicTLSEngineImpl(this.sslCtxImpl, peerHost, peerPort);
+    }
+
+    // This VarHandle is used to access the SSLContext::contextSpi
+    // field which is not publicly accessible.
+    // In this implementation, Quic is only supported for SSLContext
+    // instances whose underlying implementation is provided by a
+    // sun.security.ssl.SSLContextImpl
+    private static final VarHandle CONTEXT_SPI;
+    static {
+        try {
+            final MethodHandles.Lookup lookup =
+                    MethodHandles.privateLookupIn(SSLContext.class,
+                            MethodHandles.lookup());
+            final VarHandle vh = lookup.findVarHandle(SSLContext.class,
+                    "contextSpi", SSLContextSpi.class);
+            CONTEXT_SPI = vh;
+        } catch (Exception x) {
+            throw new ExceptionInInitializerError(x);
+        }
+    }
+}
+