jdk-sandbox: comparison jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java

equal deleted inserted replaced

-:56e990297bc5
+:5e2d1edeb2c7
 import java.net.*;
 import java.security.GeneralSecurityException;
 import java.security.AccessController;
 import java.security.AccessControlContext;
 import java.security.PrivilegedAction;
+import java.security.AlgorithmConstraints;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.ReentrantLock;
 import javax.crypto.BadPaddingException;
 private boolean             enableSessionCreation = true;
 private String              host;
 private boolean             autoClose = true;
 private AccessControlContext acc;
+/*
+* We cannot use the hostname resolved from name services.  For
+* virtual hosting, multiple hostnames may be bound to the same IP
+* address, so the hostname resolved from name services is not
+* reliable.
+*/
+private String              rawHostname;
 // The cipher suites enabled for use on this connection.
 private CipherSuiteList     enabledCipherSuites;
-// hostname identification algorithm, the hostname identification is
+// The endpoint identification protocol
-// disabled by default.
+private String              identificationProtocol = null;
-private String              identificationAlg = null;
+// The cryptographic algorithm constraints
+private AlgorithmConstraints    algorithmConstraints = null;
 /*
 * READ ME * READ ME * READ ME * READ ME * READ ME * READ ME *
 * IMPORTANT STUFF TO UNDERSTANDING THE SYNCHRONIZATION ISSUES.
 * READ ME * READ ME * READ ME * READ ME * READ ME * READ ME *
 * about changing the cipher spec (and it does change), in fact
 * that's incidental since it's done by changing everything that
 * is associated with a session at the same time.  (TLS/IETF may
 * change that to add client authentication w/o new key exchg.)
 */
-private SSLSessionImpl      sess;
+private Handshaker                  handshaker;
-private Handshaker          handshaker;
+private SSLSessionImpl              sess;
+private volatile SSLSessionImpl     handshakeSession;
 /*
 * If anyone wants to get notified about handshake completions,
 * they'll show up on this list.
 */
 SSLSocketImpl(SSLContextImpl context, String host, int port)
 throws IOException, UnknownHostException {
 super();
 this.host = host;
+this.rawHostname = host;
 init(context, false);
 SocketAddress socketAddress =
 host != null ? new InetSocketAddress(host, port) :
 new InetSocketAddress(InetAddress.getByName(null), port);
 connect(socketAddress, 0);
 SSLSocketImpl(SSLContextImpl context, String host, int port,
 InetAddress localAddr, int localPort)
 throws IOException, UnknownHostException {
 super();
 this.host = host;
+this.rawHostname = host;
 init(context, false);
 bind(new InetSocketAddress(localAddr, localPort));
 SocketAddress socketAddress =
 host != null ? new InetSocketAddress(host, port) :
 new InetSocketAddress(InetAddress.getByName(null), port);
 * made.  This just initializes handshake state to use "server mode",
 * giving control over the use of SSL client authentication.
 */
 SSLSocketImpl(SSLContextImpl context, boolean serverMode,
 CipherSuiteList suites, byte clientAuth,
-boolean sessionCreation, ProtocolList protocols)
+boolean sessionCreation, ProtocolList protocols,
-throws IOException {
+String identificationProtocol,
+AlgorithmConstraints algorithmConstraints) throws IOException {
 super();
 doClientAuth = clientAuth;
 enableSessionCreation = sessionCreation;
+this.identificationProtocol = identificationProtocol;
+this.algorithmConstraints = algorithmConstraints;
 init(context, serverMode);
 /*
 * Override what was picked out for us.
 */
 // We always layer over a connected socket
 if (!sock.isConnected()) {
 throw new SocketException("Underlying socket is not connected");
 }
 this.host = host;
+this.rawHostname = host;
 init(context, false);
 this.autoClose = autoClose;
 doneConnect();
 }
 * Initializes the client socket.
 */
 private void init(SSLContextImpl context, boolean isServer) {
 sslContext = context;
 sess = SSLSessionImpl.nullSession;
+handshakeSession = null;
 /*
 * role is as specified, state is START until after
 * the low level connection's established.
 */
 handshaker.isSecureRenegotiation();
 clientVerifyData = handshaker.getClientVerifyData();
 serverVerifyData = handshaker.getServerVerifyData();
 sess = handshaker.getSession();
+handshakeSession = null;
 handshaker = null;
 connectionState = cs_DATA;
 //
 // Tell folk about handshake completion, but do
 Throwable cause) throws IOException {
 if ((input != null) && (input.r != null)) {
 input.r.close();
 }
 sess.invalidate();
+if (handshakeSession != null) {
+handshakeSession.invalidate();
+}
 int oldState = connectionState;
 connectionState = cs_ERROR;
 /*
 host = getInetAddress().getHostName();
 }
 return host;
 }
+synchronized String getRawHostname() {
+return rawHostname;
+}
 // ONLY used by HttpsClient to setup the URI specified hostname
 synchronized public void setHost(String host) {
 this.host = host;
+this.rawHostname = host;
 }
 /**
 * Gets an input stream to read from the peer on the other side.
 * Data read from this stream was always integrity protected in
 }
 }
 synchronized (this) {
 return sess;
 }
+}
+@Override
+synchronized public SSLSession getHandshakeSession() {
+return handshakeSession;
+}
+synchronized void setHandshakeSession(SSLSessionImpl session) {
+handshakeSession = session;
 }
 /**
 * Controls whether new connections may cause creation of new SSL
 * sessions.
 /**
 * Returns the protocols that are supported by this implementation.
 * A subset of the supported protocols may be enabled for this connection
-* @ returns an array of protocol names.
+* @return an array of protocol names.
 */
 public String[] getSupportedProtocols() {
 return ProtocolList.getSupported().toStringArray();
 }
 handshakeListeners = null;
 }
 }
 /**
-* Try to configure the endpoint identification algorithm of the socket.
+* Returns the SSLParameters in effect for this SSLSocket.
-*
+*/
-* @param identificationAlgorithm the algorithm used to check the
+synchronized public SSLParameters getSSLParameters() {
-*        endpoint identity.
+SSLParameters params = super.getSSLParameters();
-* @return true if the identification algorithm configuration success.
-*/
+// the super implementation does not handle the following parameters
-synchronized public boolean trySetHostnameVerification(
+params.setEndpointIdentificationAlgorithm(identificationProtocol);
-String identificationAlgorithm) {
+params.setAlgorithmConstraints(algorithmConstraints);
-if (sslContext.getX509TrustManager() instanceof
-X509ExtendedTrustManager) {
+return params;
-this.identificationAlg = identificationAlgorithm;
+}
-return true;
-} else {
+/**
-return false;
+* Applies SSLParameters to this socket.
-}
+*/
-}
+synchronized public void setSSLParameters(SSLParameters params) {
+super.setSSLParameters(params);
-/**
-* Returns the endpoint identification algorithm of the socket.
+// the super implementation does not handle the following parameters
-*/
+identificationProtocol = params.getEndpointIdentificationAlgorithm();
-synchronized public String getHostnameVerification() {
+algorithmConstraints = params.getAlgorithmConstraints();
-return identificationAlg;
+if ((handshaker != null) && !handshaker.started()) {
+handshaker.setIdentificationProtocol(identificationProtocol);
+handshaker.setAlgorithmConstraints(algorithmConstraints);
+}
 }
 //
 // We allocate a separate thread to deliver handshake completion
 // events.  This ensures that the notifications don't block the

changeset 7043	5e2d1edeb2c7
parent 7039	6464c8e62a18
child 9246	c459f79af46b