Google Git
Sign in
android / platform / libcore / 004c097c61970ff6ba07f5825a8c16a4fdccf286 / . / jdk / src / java.base / share / classes / javax / net / ssl / SSLSocketFactory.java
blob: 8029b7d6b9a9c4e156cc9249b9f102098de46610 [file] [log] [blame]
/*
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package javax.net.ssl;
import java.net.*;
import javax.net.SocketFactory;
import java.io.IOException;
import java.io.InputStream;
import java.security.*;
import java.util.Locale;
import sun.security.action.GetPropertyAction;
/**
* <code>SSLSocketFactory</code>s create <code>SSLSocket</code>s.
*
* @since 1.4
* @see SSLSocket
* @author David Brownell
*/
public abstract class SSLSocketFactory extends SocketFactory
{
private static SSLSocketFactory theFactory;
private static boolean propertyChecked;
static final boolean DEBUG;
static {
String s = GetPropertyAction.privilegedGetProperty("javax.net.debug", "")
.toLowerCase(Locale.ENGLISH);
DEBUG = s.contains("all") || s.contains("ssl");
}
private static void log(String msg) {
if (DEBUG) {
System.out.println(msg);
}
}
/**
* Constructor is used only by subclasses.
*/
public SSLSocketFactory() {
}
/**
* Returns the default SSL socket factory.
*
* <p>The first time this method is called, the security property
* "ssl.SocketFactory.provider" is examined. If it is non-null, a class by
* that name is loaded and instantiated. If that is successful and the
* object is an instance of SSLSocketFactory, it is made the default SSL
* socket factory.
*
* <p>Otherwise, this method returns
* <code>SSLContext.getDefault().getSocketFactory()</code>. If that
* call fails, an inoperative factory is returned.
*
* @return the default <code>SocketFactory</code>
* @see SSLContext#getDefault
*/
public static synchronized SocketFactory getDefault() {
if (theFactory != null) {
return theFactory;
}
if (propertyChecked == false) {
propertyChecked = true;
String clsName = getSecurityProperty("ssl.SocketFactory.provider");
if (clsName != null) {
log("setting up default SSLSocketFactory");
try {
Class<?> cls = null;
try {
cls = Class.forName(clsName);
} catch (ClassNotFoundException e) {
ClassLoader cl = ClassLoader.getSystemClassLoader();
if (cl != null) {
cls = cl.loadClass(clsName);
}
}
log("class " + clsName + " is loaded");
@SuppressWarnings("deprecation")
SSLSocketFactory fac = (SSLSocketFactory)cls.newInstance();
log("instantiated an instance of class " + clsName);
theFactory = fac;
return fac;
} catch (Exception e) {
log("SSLSocketFactory instantiation failed: " + e.toString());
theFactory = new DefaultSSLSocketFactory(e);
return theFactory;
}
}
}
try {
return SSLContext.getDefault().getSocketFactory();
} catch (NoSuchAlgorithmException e) {
return new DefaultSSLSocketFactory(e);
}
}
static String getSecurityProperty(final String name) {
return AccessController.doPrivileged(new PrivilegedAction<>() {
@Override
public String run() {
String s = java.security.Security.getProperty(name);
if (s != null) {
s = s.trim();
if (s.length() == 0) {
s = null;
}
}
return s;
}
});
}
/**
* Returns the list of cipher suites which are enabled by default.
* Unless a different list is enabled, handshaking on an SSL connection
* will use one of these cipher suites. The minimum quality of service
* for these defaults requires confidentiality protection and server
* authentication (that is, no anonymous cipher suites).
* <P>
* The returned array includes cipher suites from the list of standard
* cipher suite names in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#jsse-cipher-suite-names">
* JSSE Cipher Suite Names</a> section of the Java Cryptography
* Architecture Standard Algorithm Name Documentation, and may also
* include other cipher suites that the provider supports.
*
* @see #getSupportedCipherSuites()
* @return array of the cipher suites enabled by default
*/
public abstract String [] getDefaultCipherSuites();
/**
* Returns the names of the cipher suites which could be enabled for use
* on an SSL connection. Normally, only a subset of these will actually
* be enabled by default, since this list may include cipher suites which
* do not meet quality of service requirements for those defaults. Such
* cipher suites are useful in specialized applications.
* <P>
* The returned array includes cipher suites from the list of standard
* cipher suite names in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#jsse-cipher-suite-names">
* JSSE Cipher Suite Names</a> section of the Java Cryptography
* Architecture Standard Algorithm Name Documentation, and may also
* include other cipher suites that the provider supports.
*
* @see #getDefaultCipherSuites()
* @return an array of cipher suite names
*/
public abstract String [] getSupportedCipherSuites();
/**
* Returns a socket layered over an existing socket connected to the named
* host, at the given port. This constructor can be used when tunneling SSL
* through a proxy or when negotiating the use of SSL over an existing
* socket. The host and port refer to the logical peer destination.
* This socket is configured using the socket options established for
* this factory.
*
* @param s the existing socket
* @param host the server host
* @param port the server port
* @param autoClose close the underlying socket when this socket is closed
* @return a socket connected to the specified host and port
* @throws IOException if an I/O error occurs when creating the socket
* @throws NullPointerException if the parameter s is null
*/
public abstract Socket createSocket(Socket s, String host,
int port, boolean autoClose) throws IOException;
/**
* Creates a server mode {@link Socket} layered over an
* existing connected socket, and is able to read data which has
* already been consumed/removed from the {@link Socket}'s
* underlying {@link InputStream}.
* <p>
* This method can be used by a server application that needs to
* observe the inbound data but still create valid SSL/TLS
* connections: for example, inspection of Server Name Indication
* (SNI) extensions (See section 3 of <A
* HREF="http://www.ietf.org/rfc/rfc6066.txt">TLS Extensions
* (RFC6066)</A>). Data that has been already removed from the
* underlying {@link InputStream} should be loaded into the
* {@code consumed} stream before this method is called, perhaps
* using a {@link java.io.ByteArrayInputStream}. When this
* {@link Socket} begins handshaking, it will read all of the data in
* {@code consumed} until it reaches {@code EOF}, then all further
* data is read from the underlying {@link InputStream} as
* usual.
* <p>
* The returned socket is configured using the socket options
* established for this factory, and is set to use server mode when
* handshaking (see {@link SSLSocket#setUseClientMode(boolean)}).
*
* @param s
* the existing socket
* @param consumed
* the consumed inbound network data that has already been
* removed from the existing {@link Socket}
* {@link InputStream}. This parameter may be
* {@code null} if no data has been removed.
* @param autoClose close the underlying socket when this socket is closed.
*
* @return the {@link Socket} compliant with the socket options
* established for this factory
*
* @throws IOException if an I/O error occurs when creating the socket
* @throws UnsupportedOperationException if the underlying provider
* does not implement the operation
* @throws NullPointerException if {@code s} is {@code null}
*
* @since 1.8
*/
public Socket createSocket(Socket s, InputStream consumed,
boolean autoClose) throws IOException {
throw new UnsupportedOperationException();
}
}
// file private
class DefaultSSLSocketFactory extends SSLSocketFactory
{
private Exception reason;
DefaultSSLSocketFactory(Exception reason) {
this.reason = reason;
}
private Socket throwException() throws SocketException {
throw (SocketException)
new SocketException(reason.toString()).initCause(reason);
}
@Override
public Socket createSocket()
throws IOException
{
return throwException();
}
@Override
public Socket createSocket(String host, int port)
throws IOException
{
return throwException();
}
@Override
public Socket createSocket(Socket s, String host,
int port, boolean autoClose)
throws IOException
{
return throwException();
}
@Override
public Socket createSocket(InetAddress address, int port)
throws IOException
{
return throwException();
}
@Override
public Socket createSocket(String host, int port,
InetAddress clientAddress, int clientPort)
throws IOException
{
return throwException();
}
@Override
public Socket createSocket(InetAddress address, int port,
InetAddress clientAddress, int clientPort)
throws IOException
{
return throwException();
}
@Override
public String [] getDefaultCipherSuites() {
return new String[0];
}
@Override
public String [] getSupportedCipherSuites() {
return new String[0];
}
}