Back to index...

	/*
	* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/


	package javax.net.ssl;

	import java.net.*;
	import javax.net.SocketFactory;
	import java.io.IOException;
	import java.io.InputStream;
	import java.security.*;
	import java.util.Locale;

	import sun.security.action.GetPropertyAction;

	/**
	* <code>SSLSocketFactory</code>s create <code>SSLSocket</code>s.
	*
	* @since 1.4
	* @see SSLSocket
	* @author David Brownell
	*/
	public abstract class SSLSocketFactory extends SocketFactory
	{
	private static SSLSocketFactory theFactory;

	private static boolean propertyChecked;

	static final boolean DEBUG;

	static {
	String s = GetPropertyAction.privilegedGetProperty("javax.net.debug", "")
	.toLowerCase(Locale.ENGLISH);

	DEBUG = s.contains("all") \|\| s.contains("ssl");
	}

	private static void log(String msg) {
	if (DEBUG) {
	System.out.println(msg);
	}
	}

	/**
	* Constructor is used only by subclasses.
	*/
	public SSLSocketFactory() {
	}

	/**
	* Returns the default SSL socket factory.
	*
	* <p>The first time this method is called, the security property
	* "ssl.SocketFactory.provider" is examined. If it is non-null, a class by
	* that name is loaded and instantiated. If that is successful and the
	* object is an instance of SSLSocketFactory, it is made the default SSL
	* socket factory.
	*
	* <p>Otherwise, this method returns
	* <code>SSLContext.getDefault().getSocketFactory()</code>. If that
	* call fails, an inoperative factory is returned.
	*
	* @return the default <code>SocketFactory</code>
	* @see SSLContext#getDefault
	*/
	public static synchronized SocketFactory getDefault() {
	if (theFactory != null) {
	return theFactory;
	}

	if (propertyChecked == false) {
	propertyChecked = true;
	String clsName = getSecurityProperty("ssl.SocketFactory.provider");
	if (clsName != null) {
	log("setting up default SSLSocketFactory");
	try {
	Class<?> cls = null;
	try {
	cls = Class.forName(clsName);
	} catch (ClassNotFoundException e) {
	ClassLoader cl = ClassLoader.getSystemClassLoader();
	if (cl != null) {
	cls = cl.loadClass(clsName);
	}
	}
	log("class " + clsName + " is loaded");
	@SuppressWarnings("deprecation")
	SSLSocketFactory fac = (SSLSocketFactory)cls.newInstance();
	log("instantiated an instance of class " + clsName);
	theFactory = fac;
	return fac;
	} catch (Exception e) {
	log("SSLSocketFactory instantiation failed: " + e.toString());
	theFactory = new DefaultSSLSocketFactory(e);
	return theFactory;
	}
	}
	}

	try {
	return SSLContext.getDefault().getSocketFactory();
	} catch (NoSuchAlgorithmException e) {
	return new DefaultSSLSocketFactory(e);
	}
	}

	static String getSecurityProperty(final String name) {
	return AccessController.doPrivileged(new PrivilegedAction<>() {
	@Override
	public String run() {
	String s = java.security.Security.getProperty(name);
	if (s != null) {
	s = s.trim();
	if (s.length() == 0) {
	s = null;
	}
	}
	return s;
	}
	});
	}

	/**
	* Returns the list of cipher suites which are enabled by default.
	* Unless a different list is enabled, handshaking on an SSL connection
	* will use one of these cipher suites. The minimum quality of service
	* for these defaults requires confidentiality protection and server
	* authentication (that is, no anonymous cipher suites).
	* <P>
	* The returned array includes cipher suites from the list of standard
	* cipher suite names in the <a href=
	* "{@docRoot}/../specs/security/standard-names.html#jsse-cipher-suite-names">
	* JSSE Cipher Suite Names</a> section of the Java Cryptography
	* Architecture Standard Algorithm Name Documentation, and may also
	* include other cipher suites that the provider supports.
	*
	* @see #getSupportedCipherSuites()
	* @return array of the cipher suites enabled by default
	*/
	public abstract String [] getDefaultCipherSuites();

	/**
	* Returns the names of the cipher suites which could be enabled for use
	* on an SSL connection. Normally, only a subset of these will actually
	* be enabled by default, since this list may include cipher suites which
	* do not meet quality of service requirements for those defaults. Such
	* cipher suites are useful in specialized applications.
	* <P>
	* The returned array includes cipher suites from the list of standard
	* cipher suite names in the <a href=
	* "{@docRoot}/../specs/security/standard-names.html#jsse-cipher-suite-names">
	* JSSE Cipher Suite Names</a> section of the Java Cryptography
	* Architecture Standard Algorithm Name Documentation, and may also
	* include other cipher suites that the provider supports.
	*
	* @see #getDefaultCipherSuites()
	* @return an array of cipher suite names
	*/
	public abstract String [] getSupportedCipherSuites();

	/**
	* Returns a socket layered over an existing socket connected to the named
	* host, at the given port. This constructor can be used when tunneling SSL
	* through a proxy or when negotiating the use of SSL over an existing
	* socket. The host and port refer to the logical peer destination.
	* This socket is configured using the socket options established for
	* this factory.
	*
	* @param s the existing socket
	* @param host the server host
	* @param port the server port
	* @param autoClose close the underlying socket when this socket is closed
	* @return a socket connected to the specified host and port
	* @throws IOException if an I/O error occurs when creating the socket
	* @throws NullPointerException if the parameter s is null
	*/
	public abstract Socket createSocket(Socket s, String host,
	int port, boolean autoClose) throws IOException;

	/**
	* Creates a server mode {@link Socket} layered over an
	* existing connected socket, and is able to read data which has
	* already been consumed/removed from the {@link Socket}'s
	* underlying {@link InputStream}.
	* <p>
	* This method can be used by a server application that needs to
	* observe the inbound data but still create valid SSL/TLS
	* connections: for example, inspection of Server Name Indication
	* (SNI) extensions (See section 3 of <A
	* HREF="http://www.ietf.org/rfc/rfc6066.txt">TLS Extensions
	* (RFC6066)</A>). Data that has been already removed from the
	* underlying {@link InputStream} should be loaded into the
	* {@code consumed} stream before this method is called, perhaps
	* using a {@link java.io.ByteArrayInputStream}. When this
	* {@link Socket} begins handshaking, it will read all of the data in
	* {@code consumed} until it reaches {@code EOF}, then all further
	* data is read from the underlying {@link InputStream} as
	* usual.
	* <p>
	* The returned socket is configured using the socket options
	* established for this factory, and is set to use server mode when
	* handshaking (see {@link SSLSocket#setUseClientMode(boolean)}).
	*
	* @param s
	* the existing socket
	* @param consumed
	* the consumed inbound network data that has already been
	* removed from the existing {@link Socket}
	* {@link InputStream}. This parameter may be
	* {@code null} if no data has been removed.
	* @param autoClose close the underlying socket when this socket is closed.
	*
	* @return the {@link Socket} compliant with the socket options
	* established for this factory
	*
	* @throws IOException if an I/O error occurs when creating the socket
	* @throws UnsupportedOperationException if the underlying provider
	* does not implement the operation
	* @throws NullPointerException if {@code s} is {@code null}
	*
	* @since 1.8
	*/
	public Socket createSocket(Socket s, InputStream consumed,
	boolean autoClose) throws IOException {
	throw new UnsupportedOperationException();
	}
	}


	// file private
	class DefaultSSLSocketFactory extends SSLSocketFactory
	{
	private Exception reason;

	DefaultSSLSocketFactory(Exception reason) {
	this.reason = reason;
	}

	private Socket throwException() throws SocketException {
	throw (SocketException)
	new SocketException(reason.toString()).initCause(reason);
	}

	@Override
	public Socket createSocket()
	throws IOException
	{
	return throwException();
	}

	@Override
	public Socket createSocket(String host, int port)
	throws IOException
	{
	return throwException();
	}

	@Override
	public Socket createSocket(Socket s, String host,
	int port, boolean autoClose)
	throws IOException
	{
	return throwException();
	}

	@Override
	public Socket createSocket(InetAddress address, int port)
	throws IOException
	{
	return throwException();
	}

	@Override
	public Socket createSocket(String host, int port,
	InetAddress clientAddress, int clientPort)
	throws IOException
	{
	return throwException();
	}

	@Override
	public Socket createSocket(InetAddress address, int port,
	InetAddress clientAddress, int clientPort)
	throws IOException
	{
	return throwException();
	}

	@Override
	public String [] getDefaultCipherSuites() {
	return new String[0];
	}

	@Override
	public String [] getSupportedCipherSuites() {
	return new String[0];
	}
	}

Back to index...