--- a/jdk/src/share/classes/javax/net/ssl/SSLParameters.java Wed Oct 17 13:22:39 2012 -0700
+++ b/jdk/src/share/classes/javax/net/ssl/SSLParameters.java Thu Oct 18 01:14:00 2012 -0700
@@ -26,13 +26,23 @@
package javax.net.ssl;
import java.security.AlgorithmConstraints;
+import java.util.Map;
+import java.util.List;
+import java.util.HashSet;
+import java.util.HashMap;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.regex.Pattern;
/**
* Encapsulates parameters for an SSL/TLS connection. The parameters
* are the list of ciphersuites to be accepted in an SSL/TLS handshake,
* the list of protocols to be allowed, the endpoint identification
- * algorithm during SSL/TLS handshaking, the algorithm constraints and
- * whether SSL/TLS servers should request or require client authentication.
+ * algorithm during SSL/TLS handshaking, the Server Name Indication (SNI),
+ * the algorithm constraints and whether SSL/TLS servers should request
+ * or require client authentication.
* <p>
* SSLParameters can be created via the constructors in this class.
* Objects can also be obtained using the <code>getSSLParameters()</code>
@@ -47,7 +57,7 @@
* SSLParameters can be applied to a connection via the methods
* {@link SSLSocket#setSSLParameters SSLSocket.setSSLParameters()} and
* {@link SSLServerSocket#setSSLParameters SSLServerSocket.setSSLParameters()}
- * and {@link SSLEngine#setSSLParameters SSLEngine.getSSLParameters()}.
+ * and {@link SSLEngine#setSSLParameters SSLEngine.setSSLParameters()}.
*
* @see SSLSocket
* @see SSLEngine
@@ -63,11 +73,15 @@
private boolean needClientAuth;
private String identificationAlgorithm;
private AlgorithmConstraints algorithmConstraints;
+ private Map<Integer, SNIServerName> sniNames = null;
+ private Map<Integer, SNIMatcher> sniMatchers = null;
/**
* Constructs SSLParameters.
* <p>
- * The cipherSuites and protocols values are set to <code>null</code>,
+ * The values of cipherSuites, protocols, cryptographic algorithm
+ * constraints, endpoint identification algorithm, server names and
+ * server name matchers are set to <code>null</code>,
* wantClientAuth and needClientAuth are set to <code>false</code>.
*/
public SSLParameters() {
@@ -254,4 +268,173 @@
this.identificationAlgorithm = algorithm;
}
+ /**
+ * Sets the desired {@link SNIServerName}s of the Server Name
+ * Indication (SNI) parameter.
+ * <P>
+ * This method is only useful to {@link SSLSocket}s or {@link SSLEngine}s
+ * operating in client mode.
+ * <P>
+ * Note that the {@code serverNames} list is cloned
+ * to protect against subsequent modification.
+ *
+ * @param serverNames
+ * the list of desired {@link SNIServerName}s (or null)
+ *
+ * @throws NullPointerException if the {@code serverNames}
+ * contains {@code null} element
+ * @throws IllegalArgumentException if the {@code serverNames}
+ * contains more than one name of the same name type
+ *
+ * @see SNIServerName
+ * @see #getServerNames()
+ *
+ * @since 1.8
+ */
+ public void setServerNames(List<SNIServerName> serverNames) {
+ if (serverNames != null) {
+ if (!serverNames.isEmpty()) {
+ sniNames = new LinkedHashMap<>(serverNames.size());
+ for (SNIServerName serverName : serverNames) {
+ if (sniNames.put(serverName.getType(),
+ serverName) != null) {
+ throw new IllegalArgumentException(
+ "Duplicated server name of type " +
+ serverName.getType());
+ }
+ }
+ } else {
+ sniNames = Collections.<Integer, SNIServerName>emptyMap();
+ }
+ } else {
+ sniNames = null;
+ }
+ }
+
+ /**
+ * Returns a {@link List} containing all {@link SNIServerName}s of the
+ * Server Name Indication (SNI) parameter, or null if none has been set.
+ * <P>
+ * This method is only useful to {@link SSLSocket}s or {@link SSLEngine}s
+ * operating in client mode.
+ * <P>
+ * For SSL/TLS connections, the underlying SSL/TLS provider
+ * may specify a default value for a certain server name type. In
+ * client mode, it is recommended that, by default, providers should
+ * include the server name indication whenever the server can be located
+ * by a supported server name type.
+ * <P>
+ * It is recommended that providers initialize default Server Name
+ * Indications when creating {@code SSLSocket}/{@code SSLEngine}s.
+ * In the following examples, the server name could be represented by an
+ * instance of {@link SNIHostName} which has been initialized with the
+ * hostname "www.example.com" and type
+ * {@link StandardConstants#SNI_HOST_NAME}.
+ *
+ * <pre>
+ * Socket socket =
+ * sslSocketFactory.createSocket("www.example.com", 443);
+ * </pre>
+ * or
+ * <pre>
+ * SSLEngine engine =
+ * sslContext.createSSLEngine("www.example.com", 443);
+ * </pre>
+ * <P>
+ *
+ * @return null or an immutable list of non-null {@link SNIServerName}s
+ *
+ * @see List
+ * @see #setServerNames(List<SNIServerName>)
+ *
+ * @since 1.8
+ */
+ public List<SNIServerName> getServerNames() {
+ if (sniNames != null) {
+ if (!sniNames.isEmpty()) {
+ return Collections.<SNIServerName>unmodifiableList(
+ new ArrayList<>(sniNames.values()));
+ } else {
+ return Collections.<SNIServerName>emptyList();
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Sets the {@link SNIMatcher}s of the Server Name Indication (SNI)
+ * parameter.
+ * <P>
+ * This method is only useful to {@link SSLSocket}s or {@link SSLEngine}s
+ * operating in server mode.
+ * <P>
+ * Note that the {@code matchers} collection is cloned to protect
+ * against subsequent modification.
+ *
+ * @param matchers
+ * the collection of {@link SNIMatcher}s (or null)
+ *
+ * @throws NullPointerException if the {@code matchers}
+ * contains {@code null} element
+ * @throws IllegalArgumentException if the {@code matchers}
+ * contains more than one name of the same name type
+ *
+ * @see Collection
+ * @see SNIMatcher
+ * @see #getSNIMatchers()
+ *
+ * @since 1.8
+ */
+ public void setSNIMatchers(Collection<SNIMatcher> matchers) {
+ if (matchers != null) {
+ if (!matchers.isEmpty()) {
+ sniMatchers = new HashMap<>(matchers.size());
+ for (SNIMatcher matcher : matchers) {
+ if (sniMatchers.put(matcher.getType(),
+ matcher) != null) {
+ throw new IllegalArgumentException(
+ "Duplicated server name of type " +
+ matcher.getType());
+ }
+ }
+ } else {
+ sniMatchers = Collections.<Integer, SNIMatcher>emptyMap();
+ }
+ } else {
+ sniMatchers = null;
+ }
+ }
+
+ /**
+ * Returns a {@link Collection} containing all {@link SNIMatcher}s of the
+ * Server Name Indication (SNI) parameter, or null if none has been set.
+ * <P>
+ * This method is only useful to {@link SSLSocket}s or {@link SSLEngine}s
+ * operating in server mode.
+ * <P>
+ * For better interoperability, providers generally will not define
+ * default matchers so that by default servers will ignore the SNI
+ * extension and continue the handshake.
+ *
+ * @return null or an immutable collection of non-null {@link SNIMatcher}s
+ *
+ * @see SNIMatcher
+ * @see #setSNIMatchers(Collection<SNIMatcher>)
+ *
+ * @since 1.8
+ */
+ public Collection<SNIMatcher> getSNIMatchers() {
+ if (sniMatchers != null) {
+ if (!sniMatchers.isEmpty()) {
+ return Collections.<SNIMatcher>unmodifiableList(
+ new ArrayList<>(sniMatchers.values()));
+ } else {
+ return Collections.<SNIMatcher>emptyList();
+ }
+ }
+
+ return null;
+ }
}
+