jdk-sandbox: comparison jdk/src/share/classes/javax/net/ssl/SSLParameters.java

equal deleted inserted replaced

-:cd6a440ddfcb
+:971f46db533d
 */
 package javax.net.ssl;
 import java.security.AlgorithmConstraints;
+import java.util.Map;
+import java.util.List;
+import java.util.HashSet;
+import java.util.HashMap;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.regex.Pattern;
 /**
 * Encapsulates parameters for an SSL/TLS connection. The parameters
 * are the list of ciphersuites to be accepted in an SSL/TLS handshake,
 * the list of protocols to be allowed, the endpoint identification
-* algorithm during SSL/TLS handshaking, the algorithm constraints and
+* algorithm during SSL/TLS handshaking, the Server Name Indication (SNI),
-* whether SSL/TLS servers should request or require client authentication.
+* the algorithm constraints and whether SSL/TLS servers should request
+* or require client authentication.
 * <p>
 * SSLParameters can be created via the constructors in this class.
 * Objects can also be obtained using the <code>getSSLParameters()</code>
 * methods in
 * {@link SSLSocket#getSSLParameters SSLSocket} and
 * methods in <code>SSLContext</code>.
 * <p>
 * SSLParameters can be applied to a connection via the methods
 * {@link SSLSocket#setSSLParameters SSLSocket.setSSLParameters()} and
 * {@link SSLServerSocket#setSSLParameters SSLServerSocket.setSSLParameters()}
-* and {@link SSLEngine#setSSLParameters SSLEngine.getSSLParameters()}.
+* and {@link SSLEngine#setSSLParameters SSLEngine.setSSLParameters()}.
 *
 * @see SSLSocket
 * @see SSLEngine
 * @see SSLContext
 *
 private String[] protocols;
 private boolean wantClientAuth;
 private boolean needClientAuth;
 private String identificationAlgorithm;
 private AlgorithmConstraints algorithmConstraints;
+private Map<Integer, SNIServerName> sniNames = null;
+private Map<Integer, SNIMatcher> sniMatchers = null;
 /**
 * Constructs SSLParameters.
 * <p>
-* The cipherSuites and protocols values are set to <code>null</code>,
+* The values of cipherSuites, protocols, cryptographic algorithm
+* constraints, endpoint identification algorithm, server names and
+* server name matchers are set to <code>null</code>,
 * wantClientAuth and needClientAuth are set to <code>false</code>.
 */
 public SSLParameters() {
 // empty
 }
 */
 public void setEndpointIdentificationAlgorithm(String algorithm) {
 this.identificationAlgorithm = algorithm;
 }
+/**
+* Sets the desired {@link SNIServerName}s of the Server Name
+* Indication (SNI) parameter.
+* <P>
+* This method is only useful to {@link SSLSocket}s or {@link SSLEngine}s
+* operating in client mode.
+* <P>
+* Note that the {@code serverNames} list is cloned
+* to protect against subsequent modification.
+*
+* @param  serverNames
+*         the list of desired {@link SNIServerName}s (or null)
+*
+* @throws NullPointerException if the {@code serverNames}
+*         contains {@code null} element
+* @throws IllegalArgumentException if the {@code serverNames}
+*         contains more than one name of the same name type
+*
+* @see SNIServerName
+* @see #getServerNames()
+*
+* @since 1.8
+*/
+public void setServerNames(List<SNIServerName> serverNames) {
+if (serverNames != null) {
+if (!serverNames.isEmpty()) {
+sniNames = new LinkedHashMap<>(serverNames.size());
+for (SNIServerName serverName : serverNames) {
+if (sniNames.put(serverName.getType(),
+serverName) != null) {
+throw new IllegalArgumentException(
+"Duplicated server name of type " +
+serverName.getType());
+}
+}
+} else {
+sniNames = Collections.<Integer, SNIServerName>emptyMap();
+}
+} else {
+sniNames = null;
+}
+}
+/**
+* Returns a {@link List} containing all {@link SNIServerName}s of the
+* Server Name Indication (SNI) parameter, or null if none has been set.
+* <P>
+* This method is only useful to {@link SSLSocket}s or {@link SSLEngine}s
+* operating in client mode.
+* <P>
+* For SSL/TLS connections, the underlying SSL/TLS provider
+* may specify a default value for a certain server name type.  In
+* client mode, it is recommended that, by default, providers should
+* include the server name indication whenever the server can be located
+* by a supported server name type.
+* <P>
+* It is recommended that providers initialize default Server Name
+* Indications when creating {@code SSLSocket}/{@code SSLEngine}s.
+* In the following examples, the server name could be represented by an
+* instance of {@link SNIHostName} which has been initialized with the
+* hostname "www.example.com" and type
+* {@link StandardConstants#SNI_HOST_NAME}.
+*
+* <pre>
+*     Socket socket =
+*         sslSocketFactory.createSocket("www.example.com", 443);
+* </pre>
+* or
+* <pre>
+*     SSLEngine engine =
+*         sslContext.createSSLEngine("www.example.com", 443);
+* </pre>
+* <P>
+*
+* @return null or an immutable list of non-null {@link SNIServerName}s
+*
+* @see List
+* @see #setServerNames(List<SNIServerName>)
+*
+* @since 1.8
+*/
+public List<SNIServerName> getServerNames() {
+if (sniNames != null) {
+if (!sniNames.isEmpty()) {
+return Collections.<SNIServerName>unmodifiableList(
+new ArrayList<>(sniNames.values()));
+} else {
+return Collections.<SNIServerName>emptyList();
+}
+}
+return null;
+}
+/**
+* Sets the {@link SNIMatcher}s of the Server Name Indication (SNI)
+* parameter.
+* <P>
+* This method is only useful to {@link SSLSocket}s or {@link SSLEngine}s
+* operating in server mode.
+* <P>
+* Note that the {@code matchers} collection is cloned to protect
+* against subsequent modification.
+*
+* @param  matchers
+*         the collection of {@link SNIMatcher}s (or null)
+*
+* @throws NullPointerException if the {@code matchers}
+*         contains {@code null} element
+* @throws IllegalArgumentException if the {@code matchers}
+*         contains more than one name of the same name type
+*
+* @see Collection
+* @see SNIMatcher
+* @see #getSNIMatchers()
+*
+* @since 1.8
+*/
+public void setSNIMatchers(Collection<SNIMatcher> matchers) {
+if (matchers != null) {
+if (!matchers.isEmpty()) {
+sniMatchers = new HashMap<>(matchers.size());
+for (SNIMatcher matcher : matchers) {
+if (sniMatchers.put(matcher.getType(),
+matcher) != null) {
+throw new IllegalArgumentException(
+"Duplicated server name of type " +
+matcher.getType());
+}
+}
+} else {
+sniMatchers = Collections.<Integer, SNIMatcher>emptyMap();
+}
+} else {
+sniMatchers = null;
+}
+}
+/**
+* Returns a {@link Collection} containing all {@link SNIMatcher}s of the
+* Server Name Indication (SNI) parameter, or null if none has been set.
+* <P>
+* This method is only useful to {@link SSLSocket}s or {@link SSLEngine}s
+* operating in server mode.
+* <P>
+* For better interoperability, providers generally will not define
+* default matchers so that by default servers will ignore the SNI
+* extension and continue the handshake.
+*
+* @return null or an immutable collection of non-null {@link SNIMatcher}s
+*
+* @see SNIMatcher
+* @see #setSNIMatchers(Collection<SNIMatcher>)
+*
+* @since 1.8
+*/
+public Collection<SNIMatcher> getSNIMatchers() {
+if (sniMatchers != null) {
+if (!sniMatchers.isEmpty()) {
+return Collections.<SNIMatcher>unmodifiableList(
+new ArrayList<>(sniMatchers.values()));
+} else {
+return Collections.<SNIMatcher>emptyList();
+}
+}
+return null;
+}
 }

changeset 14194	971f46db533d
parent 11838	90e9e05727dc
child 14196	1ebcd181a423