From fefc22ba967daec679b77c8c74c876df1f475c10 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Mon, 22 Jul 2024 20:03:51 -0500
Subject: [PATCH] Refactor SSLSocket and JSSSocket

SSLSocket is an older code based on the plain Java Socket.
JSSSocket is a newer code based on Java SSLEngine and should
eventually replace SSLSocket.

To help the transition, SSLSocket has been modified to extend
javax.net.ssl.SSLSocket and JSSSocket has been modified to
extend SSLSocket. Once everything is migrated to JSSSocket, the
SSLSocket can be deprecated and eventually dropped.
---
 .../java/org/mozilla/jss/ssl/SSLSocket.java   | 89 +++++++++++++++++--
 .../org/mozilla/jss/ssl/javax/JSSSocket.java  |  2 +-
 docs/changes/v5.6.0/API-Changes.adoc          |  8 ++
 3 files changed, 89 insertions(+), 10 deletions(-)

diff --git a/base/src/main/java/org/mozilla/jss/ssl/SSLSocket.java b/base/src/main/java/org/mozilla/jss/ssl/SSLSocket.java
index 12c2b9a65..8c036d1e9 100644
--- a/base/src/main/java/org/mozilla/jss/ssl/SSLSocket.java
+++ b/base/src/main/java/org/mozilla/jss/ssl/SSLSocket.java
@@ -13,10 +13,13 @@
 import java.util.ArrayList;
 import java.util.Collection;
 
+import javax.net.ssl.HandshakeCompletedListener;
+import javax.net.ssl.SSLSession;
+
 /**
  * SSL client socket.
  */
-public class SSLSocket extends java.net.Socket {
+public class SSLSocket extends javax.net.ssl.SSLSocket {
 
     /**
      *
@@ -388,7 +391,7 @@ public class SSLSocket extends java.net.Socket {
     /**
      * For sockets that get created by accept().
      */
-    SSLSocket() {
+    protected SSLSocket() {
     }
 
     /**
@@ -1363,13 +1366,13 @@ public void requestClientAuth(boolean b) throws SocketException {
         base.requestClientAuth(b);
     }
 
-    /**
-     * @deprecated As of JSS 3.0. This method is misnamed. Use
-     *             <code>requestClientAuth</code> instead.
-     */
-    @Deprecated
-    public void setNeedClientAuth(boolean b) throws SocketException {
-        base.requestClientAuth(b);
+    @Override
+    public void setNeedClientAuth(boolean b) {
+        try {
+            base.requestClientAuth(b);
+        } catch (SocketException e) {
+            throw new RuntimeException(e);
+        }
     }
 
     /**
@@ -1644,4 +1647,72 @@ private static native boolean isFipsCipherSuiteNative(int ciphersuite)
      * <code>TLS_RSA_WITH_AES_128_CBC_SHA</code>).
      */
     public static native int[] getImplementedCipherSuites();
+
+    @Override
+    public String[] getSupportedCipherSuites() {
+        return null;
+    }
+
+    @Override
+    public String[] getEnabledCipherSuites() {
+        return null;
+    }
+
+    @Override
+    public void setEnabledCipherSuites(String[] suites) {
+    }
+
+    @Override
+    public String[] getSupportedProtocols() {
+        return null;
+    }
+
+    @Override
+    public String[] getEnabledProtocols() {
+        return null;
+    }
+
+    @Override
+    public void setEnabledProtocols(String[] protocols) {
+    }
+
+    @Override
+    public SSLSession getSession() {
+        return null;
+    }
+
+    @Override
+    public void addHandshakeCompletedListener(HandshakeCompletedListener listener) {
+    }
+
+    @Override
+    public void removeHandshakeCompletedListener(HandshakeCompletedListener listener) {
+    }
+
+    @Override
+    public void startHandshake() throws IOException {
+    }
+
+    @Override
+    public boolean getNeedClientAuth() {
+        return false;
+    }
+
+    @Override
+    public void setWantClientAuth(boolean want) {
+    }
+
+    @Override
+    public boolean getWantClientAuth() {
+        return false;
+    }
+
+    @Override
+    public void setEnableSessionCreation(boolean flag) {
+    }
+
+    @Override
+    public boolean getEnableSessionCreation() {
+        return false;
+    }
 }
diff --git a/base/src/main/java/org/mozilla/jss/ssl/javax/JSSSocket.java b/base/src/main/java/org/mozilla/jss/ssl/javax/JSSSocket.java
index 5898aa24c..3d4d5b81e 100644
--- a/base/src/main/java/org/mozilla/jss/ssl/javax/JSSSocket.java
+++ b/base/src/main/java/org/mozilla/jss/ssl/javax/JSSSocket.java
@@ -22,13 +22,13 @@
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
 import javax.net.ssl.X509KeyManager;
 import javax.net.ssl.X509TrustManager;
 
 import org.mozilla.jss.pkcs11.PK11Cert;
 import org.mozilla.jss.pkcs11.PK11PrivKey;
 import org.mozilla.jss.provider.javax.crypto.JSSTrustManager;
+import org.mozilla.jss.ssl.SSLSocket;
 
 /**
  * SSL-enabled socket following the javax.net.ssl.SSLSocket interface.
diff --git a/docs/changes/v5.6.0/API-Changes.adoc b/docs/changes/v5.6.0/API-Changes.adoc
index 57a27f1b5..66aa39ccb 100644
--- a/docs/changes/v5.6.0/API-Changes.adoc
+++ b/docs/changes/v5.6.0/API-Changes.adoc
@@ -4,3 +4,11 @@
 
 The `org.dogtagpki.jss.tomcat.IPasswordStore` has been deprecated.
 Use `org.dogtagpki.jss.tomcat.PasswordStore` instead.
+
+== SSLSocket Changes ==
+
+The `org.mozilla.jss.ssl.SSLSocket` has been modified to extend `javax.net.ssl.SSLSocket`.
+
+== JSSSocket Changes ==
+
+The `org.mozilla.jss.ssl.javax.JSSSocket` has been modified to extend `org.mozilla.jss.ssl.SSLSocket`.