< prev index next >

src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java

Print this page 







  30 import java.io.InputStream;
  31 import java.io.InterruptedIOException;
  32 import java.io.OutputStream;
  33 import java.net.InetAddress;
  34 import java.net.InetSocketAddress;
  35 import java.net.Socket;
  36 import java.net.SocketAddress;
  37 import java.net.SocketException;
  38 import java.net.UnknownHostException;
  39 import java.nio.ByteBuffer;
  40 import java.util.List;
  41 import java.util.function.BiFunction;
  42 import javax.net.ssl.HandshakeCompletedListener;
  43 import javax.net.ssl.SSLException;
  44 import javax.net.ssl.SSLHandshakeException;
  45 import javax.net.ssl.SSLParameters;
  46 import javax.net.ssl.SSLProtocolException;
  47 import javax.net.ssl.SSLServerSocket;
  48 import javax.net.ssl.SSLSession;
  49 import javax.net.ssl.SSLSocket;
  50 import jdk.internal.misc.JavaNetInetAddressAccess;
  51 import jdk.internal.misc.SharedSecrets;
  52 
  53 /**
  54  * Implementation of an SSL socket.
  55  * <P>
  56  * This is a normal connection type socket, implementing SSL over some lower
  57  * level socket, such as TCP.  Because it is layered over some lower level
  58  * socket, it MUST override all default socket methods.
  59  * <P>
  60  * This API offers a non-traditional option for establishing SSL
  61  * connections.  You may first establish the connection directly, then pass
  62  * that connection to the SSL socket constructor with a flag saying which
  63  * role should be taken in the handshake protocol.  (The two ends of the
  64  * connection must not choose the same role!)  This allows setup of SSL
  65  * proxying or tunneling, and also allows the kind of "role reversal"
  66  * that is required for most FTP data transfers.
  67  *
  68  * @see javax.net.ssl.SSLSocket
  69  * @see SSLServerSocket
  70  *
  71  * @author David Brownell


1212                     Utilities.addToSNIServerNameList(
1213                             conContext.sslConfig.serverNames, peerHost);
1214         }
1215 
1216         InputStream sockInput = super.getInputStream();
1217         conContext.inputRecord.setReceiverStream(sockInput);
1218 
1219         OutputStream sockOutput = super.getOutputStream();
1220         conContext.inputRecord.setDeliverStream(sockOutput);
1221         conContext.outputRecord.setDeliverStream(sockOutput);
1222 
1223         this.isConnected = true;
1224     }
1225 
1226     private void useImplicitHost(boolean useNameService) {
1227         // Note: If the local name service is not trustworthy, reverse
1228         // host name resolution should not be performed for endpoint
1229         // identification.  Use the application original specified
1230         // hostname or IP address instead.
1231 
1232         // Get the original hostname via jdk.internal.misc.SharedSecrets
1233         InetAddress inetAddress = getInetAddress();
1234         if (inetAddress == null) {      // not connected
1235             return;
1236         }
1237 
1238         JavaNetInetAddressAccess jna =
1239                 SharedSecrets.getJavaNetInetAddressAccess();
1240         String originalHostname = jna.getOriginalHostName(inetAddress);
1241         if ((originalHostname != null) &&
1242                 (originalHostname.length() != 0)) {
1243 
1244             this.peerHost = originalHostname;
1245             if (conContext.sslConfig.serverNames.isEmpty() &&
1246                     !conContext.sslConfig.noSniExtension) {
1247                 conContext.sslConfig.serverNames =
1248                         Utilities.addToSNIServerNameList(
1249                                 conContext.sslConfig.serverNames, peerHost);
1250             }
1251 
1252             return;






  30 import java.io.InputStream;
  31 import java.io.InterruptedIOException;
  32 import java.io.OutputStream;
  33 import java.net.InetAddress;
  34 import java.net.InetSocketAddress;
  35 import java.net.Socket;
  36 import java.net.SocketAddress;
  37 import java.net.SocketException;
  38 import java.net.UnknownHostException;
  39 import java.nio.ByteBuffer;
  40 import java.util.List;
  41 import java.util.function.BiFunction;
  42 import javax.net.ssl.HandshakeCompletedListener;
  43 import javax.net.ssl.SSLException;
  44 import javax.net.ssl.SSLHandshakeException;
  45 import javax.net.ssl.SSLParameters;
  46 import javax.net.ssl.SSLProtocolException;
  47 import javax.net.ssl.SSLServerSocket;
  48 import javax.net.ssl.SSLSession;
  49 import javax.net.ssl.SSLSocket;
  50 import jdk.internal.access.JavaNetInetAddressAccess;
  51 import jdk.internal.access.SharedSecrets;
  52 
  53 /**
  54  * Implementation of an SSL socket.
  55  * <P>
  56  * This is a normal connection type socket, implementing SSL over some lower
  57  * level socket, such as TCP.  Because it is layered over some lower level
  58  * socket, it MUST override all default socket methods.
  59  * <P>
  60  * This API offers a non-traditional option for establishing SSL
  61  * connections.  You may first establish the connection directly, then pass
  62  * that connection to the SSL socket constructor with a flag saying which
  63  * role should be taken in the handshake protocol.  (The two ends of the
  64  * connection must not choose the same role!)  This allows setup of SSL
  65  * proxying or tunneling, and also allows the kind of "role reversal"
  66  * that is required for most FTP data transfers.
  67  *
  68  * @see javax.net.ssl.SSLSocket
  69  * @see SSLServerSocket
  70  *
  71  * @author David Brownell


1212                     Utilities.addToSNIServerNameList(
1213                             conContext.sslConfig.serverNames, peerHost);
1214         }
1215 
1216         InputStream sockInput = super.getInputStream();
1217         conContext.inputRecord.setReceiverStream(sockInput);
1218 
1219         OutputStream sockOutput = super.getOutputStream();
1220         conContext.inputRecord.setDeliverStream(sockOutput);
1221         conContext.outputRecord.setDeliverStream(sockOutput);
1222 
1223         this.isConnected = true;
1224     }
1225 
1226     private void useImplicitHost(boolean useNameService) {
1227         // Note: If the local name service is not trustworthy, reverse
1228         // host name resolution should not be performed for endpoint
1229         // identification.  Use the application original specified
1230         // hostname or IP address instead.
1231 
1232         // Get the original hostname via jdk.internal.access.SharedSecrets
1233         InetAddress inetAddress = getInetAddress();
1234         if (inetAddress == null) {      // not connected
1235             return;
1236         }
1237 
1238         JavaNetInetAddressAccess jna =
1239                 SharedSecrets.getJavaNetInetAddressAccess();
1240         String originalHostname = jna.getOriginalHostName(inetAddress);
1241         if ((originalHostname != null) &&
1242                 (originalHostname.length() != 0)) {
1243 
1244             this.peerHost = originalHostname;
1245             if (conContext.sslConfig.serverNames.isEmpty() &&
1246                     !conContext.sslConfig.noSniExtension) {
1247                 conContext.sslConfig.serverNames =
1248                         Utilities.addToSNIServerNameList(
1249                                 conContext.sslConfig.serverNames, peerHost);
1250             }
1251 
1252             return;







< prev index next >