1 /* 2 * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.io.*; 29 import java.net.*; 30 import javax.net.ssl.SSLSocketFactory; 31 32 33 /** 34 * Implementation of an SSL socket factory. This provides the public 35 * hooks to create SSL sockets, using a "high level" programming 36 * interface which encapsulates system security policy defaults rather than 37 * offering application flexibility. In particular, it uses a configurable 38 * authentication context (and the keys held there) rather than offering 39 * any flexibility about which keys to use; that context defaults to the 40 * process-default context, but may be explicitly specified. 41 * 42 * @author David Brownell 43 */ 44 public final class SSLSocketFactoryImpl extends SSLSocketFactory { 45 46 private SSLContextImpl context; 47 48 /** 49 * Constructor used to instantiate the default factory. This method is 50 * only called if the old "ssl.SocketFactory.provider" property in the 51 * java.security file is set. 52 */ 53 public SSLSocketFactoryImpl() throws Exception { 54 this.context = SSLContextImpl.DefaultSSLContext.getDefaultImpl(); 55 } 56 57 /** 58 * Constructs an SSL socket factory. 59 */ 60 SSLSocketFactoryImpl(SSLContextImpl context) { 61 this.context = context; 62 } 63 64 /** 65 * Creates an unconnected socket. 66 * 67 * @return the unconnected socket 68 * @see java.net.Socket#connect(java.net.SocketAddress, int) 69 */ 70 @Override 71 public Socket createSocket() { 72 return new SSLSocketImpl(context); 73 } 74 75 /** 76 * Constructs an SSL connection to a named host at a specified port. 77 * This acts as the SSL client, and may authenticate itself or rejoin 78 * existing SSL sessions allowed by the authentication context which 79 * has been configured. 80 * 81 * @param host name of the host with which to connect 82 * @param port number of the server's port 83 */ 84 @Override 85 public Socket createSocket(String host, int port) 86 throws IOException, UnknownHostException 87 { 88 return new SSLSocketImpl(context, host, port); 89 } 90 91 /** 92 * Returns a socket layered over an existing socket to a 93 * ServerSocket on the named host, at the given port. This 94 * constructor can be used when tunneling SSL through a proxy. The 95 * host and port refer to the logical destination server. This 96 * socket is configured using the socket options established for 97 * this factory. 98 * 99 * @param s the existing socket 100 * @param host the server host 101 * @param port the server port 102 * @param autoClose close the underlying socket when this socket is closed 103 * 104 * @exception IOException if the connection can't be established 105 * @exception UnknownHostException if the host is not known 106 */ 107 @Override 108 public Socket createSocket(Socket s, String host, int port, 109 boolean autoClose) throws IOException { 110 return new SSLSocketImpl(context, s, host, port, autoClose); 111 } 112 113 @Override 114 public Socket createSocket(Socket s, InputStream consumed, 115 boolean autoClose) throws IOException { 116 if (s == null) { 117 throw new NullPointerException( 118 "the existing socket cannot be null"); 119 } 120 121 return new SSLSocketImpl(context, s, consumed, autoClose); 122 } 123 124 /** 125 * Constructs an SSL connection to a server at a specified address 126 * and TCP port. This acts as the SSL client, and may authenticate 127 * itself or rejoin existing SSL sessions allowed by the authentication 128 * context which has been configured. 129 * 130 * @param address the server's host 131 * @param port its port 132 */ 133 @Override 134 public Socket createSocket(InetAddress address, int port) 135 throws IOException 136 { 137 return new SSLSocketImpl(context, address, port); 138 } 139 140 141 /** 142 * Constructs an SSL connection to a named host at a specified port. 143 * This acts as the SSL client, and may authenticate itself or rejoin 144 * existing SSL sessions allowed by the authentication context which 145 * has been configured. The socket will also bind() to the local 146 * address and port supplied. 147 */ 148 @Override 149 public Socket createSocket(String host, int port, 150 InetAddress clientAddress, int clientPort) 151 throws IOException 152 { 153 return new SSLSocketImpl(context, host, port, 154 clientAddress, clientPort); 155 } 156 157 /** 158 * Constructs an SSL connection to a server at a specified address 159 * and TCP port. This acts as the SSL client, and may authenticate 160 * itself or rejoin existing SSL sessions allowed by the authentication 161 * context which has been configured. The socket will also bind() to 162 * the local address and port supplied. 163 */ 164 @Override 165 public Socket createSocket(InetAddress address, int port, 166 InetAddress clientAddress, int clientPort) 167 throws IOException 168 { 169 return new SSLSocketImpl(context, address, port, 170 clientAddress, clientPort); 171 } 172 173 174 /** 175 * Returns the subset of the supported cipher suites which are 176 * enabled by default. These cipher suites all provide a minimum 177 * quality of service whereby the server authenticates itself 178 * (preventing person-in-the-middle attacks) and where traffic 179 * is encrypted to provide confidentiality. 180 */ 181 @Override 182 public String[] getDefaultCipherSuites() { 183 return context.getDefaultCipherSuiteList(false).toStringArray(); 184 } 185 186 /** 187 * Returns the names of the cipher suites which could be enabled for use 188 * on an SSL connection. Normally, only a subset of these will actually 189 * be enabled by default, since this list may include cipher suites which 190 * do not support the mutual authentication of servers and clients, or 191 * which do not protect data confidentiality. Servers may also need 192 * certain kinds of certificates to use certain cipher suites. 193 */ 194 @Override 195 public String[] getSupportedCipherSuites() { 196 return context.getSupportedCipherSuiteList().toStringArray(); 197 } 198 }