diff --git a/src/java.base/share/classes/java/net/SecureCacheResponse.java b/src/java.base/share/classes/java/net/SecureCacheResponse.java index 64fd4145561..165790c1cbf 100644 --- a/src/java.base/share/classes/java/net/SecureCacheResponse.java +++ b/src/java.base/share/classes/java/net/SecureCacheResponse.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,9 +26,11 @@ package java.net; import java.security.cert.Certificate; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLPeerUnverifiedException; import java.security.Principal; import java.util.List; +import java.util.Optional; /** * Represents a cache response originally retrieved through secure @@ -105,4 +107,27 @@ public abstract class SecureCacheResponse extends CacheResponse { * @see #getPeerPrincipal() */ public abstract Principal getLocalPrincipal(); + + /** + * Returns an {@link Optional} containing the {@code SSLSession} in + * use on the original connection that retrieved the network resource. + * Returns an empty {@code Optional} if the underlying implementation + * does not support this method. + * + * @implSpec For compatibility, the default implementation of this + * method returns an empty {@code Optional}. Subclasses + * should override this method with an appropriate + * implementation since an application may need to access + * additional parameters associated with the SSL session. + * + * @return an {@link Optional} containing the {@code SSLSession} in + * use on the original connection + * + * @see SSLSession + * + * @since 12 + */ + public Optional getSSLSession() { + return Optional.empty(); + } } diff --git a/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java b/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java index c962b41f6fa..d2edcaa6d53 100644 --- a/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java +++ b/src/java.base/share/classes/javax/net/ssl/HttpsURLConnection.java @@ -29,6 +29,7 @@ import java.net.URL; import java.net.HttpURLConnection; import java.security.Principal; import java.security.cert.X509Certificate; +import java.util.Optional; /** * HttpsURLConnection extends HttpURLConnection @@ -52,9 +53,7 @@ import java.security.cert.X509Certificate; * * @since 1.4 */ -public abstract -class HttpsURLConnection extends HttpURLConnection -{ +public abstract class HttpsURLConnection extends HttpURLConnection { /** * Creates an HttpsURLConnection using the * URL specified. @@ -378,4 +377,29 @@ class HttpsURLConnection extends HttpURLConnection public SSLSocketFactory getSSLSocketFactory() { return sslSocketFactory; } + + /** + * Returns an {@link Optional} containing the {@code SSLSession} in + * use on this connection. Returns an empty {@code Optional} if the + * underlying implementation does not support this method. + * + * @implSpec For compatibility, the default implementation of this + * method returns an empty {@code Optional}. Subclasses + * should override this method with an appropriate + * implementation since an application may need to access + * additional parameters associated with the SSL session. + * + * @return an {@link Optional} containing the {@code SSLSession} in + * use on this connection. + * + * @throws IllegalStateException if this method is called before + * the connection has been established + * + * @see SSLSession + * + * @since 12 + */ + public Optional getSSLSession() { + return Optional.empty(); + } } diff --git a/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java b/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java index cb80173b506..13cd88007db 100644 --- a/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java +++ b/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,6 +31,8 @@ import java.net.SecureCacheResponse; import java.security.Principal; import java.io.IOException; import java.util.List; +import java.util.Optional; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLPeerUnverifiedException; import sun.net.www.http.*; import sun.net.www.protocol.http.HttpURLConnection; @@ -296,4 +298,19 @@ public abstract class AbstractDelegateHttpsURLConnection extends } } + SSLSession getSSLSession() { + if (cachedResponse != null) { + Optional option = + ((SecureCacheResponse)cachedResponse).getSSLSession(); + if (option.isPresent()) { + return option.orElseThrow(); + } + } + + if (http == null) { + throw new IllegalStateException("connection not yet open"); + } + + return ((HttpsClient)http).getSSLSession(); + } } diff --git a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java index e5b8aa6973c..06c0e491465 100644 --- a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java +++ b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -738,6 +738,13 @@ final class HttpsClient extends HttpClient return principal; } + /** + * Returns the {@code SSLSession} in use on this connection. + */ + SSLSession getSSLSession() { + return session; + } + /** * This method implements the SSL HandshakeCompleted callback, * remembering the resulting session so that it may be queried diff --git a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java index 8b49800c78b..3ac480025d1 100644 --- a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java +++ b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -46,6 +46,7 @@ import java.security.Permission; import java.security.Principal; import java.util.Map; import java.util.List; +import java.util.Optional; import sun.net.www.http.HttpClient; /** @@ -533,4 +534,9 @@ public class HttpsURLConnectionImpl public void setAuthenticator(Authenticator auth) { delegate.setAuthenticator(auth); } + + @Override + public Optional getSSLSession() { + return Optional.ofNullable(delegate.getSSLSession()); + } } diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/DefaultCacheResponse.java b/test/jdk/javax/net/ssl/HttpsURLConnection/DefaultCacheResponse.java new file mode 100644 index 00000000000..54a58a80d2b --- /dev/null +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/DefaultCacheResponse.java @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8212261 + * @summary Add SSLSession accessors to HttpsURLConnection and + * SecureCacheResponse + */ + +import java.io.IOException; +import java.io.InputStream; +import java.net.SecureCacheResponse; +import java.security.Principal; +import java.security.cert.Certificate; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import javax.net.ssl.SSLPeerUnverifiedException; +import javax.net.ssl.SSLSession; + +public class DefaultCacheResponse extends SecureCacheResponse { + + public static void main(String[] args) throws Exception { + DefaultCacheResponse defaultImpl = new DefaultCacheResponse(); + + Optional sslSession = defaultImpl.getSSLSession(); + if (sslSession.isPresent()) { + throw new Exception( + "The default SecureCacheResponse.getSSLSession " + + "implementation should return an empty Optional"); + } + } + + @Override + public String getCipherSuite() { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public List getLocalCertificateChain() { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public List getServerCertificateChain() + throws SSLPeerUnverifiedException { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public Principal getLocalPrincipal() { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public Map> getHeaders() throws IOException { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public InputStream getBody() throws IOException { + throw new UnsupportedOperationException("Not supported yet."); + } +} diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/DummyCacheResponse.java b/test/jdk/javax/net/ssl/HttpsURLConnection/DummyCacheResponse.java new file mode 100644 index 00000000000..f18dca8b0f7 --- /dev/null +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/DummyCacheResponse.java @@ -0,0 +1,218 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8212261 + * @summary Add SSLSession accessors to HttpsURLConnection and + * SecureCacheResponse + * @library /test/lib + * @modules jdk.httpserver + * @build jdk.test.lib.net.SimpleSSLContext + * @run main/othervm DummyCacheResponse + */ + +import java.io.*; +import java.net.*; +import javax.net.ssl.*; +import java.util.*; +import java.util.concurrent.*; +import java.security.Principal; +import java.security.cert.Certificate; +import jdk.test.lib.net.SimpleSSLContext; +import com.sun.net.httpserver.*; + +public class DummyCacheResponse extends SecureCacheResponse { + static SSLContext sslContext; + private final SSLSession cachedSession; + private final Map> rqstHeaders; + + public static void main(String[] args) throws Exception { + ResponseCache reservedResponseCache = ResponseCache.getDefault(); + HttpsServer httpsServer = null; + ExecutorService executor = null; + try { + ResponseCache.setDefault(new DummyResponseCache()); + + httpsServer = HttpsServer.create(new InetSocketAddress(0), 0); + HttpContext c2 = + httpsServer.createContext("/test", new HttpsHandler()); + + executor = Executors.newCachedThreadPool(); + httpsServer.setExecutor(executor); + + sslContext = new SimpleSSLContext().get(); + httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext)); + httpsServer.start(); + + int httpsPort = httpsServer.getAddress().getPort(); + System.out.println( + "Server address: " + httpsServer.getAddress()); + + // the 1st connection + runTest(httpsPort, false); + + // the 2nd connection that use the cache + runTest(httpsPort, true); + } finally { + if (httpsServer != null) { + httpsServer.stop(2); + } + if (executor != null) { + executor.shutdown(); + } + + ResponseCache.setDefault(reservedResponseCache); + } + } + + private static class HttpsHandler implements HttpHandler { + public void handle(HttpExchange httpExchange) throws IOException { + InputStream is = httpExchange.getRequestBody(); + + while (is.read() != -1) { + // read to EOF + } + is.close(); + + httpExchange.sendResponseHeaders(200, 0); + httpExchange.close(); + } + } + + static void runTest(int port, boolean useCache) throws Exception { + URL url = new URL( + String.format("https://localhost:%s/test/", port)); + HttpsURLConnection urlc = + (HttpsURLConnection)url.openConnection(); + + urlc.setSSLSocketFactory(sslContext.getSocketFactory()); + urlc.setHostnameVerifier(new HostnameVerifier() { + public boolean verify(String s, SSLSession s1) { + return true; + } + }); + + try (InputStream is = urlc.getInputStream()) { + while (is.read() != -1) { + // read to EOF + } + + SSLSession session = urlc.getSSLSession().orElseThrow(); + if (!Objects.equals(urlc.getCipherSuite(), + session.getCipherSuite())) { + throw new Exception( + "Incorrect SSLSession for HTTPsURLConnection: " + + urlc.getCipherSuite() + "/" + session.getCipherSuite()); + } + + // Make sure the cache implementation is used. + try { + urlc.getServerCertificates(); + if (useCache) { + throw new Exception( + "The SecureCacheResponse impl should be used"); + } + } catch (UnsupportedOperationException uoe) { + if (!useCache) { + throw new Exception( + "The SecureCacheResponse impl should not be used"); + } + } + } + } + + DummyCacheResponse(SSLSession sslSession, + Map> rqstHeaders) { + this.rqstHeaders = rqstHeaders; + this.cachedSession = sslSession; + } + + @Override + public String getCipherSuite() { + return cachedSession.getCipherSuite(); + } + + @Override + public List getLocalCertificateChain() { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public List getServerCertificateChain() + throws SSLPeerUnverifiedException { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public Principal getLocalPrincipal() { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public Map> getHeaders() throws IOException { + return rqstHeaders; + } + + @Override + public InputStream getBody() throws IOException { + return new ByteArrayInputStream(new byte[0]); + } + + @Override + public Optional getSSLSession() { + return Optional.of(cachedSession); + } + + private static class DummyResponseCache extends ResponseCache { + Map httpsConnections = new HashMap<>(); + + @Override + public CacheResponse get(URI uri, String rqstMethod, + Map> rqstHeaders) throws IOException { + if (httpsConnections.containsKey(uri)) { + return new DummyCacheResponse( + httpsConnections.get(uri), rqstHeaders); + } + + return null; + } + + @Override + public CacheRequest put(URI uri, + URLConnection conn) throws IOException { + if (conn instanceof HttpsURLConnection) { + HttpsURLConnection httpsConn = (HttpsURLConnection)conn; + httpsConnections.putIfAbsent( + uri, httpsConn.getSSLSession().orElseThrow()); + } + + return null; + } + } +} diff --git a/test/jdk/javax/net/ssl/HttpsURLConnection/HttpsSession.java b/test/jdk/javax/net/ssl/HttpsURLConnection/HttpsSession.java new file mode 100644 index 00000000000..e17ff6c95b2 --- /dev/null +++ b/test/jdk/javax/net/ssl/HttpsURLConnection/HttpsSession.java @@ -0,0 +1,126 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8212261 + * @summary Add SSLSession accessors to HttpsURLConnection and + * SecureCacheResponse + * @library /test/lib + * @modules jdk.httpserver + * @build jdk.test.lib.net.SimpleSSLContext + * @run main/othervm HttpsSession + */ +import com.sun.net.httpserver.*; +import java.net.*; +import java.io.*; +import javax.net.ssl.*; +import java.util.concurrent.*; +import java.util.Objects; +import jdk.test.lib.net.SimpleSSLContext; + +public class HttpsSession { + + static SSLContext sslContext; + + public static void main(String[] args) throws Exception { + HttpsServer httpsServer = null; + ExecutorService executor = null; + try { + httpsServer = HttpsServer.create(new InetSocketAddress(0), 0); + HttpContext c2 = + httpsServer.createContext("/test", new HttpsHandler()); + + executor = Executors.newCachedThreadPool(); + httpsServer.setExecutor(executor); + + sslContext = new SimpleSSLContext().get(); + httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext)); + httpsServer.start(); + + int httpsPort = httpsServer.getAddress().getPort(); + System.out.println( + "Server address: " + httpsServer.getAddress()); + + runTest(httpsPort); + } finally { + if (httpsServer != null) { + httpsServer.stop(2); + } + if (executor != null) { + executor.shutdown(); + } + } + } + + private static class HttpsHandler implements HttpHandler { + public void handle(HttpExchange httpExchange) throws IOException { + InputStream is = httpExchange.getRequestBody(); + + while (is.read() != -1) { + // read to EOF + } + is.close(); + + httpExchange.sendResponseHeaders(200, 0); + httpExchange.close(); + } + } + + static void runTest(int port) throws Exception { + URL url = new URL( + String.format("https://localhost:%s/test/", port)); + HttpsURLConnection urlc = + (HttpsURLConnection)url.openConnection(); + + urlc.setSSLSocketFactory(sslContext.getSocketFactory()); + urlc.setHostnameVerifier(new HostnameVerifier() { + public boolean verify(String s, SSLSession s1) { + return true; + } + }); + + try { + urlc.getSSLSession(); + throw new Exception( + "HttpsURLConnection.getSSLSession() should throw " + + "IllegalStateException before the connection established"); + } catch (IllegalStateException ise) { + // That's the expected behavior, continue. + } + + try (InputStream is = urlc.getInputStream()) { + while (is.read() != -1) { + // read to EOF + } + + SSLSession session = urlc.getSSLSession().orElseThrow(); + if (!Objects.equals(urlc.getCipherSuite(), + session.getCipherSuite())) { + throw new Exception( + "Incorrect SSLSession for HTTPsURLConnection: " + + urlc.getCipherSuite() + "/" + session.getCipherSuite()); + } + } + } +}