diff -r 56e990297bc5 -r 5e2d1edeb2c7 jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java --- a/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Mon Nov 01 10:59:03 2010 -0700 +++ b/jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Mon Nov 01 22:02:35 2010 -0700 @@ -32,6 +32,7 @@ import java.security.AccessController; import java.security.AccessControlContext; import java.security.PrivilegedAction; +import java.security.AlgorithmConstraints; import java.util.*; import java.util.concurrent.TimeUnit; import java.util.concurrent.locks.ReentrantLock; @@ -199,12 +200,22 @@ private boolean autoClose = true; private AccessControlContext acc; + /* + * We cannot use the hostname resolved from name services. For + * virtual hosting, multiple hostnames may be bound to the same IP + * address, so the hostname resolved from name services is not + * reliable. + */ + private String rawHostname; + // The cipher suites enabled for use on this connection. private CipherSuiteList enabledCipherSuites; - // hostname identification algorithm, the hostname identification is - // disabled by default. - private String identificationAlg = null; + // The endpoint identification protocol + private String identificationProtocol = null; + + // The cryptographic algorithm constraints + private AlgorithmConstraints algorithmConstraints = null; /* * READ ME * READ ME * READ ME * READ ME * READ ME * READ ME * @@ -314,8 +325,9 @@ * is associated with a session at the same time. (TLS/IETF may * change that to add client authentication w/o new key exchg.) */ - private SSLSessionImpl sess; - private Handshaker handshaker; + private Handshaker handshaker; + private SSLSessionImpl sess; + private volatile SSLSessionImpl handshakeSession; /* @@ -376,6 +388,7 @@ throws IOException, UnknownHostException { super(); this.host = host; + this.rawHostname = host; init(context, false); SocketAddress socketAddress = host != null ? new InetSocketAddress(host, port) : @@ -418,6 +431,7 @@ throws IOException, UnknownHostException { super(); this.host = host; + this.rawHostname = host; init(context, false); bind(new InetSocketAddress(localAddr, localPort)); SocketAddress socketAddress = @@ -457,11 +471,15 @@ */ SSLSocketImpl(SSLContextImpl context, boolean serverMode, CipherSuiteList suites, byte clientAuth, - boolean sessionCreation, ProtocolList protocols) - throws IOException { + boolean sessionCreation, ProtocolList protocols, + String identificationProtocol, + AlgorithmConstraints algorithmConstraints) throws IOException { + super(); doClientAuth = clientAuth; enableSessionCreation = sessionCreation; + this.identificationProtocol = identificationProtocol; + this.algorithmConstraints = algorithmConstraints; init(context, serverMode); /* @@ -508,6 +526,7 @@ throw new SocketException("Underlying socket is not connected"); } this.host = host; + this.rawHostname = host; init(context, false); this.autoClose = autoClose; doneConnect(); @@ -519,6 +538,7 @@ private void init(SSLContextImpl context, boolean isServer) { sslContext = context; sess = SSLSessionImpl.nullSession; + handshakeSession = null; /* * role is as specified, state is START until after @@ -957,6 +977,7 @@ serverVerifyData = handshaker.getServerVerifyData(); sess = handshaker.getSession(); + handshakeSession = null; handshaker = null; connectionState = cs_DATA; @@ -1732,6 +1753,9 @@ input.r.close(); } sess.invalidate(); + if (handshakeSession != null) { + handshakeSession.invalidate(); + } int oldState = connectionState; connectionState = cs_ERROR; @@ -1972,9 +1996,14 @@ return host; } + synchronized String getRawHostname() { + return rawHostname; + } + // ONLY used by HttpsClient to setup the URI specified hostname synchronized public void setHost(String host) { this.host = host; + this.rawHostname = host; } /** @@ -2045,6 +2074,15 @@ } } + @Override + synchronized public SSLSession getHandshakeSession() { + return handshakeSession; + } + + synchronized void setHandshakeSession(SSLSessionImpl session) { + handshakeSession = session; + } + /** * Controls whether new connections may cause creation of new SSL * sessions. @@ -2230,7 +2268,7 @@ /** * Returns the protocols that are supported by this implementation. * A subset of the supported protocols may be enabled for this connection - * @ returns an array of protocol names. + * @return an array of protocol names. */ public String[] getSupportedProtocols() { return ProtocolList.getSupported().toStringArray(); @@ -2306,28 +2344,31 @@ } /** - * Try to configure the endpoint identification algorithm of the socket. - * - * @param identificationAlgorithm the algorithm used to check the - * endpoint identity. - * @return true if the identification algorithm configuration success. + * Returns the SSLParameters in effect for this SSLSocket. */ - synchronized public boolean trySetHostnameVerification( - String identificationAlgorithm) { - if (sslContext.getX509TrustManager() instanceof - X509ExtendedTrustManager) { - this.identificationAlg = identificationAlgorithm; - return true; - } else { - return false; - } + synchronized public SSLParameters getSSLParameters() { + SSLParameters params = super.getSSLParameters(); + + // the super implementation does not handle the following parameters + params.setEndpointIdentificationAlgorithm(identificationProtocol); + params.setAlgorithmConstraints(algorithmConstraints); + + return params; } /** - * Returns the endpoint identification algorithm of the socket. + * Applies SSLParameters to this socket. */ - synchronized public String getHostnameVerification() { - return identificationAlg; + synchronized public void setSSLParameters(SSLParameters params) { + super.setSSLParameters(params); + + // the super implementation does not handle the following parameters + identificationProtocol = params.getEndpointIdentificationAlgorithm(); + algorithmConstraints = params.getAlgorithmConstraints(); + if ((handshaker != null) && !handshaker.started()) { + handshaker.setIdentificationProtocol(identificationProtocol); + handshaker.setAlgorithmConstraints(algorithmConstraints); + } } //