1186 // connection is not duplex-open.
1187 if ((conContext.handshakeContext == null) &&
1188 !conContext.isOutboundClosed() &&
1189 !conContext.isInboundClosed() &&
1190 !conContext.isBroken) {
1191 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
1192 SSLLogger.finest("trigger key update");
1193 }
1194 startHandshake();
1195 }
1196 }
1197
1198 /**
1199 * Initialize the handshaker and socket streams.
1200 *
1201 * Called by connect, the layered constructor, and SSLServerSocket.
1202 */
1203 synchronized void doneConnect() throws IOException {
1204 // In server mode, it is not necessary to set host and serverNames.
1205 // Otherwise, would require a reverse DNS lookup to get the hostname.
1206 if ((peerHost == null) || (peerHost.length() == 0)) {
1207 boolean useNameService =
1208 trustNameService && conContext.sslConfig.isClientMode;
1209 useImplicitHost(useNameService);
1210 } else {
1211 conContext.sslConfig.serverNames =
1212 Utilities.addToSNIServerNameList(
1213 conContext.sslConfig.serverNames, peerHost);
1214 }
1215
1216 InputStream sockInput = super.getInputStream();
1217 conContext.inputRecord.setReceiverStream(sockInput);
1218
1219 OutputStream sockOutput = super.getOutputStream();
1220 conContext.inputRecord.setDeliverStream(sockOutput);
1221 conContext.outputRecord.setDeliverStream(sockOutput);
1222
1223 this.isConnected = true;
1224 }
1225
1226 private void useImplicitHost(boolean useNameService) {
1227 // Note: If the local name service is not trustworthy, reverse
1228 // host name resolution should not be performed for endpoint
1229 // identification. Use the application original specified
1230 // hostname or IP address instead.
1231
1232 // Get the original hostname via jdk.internal.access.SharedSecrets
1233 InetAddress inetAddress = getInetAddress();
1234 if (inetAddress == null) { // not connected
1235 return;
1236 }
1237
1238 JavaNetInetAddressAccess jna =
1239 SharedSecrets.getJavaNetInetAddressAccess();
1240 String originalHostname = jna.getOriginalHostName(inetAddress);
1241 if ((originalHostname != null) &&
1242 (originalHostname.length() != 0)) {
1243
1244 this.peerHost = originalHostname;
1245 if (conContext.sslConfig.serverNames.isEmpty() &&
1246 !conContext.sslConfig.noSniExtension) {
1247 conContext.sslConfig.serverNames =
1248 Utilities.addToSNIServerNameList(
1249 conContext.sslConfig.serverNames, peerHost);
1250 }
1251
1252 return;
1253 }
1254
1255 // No explicitly specified hostname, no server name indication.
1256 if (!useNameService) {
1257 // The local name service is not trustworthy, use IP address.
1258 this.peerHost = inetAddress.getHostAddress();
1259 } else {
1260 // Use the underlying reverse host name resolution service.
1261 this.peerHost = getInetAddress().getHostName();
1262 }
|
1186 // connection is not duplex-open.
1187 if ((conContext.handshakeContext == null) &&
1188 !conContext.isOutboundClosed() &&
1189 !conContext.isInboundClosed() &&
1190 !conContext.isBroken) {
1191 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
1192 SSLLogger.finest("trigger key update");
1193 }
1194 startHandshake();
1195 }
1196 }
1197
1198 /**
1199 * Initialize the handshaker and socket streams.
1200 *
1201 * Called by connect, the layered constructor, and SSLServerSocket.
1202 */
1203 synchronized void doneConnect() throws IOException {
1204 // In server mode, it is not necessary to set host and serverNames.
1205 // Otherwise, would require a reverse DNS lookup to get the hostname.
1206 if (peerHost == null || peerHost.isEmpty()) {
1207 boolean useNameService =
1208 trustNameService && conContext.sslConfig.isClientMode;
1209 useImplicitHost(useNameService);
1210 } else {
1211 conContext.sslConfig.serverNames =
1212 Utilities.addToSNIServerNameList(
1213 conContext.sslConfig.serverNames, peerHost);
1214 }
1215
1216 InputStream sockInput = super.getInputStream();
1217 conContext.inputRecord.setReceiverStream(sockInput);
1218
1219 OutputStream sockOutput = super.getOutputStream();
1220 conContext.inputRecord.setDeliverStream(sockOutput);
1221 conContext.outputRecord.setDeliverStream(sockOutput);
1222
1223 this.isConnected = true;
1224 }
1225
1226 private void useImplicitHost(boolean useNameService) {
1227 // Note: If the local name service is not trustworthy, reverse
1228 // host name resolution should not be performed for endpoint
1229 // identification. Use the application original specified
1230 // hostname or IP address instead.
1231
1232 // Get the original hostname via jdk.internal.access.SharedSecrets
1233 InetAddress inetAddress = getInetAddress();
1234 if (inetAddress == null) { // not connected
1235 return;
1236 }
1237
1238 JavaNetInetAddressAccess jna =
1239 SharedSecrets.getJavaNetInetAddressAccess();
1240 String originalHostname = jna.getOriginalHostName(inetAddress);
1241 if (originalHostname != null && !originalHostname.isEmpty()) {
1242
1243 this.peerHost = originalHostname;
1244 if (conContext.sslConfig.serverNames.isEmpty() &&
1245 !conContext.sslConfig.noSniExtension) {
1246 conContext.sslConfig.serverNames =
1247 Utilities.addToSNIServerNameList(
1248 conContext.sslConfig.serverNames, peerHost);
1249 }
1250
1251 return;
1252 }
1253
1254 // No explicitly specified hostname, no server name indication.
1255 if (!useNameService) {
1256 // The local name service is not trustworthy, use IP address.
1257 this.peerHost = inetAddress.getHostAddress();
1258 } else {
1259 // Use the underlying reverse host name resolution service.
1260 this.peerHost = getInetAddress().getHostName();
1261 }
|