jdk-sandbox: jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java@14df9c7c18e1 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
12302 0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	2	* Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.net.Socket;
90ce3da70b43 Initial load duke parents: diff changeset	29
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	30	import java.io.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	31	import java.util.*;
2 90ce3da70b43 Initial load duke parents: diff changeset	32	import java.security.*;
90ce3da70b43 Initial load duke parents: diff changeset	33	import java.security.cert.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	34	import java.security.cert.Certificate;
2 90ce3da70b43 Initial load duke parents: diff changeset	35
90ce3da70b43 Initial load duke parents: diff changeset	36	import javax.net.ssl.*;
90ce3da70b43 Initial load duke parents: diff changeset	37
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	38	import sun.security.provider.certpath.AlgorithmChecker;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	39
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	40	public abstract class SSLContextImpl extends SSLContextSpi {
2 90ce3da70b43 Initial load duke parents: diff changeset	41
90ce3da70b43 Initial load duke parents: diff changeset	42	private static final Debug debug = Debug.getInstance("ssl");
90ce3da70b43 Initial load duke parents: diff changeset	43
90ce3da70b43 Initial load duke parents: diff changeset	44	private final EphemeralKeyManager ephemeralKeyManager;
90ce3da70b43 Initial load duke parents: diff changeset	45	private final SSLSessionContextImpl clientCache;
90ce3da70b43 Initial load duke parents: diff changeset	46	private final SSLSessionContextImpl serverCache;
90ce3da70b43 Initial load duke parents: diff changeset	47
90ce3da70b43 Initial load duke parents: diff changeset	48	private boolean isInitialized;
90ce3da70b43 Initial load duke parents: diff changeset	49
90ce3da70b43 Initial load duke parents: diff changeset	50	private X509ExtendedKeyManager keyManager;
90ce3da70b43 Initial load duke parents: diff changeset	51	private X509TrustManager trustManager;
90ce3da70b43 Initial load duke parents: diff changeset	52	private SecureRandom secureRandom;
90ce3da70b43 Initial load duke parents: diff changeset	53
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	54	// The default algrithm constraints
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	55	private AlgorithmConstraints defaultAlgorithmConstraints =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	56	new SSLAlgorithmConstraints(null);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	57
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	58	// supported and default protocols
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	59	private ProtocolList defaultServerProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	60	private ProtocolList defaultClientProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	61	private ProtocolList supportedProtocolList;
2 90ce3da70b43 Initial load duke parents: diff changeset	62
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	63	// supported and default cipher suites
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	64	private CipherSuiteList defaultServerCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	65	private CipherSuiteList defaultClientCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	66	private CipherSuiteList supportedCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	67
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	68	SSLContextImpl() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	69	ephemeralKeyManager = new EphemeralKeyManager();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	70	clientCache = new SSLSessionContextImpl();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	71	serverCache = new SSLSessionContextImpl();
2 90ce3da70b43 Initial load duke parents: diff changeset	72	}
90ce3da70b43 Initial load duke parents: diff changeset	73
90ce3da70b43 Initial load duke parents: diff changeset	74	protected void engineInit(KeyManager[] km, TrustManager[] tm,
90ce3da70b43 Initial load duke parents: diff changeset	75	SecureRandom sr) throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	76	isInitialized = false;
90ce3da70b43 Initial load duke parents: diff changeset	77	keyManager = chooseKeyManager(km);
90ce3da70b43 Initial load duke parents: diff changeset	78
90ce3da70b43 Initial load duke parents: diff changeset	79	if (tm == null) {
90ce3da70b43 Initial load duke parents: diff changeset	80	try {
90ce3da70b43 Initial load duke parents: diff changeset	81	TrustManagerFactory tmf = TrustManagerFactory.getInstance(
90ce3da70b43 Initial load duke parents: diff changeset	82	TrustManagerFactory.getDefaultAlgorithm());
90ce3da70b43 Initial load duke parents: diff changeset	83	tmf.init((KeyStore)null);
90ce3da70b43 Initial load duke parents: diff changeset	84	tm = tmf.getTrustManagers();
90ce3da70b43 Initial load duke parents: diff changeset	85	} catch (Exception e) {
90ce3da70b43 Initial load duke parents: diff changeset	86	// eat
90ce3da70b43 Initial load duke parents: diff changeset	87	}
90ce3da70b43 Initial load duke parents: diff changeset	88	}
90ce3da70b43 Initial load duke parents: diff changeset	89	trustManager = chooseTrustManager(tm);
90ce3da70b43 Initial load duke parents: diff changeset	90
90ce3da70b43 Initial load duke parents: diff changeset	91	if (sr == null) {
90ce3da70b43 Initial load duke parents: diff changeset	92	secureRandom = JsseJce.getSecureRandom();
90ce3da70b43 Initial load duke parents: diff changeset	93	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	94	if (SunJSSE.isFIPS() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	95	(sr.getProvider() != SunJSSE.cryptoProvider)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	96	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	97	("FIPS mode: SecureRandom must be from provider "
90ce3da70b43 Initial load duke parents: diff changeset	98	+ SunJSSE.cryptoProvider.getName());
90ce3da70b43 Initial load duke parents: diff changeset	99	}
90ce3da70b43 Initial load duke parents: diff changeset	100	secureRandom = sr;
90ce3da70b43 Initial load duke parents: diff changeset	101	}
90ce3da70b43 Initial load duke parents: diff changeset	102
90ce3da70b43 Initial load duke parents: diff changeset	103	/*
90ce3da70b43 Initial load duke parents: diff changeset	104	* The initial delay of seeding the random number generator
90ce3da70b43 Initial load duke parents: diff changeset	105	* could be long enough to cause the initial handshake on our
90ce3da70b43 Initial load duke parents: diff changeset	106	* first connection to timeout and fail. Make sure it is
90ce3da70b43 Initial load duke parents: diff changeset	107	* primed and ready by getting some initial output from it.
90ce3da70b43 Initial load duke parents: diff changeset	108	*/
90ce3da70b43 Initial load duke parents: diff changeset	109	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	110	System.out.println("trigger seeding of SecureRandom");
90ce3da70b43 Initial load duke parents: diff changeset	111	}
90ce3da70b43 Initial load duke parents: diff changeset	112	secureRandom.nextInt();
90ce3da70b43 Initial load duke parents: diff changeset	113	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	114	System.out.println("done seeding SecureRandom");
90ce3da70b43 Initial load duke parents: diff changeset	115	}
90ce3da70b43 Initial load duke parents: diff changeset	116	isInitialized = true;
90ce3da70b43 Initial load duke parents: diff changeset	117	}
90ce3da70b43 Initial load duke parents: diff changeset	118
90ce3da70b43 Initial load duke parents: diff changeset	119	private X509TrustManager chooseTrustManager(TrustManager[] tm)
90ce3da70b43 Initial load duke parents: diff changeset	120	throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	121	// We only use the first instance of X509TrustManager passed to us.
90ce3da70b43 Initial load duke parents: diff changeset	122	for (int i = 0; tm != null && i < tm.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	123	if (tm[i] instanceof X509TrustManager) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	124	if (SunJSSE.isFIPS() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	125	!(tm[i] instanceof X509TrustManagerImpl)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	126	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	127	("FIPS mode: only SunJSSE TrustManagers may be used");
90ce3da70b43 Initial load duke parents: diff changeset	128	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	129
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	130	if (tm[i] instanceof X509ExtendedTrustManager) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	131	return (X509TrustManager)tm[i];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	132	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	133	return new AbstractTrustManagerWrapper(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	134	(X509TrustManager)tm[i]);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	135	}
2 90ce3da70b43 Initial load duke parents: diff changeset	136	}
90ce3da70b43 Initial load duke parents: diff changeset	137	}
90ce3da70b43 Initial load duke parents: diff changeset	138
90ce3da70b43 Initial load duke parents: diff changeset	139	// nothing found, return a dummy X509TrustManager.
90ce3da70b43 Initial load duke parents: diff changeset	140	return DummyX509TrustManager.INSTANCE;
90ce3da70b43 Initial load duke parents: diff changeset	141	}
90ce3da70b43 Initial load duke parents: diff changeset	142
90ce3da70b43 Initial load duke parents: diff changeset	143	private X509ExtendedKeyManager chooseKeyManager(KeyManager[] kms)
90ce3da70b43 Initial load duke parents: diff changeset	144	throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	145	for (int i = 0; kms != null && i < kms.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	146	KeyManager km = kms[i];
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	147	if (!(km instanceof X509KeyManager)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	148	continue;
90ce3da70b43 Initial load duke parents: diff changeset	149	}
90ce3da70b43 Initial load duke parents: diff changeset	150	if (SunJSSE.isFIPS()) {
90ce3da70b43 Initial load duke parents: diff changeset	151	// In FIPS mode, require that one of SunJSSE's own keymanagers
90ce3da70b43 Initial load duke parents: diff changeset	152	// is used. Otherwise, we cannot be sure that only keys from
90ce3da70b43 Initial load duke parents: diff changeset	153	// the FIPS token are used.
90ce3da70b43 Initial load duke parents: diff changeset	154	if ((km instanceof X509KeyManagerImpl)
90ce3da70b43 Initial load duke parents: diff changeset	155	\|\| (km instanceof SunX509KeyManagerImpl)) {
90ce3da70b43 Initial load duke parents: diff changeset	156	return (X509ExtendedKeyManager)km;
90ce3da70b43 Initial load duke parents: diff changeset	157	} else {
90ce3da70b43 Initial load duke parents: diff changeset	158	// throw exception, we don't want to silently use the
90ce3da70b43 Initial load duke parents: diff changeset	159	// dummy keymanager without telling the user.
90ce3da70b43 Initial load duke parents: diff changeset	160	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	161	("FIPS mode: only SunJSSE KeyManagers may be used");
90ce3da70b43 Initial load duke parents: diff changeset	162	}
90ce3da70b43 Initial load duke parents: diff changeset	163	}
90ce3da70b43 Initial load duke parents: diff changeset	164	if (km instanceof X509ExtendedKeyManager) {
90ce3da70b43 Initial load duke parents: diff changeset	165	return (X509ExtendedKeyManager)km;
90ce3da70b43 Initial load duke parents: diff changeset	166	}
90ce3da70b43 Initial load duke parents: diff changeset	167	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	168	System.out.println(
90ce3da70b43 Initial load duke parents: diff changeset	169	"X509KeyManager passed to " +
90ce3da70b43 Initial load duke parents: diff changeset	170	"SSLContext.init(): need an " +
90ce3da70b43 Initial load duke parents: diff changeset	171	"X509ExtendedKeyManager for SSLEngine use");
90ce3da70b43 Initial load duke parents: diff changeset	172	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	173	return new AbstractKeyManagerWrapper((X509KeyManager)km);
2 90ce3da70b43 Initial load duke parents: diff changeset	174	}
90ce3da70b43 Initial load duke parents: diff changeset	175
90ce3da70b43 Initial load duke parents: diff changeset	176	// nothing found, return a dummy X509ExtendedKeyManager
90ce3da70b43 Initial load duke parents: diff changeset	177	return DummyX509KeyManager.INSTANCE;
90ce3da70b43 Initial load duke parents: diff changeset	178	}
90ce3da70b43 Initial load duke parents: diff changeset	179
90ce3da70b43 Initial load duke parents: diff changeset	180	protected SSLSocketFactory engineGetSocketFactory() {
90ce3da70b43 Initial load duke parents: diff changeset	181	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	182	throw new IllegalStateException(
90ce3da70b43 Initial load duke parents: diff changeset	183	"SSLContextImpl is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	184	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	185	return new SSLSocketFactoryImpl(this);
2 90ce3da70b43 Initial load duke parents: diff changeset	186	}
90ce3da70b43 Initial load duke parents: diff changeset	187
90ce3da70b43 Initial load duke parents: diff changeset	188	protected SSLServerSocketFactory engineGetServerSocketFactory() {
90ce3da70b43 Initial load duke parents: diff changeset	189	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	190	throw new IllegalStateException("SSLContext is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	191	}
90ce3da70b43 Initial load duke parents: diff changeset	192	return new SSLServerSocketFactoryImpl(this);
90ce3da70b43 Initial load duke parents: diff changeset	193	}
90ce3da70b43 Initial load duke parents: diff changeset	194
90ce3da70b43 Initial load duke parents: diff changeset	195	protected SSLEngine engineCreateSSLEngine() {
90ce3da70b43 Initial load duke parents: diff changeset	196	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	197	throw new IllegalStateException(
90ce3da70b43 Initial load duke parents: diff changeset	198	"SSLContextImpl is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	199	}
90ce3da70b43 Initial load duke parents: diff changeset	200	return new SSLEngineImpl(this);
90ce3da70b43 Initial load duke parents: diff changeset	201	}
90ce3da70b43 Initial load duke parents: diff changeset	202
90ce3da70b43 Initial load duke parents: diff changeset	203	protected SSLEngine engineCreateSSLEngine(String host, int port) {
90ce3da70b43 Initial load duke parents: diff changeset	204	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	205	throw new IllegalStateException(
90ce3da70b43 Initial load duke parents: diff changeset	206	"SSLContextImpl is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	207	}
90ce3da70b43 Initial load duke parents: diff changeset	208	return new SSLEngineImpl(this, host, port);
90ce3da70b43 Initial load duke parents: diff changeset	209	}
90ce3da70b43 Initial load duke parents: diff changeset	210
90ce3da70b43 Initial load duke parents: diff changeset	211	protected SSLSessionContext engineGetClientSessionContext() {
90ce3da70b43 Initial load duke parents: diff changeset	212	return clientCache;
90ce3da70b43 Initial load duke parents: diff changeset	213	}
90ce3da70b43 Initial load duke parents: diff changeset	214
90ce3da70b43 Initial load duke parents: diff changeset	215	protected SSLSessionContext engineGetServerSessionContext() {
90ce3da70b43 Initial load duke parents: diff changeset	216	return serverCache;
90ce3da70b43 Initial load duke parents: diff changeset	217	}
90ce3da70b43 Initial load duke parents: diff changeset	218
90ce3da70b43 Initial load duke parents: diff changeset	219	SecureRandom getSecureRandom() {
90ce3da70b43 Initial load duke parents: diff changeset	220	return secureRandom;
90ce3da70b43 Initial load duke parents: diff changeset	221	}
90ce3da70b43 Initial load duke parents: diff changeset	222
90ce3da70b43 Initial load duke parents: diff changeset	223	X509ExtendedKeyManager getX509KeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	224	return keyManager;
90ce3da70b43 Initial load duke parents: diff changeset	225	}
90ce3da70b43 Initial load duke parents: diff changeset	226
90ce3da70b43 Initial load duke parents: diff changeset	227	X509TrustManager getX509TrustManager() {
90ce3da70b43 Initial load duke parents: diff changeset	228	return trustManager;
90ce3da70b43 Initial load duke parents: diff changeset	229	}
90ce3da70b43 Initial load duke parents: diff changeset	230
90ce3da70b43 Initial load duke parents: diff changeset	231	EphemeralKeyManager getEphemeralKeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	232	return ephemeralKeyManager;
90ce3da70b43 Initial load duke parents: diff changeset	233	}
90ce3da70b43 Initial load duke parents: diff changeset	234
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	235	abstract SSLParameters getDefaultServerSSLParams();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	236	abstract SSLParameters getDefaultClientSSLParams();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	237	abstract SSLParameters getSupportedSSLParams();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	238
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	239	// Get suported ProtoclList.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	240	ProtocolList getSuportedProtocolList() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	241	if (supportedProtocolList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	242	supportedProtocolList =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	243	new ProtocolList(getSupportedSSLParams().getProtocols());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	244	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	245
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	246	return supportedProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	247	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	248
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	249	// Get default ProtoclList.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	250	ProtocolList getDefaultProtocolList(boolean roleIsServer) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	251	if (roleIsServer) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	252	if (defaultServerProtocolList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	253	defaultServerProtocolList = new ProtocolList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	254	getDefaultServerSSLParams().getProtocols());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	255	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	256
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	257	return defaultServerProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	258	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	259	if (defaultClientProtocolList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	260	defaultClientProtocolList = new ProtocolList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	261	getDefaultClientSSLParams().getProtocols());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	262	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	263
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	264	return defaultClientProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	265	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	266	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	267
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	268	// Get suported CipherSuiteList.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	269	CipherSuiteList getSuportedCipherSuiteList() {
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	270	// The maintenance of cipher suites needs to be synchronized.
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	271	synchronized (this) {
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	272	// Clear cache of available ciphersuites.
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	273	clearAvailableCache();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	274
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	275	if (supportedCipherSuiteList == null) {
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	276	supportedCipherSuiteList = getApplicableCipherSuiteList(
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	277	getSuportedProtocolList(), false);
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	278	}
12677 2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	279
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	280	return supportedCipherSuiteList;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	281	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	282	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	283
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	284	// Get default CipherSuiteList.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	285	CipherSuiteList getDefaultCipherSuiteList(boolean roleIsServer) {
12677 2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	286	// The maintenance of cipher suites needs to be synchronized.
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	287	synchronized (this) {
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	288	// Clear cache of available ciphersuites.
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	289	clearAvailableCache();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	290
12677 2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	291	if (roleIsServer) {
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	292	if (defaultServerCipherSuiteList == null) {
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	293	defaultServerCipherSuiteList = getApplicableCipherSuiteList(
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	294	getDefaultProtocolList(true), true);
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	295	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	296
12677 2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	297	return defaultServerCipherSuiteList;
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	298	} else {
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	299	if (defaultClientCipherSuiteList == null) {
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	300	defaultClientCipherSuiteList = getApplicableCipherSuiteList(
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	301	getDefaultProtocolList(false), true);
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	302	}
12677 2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	303
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	304	return defaultClientCipherSuiteList;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	305	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	306	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	307	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	308
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	309	/**
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	310	* Return whether a protocol list is the original default enabled
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	311	* protocols. See: SSLSocket/SSLEngine.setEnabledProtocols()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	312	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	313	boolean isDefaultProtocolList(ProtocolList protocols) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	314	return (protocols == defaultServerProtocolList) \|\|
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	315	(protocols == defaultClientProtocolList);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	316	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	317
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	318
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	319	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	320	* Return the list of all available CipherSuites with a priority of
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	321	* minPriority or above.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	322	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	323	private CipherSuiteList getApplicableCipherSuiteList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	324	ProtocolList protocols, boolean onlyEnabled) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	325
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	326	int minPriority = CipherSuite.SUPPORTED_SUITES_PRIORITY;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	327	if (onlyEnabled) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	328	minPriority = CipherSuite.DEFAULT_SUITES_PRIORITY;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	329	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	330
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	331	Collection<CipherSuite> allowedCipherSuites =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	332	CipherSuite.allowedCipherSuites();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	333
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	334	TreeSet<CipherSuite> suites = new TreeSet<>();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	335	if (!(protocols.collection().isEmpty()) &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	336	protocols.min.v != ProtocolVersion.NONE.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	337	for (CipherSuite suite : allowedCipherSuites) {
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	338	if (!suite.allowed \|\| suite.priority < minPriority) {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	339	continue;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	340	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	341
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	342	if (suite.isAvailable() &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	343	suite.obsoleted > protocols.min.v &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	344	suite.supported <= protocols.max.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	345	if (defaultAlgorithmConstraints.permits(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	346	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	347	suite.name, null)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	348	suites.add(suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	349	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	350	} else if (debug != null &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	351	Debug.isOn("sslctx") && Debug.isOn("verbose")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	352	if (suite.obsoleted <= protocols.min.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	353	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	354	"Ignoring obsoleted cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	355	} else if (suite.supported > protocols.max.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	356	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	357	"Ignoring unsupported cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	358	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	359	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	360	"Ignoring unavailable cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	361	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	362	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	363	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	364	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	365
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	366	return new CipherSuiteList(suites);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	367	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	368
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	369	/**
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	370	* Clear cache of available ciphersuites. If we support all ciphers
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	371	* internally, there is no need to clear the cache and calling this
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	372	* method has no effect.
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	373	*
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	374	* Note that every call to clearAvailableCache() and the maintenance of
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	375	* cipher suites need to be synchronized with this instance.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	376	*/
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	377	private void clearAvailableCache() {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	378	if (CipherSuite.DYNAMIC_AVAILABILITY) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	379	supportedCipherSuiteList = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	380	defaultServerCipherSuiteList = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	381	defaultClientCipherSuiteList = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	382	CipherSuite.BulkCipher.clearAvailableCache();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	383	JsseJce.clearEcAvailable();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	384	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	385	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	386
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	387	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	388	* The SSLContext implementation for TLS/SSL algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	389	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	390	* SSL/TLS protocols specify the forward compatibility and version
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	391	* roll-back attack protections, however, a number of SSL/TLS server
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	392	* vendors did not implement these aspects properly, and some current
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	393	* SSL/TLS servers may refuse to talk to a TLS 1.1 or later client.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	394	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	395	* Considering above interoperability issues, SunJSSE will not set
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	396	* TLS 1.1 and TLS 1.2 as the enabled protocols for client by default.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	397	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	398	* For SSL/TLS servers, there is no such interoperability issues as
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	399	* SSL/TLS clients. In SunJSSE, TLS 1.1 or later version will be the
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	400	* enabled protocols for server by default.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	401	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	402	* We may change the behavior when popular TLS/SSL vendors support TLS
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	403	* forward compatibility properly.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	404	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	405	* SSLv2Hello is no longer necessary. This interoperability option was
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	406	* put in place in the late 90's when SSLv3/TLS1.0 were relatively new
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	407	* and there were a fair number of SSLv2-only servers deployed. Because
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	408	* of the security issues in SSLv2, it is rarely (if ever) used, as
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	409	* deployments should now be using SSLv3 and TLSv1.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	410	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	411	* Considering the issues of SSLv2Hello, we should not enable SSLv2Hello
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	412	* by default. Applications still can use it by enabling SSLv2Hello with
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	413	* the series of setEnabledProtocols APIs.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	414	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	415
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	416	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	417	* The conservative SSLContext implementation for TLS, SSL, SSLv3 and
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	418	* TLS10 algorithm.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	419	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	420	* This is a super class of DefaultSSLContext and TLS10Context.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	421	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	422	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	423	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	424	private static class ConservativeSSLContext extends SSLContextImpl {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	425	// parameters
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	426	private static SSLParameters defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	427	private static SSLParameters defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	428	private static SSLParameters supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	429
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	430	static {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	431	if (SunJSSE.isFIPS()) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	432	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	433	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	434	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	435	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	436	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	437	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	438
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	439	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	440
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	441	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	442	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	443	ProtocolVersion.TLS10.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	444	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	445
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	446	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	447	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	448	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	449	ProtocolVersion.SSL20Hello.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	450	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	451	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	452	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	453	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	454	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	455
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	456	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	457
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	458	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	459	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	460	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	461	ProtocolVersion.TLS10.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	462	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	463	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	464	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	465
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	466	SSLParameters getDefaultServerSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	467	return defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	468	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	469
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	470	SSLParameters getDefaultClientSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	471	return defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	472	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	473
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	474	SSLParameters getSupportedSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	475	return supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	476	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	477	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	478
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	479	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	480	* The SSLContext implementation for default algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	481	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	482	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	483	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	484	public static final class DefaultSSLContext extends ConservativeSSLContext {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	485	private static final String NONE = "NONE";
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	486	private static final String P11KEYSTORE = "PKCS11";
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	487
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	488	private static volatile SSLContextImpl defaultImpl;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	489
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	490	private static TrustManager[] defaultTrustManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	491	private static KeyManager[] defaultKeyManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	492
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	493	public DefaultSSLContext() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	494	try {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	495	super.engineInit(getDefaultKeyManager(),
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	496	getDefaultTrustManager(), null);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	497	} catch (Exception e) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	498	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	499	System.out.println("default context init failed: " + e);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	500	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	501	throw e;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	502	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	503
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	504	if (defaultImpl == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	505	defaultImpl = this;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	506	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	507	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	508
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	509	protected void engineInit(KeyManager[] km, TrustManager[] tm,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	510	SecureRandom sr) throws KeyManagementException {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	511	throw new KeyManagementException
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	512	("Default SSLContext is initialized automatically");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	513	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	514
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	515	static synchronized SSLContextImpl getDefaultImpl() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	516	if (defaultImpl == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	517	new DefaultSSLContext();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	518	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	519	return defaultImpl;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	520	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	521
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	522	private static synchronized TrustManager[] getDefaultTrustManager()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	523	throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	524	if (defaultTrustManagers != null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	525	return defaultTrustManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	526	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	527
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	528	KeyStore ks =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	529	TrustManagerFactoryImpl.getCacertsKeyStore("defaultctx");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	530
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	531	TrustManagerFactory tmf = TrustManagerFactory.getInstance(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	532	TrustManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	533	tmf.init(ks);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	534	defaultTrustManagers = tmf.getTrustManagers();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	535	return defaultTrustManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	536	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	537
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	538	private static synchronized KeyManager[] getDefaultKeyManager()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	539	throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	540	if (defaultKeyManagers != null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	541	return defaultKeyManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	542	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	543
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	544	final Map<String,String> props = new HashMap<>();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	545	AccessController.doPrivileged(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	546	new PrivilegedExceptionAction<Object>() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	547	public Object run() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	548	props.put("keyStore", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	549	"javax.net.ssl.keyStore", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	550	props.put("keyStoreType", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	551	"javax.net.ssl.keyStoreType",
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	552	KeyStore.getDefaultType()));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	553	props.put("keyStoreProvider", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	554	"javax.net.ssl.keyStoreProvider", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	555	props.put("keyStorePasswd", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	556	"javax.net.ssl.keyStorePassword", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	557	return null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	558	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	559	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	560
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	561	final String defaultKeyStore = props.get("keyStore");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	562	String defaultKeyStoreType = props.get("keyStoreType");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	563	String defaultKeyStoreProvider = props.get("keyStoreProvider");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	564	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	565	System.out.println("keyStore is : " + defaultKeyStore);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	566	System.out.println("keyStore type is : " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	567	defaultKeyStoreType);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	568	System.out.println("keyStore provider is : " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	569	defaultKeyStoreProvider);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	570	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	571
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	572	if (P11KEYSTORE.equals(defaultKeyStoreType) &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	573	!NONE.equals(defaultKeyStore)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	574	throw new IllegalArgumentException("if keyStoreType is "
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	575	+ P11KEYSTORE + ", then keyStore must be " + NONE);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	576	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	577
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	578	FileInputStream fs = null;
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	579	KeyStore ks = null;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	580	char[] passwd = null;
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	581	try {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	582	if (defaultKeyStore.length() != 0 &&
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	583	!NONE.equals(defaultKeyStore)) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	584	fs = AccessController.doPrivileged(
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	585	new PrivilegedExceptionAction<FileInputStream>() {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	586	public FileInputStream run() throws Exception {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	587	return new FileInputStream(defaultKeyStore);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	588	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	589	});
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	590	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	591
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	592	String defaultKeyStorePassword = props.get("keyStorePasswd");
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	593	if (defaultKeyStorePassword.length() != 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	594	passwd = defaultKeyStorePassword.toCharArray();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	595	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	596
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	597	/**
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	598	* Try to initialize key store.
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	599	*/
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	600	if ((defaultKeyStoreType.length()) != 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	601	if (debug != null && Debug.isOn("defaultctx")) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	602	System.out.println("init keystore");
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	603	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	604	if (defaultKeyStoreProvider.length() == 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	605	ks = KeyStore.getInstance(defaultKeyStoreType);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	606	} else {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	607	ks = KeyStore.getInstance(defaultKeyStoreType,
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	608	defaultKeyStoreProvider);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	609	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	610
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	611	// if defaultKeyStore is NONE, fs will be null
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	612	ks.load(fs, passwd);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	613	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	614	} finally {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	615	if (fs != null) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	616	fs.close();
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	617	fs = null;
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	618	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	619	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	620
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	621	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	622	* Try to initialize key manager.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	623	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	624	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	625	System.out.println("init keymanager of type " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	626	KeyManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	627	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	628	KeyManagerFactory kmf = KeyManagerFactory.getInstance(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	629	KeyManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	630
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	631	if (P11KEYSTORE.equals(defaultKeyStoreType)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	632	kmf.init(ks, null); // do not pass key passwd if using token
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	633	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	634	kmf.init(ks, passwd);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	635	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	636
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	637	defaultKeyManagers = kmf.getKeyManagers();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	638	return defaultKeyManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	639	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	640	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	641
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	642	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	643	* The SSLContext implementation for TLS, SSL, SSLv3 and TLS10 algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	644	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	645	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	646	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	647	public static final class TLS10Context extends ConservativeSSLContext {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	648	// use the default constructor and methods
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	649	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	650
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	651	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	652	* The SSLContext implementation for TLS11 algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	653	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	654	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	655	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	656	public static final class TLS11Context extends SSLContextImpl {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	657	// parameters
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	658	private static SSLParameters defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	659	private static SSLParameters defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	660	private static SSLParameters supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	661
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	662	static {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	663	if (SunJSSE.isFIPS()) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	664	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	665	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	666	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	667	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	668	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	669	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	670
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	671	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	672
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	673	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	674	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	675	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	676	ProtocolVersion.TLS11.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	677	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	678
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	679	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	680	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	681	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	682	ProtocolVersion.SSL20Hello.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	683	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	684	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	685	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	686	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	687	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	688
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	689	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	690
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	691	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	692	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	693	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	694	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	695	ProtocolVersion.TLS11.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	696	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	697	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	698	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	699
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	700	SSLParameters getDefaultServerSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	701	return defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	702	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	703
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	704	SSLParameters getDefaultClientSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	705	return defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	706	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	707
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	708	SSLParameters getSupportedSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	709	return supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	710	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	711	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	712
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	713	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	714	* The SSLContext implementation for TLS12 algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	715	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	716	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	717	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	718	public static final class TLS12Context extends SSLContextImpl {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	719	// parameters
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	720	private static SSLParameters defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	721	private static SSLParameters defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	722	private static SSLParameters supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	723
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	724	static {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	725	if (SunJSSE.isFIPS()) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	726	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	727	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	728	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	729	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	730	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	731	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	732
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	733	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	734
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	735	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	736	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	737	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	738	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	739	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	740	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	741
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	742	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	743	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	744	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	745	ProtocolVersion.SSL20Hello.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	746	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	747	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	748	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	749	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	750	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	751
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	752	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	753
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	754	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	755	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	756	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	757	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	758	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	759	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	760	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	761	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	762	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	763
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	764	SSLParameters getDefaultServerSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	765	return defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	766	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	767
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	768	SSLParameters getDefaultClientSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	769	return defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	770	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	771
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	772	SSLParameters getSupportedSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	773	return supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	774	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	775	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	776
2 90ce3da70b43 Initial load duke parents: diff changeset	777	}
90ce3da70b43 Initial load duke parents: diff changeset	778
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	779
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	780	final class AbstractTrustManagerWrapper extends X509ExtendedTrustManager
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	781	implements X509TrustManager {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	782
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	783	// the delegated trust manager
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	784	private final X509TrustManager tm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	785
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	786	AbstractTrustManagerWrapper(X509TrustManager tm) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	787	this.tm = tm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	788	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	789
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	790	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	791	public void checkClientTrusted(X509Certificate[] chain, String authType)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	792	throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	793	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	794	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	795
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	796	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	797	public void checkServerTrusted(X509Certificate[] chain, String authType)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	798	throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	799	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	800	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	801
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	802	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	803	public X509Certificate[] getAcceptedIssuers() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	804	return tm.getAcceptedIssuers();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	805	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	806
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	807	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	808	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	809	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	810	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	811	checkAdditionalTrust(chain, authType, socket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	812	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	813
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	814	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	815	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	816	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	817	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	818	checkAdditionalTrust(chain, authType, socket, false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	819	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	820
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	821	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	822	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	823	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	824	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	825	checkAdditionalTrust(chain, authType, engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	826	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	827
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	828	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	829	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	830	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	831	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	832	checkAdditionalTrust(chain, authType, engine, false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	833	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	834
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	835	private void checkAdditionalTrust(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	836	Socket socket, boolean isClient) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	837	if (socket != null && socket.isConnected() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	838	socket instanceof SSLSocket) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	839
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	840	SSLSocket sslSocket = (SSLSocket)socket;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	841	SSLSession session = sslSocket.getHandshakeSession();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	842	if (session == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	843	throw new CertificateException("No handshake session");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	844	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	845
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	846	// check endpoint identity
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	847	String identityAlg = sslSocket.getSSLParameters().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	848	getEndpointIdentificationAlgorithm();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	849	if (identityAlg != null && identityAlg.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	850	String hostname = session.getPeerHost();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	851	X509TrustManagerImpl.checkIdentity(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	852	hostname, chain[0], identityAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	853	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	854
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	855	// try the best to check the algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	856	ProtocolVersion protocolVersion =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	857	ProtocolVersion.valueOf(session.getProtocol());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	858	AlgorithmConstraints constraints = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	859	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	860	if (session instanceof ExtendedSSLSession) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	861	ExtendedSSLSession extSession =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	862	(ExtendedSSLSession)session;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	863	String[] peerSupportedSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	864	extSession.getLocalSupportedSignatureAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	865
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	866	constraints = new SSLAlgorithmConstraints(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	867	sslSocket, peerSupportedSignAlgs, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	868	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	869	constraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	870	new SSLAlgorithmConstraints(sslSocket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	871	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	872	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	873	constraints = new SSLAlgorithmConstraints(sslSocket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	874	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	875
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	876	checkAlgorithmConstraints(chain, constraints);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	877	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	878	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	879
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	880	private void checkAdditionalTrust(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	881	SSLEngine engine, boolean isClient) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	882	if (engine != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	883	SSLSession session = engine.getHandshakeSession();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	884	if (session == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	885	throw new CertificateException("No handshake session");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	886	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	887
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	888	// check endpoint identity
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	889	String identityAlg = engine.getSSLParameters().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	890	getEndpointIdentificationAlgorithm();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	891	if (identityAlg != null && identityAlg.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	892	String hostname = session.getPeerHost();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	893	X509TrustManagerImpl.checkIdentity(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	894	hostname, chain[0], identityAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	895	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	896
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	897	// try the best to check the algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	898	ProtocolVersion protocolVersion =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	899	ProtocolVersion.valueOf(session.getProtocol());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	900	AlgorithmConstraints constraints = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	901	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	902	if (session instanceof ExtendedSSLSession) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	903	ExtendedSSLSession extSession =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	904	(ExtendedSSLSession)session;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	905	String[] peerSupportedSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	906	extSession.getLocalSupportedSignatureAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	907
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	908	constraints = new SSLAlgorithmConstraints(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	909	engine, peerSupportedSignAlgs, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	910	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	911	constraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	912	new SSLAlgorithmConstraints(engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	913	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	914	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	915	constraints = new SSLAlgorithmConstraints(engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	916	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	917
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	918	checkAlgorithmConstraints(chain, constraints);
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	919	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	920	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	921
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	922	private void checkAlgorithmConstraints(X509Certificate[] chain,
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	923	AlgorithmConstraints constraints) throws CertificateException {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	924
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	925	try {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	926	// Does the certificate chain end with a trusted certificate?
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	927	int checkedLength = chain.length - 1;
12302 0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	928
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	929	Collection<X509Certificate> trustedCerts = new HashSet<>();
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	930	X509Certificate[] certs = tm.getAcceptedIssuers();
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	931	if ((certs != null) && (certs.length > 0)){
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	932	Collections.addAll(trustedCerts, certs);
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	933	}
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	934
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	935	if (trustedCerts.contains(chain[checkedLength])) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	936	checkedLength--;
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	937	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	938
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	939	// A forward checker, need to check from trust to target
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	940	if (checkedLength >= 0) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	941	AlgorithmChecker checker = new AlgorithmChecker(constraints);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	942	checker.init(false);
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	943	for (int i = checkedLength; i >= 0; i--) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	944	Certificate cert = chain[i];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	945	// We don't care about the unresolved critical extensions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	946	checker.check(cert, Collections.<String>emptySet());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	947	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	948	}
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	949	} catch (CertPathValidatorException cpve) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	950	throw new CertificateException(
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	951	"Certificates does not conform to algorithm constraints");
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	952	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	953	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	954	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	955
2 90ce3da70b43 Initial load duke parents: diff changeset	956	// Dummy X509TrustManager implementation, rejects all peer certificates.
90ce3da70b43 Initial load duke parents: diff changeset	957	// Used if the application did not specify a proper X509TrustManager.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	958	final class DummyX509TrustManager extends X509ExtendedTrustManager
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	959	implements X509TrustManager {
2 90ce3da70b43 Initial load duke parents: diff changeset	960
90ce3da70b43 Initial load duke parents: diff changeset	961	static final X509TrustManager INSTANCE = new DummyX509TrustManager();
90ce3da70b43 Initial load duke parents: diff changeset	962
90ce3da70b43 Initial load duke parents: diff changeset	963	private DummyX509TrustManager() {
90ce3da70b43 Initial load duke parents: diff changeset	964	// empty
90ce3da70b43 Initial load duke parents: diff changeset	965	}
90ce3da70b43 Initial load duke parents: diff changeset	966
90ce3da70b43 Initial load duke parents: diff changeset	967	/*
90ce3da70b43 Initial load duke parents: diff changeset	968	* Given the partial or complete certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	969	* provided by the peer, build a certificate path
90ce3da70b43 Initial load duke parents: diff changeset	970	* to a trusted root and return if it can be
90ce3da70b43 Initial load duke parents: diff changeset	971	* validated and is trusted for client SSL authentication.
90ce3da70b43 Initial load duke parents: diff changeset	972	* If not, it throws an exception.
90ce3da70b43 Initial load duke parents: diff changeset	973	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	974	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	975	public void checkClientTrusted(X509Certificate[] chain, String authType)
90ce3da70b43 Initial load duke parents: diff changeset	976	throws CertificateException {
90ce3da70b43 Initial load duke parents: diff changeset	977	throw new CertificateException(
90ce3da70b43 Initial load duke parents: diff changeset	978	"No X509TrustManager implementation avaiable");
90ce3da70b43 Initial load duke parents: diff changeset	979	}
90ce3da70b43 Initial load duke parents: diff changeset	980
90ce3da70b43 Initial load duke parents: diff changeset	981	/*
90ce3da70b43 Initial load duke parents: diff changeset	982	* Given the partial or complete certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	983	* provided by the peer, build a certificate path
90ce3da70b43 Initial load duke parents: diff changeset	984	* to a trusted root and return if it can be
90ce3da70b43 Initial load duke parents: diff changeset	985	* validated and is trusted for server SSL authentication.
90ce3da70b43 Initial load duke parents: diff changeset	986	* If not, it throws an exception.
90ce3da70b43 Initial load duke parents: diff changeset	987	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	988	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	989	public void checkServerTrusted(X509Certificate[] chain, String authType)
90ce3da70b43 Initial load duke parents: diff changeset	990	throws CertificateException {
90ce3da70b43 Initial load duke parents: diff changeset	991	throw new CertificateException(
90ce3da70b43 Initial load duke parents: diff changeset	992	"No X509TrustManager implementation available");
90ce3da70b43 Initial load duke parents: diff changeset	993	}
90ce3da70b43 Initial load duke parents: diff changeset	994
90ce3da70b43 Initial load duke parents: diff changeset	995	/*
90ce3da70b43 Initial load duke parents: diff changeset	996	* Return an array of issuer certificates which are trusted
90ce3da70b43 Initial load duke parents: diff changeset	997	* for authenticating peers.
90ce3da70b43 Initial load duke parents: diff changeset	998	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	999	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1000	public X509Certificate[] getAcceptedIssuers() {
90ce3da70b43 Initial load duke parents: diff changeset	1001	return new X509Certificate[0];
90ce3da70b43 Initial load duke parents: diff changeset	1002	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1003
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1004	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1005	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1006	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1007	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1008	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1009	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1010
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1011	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1012	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1013	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1014	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1015	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1016	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1017
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1018	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1019	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1020	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1021	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1022	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1023	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1024
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1025	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1026	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1027	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1028	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1029	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1030	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1031	}
90ce3da70b43 Initial load duke parents: diff changeset	1032
90ce3da70b43 Initial load duke parents: diff changeset	1033	/*
90ce3da70b43 Initial load duke parents: diff changeset	1034	* A wrapper class to turn a X509KeyManager into an X509ExtendedKeyManager
90ce3da70b43 Initial load duke parents: diff changeset	1035	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1036	final class AbstractKeyManagerWrapper extends X509ExtendedKeyManager {
2 90ce3da70b43 Initial load duke parents: diff changeset	1037
90ce3da70b43 Initial load duke parents: diff changeset	1038	private final X509KeyManager km;
90ce3da70b43 Initial load duke parents: diff changeset	1039
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1040	AbstractKeyManagerWrapper(X509KeyManager km) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1041	this.km = km;
90ce3da70b43 Initial load duke parents: diff changeset	1042	}
90ce3da70b43 Initial load duke parents: diff changeset	1043
90ce3da70b43 Initial load duke parents: diff changeset	1044	public String[] getClientAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1045	return km.getClientAliases(keyType, issuers);
90ce3da70b43 Initial load duke parents: diff changeset	1046	}
90ce3da70b43 Initial load duke parents: diff changeset	1047
90ce3da70b43 Initial load duke parents: diff changeset	1048	public String chooseClientAlias(String[] keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1049	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1050	return km.chooseClientAlias(keyType, issuers, socket);
90ce3da70b43 Initial load duke parents: diff changeset	1051	}
90ce3da70b43 Initial load duke parents: diff changeset	1052
90ce3da70b43 Initial load duke parents: diff changeset	1053	public String[] getServerAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1054	return km.getServerAliases(keyType, issuers);
90ce3da70b43 Initial load duke parents: diff changeset	1055	}
90ce3da70b43 Initial load duke parents: diff changeset	1056
90ce3da70b43 Initial load duke parents: diff changeset	1057	public String chooseServerAlias(String keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1058	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1059	return km.chooseServerAlias(keyType, issuers, socket);
90ce3da70b43 Initial load duke parents: diff changeset	1060	}
90ce3da70b43 Initial load duke parents: diff changeset	1061
90ce3da70b43 Initial load duke parents: diff changeset	1062	public X509Certificate[] getCertificateChain(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1063	return km.getCertificateChain(alias);
90ce3da70b43 Initial load duke parents: diff changeset	1064	}
90ce3da70b43 Initial load duke parents: diff changeset	1065
90ce3da70b43 Initial load duke parents: diff changeset	1066	public PrivateKey getPrivateKey(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1067	return km.getPrivateKey(alias);
90ce3da70b43 Initial load duke parents: diff changeset	1068	}
90ce3da70b43 Initial load duke parents: diff changeset	1069
90ce3da70b43 Initial load duke parents: diff changeset	1070	// Inherit chooseEngineClientAlias() and chooseEngineServerAlias() from
90ce3da70b43 Initial load duke parents: diff changeset	1071	// X509ExtendedKeymanager. It defines them to return null;
90ce3da70b43 Initial load duke parents: diff changeset	1072	}
90ce3da70b43 Initial load duke parents: diff changeset	1073
90ce3da70b43 Initial load duke parents: diff changeset	1074
90ce3da70b43 Initial load duke parents: diff changeset	1075	// Dummy X509KeyManager implementation, never returns any certificates/keys.
90ce3da70b43 Initial load duke parents: diff changeset	1076	// Used if the application did not specify a proper X509TrustManager.
90ce3da70b43 Initial load duke parents: diff changeset	1077	final class DummyX509KeyManager extends X509ExtendedKeyManager {
90ce3da70b43 Initial load duke parents: diff changeset	1078
90ce3da70b43 Initial load duke parents: diff changeset	1079	static final X509ExtendedKeyManager INSTANCE = new DummyX509KeyManager();
90ce3da70b43 Initial load duke parents: diff changeset	1080
90ce3da70b43 Initial load duke parents: diff changeset	1081	private DummyX509KeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	1082	// empty
90ce3da70b43 Initial load duke parents: diff changeset	1083	}
90ce3da70b43 Initial load duke parents: diff changeset	1084
90ce3da70b43 Initial load duke parents: diff changeset	1085	/*
90ce3da70b43 Initial load duke parents: diff changeset	1086	* Get the matching aliases for authenticating the client side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1087	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1088	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1089	*/
90ce3da70b43 Initial load duke parents: diff changeset	1090	public String[] getClientAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1091	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1092	}
90ce3da70b43 Initial load duke parents: diff changeset	1093
90ce3da70b43 Initial load duke parents: diff changeset	1094	/*
90ce3da70b43 Initial load duke parents: diff changeset	1095	* Choose an alias to authenticate the client side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1096	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1097	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1098	*/
90ce3da70b43 Initial load duke parents: diff changeset	1099	public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1100	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1101	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1102	}
90ce3da70b43 Initial load duke parents: diff changeset	1103
90ce3da70b43 Initial load duke parents: diff changeset	1104	/*
90ce3da70b43 Initial load duke parents: diff changeset	1105	* Choose an alias to authenticate the client side of an
90ce3da70b43 Initial load duke parents: diff changeset	1106	* engine given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1107	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1108	*/
90ce3da70b43 Initial load duke parents: diff changeset	1109	public String chooseEngineClientAlias(
90ce3da70b43 Initial load duke parents: diff changeset	1110	String[] keyTypes, Principal[] issuers, SSLEngine engine) {
90ce3da70b43 Initial load duke parents: diff changeset	1111	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1112	}
90ce3da70b43 Initial load duke parents: diff changeset	1113
90ce3da70b43 Initial load duke parents: diff changeset	1114	/*
90ce3da70b43 Initial load duke parents: diff changeset	1115	* Get the matching aliases for authenticating the server side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1116	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1117	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1118	*/
90ce3da70b43 Initial load duke parents: diff changeset	1119	public String[] getServerAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1120	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1121	}
90ce3da70b43 Initial load duke parents: diff changeset	1122
90ce3da70b43 Initial load duke parents: diff changeset	1123	/*
90ce3da70b43 Initial load duke parents: diff changeset	1124	* Choose an alias to authenticate the server side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1125	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1126	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1127	*/
90ce3da70b43 Initial load duke parents: diff changeset	1128	public String chooseServerAlias(String keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1129	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1130	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1131	}
90ce3da70b43 Initial load duke parents: diff changeset	1132
90ce3da70b43 Initial load duke parents: diff changeset	1133	/*
90ce3da70b43 Initial load duke parents: diff changeset	1134	* Choose an alias to authenticate the server side of an engine
90ce3da70b43 Initial load duke parents: diff changeset	1135	* given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1136	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1137	*/
90ce3da70b43 Initial load duke parents: diff changeset	1138	public String chooseEngineServerAlias(
90ce3da70b43 Initial load duke parents: diff changeset	1139	String keyType, Principal[] issuers, SSLEngine engine) {
90ce3da70b43 Initial load duke parents: diff changeset	1140	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1141	}
90ce3da70b43 Initial load duke parents: diff changeset	1142
90ce3da70b43 Initial load duke parents: diff changeset	1143	/**
90ce3da70b43 Initial load duke parents: diff changeset	1144	* Returns the certificate chain associated with the given alias.
90ce3da70b43 Initial load duke parents: diff changeset	1145	*
90ce3da70b43 Initial load duke parents: diff changeset	1146	* @param alias the alias name
90ce3da70b43 Initial load duke parents: diff changeset	1147	*
90ce3da70b43 Initial load duke parents: diff changeset	1148	* @return the certificate chain (ordered with the user's certificate first
90ce3da70b43 Initial load duke parents: diff changeset	1149	* and the root certificate authority last)
90ce3da70b43 Initial load duke parents: diff changeset	1150	*/
90ce3da70b43 Initial load duke parents: diff changeset	1151	public X509Certificate[] getCertificateChain(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1152	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1153	}
90ce3da70b43 Initial load duke parents: diff changeset	1154
90ce3da70b43 Initial load duke parents: diff changeset	1155	/*
90ce3da70b43 Initial load duke parents: diff changeset	1156	* Returns the key associated with the given alias, using the given
90ce3da70b43 Initial load duke parents: diff changeset	1157	* password to recover it.
90ce3da70b43 Initial load duke parents: diff changeset	1158	*
90ce3da70b43 Initial load duke parents: diff changeset	1159	* @param alias the alias name
90ce3da70b43 Initial load duke parents: diff changeset	1160	*
90ce3da70b43 Initial load duke parents: diff changeset	1161	* @return the requested key
90ce3da70b43 Initial load duke parents: diff changeset	1162	*/
90ce3da70b43 Initial load duke parents: diff changeset	1163	public PrivateKey getPrivateKey(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1164	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1165	}
90ce3da70b43 Initial load duke parents: diff changeset	1166	}

author	xuelei
	Wed, 06 Jun 2012 18:18:58 -0700
changeset 12874	14df9c7c18e1
parent 12677	2b25f3fc4f81
child 13815	2de30ecf335e
permissions	-rw-r--r--