Simplify ProtocolSwitchStrategy by Leveraging ProtocolVersionParser (#627)

arturobernalg · ok2c · commit 0ba6102e65d7 · 2025-04-10T13:08:06.000+02:00
Unify HTTP and TLS token parsing in the Upgrade header by replacing custom version parsing with ProtocolVersionParser.
This change removes redundant code and ensures that only supported protocols (HTTP/ and TLS tokens) are accepted,
while all other upgrade protocols are rejected as unsupported.
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/ProtocolSwitchStrategy.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/ProtocolSwitchStrategy.java
@@ -27,15 +27,23 @@
 package org.apache.hc.client5.http.impl;
 
 import java.util.Iterator;
+import java.util.concurrent.atomic.AtomicReference;
 
 import org.apache.hc.core5.annotation.Internal;
+import org.apache.hc.core5.http.FormattedHeader;
+import org.apache.hc.core5.http.Header;
 import org.apache.hc.core5.http.HttpHeaders;
 import org.apache.hc.core5.http.HttpMessage;
+import org.apache.hc.core5.http.HttpVersion;
 import org.apache.hc.core5.http.ParseException;
 import org.apache.hc.core5.http.ProtocolException;
 import org.apache.hc.core5.http.ProtocolVersion;
-import org.apache.hc.core5.http.message.MessageSupport;
+import org.apache.hc.core5.http.ProtocolVersionParser;
+import org.apache.hc.core5.http.message.ParserCursor;
 import org.apache.hc.core5.http.ssl.TLS;
+import org.apache.hc.core5.util.Args;
+import org.apache.hc.core5.util.CharArrayBuffer;
+import org.apache.hc.core5.util.Tokenizer;
 
 /**
  * Protocol switch handler.
@@ -45,31 +53,100 @@
 @Internal
 public final class ProtocolSwitchStrategy {
 
-    enum ProtocolSwitch { FAILURE, TLS }
+    private static final ProtocolVersionParser PROTOCOL_VERSION_PARSER = ProtocolVersionParser.INSTANCE;
+    private static final Tokenizer TOKENIZER = Tokenizer.INSTANCE;
+    private static final Tokenizer.Delimiter UPGRADE_TOKEN_DELIMITER = Tokenizer.delimiters(',');
+    private static final Tokenizer.Delimiter LAX_PROTO_DELIMITER = Tokenizer.delimiters('/', ',');
+
+    @FunctionalInterface
+    private interface HeaderConsumer {
+
+        void accept(CharSequence buffer, ParserCursor cursor) throws ProtocolException;
+
+    }
 
     public ProtocolVersion switchProtocol(final HttpMessage response) throws ProtocolException {
-        final Iterator<String> it = MessageSupport.iterateTokens(response, HttpHeaders.UPGRADE);
+        final AtomicReference<ProtocolVersion> tlsUpgrade = new AtomicReference<>();
 
-        ProtocolVersion tlsUpgrade = null;
-        while (it.hasNext()) {
-            final String token = it.next();
-            if (token.startsWith("TLS")) {
-                // TODO: Improve handling of HTTP protocol token once HttpVersion has a #parse method
-                try {
-                    tlsUpgrade = token.length() == 3 ? TLS.V_1_2.getVersion() : TLS.parse(token.replace("TLS/", "TLSv"));
-                } catch (final ParseException ex) {
-                    throw new ProtocolException("Invalid protocol: " + token);
+        parseHeaders(response, HttpHeaders.UPGRADE, (buffer, cursor) -> {
+            final ProtocolVersion protocolVersion = parseProtocolVersion(buffer, cursor);
+            if (protocolVersion != null) {
+                if ("TLS".equalsIgnoreCase(protocolVersion.getProtocol())) {
+                    tlsUpgrade.set(protocolVersion);
+                } else if (!protocolVersion.equals(HttpVersion.HTTP_1_1)) {
+                    throw new ProtocolException("Unsupported protocol or HTTP version: " + protocolVersion);
                 }
-            } else if (token.equals("HTTP/1.1")) {
-                // TODO: Improve handling of HTTP protocol token once HttpVersion has a #parse method
-            } else {
-                throw new ProtocolException("Unsupported protocol: " + token);
             }
+        });
+
+        final ProtocolVersion result = tlsUpgrade.get();
+        if (result != null) {
+            return result;
+        } else {
+            throw new ProtocolException("Invalid protocol switch response: no TLS version found");
         }
-        if (tlsUpgrade == null) {
-            throw new ProtocolException("Invalid protocol switch response");
+    }
+
+    private ProtocolVersion parseProtocolVersion(final CharSequence buffer, final ParserCursor cursor) throws ProtocolException {
+        TOKENIZER.skipWhiteSpace(buffer, cursor);
+        final String proto = TOKENIZER.parseToken(buffer, cursor, LAX_PROTO_DELIMITER);
+        if (!cursor.atEnd()) {
+            final char ch = buffer.charAt(cursor.getPos());
+            if (ch == '/') {
+                if (proto.isEmpty()) {
+                    throw new ParseException("Invalid protocol", buffer, cursor.getLowerBound(), cursor.getUpperBound(), cursor.getPos());
+                }
+                cursor.updatePos(cursor.getPos() + 1);
+                return PROTOCOL_VERSION_PARSER.parse(proto, null, buffer, cursor, UPGRADE_TOKEN_DELIMITER);
+            }
+        }
+        if (proto.isEmpty()) {
+            return null;
+        } else if (proto.equalsIgnoreCase("TLS")) {
+            return TLS.V_1_2.getVersion();
+        } else {
+            throw new ProtocolException("Unsupported or invalid protocol: " + proto);
+        }
+    }
+
+
+    private void parseHeaders(final HttpMessage message, final String name, final HeaderConsumer consumer)
+            throws ProtocolException {
+        final Iterator<Header> it = message.headerIterator(name);
+        while (it.hasNext()) {
+            parseHeader(it.next(), consumer);
+        }
+    }
+
+    private void parseHeader(final Header header, final HeaderConsumer consumer) throws ProtocolException {
+        Args.notNull(header, "Header");
+        if (header instanceof FormattedHeader) {
+            final CharArrayBuffer buf = ((FormattedHeader) header).getBuffer();
+            final ParserCursor cursor = new ParserCursor(0, buf.length());
+            cursor.updatePos(((FormattedHeader) header).getValuePos());
+            parseHeaderElements(buf, cursor, consumer);
+        } else {
+            final String value = header.getValue();
+            if (value == null) {
+                return;
+            }
+            final ParserCursor cursor = new ParserCursor(0, value.length());
+            parseHeaderElements(value, cursor, consumer);
+        }
+    }
+
+    private void parseHeaderElements(final CharSequence buffer,
+                                     final ParserCursor cursor,
+                                     final HeaderConsumer consumer) throws ProtocolException {
+        while (!cursor.atEnd()) {
+            consumer.accept(buffer, cursor);
+            if (!cursor.atEnd()) {
+                final char ch = buffer.charAt(cursor.getPos());
+                if (ch == ',') {
+                    cursor.updatePos(cursor.getPos() + 1);
+                }
+            }
         }
-        return tlsUpgrade;
     }
 
-}
+}
diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/impl/TestProtocolSwitchStrategy.java b/httpclient5/src/test/java/org/apache/hc/client5/http/impl/TestProtocolSwitchStrategy.java
@@ -30,14 +30,15 @@
 import org.apache.hc.core5.http.HttpResponse;
 import org.apache.hc.core5.http.HttpStatus;
 import org.apache.hc.core5.http.ProtocolException;
+import org.apache.hc.core5.http.ProtocolVersion;
 import org.apache.hc.core5.http.message.BasicHttpResponse;
 import org.apache.hc.core5.http.ssl.TLS;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
 /**
- * Simple tests for {@link DefaultAuthenticationStrategy}.
+ * Simple tests for {@link ProtocolSwitchStrategy}.
  */
 class TestProtocolSwitchStrategy {
 
@@ -95,4 +96,137 @@ void testSwitchInvalid() {
         Assertions.assertThrows(ProtocolException.class, () -> switchStrategy.switchProtocol(response3));
     }
 
+    @Test
+    void testNullToken() throws ProtocolException {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS,");
+        response.addHeader(HttpHeaders.UPGRADE, null);
+        Assertions.assertEquals(TLS.V_1_2.getVersion(), switchStrategy.switchProtocol(response));
+    }
+
+    @Test
+    void testWhitespaceOnlyToken() throws ProtocolException {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "   , TLS");
+        Assertions.assertEquals(TLS.V_1_2.getVersion(), switchStrategy.switchProtocol(response));
+    }
+
+    @Test
+    void testUnsupportedTlsVersion() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/1.4");
+        Assertions.assertEquals(new ProtocolVersion("TLS", 1, 4), switchStrategy.switchProtocol(response));
+    }
+
+    @Test
+    void testUnsupportedTlsMajorVersion() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/2.0");
+        Assertions.assertEquals(new ProtocolVersion("TLS", 2, 0), switchStrategy.switchProtocol(response));
+    }
+
+    @Test
+    void testUnsupportedHttpVersion() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "HTTP/2.0");
+        final ProtocolException ex = Assertions.assertThrows(ProtocolException.class, () ->
+                switchStrategy.switchProtocol(response));
+        Assertions.assertEquals("Unsupported protocol or HTTP version: HTTP/2.0", ex.getMessage());
+    }
+
+    @Test
+    void testInvalidTlsFormat() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/abc");
+        final ProtocolException ex = Assertions.assertThrows(ProtocolException.class, () ->
+                switchStrategy.switchProtocol(response));
+        Assertions.assertEquals("Invalid TLS major version number; error at offset 7: <TLS/abc>", ex.getMessage());
+    }
+
+    @Test
+    void testHttp11Only() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "HTTP/1.1");
+        final ProtocolException ex = Assertions.assertThrows(ProtocolException.class, () ->
+                switchStrategy.switchProtocol(response));
+        Assertions.assertEquals("Invalid protocol switch response: no TLS version found", ex.getMessage());
+    }
+
+    @Test
+    void testSwitchToTlsValid_TLS_1_2() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/1.2");
+        final ProtocolVersion result = switchStrategy.switchProtocol(response);
+        Assertions.assertEquals(TLS.V_1_2.getVersion(), result);
+    }
+
+    @Test
+    void testSwitchToTlsValid_TLS_1_0() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/1.0");
+        final ProtocolVersion result = switchStrategy.switchProtocol(response);
+        Assertions.assertEquals(TLS.V_1_0.getVersion(), result);
+    }
+
+    @Test
+    void testSwitchToTlsValid_TLS_1_1() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/1.1");
+        final ProtocolVersion result = switchStrategy.switchProtocol(response);
+        Assertions.assertEquals(TLS.V_1_1.getVersion(), result);
+    }
+
+    @Test
+    void testInvalidTlsFormat_NoSlash() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLSv1");
+        final ProtocolException ex = Assertions.assertThrows(ProtocolException.class, () ->
+                switchStrategy.switchProtocol(response));
+        Assertions.assertEquals("Unsupported or invalid protocol: TLSv1", ex.getMessage());
+    }
+
+    @Test
+    void testSwitchToTlsValid_TLS_1() throws Exception {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/1");
+        final ProtocolVersion result = switchStrategy.switchProtocol(response);
+        Assertions.assertEquals(TLS.V_1_0.getVersion(), result);
+    }
+
+    @Test
+    void testInvalidTlsFormat_MissingMajor() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "TLS/.1");
+        final ProtocolException ex = Assertions.assertThrows(ProtocolException.class, () ->
+                switchStrategy.switchProtocol(response));
+        Assertions.assertEquals("Invalid TLS major version number; error at offset 4: <TLS/.1>", ex.getMessage());
+    }
+
+    @Test
+    void testMultipleHttp11Tokens() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "HTTP/1.1, HTTP/1.1");
+        final ProtocolException ex = Assertions.assertThrows(ProtocolException.class, () ->
+                switchStrategy.switchProtocol(response));
+        Assertions.assertEquals("Invalid protocol switch response: no TLS version found", ex.getMessage());
+    }
+
+    @Test
+    void testMixedInvalidAndValidTokens() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, "Crap, TLS/1.2, Invalid");
+        final ProtocolException ex = Assertions.assertThrows(ProtocolException.class, () ->
+                switchStrategy.switchProtocol(response));
+        Assertions.assertEquals("Unsupported or invalid protocol: Crap", ex.getMessage());
+    }
+
+    @Test
+    void testInvalidTlsFormat_NoProtocolName() {
+        final HttpResponse response = new BasicHttpResponse(HttpStatus.SC_SWITCHING_PROTOCOLS);
+        response.addHeader(HttpHeaders.UPGRADE, ",,/1.1");
+        final ProtocolException ex = Assertions.assertThrows(ProtocolException.class, () ->
+                switchStrategy.switchProtocol(response));
+        Assertions.assertEquals("Invalid protocol; error at offset 2: <,,/1.1>", ex.getMessage());
+    }
+
 }
