27 package sun.security.ssl; |
27 package sun.security.ssl; |
28 |
28 |
29 import java.io.IOException; |
29 import java.io.IOException; |
30 import java.net.InetAddress; |
30 import java.net.InetAddress; |
31 import java.net.Socket; |
31 import java.net.Socket; |
32 import java.net.ServerSocket; |
|
33 |
32 |
34 import java.security.AlgorithmConstraints; |
33 import java.security.AlgorithmConstraints; |
35 |
34 |
36 import java.util.*; |
35 import java.util.*; |
37 |
36 |
38 import javax.net.ServerSocketFactory; |
|
39 import javax.net.ssl.SSLException; |
37 import javax.net.ssl.SSLException; |
40 import javax.net.ssl.SSLServerSocket; |
38 import javax.net.ssl.SSLServerSocket; |
41 import javax.net.ssl.SSLParameters; |
39 import javax.net.ssl.SSLParameters; |
42 import javax.net.ssl.SNIMatcher; |
40 import javax.net.ssl.SNIMatcher; |
43 |
41 |
170 * which do not protect data confidentiality. Servers may also need |
168 * which do not protect data confidentiality. Servers may also need |
171 * certain kinds of certificates to use certain cipher suites. |
169 * certain kinds of certificates to use certain cipher suites. |
172 * |
170 * |
173 * @return an array of cipher suite names |
171 * @return an array of cipher suite names |
174 */ |
172 */ |
|
173 @Override |
175 public String[] getSupportedCipherSuites() { |
174 public String[] getSupportedCipherSuites() { |
176 return sslContext.getSupportedCipherSuiteList().toStringArray(); |
175 return sslContext.getSupportedCipherSuiteList().toStringArray(); |
177 } |
176 } |
178 |
177 |
179 /** |
178 /** |
180 * Returns the list of cipher suites which are currently enabled |
179 * Returns the list of cipher suites which are currently enabled |
181 * for use by newly accepted connections. A null return indicates |
180 * for use by newly accepted connections. A null return indicates |
182 * that the system defaults are in effect. |
181 * that the system defaults are in effect. |
183 */ |
182 */ |
|
183 @Override |
184 synchronized public String[] getEnabledCipherSuites() { |
184 synchronized public String[] getEnabledCipherSuites() { |
185 return enabledCipherSuites.toStringArray(); |
185 return enabledCipherSuites.toStringArray(); |
186 } |
186 } |
187 |
187 |
188 /** |
188 /** |
190 * by accepted connections. |
190 * by accepted connections. |
191 * |
191 * |
192 * @param suites Names of all the cipher suites to enable; null |
192 * @param suites Names of all the cipher suites to enable; null |
193 * means to accept system defaults. |
193 * means to accept system defaults. |
194 */ |
194 */ |
|
195 @Override |
195 synchronized public void setEnabledCipherSuites(String[] suites) { |
196 synchronized public void setEnabledCipherSuites(String[] suites) { |
196 enabledCipherSuites = new CipherSuiteList(suites); |
197 enabledCipherSuites = new CipherSuiteList(suites); |
197 checkedEnabled = false; |
198 checkedEnabled = false; |
198 } |
199 } |
199 |
200 |
|
201 @Override |
200 public String[] getSupportedProtocols() { |
202 public String[] getSupportedProtocols() { |
201 return sslContext.getSuportedProtocolList().toStringArray(); |
203 return sslContext.getSuportedProtocolList().toStringArray(); |
202 } |
204 } |
203 |
205 |
204 /** |
206 /** |
208 * |
210 * |
209 * @param protocols protocols to enable. |
211 * @param protocols protocols to enable. |
210 * @exception IllegalArgumentException when one of the protocols |
212 * @exception IllegalArgumentException when one of the protocols |
211 * named by the parameter is not supported. |
213 * named by the parameter is not supported. |
212 */ |
214 */ |
|
215 @Override |
213 synchronized public void setEnabledProtocols(String[] protocols) { |
216 synchronized public void setEnabledProtocols(String[] protocols) { |
214 enabledProtocols = new ProtocolList(protocols); |
217 enabledProtocols = new ProtocolList(protocols); |
215 } |
218 } |
216 |
219 |
|
220 @Override |
217 synchronized public String[] getEnabledProtocols() { |
221 synchronized public String[] getEnabledProtocols() { |
218 return enabledProtocols.toStringArray(); |
222 return enabledProtocols.toStringArray(); |
219 } |
223 } |
220 |
224 |
221 /** |
225 /** |
222 * Controls whether the connections which are accepted must include |
226 * Controls whether the connections which are accepted must include |
223 * client authentication. |
227 * client authentication. |
224 */ |
228 */ |
|
229 @Override |
225 public void setNeedClientAuth(boolean flag) { |
230 public void setNeedClientAuth(boolean flag) { |
226 doClientAuth = (flag ? |
231 doClientAuth = (flag ? |
227 SSLEngineImpl.clauth_required : SSLEngineImpl.clauth_none); |
232 SSLEngineImpl.clauth_required : SSLEngineImpl.clauth_none); |
228 } |
233 } |
229 |
234 |
|
235 @Override |
230 public boolean getNeedClientAuth() { |
236 public boolean getNeedClientAuth() { |
231 return (doClientAuth == SSLEngineImpl.clauth_required); |
237 return (doClientAuth == SSLEngineImpl.clauth_required); |
232 } |
238 } |
233 |
239 |
234 /** |
240 /** |
235 * Controls whether the connections which are accepted should request |
241 * Controls whether the connections which are accepted should request |
236 * client authentication. |
242 * client authentication. |
237 */ |
243 */ |
|
244 @Override |
238 public void setWantClientAuth(boolean flag) { |
245 public void setWantClientAuth(boolean flag) { |
239 doClientAuth = (flag ? |
246 doClientAuth = (flag ? |
240 SSLEngineImpl.clauth_requested : SSLEngineImpl.clauth_none); |
247 SSLEngineImpl.clauth_requested : SSLEngineImpl.clauth_none); |
241 } |
248 } |
242 |
249 |
|
250 @Override |
243 public boolean getWantClientAuth() { |
251 public boolean getWantClientAuth() { |
244 return (doClientAuth == SSLEngineImpl.clauth_requested); |
252 return (doClientAuth == SSLEngineImpl.clauth_requested); |
245 } |
253 } |
246 |
254 |
247 /** |
255 /** |
248 * Makes the returned sockets act in SSL "client" mode, not the usual |
256 * Makes the returned sockets act in SSL "client" mode, not the usual |
249 * server mode. The canonical example of why this is needed is for |
257 * server mode. The canonical example of why this is needed is for |
250 * FTP clients, which accept connections from servers and should be |
258 * FTP clients, which accept connections from servers and should be |
251 * rejoining the already-negotiated SSL connection. |
259 * rejoining the already-negotiated SSL connection. |
252 */ |
260 */ |
|
261 @Override |
253 public void setUseClientMode(boolean flag) { |
262 public void setUseClientMode(boolean flag) { |
254 /* |
263 /* |
255 * If we need to change the socket mode and the enabled |
264 * If we need to change the socket mode and the enabled |
256 * protocols haven't specifically been set by the user, |
265 * protocols haven't specifically been set by the user, |
257 * change them to the corresponding default ones. |
266 * change them to the corresponding default ones. |
262 } |
271 } |
263 |
272 |
264 useServerMode = !flag; |
273 useServerMode = !flag; |
265 } |
274 } |
266 |
275 |
|
276 @Override |
267 public boolean getUseClientMode() { |
277 public boolean getUseClientMode() { |
268 return !useServerMode; |
278 return !useServerMode; |
269 } |
279 } |
270 |
280 |
271 |
281 |
272 /** |
282 /** |
273 * Controls whether new connections may cause creation of new SSL |
283 * Controls whether new connections may cause creation of new SSL |
274 * sessions. |
284 * sessions. |
275 */ |
285 */ |
|
286 @Override |
276 public void setEnableSessionCreation(boolean flag) { |
287 public void setEnableSessionCreation(boolean flag) { |
277 enableSessionCreation = flag; |
288 enableSessionCreation = flag; |
278 } |
289 } |
279 |
290 |
280 /** |
291 /** |
281 * Returns true if new connections may cause creation of new SSL |
292 * Returns true if new connections may cause creation of new SSL |
282 * sessions. |
293 * sessions. |
283 */ |
294 */ |
|
295 @Override |
284 public boolean getEnableSessionCreation() { |
296 public boolean getEnableSessionCreation() { |
285 return enableSessionCreation; |
297 return enableSessionCreation; |
286 } |
298 } |
287 |
299 |
288 /** |
300 /** |
289 * Returns the SSLParameters in effect for newly accepted connections. |
301 * Returns the SSLParameters in effect for newly accepted connections. |
290 */ |
302 */ |
|
303 @Override |
291 synchronized public SSLParameters getSSLParameters() { |
304 synchronized public SSLParameters getSSLParameters() { |
292 SSLParameters params = super.getSSLParameters(); |
305 SSLParameters params = super.getSSLParameters(); |
293 |
306 |
294 // the super implementation does not handle the following parameters |
307 // the super implementation does not handle the following parameters |
295 params.setEndpointIdentificationAlgorithm(identificationProtocol); |
308 params.setEndpointIdentificationAlgorithm(identificationProtocol); |
317 /** |
331 /** |
318 * Accept a new SSL connection. This server identifies itself with |
332 * Accept a new SSL connection. This server identifies itself with |
319 * information provided in the authentication context which was |
333 * information provided in the authentication context which was |
320 * presented during construction. |
334 * presented during construction. |
321 */ |
335 */ |
|
336 @Override |
322 public Socket accept() throws IOException { |
337 public Socket accept() throws IOException { |
323 SSLSocketImpl s = new SSLSocketImpl(sslContext, useServerMode, |
338 SSLSocketImpl s = new SSLSocketImpl(sslContext, useServerMode, |
324 enabledCipherSuites, doClientAuth, enableSessionCreation, |
339 enabledCipherSuites, doClientAuth, enableSessionCreation, |
325 enabledProtocols, identificationProtocol, algorithmConstraints, |
340 enabledProtocols, identificationProtocol, algorithmConstraints, |
326 sniMatchers); |
341 sniMatchers); |