jdk-sandbox: comparison jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java

equal deleted inserted replaced

-:cd6a440ddfcb
+:971f46db533d
 import java.security.PrivilegedAction;
 import java.security.AlgorithmConstraints;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.ReentrantLock;
+import java.nio.charset.StandardCharsets;
 import javax.crypto.BadPaddingException;
 import javax.net.ssl.*;
 /**
 * Implementation of an SSL socket.  This is a normal connection type
 * socket, implementing SSL over some lower level socket, such as TCP.
 private boolean             enableSessionCreation = true;
 private String              host;
 private boolean             autoClose = true;
 private AccessControlContext acc;
-/*
-* We cannot use the hostname resolved from name services.  For
-* virtual hosting, multiple hostnames may be bound to the same IP
-* address, so the hostname resolved from name services is not
-* reliable.
-*/
-private String              rawHostname;
 // The cipher suites enabled for use on this connection.
 private CipherSuiteList     enabledCipherSuites;
 // The endpoint identification protocol
 private String              identificationProtocol = null;
 // The cryptographic algorithm constraints
 private AlgorithmConstraints    algorithmConstraints = null;
+// The server name indication and matchers
+List<SNIServerName>         serverNames =
+Collections.<SNIServerName>emptyList();
+Collection<SNIMatcher>      sniMatchers =
+Collections.<SNIMatcher>emptyList();
 /*
 * READ ME * READ ME * READ ME * READ ME * READ ME * READ ME *
 * IMPORTANT STUFF TO UNDERSTANDING THE SYNCHRONIZATION ISSUES.
 * READ ME * READ ME * READ ME * READ ME * READ ME * READ ME *
 */
 SSLSocketImpl(SSLContextImpl context, String host, int port)
 throws IOException, UnknownHostException {
 super();
 this.host = host;
-this.rawHostname = host;
+this.serverNames =
+Utilities.addToSNIServerNameList(this.serverNames, this.host);
 init(context, false);
 SocketAddress socketAddress =
 host != null ? new InetSocketAddress(host, port) :
 new InetSocketAddress(InetAddress.getByName(null), port);
 connect(socketAddress, 0);
 SSLSocketImpl(SSLContextImpl context, String host, int port,
 InetAddress localAddr, int localPort)
 throws IOException, UnknownHostException {
 super();
 this.host = host;
-this.rawHostname = host;
+this.serverNames =
+Utilities.addToSNIServerNameList(this.serverNames, this.host);
 init(context, false);
 bind(new InetSocketAddress(localAddr, localPort));
 SocketAddress socketAddress =
 host != null ? new InetSocketAddress(host, port) :
 new InetSocketAddress(InetAddress.getByName(null), port);
 */
 SSLSocketImpl(SSLContextImpl context, boolean serverMode,
 CipherSuiteList suites, byte clientAuth,
 boolean sessionCreation, ProtocolList protocols,
 String identificationProtocol,
-AlgorithmConstraints algorithmConstraints) throws IOException {
+AlgorithmConstraints algorithmConstraints,
+Collection<SNIMatcher> sniMatchers) throws IOException {
 super();
 doClientAuth = clientAuth;
 enableSessionCreation = sessionCreation;
 this.identificationProtocol = identificationProtocol;
 this.algorithmConstraints = algorithmConstraints;
+this.sniMatchers = sniMatchers;
 init(context, serverMode);
 /*
 * Override what was picked out for us.
 */
 // We always layer over a connected socket
 if (!sock.isConnected()) {
 throw new SocketException("Underlying socket is not connected");
 }
 this.host = host;
-this.rawHostname = host;
+this.serverNames =
+Utilities.addToSNIServerNameList(this.serverNames, this.host);
 init(context, false);
+this.autoClose = autoClose;
+doneConnect();
+}
+/**
+* Creates a server mode {@link Socket} layered over an
+* existing connected socket, and is able to read data which has
+* already been consumed/removed from the {@link Socket}'s
+* underlying {@link InputStream}.
+*/
+SSLSocketImpl(SSLContextImpl context, Socket sock,
+InputStream consumed, boolean autoClose) throws IOException {
+super(sock, consumed);
+// We always layer over a connected socket
+if (!sock.isConnected()) {
+throw new SocketException("Underlying socket is not connected");
+}
+// In server mode, it is not necessary to set host and serverNames.
+// Otherwise, would require a reverse DNS lookup to get the hostname.
+init(context, true);
 this.autoClose = autoClose;
 doneConnect();
 }
 /**
 * @throws  SocketTimeoutException if timeout expires before connecting
 */
 public void connect(SocketAddress endpoint, int timeout)
 throws IOException {
-if (self != this) {
+if (isLayered()) {
 throw new SocketException("Already connected");
 }
 if (!(endpoint instanceof InetSocketAddress)) {
 throw new SocketException(
 /*
 * Save the input and output streams.  May be done only after
 * java.net actually connects using the socket "self", else
 * we get some pretty bizarre failure modes.
 */
-if (self == this) {
+sockInput = super.getInputStream();
-sockInput = super.getInputStream();
+sockOutput = super.getOutputStream();
-sockOutput = super.getOutputStream();
-} else {
-sockInput = self.getInputStream();
-sockOutput = self.getOutputStream();
-}
 /*
 * Move to handshaking state, with pending session initialized
 * to defaults and the appropriate kind of handshaker set up.
 */
 // For layered, non-autoclose sockets, we are not
 // able to bring them into a usable state, so we
 // treat it as fatal error.
-if (self != this && !autoClose) {
+if (isLayered() && !autoClose) {
 // Note that the alert description is
 // specified as -1, so no message will be send
 // to peer anymore.
 fatal((byte)(-1), ssle);
 } else if ((debug != null) && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(
+Thread.currentThread().getName() +
 ", received Exception: " + ssle);
 }
 // RFC2246 requires that the session becomes
 // unresumable if any connection is terminated
 throw e;
 } catch (EOFException eof) {
 boolean handshaking = (getConnectionState() <= cs_HANDSHAKE);
 boolean rethrow = requireCloseNotify || handshaking;
 if ((debug != null) && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", received EOFException: "
 + (rethrow ? "error" : "ignored"));
 }
 if (rethrow) {
 SSLException e;
 default:
 //
 // TLS requires that unrecognized records be ignored.
 //
 if (debug != null && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", Received record type: "
 + r.contentType());
 }
 continue;
 } // switch
 * TLS protocols do not define a error alert for sequence
 * number overflow. We use handshake_failure error alert
 * for handshaking and bad_record_mac for other records.
 */
 if (debug != null && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", sequence number extremely close to overflow " +
 "(2^64-1 packets). Closing connection.");
 }
 * Don't bother to kickstart the renegotiation when the local is
 * asking for it.
 */
 if ((type != Record.ct_handshake) && mac.seqNumIsHuge()) {
 if (debug != null && Debug.isOn("ssl")) {
-System.out.println(threadName() + ", request renegotiation " +
+System.out.println(Thread.currentThread().getName() +
+", request renegotiation " +
 "to avoid sequence number overflow");
 }
 startHandshake();
 }
 if (roleIsServer) {
 handshaker = new ServerHandshaker(this, sslContext,
 enabledProtocols, doClientAuth,
 protocolVersion, connectionState == cs_HANDSHAKE,
 secureRenegotiation, clientVerifyData, serverVerifyData);
+handshaker.setSNIMatchers(sniMatchers);
 } else {
 handshaker = new ClientHandshaker(this, sslContext,
 enabledProtocols,
 protocolVersion, connectionState == cs_HANDSHAKE,
 secureRenegotiation, clientVerifyData, serverVerifyData);
+handshaker.setSNIServerNames(serverNames);
 }
 handshaker.setEnabledCipherSuites(enabledCipherSuites);
 handshaker.setEnableSessionCreation(enableSessionCreation);
 }
 }
 protected void closeSocket() throws IOException {
 if ((debug != null) && Debug.isOn("ssl")) {
-System.out.println(threadName() + ", called closeSocket()");
+System.out.println(Thread.currentThread().getName() +
-}
+", called closeSocket()");
-if (self == this) {
+}
-super.close();
-} else {
+super.close();
-self.close();
-}
 }
 private void closeSocket(boolean selfInitiated) throws IOException {
 if ((debug != null) && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", called closeSocket(" + selfInitiated + ")");
 }
-if (self == this) {
+if (!isLayered() || autoClose) {
 super.close();
-} else if (autoClose) {
-self.close();
 } else if (selfInitiated) {
 // layered && non-autoclose
 // read close_notify alert to clear input stream
 waitForClose(false);
 }
 * rather than leaving it for finalization, so that your remote
 * peer does not experience a protocol error.
 */
 public void close() throws IOException {
 if ((debug != null) && Debug.isOn("ssl")) {
-System.out.println(threadName() + ", called close()");
+System.out.println(Thread.currentThread().getName() +
+", called close()");
 }
 closeInternal(true);  // caller is initiating close
 setConnectionState(cs_APP_CLOSED);
 }
 * If !selfInitiated, peer sent close_notify; we reciprocate but
 * no need to wait for response.
 */
 private void closeInternal(boolean selfInitiated) throws IOException {
 if ((debug != null) && Debug.isOn("ssl")) {
-System.out.println(threadName() + ", called closeInternal("
+System.out.println(Thread.currentThread().getName() +
-+ selfInitiated + ")");
+", called closeInternal(" + selfInitiated + ")");
 }
 int state = getConnectionState();
 boolean closeSocketCalled = false;
 Throwable cachedThrowable = null;
 }
 // If state was cs_SENT_CLOSE before, we don't do the actual
 // closing since it is already in progress.
 if (state == cs_SENT_CLOSE) {
 if (debug != null && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", close invoked again; state = " +
 getConnectionState());
 }
 if (selfInitiated == false) {
 // We were called because a close_notify message was
 // ignore
 }
 }
 }
 if ((debug != null) && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", after primary close; state = " +
 getConnectionState());
 }
 return;
 }
 * might be read by another reader,
 * which will then process the close and set the connection state.
 */
 void waitForClose(boolean rethrow) throws IOException {
 if (debug != null && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", waiting for close_notify or alert: state "
 + getConnectionState());
 }
 try {
 }
 }
 inrec = null;
 } catch (IOException e) {
 if (debug != null && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", Exception while waiting for close " +e);
 }
 if (rethrow) {
 throw e; // pass exception up
 }
 *          will be closed, no further communications could be done.
 */
 synchronized private void handleException(Exception e, boolean resumable)
 throws IOException {
 if ((debug != null) && Debug.isOn("ssl")) {
-System.out.println(threadName()
+System.out.println(Thread.currentThread().getName() +
-+ ", handling exception: " + e.toString());
+", handling exception: " + e.toString());
 }
 // don't close the Socket in case of timeouts or interrupts if
 // the process is resumable.
 if (e instanceof InterruptedIOException && resumable) {
 }
 if (debug != null && (Debug.isOn("record") ||
 Debug.isOn("handshake"))) {
 synchronized (System.out) {
-System.out.print(threadName());
+System.out.print(Thread.currentThread().getName());
 System.out.print(", RECV " + protocolVersion + " ALERT:  ");
 if (level == Alerts.alert_fatal) {
 System.out.print("fatal, ");
 } else if (level == Alerts.alert_warning) {
 System.out.print("warning, ");
 r.setVersion(protocolVersion);
 boolean useDebug = debug != null && Debug.isOn("ssl");
 if (useDebug) {
 synchronized (System.out) {
-System.out.print(threadName());
+System.out.print(Thread.currentThread().getName());
 System.out.print(", SEND " + protocolVersion + " ALERT:  ");
 if (level == Alerts.alert_fatal) {
 System.out.print("fatal, ");
 } else if (level == Alerts.alert_warning) {
 System.out.print("warning, ");
 r.write(description);
 try {
 writeRecord(r);
 } catch (IOException e) {
 if (useDebug) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", Exception sending alert: " + e);
 }
 }
 }
 host = getInetAddress().getHostName();
 }
 return host;
 }
-synchronized String getRawHostname() {
-return rawHostname;
-}
 // ONLY used by HttpsClient to setup the URI specified hostname
+//
+// Please NOTE that this method MUST be called before calling to
+// SSLSocket.setSSLParameters(). Otherwise, the {@code host} parameter
+// may override SNIHostName in the customized server name indication.
 synchronized public void setHost(String host) {
 this.host = host;
-this.rawHostname = host;
+this.serverNames =
+Utilities.addToSNIServerNameList(this.serverNames, this.host);
 }
 /**
 * Gets an input stream to read from the peer on the other side.
 * Data read from this stream was always integrity protected in
 // start handshaking, if failed, the connection will be closed.
 startHandshake(false);
 } catch (IOException e) {
 // handshake failed. log and return a nullSession
 if (debug != null && Debug.isOn("handshake")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", IOException in getSession():  " + e);
 }
 }
 }
 synchronized (this) {
 // If handshake has started, that's an error.  Fall through...
 default:
 if (debug != null && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", setUseClientMode() invoked in state = " +
 connectionState);
 }
 throw new IllegalArgumentException(
 "Cannot change mode after SSL traffic has started");
 * Assigns the socket timeout.
 * @see java.net.Socket#setSoTimeout
 */
 public void setSoTimeout(int timeout) throws SocketException {
 if ((debug != null) && Debug.isOn("ssl")) {
-System.out.println(threadName() +
+System.out.println(Thread.currentThread().getName() +
 ", setSoTimeout(" + timeout + ") called");
 }
-if (self == this) {
 super.setSoTimeout(timeout);
-} else {
-self.setSoTimeout(timeout);
-}
 }
 /**
 * Registers an event listener to receive notifications that an
 * SSL handshake has completed on this connection.
 SSLParameters params = super.getSSLParameters();
 // the super implementation does not handle the following parameters
 params.setEndpointIdentificationAlgorithm(identificationProtocol);
 params.setAlgorithmConstraints(algorithmConstraints);
+params.setSNIMatchers(sniMatchers);
+params.setServerNames(serverNames);
 return params;
 }
 /**
 super.setSSLParameters(params);
 // the super implementation does not handle the following parameters
 identificationProtocol = params.getEndpointIdentificationAlgorithm();
 algorithmConstraints = params.getAlgorithmConstraints();
+List<SNIServerName> sniNames = params.getServerNames();
+if (sniNames != null) {
+serverNames = sniNames;
+}
+Collection<SNIMatcher> matchers = params.getSNIMatchers();
+if (matchers != null) {
+sniMatchers = matchers;
+}
 if ((handshaker != null) && !handshaker.started()) {
 handshaker.setIdentificationProtocol(identificationProtocol);
 handshaker.setAlgorithmConstraints(algorithmConstraints);
+if (roleIsServer) {
+handshaker.setSNIMatchers(sniMatchers);
+} else {
+handshaker.setSNIServerNames(serverNames);
+}
 }
 }
 //
 // We allocate a separate thread to deliver handshake completion
 }
 }
 }
 /**
-* Return the name of the current thread. Utility method.
-*/
-private static String threadName() {
-return Thread.currentThread().getName();
-}
-/**
 * Returns a printable representation of this end of the connection.
 */
 public String toString() {
 StringBuffer retval = new StringBuffer(80);
 retval.append(Integer.toHexString(hashCode()));
 retval.append("[");
 retval.append(sess.getCipherSuite());
 retval.append(": ");
-if (self == this) {
+retval.append(super.toString());
-retval.append(super.toString());
-} else {
-retval.append(self.toString());
-}
 retval.append("]");
 return retval.toString();
 }
 }

changeset 14194	971f46db533d
parent 13815	2de30ecf335e
child 14664	e71aa0962e70