1 /* 2 * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.io.*; 29 import java.net.*; 30 import javax.net.ssl.SSLSocketFactory; 31 import javax.net.ssl.SSLSocket; 32 33 34 /** 35 * Implementation of an SSL socket factory. This provides the public 36 * hooks to create SSL sockets, using a "high level" programming 37 * interface which encapsulates system security policy defaults rather than 38 * offering application flexibility. In particular, it uses a configurable 39 * authentication context (and the keys held there) rather than offering 40 * any flexibility about which keys to use; that context defaults to the 41 * process-default context, but may be explicitly specified. 42 * 43 * @author David Brownell 44 */ 45 final public class SSLSocketFactoryImpl extends SSLSocketFactory { 46 47 private static SSLContextImpl defaultContext; 48 private SSLContextImpl context; 49 50 /** 51 * Constructor used to instantiate the default factory. This method is 52 * only called if the old "ssl.SocketFactory.provider" property in the 53 * java.security file is set. 54 */ SSLSocketFactoryImpl()55 public SSLSocketFactoryImpl() throws Exception { 56 this.context = SSLContextImpl.DefaultSSLContext.getDefaultImpl(); 57 } 58 59 /** 60 * Constructs an SSL socket factory. 61 */ SSLSocketFactoryImpl(SSLContextImpl context)62 SSLSocketFactoryImpl(SSLContextImpl context) { 63 this.context = context; 64 } 65 66 /** 67 * Creates an unconnected socket. 68 * 69 * @return the unconnected socket 70 * @see java.net.Socket#connect(java.net.SocketAddress, int) 71 */ createSocket()72 public Socket createSocket() { 73 return new SSLSocketImpl(context); 74 } 75 76 /** 77 * Constructs an SSL connection to a named host at a specified port. 78 * This acts as the SSL client, and may authenticate itself or rejoin 79 * existing SSL sessions allowed by the authentication context which 80 * has been configured. 81 * 82 * @param host name of the host with which to connect 83 * @param port number of the server's port 84 */ createSocket(String host, int port)85 public Socket createSocket(String host, int port) 86 throws IOException, UnknownHostException 87 { 88 return new SSLSocketImpl(context, host, port); 89 } 90 91 /** 92 * Returns a socket layered over an existing socket to a 93 * ServerSocket on the named host, at the given port. This 94 * constructor can be used when tunneling SSL through a proxy. The 95 * host and port refer to the logical destination server. This 96 * socket is configured using the socket options established for 97 * this factory. 98 * 99 * @param s the existing socket 100 * @param host the server host 101 * @param port the server port 102 * @param autoClose close the underlying socket when this socket is closed 103 * 104 * @exception IOException if the connection can't be established 105 * @exception UnknownHostException if the host is not known 106 */ createSocket(Socket s, String host, int port, boolean autoClose)107 public Socket createSocket(Socket s, String host, int port, 108 boolean autoClose) throws IOException { 109 return new SSLSocketImpl(context, s, host, port, autoClose); 110 } 111 112 113 /** 114 * Constructs an SSL connection to a server at a specified address 115 * and TCP port. This acts as the SSL client, and may authenticate 116 * itself or rejoin existing SSL sessions allowed by the authentication 117 * context which has been configured. 118 * 119 * @param address the server's host 120 * @param port its port 121 */ createSocket(InetAddress address, int port)122 public Socket createSocket(InetAddress address, int port) 123 throws IOException 124 { 125 return new SSLSocketImpl(context, address, port); 126 } 127 128 129 /** 130 * Constructs an SSL connection to a named host at a specified port. 131 * This acts as the SSL client, and may authenticate itself or rejoin 132 * existing SSL sessions allowed by the authentication context which 133 * has been configured. The socket will also bind() to the local 134 * address and port supplied. 135 */ createSocket(String host, int port, InetAddress clientAddress, int clientPort)136 public Socket createSocket(String host, int port, 137 InetAddress clientAddress, int clientPort) 138 throws IOException 139 { 140 return new SSLSocketImpl(context, host, port, 141 clientAddress, clientPort); 142 } 143 144 /** 145 * Constructs an SSL connection to a server at a specified address 146 * and TCP port. This acts as the SSL client, and may authenticate 147 * itself or rejoin existing SSL sessions allowed by the authentication 148 * context which has been configured. The socket will also bind() to 149 * the local address and port supplied. 150 */ createSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort)151 public Socket createSocket(InetAddress address, int port, 152 InetAddress clientAddress, int clientPort) 153 throws IOException 154 { 155 return new SSLSocketImpl(context, address, port, 156 clientAddress, clientPort); 157 } 158 159 160 /** 161 * Returns the subset of the supported cipher suites which are 162 * enabled by default. These cipher suites all provide a minimum 163 * quality of service whereby the server authenticates itself 164 * (preventing person-in-the-middle attacks) and where traffic 165 * is encrypted to provide confidentiality. 166 */ getDefaultCipherSuites()167 public String[] getDefaultCipherSuites() { 168 return context.getDefaultCipherSuiteList(false).toStringArray(); 169 } 170 171 /** 172 * Returns the names of the cipher suites which could be enabled for use 173 * on an SSL connection. Normally, only a subset of these will actually 174 * be enabled by default, since this list may include cipher suites which 175 * do not support the mutual authentication of servers and clients, or 176 * which do not protect data confidentiality. Servers may also need 177 * certain kinds of certificates to use certain cipher suites. 178 */ getSupportedCipherSuites()179 public String[] getSupportedCipherSuites() { 180 return context.getSupportedCipherSuiteList().toStringArray(); 181 } 182 } 183