Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/javax/net/ssl/SSLSocketFactory.java
38918 views
/*1* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/242526package javax.net.ssl;2728import java.net.*;29import javax.net.SocketFactory;30import java.io.IOException;31import java.io.InputStream;32import java.security.*;33import java.util.Locale;3435import sun.security.action.GetPropertyAction;3637/**38* <code>SSLSocketFactory</code>s create <code>SSLSocket</code>s.39*40* @since 1.441* @see SSLSocket42* @author David Brownell43*/44public abstract class SSLSocketFactory extends SocketFactory45{46private static SSLSocketFactory theFactory;4748private static boolean propertyChecked;4950static final boolean DEBUG;5152static {53String s = java.security.AccessController.doPrivileged(54new GetPropertyAction("javax.net.debug", "")).toLowerCase(55Locale.ENGLISH);56DEBUG = s.contains("all") || s.contains("ssl");57}5859private static void log(String msg) {60if (DEBUG) {61System.out.println(msg);62}63}6465/**66* Constructor is used only by subclasses.67*/68public SSLSocketFactory() {69}7071/**72* Returns the default SSL socket factory.73*74* <p>The first time this method is called, the security property75* "ssl.SocketFactory.provider" is examined. If it is non-null, a class by76* that name is loaded and instantiated. If that is successful and the77* object is an instance of SSLSocketFactory, it is made the default SSL78* socket factory.79*80* <p>Otherwise, this method returns81* <code>SSLContext.getDefault().getSocketFactory()</code>. If that82* call fails, an inoperative factory is returned.83*84* @return the default <code>SocketFactory</code>85* @see SSLContext#getDefault86*/87public static synchronized SocketFactory getDefault() {88if (theFactory != null) {89return theFactory;90}9192if (propertyChecked == false) {93propertyChecked = true;94String clsName = getSecurityProperty("ssl.SocketFactory.provider");95if (clsName != null) {96log("setting up default SSLSocketFactory");97try {98Class<?> cls = null;99try {100cls = Class.forName(clsName);101} catch (ClassNotFoundException e) {102ClassLoader cl = ClassLoader.getSystemClassLoader();103if (cl != null) {104cls = cl.loadClass(clsName);105}106}107log("class " + clsName + " is loaded");108SSLSocketFactory fac = (SSLSocketFactory)cls.newInstance();109log("instantiated an instance of class " + clsName);110theFactory = fac;111return fac;112} catch (Exception e) {113log("SSLSocketFactory instantiation failed: " + e.toString());114theFactory = new DefaultSSLSocketFactory(e);115return theFactory;116}117}118}119120try {121return SSLContext.getDefault().getSocketFactory();122} catch (NoSuchAlgorithmException e) {123return new DefaultSSLSocketFactory(e);124}125}126127static String getSecurityProperty(final String name) {128return AccessController.doPrivileged(new PrivilegedAction<String>() {129@Override130public String run() {131String s = java.security.Security.getProperty(name);132if (s != null) {133s = s.trim();134if (s.length() == 0) {135s = null;136}137}138return s;139}140});141}142143/**144* Returns the list of cipher suites which are enabled by default.145* Unless a different list is enabled, handshaking on an SSL connection146* will use one of these cipher suites. The minimum quality of service147* for these defaults requires confidentiality protection and server148* authentication (that is, no anonymous cipher suites).149*150* @see #getSupportedCipherSuites()151* @return array of the cipher suites enabled by default152*/153public abstract String [] getDefaultCipherSuites();154155/**156* Returns the names of the cipher suites which could be enabled for use157* on an SSL connection. Normally, only a subset of these will actually158* be enabled by default, since this list may include cipher suites which159* do not meet quality of service requirements for those defaults. Such160* cipher suites are useful in specialized applications.161*162* @see #getDefaultCipherSuites()163* @return an array of cipher suite names164*/165public abstract String [] getSupportedCipherSuites();166167/**168* Returns a socket layered over an existing socket connected to the named169* host, at the given port. This constructor can be used when tunneling SSL170* through a proxy or when negotiating the use of SSL over an existing171* socket. The host and port refer to the logical peer destination.172* This socket is configured using the socket options established for173* this factory.174*175* @param s the existing socket176* @param host the server host177* @param port the server port178* @param autoClose close the underlying socket when this socket is closed179* @return a socket connected to the specified host and port180* @throws IOException if an I/O error occurs when creating the socket181* @throws NullPointerException if the parameter s is null182*/183public abstract Socket createSocket(Socket s, String host,184int port, boolean autoClose) throws IOException;185186/**187* Creates a server mode {@link Socket} layered over an188* existing connected socket, and is able to read data which has189* already been consumed/removed from the {@link Socket}'s190* underlying {@link InputStream}.191* <p>192* This method can be used by a server application that needs to193* observe the inbound data but still create valid SSL/TLS194* connections: for example, inspection of Server Name Indication195* (SNI) extensions (See section 3 of <A196* HREF="http://www.ietf.org/rfc/rfc6066.txt">TLS Extensions197* (RFC6066)</A>). Data that has been already removed from the198* underlying {@link InputStream} should be loaded into the199* {@code consumed} stream before this method is called, perhaps200* using a {@link java.io.ByteArrayInputStream}. When this201* {@link Socket} begins handshaking, it will read all of the data in202* {@code consumed} until it reaches {@code EOF}, then all further203* data is read from the underlying {@link InputStream} as204* usual.205* <p>206* The returned socket is configured using the socket options207* established for this factory, and is set to use server mode when208* handshaking (see {@link SSLSocket#setUseClientMode(boolean)}).209*210* @param s211* the existing socket212* @param consumed213* the consumed inbound network data that has already been214* removed from the existing {@link Socket}215* {@link InputStream}. This parameter may be216* {@code null} if no data has been removed.217* @param autoClose close the underlying socket when this socket is closed.218*219* @return the {@link Socket} compliant with the socket options220* established for this factory221*222* @throws IOException if an I/O error occurs when creating the socket223* @throws UnsupportedOperationException if the underlying provider224* does not implement the operation225* @throws NullPointerException if {@code s} is {@code null}226*227* @since 1.8228*/229public Socket createSocket(Socket s, InputStream consumed,230boolean autoClose) throws IOException {231throw new UnsupportedOperationException();232}233}234235236// file private237class DefaultSSLSocketFactory extends SSLSocketFactory238{239private Exception reason;240241DefaultSSLSocketFactory(Exception reason) {242this.reason = reason;243}244245private Socket throwException() throws SocketException {246throw (SocketException)247new SocketException(reason.toString()).initCause(reason);248}249250@Override251public Socket createSocket()252throws IOException253{254return throwException();255}256257@Override258public Socket createSocket(String host, int port)259throws IOException260{261return throwException();262}263264@Override265public Socket createSocket(Socket s, String host,266int port, boolean autoClose)267throws IOException268{269return throwException();270}271272@Override273public Socket createSocket(InetAddress address, int port)274throws IOException275{276return throwException();277}278279@Override280public Socket createSocket(String host, int port,281InetAddress clientAddress, int clientPort)282throws IOException283{284return throwException();285}286287@Override288public Socket createSocket(InetAddress address, int port,289InetAddress clientAddress, int clientPort)290throws IOException291{292return throwException();293}294295@Override296public String [] getDefaultCipherSuites() {297return new String[0];298}299300@Override301public String [] getSupportedCipherSuites() {302return new String[0];303}304}305306307