sun.net.www.protocol.https: final class: HttpsClient

sun.net.www.protocol.https
final class: HttpsClient [javadoc | source]

java.lang.Object
   sun.net.NetworkClient
      sun.net.www.http.HttpClient
         sun.net.www.protocol.https.HttpsClient

All Implemented Interfaces:
HandshakeCompletedListener

This class provides HTTPS client URL support, building on the standard "sun.net.www" HTTP protocol handler. HTTPS is the same protocol as HTTP, but differs in the transport layer which it uses:

There's a Secure Sockets Layer between TCP and the HTTP protocol code.
It uses a different default TCP port.
It doesn't use application level proxies, which can see and manipulate HTTP user level data, compromising privacy. It uses low level tunneling instead, which hides HTTP protocol and data from all third parties. (Traffic analysis is still possible).
It does basic server authentication, to protect against "URL spoofing" attacks. This involves deciding whether the X.509 certificate chain identifying the server is trusted, and verifying that the name of the server is found in the certificate. (The application may enable an anonymous SSL cipher suite, and such checks are not done for anonymous ciphers.)
It exposes key SSL session attributes, specifically the cipher suite in use and the server's X509 certificates, to application software which knows about this protocol handler.

System properties used include:

https.proxyHost ... the host supporting SSL tunneling using the conventional CONNECT syntax
https.proxyPort ... port to use on proxyHost
https.cipherSuites ... comma separated list of SSL cipher suite names to enable.
http.nonProxyHosts ...

author: David - Brownell

author: Bill - Foote

Fields inherited from sun.net.www.http.HttpClient:
cachedHttpClient, cookieHandler, requests, poster, failedOnce, httpPortNumber, proxyDisabled, usingProxy, host, port, kac, keepingAlive, keepAliveConnections, keepAliveTimeout, url, reuse

Fields inherited from sun.net.NetworkClient:
proxy, serverSocket, serverOutput, serverInput, defaultSoTimeout, defaultConnectTimeout, readTimeout, connectTimeout, encoding

Constructor:
HttpsClient(SSLSocketFactory sf, URL url, String proxyHost, int proxyPort) throws IOException { this(sf, url, proxyHost, proxyPort, -1); } Create an HTTPS client URL. Traffic will be tunneled through the specified proxy server.
HttpsClient(SSLSocketFactory sf, URL url, Proxy proxy, int connectTimeout) throws IOException { this.proxy = proxy; setSSLSocketFactory(sf); this.proxyDisabled = true; this.host = url.getHost(); this.url = url; port = url.getPort(); if (port == -1) { port = getDefaultPort(); } setConnectTimeout(connectTimeout); // get the cookieHandler if there is any cookieHandler = java.security.AccessController.doPrivileged( new java.security.PrivilegedAction< CookieHandler >() { public CookieHandler run() { return CookieHandler.getDefault(); } }); openServer(); } Same as previous constructor except using a Proxy
HttpsClient(SSLSocketFactory sf, URL url, String proxyHost, int proxyPort, int connectTimeout) throws IOException { this(sf, url, (proxyHost == null? null: HttpsClient.newHttpProxy(proxyHost, proxyPort)), connectTimeout); } Create an HTTPS client URL. Traffic will be tunneled through the specified proxy server, with a connect timeout

Constructor:

 HttpsClient(SSLSocketFactory sf,
    URL url,
    String proxyHost,
    int proxyPort) throws IOException {
        this(sf, url, proxyHost, proxyPort, -1);
}

Create an HTTPS client URL. Traffic will be tunneled through the specified proxy server.

 HttpsClient(SSLSocketFactory sf,
    URL url,
    Proxy proxy,
    int connectTimeout) throws IOException {
        this.proxy = proxy;
        setSSLSocketFactory(sf);
        this.proxyDisabled = true;
        this.host = url.getHost();
        this.url = url;
        port = url.getPort();
        if (port == -1) {
            port = getDefaultPort();
        }
        setConnectTimeout(connectTimeout);
        // get the cookieHandler if there is any
        cookieHandler = java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction< CookieHandler >() {
                public CookieHandler run() {
                    return CookieHandler.getDefault();
                }
            });
        openServer();
}

Same as previous constructor except using a Proxy

 HttpsClient(SSLSocketFactory sf,
    URL url,
    String proxyHost,
    int proxyPort,
    int connectTimeout) throws IOException {
        this(sf, url,
             (proxyHost == null? null:
                HttpsClient.newHttpProxy(proxyHost, proxyPort)),
                connectTimeout);
}

Create an HTTPS client URL. Traffic will be tunneled through the specified proxy server, with a connect timeout

Method from sun.net.www.protocol.https.HttpsClient Summary:
New, New, New, New, New, New, afterConnect, closeIdleConnection, getCipherSuite, getDefaultPort, getLocalCertificates, getLocalPrincipal, getPeerPrincipal, getProxyHostUsed, getProxyPortUsed, getSSLSocketFactory, getServerCertificateChain, getServerCertificates, handshakeCompleted, needsTunneling, putInKeepAliveCache, setHostnameVerifier, setSSLSocketFactory

Methods from sun.net.www.http.HttpClient:
New, New, New, New, New, New, afterConnect, closeIdleConnection, closeServer, finalize, finished, getCacheRequest, getDefaultPort, getHttpKeepAliveSet, getInputStream, getKeepAliveTimeout, getOutputStream, getProxyHostUsed, getProxyPortUsed, getURLFile, isCachedConnection, isInKeepAliveCache, isKeepingAlive, needsTunneling, newHttpProxy, openServer, openServer, parseHTTP, putInKeepAliveCache, resetProperties, setCacheRequest, setDoNotRetry, setTimeout, toString, writeRequests, writeRequests

Methods from sun.net.www.http.HttpClient:

New, New, New, New, New, New, afterConnect, closeIdleConnection, closeServer, finalize, finished, getCacheRequest, getDefaultPort, getHttpKeepAliveSet, getInputStream, getKeepAliveTimeout, getOutputStream, getProxyHostUsed, getProxyPortUsed, getURLFile, isCachedConnection, isInKeepAliveCache, isKeepingAlive, needsTunneling, newHttpProxy, openServer, openServer, parseHTTP, putInKeepAliveCache, resetProperties, setCacheRequest, setDoNotRetry, setTimeout, toString, writeRequests, writeRequests

Methods from sun.net.NetworkClient:
closeServer, doConnect, getConnectTimeout, getLocalAddress, getReadTimeout, openServer, serverIsOpen, setConnectTimeout, setReadTimeout

Methods from java.lang.Object:
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from sun.net.www.protocol.https.HttpsClient Detail:
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv) throws IOException { return HttpsClient.New(sf, url, hv, true); }
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv, boolean useCache) throws IOException { return HttpsClient.New(sf, url, hv, (String)null, -1, useCache); } See HttpClient for the model for this method.
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv, String proxyHost, int proxyPort) throws IOException { return HttpsClient.New(sf, url, hv, proxyHost, proxyPort, true); } Get a HTTPS client to the URL. Traffic will be tunneled through the specified proxy server.
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv, String proxyHost, int proxyPort, boolean useCache) throws IOException { return HttpsClient.New(sf, url, hv, proxyHost, proxyPort, useCache, -1); }
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv, Proxy p, boolean useCache, int connectTimeout) throws IOException { HttpsClient ret = null; if (useCache) { /* see if one's already around */ ret = (HttpsClient) kac.get(url, sf); if (ret != null) { ret.cachedHttpClient = true; } } if (ret == null) { ret = new HttpsClient(sf, url, p, connectTimeout); } else { SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkConnect(url.getHost(), url.getPort()); } ret.url = url; } ret.setHostnameVerifier(hv); return ret; }
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv, String proxyHost, int proxyPort, boolean useCache, int connectTimeout) throws IOException { return HttpsClient.New(sf, url, hv, (proxyHost == null? null : HttpsClient.newHttpProxy(proxyHost, proxyPort)), useCache, connectTimeout); }
public void afterConnect() throws UnknownHostException, IOException { if (!isCachedConnection()) { SSLSocket s = null; SSLSocketFactory factory = sslSocketFactory; try { if (!(serverSocket instanceof SSLSocket)) { s = (SSLSocket)factory.createSocket(serverSocket, host, port, true); } else { s = (SSLSocket)serverSocket; } } catch (IOException ex) { // If we fail to connect through the tunnel, try it // locally, as a last resort. If this doesn't work, // throw the original exception. try { s = (SSLSocket)factory.createSocket(host, port); } catch (IOException ignored) { throw ex; } } // // Force handshaking, so that we get any authentication. // Register a handshake callback so our session state tracks any // later session renegotiations. // String [] protocols = getProtocols(); String [] ciphers = getCipherSuites(); if (protocols != null) { s.setEnabledProtocols(protocols); } if (ciphers != null) { s.setEnabledCipherSuites(ciphers); } s.addHandshakeCompletedListener(this); // if the HostnameVerifier is not set, try to enable endpoint // identification during handshaking boolean enabledIdentification = false; if (hv instanceof DefaultHostnameVerifier && (s instanceof SSLSocketImpl) && ((SSLSocketImpl)s).trySetHostnameVerification("HTTPS")) { enabledIdentification = true; } s.startHandshake(); session = s.getSession(); // change the serverSocket and serverOutput serverSocket = s; try { serverOutput = new PrintStream( new BufferedOutputStream(serverSocket.getOutputStream()), false, encoding); } catch (UnsupportedEncodingException e) { throw new InternalError(encoding+" encoding not found"); } // check URL spoofing if it has not been checked under handshaking if (!enabledIdentification) { checkURLSpoofing(hv); } } else { // if we are reusing a cached https session, // we don't need to do handshaking etc. But we do need to // set the ssl session session = ((SSLSocket)serverSocket).getSession(); } }
public void closeIdleConnection() { HttpClient http = (HttpClient) kac.get(url, sslSocketFactory); if (http != null) { http.closeServer(); } }
String getCipherSuite() { return session.getCipherSuite(); } Returns the cipher suite in use on this connection.
protected int getDefaultPort() { return httpsPortNumber; } Returns the default HTTPS port (443)
public Certificate[] getLocalCertificates() { return session.getLocalCertificates(); } Returns the certificate chain the client sent to the server, or null if the client did not authenticate.
Principal getLocalPrincipal() { Principal principal; try { principal = session.getLocalPrincipal(); } catch (AbstractMethodError e) { principal = null; // if the provider does not support it, fallback to local certs. // return the X500Principal of the end-entity cert. java.security.cert.Certificate[] certs = session.getLocalCertificates(); if (certs != null) { principal = (X500Principal) ((X509Certificate)certs[0]).getSubjectX500Principal(); } } return principal; } Returns the principal the client sent to the server, or null if the client did not authenticate.
Principal getPeerPrincipal() throws SSLPeerUnverifiedException { Principal principal; try { principal = session.getPeerPrincipal(); } catch (AbstractMethodError e) { // if the provider does not support it, fallback to peer certs. // return the X500Principal of the end-entity cert. java.security.cert.Certificate[] certs = session.getPeerCertificates(); principal = (X500Principal) ((X509Certificate)certs[0]).getSubjectX500Principal(); } return principal; } Returns the principal with which the server authenticated itself, or throw a SSLPeerUnverifiedException if the server did not authenticate.
public String getProxyHostUsed() { if (!needsTunneling()) { return null; } else { return ((InetSocketAddress)proxy.address()).getHostName(); } }
public int getProxyPortUsed() { return (proxy == null \|\| proxy.type() == Proxy.Type.DIRECT \|\| proxy.type() == Proxy.Type.SOCKS)? -1: ((InetSocketAddress)proxy.address()).getPort(); }
SSLSocketFactory getSSLSocketFactory() { return sslSocketFactory; }
X509Certificate[] getServerCertificateChain() throws SSLPeerUnverifiedException { return session.getPeerCertificateChain(); } Returns the X.509 certificate chain with which the server authenticated itself, or null if the server did not authenticate.
Certificate[] getServerCertificates() throws SSLPeerUnverifiedException { return session.getPeerCertificates(); } Returns the certificate chain with which the server authenticated itself, or throw a SSLPeerUnverifiedException if the server did not authenticate.
public void handshakeCompleted(HandshakeCompletedEvent event) { session = event.getSession(); } This method implements the SSL HandshakeCompleted callback, remembering the resulting session so that it may be queried for the current cipher suite and peer certificates. Servers sometimes re-initiate handshaking, so the session in use on a given connection may change. When sessions change, so may peer identities and cipher suites.
public boolean needsTunneling() { return (proxy != null && proxy.type() != Proxy.Type.DIRECT && proxy.type() != Proxy.Type.SOCKS); }
protected void putInKeepAliveCache() { kac.put(url, sslSocketFactory, this); }
void setHostnameVerifier(HostnameVerifier hv) { this.hv = hv; }
void setSSLSocketFactory(SSLSocketFactory sf) { sslSocketFactory = sf; }