11/**
2- * Copyright (c) 2001, 2020 , Oracle and/or its affiliates. All rights reserved.
2+ * Copyright (c) 2001, 2026 , Oracle and/or its affiliates. All rights reserved.
33 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44 *
55 * This code is free software; you can redistribute it and/or modify it
5151public abstract class AbstractDelegateHttpsURLConnection extends
5252 HttpURLConnection {
5353
54+ private SSLSession savedSession = null ;
5455 protected AbstractDelegateHttpsURLConnection (URL url ,
5556 sun .net .www .protocol .http .Handler handler ) throws IOException {
5657 this (url , null , handler );
@@ -92,6 +93,7 @@ public void setNewClient (URL url)
9293 public void setNewClient (URL url , boolean useCache )
9394 throws IOException {
9495 int readTimeout = getReadTimeout ();
96+ savedSession = null ;
9597 http = HttpsClient .New (getSSLSocketFactory (),
9698 url ,
9799 getHostnameVerifier (),
@@ -184,6 +186,7 @@ public void connect() throws IOException {
184186 if (!http .isCachedConnection () && http .needsTunneling ()) {
185187 doTunneling ();
186188 }
189+ savedSession = null ;
187190 ((HttpsClient )http ).afterConnect ();
188191 }
189192
@@ -204,18 +207,32 @@ protected HttpClient getNewHttpClient(URL url, Proxy p, int connectTimeout,
204207 useCache , connectTimeout , this );
205208 }
206209
210+ @ Override
211+ protected void noResponseBody () {
212+ savedSession = ((HttpsClient )http ).getSSLSession ();
213+ super .noResponseBody ();
214+ }
215+
216+ private SSLSession session () {
217+ if (http instanceof HttpsClient https ) {
218+ return https .getSSLSession ();
219+ }
220+ return savedSession ;
221+ }
222+
207223 /**
208224 * Returns the cipher suite in use on this connection.
209225 */
210226 public String getCipherSuite () {
211227 if (cachedResponse != null ) {
212228 return ((SecureCacheResponse )cachedResponse ).getCipherSuite ();
213229 }
214- if (http == null ) {
230+
231+ var session = session ();
232+ if (session == null ) {
215233 throw new IllegalStateException ("connection not yet open" );
216- } else {
217- return ((HttpsClient )http ).getCipherSuite ();
218234 }
235+ return session .getCipherSuite ();
219236 }
220237
221238 /**
@@ -231,11 +248,12 @@ public java.security.cert.Certificate[] getLocalCertificates() {
231248 return l .toArray (new java .security .cert .Certificate [0 ]);
232249 }
233250 }
234- if (http == null ) {
251+
252+ var session = session ();
253+ if (session == null ) {
235254 throw new IllegalStateException ("connection not yet open" );
236- } else {
237- return (((HttpsClient )http ).getLocalCertificates ());
238255 }
256+ return session .getLocalCertificates ();
239257 }
240258
241259 /**
@@ -256,11 +274,11 @@ public java.security.cert.Certificate[] getServerCertificates()
256274 }
257275 }
258276
259- if (http == null ) {
277+ var session = session ();
278+ if (session == null ) {
260279 throw new IllegalStateException ("connection not yet open" );
261- } else {
262- return (((HttpsClient )http ).getServerCertificates ());
263280 }
281+ return session .getPeerCertificates ();
264282 }
265283
266284 /**
@@ -274,11 +292,11 @@ Principal getPeerPrincipal()
274292 return ((SecureCacheResponse )cachedResponse ).getPeerPrincipal ();
275293 }
276294
277- if (http == null ) {
295+ var session = session ();
296+ if (session == null ) {
278297 throw new IllegalStateException ("connection not yet open" );
279- } else {
280- return (((HttpsClient )http ).getPeerPrincipal ());
281298 }
299+ return getPeerPrincipal (session );
282300 }
283301
284302 /**
@@ -291,11 +309,11 @@ Principal getLocalPrincipal()
291309 return ((SecureCacheResponse )cachedResponse ).getLocalPrincipal ();
292310 }
293311
294- if (http == null ) {
312+ var session = session ();
313+ if (session == null ) {
295314 throw new IllegalStateException ("connection not yet open" );
296- } else {
297- return (((HttpsClient )http ).getLocalPrincipal ());
298315 }
316+ return getLocalPrincipal (session );
299317 }
300318
301319 SSLSession getSSLSession () {
@@ -307,11 +325,12 @@ SSLSession getSSLSession() {
307325 }
308326 }
309327
310- if (http == null ) {
328+ var session = session ();
329+ if (session == null ) {
311330 throw new IllegalStateException ("connection not yet open" );
312331 }
313332
314- return (( HttpsClient ) http ). getSSLSession () ;
333+ return session ;
315334 }
316335
317336 /*
@@ -354,7 +373,7 @@ protected HttpCallerInfo getHttpCallerInfo(URL url, String proxy, int port,
354373 }
355374 HttpsClient https = (HttpsClient )http ;
356375 try {
357- Certificate [] certs = https .getServerCertificates ();
376+ Certificate [] certs = https .getSSLSession (). getPeerCertificates ();
358377 if (certs [0 ] instanceof X509Certificate x509Cert ) {
359378 return new HttpCallerInfo (url , proxy , port , x509Cert , authenticator );
360379 }
@@ -372,7 +391,7 @@ protected HttpCallerInfo getHttpCallerInfo(URL url, Authenticator authenticator)
372391 }
373392 HttpsClient https = (HttpsClient )http ;
374393 try {
375- Certificate [] certs = https .getServerCertificates ();
394+ Certificate [] certs = https .getSSLSession (). getPeerCertificates ();
376395 if (certs [0 ] instanceof X509Certificate x509Cert ) {
377396 return new HttpCallerInfo (url , x509Cert , authenticator );
378397 }
@@ -381,4 +400,58 @@ protected HttpCallerInfo getHttpCallerInfo(URL url, Authenticator authenticator)
381400 }
382401 return super .getHttpCallerInfo (url , authenticator );
383402 }
403+
404+ @ Override
405+ public void disconnect () {
406+ super .disconnect ();
407+ savedSession = null ;
408+ }
409+
410+ /**
411+ * Returns the principal with which the server authenticated
412+ * itself, or throw a SSLPeerUnverifiedException if the
413+ * server did not authenticate.
414+ * @param session The {@linkplain #getSSLSession() SSL session}
415+ */
416+ private static Principal getPeerPrincipal (SSLSession session )
417+ throws SSLPeerUnverifiedException
418+ {
419+ Principal principal ;
420+ try {
421+ principal = session .getPeerPrincipal ();
422+ } catch (AbstractMethodError e ) {
423+ // if the provider does not support it, fallback to peer certs.
424+ // return the X500Principal of the end-entity cert.
425+ java .security .cert .Certificate [] certs =
426+ session .getPeerCertificates ();
427+ principal = ((X509Certificate )certs [0 ]).getSubjectX500Principal ();
428+ }
429+ return principal ;
430+ }
431+
432+ /**
433+ * Returns the principal the client sent to the
434+ * server, or null if the client did not authenticate.
435+ * @param session The {@linkplain #getSSLSession() SSL session}
436+ */
437+ private static Principal getLocalPrincipal (SSLSession session )
438+ {
439+ Principal principal ;
440+ try {
441+ principal = session .getLocalPrincipal ();
442+ } catch (AbstractMethodError e ) {
443+ principal = null ;
444+ // if the provider does not support it, fallback to local certs.
445+ // return the X500Principal of the end-entity cert.
446+ java .security .cert .Certificate [] certs =
447+ session .getLocalCertificates ();
448+ if (certs != null ) {
449+ principal = ((X509Certificate )certs [0 ]).getSubjectX500Principal ();
450+ }
451+ }
452+ return principal ;
453+ }
454+
455+
456+
384457}
0 commit comments