30 import java.io.InputStream;
31 import java.io.InterruptedIOException;
32 import java.io.OutputStream;
33 import java.net.InetAddress;
34 import java.net.InetSocketAddress;
35 import java.net.Socket;
36 import java.net.SocketAddress;
37 import java.net.SocketException;
38 import java.net.UnknownHostException;
39 import java.nio.ByteBuffer;
40 import java.util.List;
41 import java.util.function.BiFunction;
42 import javax.net.ssl.HandshakeCompletedListener;
43 import javax.net.ssl.SSLException;
44 import javax.net.ssl.SSLHandshakeException;
45 import javax.net.ssl.SSLParameters;
46 import javax.net.ssl.SSLProtocolException;
47 import javax.net.ssl.SSLServerSocket;
48 import javax.net.ssl.SSLSession;
49 import javax.net.ssl.SSLSocket;
50 import jdk.internal.misc.JavaNetInetAddressAccess;
51 import jdk.internal.misc.SharedSecrets;
52
53 /**
54 * Implementation of an SSL socket.
55 * <P>
56 * This is a normal connection type socket, implementing SSL over some lower
57 * level socket, such as TCP. Because it is layered over some lower level
58 * socket, it MUST override all default socket methods.
59 * <P>
60 * This API offers a non-traditional option for establishing SSL
61 * connections. You may first establish the connection directly, then pass
62 * that connection to the SSL socket constructor with a flag saying which
63 * role should be taken in the handshake protocol. (The two ends of the
64 * connection must not choose the same role!) This allows setup of SSL
65 * proxying or tunneling, and also allows the kind of "role reversal"
66 * that is required for most FTP data transfers.
67 *
68 * @see javax.net.ssl.SSLSocket
69 * @see SSLServerSocket
70 *
71 * @author David Brownell
1213 Utilities.addToSNIServerNameList(
1214 conContext.sslConfig.serverNames, peerHost);
1215 }
1216
1217 InputStream sockInput = super.getInputStream();
1218 conContext.inputRecord.setReceiverStream(sockInput);
1219
1220 OutputStream sockOutput = super.getOutputStream();
1221 conContext.inputRecord.setDeliverStream(sockOutput);
1222 conContext.outputRecord.setDeliverStream(sockOutput);
1223
1224 this.isConnected = true;
1225 }
1226
1227 private void useImplicitHost(boolean useNameService) {
1228 // Note: If the local name service is not trustworthy, reverse
1229 // host name resolution should not be performed for endpoint
1230 // identification. Use the application original specified
1231 // hostname or IP address instead.
1232
1233 // Get the original hostname via jdk.internal.misc.SharedSecrets
1234 InetAddress inetAddress = getInetAddress();
1235 if (inetAddress == null) { // not connected
1236 return;
1237 }
1238
1239 JavaNetInetAddressAccess jna =
1240 SharedSecrets.getJavaNetInetAddressAccess();
1241 String originalHostname = jna.getOriginalHostName(inetAddress);
1242 if (originalHostname != null && !originalHostname.isEmpty()) {
1243
1244 this.peerHost = originalHostname;
1245 if (conContext.sslConfig.serverNames.isEmpty() &&
1246 !conContext.sslConfig.noSniExtension) {
1247 conContext.sslConfig.serverNames =
1248 Utilities.addToSNIServerNameList(
1249 conContext.sslConfig.serverNames, peerHost);
1250 }
1251
1252 return;
1253 }
|
30 import java.io.InputStream;
31 import java.io.InterruptedIOException;
32 import java.io.OutputStream;
33 import java.net.InetAddress;
34 import java.net.InetSocketAddress;
35 import java.net.Socket;
36 import java.net.SocketAddress;
37 import java.net.SocketException;
38 import java.net.UnknownHostException;
39 import java.nio.ByteBuffer;
40 import java.util.List;
41 import java.util.function.BiFunction;
42 import javax.net.ssl.HandshakeCompletedListener;
43 import javax.net.ssl.SSLException;
44 import javax.net.ssl.SSLHandshakeException;
45 import javax.net.ssl.SSLParameters;
46 import javax.net.ssl.SSLProtocolException;
47 import javax.net.ssl.SSLServerSocket;
48 import javax.net.ssl.SSLSession;
49 import javax.net.ssl.SSLSocket;
50 import jdk.internal.access.JavaNetInetAddressAccess;
51 import jdk.internal.access.SharedSecrets;
52
53 /**
54 * Implementation of an SSL socket.
55 * <P>
56 * This is a normal connection type socket, implementing SSL over some lower
57 * level socket, such as TCP. Because it is layered over some lower level
58 * socket, it MUST override all default socket methods.
59 * <P>
60 * This API offers a non-traditional option for establishing SSL
61 * connections. You may first establish the connection directly, then pass
62 * that connection to the SSL socket constructor with a flag saying which
63 * role should be taken in the handshake protocol. (The two ends of the
64 * connection must not choose the same role!) This allows setup of SSL
65 * proxying or tunneling, and also allows the kind of "role reversal"
66 * that is required for most FTP data transfers.
67 *
68 * @see javax.net.ssl.SSLSocket
69 * @see SSLServerSocket
70 *
71 * @author David Brownell
1213 Utilities.addToSNIServerNameList(
1214 conContext.sslConfig.serverNames, peerHost);
1215 }
1216
1217 InputStream sockInput = super.getInputStream();
1218 conContext.inputRecord.setReceiverStream(sockInput);
1219
1220 OutputStream sockOutput = super.getOutputStream();
1221 conContext.inputRecord.setDeliverStream(sockOutput);
1222 conContext.outputRecord.setDeliverStream(sockOutput);
1223
1224 this.isConnected = true;
1225 }
1226
1227 private void useImplicitHost(boolean useNameService) {
1228 // Note: If the local name service is not trustworthy, reverse
1229 // host name resolution should not be performed for endpoint
1230 // identification. Use the application original specified
1231 // hostname or IP address instead.
1232
1233 // Get the original hostname via jdk.internal.access.SharedSecrets
1234 InetAddress inetAddress = getInetAddress();
1235 if (inetAddress == null) { // not connected
1236 return;
1237 }
1238
1239 JavaNetInetAddressAccess jna =
1240 SharedSecrets.getJavaNetInetAddressAccess();
1241 String originalHostname = jna.getOriginalHostName(inetAddress);
1242 if (originalHostname != null && !originalHostname.isEmpty()) {
1243
1244 this.peerHost = originalHostname;
1245 if (conContext.sslConfig.serverNames.isEmpty() &&
1246 !conContext.sslConfig.noSniExtension) {
1247 conContext.sslConfig.serverNames =
1248 Utilities.addToSNIServerNameList(
1249 conContext.sslConfig.serverNames, peerHost);
1250 }
1251
1252 return;
1253 }
|