jdk-sandbox: jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java@3317bb8137f4 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	2	* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.net.Socket;
90ce3da70b43 Initial load duke parents: diff changeset	29
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	30	import java.io.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	31	import java.util.*;
2 90ce3da70b43 Initial load duke parents: diff changeset	32	import java.security.*;
90ce3da70b43 Initial load duke parents: diff changeset	33	import java.security.cert.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	34	import java.security.cert.Certificate;
2 90ce3da70b43 Initial load duke parents: diff changeset	35
90ce3da70b43 Initial load duke parents: diff changeset	36	import javax.net.ssl.*;
90ce3da70b43 Initial load duke parents: diff changeset	37
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	38	import sun.security.provider.certpath.AlgorithmChecker;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	39	import sun.security.action.GetPropertyAction;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	40
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	41	public abstract class SSLContextImpl extends SSLContextSpi {
2 90ce3da70b43 Initial load duke parents: diff changeset	42
90ce3da70b43 Initial load duke parents: diff changeset	43	private static final Debug debug = Debug.getInstance("ssl");
90ce3da70b43 Initial load duke parents: diff changeset	44
90ce3da70b43 Initial load duke parents: diff changeset	45	private final EphemeralKeyManager ephemeralKeyManager;
90ce3da70b43 Initial load duke parents: diff changeset	46	private final SSLSessionContextImpl clientCache;
90ce3da70b43 Initial load duke parents: diff changeset	47	private final SSLSessionContextImpl serverCache;
90ce3da70b43 Initial load duke parents: diff changeset	48
90ce3da70b43 Initial load duke parents: diff changeset	49	private boolean isInitialized;
90ce3da70b43 Initial load duke parents: diff changeset	50
90ce3da70b43 Initial load duke parents: diff changeset	51	private X509ExtendedKeyManager keyManager;
90ce3da70b43 Initial load duke parents: diff changeset	52	private X509TrustManager trustManager;
90ce3da70b43 Initial load duke parents: diff changeset	53	private SecureRandom secureRandom;
90ce3da70b43 Initial load duke parents: diff changeset	54
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	55	// The default algrithm constraints
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	56	private AlgorithmConstraints defaultAlgorithmConstraints =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	57	new SSLAlgorithmConstraints(null);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	58
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	59	// supported and default protocols
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	60	private ProtocolList defaultServerProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	61	private ProtocolList defaultClientProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	62	private ProtocolList supportedProtocolList;
2 90ce3da70b43 Initial load duke parents: diff changeset	63
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	64	// supported and default cipher suites
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	65	private CipherSuiteList defaultServerCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	66	private CipherSuiteList defaultClientCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	67	private CipherSuiteList supportedCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	68
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	69	SSLContextImpl() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	70	ephemeralKeyManager = new EphemeralKeyManager();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	71	clientCache = new SSLSessionContextImpl();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	72	serverCache = new SSLSessionContextImpl();
2 90ce3da70b43 Initial load duke parents: diff changeset	73	}
90ce3da70b43 Initial load duke parents: diff changeset	74
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	75	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	76	protected void engineInit(KeyManager[] km, TrustManager[] tm,
90ce3da70b43 Initial load duke parents: diff changeset	77	SecureRandom sr) throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	78	isInitialized = false;
90ce3da70b43 Initial load duke parents: diff changeset	79	keyManager = chooseKeyManager(km);
90ce3da70b43 Initial load duke parents: diff changeset	80
90ce3da70b43 Initial load duke parents: diff changeset	81	if (tm == null) {
90ce3da70b43 Initial load duke parents: diff changeset	82	try {
90ce3da70b43 Initial load duke parents: diff changeset	83	TrustManagerFactory tmf = TrustManagerFactory.getInstance(
90ce3da70b43 Initial load duke parents: diff changeset	84	TrustManagerFactory.getDefaultAlgorithm());
90ce3da70b43 Initial load duke parents: diff changeset	85	tmf.init((KeyStore)null);
90ce3da70b43 Initial load duke parents: diff changeset	86	tm = tmf.getTrustManagers();
90ce3da70b43 Initial load duke parents: diff changeset	87	} catch (Exception e) {
90ce3da70b43 Initial load duke parents: diff changeset	88	// eat
90ce3da70b43 Initial load duke parents: diff changeset	89	}
90ce3da70b43 Initial load duke parents: diff changeset	90	}
90ce3da70b43 Initial load duke parents: diff changeset	91	trustManager = chooseTrustManager(tm);
90ce3da70b43 Initial load duke parents: diff changeset	92
90ce3da70b43 Initial load duke parents: diff changeset	93	if (sr == null) {
90ce3da70b43 Initial load duke parents: diff changeset	94	secureRandom = JsseJce.getSecureRandom();
90ce3da70b43 Initial load duke parents: diff changeset	95	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	96	if (SunJSSE.isFIPS() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	97	(sr.getProvider() != SunJSSE.cryptoProvider)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	98	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	99	("FIPS mode: SecureRandom must be from provider "
90ce3da70b43 Initial load duke parents: diff changeset	100	+ SunJSSE.cryptoProvider.getName());
90ce3da70b43 Initial load duke parents: diff changeset	101	}
90ce3da70b43 Initial load duke parents: diff changeset	102	secureRandom = sr;
90ce3da70b43 Initial load duke parents: diff changeset	103	}
90ce3da70b43 Initial load duke parents: diff changeset	104
90ce3da70b43 Initial load duke parents: diff changeset	105	/*
90ce3da70b43 Initial load duke parents: diff changeset	106	* The initial delay of seeding the random number generator
90ce3da70b43 Initial load duke parents: diff changeset	107	* could be long enough to cause the initial handshake on our
90ce3da70b43 Initial load duke parents: diff changeset	108	* first connection to timeout and fail. Make sure it is
90ce3da70b43 Initial load duke parents: diff changeset	109	* primed and ready by getting some initial output from it.
90ce3da70b43 Initial load duke parents: diff changeset	110	*/
90ce3da70b43 Initial load duke parents: diff changeset	111	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	112	System.out.println("trigger seeding of SecureRandom");
90ce3da70b43 Initial load duke parents: diff changeset	113	}
90ce3da70b43 Initial load duke parents: diff changeset	114	secureRandom.nextInt();
90ce3da70b43 Initial load duke parents: diff changeset	115	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	116	System.out.println("done seeding SecureRandom");
90ce3da70b43 Initial load duke parents: diff changeset	117	}
90ce3da70b43 Initial load duke parents: diff changeset	118	isInitialized = true;
90ce3da70b43 Initial load duke parents: diff changeset	119	}
90ce3da70b43 Initial load duke parents: diff changeset	120
90ce3da70b43 Initial load duke parents: diff changeset	121	private X509TrustManager chooseTrustManager(TrustManager[] tm)
90ce3da70b43 Initial load duke parents: diff changeset	122	throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	123	// We only use the first instance of X509TrustManager passed to us.
90ce3da70b43 Initial load duke parents: diff changeset	124	for (int i = 0; tm != null && i < tm.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	125	if (tm[i] instanceof X509TrustManager) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	126	if (SunJSSE.isFIPS() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	127	!(tm[i] instanceof X509TrustManagerImpl)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	128	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	129	("FIPS mode: only SunJSSE TrustManagers may be used");
90ce3da70b43 Initial load duke parents: diff changeset	130	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	131
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	132	if (tm[i] instanceof X509ExtendedTrustManager) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	133	return (X509TrustManager)tm[i];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	134	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	135	return new AbstractTrustManagerWrapper(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	136	(X509TrustManager)tm[i]);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	137	}
2 90ce3da70b43 Initial load duke parents: diff changeset	138	}
90ce3da70b43 Initial load duke parents: diff changeset	139	}
90ce3da70b43 Initial load duke parents: diff changeset	140
90ce3da70b43 Initial load duke parents: diff changeset	141	// nothing found, return a dummy X509TrustManager.
90ce3da70b43 Initial load duke parents: diff changeset	142	return DummyX509TrustManager.INSTANCE;
90ce3da70b43 Initial load duke parents: diff changeset	143	}
90ce3da70b43 Initial load duke parents: diff changeset	144
90ce3da70b43 Initial load duke parents: diff changeset	145	private X509ExtendedKeyManager chooseKeyManager(KeyManager[] kms)
90ce3da70b43 Initial load duke parents: diff changeset	146	throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	147	for (int i = 0; kms != null && i < kms.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	148	KeyManager km = kms[i];
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	149	if (!(km instanceof X509KeyManager)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	150	continue;
90ce3da70b43 Initial load duke parents: diff changeset	151	}
90ce3da70b43 Initial load duke parents: diff changeset	152	if (SunJSSE.isFIPS()) {
90ce3da70b43 Initial load duke parents: diff changeset	153	// In FIPS mode, require that one of SunJSSE's own keymanagers
90ce3da70b43 Initial load duke parents: diff changeset	154	// is used. Otherwise, we cannot be sure that only keys from
90ce3da70b43 Initial load duke parents: diff changeset	155	// the FIPS token are used.
90ce3da70b43 Initial load duke parents: diff changeset	156	if ((km instanceof X509KeyManagerImpl)
90ce3da70b43 Initial load duke parents: diff changeset	157	\|\| (km instanceof SunX509KeyManagerImpl)) {
90ce3da70b43 Initial load duke parents: diff changeset	158	return (X509ExtendedKeyManager)km;
90ce3da70b43 Initial load duke parents: diff changeset	159	} else {
90ce3da70b43 Initial load duke parents: diff changeset	160	// throw exception, we don't want to silently use the
90ce3da70b43 Initial load duke parents: diff changeset	161	// dummy keymanager without telling the user.
90ce3da70b43 Initial load duke parents: diff changeset	162	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	163	("FIPS mode: only SunJSSE KeyManagers may be used");
90ce3da70b43 Initial load duke parents: diff changeset	164	}
90ce3da70b43 Initial load duke parents: diff changeset	165	}
90ce3da70b43 Initial load duke parents: diff changeset	166	if (km instanceof X509ExtendedKeyManager) {
90ce3da70b43 Initial load duke parents: diff changeset	167	return (X509ExtendedKeyManager)km;
90ce3da70b43 Initial load duke parents: diff changeset	168	}
90ce3da70b43 Initial load duke parents: diff changeset	169	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	170	System.out.println(
90ce3da70b43 Initial load duke parents: diff changeset	171	"X509KeyManager passed to " +
90ce3da70b43 Initial load duke parents: diff changeset	172	"SSLContext.init(): need an " +
90ce3da70b43 Initial load duke parents: diff changeset	173	"X509ExtendedKeyManager for SSLEngine use");
90ce3da70b43 Initial load duke parents: diff changeset	174	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	175	return new AbstractKeyManagerWrapper((X509KeyManager)km);
2 90ce3da70b43 Initial load duke parents: diff changeset	176	}
90ce3da70b43 Initial load duke parents: diff changeset	177
90ce3da70b43 Initial load duke parents: diff changeset	178	// nothing found, return a dummy X509ExtendedKeyManager
90ce3da70b43 Initial load duke parents: diff changeset	179	return DummyX509KeyManager.INSTANCE;
90ce3da70b43 Initial load duke parents: diff changeset	180	}
90ce3da70b43 Initial load duke parents: diff changeset	181
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	182	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	183	protected SSLSocketFactory engineGetSocketFactory() {
90ce3da70b43 Initial load duke parents: diff changeset	184	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	185	throw new IllegalStateException(
90ce3da70b43 Initial load duke parents: diff changeset	186	"SSLContextImpl is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	187	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	188	return new SSLSocketFactoryImpl(this);
2 90ce3da70b43 Initial load duke parents: diff changeset	189	}
90ce3da70b43 Initial load duke parents: diff changeset	190
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	191	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	192	protected SSLServerSocketFactory engineGetServerSocketFactory() {
90ce3da70b43 Initial load duke parents: diff changeset	193	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	194	throw new IllegalStateException("SSLContext is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	195	}
90ce3da70b43 Initial load duke parents: diff changeset	196	return new SSLServerSocketFactoryImpl(this);
90ce3da70b43 Initial load duke parents: diff changeset	197	}
90ce3da70b43 Initial load duke parents: diff changeset	198
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	199	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	200	protected SSLEngine engineCreateSSLEngine() {
90ce3da70b43 Initial load duke parents: diff changeset	201	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	202	throw new IllegalStateException(
90ce3da70b43 Initial load duke parents: diff changeset	203	"SSLContextImpl is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	204	}
90ce3da70b43 Initial load duke parents: diff changeset	205	return new SSLEngineImpl(this);
90ce3da70b43 Initial load duke parents: diff changeset	206	}
90ce3da70b43 Initial load duke parents: diff changeset	207
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	208	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	209	protected SSLEngine engineCreateSSLEngine(String host, int port) {
90ce3da70b43 Initial load duke parents: diff changeset	210	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	211	throw new IllegalStateException(
90ce3da70b43 Initial load duke parents: diff changeset	212	"SSLContextImpl is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	213	}
90ce3da70b43 Initial load duke parents: diff changeset	214	return new SSLEngineImpl(this, host, port);
90ce3da70b43 Initial load duke parents: diff changeset	215	}
90ce3da70b43 Initial load duke parents: diff changeset	216
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	217	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	218	protected SSLSessionContext engineGetClientSessionContext() {
90ce3da70b43 Initial load duke parents: diff changeset	219	return clientCache;
90ce3da70b43 Initial load duke parents: diff changeset	220	}
90ce3da70b43 Initial load duke parents: diff changeset	221
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	222	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	223	protected SSLSessionContext engineGetServerSessionContext() {
90ce3da70b43 Initial load duke parents: diff changeset	224	return serverCache;
90ce3da70b43 Initial load duke parents: diff changeset	225	}
90ce3da70b43 Initial load duke parents: diff changeset	226
90ce3da70b43 Initial load duke parents: diff changeset	227	SecureRandom getSecureRandom() {
90ce3da70b43 Initial load duke parents: diff changeset	228	return secureRandom;
90ce3da70b43 Initial load duke parents: diff changeset	229	}
90ce3da70b43 Initial load duke parents: diff changeset	230
90ce3da70b43 Initial load duke parents: diff changeset	231	X509ExtendedKeyManager getX509KeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	232	return keyManager;
90ce3da70b43 Initial load duke parents: diff changeset	233	}
90ce3da70b43 Initial load duke parents: diff changeset	234
90ce3da70b43 Initial load duke parents: diff changeset	235	X509TrustManager getX509TrustManager() {
90ce3da70b43 Initial load duke parents: diff changeset	236	return trustManager;
90ce3da70b43 Initial load duke parents: diff changeset	237	}
90ce3da70b43 Initial load duke parents: diff changeset	238
90ce3da70b43 Initial load duke parents: diff changeset	239	EphemeralKeyManager getEphemeralKeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	240	return ephemeralKeyManager;
90ce3da70b43 Initial load duke parents: diff changeset	241	}
90ce3da70b43 Initial load duke parents: diff changeset	242
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	243	abstract SSLParameters getDefaultServerSSLParams();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	244	abstract SSLParameters getDefaultClientSSLParams();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	245	abstract SSLParameters getSupportedSSLParams();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	246
21278 ef8a3a2a72f2 8022746: List of spelling errors in API doc malenkov parents: 14664 diff changeset	247	// Get supported ProtocolList.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	248	ProtocolList getSuportedProtocolList() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	249	if (supportedProtocolList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	250	supportedProtocolList =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	251	new ProtocolList(getSupportedSSLParams().getProtocols());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	252	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	253
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	254	return supportedProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	255	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	256
21278 ef8a3a2a72f2 8022746: List of spelling errors in API doc malenkov parents: 14664 diff changeset	257	// Get default ProtocolList.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	258	ProtocolList getDefaultProtocolList(boolean roleIsServer) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	259	if (roleIsServer) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	260	if (defaultServerProtocolList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	261	defaultServerProtocolList = new ProtocolList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	262	getDefaultServerSSLParams().getProtocols());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	263	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	264
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	265	return defaultServerProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	266	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	267	if (defaultClientProtocolList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	268	defaultClientProtocolList = new ProtocolList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	269	getDefaultClientSSLParams().getProtocols());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	270	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	271
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	272	return defaultClientProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	273	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	274	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	275
21278 ef8a3a2a72f2 8022746: List of spelling errors in API doc malenkov parents: 14664 diff changeset	276	// Get supported CipherSuiteList.
13815 2de30ecf335e 7199066: Typo in method name xuelei parents: 12874 diff changeset	277	CipherSuiteList getSupportedCipherSuiteList() {
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	278	// The maintenance of cipher suites needs to be synchronized.
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	279	synchronized (this) {
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	280	// Clear cache of available ciphersuites.
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	281	clearAvailableCache();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	282
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	283	if (supportedCipherSuiteList == null) {
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	284	supportedCipherSuiteList = getApplicableCipherSuiteList(
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	285	getSuportedProtocolList(), false);
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	286	}
12677 2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	287
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	288	return supportedCipherSuiteList;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	289	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	290	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	291
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	292	// Get default CipherSuiteList.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	293	CipherSuiteList getDefaultCipherSuiteList(boolean roleIsServer) {
12677 2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	294	// The maintenance of cipher suites needs to be synchronized.
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	295	synchronized (this) {
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	296	// Clear cache of available ciphersuites.
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	297	clearAvailableCache();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	298
12677 2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	299	if (roleIsServer) {
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	300	if (defaultServerCipherSuiteList == null) {
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	301	defaultServerCipherSuiteList = getApplicableCipherSuiteList(
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	302	getDefaultProtocolList(true), true);
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	303	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	304
12677 2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	305	return defaultServerCipherSuiteList;
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	306	} else {
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	307	if (defaultClientCipherSuiteList == null) {
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	308	defaultClientCipherSuiteList = getApplicableCipherSuiteList(
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	309	getDefaultProtocolList(false), true);
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	310	}
12677 2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	311
2b25f3fc4f81 7167092: Need to put the return clause in the synchronized block xuelei parents: 12671 diff changeset	312	return defaultClientCipherSuiteList;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	313	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	314	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	315	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	316
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	317	/**
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	318	* Return whether a protocol list is the original default enabled
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	319	* protocols. See: SSLSocket/SSLEngine.setEnabledProtocols()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	320	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	321	boolean isDefaultProtocolList(ProtocolList protocols) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	322	return (protocols == defaultServerProtocolList) \|\|
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	323	(protocols == defaultClientProtocolList);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	324	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	325
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	326
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	327	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	328	* Return the list of all available CipherSuites with a priority of
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	329	* minPriority or above.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	330	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	331	private CipherSuiteList getApplicableCipherSuiteList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	332	ProtocolList protocols, boolean onlyEnabled) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	333
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	334	int minPriority = CipherSuite.SUPPORTED_SUITES_PRIORITY;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	335	if (onlyEnabled) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	336	minPriority = CipherSuite.DEFAULT_SUITES_PRIORITY;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	337	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	338
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	339	Collection<CipherSuite> allowedCipherSuites =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	340	CipherSuite.allowedCipherSuites();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	341
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	342	TreeSet<CipherSuite> suites = new TreeSet<>();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	343	if (!(protocols.collection().isEmpty()) &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	344	protocols.min.v != ProtocolVersion.NONE.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	345	for (CipherSuite suite : allowedCipherSuites) {
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	346	if (!suite.allowed \|\| suite.priority < minPriority) {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	347	continue;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	348	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	349
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	350	if (suite.isAvailable() &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	351	suite.obsoleted > protocols.min.v &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	352	suite.supported <= protocols.max.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	353	if (defaultAlgorithmConstraints.permits(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	354	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	355	suite.name, null)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	356	suites.add(suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	357	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	358	} else if (debug != null &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	359	Debug.isOn("sslctx") && Debug.isOn("verbose")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	360	if (suite.obsoleted <= protocols.min.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	361	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	362	"Ignoring obsoleted cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	363	} else if (suite.supported > protocols.max.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	364	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	365	"Ignoring unsupported cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	366	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	367	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	368	"Ignoring unavailable cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	369	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	370	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	371	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	372	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	373
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	374	return new CipherSuiteList(suites);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	375	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	376
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	377	/**
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	378	* Clear cache of available ciphersuites. If we support all ciphers
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	379	* internally, there is no need to clear the cache and calling this
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	380	* method has no effect.
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	381	*
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	382	* Note that every call to clearAvailableCache() and the maintenance of
729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	383	* cipher suites need to be synchronized with this instance.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	384	*/
12671 729f78ba3a10 7153184: NullPointerException when calling SSLEngineImpl.getSupportedCipherSuites xuelei parents: 12302 diff changeset	385	private void clearAvailableCache() {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	386	if (CipherSuite.DYNAMIC_AVAILABILITY) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	387	supportedCipherSuiteList = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	388	defaultServerCipherSuiteList = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	389	defaultClientCipherSuiteList = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	390	CipherSuite.BulkCipher.clearAvailableCache();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	391	JsseJce.clearEcAvailable();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	392	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	393	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	394
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	395	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	396	* The SSLContext implementation for TLS/SSL algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	397	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	398	* SSL/TLS protocols specify the forward compatibility and version
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	399	* roll-back attack protections, however, a number of SSL/TLS server
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	400	* vendors did not implement these aspects properly, and some current
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	401	* SSL/TLS servers may refuse to talk to a TLS 1.1 or later client.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	402	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	403	* Considering above interoperability issues, SunJSSE will not set
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	404	* TLS 1.1 and TLS 1.2 as the enabled protocols for client by default.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	405	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	406	* For SSL/TLS servers, there is no such interoperability issues as
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	407	* SSL/TLS clients. In SunJSSE, TLS 1.1 or later version will be the
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	408	* enabled protocols for server by default.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	409	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	410	* We may change the behavior when popular TLS/SSL vendors support TLS
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	411	* forward compatibility properly.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	412	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	413	* SSLv2Hello is no longer necessary. This interoperability option was
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	414	* put in place in the late 90's when SSLv3/TLS1.0 were relatively new
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	415	* and there were a fair number of SSLv2-only servers deployed. Because
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	416	* of the security issues in SSLv2, it is rarely (if ever) used, as
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	417	* deployments should now be using SSLv3 and TLSv1.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	418	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	419	* Considering the issues of SSLv2Hello, we should not enable SSLv2Hello
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	420	* by default. Applications still can use it by enabling SSLv2Hello with
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	421	* the series of setEnabledProtocols APIs.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	422	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	423
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	424	/*
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	425	* The base abstract SSLContext implementation.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	426	*
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	427	* This abstract class encapsulates supported and the default server
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	428	* SSL parameters.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	429	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	430	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	431	*/
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	432	private abstract static class AbstractSSLContext extends SSLContextImpl {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	433	// parameters
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	434	private final static SSLParameters defaultServerSSLParams;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	435	private final static SSLParameters supportedSSLParams;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	436
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	437	static {
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	438	supportedSSLParams = new SSLParameters();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	439	if (SunJSSE.isFIPS()) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	440	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	441	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	442	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	443	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	444	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	445
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	446	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	447	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	448	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	449	ProtocolVersion.SSL20Hello.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	450	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	451	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	452	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	453	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	454	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	455
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	456	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	457	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	458	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	459
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	460	@Override
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	461	SSLParameters getDefaultServerSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	462	return defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	463	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	464
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	465	@Override
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	466	SSLParameters getSupportedSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	467	return supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	468	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	469	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	470
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	471	/*
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	472	* The SSLContext implementation for SSLv3 and TLS10 algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	473	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	474	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	475	*/
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	476	public static final class TLS10Context extends AbstractSSLContext {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	477	private final static SSLParameters defaultClientSSLParams;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	478
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	479	static {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	480	defaultClientSSLParams = new SSLParameters();
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	481	if (SunJSSE.isFIPS()) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	482	defaultClientSSLParams.setProtocols(new String[] {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	483	ProtocolVersion.TLS10.name
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	484	});
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	485
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	486	} else {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	487	defaultClientSSLParams.setProtocols(new String[] {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	488	ProtocolVersion.SSL30.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	489	ProtocolVersion.TLS10.name
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	490	});
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	491	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	492	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	493
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	494	@Override
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	495	SSLParameters getDefaultClientSSLParams() {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	496	return defaultClientSSLParams;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	497	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	498	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	499
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	500	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	501	* The SSLContext implementation for TLS11 algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	502	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	503	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	504	*/
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	505	public static final class TLS11Context extends AbstractSSLContext {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	506	private final static SSLParameters defaultClientSSLParams;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	507
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	508	static {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	509	defaultClientSSLParams = new SSLParameters();
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	510	if (SunJSSE.isFIPS()) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	511	defaultClientSSLParams.setProtocols(new String[] {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	512	ProtocolVersion.TLS10.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	513	ProtocolVersion.TLS11.name
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	514	});
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	515
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	516	} else {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	517	defaultClientSSLParams.setProtocols(new String[] {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	518	ProtocolVersion.SSL30.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	519	ProtocolVersion.TLS10.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	520	ProtocolVersion.TLS11.name
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	521	});
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	522	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	523	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	524
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	525	@Override
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	526	SSLParameters getDefaultClientSSLParams() {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	527	return defaultClientSSLParams;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	528	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	529	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	530
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	531	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	532	* The SSLContext implementation for TLS12 algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	533	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	534	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	535	*/
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	536	public static final class TLS12Context extends AbstractSSLContext {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	537	private final static SSLParameters defaultClientSSLParams;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	538
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	539	static {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	540	defaultClientSSLParams = new SSLParameters();
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	541	if (SunJSSE.isFIPS()) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	542	defaultClientSSLParams.setProtocols(new String[] {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	543	ProtocolVersion.TLS10.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	544	ProtocolVersion.TLS11.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	545	ProtocolVersion.TLS12.name
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	546	});
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	547
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	548	} else {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	549	defaultClientSSLParams.setProtocols(new String[] {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	550	ProtocolVersion.SSL30.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	551	ProtocolVersion.TLS10.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	552	ProtocolVersion.TLS11.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	553	ProtocolVersion.TLS12.name
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	554	});
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	555	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	556	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	557
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	558	@Override
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	559	SSLParameters getDefaultClientSSLParams() {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	560	return defaultClientSSLParams;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	561	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	562	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	563
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	564	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	565	* The SSLContext implementation for customized TLS protocols
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	566	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	567	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	568	*/
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	569	private static class CustomizedSSLContext extends AbstractSSLContext {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	570	private final static String PROPERTY_NAME = "jdk.tls.client.protocols";
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	571	private final static SSLParameters defaultClientSSLParams;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	572	private static IllegalArgumentException reservedException = null;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	573
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	574	// Don't want a java.lang.LinkageError for illegal system property.
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	575	//
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	576	// Please don't throw exception in this static block. Otherwise,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	577	// java.lang.LinkageError may be thrown during the instantiation of
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	578	// the provider service. Instead, let's handle the initialization
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	579	// exception in constructor.
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	580	static {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	581	String property = AccessController.doPrivileged(
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	582	new GetPropertyAction(PROPERTY_NAME));
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	583	defaultClientSSLParams = new SSLParameters();
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	584	if (property == null \|\| property.length() == 0) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	585	// the default enabled client TLS protocols
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	586	if (SunJSSE.isFIPS()) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	587	defaultClientSSLParams.setProtocols(new String[] {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	588	ProtocolVersion.TLS10.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	589	ProtocolVersion.TLS11.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	590	ProtocolVersion.TLS12.name
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	591	});
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	592
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	593	} else {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	594	defaultClientSSLParams.setProtocols(new String[] {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	595	ProtocolVersion.SSL30.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	596	ProtocolVersion.TLS10.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	597	ProtocolVersion.TLS11.name,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	598	ProtocolVersion.TLS12.name
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	599	});
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	600	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	601	} else {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	602	// remove double quote marks from beginning/end of the property
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	603	if (property.charAt(0) == '"' &&
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	604	property.charAt(property.length() - 1) == '"') {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	605	property = property.substring(1, property.length() - 1);
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	606	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	607
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	608	String[] protocols = property.split(",");
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	609	for (int i = 0; i < protocols.length; i++) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	610	protocols[i] = protocols[i].trim();
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	611	// Is it a supported protocol name?
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	612	try {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	613	ProtocolVersion.valueOf(protocols[i]);
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	614	} catch (IllegalArgumentException iae) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	615	reservedException = new IllegalArgumentException(
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	616	PROPERTY_NAME + ": " + protocols[i] +
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	617	" is not a standard SSL protocol name", iae);
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	618	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	619	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	620
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	621	if ((reservedException == null) && SunJSSE.isFIPS()) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	622	for (String protocol : protocols) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	623	if (ProtocolVersion.SSL20Hello.name.equals(protocol) \|\|
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	624	ProtocolVersion.SSL30.name.equals(protocol)) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	625	reservedException = new IllegalArgumentException(
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	626	PROPERTY_NAME + ": " + protocol +
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	627	" is not FIPS compliant");
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	628	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	629	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	630	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	631
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	632	if (reservedException == null) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	633	defaultClientSSLParams.setProtocols(protocols);
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	634	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	635	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	636	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	637
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	638	protected CustomizedSSLContext() {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	639	if (reservedException != null) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	640	throw reservedException;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	641	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	642	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	643
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	644	@Override
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	645	SSLParameters getDefaultClientSSLParams() {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	646	return defaultClientSSLParams;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	647	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	648	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	649
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	650	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	651	* The SSLContext implementation for default "TLS" algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	652	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	653	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	654	*/
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	655	public static final class TLSContext extends CustomizedSSLContext {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	656	// use the default constructor and methods
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	657	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	658
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	659	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	660	* The SSLContext implementation for default "Default" algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	661	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	662	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	663	*/
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	664	public static final class DefaultSSLContext extends CustomizedSSLContext {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	665	private static final String NONE = "NONE";
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	666	private static final String P11KEYSTORE = "PKCS11";
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	667
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	668	private static volatile SSLContextImpl defaultImpl;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	669
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	670	private static TrustManager[] defaultTrustManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	671	private static KeyManager[] defaultKeyManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	672
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	673	public DefaultSSLContext() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	674	try {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	675	super.engineInit(getDefaultKeyManager(),
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	676	getDefaultTrustManager(), null);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	677	} catch (Exception e) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	678	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	679	System.out.println("default context init failed: " + e);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	680	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	681	throw e;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	682	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	683
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	684	if (defaultImpl == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	685	defaultImpl = this;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	686	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	687	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	688
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	689	@Override
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	690	protected void engineInit(KeyManager[] km, TrustManager[] tm,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	691	SecureRandom sr) throws KeyManagementException {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	692	throw new KeyManagementException
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	693	("Default SSLContext is initialized automatically");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	694	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	695
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	696	static synchronized SSLContextImpl getDefaultImpl() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	697	if (defaultImpl == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	698	new DefaultSSLContext();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	699	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	700	return defaultImpl;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	701	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	702
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	703	private static synchronized TrustManager[] getDefaultTrustManager()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	704	throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	705	if (defaultTrustManagers != null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	706	return defaultTrustManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	707	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	708
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	709	KeyStore ks =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	710	TrustManagerFactoryImpl.getCacertsKeyStore("defaultctx");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	711
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	712	TrustManagerFactory tmf = TrustManagerFactory.getInstance(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	713	TrustManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	714	tmf.init(ks);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	715	defaultTrustManagers = tmf.getTrustManagers();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	716	return defaultTrustManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	717	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	718
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	719	private static synchronized KeyManager[] getDefaultKeyManager()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	720	throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	721	if (defaultKeyManagers != null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	722	return defaultKeyManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	723	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	724
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	725	final Map<String,String> props = new HashMap<>();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	726	AccessController.doPrivileged(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	727	new PrivilegedExceptionAction<Object>() {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	728	@Override
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	729	public Object run() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	730	props.put("keyStore", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	731	"javax.net.ssl.keyStore", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	732	props.put("keyStoreType", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	733	"javax.net.ssl.keyStoreType",
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	734	KeyStore.getDefaultType()));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	735	props.put("keyStoreProvider", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	736	"javax.net.ssl.keyStoreProvider", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	737	props.put("keyStorePasswd", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	738	"javax.net.ssl.keyStorePassword", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	739	return null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	740	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	741	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	742
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	743	final String defaultKeyStore = props.get("keyStore");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	744	String defaultKeyStoreType = props.get("keyStoreType");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	745	String defaultKeyStoreProvider = props.get("keyStoreProvider");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	746	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	747	System.out.println("keyStore is : " + defaultKeyStore);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	748	System.out.println("keyStore type is : " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	749	defaultKeyStoreType);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	750	System.out.println("keyStore provider is : " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	751	defaultKeyStoreProvider);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	752	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	753
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	754	if (P11KEYSTORE.equals(defaultKeyStoreType) &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	755	!NONE.equals(defaultKeyStore)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	756	throw new IllegalArgumentException("if keyStoreType is "
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	757	+ P11KEYSTORE + ", then keyStore must be " + NONE);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	758	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	759
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	760	FileInputStream fs = null;
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	761	KeyStore ks = null;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	762	char[] passwd = null;
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	763	try {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	764	if (defaultKeyStore.length() != 0 &&
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	765	!NONE.equals(defaultKeyStore)) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	766	fs = AccessController.doPrivileged(
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	767	new PrivilegedExceptionAction<FileInputStream>() {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	768	@Override
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	769	public FileInputStream run() throws Exception {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	770	return new FileInputStream(defaultKeyStore);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	771	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	772	});
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	773	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	774
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	775	String defaultKeyStorePassword = props.get("keyStorePasswd");
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	776	if (defaultKeyStorePassword.length() != 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	777	passwd = defaultKeyStorePassword.toCharArray();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	778	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	779
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	780	/**
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	781	* Try to initialize key store.
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	782	*/
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	783	if ((defaultKeyStoreType.length()) != 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	784	if (debug != null && Debug.isOn("defaultctx")) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	785	System.out.println("init keystore");
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	786	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	787	if (defaultKeyStoreProvider.length() == 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	788	ks = KeyStore.getInstance(defaultKeyStoreType);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	789	} else {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	790	ks = KeyStore.getInstance(defaultKeyStoreType,
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	791	defaultKeyStoreProvider);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	792	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	793
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	794	// if defaultKeyStore is NONE, fs will be null
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	795	ks.load(fs, passwd);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	796	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	797	} finally {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	798	if (fs != null) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	799	fs.close();
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	800	fs = null;
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	801	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	802	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	803
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	804	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	805	* Try to initialize key manager.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	806	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	807	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	808	System.out.println("init keymanager of type " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	809	KeyManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	810	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	811	KeyManagerFactory kmf = KeyManagerFactory.getInstance(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	812	KeyManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	813
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	814	if (P11KEYSTORE.equals(defaultKeyStoreType)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	815	kmf.init(ks, null); // do not pass key passwd if using token
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	816	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	817	kmf.init(ks, passwd);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	818	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	819
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	820	defaultKeyManagers = kmf.getKeyManagers();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	821	return defaultKeyManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	822	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	823	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	824
2 90ce3da70b43 Initial load duke parents: diff changeset	825	}
90ce3da70b43 Initial load duke parents: diff changeset	826
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	827
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	828	final class AbstractTrustManagerWrapper extends X509ExtendedTrustManager
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	829	implements X509TrustManager {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	830
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	831	// the delegated trust manager
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	832	private final X509TrustManager tm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	833
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	834	AbstractTrustManagerWrapper(X509TrustManager tm) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	835	this.tm = tm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	836	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	837
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	838	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	839	public void checkClientTrusted(X509Certificate[] chain, String authType)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	840	throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	841	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	842	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	843
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	844	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	845	public void checkServerTrusted(X509Certificate[] chain, String authType)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	846	throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	847	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	848	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	849
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	850	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	851	public X509Certificate[] getAcceptedIssuers() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	852	return tm.getAcceptedIssuers();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	853	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	854
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	855	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	856	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	857	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	858	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	859	checkAdditionalTrust(chain, authType, socket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	860	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	861
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	862	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	863	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	864	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	865	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	866	checkAdditionalTrust(chain, authType, socket, false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	867	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	868
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	869	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	870	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	871	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	872	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	873	checkAdditionalTrust(chain, authType, engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	874	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	875
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	876	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	877	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	878	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	879	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	880	checkAdditionalTrust(chain, authType, engine, false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	881	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	882
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	883	private void checkAdditionalTrust(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	884	Socket socket, boolean isClient) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	885	if (socket != null && socket.isConnected() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	886	socket instanceof SSLSocket) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	887
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	888	SSLSocket sslSocket = (SSLSocket)socket;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	889	SSLSession session = sslSocket.getHandshakeSession();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	890	if (session == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	891	throw new CertificateException("No handshake session");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	892	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	893
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	894	// check endpoint identity
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	895	String identityAlg = sslSocket.getSSLParameters().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	896	getEndpointIdentificationAlgorithm();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	897	if (identityAlg != null && identityAlg.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	898	String hostname = session.getPeerHost();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	899	X509TrustManagerImpl.checkIdentity(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	900	hostname, chain[0], identityAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	901	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	902
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	903	// try the best to check the algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	904	ProtocolVersion protocolVersion =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	905	ProtocolVersion.valueOf(session.getProtocol());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	906	AlgorithmConstraints constraints = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	907	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	908	if (session instanceof ExtendedSSLSession) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	909	ExtendedSSLSession extSession =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	910	(ExtendedSSLSession)session;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	911	String[] peerSupportedSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	912	extSession.getLocalSupportedSignatureAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	913
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	914	constraints = new SSLAlgorithmConstraints(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	915	sslSocket, peerSupportedSignAlgs, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	916	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	917	constraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	918	new SSLAlgorithmConstraints(sslSocket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	919	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	920	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	921	constraints = new SSLAlgorithmConstraints(sslSocket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	922	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	923
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	924	checkAlgorithmConstraints(chain, constraints);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	925	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	926	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	927
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	928	private void checkAdditionalTrust(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	929	SSLEngine engine, boolean isClient) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	930	if (engine != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	931	SSLSession session = engine.getHandshakeSession();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	932	if (session == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	933	throw new CertificateException("No handshake session");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	934	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	935
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	936	// check endpoint identity
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	937	String identityAlg = engine.getSSLParameters().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	938	getEndpointIdentificationAlgorithm();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	939	if (identityAlg != null && identityAlg.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	940	String hostname = session.getPeerHost();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	941	X509TrustManagerImpl.checkIdentity(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	942	hostname, chain[0], identityAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	943	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	944
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	945	// try the best to check the algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	946	ProtocolVersion protocolVersion =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	947	ProtocolVersion.valueOf(session.getProtocol());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	948	AlgorithmConstraints constraints = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	949	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	950	if (session instanceof ExtendedSSLSession) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	951	ExtendedSSLSession extSession =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	952	(ExtendedSSLSession)session;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	953	String[] peerSupportedSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	954	extSession.getLocalSupportedSignatureAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	955
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	956	constraints = new SSLAlgorithmConstraints(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	957	engine, peerSupportedSignAlgs, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	958	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	959	constraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	960	new SSLAlgorithmConstraints(engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	961	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	962	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	963	constraints = new SSLAlgorithmConstraints(engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	964	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	965
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	966	checkAlgorithmConstraints(chain, constraints);
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	967	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	968	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	969
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	970	private void checkAlgorithmConstraints(X509Certificate[] chain,
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	971	AlgorithmConstraints constraints) throws CertificateException {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	972
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	973	try {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	974	// Does the certificate chain end with a trusted certificate?
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	975	int checkedLength = chain.length - 1;
12302 0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	976
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	977	Collection<X509Certificate> trustedCerts = new HashSet<>();
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	978	X509Certificate[] certs = tm.getAcceptedIssuers();
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	979	if ((certs != null) && (certs.length > 0)){
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	980	Collections.addAll(trustedCerts, certs);
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	981	}
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	982
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	983	if (trustedCerts.contains(chain[checkedLength])) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	984	checkedLength--;
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	985	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	986
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	987	// A forward checker, need to check from trust to target
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	988	if (checkedLength >= 0) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	989	AlgorithmChecker checker = new AlgorithmChecker(constraints);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	990	checker.init(false);
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	991	for (int i = checkedLength; i >= 0; i--) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	992	Certificate cert = chain[i];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	993	// We don't care about the unresolved critical extensions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	994	checker.check(cert, Collections.<String>emptySet());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	995	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	996	}
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	997	} catch (CertPathValidatorException cpve) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	998	throw new CertificateException(
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	999	"Certificates does not conform to algorithm constraints");
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1000	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1001	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1002	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1003
2 90ce3da70b43 Initial load duke parents: diff changeset	1004	// Dummy X509TrustManager implementation, rejects all peer certificates.
90ce3da70b43 Initial load duke parents: diff changeset	1005	// Used if the application did not specify a proper X509TrustManager.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1006	final class DummyX509TrustManager extends X509ExtendedTrustManager
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1007	implements X509TrustManager {
2 90ce3da70b43 Initial load duke parents: diff changeset	1008
90ce3da70b43 Initial load duke parents: diff changeset	1009	static final X509TrustManager INSTANCE = new DummyX509TrustManager();
90ce3da70b43 Initial load duke parents: diff changeset	1010
90ce3da70b43 Initial load duke parents: diff changeset	1011	private DummyX509TrustManager() {
90ce3da70b43 Initial load duke parents: diff changeset	1012	// empty
90ce3da70b43 Initial load duke parents: diff changeset	1013	}
90ce3da70b43 Initial load duke parents: diff changeset	1014
90ce3da70b43 Initial load duke parents: diff changeset	1015	/*
90ce3da70b43 Initial load duke parents: diff changeset	1016	* Given the partial or complete certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	1017	* provided by the peer, build a certificate path
90ce3da70b43 Initial load duke parents: diff changeset	1018	* to a trusted root and return if it can be
90ce3da70b43 Initial load duke parents: diff changeset	1019	* validated and is trusted for client SSL authentication.
90ce3da70b43 Initial load duke parents: diff changeset	1020	* If not, it throws an exception.
90ce3da70b43 Initial load duke parents: diff changeset	1021	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1022	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1023	public void checkClientTrusted(X509Certificate[] chain, String authType)
90ce3da70b43 Initial load duke parents: diff changeset	1024	throws CertificateException {
90ce3da70b43 Initial load duke parents: diff changeset	1025	throw new CertificateException(
90ce3da70b43 Initial load duke parents: diff changeset	1026	"No X509TrustManager implementation avaiable");
90ce3da70b43 Initial load duke parents: diff changeset	1027	}
90ce3da70b43 Initial load duke parents: diff changeset	1028
90ce3da70b43 Initial load duke parents: diff changeset	1029	/*
90ce3da70b43 Initial load duke parents: diff changeset	1030	* Given the partial or complete certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	1031	* provided by the peer, build a certificate path
90ce3da70b43 Initial load duke parents: diff changeset	1032	* to a trusted root and return if it can be
90ce3da70b43 Initial load duke parents: diff changeset	1033	* validated and is trusted for server SSL authentication.
90ce3da70b43 Initial load duke parents: diff changeset	1034	* If not, it throws an exception.
90ce3da70b43 Initial load duke parents: diff changeset	1035	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1036	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1037	public void checkServerTrusted(X509Certificate[] chain, String authType)
90ce3da70b43 Initial load duke parents: diff changeset	1038	throws CertificateException {
90ce3da70b43 Initial load duke parents: diff changeset	1039	throw new CertificateException(
90ce3da70b43 Initial load duke parents: diff changeset	1040	"No X509TrustManager implementation available");
90ce3da70b43 Initial load duke parents: diff changeset	1041	}
90ce3da70b43 Initial load duke parents: diff changeset	1042
90ce3da70b43 Initial load duke parents: diff changeset	1043	/*
90ce3da70b43 Initial load duke parents: diff changeset	1044	* Return an array of issuer certificates which are trusted
90ce3da70b43 Initial load duke parents: diff changeset	1045	* for authenticating peers.
90ce3da70b43 Initial load duke parents: diff changeset	1046	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1047	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1048	public X509Certificate[] getAcceptedIssuers() {
90ce3da70b43 Initial load duke parents: diff changeset	1049	return new X509Certificate[0];
90ce3da70b43 Initial load duke parents: diff changeset	1050	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1051
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1052	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1053	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1054	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1055	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1056	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1057	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1058
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1059	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1060	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1061	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1062	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1063	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1064	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1065
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1066	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1067	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1068	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1069	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1070	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1071	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1072
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1073	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1074	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1075	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1076	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1077	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1078	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1079	}
90ce3da70b43 Initial load duke parents: diff changeset	1080
90ce3da70b43 Initial load duke parents: diff changeset	1081	/*
90ce3da70b43 Initial load duke parents: diff changeset	1082	* A wrapper class to turn a X509KeyManager into an X509ExtendedKeyManager
90ce3da70b43 Initial load duke parents: diff changeset	1083	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1084	final class AbstractKeyManagerWrapper extends X509ExtendedKeyManager {
2 90ce3da70b43 Initial load duke parents: diff changeset	1085
90ce3da70b43 Initial load duke parents: diff changeset	1086	private final X509KeyManager km;
90ce3da70b43 Initial load duke parents: diff changeset	1087
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1088	AbstractKeyManagerWrapper(X509KeyManager km) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1089	this.km = km;
90ce3da70b43 Initial load duke parents: diff changeset	1090	}
90ce3da70b43 Initial load duke parents: diff changeset	1091
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1092	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1093	public String[] getClientAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1094	return km.getClientAliases(keyType, issuers);
90ce3da70b43 Initial load duke parents: diff changeset	1095	}
90ce3da70b43 Initial load duke parents: diff changeset	1096
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1097	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1098	public String chooseClientAlias(String[] keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1099	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1100	return km.chooseClientAlias(keyType, issuers, socket);
90ce3da70b43 Initial load duke parents: diff changeset	1101	}
90ce3da70b43 Initial load duke parents: diff changeset	1102
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1103	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1104	public String[] getServerAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1105	return km.getServerAliases(keyType, issuers);
90ce3da70b43 Initial load duke parents: diff changeset	1106	}
90ce3da70b43 Initial load duke parents: diff changeset	1107
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1108	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1109	public String chooseServerAlias(String keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1110	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1111	return km.chooseServerAlias(keyType, issuers, socket);
90ce3da70b43 Initial load duke parents: diff changeset	1112	}
90ce3da70b43 Initial load duke parents: diff changeset	1113
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1114	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1115	public X509Certificate[] getCertificateChain(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1116	return km.getCertificateChain(alias);
90ce3da70b43 Initial load duke parents: diff changeset	1117	}
90ce3da70b43 Initial load duke parents: diff changeset	1118
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1119	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1120	public PrivateKey getPrivateKey(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1121	return km.getPrivateKey(alias);
90ce3da70b43 Initial load duke parents: diff changeset	1122	}
90ce3da70b43 Initial load duke parents: diff changeset	1123
90ce3da70b43 Initial load duke parents: diff changeset	1124	// Inherit chooseEngineClientAlias() and chooseEngineServerAlias() from
90ce3da70b43 Initial load duke parents: diff changeset	1125	// X509ExtendedKeymanager. It defines them to return null;
90ce3da70b43 Initial load duke parents: diff changeset	1126	}
90ce3da70b43 Initial load duke parents: diff changeset	1127
90ce3da70b43 Initial load duke parents: diff changeset	1128
90ce3da70b43 Initial load duke parents: diff changeset	1129	// Dummy X509KeyManager implementation, never returns any certificates/keys.
90ce3da70b43 Initial load duke parents: diff changeset	1130	// Used if the application did not specify a proper X509TrustManager.
90ce3da70b43 Initial load duke parents: diff changeset	1131	final class DummyX509KeyManager extends X509ExtendedKeyManager {
90ce3da70b43 Initial load duke parents: diff changeset	1132
90ce3da70b43 Initial load duke parents: diff changeset	1133	static final X509ExtendedKeyManager INSTANCE = new DummyX509KeyManager();
90ce3da70b43 Initial load duke parents: diff changeset	1134
90ce3da70b43 Initial load duke parents: diff changeset	1135	private DummyX509KeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	1136	// empty
90ce3da70b43 Initial load duke parents: diff changeset	1137	}
90ce3da70b43 Initial load duke parents: diff changeset	1138
90ce3da70b43 Initial load duke parents: diff changeset	1139	/*
90ce3da70b43 Initial load duke parents: diff changeset	1140	* Get the matching aliases for authenticating the client side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1141	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1142	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1143	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1144	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1145	public String[] getClientAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1146	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1147	}
90ce3da70b43 Initial load duke parents: diff changeset	1148
90ce3da70b43 Initial load duke parents: diff changeset	1149	/*
90ce3da70b43 Initial load duke parents: diff changeset	1150	* Choose an alias to authenticate the client side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1151	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1152	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1153	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1154	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1155	public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1156	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1157	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1158	}
90ce3da70b43 Initial load duke parents: diff changeset	1159
90ce3da70b43 Initial load duke parents: diff changeset	1160	/*
90ce3da70b43 Initial load duke parents: diff changeset	1161	* Choose an alias to authenticate the client side of an
90ce3da70b43 Initial load duke parents: diff changeset	1162	* engine given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1163	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1164	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1165	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1166	public String chooseEngineClientAlias(
90ce3da70b43 Initial load duke parents: diff changeset	1167	String[] keyTypes, Principal[] issuers, SSLEngine engine) {
90ce3da70b43 Initial load duke parents: diff changeset	1168	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1169	}
90ce3da70b43 Initial load duke parents: diff changeset	1170
90ce3da70b43 Initial load duke parents: diff changeset	1171	/*
90ce3da70b43 Initial load duke parents: diff changeset	1172	* Get the matching aliases for authenticating the server side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1173	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1174	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1175	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1176	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1177	public String[] getServerAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1178	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1179	}
90ce3da70b43 Initial load duke parents: diff changeset	1180
90ce3da70b43 Initial load duke parents: diff changeset	1181	/*
90ce3da70b43 Initial load duke parents: diff changeset	1182	* Choose an alias to authenticate the server side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1183	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1184	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1185	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1186	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1187	public String chooseServerAlias(String keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1188	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1189	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1190	}
90ce3da70b43 Initial load duke parents: diff changeset	1191
90ce3da70b43 Initial load duke parents: diff changeset	1192	/*
90ce3da70b43 Initial load duke parents: diff changeset	1193	* Choose an alias to authenticate the server side of an engine
90ce3da70b43 Initial load duke parents: diff changeset	1194	* given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1195	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1196	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1197	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1198	public String chooseEngineServerAlias(
90ce3da70b43 Initial load duke parents: diff changeset	1199	String keyType, Principal[] issuers, SSLEngine engine) {
90ce3da70b43 Initial load duke parents: diff changeset	1200	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1201	}
90ce3da70b43 Initial load duke parents: diff changeset	1202
90ce3da70b43 Initial load duke parents: diff changeset	1203	/**
90ce3da70b43 Initial load duke parents: diff changeset	1204	* Returns the certificate chain associated with the given alias.
90ce3da70b43 Initial load duke parents: diff changeset	1205	*
90ce3da70b43 Initial load duke parents: diff changeset	1206	* @param alias the alias name
90ce3da70b43 Initial load duke parents: diff changeset	1207	*
90ce3da70b43 Initial load duke parents: diff changeset	1208	* @return the certificate chain (ordered with the user's certificate first
90ce3da70b43 Initial load duke parents: diff changeset	1209	* and the root certificate authority last)
90ce3da70b43 Initial load duke parents: diff changeset	1210	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1211	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1212	public X509Certificate[] getCertificateChain(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1213	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1214	}
90ce3da70b43 Initial load duke parents: diff changeset	1215
90ce3da70b43 Initial load duke parents: diff changeset	1216	/*
90ce3da70b43 Initial load duke parents: diff changeset	1217	* Returns the key associated with the given alias, using the given
90ce3da70b43 Initial load duke parents: diff changeset	1218	* password to recover it.
90ce3da70b43 Initial load duke parents: diff changeset	1219	*
90ce3da70b43 Initial load duke parents: diff changeset	1220	* @param alias the alias name
90ce3da70b43 Initial load duke parents: diff changeset	1221	*
90ce3da70b43 Initial load duke parents: diff changeset	1222	* @return the requested key
90ce3da70b43 Initial load duke parents: diff changeset	1223	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1224	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1225	public PrivateKey getPrivateKey(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1226	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1227	}
90ce3da70b43 Initial load duke parents: diff changeset	1228	}

author	chegar
	Sun, 17 Aug 2014 15:54:13 +0100
changeset 25859	3317bb8137f4
parent 22068	jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java@95a7a3cd72a0
child 28555	c7bf34f7b215
permissions	-rw-r--r--