Path: blob/master/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java
41159 views
/*1* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package javax.net.ssl;2627import java.net.URL;28import java.net.HttpURLConnection;29import java.security.Principal;30import java.security.cert.X509Certificate;31import java.util.Optional;3233/**34* <code>HttpsURLConnection</code> extends <code>HttpURLConnection</code>35* with support for https-specific features.36* <P>37* See <A HREF="http://www.w3.org/pub/WWW/Protocols/">38* http://www.w3.org/pub/WWW/Protocols/</A> and39* <A HREF="http://www.ietf.org/"> RFC 2818 </A>40* for more details on the41* https specification.42* <P>43* This class uses <code>HostnameVerifier</code> and44* <code>SSLSocketFactory</code>.45* There are default implementations defined for both classes.46* However, the implementations can be replaced on a per-class (static) or47* per-instance basis. All new <code>HttpsURLConnection</code>s instances48* will be assigned49* the "default" static values at instance creation, but they can be overridden50* by calling the appropriate per-instance set method(s) before51* <code>connect</code>ing.52*53* @since 1.454*/55public abstract class HttpsURLConnection extends HttpURLConnection {56/**57* Creates an <code>HttpsURLConnection</code> using the58* URL specified.59*60* @param url the URL61*/62protected HttpsURLConnection(URL url) {63super(url);64}6566/**67* Returns the cipher suite in use on this connection.68*69* @return the cipher suite70* @throws IllegalStateException if this method is called before71* the connection has been established.72*/73public abstract String getCipherSuite();7475/**76* Returns the certificate(s) that were sent to the server during77* handshaking.78* <P>79* Note: This method is useful only when using certificate-based80* cipher suites.81* <P>82* When multiple certificates are available for use in a83* handshake, the implementation chooses what it considers the84* "best" certificate chain available, and transmits that to85* the other side. This method allows the caller to know86* which certificate chain was actually sent.87*88* @return an ordered array of certificates,89* with the client's own certificate first followed by any90* certificate authorities. If no certificates were sent,91* then null is returned.92* @throws IllegalStateException if this method is called before93* the connection has been established.94* @see #getLocalPrincipal()95*/96public abstract java.security.cert.Certificate [] getLocalCertificates();9798/**99* Returns the server's certificate chain which was established100* as part of defining the session.101* <P>102* Note: This method can be used only when using certificate-based103* cipher suites; using it with non-certificate-based cipher suites,104* such as Kerberos, will throw an SSLPeerUnverifiedException.105* <P>106* Note: The returned value may not be a valid certificate chain107* and should not be relied on for trust decisions.108*109* @return an ordered array of server certificates,110* with the peer's own certificate first followed by111* any certificate authorities.112* @throws SSLPeerUnverifiedException if the peer is not verified.113* @throws IllegalStateException if this method is called before114* the connection has been established.115* @see #getPeerPrincipal()116*/117public abstract java.security.cert.Certificate [] getServerCertificates()118throws SSLPeerUnverifiedException;119120/**121* Returns the server's principal which was established as part of122* defining the session.123* <P>124* Note: Subclasses should override this method. If not overridden, it125* will default to returning the X500Principal of the server's end-entity126* certificate for certificate-based ciphersuites, or throw an127* SSLPeerUnverifiedException for non-certificate based ciphersuites,128* such as Kerberos.129*130* @return the server's principal. Returns an X500Principal of the131* end-entity certiticate for X509-based cipher suites, and132* KerberosPrincipal for Kerberos cipher suites.133*134* @throws SSLPeerUnverifiedException if the peer was not verified135* @throws IllegalStateException if this method is called before136* the connection has been established.137*138* @see #getServerCertificates()139* @see #getLocalPrincipal()140*141* @since 1.5142*/143public Principal getPeerPrincipal()144throws SSLPeerUnverifiedException {145146java.security.cert.Certificate[] certs = getServerCertificates();147return ((X509Certificate)certs[0]).getSubjectX500Principal();148}149150/**151* Returns the principal that was sent to the server during handshaking.152* <P>153* Note: Subclasses should override this method. If not overridden, it154* will default to returning the X500Principal of the end-entity certificate155* that was sent to the server for certificate-based ciphersuites or,156* return null for non-certificate based ciphersuites, such as Kerberos.157*158* @return the principal sent to the server. Returns an X500Principal159* of the end-entity certificate for X509-based cipher suites, and160* KerberosPrincipal for Kerberos cipher suites. If no principal was161* sent, then null is returned.162*163* @throws IllegalStateException if this method is called before164* the connection has been established.165*166* @see #getLocalCertificates()167* @see #getPeerPrincipal()168*169* @since 1.5170*/171public Principal getLocalPrincipal() {172173java.security.cert.Certificate[] certs = getLocalCertificates();174if (certs != null) {175return ((X509Certificate)certs[0]).getSubjectX500Principal();176} else {177return null;178}179}180181/**182* <code>HostnameVerifier</code> provides a callback mechanism so that183* implementers of this interface can supply a policy for184* handling the case where the host to connect to and185* the server name from the certificate mismatch.186* <p>187* The default implementation will deny such connections.188*/189private static HostnameVerifier defaultHostnameVerifier =190new DefaultHostnameVerifier();191192/*193* The initial default <code>HostnameVerifier</code>. Should be194* updated for another other type of <code>HostnameVerifier</code>195* that are created.196*/197private static class DefaultHostnameVerifier198implements HostnameVerifier {199@Override200public boolean verify(String hostname, SSLSession session) {201return false;202}203}204205/**206* The <code>hostnameVerifier</code> for this object.207*/208protected HostnameVerifier hostnameVerifier = defaultHostnameVerifier;209210/**211* Sets the default <code>HostnameVerifier</code> inherited by a212* new instance of this class.213* <P>214* If this method is not called, the default215* <code>HostnameVerifier</code> assumes the connection should not216* be permitted.217*218* @param v the default host name verifier219* @throws IllegalArgumentException if the <code>HostnameVerifier</code>220* parameter is null.221* @throws SecurityException if a security manager exists and its222* <code>checkPermission</code> method does not allow223* <code>SSLPermission("setHostnameVerifier")</code>224* @see #getDefaultHostnameVerifier()225*/226public static void setDefaultHostnameVerifier(HostnameVerifier v) {227if (v == null) {228throw new IllegalArgumentException(229"no default HostnameVerifier specified");230}231232@SuppressWarnings("removal")233SecurityManager sm = System.getSecurityManager();234if (sm != null) {235sm.checkPermission(new SSLPermission("setHostnameVerifier"));236}237defaultHostnameVerifier = v;238}239240/**241* Gets the default <code>HostnameVerifier</code> that is inherited242* by new instances of this class.243*244* @return the default host name verifier245* @see #setDefaultHostnameVerifier(HostnameVerifier)246*/247public static HostnameVerifier getDefaultHostnameVerifier() {248return defaultHostnameVerifier;249}250251/**252* Sets the <code>HostnameVerifier</code> for this instance.253* <P>254* New instances of this class inherit the default static hostname255* verifier set by {@link #setDefaultHostnameVerifier(HostnameVerifier)256* setDefaultHostnameVerifier}. Calls to this method replace257* this object's <code>HostnameVerifier</code>.258*259* @param v the host name verifier260* @throws IllegalArgumentException if the <code>HostnameVerifier</code>261* parameter is null.262* @see #getHostnameVerifier()263* @see #setDefaultHostnameVerifier(HostnameVerifier)264*/265public void setHostnameVerifier(HostnameVerifier v) {266if (v == null) {267throw new IllegalArgumentException(268"no HostnameVerifier specified");269}270271hostnameVerifier = v;272}273274/**275* Gets the <code>HostnameVerifier</code> in place on this instance.276*277* @return the host name verifier278* @see #setHostnameVerifier(HostnameVerifier)279* @see #setDefaultHostnameVerifier(HostnameVerifier)280*/281public HostnameVerifier getHostnameVerifier() {282return hostnameVerifier;283}284285private static SSLSocketFactory defaultSSLSocketFactory = null;286287/**288* The <code>SSLSocketFactory</code> inherited when an instance289* of this class is created.290*/291private SSLSocketFactory sslSocketFactory = getDefaultSSLSocketFactory();292293/**294* Sets the default <code>SSLSocketFactory</code> inherited by new295* instances of this class.296* <P>297* The socket factories are used when creating sockets for secure298* https URL connections.299*300* @param sf the default SSL socket factory301* @throws IllegalArgumentException if the SSLSocketFactory302* parameter is null.303* @throws SecurityException if a security manager exists and its304* <code>checkSetFactory</code> method does not allow305* a socket factory to be specified.306* @see #getDefaultSSLSocketFactory()307*/308public static void setDefaultSSLSocketFactory(SSLSocketFactory sf) {309if (sf == null) {310throw new IllegalArgumentException(311"no default SSLSocketFactory specified");312}313314@SuppressWarnings("removal")315SecurityManager sm = System.getSecurityManager();316if (sm != null) {317sm.checkSetFactory();318}319defaultSSLSocketFactory = sf;320}321322/**323* Gets the default static <code>SSLSocketFactory</code> that is324* inherited by new instances of this class.325* <P>326* The socket factories are used when creating sockets for secure327* https URL connections.328*329* @return the default <code>SSLSocketFactory</code>330* @see #setDefaultSSLSocketFactory(SSLSocketFactory)331*/332public static SSLSocketFactory getDefaultSSLSocketFactory() {333if (defaultSSLSocketFactory == null) {334defaultSSLSocketFactory =335(SSLSocketFactory)SSLSocketFactory.getDefault();336}337return defaultSSLSocketFactory;338}339340/**341* Sets the <code>SSLSocketFactory</code> to be used when this instance342* creates sockets for secure https URL connections.343* <P>344* New instances of this class inherit the default static345* <code>SSLSocketFactory</code> set by346* {@link #setDefaultSSLSocketFactory(SSLSocketFactory)347* setDefaultSSLSocketFactory}. Calls to this method replace348* this object's <code>SSLSocketFactory</code>.349*350* @param sf the SSL socket factory351* @throws IllegalArgumentException if the <code>SSLSocketFactory</code>352* parameter is null.353* @throws SecurityException if a security manager exists and its354* <code>checkSetFactory</code> method does not allow355* a socket factory to be specified.356* @see #getSSLSocketFactory()357*/358public void setSSLSocketFactory(SSLSocketFactory sf) {359if (sf == null) {360throw new IllegalArgumentException(361"no SSLSocketFactory specified");362}363364@SuppressWarnings("removal")365SecurityManager sm = System.getSecurityManager();366if (sm != null) {367sm.checkSetFactory();368}369sslSocketFactory = sf;370}371372/**373* Gets the SSL socket factory to be used when creating sockets374* for secure https URL connections.375*376* @return the <code>SSLSocketFactory</code>377* @see #setSSLSocketFactory(SSLSocketFactory)378*/379public SSLSocketFactory getSSLSocketFactory() {380return sslSocketFactory;381}382383/**384* Returns an {@link Optional} containing the {@code SSLSession} in385* use on this connection. Returns an empty {@code Optional} if the386* underlying implementation does not support this method.387*388* @implSpec For compatibility, the default implementation of this389* method returns an empty {@code Optional}. Subclasses390* should override this method with an appropriate391* implementation since an application may need to access392* additional parameters associated with the SSL session.393*394* @return an {@link Optional} containing the {@code SSLSession} in395* use on this connection.396*397* @throws IllegalStateException if this method is called before398* the connection has been established399*400* @see SSLSession401*402* @since 12403*/404public Optional<SSLSession> getSSLSession() {405return Optional.empty();406}407}408409410