1 /*
2 * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.io.*;
29 import java.net.*;
30 import javax.net.ssl.SSLSocketFactory;
31
32
33 /**
34 * Implementation of an SSL socket factory. This provides the public
35 * hooks to create SSL sockets, using a "high level" programming
36 * interface which encapsulates system security policy defaults rather than
37 * offering application flexibility. In particular, it uses a configurable
38 * authentication context (and the keys held there) rather than offering
39 * any flexibility about which keys to use; that context defaults to the
40 * process-default context, but may be explicitly specified.
41 *
42 * @author David Brownell
43 */
44 public final class SSLSocketFactoryImpl extends SSLSocketFactory {
45
46 private final SSLContextImpl context;
47
48 /**
49 * Constructor used to instantiate the default factory. This method is
50 * only called if the old "ssl.SocketFactory.provider" property in the
51 * java.security file is set.
52 */
53 public SSLSocketFactoryImpl() throws Exception {
54 this.context = SSLContextImpl.DefaultSSLContext.getDefaultImpl();
55 }
56
57 /**
58 * Constructs an SSL socket factory.
59 */
60 SSLSocketFactoryImpl(SSLContextImpl context) {
61 this.context = context;
62 }
63
64 /**
65 * Creates an unconnected socket.
66 *
67 * @return the unconnected socket
68 * @see java.net.Socket#connect(java.net.SocketAddress, int)
69 */
70 @Override
71 public Socket createSocket() {
72 return new SSLSocketImpl(context);
73 }
74
75 /**
76 * Constructs an SSL connection to a named host at a specified port.
77 * This acts as the SSL client, and may authenticate itself or rejoin
78 * existing SSL sessions allowed by the authentication context which
79 * has been configured.
80 *
81 * @param host name of the host with which to connect
82 * @param port number of the server's port
83 */
84 @Override
85 public Socket createSocket(String host, int port)
86 throws IOException, UnknownHostException
87 {
88 return new SSLSocketImpl(context, host, port);
89 }
90
91 /**
92 * Returns a socket layered over an existing socket to a
93 * ServerSocket on the named host, at the given port. This
94 * constructor can be used when tunneling SSL through a proxy. The
95 * host and port refer to the logical destination server. This
96 * socket is configured using the socket options established for
97 * this factory.
98 *
99 * @param s the existing socket
100 * @param host the server host
101 * @param port the server port
102 * @param autoClose close the underlying socket when this socket is closed
103 *
104 * @exception IOException if the connection can't be established
105 * @exception UnknownHostException if the host is not known
106 */
107 @Override
108 public Socket createSocket(Socket s, String host, int port,
109 boolean autoClose) throws IOException {
110 return new SSLSocketImpl(context, s, host, port, autoClose);
111 }
112
113 @Override
114 public Socket createSocket(Socket s, InputStream consumed,
115 boolean autoClose) throws IOException {
116 if (s == null) {
117 throw new NullPointerException(
118 "the existing socket cannot be null");
119 }
120
121 return new SSLSocketImpl(context, s, consumed, autoClose);
122 }
123
124 /**
125 * Constructs an SSL connection to a server at a specified address
126 * and TCP port. This acts as the SSL client, and may authenticate
127 * itself or rejoin existing SSL sessions allowed by the authentication
128 * context which has been configured.
129 *
130 * @param address the server's host
131 * @param port its port
132 */
133 @Override
134 public Socket createSocket(InetAddress address, int port)
135 throws IOException
136 {
137 return new SSLSocketImpl(context, address, port);
138 }
139
140
141 /**
142 * Constructs an SSL connection to a named host at a specified port.
143 * This acts as the SSL client, and may authenticate itself or rejoin
144 * existing SSL sessions allowed by the authentication context which
145 * has been configured. The socket will also bind() to the local
146 * address and port supplied.
147 */
148 @Override
149 public Socket createSocket(String host, int port,
150 InetAddress clientAddress, int clientPort)
151 throws IOException
152 {
153 return new SSLSocketImpl(context, host, port,
154 clientAddress, clientPort);
155 }
156
157 /**
158 * Constructs an SSL connection to a server at a specified address
159 * and TCP port. This acts as the SSL client, and may authenticate
160 * itself or rejoin existing SSL sessions allowed by the authentication
161 * context which has been configured. The socket will also bind() to
162 * the local address and port supplied.
163 */
164 @Override
165 public Socket createSocket(InetAddress address, int port,
166 InetAddress clientAddress, int clientPort)
167 throws IOException
168 {
169 return new SSLSocketImpl(context, address, port,
170 clientAddress, clientPort);
171 }
172
173
174 /**
175 * Returns the subset of the supported cipher suites which are
176 * enabled by default. These cipher suites all provide a minimum
177 * quality of service whereby the server authenticates itself
178 * (preventing person-in-the-middle attacks) and where traffic
179 * is encrypted to provide confidentiality.
180 */
181 @Override
182 public String[] getDefaultCipherSuites() {
183 return CipherSuite.namesOf(context.getDefaultCipherSuites(false));
184 }
185
186 /**
187 * Returns the names of the cipher suites which could be enabled for use
188 * on an SSL connection. Normally, only a subset of these will actually
189 * be enabled by default, since this list may include cipher suites which
190 * do not support the mutual authentication of servers and clients, or
191 * which do not protect data confidentiality. Servers may also need
192 * certain kinds of certificates to use certain cipher suites.
193 */
194 @Override
195 public String[] getSupportedCipherSuites() {
196 return CipherSuite.namesOf(context.getSupportedCipherSuites());
197 }
198 }