org.openeuler.sun.security.ssl

类 SSLSocketImpl

java.lang.Object

java.net.Socket

javax.net.ssl.SSLSocket

org.openeuler.sun.security.ssl.BaseSSLSocketImpl

org.openeuler.sun.security.ssl.SSLSocketImpl

所有已实现的接口:

Closeable, AutoCloseable, SSLTransport

public final class SSLSocketImpl
extends BaseSSLSocketImpl
implements SSLTransport

Implementation of an SSL socket.

This is a normal connection type socket, implementing SSL over some lower level socket, such as TCP. Because it is layered over some lower level socket, it MUST override all default socket methods.

This API offers a non-traditional option for establishing SSL connections. You may first establish the connection directly, then pass that connection to the SSL socket constructor with a flag saying which role should be taken in the handshake protocol. (The two ends of the connection must not choose the same role!) This allows setup of SSL proxying or tunneling, and also allows the kind of "role reversal" that is required for most FTP data transfers.

作者:

David Brownell

另请参阅:

SSLSocket, SSLServerSocket

嵌套类概要

嵌套类

限定符和类型	类和说明
private class	SSLSocketImpl.AppInputStream InputStream for application data as returned by SSLSocket.getInputStream().
private class	SSLSocketImpl.AppOutputStream OutputStream for application data as returned by SSLSocket.getOutputStream().

字段概要

字段

限定符和类型	字段和说明
private SSLSocketImpl.AppInputStream	appInput
private SSLSocketImpl.AppOutputStream	appOutput
private boolean	autoClose
(专用程序包) TransportContext	conContext
private static int	DEFAULT_SKIP_TIMEOUT
private ReentrantLock	handshakeLock
private boolean	isConnected
private String	peerHost
private ReentrantLock	socketLock
(专用程序包) SSLContextImpl	sslContext
private boolean	tlsIsClosed
private static boolean	trustNameService

从类继承的字段 org.openeuler.sun.security.ssl.BaseSSLSocketImpl

requireCloseNotify

构造器概要

构造器

构造器和说明
SSLSocketImpl(SSLContextImpl sslContext) Package-private constructor used to instantiate an unconnected socket.
SSLSocketImpl(SSLContextImpl sslContext, InetAddress address, int peerPort) Constructs an SSL connection to a server at a specified address, and TCP port, using the authentication context provided.
SSLSocketImpl(SSLContextImpl sslContext, InetAddress peerAddr, int peerPort, InetAddress localAddr, int localPort) Constructs an SSL connection to a server at a specified address, and TCP port, using the authentication context provided.
SSLSocketImpl(SSLContextImpl sslContext, Socket sock, InputStream consumed, boolean autoClose) Creates a server mode Socket layered over an existing connected socket, and is able to read data which has already been consumed/removed from the Socket's underlying InputStream.
SSLSocketImpl(SSLContextImpl sslContext, Socket sock, String peerHost, int port, boolean autoClose) Layer SSL traffic over an existing connection, rather than creating a new connection.
SSLSocketImpl(SSLContextImpl sslContext, SSLConfiguration sslConfig) Package-private constructor used to instantiate a server socket.
SSLSocketImpl(SSLContextImpl sslContext, String peerHost, int peerPort) Constructs an SSL connection to a named host at a specified port, using the authentication context provided.
SSLSocketImpl(SSLContextImpl sslContext, String peerHost, int peerPort, InetAddress localAddr, int localPort) Constructs an SSL connection to a named host at a specified port, using the authentication context provided.

方法概要

限定符和类型	方法和说明
void	addHandshakeCompletedListener(HandshakeCompletedListener listener)
private void	bruteForceCloseInput(boolean hasCloseReceipt) Brute force close the input bound.
void	close()
private void	closeSocket(boolean selfInitiated)
void	connect(SocketAddress endpoint, int timeout)
private Plaintext	decode(ByteBuffer destination)
(专用程序包) void	doneConnect() Initialize the handshaker and socket streams.
private void	duplexCloseInput() Duplex close, start from closing inbound.
private void	duplexCloseOutput() Duplex close, start from closing outbound.
private void	ensureNegotiated()
String	getApplicationProtocol()
String[]	getEnabledCipherSuites()
String[]	getEnabledProtocols()
boolean	getEnableSessionCreation()
String	getHandshakeApplicationProtocol()
java.util.function.BiFunction<SSLSocket,List<String>,String>	getHandshakeApplicationProtocolSelector()
SSLSession	getHandshakeSession()
InputStream	getInputStream()
boolean	getNeedClientAuth()
OutputStream	getOutputStream()
String	getPeerHost() Returns the host name of the peer.
int	getPeerPort() Returns the port number of the peer.
SSLSession	getSession()
SSLParameters	getSSLParameters()
String[]	getSupportedCipherSuites()
String[]	getSupportedProtocols()
boolean	getUseClientMode()
boolean	getWantClientAuth()
private Plaintext	handleEOF(EOFException eofe)
private void	handleException(Exception cause) Handle an exception.
boolean	isClosed()
boolean	isInputShutdown() Returns the input state of the socket
boolean	isOutputShutdown() Returns the output state of the socket
private ByteBuffer	readApplicationRecord(ByteBuffer buffer) Read application data record.
private int	readHandshakeRecord() Read the initial handshake records.
void	removeHandshakeCompletedListener(HandshakeCompletedListener listener)
void	setEnabledCipherSuites(String[] suites)
void	setEnabledProtocols(String[] protocols)
void	setEnableSessionCreation(boolean flag)
void	setHandshakeApplicationProtocolSelector(java.util.function.BiFunction<SSLSocket,List<String>,String> selector)
void	setHost(String host)
void	setNeedClientAuth(boolean need)
void	setSSLParameters(SSLParameters params)
void	setUseClientMode(boolean mode)
void	setWantClientAuth(boolean want)
void	shutdown() Shutdown the transport.
void	shutdownInput() Places the input stream for this socket at "end of stream".
private void	shutdownInput(boolean checkCloseNotify)
void	shutdownOutput() Disables the output stream for this socket.
void	startHandshake()
private void	tryKeyUpdate() Try key update for sequence number wrap or key usage limit.
boolean	useDelegatedTask() Return true if delegated tasks used for handshaking operations.
private void	useImplicitHost(boolean useNameService)
private void	waitForClose() Wait for close_notify alert for a graceful closure.

从类继承的方法 org.openeuler.sun.security.ssl.BaseSSLSocketImpl

bind, connect, finalize, getChannel, getInetAddress, getKeepAlive, getLocalAddress, getLocalPort, getLocalSocketAddress, getOOBInline, getPort, getReceiveBufferSize, getRemoteSocketAddress, getReuseAddress, getSendBufferSize, getSoLinger, getSoTimeout, getTcpNoDelay, getTrafficClass, isBound, isConnected, isLayered, sendUrgentData, setKeepAlive, setOOBInline, setPerformancePreferences, setReceiveBufferSize, setReuseAddress, setSendBufferSize, setSoLinger, setSoTimeout, setTcpNoDelay, setTrafficClass, toString

从类继承的方法 java.net.Socket

setSocketImplFactory

从类继承的方法 java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

从接口继承的方法 org.openeuler.sun.security.ssl.SSLTransport

decode

字段详细资料

sslContext

final SSLContextImpl sslContext

conContext

final TransportContext conContext

appInput

private final SSLSocketImpl.AppInputStream appInput

appOutput

private final SSLSocketImpl.AppOutputStream appOutput

peerHost

private String peerHost

autoClose

private boolean autoClose

isConnected

private boolean isConnected

tlsIsClosed

private volatile boolean tlsIsClosed

socketLock

private final ReentrantLock socketLock

handshakeLock

private final ReentrantLock handshakeLock

trustNameService

private static final boolean trustNameService

DEFAULT_SKIP_TIMEOUT

private static final int DEFAULT_SKIP_TIMEOUT

另请参阅:

常量字段值

构造器详细资料

SSLSocketImpl

SSLSocketImpl(SSLContextImpl sslContext)

Package-private constructor used to instantiate an unconnected socket. This instance is meant to set handshake state to use "client mode".

SSLSocketImpl

SSLSocketImpl(SSLContextImpl sslContext,
              SSLConfiguration sslConfig)

Package-private constructor used to instantiate a server socket. This instance is meant to set handshake state to use "server mode".

SSLSocketImpl

SSLSocketImpl(SSLContextImpl sslContext,
              String peerHost,
              int peerPort)
       throws IOException,
              UnknownHostException

Constructs an SSL connection to a named host at a specified port, using the authentication context provided. This endpoint acts as the client, and may rejoin an existing SSL session if appropriate.

抛出:

IOException

UnknownHostException

SSLSocketImpl

SSLSocketImpl(SSLContextImpl sslContext,
              InetAddress address,
              int peerPort)
       throws IOException

Constructs an SSL connection to a server at a specified address, and TCP port, using the authentication context provided. This endpoint acts as the client, and may rejoin an existing SSL session if appropriate.

抛出:

IOException

SSLSocketImpl

SSLSocketImpl(SSLContextImpl sslContext,
              String peerHost,
              int peerPort,
              InetAddress localAddr,
              int localPort)
       throws IOException,
              UnknownHostException

Constructs an SSL connection to a named host at a specified port, using the authentication context provided. This endpoint acts as the client, and may rejoin an existing SSL session if appropriate.

抛出:

IOException

UnknownHostException

SSLSocketImpl

SSLSocketImpl(SSLContextImpl sslContext,
              InetAddress peerAddr,
              int peerPort,
              InetAddress localAddr,
              int localPort)
       throws IOException

Constructs an SSL connection to a server at a specified address, and TCP port, using the authentication context provided. This endpoint acts as the client, and may rejoin an existing SSL session if appropriate.

抛出:

IOException

SSLSocketImpl

SSLSocketImpl(SSLContextImpl sslContext,
              Socket sock,
              InputStream consumed,
              boolean autoClose)
       throws IOException

Creates a server mode Socket layered over an existing connected socket, and is able to read data which has already been consumed/removed from the Socket's underlying InputStream.

抛出:

IOException

SSLSocketImpl

SSLSocketImpl(SSLContextImpl sslContext,
              Socket sock,
              String peerHost,
              int port,
              boolean autoClose)
       throws IOException

Layer SSL traffic over an existing connection, rather than creating a new connection. The existing connection may be used only for SSL traffic (using this SSLSocket) until the SSLSocket.close() call returns. However, if a protocol error is detected, that existing connection is automatically closed.

This particular constructor always uses the socket in the role of an SSL client. It may be useful in cases which start using SSL after some initial data transfers, for example in some SSL tunneling applications or as part of some kinds of application protocols which negotiate use of a SSL based security.

抛出:

IOException

方法详细资料

connect

public void connect(SocketAddress endpoint,
                    int timeout)
             throws IOException

覆盖:

connect 在类中 Socket

抛出:

IOException

getSupportedCipherSuites

public String[] getSupportedCipherSuites()

指定者:

getSupportedCipherSuites 在类中 SSLSocket

getEnabledCipherSuites

public String[] getEnabledCipherSuites()

指定者:

getEnabledCipherSuites 在类中 SSLSocket

setEnabledCipherSuites

public void setEnabledCipherSuites(String[] suites)

指定者:

setEnabledCipherSuites 在类中 SSLSocket

getSupportedProtocols

public String[] getSupportedProtocols()

指定者:

getSupportedProtocols 在类中 SSLSocket

getEnabledProtocols

public String[] getEnabledProtocols()

指定者:

getEnabledProtocols 在类中 SSLSocket

setEnabledProtocols

public void setEnabledProtocols(String[] protocols)

指定者:

setEnabledProtocols 在类中 SSLSocket

getSession

public SSLSession getSession()

指定者:

getSession 在类中 SSLSocket

getHandshakeSession

public SSLSession getHandshakeSession()

覆盖:

getHandshakeSession 在类中 SSLSocket

addHandshakeCompletedListener

public void addHandshakeCompletedListener(HandshakeCompletedListener listener)

指定者:

addHandshakeCompletedListener 在类中 SSLSocket

removeHandshakeCompletedListener

public void removeHandshakeCompletedListener(HandshakeCompletedListener listener)

指定者:

removeHandshakeCompletedListener 在类中 SSLSocket

startHandshake

public void startHandshake()
                    throws IOException

指定者:

startHandshake 在类中 SSLSocket

抛出:

IOException

setUseClientMode

public void setUseClientMode(boolean mode)

指定者:

setUseClientMode 在类中 SSLSocket

getUseClientMode

public boolean getUseClientMode()

指定者:

getUseClientMode 在类中 SSLSocket

setNeedClientAuth

public void setNeedClientAuth(boolean need)

指定者:

setNeedClientAuth 在类中 SSLSocket

getNeedClientAuth

public boolean getNeedClientAuth()

指定者:

getNeedClientAuth 在类中 SSLSocket

setWantClientAuth

public void setWantClientAuth(boolean want)

指定者:

setWantClientAuth 在类中 SSLSocket

getWantClientAuth

public boolean getWantClientAuth()

指定者:

getWantClientAuth 在类中 SSLSocket

setEnableSessionCreation

public void setEnableSessionCreation(boolean flag)

指定者:

setEnableSessionCreation 在类中 SSLSocket

getEnableSessionCreation

public boolean getEnableSessionCreation()

指定者:

getEnableSessionCreation 在类中 SSLSocket

isClosed

public boolean isClosed()

覆盖:

isClosed 在类中 Socket

close

public void close()
           throws IOException

指定者:

close 在接口中 Closeable

指定者:

close 在接口中 AutoCloseable

覆盖:

close 在类中 BaseSSLSocketImpl

抛出:

IOException

duplexCloseOutput

private void duplexCloseOutput()
                        throws IOException

Duplex close, start from closing outbound. For TLS 1.2 [RFC 5246], unless some other fatal alert has been transmitted, each party is required to send a close_notify alert before closing the write side of the connection. The other party MUST respond with a close_notify alert of its own and close down the connection immediately, discarding any pending writes. It is not required for the initiator of the close to wait for the responding close_notify alert before closing the read side of the connection. For TLS 1.3, Each party MUST send a close_notify alert before closing its write side of the connection, unless it has already sent some error alert. This does not have any effect on its read side of the connection. Both parties need not wait to receive a close_notify alert before closing their read side of the connection, though doing so would introduce the possibility of truncation. In order to support user initiated duplex-close for TLS 1.3 connections, the user_canceled alert is used together with the close_notify alert.

抛出:

IOException

duplexCloseInput

private void duplexCloseInput()
                       throws IOException

Duplex close, start from closing inbound. This method should only be called when the outbound has been closed, but the inbound is still open.

抛出:

IOException

bruteForceCloseInput

private void bruteForceCloseInput(boolean hasCloseReceipt)
                           throws IOException

Brute force close the input bound. This method should only be called when the outbound has been closed, but the inbound is still open.

抛出:

IOException

shutdownInput

public void shutdownInput()
                   throws IOException

从类复制的说明: BaseSSLSocketImpl

Places the input stream for this socket at "end of stream". Any data sent to the input stream side of the socket is acknowledged and then silently discarded.

覆盖:

shutdownInput 在类中 BaseSSLSocketImpl

抛出:

IOException

另请参阅:

Socket.shutdownInput()

shutdownInput

private void shutdownInput(boolean checkCloseNotify)
                    throws IOException

抛出:

IOException

isInputShutdown

public boolean isInputShutdown()

从类复制的说明: BaseSSLSocketImpl

Returns the input state of the socket

覆盖:

isInputShutdown 在类中 BaseSSLSocketImpl

另请参阅:

Socket.isInputShutdown()

shutdownOutput

public void shutdownOutput()
                    throws IOException

从类复制的说明: BaseSSLSocketImpl

Disables the output stream for this socket. For a TCP socket, any previously written data will be sent followed by TCP's normal connection termination sequence.

覆盖:

shutdownOutput 在类中 BaseSSLSocketImpl

抛出:

IOException

另请参阅:

Socket.shutdownOutput()

isOutputShutdown

public boolean isOutputShutdown()

从类复制的说明: BaseSSLSocketImpl

Returns the output state of the socket

覆盖:

isOutputShutdown 在类中 BaseSSLSocketImpl

另请参阅:

Socket.isOutputShutdown()

getInputStream

public InputStream getInputStream()
                           throws IOException

覆盖:

getInputStream 在类中 BaseSSLSocketImpl

抛出:

IOException

ensureNegotiated

private void ensureNegotiated()
                       throws IOException

抛出:

IOException

getOutputStream

public OutputStream getOutputStream()
                             throws IOException

覆盖:

getOutputStream 在类中 BaseSSLSocketImpl

抛出:

IOException

getSSLParameters

public SSLParameters getSSLParameters()

覆盖:

getSSLParameters 在类中 SSLSocket

setSSLParameters

public void setSSLParameters(SSLParameters params)

覆盖:

setSSLParameters 在类中 SSLSocket

getApplicationProtocol

public String getApplicationProtocol()

覆盖:

getApplicationProtocol 在类中 SSLSocket

getHandshakeApplicationProtocol

public String getHandshakeApplicationProtocol()

覆盖:

getHandshakeApplicationProtocol 在类中 SSLSocket

setHandshakeApplicationProtocolSelector

public void setHandshakeApplicationProtocolSelector(java.util.function.BiFunction<SSLSocket,List<String>,String> selector)

覆盖:

setHandshakeApplicationProtocolSelector 在类中 SSLSocket

getHandshakeApplicationProtocolSelector

public java.util.function.BiFunction<SSLSocket,List<String>,String> getHandshakeApplicationProtocolSelector()

覆盖:

getHandshakeApplicationProtocolSelector 在类中 SSLSocket

readHandshakeRecord

private int readHandshakeRecord()
                         throws IOException

Read the initial handshake records.

抛出:

IOException

readApplicationRecord

private ByteBuffer readApplicationRecord(ByteBuffer buffer)
                                  throws IOException

Read application data record. Used by AppInputStream only, but defined here so as to use the socket level synchronization. Note that the connection guarantees that handshake, alert, and change cipher spec data streams are handled as they arrive, so we never see them here. Note: Please be careful about the synchronization, and don't use this method other than in the AppInputStream class!

抛出:

IOException

decode

private Plaintext decode(ByteBuffer destination)
                  throws IOException

抛出:

IOException

tryKeyUpdate

private void tryKeyUpdate()
                   throws IOException

Try key update for sequence number wrap or key usage limit. Note that in order to maintain the handshake status properly, we check the sequence number and key usage limit after the last record reading/writing process. As we request renegotiation or close the connection for wrapped sequence number when there is enough sequence number space left to handle a few more records, so the sequence number of the last record cannot be wrapped.

抛出:

IOException

doneConnect

void doneConnect()
          throws IOException

Initialize the handshaker and socket streams. Called by connect, the layered constructor, and SSLServerSocket.

抛出:

IOException

useImplicitHost

private void useImplicitHost(boolean useNameService)

setHost

public void setHost(String host)

handleException

private void handleException(Exception cause)
                      throws IOException

Handle an exception. This method is called by top level exception handlers (in read(), write()) to make sure we always shutdown the connection correctly and do not pass runtime exception to the application. This method never returns normally, it always throws an IOException.

抛出:

IOException

handleEOF

private Plaintext handleEOF(EOFException eofe)
                     throws IOException

抛出:

IOException

getPeerHost

public String getPeerHost()

从接口复制的说明: SSLTransport

Returns the host name of the peer.

指定者:

getPeerHost 在接口中 SSLTransport

返回:

the host name of the peer, or null if nothing is available.

getPeerPort

public int getPeerPort()

从接口复制的说明: SSLTransport

Returns the port number of the peer.

指定者:

getPeerPort 在接口中 SSLTransport

返回:

the port number of the peer, or -1 if nothing is available.

useDelegatedTask

public boolean useDelegatedTask()

从接口复制的说明: SSLTransport

Return true if delegated tasks used for handshaking operations.

指定者:

useDelegatedTask 在接口中 SSLTransport

返回:

true if delegated tasks used for handshaking operations.

shutdown

public void shutdown()
              throws IOException

从接口复制的说明: SSLTransport

Shutdown the transport.

指定者:

shutdown 在接口中 SSLTransport

抛出:

IOException

closeSocket

private void closeSocket(boolean selfInitiated)
                  throws IOException

抛出:

IOException

waitForClose

private void waitForClose()
                   throws IOException

Wait for close_notify alert for a graceful closure. [RFC 5246] If the application protocol using TLS provides that any data may be carried over the underlying transport after the TLS connection is closed, the TLS implementation must receive the responding close_notify alert before indicating to the application layer that the TLS connection has ended. If the application protocol will not transfer any additional data, but will only close the underlying transport connection, then the implementation MAY choose to close the transport without waiting for the responding close_notify.

抛出:

IOException