Merge "Add support for SNI API" am: 6f4ce164

am: 16b26ebf * commit '16b26ebf': Add support for SNI API

Merge "Add support for SNI API" am: 6f4ce164
am: 16b26ebf * commit '16b26ebf': Add support for SNI API
cf0f0270 · Kenny Root · android-build-merger · 154ceb7d · 16b26ebf · cf0f0270
Commit cf0f0270 authored 9 years ago by Kenny Root Committed by android-build-merger 9 years ago
10 changed files
--- a/src/compat/java/org/conscrypt/Platform.java
+++ b/src/compat/java/org/conscrypt/Platform.java
@@ -147,6 +147,16 @@ public class Platform {
        }
    }

+    public static void setSSLParameters(SSLParameters params, SSLParametersImpl impl,
+            OpenSSLSocketImpl socket) {
+        // TODO fix for newer platform versions
+    }
+
+    public static void getSSLParameters(SSLParameters params, SSLParametersImpl impl,
+            OpenSSLSocketImpl socket) {
+        // TODO fix for newer platform versions
+    }
+
    /**
     * Tries to return a Class reference of one of the supplied class names.
     */

--- a/src/main/java/org/conscrypt/NativeCrypto.java
+++ b/src/main/java/org/conscrypt/NativeCrypto.java
@@ -1176,6 +1176,8 @@ public final class NativeCrypto {

    public static native String SSL_SESSION_cipher(long sslSessionNativePointer);

+    public static native String get_SSL_SESSION_tlsext_hostname(long sslSessionNativePointer);
+
    public static native void SSL_SESSION_free(long sslSessionNativePointer);

    public static native byte[] i2d_SSL_SESSION(long sslSessionNativePointer);

--- a/src/main/java/org/conscrypt/OpenSSLExtendedSessionImpl.java
+++ b/src/main/java/org/conscrypt/OpenSSLExtendedSessionImpl.java
@@ -17,8 +17,10 @@ package org.conscrypt;

 import java.security.Principal;
 import java.security.cert.Certificate;
+import java.util.Collections;
 import java.util.List;
 import javax.net.ssl.ExtendedSSLSession;
+import javax.net.ssl.SNIHostName;
 import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSessionContext;
@@ -44,7 +46,12 @@ public class OpenSSLExtendedSessionImpl extends ExtendedSSLSession {
    }

    public List<SNIServerName> getRequestedServerNames() {
-        throw new UnsupportedOperationException();
+        String requestedServerName = delegate.getRequestedServerName();
+        if (requestedServerName == null) {
+            return null;
+        }
+
+        return Collections.<SNIServerName> singletonList(new SNIHostName(requestedServerName));
    }

    @Override

--- a/src/main/java/org/conscrypt/OpenSSLSessionImpl.java
+++ b/src/main/java/org/conscrypt/OpenSSLSessionImpl.java
@@ -479,6 +479,13 @@ public class OpenSSLSessionImpl implements SSLSession {
        }
    }

+    /**
+     * Returns the name requested by the SNI extension.
+     */
+    public String getRequestedServerName() {
+        return NativeCrypto.get_SSL_SESSION_tlsext_hostname(sslSessionNativePointer);
+    }
+
    @Override
    protected void finalize() throws Throwable {
        try {

--- a/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
+++ b/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
@@ -432,7 +432,7 @@ public class OpenSSLSocketImpl
     * Returns the hostname that was supplied during socket creation. No DNS resolution is
     * attempted before returning the hostname.
     */
-    private String getHostname() {
+    public String getHostname() {
        return peerHostname;
    }

@@ -913,7 +913,6 @@ public class OpenSSLSocketImpl
     *
     * @throws IllegalStateException if this is a client socket or if the handshake has already
     *         started.
-
     */
    public void setChannelIdEnabled(boolean enabled) {
        if (getUseClientMode()) {
@@ -1273,16 +1272,14 @@ public class OpenSSLSocketImpl
    @Override
    public SSLParameters getSSLParameters() {
        SSLParameters params = super.getSSLParameters();
-        Platform.setEndpointIdentificationAlgorithm(params,
-                sslParameters.getEndpointIdentificationAlgorithm());
+        Platform.getSSLParameters(params, sslParameters, this);
        return params;
    }

    @Override
    public void setSSLParameters(SSLParameters p) {
        super.setSSLParameters(p);
-        sslParameters.setEndpointIdentificationAlgorithm(
-                Platform.getEndpointIdentificationAlgorithm(p));
+        Platform.setSSLParameters(p, sslParameters, this);
    }

    @Override

--- a/src/main/java/org/conscrypt/SSLParametersImpl.java
+++ b/src/main/java/org/conscrypt/SSLParametersImpl.java
@@ -100,6 +100,7 @@ public class SSLParametersImpl implements Cloneable {
    private boolean want_client_auth = false;
    // if the peer with this parameters allowed to cteate new SSL session
    private boolean enable_session_creation = true;
+    // Endpoint identification algorithm (e.g., HTTPS)
    private String endpointIdentificationAlgorithm;

    // client-side only, bypasses the property based configuration, used for tests

--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp
@@ -10597,6 +10597,19 @@ static jstring NativeCrypto_SSL_SESSION_cipher(JNIEnv* env, jclass, jlong ssl_se
    return env->NewStringUTF(name);
 }

+static jstring NativeCrypto_get_SSL_SESSION_tlsext_hostname(JNIEnv* env, jclass, jlong sessionJava) {
+    SSL_SESSION* ssl_session = to_SSL_SESSION(env, sessionJava, true);
+    JNI_TRACE("ssl_session=%p NativeCrypto_get_SSL_SESSION_tlsext_hostname", ssl_session);
+    if (ssl_session == nullptr || ssl_session->tlsext_hostname == nullptr) {
+        JNI_TRACE("ssl_session=%p NativeCrypto_get_SSL_SESSION_tlsext_hostname => null",
+                  ssl_session);
+        return nullptr;
+    }
+    JNI_TRACE("ssl_session=%p NativeCrypto_get_SSL_SESSION_tlsext_hostname => \"%s\"",
+              ssl_session, ssl_session->tlsext_hostname);
+    return env->NewStringUTF(ssl_session->tlsext_hostname);
+}
+
 /**
 * Frees the SSL session.
 */
@@ -11225,6 +11238,7 @@ static JNINativeMethod sNativeCryptoMethods[] = {
    NATIVE_METHOD(NativeCrypto, SSL_SESSION_get_time, "(J)J"),
    NATIVE_METHOD(NativeCrypto, SSL_SESSION_get_version, "(J)Ljava/lang/String;"),
    NATIVE_METHOD(NativeCrypto, SSL_SESSION_cipher, "(J)Ljava/lang/String;"),
+    NATIVE_METHOD(NativeCrypto, get_SSL_SESSION_tlsext_hostname, "(J)Ljava/lang/String;"),
    NATIVE_METHOD(NativeCrypto, SSL_SESSION_free, "(J)V"),
    NATIVE_METHOD(NativeCrypto, i2d_SSL_SESSION, "(J)[B"),
    NATIVE_METHOD(NativeCrypto, d2i_SSL_SESSION, "([B)J"),

--- a/src/openjdk/java/org/conscrypt/Platform.java
+++ b/src/openjdk/java/org/conscrypt/Platform.java
@@ -29,11 +29,16 @@ import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.ECParameterSpec;
+import java.util.Collections;
+import java.util.List;
 import javax.crypto.spec.GCMParameterSpec;
+import javax.net.ssl.SNIHostName;
+import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.StandardConstants;
 import javax.net.ssl.X509ExtendedTrustManager;
 import javax.net.ssl.X509TrustManager;
 import sun.security.x509.AlgorithmId;
@@ -96,6 +101,29 @@ public class Platform {
        // TODO: figure this out on the RI
    }

+    public static void setSSLParameters(SSLParameters params, SSLParametersImpl impl,
+            OpenSSLSocketImpl socket) {
+        impl.setEndpointIdentificationAlgorithm(params.getEndpointIdentificationAlgorithm());
+        List<SNIServerName> serverNames = params.getServerNames();
+        if (serverNames != null) {
+            for (SNIServerName serverName : serverNames) {
+                if (serverName.getType() == StandardConstants.SNI_HOST_NAME) {
+                    socket.setHostname(((SNIHostName) serverName).getAsciiName());
+                    break;
+                }
+            }
+        }
+    }
+
+    public static void getSSLParameters(SSLParameters params, SSLParametersImpl impl,
+            OpenSSLSocketImpl socket) {
+        params.setEndpointIdentificationAlgorithm(impl.getEndpointIdentificationAlgorithm());
+        if (impl.getUseSni() && AddressUtils.isValidSniHostname(socket.getHostname())) {
+            params.setServerNames(Collections.<SNIServerName> singletonList(
+                    new SNIHostName(socket.getHostname())));
+        }
+    }
+
    /**
     * Tries to return a Class reference of one of the supplied class names.
     */

--- a/src/platform/java/org/conscrypt/Platform.java
+++ b/src/platform/java/org/conscrypt/Platform.java
@@ -38,11 +38,16 @@ import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.ECParameterSpec;
+import java.util.Collections;
+import java.util.List;
 import javax.crypto.spec.GCMParameterSpec;
+import javax.net.ssl.SNIHostName;
+import javax.net.ssl.SNIServerName;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.StandardConstants;
 import javax.net.ssl.X509ExtendedTrustManager;
 import javax.net.ssl.X509TrustManager;
 import org.conscrypt.GCMParameters;
@@ -103,13 +108,27 @@ class Platform {
        }
    }

-    public static void setEndpointIdentificationAlgorithm(SSLParameters params,
-            String endpointIdentificationAlgorithm) {
-        params.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm);
+    public static void setSSLParameters(SSLParameters params, SSLParametersImpl impl,
+            OpenSSLSocketImpl socket) {
+        impl.setEndpointIdentificationAlgorithm(params.getEndpointIdentificationAlgorithm());
+        List<SNIServerName> serverNames = params.getServerNames();
+        if (serverNames != null) {
+            for (SNIServerName serverName : serverNames) {
+                if (serverName.getType() == StandardConstants.SNI_HOST_NAME) {
+                    socket.setHostname(((SNIHostName) serverName).getAsciiName());
+                    break;
+                }
+            }
+        }
    }

-    public static String getEndpointIdentificationAlgorithm(SSLParameters params) {
-        return params.getEndpointIdentificationAlgorithm();
+    public static void getSSLParameters(SSLParameters params, SSLParametersImpl impl,
+            OpenSSLSocketImpl socket) {
+        params.setEndpointIdentificationAlgorithm(impl.getEndpointIdentificationAlgorithm());
+        if (impl.getUseSni() && AddressUtils.isValidSniHostname(socket.getHostname())) {
+            params.setServerNames(Collections.<SNIServerName> singletonList(
+                    new SNIHostName(socket.getHostname())));
+        }
    }

    /**

--- a/src/stub/java/javax/net/ssl/SNIHostName.java
+++ b/src/stub/java/javax/net/ssl/SNIHostName.java
+/*
+ * Copyright 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package javax.net.ssl;
+
+/**
+ * Stub class for compiling unbundled.
+ */
+public final class SNIHostName extends SNIServerName {
+    public SNIHostName(String hostname) {
+    }
+}