36 import java.security.cert.*;
37
38 import javax.security.auth.x500.X500Principal;
39
40 import sun.security.util.HostnameChecker;
41 import sun.security.util.DerValue;
42 import sun.security.x509.X500Name;
43
44 import sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection;
45
46 /**
47 * This class was introduced to provide an additional level of
48 * abstraction between javax.net.ssl.HttpURLConnection and
49 * com.sun.net.ssl.HttpURLConnection objects. <p>
50 *
51 * javax.net.ssl.HttpURLConnection is used in the new sun.net version
52 * of protocol implementation (this one)
53 * com.sun.net.ssl.HttpURLConnection is used in the com.sun version.
54 *
55 */
56 public class DelegateHttpsURLConnection extends AbstractDelegateHttpsURLConnection {
57
58 // we need a reference to the HttpsURLConnection to get
59 // the properties set there
60 // we also need it to be public so that it can be referenced
61 // from sun.net.www.protocol.http.HttpURLConnection
62 // this is for ResponseCache.put(URI, URLConnection)
63 // second parameter needs to be cast to javax.net.ssl.HttpsURLConnection
64 // instead of AbstractDelegateHttpsURLConnection
65 public com.sun.net.ssl.HttpsURLConnection httpsURLConnection;
66
67 DelegateHttpsURLConnection(URL url,
68 sun.net.www.protocol.http.Handler handler,
69 com.sun.net.ssl.HttpsURLConnection httpsURLConnection)
70 throws IOException {
71 this(url, null, handler, httpsURLConnection);
72 }
73
74 DelegateHttpsURLConnection(URL url, Proxy p,
75 sun.net.www.protocol.http.Handler handler,
76 com.sun.net.ssl.HttpsURLConnection httpsURLConnection)
77 throws IOException {
78 super(url, p, handler);
79 this.httpsURLConnection = httpsURLConnection;
80 }
81
82 protected javax.net.ssl.SSLSocketFactory getSSLSocketFactory() {
83 return httpsURLConnection.getSSLSocketFactory();
84 }
85
86 protected javax.net.ssl.HostnameVerifier getHostnameVerifier() {
87 // note: getHostnameVerifier() never returns null
88 return new VerifierWrapper(httpsURLConnection.getHostnameVerifier());
89 }
90
91 /*
92 * Called by layered delegator's finalize() method to handle closing
93 * the underlying object.
94 */
95 protected void dispose() throws Throwable {
96 super.finalize();
97 }
98 }
99
100 class VerifierWrapper implements javax.net.ssl.HostnameVerifier {
101
102 private com.sun.net.ssl.HostnameVerifier verifier;
103
104 VerifierWrapper(com.sun.net.ssl.HostnameVerifier verifier) {
105 this.verifier = verifier;
106 }
107
108 /*
109 * In com.sun.net.ssl.HostnameVerifier the method is defined
110 * as verify(String urlHostname, String certHostname).
111 * This means we need to extract the hostname from the X.509 certificate
112 * or from the Kerberos principal name, in this wrapper.
113 */
114 public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
115 try {
116 String serverName;
117 // Use ciphersuite to determine whether Kerberos is active.
118 if (session.getCipherSuite().startsWith("TLS_KRB5")) {
119 serverName =
120 HostnameChecker.getServerName(getPeerPrincipal(session));
121
122 } else { // X.509
123 Certificate[] serverChain = session.getPeerCertificates();
|
36 import java.security.cert.*;
37
38 import javax.security.auth.x500.X500Principal;
39
40 import sun.security.util.HostnameChecker;
41 import sun.security.util.DerValue;
42 import sun.security.x509.X500Name;
43
44 import sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection;
45
46 /**
47 * This class was introduced to provide an additional level of
48 * abstraction between javax.net.ssl.HttpURLConnection and
49 * com.sun.net.ssl.HttpURLConnection objects. <p>
50 *
51 * javax.net.ssl.HttpURLConnection is used in the new sun.net version
52 * of protocol implementation (this one)
53 * com.sun.net.ssl.HttpURLConnection is used in the com.sun version.
54 *
55 */
56 @SuppressWarnings("deprecation") // HttpsURLConnection is deprecated
57 public class DelegateHttpsURLConnection extends AbstractDelegateHttpsURLConnection {
58
59 // we need a reference to the HttpsURLConnection to get
60 // the properties set there
61 // we also need it to be public so that it can be referenced
62 // from sun.net.www.protocol.http.HttpURLConnection
63 // this is for ResponseCache.put(URI, URLConnection)
64 // second parameter needs to be cast to javax.net.ssl.HttpsURLConnection
65 // instead of AbstractDelegateHttpsURLConnection
66
67 public com.sun.net.ssl.HttpsURLConnection httpsURLConnection;
68
69 DelegateHttpsURLConnection(URL url,
70 sun.net.www.protocol.http.Handler handler,
71 com.sun.net.ssl.HttpsURLConnection httpsURLConnection)
72 throws IOException {
73 this(url, null, handler, httpsURLConnection);
74 }
75
76 DelegateHttpsURLConnection(URL url, Proxy p,
77 sun.net.www.protocol.http.Handler handler,
78 com.sun.net.ssl.HttpsURLConnection httpsURLConnection)
79 throws IOException {
80 super(url, p, handler);
81 this.httpsURLConnection = httpsURLConnection;
82 }
83
84 protected javax.net.ssl.SSLSocketFactory getSSLSocketFactory() {
85 return httpsURLConnection.getSSLSocketFactory();
86 }
87
88 protected javax.net.ssl.HostnameVerifier getHostnameVerifier() {
89 // note: getHostnameVerifier() never returns null
90 return new VerifierWrapper(httpsURLConnection.getHostnameVerifier());
91 }
92
93 /*
94 * Called by layered delegator's finalize() method to handle closing
95 * the underlying object.
96 */
97 protected void dispose() throws Throwable {
98 super.finalize();
99 }
100 }
101
102 class VerifierWrapper implements javax.net.ssl.HostnameVerifier {
103 @SuppressWarnings("deprecation")
104 private com.sun.net.ssl.HostnameVerifier verifier;
105
106 @SuppressWarnings("deprecation")
107 VerifierWrapper(com.sun.net.ssl.HostnameVerifier verifier) {
108 this.verifier = verifier;
109 }
110
111 /*
112 * In com.sun.net.ssl.HostnameVerifier the method is defined
113 * as verify(String urlHostname, String certHostname).
114 * This means we need to extract the hostname from the X.509 certificate
115 * or from the Kerberos principal name, in this wrapper.
116 */
117 public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
118 try {
119 String serverName;
120 // Use ciphersuite to determine whether Kerberos is active.
121 if (session.getCipherSuite().startsWith("TLS_KRB5")) {
122 serverName =
123 HostnameChecker.getServerName(getPeerPrincipal(session));
124
125 } else { // X.509
126 Certificate[] serverChain = session.getPeerCertificates();
|