1 /*
2  * Copyright (C) 2014 The Android Open Source Project
3  * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5  *
6  * This code is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License version 2 only, as
8  * published by the Free Software Foundation.  Oracle designates this
9  * particular file as subject to the "Classpath" exception as provided
10  * by Oracle in the LICENSE file that accompanied this code.
11  *
12  * This code is distributed in the hope that it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15  * version 2 for more details (a copy is included in the LICENSE file that
16  * accompanied this code).
17  *
18  * You should have received a copy of the GNU General Public License version
19  * 2 along with this work; if not, write to the Free Software Foundation,
20  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
21  *
22  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
23  * or visit www.oracle.com if you need additional information or have any
24  * questions.
25  */
26 
27 
28 package javax.net.ssl;
29 
30 import java.io.IOException;
31 import java.net.InetAddress;
32 import java.net.ServerSocket;
33 import java.net.SocketException;
34 import javax.net.ServerSocketFactory;
35 import java.security.*;
36 
37 /**
38  * <code>SSLServerSocketFactory</code>s create
39  * <code>SSLServerSocket</code>s.
40  *
41  * @since 1.4
42  * @see SSLSocket
43  * @see SSLServerSocket
44  * @author David Brownell
45  */
46 public abstract class SSLServerSocketFactory extends ServerSocketFactory
47 {
48     // Android-changed: Renamed field.
49     // Some apps rely on changing this field via reflection, so we can't change the name
50     // without introducing app compatibility problems.  See http://b/62248930.
51     private static SSLServerSocketFactory defaultServerSocketFactory;
52 
53     // Android-changed: Check Security.getVersion() on each update.
54     // If the set of providers or other such things changes, it may change the default
55     // factory, so we track the version returned from Security.getVersion() instead of
56     // only having a flag that says if we've ever initialized the default.
57     // private static boolean propertyChecked;
58     private static int lastVersion = -1;
59 
log(String msg)60     private static void log(String msg) {
61         if (SSLSocketFactory.DEBUG) {
62             System.out.println(msg);
63         }
64     }
65 
66     /**
67      * Constructor is used only by subclasses.
68      */
SSLServerSocketFactory()69     protected SSLServerSocketFactory() { /* NOTHING */ }
70 
71     /**
72      * Returns the default SSL server socket factory.
73      *
74      * <p>The first time this method is called, the security property
75      * "ssl.ServerSocketFactory.provider" is examined. If it is non-null, a
76      * class by that name is loaded and instantiated. If that is successful and
77      * the object is an instance of SSLServerSocketFactory, it is made the
78      * default SSL server socket factory.
79      *
80      * <p>Otherwise, this method returns
81      * <code>SSLContext.getDefault().getServerSocketFactory()</code>. If that
82      * call fails, an inoperative factory is returned.
83      *
84      * @return the default <code>ServerSocketFactory</code>
85      * @see SSLContext#getDefault
86      */
getDefault()87     public static synchronized ServerSocketFactory getDefault() {
88         // Android-changed: Check Security.getVersion() on each update.
89         if (defaultServerSocketFactory != null && lastVersion == Security.getVersion()) {
90             return defaultServerSocketFactory;
91         }
92 
93         lastVersion = Security.getVersion();
94         SSLServerSocketFactory previousDefaultServerSocketFactory = defaultServerSocketFactory;
95         defaultServerSocketFactory = null;
96 
97         String clsName = SSLSocketFactory.getSecurityProperty
98                                     ("ssl.ServerSocketFactory.provider");
99         if (clsName != null) {
100             // Android-changed: Check if we already have an instance of the default factory class.
101             // The instance for the default socket factory is checked for updates quite
102             // often (for instance, every time a security provider is added). Which leads
103             // to unnecessary overload and excessive error messages in case of class-loading
104             // errors. Avoid creating a new object if the class name is the same as before.
105             if (previousDefaultServerSocketFactory != null
106                     && clsName.equals(previousDefaultServerSocketFactory.getClass().getName())) {
107                 defaultServerSocketFactory = previousDefaultServerSocketFactory;
108                 return defaultServerSocketFactory;
109             }
110             log("setting up default SSLServerSocketFactory");
111             try {
112                 Class<?> cls = null;
113                 try {
114                     cls = Class.forName(clsName);
115                 } catch (ClassNotFoundException e) {
116                     // Android-changed; Try the contextClassLoader first.
117                     ClassLoader cl = Thread.currentThread().getContextClassLoader();
118                     if (cl == null) {
119                         cl = ClassLoader.getSystemClassLoader();
120                     }
121 
122                     if (cl != null) {
123                         // Android-changed: Use Class.forName() so the class gets initialized.
124                         cls = Class.forName(clsName, true, cl);
125                     }
126                 }
127                 log("class " + clsName + " is loaded");
128                 SSLServerSocketFactory fac = (SSLServerSocketFactory)cls.newInstance();
129                 log("instantiated an instance of class " + clsName);
130                 defaultServerSocketFactory = fac;
131                 return fac;
132             } catch (Exception e) {
133                 log("SSLServerSocketFactory instantiation failed: " + e);
134                 // Android-changed: Fallback to the default SSLContext on exception.
135             }
136         }
137 
138         try {
139             // Android-changed: Allow for {@code null} SSLContext.getDefault.
140             SSLContext context = SSLContext.getDefault();
141             if (context != null) {
142                 defaultServerSocketFactory = context.getServerSocketFactory();
143             } else {
144                 defaultServerSocketFactory = new DefaultSSLServerSocketFactory(new IllegalStateException("No factory found."));
145             }
146             return defaultServerSocketFactory;
147         } catch (NoSuchAlgorithmException e) {
148             return new DefaultSSLServerSocketFactory(e);
149         }
150     }
151 
152     /**
153      * Returns the list of cipher suites which are enabled by default.
154      * Unless a different list is enabled, handshaking on an SSL connection
155      * will use one of these cipher suites.  The minimum quality of service
156      * for these defaults requires confidentiality protection and server
157      * authentication (that is, no anonymous cipher suites).
158      *
159      * @see #getSupportedCipherSuites()
160      * @return array of the cipher suites enabled by default
161      */
getDefaultCipherSuites()162     public abstract String [] getDefaultCipherSuites();
163 
164 
165     /**
166      * Returns the names of the cipher suites which could be enabled for use
167      * on an SSL connection created by this factory.
168      * Normally, only a subset of these will actually
169      * be enabled by default, since this list may include cipher suites which
170      * do not meet quality of service requirements for those defaults.  Such
171      * cipher suites are useful in specialized applications.
172      *
173      * @return an array of cipher suite names
174      * @see #getDefaultCipherSuites()
175      */
getSupportedCipherSuites()176     public abstract String [] getSupportedCipherSuites();
177 }
178 
179 
180 //
181 // The default factory does NOTHING.
182 //
183 class DefaultSSLServerSocketFactory extends SSLServerSocketFactory {
184 
185     private final Exception reason;
186 
DefaultSSLServerSocketFactory(Exception reason)187     DefaultSSLServerSocketFactory(Exception reason) {
188         this.reason = reason;
189     }
190 
throwException()191     private ServerSocket throwException() throws SocketException {
192         throw (SocketException)
193             new SocketException(reason.toString()).initCause(reason);
194     }
195 
196     @Override
createServerSocket()197     public ServerSocket createServerSocket() throws IOException {
198         return throwException();
199     }
200 
201 
202     @Override
createServerSocket(int port)203     public ServerSocket createServerSocket(int port)
204     throws IOException
205     {
206         return throwException();
207     }
208 
209     @Override
createServerSocket(int port, int backlog)210     public ServerSocket createServerSocket(int port, int backlog)
211     throws IOException
212     {
213         return throwException();
214     }
215 
216     @Override
217     public ServerSocket
createServerSocket(int port, int backlog, InetAddress ifAddress)218     createServerSocket(int port, int backlog, InetAddress ifAddress)
219     throws IOException
220     {
221         return throwException();
222     }
223 
224     @Override
getDefaultCipherSuites()225     public String [] getDefaultCipherSuites() {
226         return new String[0];
227     }
228 
229     @Override
getSupportedCipherSuites()230     public String [] getSupportedCipherSuites() {
231         return new String[0];
232     }
233 }
234