1/*
2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.  Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26
27package javax.net.ssl;
28
29import java.net.*;
30import javax.net.SocketFactory;
31import java.io.IOException;
32import java.io.InputStream;
33import java.security.*;
34import java.util.Locale;
35
36import sun.security.action.GetPropertyAction;
37
38/**
39 * <code>SSLSocketFactory</code>s create <code>SSLSocket</code>s.
40 *
41 * @since 1.4
42 * @see SSLSocket
43 * @author David Brownell
44 */
45public abstract class SSLSocketFactory extends SocketFactory
46{
47    private static SSLSocketFactory theFactory;
48
49    private static boolean propertyChecked;
50
51    static final boolean DEBUG;
52
53    static {
54        String s = GetPropertyAction.privilegedGetProperty("javax.net.debug", "")
55                .toLowerCase(Locale.ENGLISH);
56
57        DEBUG = s.contains("all") || s.contains("ssl");
58    }
59
60    private static void log(String msg) {
61        if (DEBUG) {
62            System.out.println(msg);
63        }
64    }
65
66    /**
67     * Constructor is used only by subclasses.
68     */
69    public SSLSocketFactory() {
70    }
71
72    /**
73     * Returns the default SSL socket factory.
74     *
75     * <p>The first time this method is called, the security property
76     * "ssl.SocketFactory.provider" is examined. If it is non-null, a class by
77     * that name is loaded and instantiated. If that is successful and the
78     * object is an instance of SSLSocketFactory, it is made the default SSL
79     * socket factory.
80     *
81     * <p>Otherwise, this method returns
82     * <code>SSLContext.getDefault().getSocketFactory()</code>. If that
83     * call fails, an inoperative factory is returned.
84     *
85     * @return the default <code>SocketFactory</code>
86     * @see SSLContext#getDefault
87     */
88    public static synchronized SocketFactory getDefault() {
89        if (theFactory != null) {
90            return theFactory;
91        }
92
93        if (propertyChecked == false) {
94            propertyChecked = true;
95            String clsName = getSecurityProperty("ssl.SocketFactory.provider");
96            if (clsName != null) {
97                log("setting up default SSLSocketFactory");
98                try {
99                    Class<?> cls = null;
100                    try {
101                        cls = Class.forName(clsName);
102                    } catch (ClassNotFoundException e) {
103                        ClassLoader cl = ClassLoader.getSystemClassLoader();
104                        if (cl != null) {
105                            cls = cl.loadClass(clsName);
106                        }
107                    }
108                    log("class " + clsName + " is loaded");
109                    @SuppressWarnings("deprecation")
110                    SSLSocketFactory fac = (SSLSocketFactory)cls.newInstance();
111                    log("instantiated an instance of class " + clsName);
112                    theFactory = fac;
113                    return fac;
114                } catch (Exception e) {
115                    log("SSLSocketFactory instantiation failed: " + e.toString());
116                    theFactory = new DefaultSSLSocketFactory(e);
117                    return theFactory;
118                }
119            }
120        }
121
122        try {
123            return SSLContext.getDefault().getSocketFactory();
124        } catch (NoSuchAlgorithmException e) {
125            return new DefaultSSLSocketFactory(e);
126        }
127    }
128
129    static String getSecurityProperty(final String name) {
130        return AccessController.doPrivileged(new PrivilegedAction<>() {
131            @Override
132            public String run() {
133                String s = java.security.Security.getProperty(name);
134                if (s != null) {
135                    s = s.trim();
136                    if (s.length() == 0) {
137                        s = null;
138                    }
139                }
140                return s;
141            }
142        });
143    }
144
145    /**
146     * Returns the list of cipher suites which are enabled by default.
147     * Unless a different list is enabled, handshaking on an SSL connection
148     * will use one of these cipher suites.  The minimum quality of service
149     * for these defaults requires confidentiality protection and server
150     * authentication (that is, no anonymous cipher suites).
151     * <P>
152     * The returned array includes cipher suites from the list of standard
153     * cipher suite names in the <a href=
154     * "{@docRoot}/../specs/security/standard-names.html#jsse-cipher-suite-names">
155     * JSSE Cipher Suite Names</a> section of the Java Cryptography
156     * Architecture Standard Algorithm Name Documentation, and may also
157     * include other cipher suites that the provider supports.
158     *
159     * @see #getSupportedCipherSuites()
160     * @return array of the cipher suites enabled by default
161     */
162    public abstract String [] getDefaultCipherSuites();
163
164    /**
165     * Returns the names of the cipher suites which could be enabled for use
166     * on an SSL connection.  Normally, only a subset of these will actually
167     * be enabled by default, since this list may include cipher suites which
168     * do not meet quality of service requirements for those defaults.  Such
169     * cipher suites are useful in specialized applications.
170     * <P>
171     * The returned array includes cipher suites from the list of standard
172     * cipher suite names in the <a href=
173     * "{@docRoot}/../specs/security/standard-names.html#jsse-cipher-suite-names">
174     * JSSE Cipher Suite Names</a> section of the Java Cryptography
175     * Architecture Standard Algorithm Name Documentation, and may also
176     * include other cipher suites that the provider supports.
177     *
178     * @see #getDefaultCipherSuites()
179     * @return an array of cipher suite names
180     */
181    public abstract String [] getSupportedCipherSuites();
182
183    /**
184     * Returns a socket layered over an existing socket connected to the named
185     * host, at the given port.  This constructor can be used when tunneling SSL
186     * through a proxy or when negotiating the use of SSL over an existing
187     * socket. The host and port refer to the logical peer destination.
188     * This socket is configured using the socket options established for
189     * this factory.
190     *
191     * @param s the existing socket
192     * @param host the server host
193     * @param port the server port
194     * @param autoClose close the underlying socket when this socket is closed
195     * @return a socket connected to the specified host and port
196     * @throws IOException if an I/O error occurs when creating the socket
197     * @throws NullPointerException if the parameter s is null
198     */
199    public abstract Socket createSocket(Socket s, String host,
200            int port, boolean autoClose) throws IOException;
201
202    /**
203     * Creates a server mode {@link Socket} layered over an
204     * existing connected socket, and is able to read data which has
205     * already been consumed/removed from the {@link Socket}'s
206     * underlying {@link InputStream}.
207     * <p>
208     * This method can be used by a server application that needs to
209     * observe the inbound data but still create valid SSL/TLS
210     * connections: for example, inspection of Server Name Indication
211     * (SNI) extensions (See section 3 of <A
212     * HREF="http://www.ietf.org/rfc/rfc6066.txt">TLS Extensions
213     * (RFC6066)</A>).  Data that has been already removed from the
214     * underlying {@link InputStream} should be loaded into the
215     * {@code consumed} stream before this method is called, perhaps
216     * using a {@link java.io.ByteArrayInputStream}.  When this
217     * {@link Socket} begins handshaking, it will read all of the data in
218     * {@code consumed} until it reaches {@code EOF}, then all further
219     * data is read from the underlying {@link InputStream} as
220     * usual.
221     * <p>
222     * The returned socket is configured using the socket options
223     * established for this factory, and is set to use server mode when
224     * handshaking (see {@link SSLSocket#setUseClientMode(boolean)}).
225     *
226     * @param  s
227     *         the existing socket
228     * @param  consumed
229     *         the consumed inbound network data that has already been
230     *         removed from the existing {@link Socket}
231     *         {@link InputStream}.  This parameter may be
232     *         {@code null} if no data has been removed.
233     * @param  autoClose close the underlying socket when this socket is closed.
234     *
235     * @return the {@link Socket} compliant with the socket options
236     *         established for this factory
237     *
238     * @throws IOException if an I/O error occurs when creating the socket
239     * @throws UnsupportedOperationException if the underlying provider
240     *         does not implement the operation
241     * @throws NullPointerException if {@code s} is {@code null}
242     *
243     * @since 1.8
244     */
245    public Socket createSocket(Socket s, InputStream consumed,
246            boolean autoClose) throws IOException {
247        throw new UnsupportedOperationException();
248    }
249}
250
251
252// file private
253class DefaultSSLSocketFactory extends SSLSocketFactory
254{
255    private Exception reason;
256
257    DefaultSSLSocketFactory(Exception reason) {
258        this.reason = reason;
259    }
260
261    private Socket throwException() throws SocketException {
262        throw (SocketException)
263            new SocketException(reason.toString()).initCause(reason);
264    }
265
266    @Override
267    public Socket createSocket()
268    throws IOException
269    {
270        return throwException();
271    }
272
273    @Override
274    public Socket createSocket(String host, int port)
275    throws IOException
276    {
277        return throwException();
278    }
279
280    @Override
281    public Socket createSocket(Socket s, String host,
282                                int port, boolean autoClose)
283    throws IOException
284    {
285        return throwException();
286    }
287
288    @Override
289    public Socket createSocket(InetAddress address, int port)
290    throws IOException
291    {
292        return throwException();
293    }
294
295    @Override
296    public Socket createSocket(String host, int port,
297        InetAddress clientAddress, int clientPort)
298    throws IOException
299    {
300        return throwException();
301    }
302
303    @Override
304    public Socket createSocket(InetAddress address, int port,
305        InetAddress clientAddress, int clientPort)
306    throws IOException
307    {
308        return throwException();
309    }
310
311    @Override
312    public String [] getDefaultCipherSuites() {
313        return new String[0];
314    }
315
316    @Override
317    public String [] getSupportedCipherSuites() {
318        return new String[0];
319    }
320}
321