25
26
27 package sun.security.ssl;
28
29 import java.io.*;
30 import java.nio.*;
31 import java.net.*;
32 import java.security.GeneralSecurityException;
33 import java.security.AccessController;
34 import java.security.AccessControlContext;
35 import java.security.PrivilegedAction;
36 import java.security.AlgorithmConstraints;
37 import java.util.*;
38 import java.util.concurrent.TimeUnit;
39 import java.util.concurrent.locks.ReentrantLock;
40
41 import javax.crypto.BadPaddingException;
42 import javax.net.ssl.*;
43 import sun.misc.ManagedLocalsThread;
44
45 import sun.misc.JavaNetInetAddressAccess;
46 import sun.misc.SharedSecrets;
47
48 /**
49 * Implementation of an SSL socket. This is a normal connection type
50 * socket, implementing SSL over some lower level socket, such as TCP.
51 * Because it is layered over some lower level socket, it MUST override
52 * all default socket methods.
53 *
54 * <P> This API offers a non-traditional option for establishing SSL
55 * connections. You may first establish the connection directly, then pass
56 * that connection to the SSL socket constructor with a flag saying which
57 * role should be taken in the handshake protocol. (The two ends of the
58 * connection must not choose the same role!) This allows setup of SSL
59 * proxying or tunneling, and also allows the kind of "role reversal"
60 * that is required for most FTP data transfers.
61 *
62 * @see javax.net.ssl.SSLSocket
63 * @see SSLServerSocket
64 *
65 * @author David Brownell
66 */
2077 if (host == null || host.length() == 0) {
2078 if (!trustNameService) {
2079 // If the local name service is not trustworthy, reverse host
2080 // name resolution should not be performed for endpoint
2081 // identification. Use the application original specified
2082 // hostname or IP address instead.
2083 host = getOriginalHostname(getInetAddress());
2084 } else {
2085 host = getInetAddress().getHostName();
2086 }
2087 }
2088
2089 return host;
2090 }
2091
2092 /*
2093 * Get the original application specified hostname.
2094 */
2095 private static String getOriginalHostname(InetAddress inetAddress) {
2096 /*
2097 * Get the original hostname via sun.misc.SharedSecrets.
2098 */
2099 JavaNetInetAddressAccess jna = SharedSecrets.getJavaNetInetAddressAccess();
2100 String originalHostname = jna.getOriginalHostName(inetAddress);
2101
2102 /*
2103 * If no application specified hostname, use the IP address.
2104 */
2105 if (originalHostname == null || originalHostname.length() == 0) {
2106 originalHostname = inetAddress.getHostAddress();
2107 }
2108
2109 return originalHostname;
2110 }
2111
2112 // ONLY used by HttpsClient to setup the URI specified hostname
2113 //
2114 // Please NOTE that this method MUST be called before calling to
2115 // SSLSocket.setSSLParameters(). Otherwise, the {@code host} parameter
2116 // may override SNIHostName in the customized server name indication.
2117 synchronized public void setHost(String host) {
|
25
26
27 package sun.security.ssl;
28
29 import java.io.*;
30 import java.nio.*;
31 import java.net.*;
32 import java.security.GeneralSecurityException;
33 import java.security.AccessController;
34 import java.security.AccessControlContext;
35 import java.security.PrivilegedAction;
36 import java.security.AlgorithmConstraints;
37 import java.util.*;
38 import java.util.concurrent.TimeUnit;
39 import java.util.concurrent.locks.ReentrantLock;
40
41 import javax.crypto.BadPaddingException;
42 import javax.net.ssl.*;
43 import sun.misc.ManagedLocalsThread;
44
45 import jdk.internal.misc.JavaNetInetAddressAccess;
46 import jdk.internal.misc.SharedSecrets;
47
48 /**
49 * Implementation of an SSL socket. This is a normal connection type
50 * socket, implementing SSL over some lower level socket, such as TCP.
51 * Because it is layered over some lower level socket, it MUST override
52 * all default socket methods.
53 *
54 * <P> This API offers a non-traditional option for establishing SSL
55 * connections. You may first establish the connection directly, then pass
56 * that connection to the SSL socket constructor with a flag saying which
57 * role should be taken in the handshake protocol. (The two ends of the
58 * connection must not choose the same role!) This allows setup of SSL
59 * proxying or tunneling, and also allows the kind of "role reversal"
60 * that is required for most FTP data transfers.
61 *
62 * @see javax.net.ssl.SSLSocket
63 * @see SSLServerSocket
64 *
65 * @author David Brownell
66 */
2077 if (host == null || host.length() == 0) {
2078 if (!trustNameService) {
2079 // If the local name service is not trustworthy, reverse host
2080 // name resolution should not be performed for endpoint
2081 // identification. Use the application original specified
2082 // hostname or IP address instead.
2083 host = getOriginalHostname(getInetAddress());
2084 } else {
2085 host = getInetAddress().getHostName();
2086 }
2087 }
2088
2089 return host;
2090 }
2091
2092 /*
2093 * Get the original application specified hostname.
2094 */
2095 private static String getOriginalHostname(InetAddress inetAddress) {
2096 /*
2097 * Get the original hostname via jdk.internal.misc.SharedSecrets.
2098 */
2099 JavaNetInetAddressAccess jna = SharedSecrets.getJavaNetInetAddressAccess();
2100 String originalHostname = jna.getOriginalHostName(inetAddress);
2101
2102 /*
2103 * If no application specified hostname, use the IP address.
2104 */
2105 if (originalHostname == null || originalHostname.length() == 0) {
2106 originalHostname = inetAddress.getHostAddress();
2107 }
2108
2109 return originalHostname;
2110 }
2111
2112 // ONLY used by HttpsClient to setup the URI specified hostname
2113 //
2114 // Please NOTE that this method MUST be called before calling to
2115 // SSLSocket.setSSLParameters(). Otherwise, the {@code host} parameter
2116 // may override SNIHostName in the customized server name indication.
2117 synchronized public void setHost(String host) {
|