3002N/A * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * This class provides HTTPS client URL support, building on the standard 0N/A * "sun.net.www" HTTP protocol handler. HTTPS is the same protocol as HTTP, 0N/A * but differs in the transport layer which it uses: <UL> 0N/A * <LI>There's a <em>Secure Sockets Layer</em> between TCP 0N/A * and the HTTP protocol code. 0N/A * <LI>It uses a different default TCP port. 0N/A * <LI>It doesn't use application level proxies, which can see and 0N/A * manipulate HTTP user level data, compromising privacy. It uses 0N/A * low level tunneling instead, which hides HTTP protocol and data 0N/A * from all third parties. (Traffic analysis is still possible). 0N/A * <LI>It does basic server authentication, to protect 0N/A * against "URL spoofing" attacks. This involves deciding 0N/A * whether the X.509 certificate chain identifying the server 0N/A * is trusted, and verifying that the name of the server is 0N/A * found in the certificate. (The application may enable an 0N/A * anonymous SSL cipher suite, and such checks are not done 0N/A * for anonymous ciphers.) 0N/A * <LI>It exposes key SSL session attributes, specifically the 0N/A * cipher suite in use and the server's X509 certificates, to 0N/A * application software which knows about this protocol handler. 0N/A * <P> System properties used include: <UL> 0N/A * <LI><em>https.proxyHost</em> ... the host supporting SSL 0N/A * tunneling using the conventional CONNECT syntax 0N/A * <LI><em>https.proxyPort</em> ... port to use on proxyHost 0N/A * <LI><em>https.cipherSuites</em> ... comma separated list of 0N/A * SSL cipher suite names to enable. 0N/A * <LI><em>http.nonProxyHosts</em> ... 0N/A * @author David Brownell 0N/A * @author Bill Foote 0N/A// final for export control reasons (access to APIs); remove with care 0N/A // STATIC STATE and ACCESSORS THERETO 0N/A // HTTPS uses a different default port number than HTTP. 3002N/A // default HostnameVerifier class canonical name 3002N/A "javax.net.ssl.HttpsURLConnection.DefaultHostnameVerifier";
0N/A /** Returns the default HTTPS port (443) */ 0N/A // HttpClient.proxyDisabled will always be false, because we don't 0N/A // use an application-level HTTP proxy. We might tunnel through 0N/A // our http proxy, though. 0N/A // last negotiated SSL session 0N/A // If ciphers are assigned, sort them into an array. 0N/A // If protocols are assigned, sort them into an array. 0N/A // should remove once HttpClient.newHttpProxy is putback 0N/A // CONSTRUCTOR, FACTORY 0N/A * Create an HTTPS client URL. Traffic will be tunneled through any 0N/A * intermediate nodes rather than proxied, so that confidentiality 0N/A * of data exchanged can be preserved. However, note that all the 0N/A * anonymous SSL flavors are subject to "person-in-the-middle" 0N/A * attacks against confidentiality. If you enable use of those 0N/A * flavors, you may be giving up the protection you get through 0N/A * Use New to get new HttpsClient. This constructor is meant to be 0N/A * used only by New method. New properly checks for URL spoofing. 0N/A * @param URL https URL with which a connection must be established 0N/A // HttpClient-level proxying is always disabled, 0N/A // because we override doConnect to do tunneling instead. 0N/A * Create an HTTPS client URL. Traffic will be tunneled through 0N/A * the specified proxy server. 0N/A * Create an HTTPS client URL. Traffic will be tunneled through 0N/A * the specified proxy server, with a connect timeout 0N/A * Same as previous constructor except using a Proxy 0N/A // This code largely ripped off from HttpClient.New, and 0N/A // it uses the same keepalive cache. 0N/A /** See HttpClient for the model for this method. */ 0N/A * Get a HTTPS client to the URL. Traffic will be tunneled through 0N/A * the specified proxy server. 0N/A /* see if one's already around */ 5843N/A // We cannot return this connection to the cache as it's 5843N/A // KeepAliveTimeout will get reset. We simply close the connection. 5843N/A // This should be fine as it is very rare that a connection 5843N/A // to the same host will not use the same proxy. 2241N/A * The following method, createSocket, is defined in NetworkClient 2241N/A * and overridden here so that the socket facroty is used to create 2241N/A // javax.net.SocketFactory throws a SocketException with an 2241N/A // UnsupportedOperationException as its cause to indicate that 2241N/A // unconnected sockets have not been implemented. 0N/A // If we fail to connect through the tunnel, try it 0N/A // locally, as a last resort. If this doesn't work, 0N/A // throw the original exception. 0N/A // Force handshaking, so that we get any authentication. 0N/A // Register a handshake callback so our session state tracks any 0N/A // later session renegotiations. 3002N/A // We have two hostname verification approaches. One is in 3002N/A // SSL/TLS socket layer, where the algorithm is configured with 3002N/A // SSLParameters.setEndpointIdentificationAlgorithm(), and the 3002N/A // hostname verification is done by X509ExtendedTrustManager when 3002N/A // the algorithm is "HTTPS". The other one is in HTTPS layer, 3002N/A // where the algorithm is customized by 3002N/A // HttpsURLConnection.setHostnameVerifier(), and the hostname 3002N/A // verification is done by HostnameVerifier when the default 3002N/A // rules for hostname verification fail. 3002N/A // The relationship between two hostname verification approaches 3002N/A // +---------------------------------------------- 3002N/A // ------------------------------------------------------------- 3002N/A // HNV | default | Set HTTPS EIA | use EIA | HTTPS | 3002N/A // |-------------------------------------------------------- 3002N/A // ------------------------------------------------------------- 3002N/A // HNV: the hostname verification object in HTTPS layer 3002N/A // case 1. default HNV and EIA is null 3002N/A // case 2. default HNV and EIA is HTTPS 3002N/A // case 3. default HNV and EIA is other than HTTPS 3002N/A // layer, then do HTTPS check in HTTPS layer. 3002N/A // case 4. non-default HNV and EIA is null 3002N/A // HTTPS check in HTTPS layer using HNV as override. 3002N/A // case 5. non-default HNV and EIA is HTTPS 3002N/A // layer. No HNV override possible. We will review this 3002N/A // decision and may update the architecture for JDK 7. 3002N/A // case 6. non-default HNV and EIA is other than HTTPS 3002N/A // then do HTTPS check in HTTPS layer as override. 3002N/A // Do not check server identity again out of SSLSocket, 3002N/A // the endpoint will be identified during TLS handshaking 3002N/A }
// else, we don't understand the identification algorithm, 3002N/A // need to check URL spoofing here. 3002N/A // We prefer to let the SSLSocket do the spoof checks, but if 3002N/A // the application has specified a HostnameVerifier (HNV), 3002N/A // we will always use that. 3002N/A // Unlikely to happen! As the behavior is the same as the 3002N/A // default hostname verifier, so we prefer to let the 3002N/A // SSLSocket do the spoof checks. 3002N/A // If the HNV is the default from HttpsURLConnection, we 3002N/A // will do the spoof checks in SSLSocket. 0N/A // change the serverSocket and serverOutput 0N/A // check URL spoofing if it has not been checked under handshaking 0N/A // if we are reusing a cached https session, 0N/A // we don't need to do handshaking etc. But we do need to 0N/A // set the ssl session 0N/A // Server identity checking is done according to RFC 2818: HTTP over TLS 0N/A // Section 3.1 Server Identity 0N/A // Get authenticated server name, if any 0N/A // if IPv6 strip off the "[]" 1870N/A // Use ciphersuite to determine whether Kerberos is present. 0N/A " failed for Kerberos");
0N/A // get the subject's certificate 0N/A // if it doesn't throw an exception, we passed. Return. 0N/A // client explicitly changed default policy and enabled 0N/A // anonymous ciphers; we can't check the standard policy 5843N/A assert false :
"Duplicate put to keep alive cache";
75N/A * Close an idle connection to this URL (if it exists in the cache). 0N/A * Returns the cipher suite in use on this connection. 0N/A * Returns the certificate chain the client sent to the 0N/A * server, or null if the client did not authenticate. 0N/A * Returns the certificate chain with which the server 0N/A * authenticated itself, or throw a SSLPeerUnverifiedException 0N/A * if the server did not authenticate. 0N/A * Returns the X.509 certificate chain with which the server 0N/A * authenticated itself, or null if the server did not authenticate. 0N/A * Returns the principal with which the server authenticated 0N/A * itself, or throw a SSLPeerUnverifiedException if the 0N/A * server did not authenticate. 0N/A // if the provider does not support it, fallback to peer certs. 0N/A // return the X500Principal of the end-entity cert. 0N/A * Returns the principal the client sent to the 0N/A * server, or null if the client did not authenticate. 0N/A // if the provider does not support it, fallback to local certs. 0N/A // return the X500Principal of the end-entity cert. 0N/A * This method implements the SSL HandshakeCompleted callback, 0N/A * remembering the resulting session so that it may be queried 0N/A * for the current cipher suite and peer certificates. Servers 0N/A * sometimes re-initiate handshaking, so the session in use on 0N/A * a given connection may change. When sessions change, so may 0N/A * peer identities and cipher suites. 0N/A * @return the proxy host being used for this client, or null 0N/A * if we're not going through a proxy 0N/A * @return the proxy port being used for this client. Meaningless 0N/A * if getProxyHostUsed() gives null.