BCJSSE: Improved workaround for InetAddress limitation

- URLConnectionUtil now calls BCSSLSocket.setHost instead of direct SNI config

Author: peterdettman

tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLSocketDirect.java

@@ -345,7 +345,6 @@ public synchronized void setEnableSessionCreation(boolean flag)
     public synchronized void setHost(String host)
     {
         this.peerHost = host;
-        this.peerHostSNI = host;
     }
 
     @Override
@@ -531,15 +530,16 @@ synchronized void notifyConnected()
         InetAddress peerAddress = getInetAddress();
         if (null == peerAddress)
         {
+            this.peerHostSNI = null;
             return;
         }
 
         /*
          * TODO[jsse] If we could somehow access the 'originalHostName' of peerAddress, it would be
          * usable as a default SNI host_name.
          */
-//        String originalHostName = null;
-//        if (null != originalHostName)
+//        String originalHostName = peerAddress.holder().getOriginalHostName();
+//        if (JsseUtils.isNameSpecified(originalHostName))
 //        {
 //            this.peerHost = originalHostName;
 //            this.peerHostSNI = originalHostName;
@@ -555,13 +555,17 @@ synchronized void notifyConnected()
             return;
         }
 
-        if (useClientMode && provJdkTlsTrustNameService)
+        if (!useClientMode)
+        {
+            this.peerHost = peerAddress.getHostAddress();
+        }
+        else if (provJdkTlsTrustNameService)
         {
             this.peerHost = peerAddress.getHostName();
         }
         else
         {
-            this.peerHost = peerAddress.getHostAddress();
+            this.peerHost = null;
         }
 
         this.peerHostSNI = null;

tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLSocketWrap.java

@@ -470,7 +470,6 @@ public synchronized void setEnableSessionCreation(boolean flag)
     public synchronized void setHost(String host)
     {
         this.peerHost = host;
-        this.peerHostSNI = host;
     }
 
     @Override
@@ -720,15 +719,16 @@ synchronized void notifyConnected()
         InetAddress peerAddress = getInetAddress();
         if (null == peerAddress)
         {
+            this.peerHostSNI = null;
             return;
         }
 
         /*
          * TODO[jsse] If we could somehow access the 'originalHostName' of peerAddress, it would be
          * usable as a default SNI host_name.
          */
-//        String originalHostName = null;
-//        if (null != originalHostName)
+//        String originalHostName = peerAddress.holder().getOriginalHostName();
+//        if (JsseUtils.isNameSpecified(originalHostName))
 //        {
 //            this.peerHost = originalHostName;
 //            this.peerHostSNI = originalHostName;
@@ -744,13 +744,17 @@ synchronized void notifyConnected()
             return;
         }
 
-        if (useClientMode && provJdkTlsTrustNameService)
+        if (!useClientMode)
+        {
+            this.peerHost = peerAddress.getHostAddress();
+        }
+        else if (provJdkTlsTrustNameService)
         {
             this.peerHost = peerAddress.getHostName();
         }
         else
         {
-            this.peerHost = peerAddress.getHostAddress();
+            this.peerHost = null;
         }
 
         this.peerHostSNI = null;

tls/src/main/java/org/bouncycastle/jsse/util/SetHostSocketFactory.java

@@ -0,0 +1,80 @@
+package org.bouncycastle.jsse.util;
+
+import java.net.Socket;
+import java.net.URL;
+import java.util.concurrent.Callable;
+import java.util.logging.Logger;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.bouncycastle.jsse.BCSSLSocket;
+
+public class SetHostSocketFactory extends CustomSSLSocketFactory
+{
+    private static final Logger LOG = Logger.getLogger(SetHostSocketFactory.class.getName());
+
+    protected static final ThreadLocal<SetHostSocketFactory> threadLocal = new ThreadLocal<SetHostSocketFactory>();
+
+    /**
+     * Signature matches {@link SSLSocketFactory#getDefault()} so that it can be
+     * used with e.g. the "java.naming.ldap.factory.socket" property or similar.
+     * 
+     * @see #call(Callable)
+     */
+    public static SocketFactory getDefault()
+    {
+        SSLSocketFactory sslSocketFactory = threadLocal.get();
+        if (null != sslSocketFactory)
+        {
+            return sslSocketFactory;
+        }
+
+        return SSLSocketFactory.getDefault();
+    }
+
+    protected final URL url;
+
+    public SetHostSocketFactory(SSLSocketFactory delegate, URL url)
+    {
+        super(delegate);
+
+        this.url = url;
+    }
+
+    /**
+     * Calls a {@link Callable} in a context where this class's static
+     * {@link #getDefault()} method will return this {@link SetHostSocketFactory}.
+     */
+    public <V> V call(Callable<V> callable) throws Exception
+    {
+        try
+        {
+            threadLocal.set(this);
+
+            return callable.call();
+        }
+        finally
+        {
+            threadLocal.remove();
+        }
+    }
+
+    @Override
+    protected Socket configureSocket(Socket s)
+    {
+        if (url != null && s instanceof BCSSLSocket)
+        {
+            BCSSLSocket ssl = (BCSSLSocket)s;
+
+            String host = url.getHost();
+            if (host != null)
+            {
+                LOG.fine("Setting host on socket: " + host);
+
+                ssl.setHost(host);
+            }
+        }
+        return s;
+    }
+}

tls/src/main/java/org/bouncycastle/jsse/util/URLConnectionUtil.java

@@ -66,6 +66,6 @@ protected URLConnection configureConnection(URL url, URLConnection connection)
 
     protected SSLSocketFactory createSSLSocketFactory(SSLSocketFactory delegate, URL url)
     {
-        return new SNISocketFactory(delegate, url);
+        return new SetHostSocketFactory(delegate, url);
     }
 }