Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/src/java.base/share/classes/javax/net/ssl/SSLSocket.java
41159 views
1
/*

2
 * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.  Oracle designates this

8
 * particular file as subject to the "Classpath" exception as provided

9
 * by Oracle in the LICENSE file that accompanied this code.

10
 *

11
 * This code is distributed in the hope that it will be useful, but WITHOUT

12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14
 * version 2 for more details (a copy is included in the LICENSE file that

15
 * accompanied this code).

16
 *

17
 * You should have received a copy of the GNU General Public License version

18
 * 2 along with this work; if not, write to the Free Software Foundation,

19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20
 *

21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22
 * or visit www.oracle.com if you need additional information or have any

23
 * questions.

24
 */

25


26


27
package javax.net.ssl;

28


29
import java.io.IOException;

30
import java.net.*;

31
import java.util.List;

32
import java.util.function.BiFunction;

33


34
/**

35
 * This class extends <code>Socket</code> and provides secure

36
 * sockets using protocols such as the "Secure

37
 * Sockets Layer" (SSL) or IETF "Transport Layer Security" (TLS) protocols.

38
 * <P>

39
 * Such sockets are normal stream sockets, but they

40
 * add a layer of security protections over the underlying network transport

41
 * protocol, such as TCP.  Those protections include: <UL>

42
 *

43
 *      <LI> <em>Integrity Protection</em>.  SSL protects against

44
 *      modification of messages by an active wiretapper.

45
 *

46
 *      <LI> <em>Authentication</em>.  In most modes, SSL provides

47
 *      peer authentication.  Servers are usually authenticated,

48
 *      and clients may be authenticated as requested by servers.

49
 *

50
 *      <LI> <em>Confidentiality (Privacy Protection)</em>.  In most

51
 *      modes, SSL encrypts data being sent between client and server.

52
 *      This protects the confidentiality of data, so that passive

53
 *      wiretappers won't see sensitive data such as financial

54
 *      information or personal information of many kinds.

55
 *

56
 *      </UL>

57
 *

58
 * <P>These kinds of protection are specified by a "cipher suite", which

59
 * is a combination of cryptographic algorithms used by a given SSL connection.

60
 * During the negotiation process, the two endpoints must agree on

61
 * a ciphersuite that is available in both environments.

62
 * If there is no such suite in common, no SSL connection can

63
 * be established, and no data can be exchanged.

64
 *

65
 * <P> The cipher suite used is established by a negotiation process

66
 * called "handshaking".  The goal of this

67
 * process is to create or rejoin a "session", which may protect many

68
 * connections over time.  After handshaking has completed, you can access

69
 * session attributes by using the <em>getSession</em> method.

70
 * The initial handshake on this connection can be initiated in

71
 * one of three ways: <UL>

72
 *

73
 *      <LI> calling <code>startHandshake</code> which explicitly

74
 *              begins handshakes, or

75
 *      <LI> any attempt to read or write application data on

76
 *              this socket causes an implicit handshake, or

77
 *      <LI> a call to <code>getSession</code> tries to set up a session

78
 *              if there is no currently valid session, and

79
 *              an implicit handshake is done.

80
 * </UL>

81
 *

82
 * <P>If handshaking fails for any reason, the <code>SSLSocket</code>

83
 * is closed, and no further communications can be done.

84
 *

85
 * <P>There are two groups of cipher suites which you will need to know

86
 * about when managing cipher suites: <UL>

87
 *

88
 *      <LI> <em>Supported</em> cipher suites:  all the suites which are

89
 *      supported by the SSL implementation.  This list is reported

90
 *      using <em>getSupportedCipherSuites</em>.

91
 *

92
 *      <LI> <em>Enabled</em> cipher suites, which may be fewer

93
 *      than the full set of supported suites.  This group is

94
 *      set using the <em>setEnabledCipherSuites</em> method, and

95
 *      queried using the <em>getEnabledCipherSuites</em> method.

96
 *      Initially, a default set of cipher suites will be enabled on

97
 *      a new socket that represents the minimum suggested configuration.

98
 *

99
 *      </UL>

100
 *

101
 * <P> Implementation defaults require that only cipher

102
 * suites which authenticate servers and provide confidentiality

103
 * be enabled by default.

104
 * Only if both sides explicitly agree to unauthenticated and/or

105
 * non-private (unencrypted) communications will such a ciphersuite be

106
 * selected.

107
 *

108
 * <P>When an <code>SSLSocket</code> is first created, no handshaking

109
 * is done so that applications may first set their communication

110
 * preferences:  what cipher suites to use, whether the socket should be

111
 * in client or server mode, etc.

112
 * However, security is always provided by the time that application data

113
 * is sent over the connection.

114
 *

115
 * <P> You may register to receive event notification of handshake

116
 * completion.  This involves

117
 * the use of two additional classes.  <em>HandshakeCompletedEvent</em>

118
 * objects are passed to <em>HandshakeCompletedListener</em> instances,

119
 * which are registered by users of this API.

120
 *

121
 * An <code>SSLSocket</code> is created by <code>SSLSocketFactory</code>,

122
 * or by <code>accept</code>ing a connection from a

123
 * <code>SSLServerSocket</code>.

124
 *

125
 * <P>A SSL socket must choose to operate in the client or server mode.

126
 * This will determine who begins the handshaking process, as well

127
 * as which messages should be sent by each party.  Each

128
 * connection must have one client and one server, or handshaking

129
 * will not progress properly.  Once the initial handshaking has started, a

130
 * socket can not switch between client and server modes, even when

131
 * performing renegotiations.

132
 *

133
 * <P> The ApplicationProtocol {@code String} values returned by the methods

134
 * in this class are in the network byte representation sent by the peer.

135
 * The bytes could be directly compared, or converted to its Unicode

136
 * {code String} format for comparison.

137
 *

138
 * <blockquote><pre>

139
 *     String networkString = sslSocket.getHandshakeApplicationProtocol();

140
 *     byte[] bytes = networkString.getBytes(StandardCharsets.ISO_8859_1);

141
 *

142
 *     //

143
 *     // Match using bytes:

144
 *     //

145
 *     //   "http/1.1"                       (7-bit ASCII values same in UTF-8)

146
 *     //   MEETEI MAYEK LETTERS "HUK UN I"  (Unicode 0xabcd->0xabcf)

147
 *     //

148
 *     String HTTP1_1 = "http/1.1";

149
 *     byte[] HTTP1_1_BYTES = HTTP1_1.getBytes(StandardCharsets.UTF_8);

150
 *

151
 *     byte[] HUK_UN_I_BYTES = new byte[] {

152
 *         (byte) 0xab, (byte) 0xcd,

153
 *         (byte) 0xab, (byte) 0xce,

154
 *         (byte) 0xab, (byte) 0xcf};

155
 *

156
 *     if ((Arrays.compare(bytes, HTTP1_1_BYTES) == 0 )

157
 *             || Arrays.compare(bytes, HUK_UN_I_BYTES) == 0) {

158
 *        ...

159
 *     }

160
 *

161
 *     //

162
 *     // Alternatively match using string.equals() if we know the ALPN value

163
 *     // was encoded from a {@code String} using a certain character set,

164
 *     // for example {@code UTF-8}.  The ALPN value must first be properly

165
 *     // decoded to a Unicode {@code String} before use.

166
 *     //

167
 *     String unicodeString = new String(bytes, StandardCharsets.UTF_8);

168
 *     if (unicodeString.equals(HTTP1_1)

169
 *             || unicodeString.equals("\u005cuabcd\u005cuabce\u005cuabcf")) {

170
 *         ...

171
 *     }

172
 * </pre></blockquote>

173
 *

174
 * @apiNote

175
 * When the connection is no longer needed, the client and server

176
 * applications should each close both sides of their respective connection.

177
 * For {@code SSLSocket} objects, for example, an application can call

178
 * {@link Socket#shutdownOutput()} or {@link java.io.OutputStream#close()}

179
 * for output stream close and call {@link Socket#shutdownInput()} or

180
 * {@link java.io.InputStream#close()} for input stream close.  Note that

181
 * in some cases, closing the input stream may depend on the peer's output

182
 * stream being closed first.  If the connection is not closed in an orderly

183
 * manner (for example {@link Socket#shutdownInput()} is called before the

184
 * peer's write closure notification has been received), exceptions may

185
 * be raised to indicate that an error has occurred.  Once an

186
 * {@code SSLSocket} is closed, it is not reusable: a new {@code SSLSocket}

187
 * must be created.

188
 *

189
 * @see java.net.Socket

190
 * @see SSLServerSocket

191
 * @see SSLSocketFactory

192
 *

193
 * @since 1.4

194
 * @author David Brownell

195
 */

196
public abstract class SSLSocket extends Socket

197
{

198
    /**

199
     * Used only by subclasses.

200
     * Constructs an uninitialized, unconnected TCP socket.

201
     */

202
    protected SSLSocket()

203
        { super(); }

204


205


206
    /**

207
     * Used only by subclasses.

208
     * Constructs a TCP connection to a named host at a specified port.

209
     * This acts as the SSL client.

210
     * <p>

211
     * If there is a security manager, its <code>checkConnect</code>

212
     * method is called with the host address and <code>port</code>

213
     * as its arguments. This could result in a SecurityException.

214
     *

215
     * @param host name of the host with which to connect, or

216
     *        <code>null</code> for the loopback address.

217
     * @param port number of the server's port

218
     * @throws IOException if an I/O error occurs when creating the socket

219
     * @throws SecurityException if a security manager exists and its

220
     *         <code>checkConnect</code> method doesn't allow the operation.

221
     * @throws UnknownHostException if the host is not known

222
     * @throws IllegalArgumentException if the port parameter is outside the

223
     *         specified range of valid port values, which is between 0 and

224
     *         65535, inclusive.

225
     * @see SecurityManager#checkConnect

226
     */

227
    protected SSLSocket(String host, int port)

228
    throws IOException, UnknownHostException

229
        { super(host, port); }

230


231


232
    /**

233
     * Used only by subclasses.

234
     * Constructs a TCP connection to a server at a specified address

235
     * and port.  This acts as the SSL client.

236
     * <p>

237
     * If there is a security manager, its <code>checkConnect</code>

238
     * method is called with the host address and <code>port</code>

239
     * as its arguments. This could result in a SecurityException.

240
     *

241
     * @param address the server's host

242
     * @param port its port

243
     * @throws IOException if an I/O error occurs when creating the socket

244
     * @throws SecurityException if a security manager exists and its

245
     *         <code>checkConnect</code> method doesn't allow the operation.

246
     * @throws IllegalArgumentException if the port parameter is outside the

247
     *         specified range of valid port values, which is between 0 and

248
     *         65535, inclusive.

249
     * @throws NullPointerException if <code>address</code> is null.

250
     * @see SecurityManager#checkConnect

251
     */

252
    protected SSLSocket(InetAddress address, int port)

253
    throws IOException

254
        { super(address, port); }

255


256


257
    /**

258
     * Used only by subclasses.

259
     * Constructs an SSL connection to a named host at a specified port,

260
     * binding the client side of the connection a given address and port.

261
     * This acts as the SSL client.

262
     * <p>

263
     * If there is a security manager, its <code>checkConnect</code>

264
     * method is called with the host address and <code>port</code>

265
     * as its arguments. This could result in a SecurityException.

266
     *

267
     * @param host name of the host with which to connect, or

268
     *        <code>null</code> for the loopback address.

269
     * @param port number of the server's port

270
     * @param clientAddress the client's address the socket is bound to, or

271
     *        <code>null</code> for the <code>anyLocal</code> address.

272
     * @param clientPort the client's port the socket is bound to, or

273
     *        <code>zero</code> for a system selected free port.

274
     * @throws IOException if an I/O error occurs when creating the socket

275
     * @throws SecurityException if a security manager exists and its

276
     *         <code>checkConnect</code> method doesn't allow the operation.

277
     * @throws UnknownHostException if the host is not known

278
     * @throws IllegalArgumentException if the port parameter or clientPort

279
     *         parameter is outside the specified range of valid port values,

280
     *         which is between 0 and 65535, inclusive.

281
     * @see SecurityManager#checkConnect

282
     */

283
    protected SSLSocket(String host, int port,

284
        InetAddress clientAddress, int clientPort)

285
    throws IOException, UnknownHostException

286
        { super(host, port, clientAddress, clientPort); }

287


288


289
    /**

290
     * Used only by subclasses.

291
     * Constructs an SSL connection to a server at a specified address

292
     * and TCP port, binding the client side of the connection a given

293
     * address and port.  This acts as the SSL client.

294
     * <p>

295
     * If there is a security manager, its <code>checkConnect</code>

296
     * method is called with the host address and <code>port</code>

297
     * as its arguments. This could result in a SecurityException.

298
     *

299
     * @param address the server's host

300
     * @param port its port

301
     * @param clientAddress the client's address the socket is bound to, or

302
     *        <code>null</code> for the <code>anyLocal</code> address.

303
     * @param clientPort the client's port the socket is bound to, or

304
     *        <code>zero</code> for a system selected free port.

305
     * @throws IOException if an I/O error occurs when creating the socket

306
     * @throws SecurityException if a security manager exists and its

307
     *         <code>checkConnect</code> method doesn't allow the operation.

308
     * @throws IllegalArgumentException if the port parameter or clientPort

309
     *         parameter is outside the specified range of valid port values,

310
     *         which is between 0 and 65535, inclusive.

311
     * @throws NullPointerException if <code>address</code> is null.

312
     * @see SecurityManager#checkConnect

313
     */

314
    protected SSLSocket(InetAddress address, int port,

315
        InetAddress clientAddress, int clientPort)

316
    throws IOException

317
        { super(address, port, clientAddress, clientPort); }

318


319


320
    /**

321
     * Returns the names of the cipher suites which could be enabled for use

322
     * on this connection.  Normally, only a subset of these will actually

323
     * be enabled by default, since this list may include cipher suites which

324
     * do not meet quality of service requirements for those defaults.  Such

325
     * cipher suites might be useful in specialized applications.

326
     * <P>

327
     * The returned array includes cipher suites from the list of standard

328
     * cipher suite names in the <a href=

329
     * "{@docRoot}/../specs/security/standard-names.html#jsse-cipher-suite-names">

330
     * JSSE Cipher Suite Names</a> section of the Java Cryptography

331
     * Architecture Standard Algorithm Name Documentation, and may also

332
     * include other cipher suites that the provider supports.

333
     *

334
     * @return an array of cipher suite names

335
     * @see #getEnabledCipherSuites()

336
     * @see #setEnabledCipherSuites(String [])

337
     */

338
    public abstract String [] getSupportedCipherSuites();

339


340


341
    /**

342
     * Returns the names of the SSL cipher suites which are currently

343
     * enabled for use on this connection.  When an SSLSocket is first

344
     * created, all enabled cipher suites support a minimum quality of

345
     * service.  Thus, in some environments this value might be empty.

346
     * <P>

347
     * Note that even if a suite is enabled, it may never be used. This

348
     * can occur if the peer does not support it, or its use is restricted,

349
     * or the requisite certificates (and private keys) for the suite are

350
     * not available, or an anonymous suite is enabled but authentication

351
     * is required.

352
     * <P>

353
     * The returned array includes cipher suites from the list of standard

354
     * cipher suite names in the <a href=

355
     * "{@docRoot}/../specs/security/standard-names.html#jsse-cipher-suite-names">

356
     * JSSE Cipher Suite Names</a> section of the Java Cryptography

357
     * Architecture Standard Algorithm Name Documentation, and may also

358
     * include other cipher suites that the provider supports.

359
     *

360
     * @return an array of cipher suite names

361
     * @see #getSupportedCipherSuites()

362
     * @see #setEnabledCipherSuites(String [])

363
     */

364
    public abstract String [] getEnabledCipherSuites();

365


366


367
    /**

368
     * Sets the cipher suites enabled for use on this connection.

369
     * <P>

370
     * Each cipher suite in the <code>suites</code> parameter must have

371
     * been listed by getSupportedCipherSuites(), or the method will

372
     * fail.  Following a successful call to this method, only suites

373
     * listed in the <code>suites</code> parameter are enabled for use.

374
     * <P>

375
     * Note that the standard list of cipher suite names may be found in the

376
     * <a href=

377
     * "{@docRoot}/../specs/security/standard-names.html#jsse-cipher-suite-names">

378
     * JSSE Cipher Suite Names</a> section of the Java Cryptography

379
     * Architecture Standard Algorithm Name Documentation.  Providers

380
     * may support cipher suite names not found in this list or might not

381
     * use the recommended name for a certain cipher suite.

382
     * <P>

383
     * See {@link #getEnabledCipherSuites()} for more information

384
     * on why a specific ciphersuite may never be used on a connection.

385
     *

386
     * @param suites Names of all the cipher suites to enable

387
     * @throws IllegalArgumentException when one or more of the ciphers

388
     *          named by the parameter is not supported, or when the

389
     *          parameter is null.

390
     * @see #getSupportedCipherSuites()

391
     * @see #getEnabledCipherSuites()

392
     */

393
    public abstract void setEnabledCipherSuites(String suites []);

394


395


396
    /**

397
     * Returns the names of the protocols which could be enabled for use

398
     * on an SSL connection.

399
     *

400
     * @return an array of protocols supported

401
     */

402
    public abstract String [] getSupportedProtocols();

403


404


405
    /**

406
     * Returns the names of the protocol versions which are currently

407
     * enabled for use on this connection.

408
     * <P>

409
     * Note that even if a protocol is enabled, it may never be used.

410
     * This can occur if the peer does not support the protocol, or its

411
     * use is restricted, or there are no enabled cipher suites supported

412
     * by the protocol.

413
     *

414
     * @see #setEnabledProtocols(String [])

415
     * @return an array of protocols

416
     */

417
    public abstract String [] getEnabledProtocols();

418


419


420
    /**

421
     * Sets the protocol versions enabled for use on this connection.

422
     * <P>

423
     * The protocols must have been listed by

424
     * <code>getSupportedProtocols()</code> as being supported.

425
     * Following a successful call to this method, only protocols listed

426
     * in the <code>protocols</code> parameter are enabled for use.

427
     *

428
     * @param protocols Names of all the protocols to enable.

429
     * @throws IllegalArgumentException when one or more of

430
     *            the protocols named by the parameter is not supported or

431
     *            when the protocols parameter is null.

432
     * @see #getEnabledProtocols()

433
     */

434
    public abstract void setEnabledProtocols(String protocols[]);

435


436


437
    /**

438
     * Returns the SSL Session in use by this connection.  These can

439
     * be long lived, and frequently correspond to an entire login session

440
     * for some user.  The session specifies a particular cipher suite

441
     * which is being actively used by all connections in that session,

442
     * as well as the identities of the session's client and server.

443
     * <P>

444
     * This method will initiate the initial handshake if

445
     * necessary and then block until the handshake has been

446
     * established.

447
     * <P>

448
     * If an error occurs during the initial handshake, this method

449
     * returns an invalid session object which reports an invalid

450
     * cipher suite of "SSL_NULL_WITH_NULL_NULL".

451
     *

452
     * @return the <code>SSLSession</code>

453
     */

454
    public abstract SSLSession getSession();

455


456


457
    /**

458
     * Returns the {@code SSLSession} being constructed during a SSL/TLS

459
     * handshake.

460
     * <p>

461
     * TLS protocols may negotiate parameters that are needed when using

462
     * an instance of this class, but before the {@code SSLSession} has

463
     * been completely initialized and made available via {@code getSession}.

464
     * For example, the list of valid signature algorithms may restrict

465
     * the type of certificates that can be used during TrustManager

466
     * decisions, or the maximum TLS fragment packet sizes can be

467
     * resized to better support the network environment.

468
     * <p>

469
     * This method provides early access to the {@code SSLSession} being

470
     * constructed.  Depending on how far the handshake has progressed,

471
     * some data may not yet be available for use.  For example, if a

472
     * remote server will be sending a Certificate chain, but that chain

473
     * has yet not been processed, the {@code getPeerCertificates}

474
     * method of {@code SSLSession} will throw a

475
     * SSLPeerUnverifiedException.  Once that chain has been processed,

476
     * {@code getPeerCertificates} will return the proper value.

477
     * <p>

478
     * Unlike {@link #getSession()}, this method does not initiate the

479
     * initial handshake and does not block until handshaking is

480
     * complete.

481
     *

482
     * @see SSLEngine

483
     * @see SSLSession

484
     * @see ExtendedSSLSession

485
     * @see X509ExtendedKeyManager

486
     * @see X509ExtendedTrustManager

487
     *

488
     * @return null if this instance is not currently handshaking, or

489
     *         if the current handshake has not progressed far enough to

490
     *         create a basic SSLSession.  Otherwise, this method returns the

491
     *         {@code SSLSession} currently being negotiated.

492
     * @throws UnsupportedOperationException if the underlying provider

493
     *         does not implement the operation.

494
     *

495
     * @since 1.7

496
     */

497
    public SSLSession getHandshakeSession() {

498
        throw new UnsupportedOperationException();

499
    }

500


501


502
    /**

503
     * Registers an event listener to receive notifications that an

504
     * SSL handshake has completed on this connection.

505
     *

506
     * @param listener the HandShake Completed event listener

507
     * @see #startHandshake()

508
     * @see #removeHandshakeCompletedListener(HandshakeCompletedListener)

509
     * @throws IllegalArgumentException if the argument is null.

510
     */

511
    public abstract void addHandshakeCompletedListener(

512
        HandshakeCompletedListener listener);

513


514


515
    /**

516
     * Removes a previously registered handshake completion listener.

517
     *

518
     * @param listener the HandShake Completed event listener

519
     * @throws IllegalArgumentException if the listener is not registered,

520
     * or the argument is null.

521
     * @see #addHandshakeCompletedListener(HandshakeCompletedListener)

522
     */

523
    public abstract void removeHandshakeCompletedListener(

524
        HandshakeCompletedListener listener);

525


526


527
    /**

528
     * Starts an SSL handshake on this connection.  Common reasons include

529
     * a need to use new encryption keys, to change cipher suites, or to

530
     * initiate a new session.  To force complete reauthentication, the

531
     * current session could be invalidated before starting this handshake.

532
     *

533
     * <P> If data has already been sent on the connection, it continues

534
     * to flow during this handshake.  When the handshake completes, this

535
     * will be signaled with an event.

536
     *

537
     * This method is synchronous for the initial handshake on a connection

538
     * and returns when the negotiated handshake is complete. Some

539
     * protocols may not support multiple handshakes on an existing socket

540
     * and may throw an IOException.

541
     *

542
     * @throws IOException on a network level error

543
     * @see #addHandshakeCompletedListener(HandshakeCompletedListener)

544
     */

545
    public abstract void startHandshake() throws IOException;

546


547


548
    /**

549
     * Configures the socket to use client (or server) mode when

550
     * handshaking.

551
     * <P>

552
     * This method must be called before any handshaking occurs.

553
     * Once handshaking has begun, the mode can not be reset for the

554
     * life of this socket.

555
     * <P>

556
     * Servers normally authenticate themselves, and clients

557
     * are not required to do so.

558
     *

559
     * @param mode true if the socket should start its handshaking

560
     *          in "client" mode

561
     * @throws IllegalArgumentException if a mode change is attempted

562
     *          after the initial handshake has begun.

563
     * @see #getUseClientMode()

564
     */

565
    public abstract void setUseClientMode(boolean mode);

566


567


568
    /**

569
     * Returns true if the socket is set to use client mode when

570
     * handshaking.

571
     *

572
     * @return true if the socket should do handshaking

573
     *          in "client" mode

574
     * @see #setUseClientMode(boolean)

575
     */

576
    public abstract boolean getUseClientMode();

577


578


579
    /**

580
     * Configures the socket to <i>require</i> client authentication.  This

581
     * option is only useful for sockets in the server mode.

582
     * <P>

583
     * A socket's client authentication setting is one of the following:

584
     * <ul>

585
     * <li> client authentication required

586
     * <li> client authentication requested

587
     * <li> no client authentication desired

588
     * </ul>

589
     * <P>

590
     * Unlike {@link #setWantClientAuth(boolean)}, if this option is set and

591
     * the client chooses not to provide authentication information

592
     * about itself, <i>the negotiations will stop and the connection

593
     * will be dropped</i>.

594
     * <P>

595
     * Calling this method overrides any previous setting made by

596
     * this method or {@link #setWantClientAuth(boolean)}.

597
     *

598
     * @param   need set to true if client authentication is required,

599
     *          or false if no client authentication is desired.

600
     * @see #getNeedClientAuth()

601
     * @see #setWantClientAuth(boolean)

602
     * @see #getWantClientAuth()

603
     * @see #setUseClientMode(boolean)

604
     */

605
    public abstract void setNeedClientAuth(boolean need);

606


607


608
    /**

609
     * Returns true if the socket will <i>require</i> client authentication.

610
     * This option is only useful to sockets in the server mode.

611
     *

612
     * @return  true if client authentication is required,

613
     *          or false if no client authentication is desired.

614
     * @see #setNeedClientAuth(boolean)

615
     * @see #setWantClientAuth(boolean)

616
     * @see #getWantClientAuth()

617
     * @see #setUseClientMode(boolean)

618
     */

619
    public abstract boolean getNeedClientAuth();

620


621


622
    /**

623
     * Configures the socket to <i>request</i> client authentication.

624
     * This option is only useful for sockets in the server mode.

625
     * <P>

626
     * A socket's client authentication setting is one of the following:

627
     * <ul>

628
     * <li> client authentication required

629
     * <li> client authentication requested

630
     * <li> no client authentication desired

631
     * </ul>

632
     * <P>

633
     * Unlike {@link #setNeedClientAuth(boolean)}, if this option is set and

634
     * the client chooses not to provide authentication information

635
     * about itself, <i>the negotiations will continue</i>.

636
     * <P>

637
     * Calling this method overrides any previous setting made by

638
     * this method or {@link #setNeedClientAuth(boolean)}.

639
     *

640
     * @param   want set to true if client authentication is requested,

641
     *          or false if no client authentication is desired.

642
     * @see #getWantClientAuth()

643
     * @see #setNeedClientAuth(boolean)

644
     * @see #getNeedClientAuth()

645
     * @see #setUseClientMode(boolean)

646
     */

647
    public abstract void setWantClientAuth(boolean want);

648


649


650
    /**

651
     * Returns true if the socket will <i>request</i> client authentication.

652
     * This option is only useful for sockets in the server mode.

653
     *

654
     * @return  true if client authentication is requested,

655
     *          or false if no client authentication is desired.

656
     * @see #setNeedClientAuth(boolean)

657
     * @see #getNeedClientAuth()

658
     * @see #setWantClientAuth(boolean)

659
     * @see #setUseClientMode(boolean)

660
     */

661
    public abstract boolean getWantClientAuth();

662


663


664
    /**

665
     * Controls whether new SSL sessions may be established by this socket.

666
     * If session creations are not allowed, and there are no

667
     * existing sessions to resume, there will be no successful

668
     * handshaking.

669
     *

670
     * @param flag true indicates that sessions may be created; this

671
     *          is the default.  false indicates that an existing session

672
     *          must be resumed

673
     * @see #getEnableSessionCreation()

674
     */

675
    public abstract void setEnableSessionCreation(boolean flag);

676


677


678
    /**

679
     * Returns true if new SSL sessions may be established by this socket.

680
     *

681
     * @return true indicates that sessions may be created; this

682
     *          is the default.  false indicates that an existing session

683
     *          must be resumed

684
     * @see #setEnableSessionCreation(boolean)

685
     */

686
    public abstract boolean getEnableSessionCreation();

687


688
    /**

689
     * Returns the SSLParameters in effect for this SSLSocket.

690
     * The ciphersuites and protocols of the returned SSLParameters

691
     * are always non-null.

692
     *

693
     * @return the SSLParameters in effect for this SSLSocket.

694
     * @since 1.6

695
     */

696
    public SSLParameters getSSLParameters() {

697
        SSLParameters params = new SSLParameters();

698
        params.setCipherSuites(getEnabledCipherSuites());

699
        params.setProtocols(getEnabledProtocols());

700
        if (getNeedClientAuth()) {

701
            params.setNeedClientAuth(true);

702
        } else if (getWantClientAuth()) {

703
            params.setWantClientAuth(true);

704
        }

705
        return params;

706
    }

707


708
    /**

709
     * Applies SSLParameters to this socket.

710
     *

711
     * <p>This means:

712
     * <ul>

713
     * <li>If {@code params.getCipherSuites()} is non-null,

714
     *   {@code setEnabledCipherSuites()} is called with that value.</li>

715
     * <li>If {@code params.getProtocols()} is non-null,

716
     *   {@code setEnabledProtocols()} is called with that value.</li>

717
     * <li>If {@code params.getNeedClientAuth()} or

718
     *   {@code params.getWantClientAuth()} return {@code true},

719
     *   {@code setNeedClientAuth(true)} and

720
     *   {@code setWantClientAuth(true)} are called, respectively;

721
     *   otherwise {@code setWantClientAuth(false)} is called.</li>

722
     * <li>If {@code params.getServerNames()} is non-null, the socket will

723
     *   configure its server names with that value.</li>

724
     * <li>If {@code params.getSNIMatchers()} is non-null, the socket will

725
     *   configure its SNI matchers with that value.</li>

726
     * </ul>

727
     *

728
     * @param params the parameters

729
     * @throws IllegalArgumentException if the setEnabledCipherSuites() or

730
     *    the setEnabledProtocols() call fails

731
     * @since 1.6

732
     */

733
    public void setSSLParameters(SSLParameters params) {

734
        String[] s;

735
        s = params.getCipherSuites();

736
        if (s != null) {

737
            setEnabledCipherSuites(s);

738
        }

739
        s = params.getProtocols();

740
        if (s != null) {

741
            setEnabledProtocols(s);

742
        }

743
        if (params.getNeedClientAuth()) {

744
            setNeedClientAuth(true);

745
        } else if (params.getWantClientAuth()) {

746
            setWantClientAuth(true);

747
        } else {

748
            setWantClientAuth(false);

749
        }

750
    }

751


752
    /**

753
     * Returns the most recent application protocol value negotiated for this

754
     * connection.

755
     * <p>

756
     * If supported by the underlying SSL/TLS/DTLS implementation,

757
     * application name negotiation mechanisms such as <a

758
     * href="http://www.ietf.org/rfc/rfc7301.txt"> RFC 7301 </a>, the

759
     * Application-Layer Protocol Negotiation (ALPN), can negotiate

760
     * application-level values between peers.

761
     *

762
     * @implSpec

763
     * The implementation in this class throws

764
     * {@code UnsupportedOperationException} and performs no other action.

765
     *

766
     * @return null if it has not yet been determined if application

767
     *         protocols might be used for this connection, an empty

768
     *         {@code String} if application protocols values will not

769
     *         be used, or a non-empty application protocol {@code String}

770
     *         if a value was successfully negotiated.

771
     * @throws UnsupportedOperationException if the underlying provider

772
     *         does not implement the operation.

773
     * @since 9

774
     */

775
    public String getApplicationProtocol() {

776
        throw new UnsupportedOperationException();

777
    }

778


779
    /**

780
     * Returns the application protocol value negotiated on a SSL/TLS

781
     * handshake currently in progress.

782
     * <p>

783
     * Like {@link #getHandshakeSession()},

784
     * a connection may be in the middle of a handshake. The

785
     * application protocol may or may not yet be available.

786
     *

787
     * @implSpec

788
     * The implementation in this class throws

789
     * {@code UnsupportedOperationException} and performs no other action.

790
     *

791
     * @return null if it has not yet been determined if application

792
     *         protocols might be used for this handshake, an empty

793
     *         {@code String} if application protocols values will not

794
     *         be used, or a non-empty application protocol {@code String}

795
     *         if a value was successfully negotiated.

796
     * @throws UnsupportedOperationException if the underlying provider

797
     *         does not implement the operation.

798
     * @since 9

799
     */

800
    public String getHandshakeApplicationProtocol() {

801
        throw new UnsupportedOperationException();

802
    }

803


804


805
    /**

806
     * Registers a callback function that selects an application protocol

807
     * value for a SSL/TLS/DTLS handshake.

808
     * The function overrides any values supplied using

809
     * {@link SSLParameters#setApplicationProtocols

810
     * SSLParameters.setApplicationProtocols} and it supports the following

811
     * type parameters:

812
     * <blockquote>

813
     * <dl>

814
     * <dt> {@code SSLSocket}

815
     * <dd> The function's first argument allows the current {@code SSLSocket}

816
     *      to be inspected, including the handshake session and configuration

817
     *      settings.

818
     * <dt> {@code List<String>}

819
     * <dd> The function's second argument lists the application protocol names

820
     *      advertised by the TLS peer.

821
     * <dt> {@code String}

822
     * <dd> The function's result is an application protocol name, or null to

823
     *      indicate that none of the advertised names are acceptable.

824
     *      If the return value is an empty {@code String} then application

825
     *      protocol indications will not be used.

826
     *      If the return value is null (no value chosen) or is a value that

827
     *      was not advertised by the peer, the underlying protocol will

828
     *      determine what action to take. (For example, ALPN will send a

829
     *      "no_application_protocol" alert and terminate the connection.)

830
     * </dl>

831
     * </blockquote>

832
     *

833
     * For example, the following call registers a callback function that

834
     * examines the TLS handshake parameters and selects an application protocol

835
     * name:

836
     * <pre>{@code

837
     *     serverSocket.setHandshakeApplicationProtocolSelector(

838
     *         (serverSocket, clientProtocols) -> {

839
     *             SSLSession session = serverSocket.getHandshakeSession();

840
     *             return chooseApplicationProtocol(

841
     *                 serverSocket,

842
     *                 clientProtocols,

843
     *                 session.getProtocol(),

844
     *                 session.getCipherSuite());

845
     *         });

846
     * }</pre>

847
     *

848
     * @apiNote

849
     * This method should be called by TLS server applications before the TLS

850
     * handshake begins. Also, this {@code SSLSocket} should be configured with

851
     * parameters that are compatible with the application protocol selected by

852
     * the callback function. For example, enabling a poor choice of cipher

853
     * suites could result in no suitable application protocol.

854
     * See {@link SSLParameters}.

855
     *

856
     * @implSpec

857
     * The implementation in this class throws

858
     * {@code UnsupportedOperationException} and performs no other action.

859
     *

860
     * @param selector the callback function, or null to de-register.

861
     * @throws UnsupportedOperationException if the underlying provider

862
     *         does not implement the operation.

863
     * @since 9

864
     */

865
    public void setHandshakeApplicationProtocolSelector(

866
            BiFunction<SSLSocket, List<String>, String> selector) {

867
        throw new UnsupportedOperationException();

868
    }

869


870
    /**

871
     * Retrieves the callback function that selects an application protocol

872
     * value during a SSL/TLS/DTLS handshake.

873
     * See {@link #setHandshakeApplicationProtocolSelector

874
     * setHandshakeApplicationProtocolSelector}

875
     * for the function's type parameters.

876
     *

877
     * @implSpec

878
     * The implementation in this class throws

879
     * {@code UnsupportedOperationException} and performs no other action.

880
     *

881
     * @return the callback function, or null if none has been set.

882
     * @throws UnsupportedOperationException if the underlying provider

883
     *         does not implement the operation.

884
     * @since 9

885
     */

886
    public BiFunction<SSLSocket, List<String>, String>

887
            getHandshakeApplicationProtocolSelector() {

888
        throw new UnsupportedOperationException();

889
    }

890
}

891


892