Skip to content

Commit 342e4d8

Browse files
committed
Merge
2 parents 9a7d484 + 74e44cd commit 342e4d8

19 files changed

Lines changed: 1277 additions & 231 deletions

File tree

src/java.base/share/classes/java/io/Console.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -383,7 +383,9 @@ private char[] readPassword0(boolean noNewLine, String fmt, Object ... args) {
383383
ioe.addSuppressed(x);
384384
}
385385
if (ioe != null) {
386-
Arrays.fill(passwd, ' ');
386+
if (passwd != null) {
387+
Arrays.fill(passwd, ' ');
388+
}
387389
try {
388390
if (reader instanceof LineReader lr) {
389391
lr.zeroOut();

src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright (c) 1995, 2025, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 1995, 2026, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -2005,10 +2005,7 @@ private InputStream getInputStream0() throws IOException {
20052005
pi.finishTracking();
20062006
pi = null;
20072007
}
2008-
http.finished();
2009-
http = null;
2010-
inputStream = new EmptyInputStream();
2011-
connected = false;
2008+
noResponseBody();
20122009
}
20132010

20142011
if (respCode == 200 || respCode == 203 || respCode == 206 ||
@@ -2090,6 +2087,24 @@ private InputStream getInputStream0() throws IOException {
20902087
}
20912088
}
20922089

2090+
/**
2091+
* This method is called when a response with no response
2092+
* body is received, and arrange for the http client to
2093+
* be returned to the pool (or released) immediately when
2094+
* possible.
2095+
* @apiNote Used by {@link sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection}
2096+
* to preserve the TLS information after receiving an empty body.
2097+
* @implSpec
2098+
* Subclasses that override this method should call the super class
2099+
* implementation.
2100+
*/
2101+
protected void noResponseBody() {
2102+
http.finished();
2103+
http = null;
2104+
inputStream = new EmptyInputStream();
2105+
connected = false;
2106+
}
2107+
20932108
/*
20942109
* Creates a chained exception that has the same type as
20952110
* original exception and with the same message. Right now,

src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java

Lines changed: 93 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/**
2-
* Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 2001, 2026, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -51,6 +51,7 @@
5151
public abstract class AbstractDelegateHttpsURLConnection extends
5252
HttpURLConnection {
5353

54+
private SSLSession savedSession = null;
5455
protected AbstractDelegateHttpsURLConnection(URL url,
5556
sun.net.www.protocol.http.Handler handler) throws IOException {
5657
this(url, null, handler);
@@ -92,6 +93,7 @@ public void setNewClient (URL url)
9293
public void setNewClient (URL url, boolean useCache)
9394
throws IOException {
9495
int readTimeout = getReadTimeout();
96+
savedSession = null;
9597
http = HttpsClient.New (getSSLSocketFactory(),
9698
url,
9799
getHostnameVerifier(),
@@ -184,6 +186,7 @@ public void connect() throws IOException {
184186
if (!http.isCachedConnection() && http.needsTunneling()) {
185187
doTunneling();
186188
}
189+
savedSession = null;
187190
((HttpsClient)http).afterConnect();
188191
}
189192

@@ -204,18 +207,32 @@ protected HttpClient getNewHttpClient(URL url, Proxy p, int connectTimeout,
204207
useCache, connectTimeout, this);
205208
}
206209

210+
@Override
211+
protected void noResponseBody() {
212+
savedSession = ((HttpsClient)http).getSSLSession();
213+
super.noResponseBody();
214+
}
215+
216+
private SSLSession session() {
217+
if (http instanceof HttpsClient https) {
218+
return https.getSSLSession();
219+
}
220+
return savedSession;
221+
}
222+
207223
/**
208224
* Returns the cipher suite in use on this connection.
209225
*/
210226
public String getCipherSuite () {
211227
if (cachedResponse != null) {
212228
return ((SecureCacheResponse)cachedResponse).getCipherSuite();
213229
}
214-
if (http == null) {
230+
231+
var session = session();
232+
if (session == null) {
215233
throw new IllegalStateException("connection not yet open");
216-
} else {
217-
return ((HttpsClient)http).getCipherSuite ();
218234
}
235+
return session.getCipherSuite();
219236
}
220237

221238
/**
@@ -231,11 +248,12 @@ public java.security.cert.Certificate[] getLocalCertificates() {
231248
return l.toArray(new java.security.cert.Certificate[0]);
232249
}
233250
}
234-
if (http == null) {
251+
252+
var session = session();
253+
if (session == null) {
235254
throw new IllegalStateException("connection not yet open");
236-
} else {
237-
return (((HttpsClient)http).getLocalCertificates ());
238255
}
256+
return session.getLocalCertificates();
239257
}
240258

241259
/**
@@ -256,11 +274,11 @@ public java.security.cert.Certificate[] getServerCertificates()
256274
}
257275
}
258276

259-
if (http == null) {
277+
var session = session();
278+
if (session == null) {
260279
throw new IllegalStateException("connection not yet open");
261-
} else {
262-
return (((HttpsClient)http).getServerCertificates ());
263280
}
281+
return session.getPeerCertificates();
264282
}
265283

266284
/**
@@ -274,11 +292,11 @@ Principal getPeerPrincipal()
274292
return ((SecureCacheResponse)cachedResponse).getPeerPrincipal();
275293
}
276294

277-
if (http == null) {
295+
var session = session();
296+
if (session == null) {
278297
throw new IllegalStateException("connection not yet open");
279-
} else {
280-
return (((HttpsClient)http).getPeerPrincipal());
281298
}
299+
return getPeerPrincipal(session);
282300
}
283301

284302
/**
@@ -291,11 +309,11 @@ Principal getLocalPrincipal()
291309
return ((SecureCacheResponse)cachedResponse).getLocalPrincipal();
292310
}
293311

294-
if (http == null) {
312+
var session = session();
313+
if (session == null) {
295314
throw new IllegalStateException("connection not yet open");
296-
} else {
297-
return (((HttpsClient)http).getLocalPrincipal());
298315
}
316+
return getLocalPrincipal(session);
299317
}
300318

301319
SSLSession getSSLSession() {
@@ -307,11 +325,12 @@ SSLSession getSSLSession() {
307325
}
308326
}
309327

310-
if (http == null) {
328+
var session = session();
329+
if (session == null) {
311330
throw new IllegalStateException("connection not yet open");
312331
}
313332

314-
return ((HttpsClient)http).getSSLSession();
333+
return session;
315334
}
316335

317336
/*
@@ -354,7 +373,7 @@ protected HttpCallerInfo getHttpCallerInfo(URL url, String proxy, int port,
354373
}
355374
HttpsClient https = (HttpsClient)http;
356375
try {
357-
Certificate[] certs = https.getServerCertificates();
376+
Certificate[] certs = https.getSSLSession().getPeerCertificates();
358377
if (certs[0] instanceof X509Certificate x509Cert) {
359378
return new HttpCallerInfo(url, proxy, port, x509Cert, authenticator);
360379
}
@@ -372,7 +391,7 @@ protected HttpCallerInfo getHttpCallerInfo(URL url, Authenticator authenticator)
372391
}
373392
HttpsClient https = (HttpsClient)http;
374393
try {
375-
Certificate[] certs = https.getServerCertificates();
394+
Certificate[] certs = https.getSSLSession().getPeerCertificates();
376395
if (certs[0] instanceof X509Certificate x509Cert) {
377396
return new HttpCallerInfo(url, x509Cert, authenticator);
378397
}
@@ -381,4 +400,58 @@ protected HttpCallerInfo getHttpCallerInfo(URL url, Authenticator authenticator)
381400
}
382401
return super.getHttpCallerInfo(url, authenticator);
383402
}
403+
404+
@Override
405+
public void disconnect() {
406+
super.disconnect();
407+
savedSession = null;
408+
}
409+
410+
/**
411+
* Returns the principal with which the server authenticated
412+
* itself, or throw a SSLPeerUnverifiedException if the
413+
* server did not authenticate.
414+
* @param session The {@linkplain #getSSLSession() SSL session}
415+
*/
416+
private static Principal getPeerPrincipal(SSLSession session)
417+
throws SSLPeerUnverifiedException
418+
{
419+
Principal principal;
420+
try {
421+
principal = session.getPeerPrincipal();
422+
} catch (AbstractMethodError e) {
423+
// if the provider does not support it, fallback to peer certs.
424+
// return the X500Principal of the end-entity cert.
425+
java.security.cert.Certificate[] certs =
426+
session.getPeerCertificates();
427+
principal = ((X509Certificate)certs[0]).getSubjectX500Principal();
428+
}
429+
return principal;
430+
}
431+
432+
/**
433+
* Returns the principal the client sent to the
434+
* server, or null if the client did not authenticate.
435+
* @param session The {@linkplain #getSSLSession() SSL session}
436+
*/
437+
private static Principal getLocalPrincipal(SSLSession session)
438+
{
439+
Principal principal;
440+
try {
441+
principal = session.getLocalPrincipal();
442+
} catch (AbstractMethodError e) {
443+
principal = null;
444+
// if the provider does not support it, fallback to local certs.
445+
// return the X500Principal of the end-entity cert.
446+
java.security.cert.Certificate[] certs =
447+
session.getLocalCertificates();
448+
if (certs != null) {
449+
principal = ((X509Certificate)certs[0]).getSubjectX500Principal();
450+
}
451+
}
452+
return principal;
453+
}
454+
455+
456+
384457
}

src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java

Lines changed: 1 addition & 70 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright (c) 2001, 2025, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 2001, 2026, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -698,75 +698,6 @@ public void closeIdleConnection() {
698698
}
699699
}
700700

701-
/**
702-
* Returns the cipher suite in use on this connection.
703-
*/
704-
String getCipherSuite() {
705-
return session.getCipherSuite();
706-
}
707-
708-
/**
709-
* Returns the certificate chain the client sent to the
710-
* server, or null if the client did not authenticate.
711-
*/
712-
public java.security.cert.Certificate [] getLocalCertificates() {
713-
return session.getLocalCertificates();
714-
}
715-
716-
/**
717-
* Returns the certificate chain with which the server
718-
* authenticated itself, or throw a SSLPeerUnverifiedException
719-
* if the server did not authenticate.
720-
*/
721-
java.security.cert.Certificate [] getServerCertificates()
722-
throws SSLPeerUnverifiedException
723-
{
724-
return session.getPeerCertificates();
725-
}
726-
727-
/**
728-
* Returns the principal with which the server authenticated
729-
* itself, or throw a SSLPeerUnverifiedException if the
730-
* server did not authenticate.
731-
*/
732-
Principal getPeerPrincipal()
733-
throws SSLPeerUnverifiedException
734-
{
735-
Principal principal;
736-
try {
737-
principal = session.getPeerPrincipal();
738-
} catch (AbstractMethodError e) {
739-
// if the provider does not support it, fallback to peer certs.
740-
// return the X500Principal of the end-entity cert.
741-
java.security.cert.Certificate[] certs =
742-
session.getPeerCertificates();
743-
principal = ((X509Certificate)certs[0]).getSubjectX500Principal();
744-
}
745-
return principal;
746-
}
747-
748-
/**
749-
* Returns the principal the client sent to the
750-
* server, or null if the client did not authenticate.
751-
*/
752-
Principal getLocalPrincipal()
753-
{
754-
Principal principal;
755-
try {
756-
principal = session.getLocalPrincipal();
757-
} catch (AbstractMethodError e) {
758-
principal = null;
759-
// if the provider does not support it, fallback to local certs.
760-
// return the X500Principal of the end-entity cert.
761-
java.security.cert.Certificate[] certs =
762-
session.getLocalCertificates();
763-
if (certs != null) {
764-
principal = ((X509Certificate)certs[0]).getSubjectX500Principal();
765-
}
766-
}
767-
return principal;
768-
}
769-
770701
/**
771702
* Returns the {@code SSLSession} in use on this connection.
772703
*/

0 commit comments

Comments
 (0)