jdk-sandbox: jdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java@71ed5645f17c (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	2	* Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.net.Socket;
90ce3da70b43 Initial load duke parents: diff changeset	29
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	30	import java.io.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	31	import java.util.*;
2 90ce3da70b43 Initial load duke parents: diff changeset	32	import java.security.*;
90ce3da70b43 Initial load duke parents: diff changeset	33	import java.security.cert.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	34	import java.security.cert.Certificate;
2 90ce3da70b43 Initial load duke parents: diff changeset	35
90ce3da70b43 Initial load duke parents: diff changeset	36	import javax.net.ssl.*;
90ce3da70b43 Initial load duke parents: diff changeset	37
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	38	import sun.security.provider.certpath.AlgorithmChecker;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	39	import sun.security.action.GetPropertyAction;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	40
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	41	public abstract class SSLContextImpl extends SSLContextSpi {
2 90ce3da70b43 Initial load duke parents: diff changeset	42
90ce3da70b43 Initial load duke parents: diff changeset	43	private static final Debug debug = Debug.getInstance("ssl");
90ce3da70b43 Initial load duke parents: diff changeset	44
90ce3da70b43 Initial load duke parents: diff changeset	45	private final EphemeralKeyManager ephemeralKeyManager;
90ce3da70b43 Initial load duke parents: diff changeset	46	private final SSLSessionContextImpl clientCache;
90ce3da70b43 Initial load duke parents: diff changeset	47	private final SSLSessionContextImpl serverCache;
90ce3da70b43 Initial load duke parents: diff changeset	48
90ce3da70b43 Initial load duke parents: diff changeset	49	private boolean isInitialized;
90ce3da70b43 Initial load duke parents: diff changeset	50
90ce3da70b43 Initial load duke parents: diff changeset	51	private X509ExtendedKeyManager keyManager;
90ce3da70b43 Initial load duke parents: diff changeset	52	private X509TrustManager trustManager;
90ce3da70b43 Initial load duke parents: diff changeset	53	private SecureRandom secureRandom;
90ce3da70b43 Initial load duke parents: diff changeset	54
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	55	// DTLS cookie exchange manager
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	56	private volatile HelloCookieManager helloCookieManager;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	57
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	58	private final boolean clientEnableStapling = Debug.getBooleanProperty(
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	59	"jdk.tls.client.enableStatusRequestExtension", true);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	60	private final boolean serverEnableStapling = Debug.getBooleanProperty(
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	61	"jdk.tls.server.enableStatusRequestExtension", false);
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	62	private volatile StatusResponseManager statusResponseManager;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 30904 diff changeset	63
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	64	SSLContextImpl() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	65	ephemeralKeyManager = new EphemeralKeyManager();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	66	clientCache = new SSLSessionContextImpl();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	67	serverCache = new SSLSessionContextImpl();
2 90ce3da70b43 Initial load duke parents: diff changeset	68	}
90ce3da70b43 Initial load duke parents: diff changeset	69
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	70	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	71	protected void engineInit(KeyManager[] km, TrustManager[] tm,
90ce3da70b43 Initial load duke parents: diff changeset	72	SecureRandom sr) throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	73	isInitialized = false;
90ce3da70b43 Initial load duke parents: diff changeset	74	keyManager = chooseKeyManager(km);
90ce3da70b43 Initial load duke parents: diff changeset	75
90ce3da70b43 Initial load duke parents: diff changeset	76	if (tm == null) {
90ce3da70b43 Initial load duke parents: diff changeset	77	try {
90ce3da70b43 Initial load duke parents: diff changeset	78	TrustManagerFactory tmf = TrustManagerFactory.getInstance(
90ce3da70b43 Initial load duke parents: diff changeset	79	TrustManagerFactory.getDefaultAlgorithm());
90ce3da70b43 Initial load duke parents: diff changeset	80	tmf.init((KeyStore)null);
90ce3da70b43 Initial load duke parents: diff changeset	81	tm = tmf.getTrustManagers();
90ce3da70b43 Initial load duke parents: diff changeset	82	} catch (Exception e) {
90ce3da70b43 Initial load duke parents: diff changeset	83	// eat
90ce3da70b43 Initial load duke parents: diff changeset	84	}
90ce3da70b43 Initial load duke parents: diff changeset	85	}
90ce3da70b43 Initial load duke parents: diff changeset	86	trustManager = chooseTrustManager(tm);
90ce3da70b43 Initial load duke parents: diff changeset	87
90ce3da70b43 Initial load duke parents: diff changeset	88	if (sr == null) {
90ce3da70b43 Initial load duke parents: diff changeset	89	secureRandom = JsseJce.getSecureRandom();
90ce3da70b43 Initial load duke parents: diff changeset	90	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	91	if (SunJSSE.isFIPS() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	92	(sr.getProvider() != SunJSSE.cryptoProvider)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	93	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	94	("FIPS mode: SecureRandom must be from provider "
90ce3da70b43 Initial load duke parents: diff changeset	95	+ SunJSSE.cryptoProvider.getName());
90ce3da70b43 Initial load duke parents: diff changeset	96	}
90ce3da70b43 Initial load duke parents: diff changeset	97	secureRandom = sr;
90ce3da70b43 Initial load duke parents: diff changeset	98	}
90ce3da70b43 Initial load duke parents: diff changeset	99
90ce3da70b43 Initial load duke parents: diff changeset	100	/*
90ce3da70b43 Initial load duke parents: diff changeset	101	* The initial delay of seeding the random number generator
90ce3da70b43 Initial load duke parents: diff changeset	102	* could be long enough to cause the initial handshake on our
90ce3da70b43 Initial load duke parents: diff changeset	103	* first connection to timeout and fail. Make sure it is
90ce3da70b43 Initial load duke parents: diff changeset	104	* primed and ready by getting some initial output from it.
90ce3da70b43 Initial load duke parents: diff changeset	105	*/
90ce3da70b43 Initial load duke parents: diff changeset	106	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	107	System.out.println("trigger seeding of SecureRandom");
90ce3da70b43 Initial load duke parents: diff changeset	108	}
90ce3da70b43 Initial load duke parents: diff changeset	109	secureRandom.nextInt();
90ce3da70b43 Initial load duke parents: diff changeset	110	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	111	System.out.println("done seeding SecureRandom");
90ce3da70b43 Initial load duke parents: diff changeset	112	}
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	113
2 90ce3da70b43 Initial load duke parents: diff changeset	114	isInitialized = true;
90ce3da70b43 Initial load duke parents: diff changeset	115	}
90ce3da70b43 Initial load duke parents: diff changeset	116
90ce3da70b43 Initial load duke parents: diff changeset	117	private X509TrustManager chooseTrustManager(TrustManager[] tm)
90ce3da70b43 Initial load duke parents: diff changeset	118	throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	119	// We only use the first instance of X509TrustManager passed to us.
90ce3da70b43 Initial load duke parents: diff changeset	120	for (int i = 0; tm != null && i < tm.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	121	if (tm[i] instanceof X509TrustManager) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	122	if (SunJSSE.isFIPS() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	123	!(tm[i] instanceof X509TrustManagerImpl)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	124	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	125	("FIPS mode: only SunJSSE TrustManagers may be used");
90ce3da70b43 Initial load duke parents: diff changeset	126	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	127
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	128	if (tm[i] instanceof X509ExtendedTrustManager) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	129	return (X509TrustManager)tm[i];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	130	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	131	return new AbstractTrustManagerWrapper(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	132	(X509TrustManager)tm[i]);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	133	}
2 90ce3da70b43 Initial load duke parents: diff changeset	134	}
90ce3da70b43 Initial load duke parents: diff changeset	135	}
90ce3da70b43 Initial load duke parents: diff changeset	136
90ce3da70b43 Initial load duke parents: diff changeset	137	// nothing found, return a dummy X509TrustManager.
90ce3da70b43 Initial load duke parents: diff changeset	138	return DummyX509TrustManager.INSTANCE;
90ce3da70b43 Initial load duke parents: diff changeset	139	}
90ce3da70b43 Initial load duke parents: diff changeset	140
90ce3da70b43 Initial load duke parents: diff changeset	141	private X509ExtendedKeyManager chooseKeyManager(KeyManager[] kms)
90ce3da70b43 Initial load duke parents: diff changeset	142	throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	143	for (int i = 0; kms != null && i < kms.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	144	KeyManager km = kms[i];
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	145	if (!(km instanceof X509KeyManager)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	146	continue;
90ce3da70b43 Initial load duke parents: diff changeset	147	}
90ce3da70b43 Initial load duke parents: diff changeset	148	if (SunJSSE.isFIPS()) {
90ce3da70b43 Initial load duke parents: diff changeset	149	// In FIPS mode, require that one of SunJSSE's own keymanagers
90ce3da70b43 Initial load duke parents: diff changeset	150	// is used. Otherwise, we cannot be sure that only keys from
90ce3da70b43 Initial load duke parents: diff changeset	151	// the FIPS token are used.
90ce3da70b43 Initial load duke parents: diff changeset	152	if ((km instanceof X509KeyManagerImpl)
90ce3da70b43 Initial load duke parents: diff changeset	153	\|\| (km instanceof SunX509KeyManagerImpl)) {
90ce3da70b43 Initial load duke parents: diff changeset	154	return (X509ExtendedKeyManager)km;
90ce3da70b43 Initial load duke parents: diff changeset	155	} else {
90ce3da70b43 Initial load duke parents: diff changeset	156	// throw exception, we don't want to silently use the
90ce3da70b43 Initial load duke parents: diff changeset	157	// dummy keymanager without telling the user.
90ce3da70b43 Initial load duke parents: diff changeset	158	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	159	("FIPS mode: only SunJSSE KeyManagers may be used");
90ce3da70b43 Initial load duke parents: diff changeset	160	}
90ce3da70b43 Initial load duke parents: diff changeset	161	}
90ce3da70b43 Initial load duke parents: diff changeset	162	if (km instanceof X509ExtendedKeyManager) {
90ce3da70b43 Initial load duke parents: diff changeset	163	return (X509ExtendedKeyManager)km;
90ce3da70b43 Initial load duke parents: diff changeset	164	}
90ce3da70b43 Initial load duke parents: diff changeset	165	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	166	System.out.println(
90ce3da70b43 Initial load duke parents: diff changeset	167	"X509KeyManager passed to " +
90ce3da70b43 Initial load duke parents: diff changeset	168	"SSLContext.init(): need an " +
90ce3da70b43 Initial load duke parents: diff changeset	169	"X509ExtendedKeyManager for SSLEngine use");
90ce3da70b43 Initial load duke parents: diff changeset	170	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	171	return new AbstractKeyManagerWrapper((X509KeyManager)km);
2 90ce3da70b43 Initial load duke parents: diff changeset	172	}
90ce3da70b43 Initial load duke parents: diff changeset	173
90ce3da70b43 Initial load duke parents: diff changeset	174	// nothing found, return a dummy X509ExtendedKeyManager
90ce3da70b43 Initial load duke parents: diff changeset	175	return DummyX509KeyManager.INSTANCE;
90ce3da70b43 Initial load duke parents: diff changeset	176	}
90ce3da70b43 Initial load duke parents: diff changeset	177
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	178	abstract SSLEngine createSSLEngineImpl();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	179	abstract SSLEngine createSSLEngineImpl(String host, int port);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	180
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	181	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	182	protected SSLEngine engineCreateSSLEngine() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	183	if (!isInitialized) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	184	throw new IllegalStateException("SSLContext is not initialized");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	185	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	186	return createSSLEngineImpl();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	187	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	188
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	189	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	190	protected SSLEngine engineCreateSSLEngine(String host, int port) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	191	if (!isInitialized) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	192	throw new IllegalStateException("SSLContext is not initialized");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	193	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	194	return createSSLEngineImpl(host, port);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	195	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	196
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	197	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	198	protected SSLSocketFactory engineGetSocketFactory() {
90ce3da70b43 Initial load duke parents: diff changeset	199	if (!isInitialized) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	200	throw new IllegalStateException("SSLContext is not initialized");
2 90ce3da70b43 Initial load duke parents: diff changeset	201	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	202	return new SSLSocketFactoryImpl(this);
2 90ce3da70b43 Initial load duke parents: diff changeset	203	}
90ce3da70b43 Initial load duke parents: diff changeset	204
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	205	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	206	protected SSLServerSocketFactory engineGetServerSocketFactory() {
90ce3da70b43 Initial load duke parents: diff changeset	207	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	208	throw new IllegalStateException("SSLContext is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	209	}
90ce3da70b43 Initial load duke parents: diff changeset	210	return new SSLServerSocketFactoryImpl(this);
90ce3da70b43 Initial load duke parents: diff changeset	211	}
90ce3da70b43 Initial load duke parents: diff changeset	212
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	213	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	214	protected SSLSessionContext engineGetClientSessionContext() {
90ce3da70b43 Initial load duke parents: diff changeset	215	return clientCache;
90ce3da70b43 Initial load duke parents: diff changeset	216	}
90ce3da70b43 Initial load duke parents: diff changeset	217
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	218	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	219	protected SSLSessionContext engineGetServerSessionContext() {
90ce3da70b43 Initial load duke parents: diff changeset	220	return serverCache;
90ce3da70b43 Initial load duke parents: diff changeset	221	}
90ce3da70b43 Initial load duke parents: diff changeset	222
90ce3da70b43 Initial load duke parents: diff changeset	223	SecureRandom getSecureRandom() {
90ce3da70b43 Initial load duke parents: diff changeset	224	return secureRandom;
90ce3da70b43 Initial load duke parents: diff changeset	225	}
90ce3da70b43 Initial load duke parents: diff changeset	226
90ce3da70b43 Initial load duke parents: diff changeset	227	X509ExtendedKeyManager getX509KeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	228	return keyManager;
90ce3da70b43 Initial load duke parents: diff changeset	229	}
90ce3da70b43 Initial load duke parents: diff changeset	230
90ce3da70b43 Initial load duke parents: diff changeset	231	X509TrustManager getX509TrustManager() {
90ce3da70b43 Initial load duke parents: diff changeset	232	return trustManager;
90ce3da70b43 Initial load duke parents: diff changeset	233	}
90ce3da70b43 Initial load duke parents: diff changeset	234
90ce3da70b43 Initial load duke parents: diff changeset	235	EphemeralKeyManager getEphemeralKeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	236	return ephemeralKeyManager;
90ce3da70b43 Initial load duke parents: diff changeset	237	}
90ce3da70b43 Initial load duke parents: diff changeset	238
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	239	// Used for DTLS in server mode only, see ServerHandshaker.
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	240	HelloCookieManager getHelloCookieManager() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	241	if (!isInitialized) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	242	throw new IllegalStateException("SSLContext is not initialized");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	243	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	244
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	245	if (helloCookieManager != null) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	246	return helloCookieManager;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	247	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	248
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	249	synchronized (this) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	250	if (helloCookieManager == null) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	251	helloCookieManager = getHelloCookieManager(secureRandom);
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	252	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	253	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	254
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	255	return helloCookieManager;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	256	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	257
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	258	HelloCookieManager getHelloCookieManager(SecureRandom secureRandom) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	259	throw new UnsupportedOperationException(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	260	"Cookie exchange applies to DTLS only");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	261	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	262
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 30904 diff changeset	263	StatusResponseManager getStatusResponseManager() {
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	264	if (serverEnableStapling && statusResponseManager == null) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	265	synchronized (this) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	266	if (statusResponseManager == null) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	267	if (debug != null && Debug.isOn("sslctx")) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	268	System.out.println(
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	269	"Initializing StatusResponseManager");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	270	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	271	statusResponseManager = new StatusResponseManager();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	272	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	273	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	274	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	275
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 30904 diff changeset	276	return statusResponseManager;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 30904 diff changeset	277	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 30904 diff changeset	278
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	279	// Get supported ProtocolList.
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	280	abstract ProtocolList getSuportedProtocolList();
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	281
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	282	// Get default ProtocolList for server mode.
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	283	abstract ProtocolList getServerDefaultProtocolList();
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	284
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	285	// Get default ProtocolList for client mode.
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	286	abstract ProtocolList getClientDefaultProtocolList();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	287
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	288	// Get supported CipherSuiteList.
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	289	abstract CipherSuiteList getSupportedCipherSuiteList();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	290
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	291	// Get default CipherSuiteList for server mode.
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	292	abstract CipherSuiteList getServerDefaultCipherSuiteList();
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	293
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	294	// Get default CipherSuiteList for client mode.
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	295	abstract CipherSuiteList getClientDefaultCipherSuiteList();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	296
21278 ef8a3a2a72f2 8022746: List of spelling errors in API doc malenkov parents: 14664 diff changeset	297	// Get default ProtocolList.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	298	ProtocolList getDefaultProtocolList(boolean roleIsServer) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	299	return roleIsServer ? getServerDefaultProtocolList()
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	300	: getClientDefaultProtocolList();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	301	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	302
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	303	// Get default CipherSuiteList.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	304	CipherSuiteList getDefaultCipherSuiteList(boolean roleIsServer) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	305	return roleIsServer ? getServerDefaultCipherSuiteList()
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	306	: getClientDefaultCipherSuiteList();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	307	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	308
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	309	/**
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	310	* Return whether a protocol list is the original default enabled
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	311	* protocols. See: SSLSocket/SSLEngine.setEnabledProtocols()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	312	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	313	boolean isDefaultProtocolList(ProtocolList protocols) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	314	return (protocols == getServerDefaultProtocolList()) \|\|
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	315	(protocols == getClientDefaultProtocolList());
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	316	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	317
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	318	/**
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	319	* Return whether a protocol list is the original default enabled
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	320	* protocols. See: SSLSocket/SSLEngine.setEnabledProtocols()
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	321	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	322	boolean isDefaultCipherSuiteList(CipherSuiteList cipherSuites) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	323	return (cipherSuites == getServerDefaultCipherSuiteList()) \|\|
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	324	(cipherSuites == getClientDefaultCipherSuiteList());
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	325	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	326
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	327	/**
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	328	* Return whether client or server side stapling has been enabled
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	329	* for this SSLContextImpl
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	330	* @param isClient true if the caller is operating in a client side role,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	331	* false if acting as a server.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	332	* @return true if stapling has been enabled for the specified role, false
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	333	* otherwise.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	334	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	335	boolean isStaplingEnabled(boolean isClient) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	336	return isClient ? clientEnableStapling : serverEnableStapling;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	337	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	338
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	339	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	340	* Return the list of all available CipherSuites with a priority of
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	341	* minPriority or above.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	342	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	343	private static CipherSuiteList getApplicableCipherSuiteList(
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	344	ProtocolList protocols, boolean onlyEnabled) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	345
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	346	int minPriority = CipherSuite.SUPPORTED_SUITES_PRIORITY;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	347	if (onlyEnabled) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	348	minPriority = CipherSuite.DEFAULT_SUITES_PRIORITY;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	349	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	350
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	351	Collection<CipherSuite> allowedCipherSuites =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	352	CipherSuite.allowedCipherSuites();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	353
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	354	TreeSet<CipherSuite> suites = new TreeSet<>();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	355	if (!(protocols.collection().isEmpty()) &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	356	protocols.min.v != ProtocolVersion.NONE.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	357	for (CipherSuite suite : allowedCipherSuites) {
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	358	if (!suite.allowed \|\| suite.priority < minPriority) {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	359	continue;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	360	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	361
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	362	if (suite.isAvailable() &&
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	363	!protocols.min.obsoletes(suite) &&
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	364	protocols.max.supports(suite)) {
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	365	if (SSLAlgorithmConstraints.DEFAULT.permits(
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	366	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	367	suite.name, null)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	368	suites.add(suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	369	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	370	} else if (debug != null &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	371	Debug.isOn("sslctx") && Debug.isOn("verbose")) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	372	if (protocols.min.obsoletes(suite)) {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	373	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	374	"Ignoring obsoleted cipher suite: " + suite);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	375	} else if (!protocols.max.supports(suite)) {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	376	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	377	"Ignoring unsupported cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	378	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	379	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	380	"Ignoring unavailable cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	381	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	382	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	383	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	384	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	385
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	386	return new CipherSuiteList(suites);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	387	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	388
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	389	private static String[] getAvailableProtocols(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	390	ProtocolVersion[] protocolCandidates) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	391
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	392	List<String> availableProtocols = Collections.<String>emptyList();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	393	if (protocolCandidates != null && protocolCandidates.length != 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	394	availableProtocols = new ArrayList<>(protocolCandidates.length);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	395	for (ProtocolVersion p : protocolCandidates) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	396	if (ProtocolVersion.availableProtocols.contains(p)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	397	availableProtocols.add(p.name);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	398	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	399	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	400	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	401
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	402	return availableProtocols.toArray(new String[0]);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	403	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	404
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	405
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	406	/*
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	407	* The SSLContext implementation for SSL/(D)TLS algorithm
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	408	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	409	* SSL/TLS protocols specify the forward compatibility and version
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	410	* roll-back attack protections, however, a number of SSL/TLS server
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	411	* vendors did not implement these aspects properly, and some current
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	412	* SSL/TLS servers may refuse to talk to a TLS 1.1 or later client.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	413	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	414	* Considering above interoperability issues, SunJSSE will not set
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	415	* TLS 1.1 and TLS 1.2 as the enabled protocols for client by default.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	416	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	417	* For SSL/TLS servers, there is no such interoperability issues as
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	418	* SSL/TLS clients. In SunJSSE, TLS 1.1 or later version will be the
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	419	* enabled protocols for server by default.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	420	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	421	* We may change the behavior when popular TLS/SSL vendors support TLS
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	422	* forward compatibility properly.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	423	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	424	* SSLv2Hello is no longer necessary. This interoperability option was
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	425	* put in place in the late 90's when SSLv3/TLS1.0 were relatively new
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	426	* and there were a fair number of SSLv2-only servers deployed. Because
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	427	* of the security issues in SSLv2, it is rarely (if ever) used, as
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	428	* deployments should now be using SSLv3 and TLSv1.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	429	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	430	* Considering the issues of SSLv2Hello, we should not enable SSLv2Hello
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	431	* by default. Applications still can use it by enabling SSLv2Hello with
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	432	* the series of setEnabledProtocols APIs.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	433	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	434
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	435	/*
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	436	* The base abstract SSLContext implementation for the Transport Layer
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	437	* Security (TLS) protocols.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	438	*
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	439	* This abstract class encapsulates supported and the default server
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	440	* SSL/TLS parameters.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	441	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	442	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	443	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	444	private abstract static class AbstractTLSContext extends SSLContextImpl {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	445	private static final ProtocolList supportedProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	446	private static final ProtocolList serverDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	447
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	448	private static final CipherSuiteList supportedCipherSuiteList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	449	private static final CipherSuiteList serverDefaultCipherSuiteList;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	450
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	451	static {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	452	if (SunJSSE.isFIPS()) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	453	supportedProtocolList = new ProtocolList(new String[] {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	454	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	455	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	456	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	457	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	458
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	459	serverDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	460	getAvailableProtocols(new ProtocolVersion[] {
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	461	ProtocolVersion.TLS10,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	462	ProtocolVersion.TLS11,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	463	ProtocolVersion.TLS12
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	464	}));
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	465	} else {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	466	supportedProtocolList = new ProtocolList(new String[] {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	467	ProtocolVersion.SSL20Hello.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	468	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	469	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	470	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	471	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	472	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	473
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	474	serverDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	475	getAvailableProtocols(new ProtocolVersion[] {
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	476	ProtocolVersion.SSL20Hello,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	477	ProtocolVersion.SSL30,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	478	ProtocolVersion.TLS10,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	479	ProtocolVersion.TLS11,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	480	ProtocolVersion.TLS12
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	481	}));
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	482	}
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	483
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	484	supportedCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	485	supportedProtocolList, false); // all supported
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	486	serverDefaultCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	487	serverDefaultProtocolList, true); // enabled only
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	488	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	489
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	490	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	491	ProtocolList getSuportedProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	492	return supportedProtocolList;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	493	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	494
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	495	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	496	CipherSuiteList getSupportedCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	497	return supportedCipherSuiteList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	498	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	499
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	500	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	501	ProtocolList getServerDefaultProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	502	return serverDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	503	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	504
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	505	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	506	CipherSuiteList getServerDefaultCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	507	return serverDefaultCipherSuiteList;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	508	}
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	509
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	510	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	511	SSLEngine createSSLEngineImpl() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	512	return new SSLEngineImpl(this, false);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	513	}
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	514
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	515	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	516	SSLEngine createSSLEngineImpl(String host, int port) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	517	return new SSLEngineImpl(this, host, port, false);
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	518	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	519	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	520
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	521	/*
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	522	* The SSLContext implementation for SSLv3 and TLS10 algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	523	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	524	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	525	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	526	public static final class TLS10Context extends AbstractTLSContext {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	527	private static final ProtocolList clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	528	private static final CipherSuiteList clientDefaultCipherSuiteList;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	529
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	530	static {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	531	if (SunJSSE.isFIPS()) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	532	clientDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	533	getAvailableProtocols(new ProtocolVersion[] {
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	534	ProtocolVersion.TLS10
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	535	}));
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	536	} else {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	537	clientDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	538	getAvailableProtocols(new ProtocolVersion[] {
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	539	ProtocolVersion.SSL30,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	540	ProtocolVersion.TLS10
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	541	}));
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	542	}
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	543
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	544	clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	545	clientDefaultProtocolList, true); // enabled only
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	546	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	547
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	548	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	549	ProtocolList getClientDefaultProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	550	return clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	551	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	552
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	553	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	554	CipherSuiteList getClientDefaultCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	555	return clientDefaultCipherSuiteList;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	556	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	557	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	558
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	559	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	560	* The SSLContext implementation for TLS11 algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	561	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	562	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	563	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	564	public static final class TLS11Context extends AbstractTLSContext {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	565	private static final ProtocolList clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	566	private static final CipherSuiteList clientDefaultCipherSuiteList;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	567
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	568	static {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	569	if (SunJSSE.isFIPS()) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	570	clientDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	571	getAvailableProtocols(new ProtocolVersion[] {
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	572	ProtocolVersion.TLS10,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	573	ProtocolVersion.TLS11
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	574	}));
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	575	} else {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	576	clientDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	577	getAvailableProtocols(new ProtocolVersion[] {
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	578	ProtocolVersion.SSL30,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	579	ProtocolVersion.TLS10,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	580	ProtocolVersion.TLS11
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	581	}));
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	582	}
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	583
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	584	clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	585	clientDefaultProtocolList, true); // enabled only
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	586	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	587
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	588	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	589	ProtocolList getClientDefaultProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	590	return clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	591	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	592
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	593	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	594	CipherSuiteList getClientDefaultCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	595	return clientDefaultCipherSuiteList;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	596	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	597	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	598
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	599	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	600	* The SSLContext implementation for TLS12 algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	601	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	602	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	603	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	604	public static final class TLS12Context extends AbstractTLSContext {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	605	private static final ProtocolList clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	606	private static final CipherSuiteList clientDefaultCipherSuiteList;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	607
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	608	static {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	609	if (SunJSSE.isFIPS()) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	610	clientDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	611	getAvailableProtocols(new ProtocolVersion[] {
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	612	ProtocolVersion.TLS10,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	613	ProtocolVersion.TLS11,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	614	ProtocolVersion.TLS12
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	615	}));
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	616	} else {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	617	clientDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	618	getAvailableProtocols(new ProtocolVersion[] {
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	619	ProtocolVersion.SSL30,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	620	ProtocolVersion.TLS10,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	621	ProtocolVersion.TLS11,
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	622	ProtocolVersion.TLS12
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	623	}));
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	624	}
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	625
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	626	clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	627	clientDefaultProtocolList, true); // enabled only
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	628	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	629
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	630	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	631	ProtocolList getClientDefaultProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	632	return clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	633	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	634
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	635	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	636	CipherSuiteList getClientDefaultCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	637	return clientDefaultCipherSuiteList;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	638	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	639	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	640
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	641	/*
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	642	* The interface for the customized SSL/(D)TLS SSLContext.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	643	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	644	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	645	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	646	private static class CustomizedSSLProtocols {
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	647	private static final String PROPERTY_NAME = "jdk.tls.client.protocols";
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	648	static IllegalArgumentException reservedException = null;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	649	static ArrayList<ProtocolVersion>
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	650	customizedProtocols = new ArrayList<>();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	651
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	652	// Don't want a java.lang.LinkageError for illegal system property.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	653	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	654	// Please don't throw exception in this static block. Otherwise,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	655	// java.lang.LinkageError may be thrown during the instantiation of
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	656	// the provider service. Instead, please handle the initialization
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	657	// exception in the caller's constructor.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	658	static {
37781 71ed5645f17c 8155775: Re-examine naming of privileged methods to access System properties redestad parents: 37593 diff changeset	659	String property = GetPropertyAction
71ed5645f17c 8155775: Re-examine naming of privileged methods to access System properties redestad parents: 37593 diff changeset	660	.privilegedGetProperty(PROPERTY_NAME);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	661	if (property != null && property.length() != 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	662	// remove double quote marks from beginning/end of the property
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	663	if (property.length() > 1 && property.charAt(0) == '"' &&
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	664	property.charAt(property.length() - 1) == '"') {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	665	property = property.substring(1, property.length() - 1);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	666	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	667	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	668
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	669	if (property != null && property.length() != 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	670	String[] protocols = property.split(",");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	671	for (int i = 0; i < protocols.length; i++) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	672	protocols[i] = protocols[i].trim();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	673	// Is it a supported protocol name?
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	674	try {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	675	ProtocolVersion pro =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	676	ProtocolVersion.valueOf(protocols[i]);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	677
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	678	if (SunJSSE.isFIPS() &&
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	679	((pro.v == ProtocolVersion.SSL30.v) \|\|
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	680	(pro.v == ProtocolVersion.SSL20Hello.v))) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	681	reservedException = new IllegalArgumentException(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	682	PROPERTY_NAME + ": " + pro +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	683	" is not FIPS compliant");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	684
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	685	break;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	686	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	687
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	688	// ignore duplicated protocols
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	689	if (!customizedProtocols.contains(pro)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	690	customizedProtocols.add(pro);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	691	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	692	} catch (IllegalArgumentException iae) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	693	reservedException = new IllegalArgumentException(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	694	PROPERTY_NAME + ": " + protocols[i] +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	695	" is not a standard SSL protocol name", iae);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	696	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	697	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	698	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	699	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	700	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	701
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	702	/*
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	703	* The SSLContext implementation for customized TLS protocols
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	704	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	705	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	706	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	707	private static class CustomizedTLSContext extends AbstractTLSContext {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	708
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	709	private static final ProtocolList clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	710	private static final CipherSuiteList clientDefaultCipherSuiteList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	711
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	712	private static IllegalArgumentException reservedException = null;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	713
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	714	// Don't want a java.lang.LinkageError for illegal system property.
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	715	//
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	716	// Please don't throw exception in this static block. Otherwise,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	717	// java.lang.LinkageError may be thrown during the instantiation of
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	718	// the provider service. Instead, let's handle the initialization
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	719	// exception in constructor.
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	720	static {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	721	reservedException = CustomizedSSLProtocols.reservedException;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	722	if (reservedException == null) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	723	ArrayList<ProtocolVersion>
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	724	customizedTLSProtocols = new ArrayList<>();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	725	for (ProtocolVersion protocol :
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	726	CustomizedSSLProtocols.customizedProtocols) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	727	if (!protocol.isDTLSProtocol()) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	728	customizedTLSProtocols.add(protocol);
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	729	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	730	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	731
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	732	// candidates for available protocols
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	733	ProtocolVersion[] candidates;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	734	if (customizedTLSProtocols.isEmpty()) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	735	// Use the default enabled client protocols if no
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	736	// customized TLS protocols.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	737	if (SunJSSE.isFIPS()) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	738	candidates = new ProtocolVersion[] {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	739	ProtocolVersion.TLS10,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	740	ProtocolVersion.TLS11,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	741	ProtocolVersion.TLS12
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	742	};
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	743	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	744	candidates = new ProtocolVersion[] {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	745	ProtocolVersion.SSL30,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	746	ProtocolVersion.TLS10,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	747	ProtocolVersion.TLS11,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	748	ProtocolVersion.TLS12
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	749	};
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	750	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	751	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	752	// Use the customized TLS protocols.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	753	candidates =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	754	new ProtocolVersion[customizedTLSProtocols.size()];
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	755	candidates = customizedTLSProtocols.toArray(candidates);
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	756	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	757
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	758	clientDefaultProtocolList = new ProtocolList(
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	759	getAvailableProtocols(candidates));
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	760	clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	761	clientDefaultProtocolList, true); // enabled only
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	762	} else {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	763	clientDefaultProtocolList = null; // unlikely to be used
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	764	clientDefaultCipherSuiteList = null; // unlikely to be used
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	765	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	766	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	767
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	768	protected CustomizedTLSContext() {
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	769	if (reservedException != null) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	770	throw reservedException;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	771	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	772	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	773
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	774	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	775	ProtocolList getClientDefaultProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	776	return clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	777	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	778
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	779	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	780	CipherSuiteList getClientDefaultCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	781	return clientDefaultCipherSuiteList;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	782	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	783	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	784
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	785	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	786	* The SSLContext implementation for default "TLS" algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	787	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	788	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	789	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	790	public static final class TLSContext extends CustomizedTLSContext {
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	791	// use the default constructor and methods
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	792	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	793
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	794	// lazy initialization holder class idiom for static default parameters
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	795	//
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	796	// See Effective Java Second Edition: Item 71.
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	797	private static final class DefaultManagersHolder {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	798	private static final String NONE = "NONE";
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	799	private static final String P11KEYSTORE = "PKCS11";
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	800
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	801	private static final TrustManager[] trustManagers;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	802	private static final KeyManager[] keyManagers;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	803
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	804	static Exception reservedException = null;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	805
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	806	static {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	807	TrustManager[] tmMediator;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	808	try {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	809	tmMediator = getTrustManagers();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	810	} catch (Exception e) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	811	reservedException = e;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	812	tmMediator = new TrustManager[0];
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	813	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	814	trustManagers = tmMediator;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	815
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	816	if (reservedException == null) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	817	KeyManager[] kmMediator;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	818	try {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	819	kmMediator = getKeyManagers();
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	820	} catch (Exception e) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	821	reservedException = e;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	822	kmMediator = new KeyManager[0];
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	823	}
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	824	keyManagers = kmMediator;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	825	} else {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	826	keyManagers = new KeyManager[0];
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	827	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	828	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	829
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	830	private static TrustManager[] getTrustManagers() throws Exception {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	831	KeyStore ks =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	832	TrustManagerFactoryImpl.getCacertsKeyStore("defaultctx");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	833
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	834	TrustManagerFactory tmf = TrustManagerFactory.getInstance(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	835	TrustManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	836	tmf.init(ks);
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	837	return tmf.getTrustManagers();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	838	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	839
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	840	private static KeyManager[] getKeyManagers() throws Exception {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	841
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	842	final Map<String,String> props = new HashMap<>();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	843	AccessController.doPrivileged(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	844	new PrivilegedExceptionAction<Object>() {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	845	@Override
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	846	public Object run() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	847	props.put("keyStore", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	848	"javax.net.ssl.keyStore", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	849	props.put("keyStoreType", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	850	"javax.net.ssl.keyStoreType",
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	851	KeyStore.getDefaultType()));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	852	props.put("keyStoreProvider", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	853	"javax.net.ssl.keyStoreProvider", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	854	props.put("keyStorePasswd", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	855	"javax.net.ssl.keyStorePassword", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	856	return null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	857	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	858	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	859
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	860	final String defaultKeyStore = props.get("keyStore");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	861	String defaultKeyStoreType = props.get("keyStoreType");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	862	String defaultKeyStoreProvider = props.get("keyStoreProvider");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	863	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	864	System.out.println("keyStore is : " + defaultKeyStore);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	865	System.out.println("keyStore type is : " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	866	defaultKeyStoreType);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	867	System.out.println("keyStore provider is : " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	868	defaultKeyStoreProvider);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	869	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	870
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	871	if (P11KEYSTORE.equals(defaultKeyStoreType) &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	872	!NONE.equals(defaultKeyStore)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	873	throw new IllegalArgumentException("if keyStoreType is "
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	874	+ P11KEYSTORE + ", then keyStore must be " + NONE);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	875	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	876
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	877	FileInputStream fs = null;
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	878	KeyStore ks = null;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	879	char[] passwd = null;
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	880	try {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	881	if (defaultKeyStore.length() != 0 &&
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	882	!NONE.equals(defaultKeyStore)) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	883	fs = AccessController.doPrivileged(
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	884	new PrivilegedExceptionAction<FileInputStream>() {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	885	@Override
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	886	public FileInputStream run() throws Exception {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	887	return new FileInputStream(defaultKeyStore);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	888	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	889	});
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	890	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	891
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	892	String defaultKeyStorePassword = props.get("keyStorePasswd");
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	893	if (defaultKeyStorePassword.length() != 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	894	passwd = defaultKeyStorePassword.toCharArray();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	895	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	896
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	897	/**
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	898	* Try to initialize key store.
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	899	*/
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	900	if ((defaultKeyStoreType.length()) != 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	901	if (debug != null && Debug.isOn("defaultctx")) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	902	System.out.println("init keystore");
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	903	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	904	if (defaultKeyStoreProvider.length() == 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	905	ks = KeyStore.getInstance(defaultKeyStoreType);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	906	} else {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	907	ks = KeyStore.getInstance(defaultKeyStoreType,
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	908	defaultKeyStoreProvider);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	909	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	910
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	911	// if defaultKeyStore is NONE, fs will be null
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	912	ks.load(fs, passwd);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	913	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	914	} finally {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	915	if (fs != null) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	916	fs.close();
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	917	fs = null;
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	918	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	919	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	920
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	921	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	922	* Try to initialize key manager.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	923	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	924	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	925	System.out.println("init keymanager of type " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	926	KeyManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	927	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	928	KeyManagerFactory kmf = KeyManagerFactory.getInstance(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	929	KeyManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	930
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	931	if (P11KEYSTORE.equals(defaultKeyStoreType)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	932	kmf.init(ks, null); // do not pass key passwd if using token
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	933	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	934	kmf.init(ks, passwd);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	935	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	936
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	937	return kmf.getKeyManagers();
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	938	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	939	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	940
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	941	// lazy initialization holder class idiom for static default parameters
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	942	//
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	943	// See Effective Java Second Edition: Item 71.
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	944	private static final class DefaultSSLContextHolder {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	945
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	946	private static final SSLContextImpl sslContext;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	947	static Exception reservedException = null;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	948
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	949	static {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	950	SSLContextImpl mediator = null;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	951	if (DefaultManagersHolder.reservedException != null) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	952	reservedException = DefaultManagersHolder.reservedException;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	953	} else {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	954	try {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	955	mediator = new DefaultSSLContext();
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	956	} catch (Exception e) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	957	reservedException = e;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	958	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	959	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	960
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	961	sslContext = mediator;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	962	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	963	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	964
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	965	/*
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	966	* The SSLContext implementation for default "Default" algorithm
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	967	*
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	968	* @see SSLContext
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	969	*/
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	970	public static final class DefaultSSLContext extends CustomizedTLSContext {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	971
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	972	// public constructor for SSLContext.getInstance("Default")
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	973	public DefaultSSLContext() throws Exception {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	974	if (DefaultManagersHolder.reservedException != null) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	975	throw DefaultManagersHolder.reservedException;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	976	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	977
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	978	try {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	979	super.engineInit(DefaultManagersHolder.keyManagers,
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	980	DefaultManagersHolder.trustManagers, null);
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	981	} catch (Exception e) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	982	if (debug != null && Debug.isOn("defaultctx")) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	983	System.out.println("default context init failed: " + e);
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	984	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	985	throw e;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	986	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	987	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	988
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	989	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	990	protected void engineInit(KeyManager[] km, TrustManager[] tm,
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	991	SecureRandom sr) throws KeyManagementException {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	992	throw new KeyManagementException
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	993	("Default SSLContext is initialized automatically");
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	994	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	995
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	996	static SSLContextImpl getDefaultImpl() throws Exception {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	997	if (DefaultSSLContextHolder.reservedException != null) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	998	throw DefaultSSLContextHolder.reservedException;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	999	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1000
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1001	return DefaultSSLContextHolder.sslContext;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1002	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1003	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1004
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1005	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1006	* The base abstract SSLContext implementation for the Datagram Transport
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1007	* Layer Security (DTLS) protocols.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1008	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1009	* This abstract class encapsulates supported and the default server DTLS
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1010	* parameters.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1011	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1012	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1013	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1014	private abstract static class AbstractDTLSContext extends SSLContextImpl {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1015	private static final ProtocolList supportedProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1016	private static final ProtocolList serverDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1017
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1018	private static final CipherSuiteList supportedCipherSuiteList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1019	private static final CipherSuiteList serverDefaultCipherSuiteList;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1020
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1021	static {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1022	// Both DTLSv1.0 and DTLSv1.2 can be used in FIPS mode.
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1023	supportedProtocolList = new ProtocolList(new String[] {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1024	ProtocolVersion.DTLS10.name,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1025	ProtocolVersion.DTLS12.name
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1026	});
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1027
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1028	// available protocols for server mode
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1029	serverDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1030	getAvailableProtocols(new ProtocolVersion[] {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1031	ProtocolVersion.DTLS10,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1032	ProtocolVersion.DTLS12
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1033	}));
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1034
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1035	supportedCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1036	supportedProtocolList, false); // all supported
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1037	serverDefaultCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1038	serverDefaultProtocolList, true); // enabled only
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1039	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1040
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1041	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1042	ProtocolList getSuportedProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1043	return supportedProtocolList;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1044	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1045
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1046	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1047	CipherSuiteList getSupportedCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1048	return supportedCipherSuiteList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1049	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1050
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1051	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1052	ProtocolList getServerDefaultProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1053	return serverDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1054	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1055
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1056	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1057	CipherSuiteList getServerDefaultCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1058	return serverDefaultCipherSuiteList;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1059	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1060
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1061	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1062	SSLEngine createSSLEngineImpl() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1063	return new SSLEngineImpl(this, true);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1064	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1065
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1066	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1067	SSLEngine createSSLEngineImpl(String host, int port) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1068	return new SSLEngineImpl(this, host, port, true);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1069	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1070
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1071	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1072	HelloCookieManager getHelloCookieManager(SecureRandom secureRandom) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1073	return new HelloCookieManager(secureRandom);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1074	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1075	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1076
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1077	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1078	* The SSLContext implementation for DTLSv1.0 algorithm.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1079	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1080	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1081	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1082	public static final class DTLS10Context extends AbstractDTLSContext {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1083	private static final ProtocolList clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1084	private static final CipherSuiteList clientDefaultCipherSuiteList;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1085
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1086	static {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1087	// available protocols for client mode
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1088	clientDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1089	getAvailableProtocols(new ProtocolVersion[] {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1090	ProtocolVersion.DTLS10
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1091	}));
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1092
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1093	clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1094	clientDefaultProtocolList, true); // enabled only
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1095	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1096
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1097	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1098	ProtocolList getClientDefaultProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1099	return clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1100	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1101
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1102	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1103	CipherSuiteList getClientDefaultCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1104	return clientDefaultCipherSuiteList;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1105	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1106	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1107
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1108	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1109	* The SSLContext implementation for DTLSv1.2 algorithm.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1110	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1111	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1112	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1113	public static final class DTLS12Context extends AbstractDTLSContext {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1114	private static final ProtocolList clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1115	private static final CipherSuiteList clientDefaultCipherSuiteList;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1116
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1117	static {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1118	// available protocols for client mode
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1119	clientDefaultProtocolList = new ProtocolList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1120	getAvailableProtocols(new ProtocolVersion[] {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1121	ProtocolVersion.DTLS10,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1122	ProtocolVersion.DTLS12
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1123	}));
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1124
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1125	clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1126	clientDefaultProtocolList, true); // enabled only
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1127	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1128
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1129	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1130	ProtocolList getClientDefaultProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1131	return clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1132	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1133
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1134	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1135	CipherSuiteList getClientDefaultCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1136	return clientDefaultCipherSuiteList;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1137	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1138	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1139
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1140	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1141	* The SSLContext implementation for customized TLS protocols
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1142	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1143	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1144	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1145	private static class CustomizedDTLSContext extends AbstractDTLSContext {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1146	private static final ProtocolList clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1147	private static final CipherSuiteList clientDefaultCipherSuiteList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1148
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1149	private static IllegalArgumentException reservedException = null;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1150
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1151	// Don't want a java.lang.LinkageError for illegal system property.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1152	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1153	// Please don't throw exception in this static block. Otherwise,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1154	// java.lang.LinkageError may be thrown during the instantiation of
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1155	// the provider service. Instead, let's handle the initialization
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1156	// exception in constructor.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1157	static {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1158	reservedException = CustomizedSSLProtocols.reservedException;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1159	if (reservedException == null) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1160	ArrayList<ProtocolVersion>
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1161	customizedDTLSProtocols = new ArrayList<>();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1162	for (ProtocolVersion protocol :
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1163	CustomizedSSLProtocols.customizedProtocols) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1164	if (protocol.isDTLSProtocol()) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1165	customizedDTLSProtocols.add(protocol);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1166	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1167	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1168
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1169	// candidates for available protocols
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1170	ProtocolVersion[] candidates;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1171	if (customizedDTLSProtocols.isEmpty()) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1172	// Use the default enabled client protocols if no
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1173	// customized TLS protocols.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1174	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1175	// Both DTLSv1.0 and DTLSv1.2 can be used in FIPS mode.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1176	candidates = new ProtocolVersion[] {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1177	ProtocolVersion.DTLS10,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1178	ProtocolVersion.DTLS12
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1179	};
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1180
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1181	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1182	// Use the customized TLS protocols.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1183	candidates =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1184	new ProtocolVersion[customizedDTLSProtocols.size()];
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1185	candidates = customizedDTLSProtocols.toArray(candidates);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1186	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1187
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1188	clientDefaultProtocolList = new ProtocolList(
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1189	getAvailableProtocols(candidates));
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1190	clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1191	clientDefaultProtocolList, true); // enabled only
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1192	} else {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1193	clientDefaultProtocolList = null; // unlikely to be used
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1194	clientDefaultCipherSuiteList = null; // unlikely to be used
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1195	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1196	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1197
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1198	protected CustomizedDTLSContext() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1199	if (reservedException != null) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1200	throw reservedException;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1201	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1202	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1203
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1204	@Override
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1205	ProtocolList getClientDefaultProtocolList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1206	return clientDefaultProtocolList;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1207	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1208
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1209	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1210	CipherSuiteList getClientDefaultCipherSuiteList() {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1211	return clientDefaultCipherSuiteList;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1212	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1213	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1214
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1215	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1216	* The SSLContext implementation for default "DTLS" algorithm
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1217	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1218	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1219	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1220	public static final class DTLSContext extends CustomizedDTLSContext {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1221	// use the default constructor and methods
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1222	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1223
2 90ce3da70b43 Initial load duke parents: diff changeset	1224	}
90ce3da70b43 Initial load duke parents: diff changeset	1225
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1226
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1227	final class AbstractTrustManagerWrapper extends X509ExtendedTrustManager
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1228	implements X509TrustManager {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1229
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1230	// the delegated trust manager
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1231	private final X509TrustManager tm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1232
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1233	AbstractTrustManagerWrapper(X509TrustManager tm) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1234	this.tm = tm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1235	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1236
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1237	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1238	public void checkClientTrusted(X509Certificate[] chain, String authType)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1239	throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1240	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1241	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1242
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1243	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1244	public void checkServerTrusted(X509Certificate[] chain, String authType)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1245	throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1246	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1247	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1248
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1249	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1250	public X509Certificate[] getAcceptedIssuers() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1251	return tm.getAcceptedIssuers();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1252	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1253
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1254	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1255	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1256	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1257	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1258	checkAdditionalTrust(chain, authType, socket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1259	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1260
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1261	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1262	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1263	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1264	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1265	checkAdditionalTrust(chain, authType, socket, false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1266	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1267
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1268	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1269	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1270	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1271	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1272	checkAdditionalTrust(chain, authType, engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1273	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1274
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1275	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1276	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1277	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1278	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1279	checkAdditionalTrust(chain, authType, engine, false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1280	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1281
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1282	private void checkAdditionalTrust(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1283	Socket socket, boolean isClient) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1284	if (socket != null && socket.isConnected() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1285	socket instanceof SSLSocket) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1286
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1287	SSLSocket sslSocket = (SSLSocket)socket;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1288	SSLSession session = sslSocket.getHandshakeSession();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1289	if (session == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1290	throw new CertificateException("No handshake session");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1291	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1292
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1293	// check endpoint identity
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1294	String identityAlg = sslSocket.getSSLParameters().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1295	getEndpointIdentificationAlgorithm();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1296	if (identityAlg != null && identityAlg.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1297	String hostname = session.getPeerHost();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1298	X509TrustManagerImpl.checkIdentity(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1299	hostname, chain[0], identityAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1300	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1301
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1302	// try the best to check the algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1303	ProtocolVersion protocolVersion =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1304	ProtocolVersion.valueOf(session.getProtocol());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1305	AlgorithmConstraints constraints = null;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1306	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1307	if (session instanceof ExtendedSSLSession) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1308	ExtendedSSLSession extSession =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1309	(ExtendedSSLSession)session;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1310	String[] peerSupportedSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1311	extSession.getLocalSupportedSignatureAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1312
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1313	constraints = new SSLAlgorithmConstraints(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1314	sslSocket, peerSupportedSignAlgs, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1315	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1316	constraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1317	new SSLAlgorithmConstraints(sslSocket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1318	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1319	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1320	constraints = new SSLAlgorithmConstraints(sslSocket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1321	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1322
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1323	checkAlgorithmConstraints(chain, constraints);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1324	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1325	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1326
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1327	private void checkAdditionalTrust(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1328	SSLEngine engine, boolean isClient) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1329	if (engine != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1330	SSLSession session = engine.getHandshakeSession();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1331	if (session == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1332	throw new CertificateException("No handshake session");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1333	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1334
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1335	// check endpoint identity
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1336	String identityAlg = engine.getSSLParameters().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1337	getEndpointIdentificationAlgorithm();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1338	if (identityAlg != null && identityAlg.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1339	String hostname = session.getPeerHost();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1340	X509TrustManagerImpl.checkIdentity(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1341	hostname, chain[0], identityAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1342	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1343
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1344	// try the best to check the algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1345	ProtocolVersion protocolVersion =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1346	ProtocolVersion.valueOf(session.getProtocol());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1347	AlgorithmConstraints constraints = null;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1348	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1349	if (session instanceof ExtendedSSLSession) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1350	ExtendedSSLSession extSession =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1351	(ExtendedSSLSession)session;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1352	String[] peerSupportedSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1353	extSession.getLocalSupportedSignatureAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1354
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1355	constraints = new SSLAlgorithmConstraints(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1356	engine, peerSupportedSignAlgs, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1357	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1358	constraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1359	new SSLAlgorithmConstraints(engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1360	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1361	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1362	constraints = new SSLAlgorithmConstraints(engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1363	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1364
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1365	checkAlgorithmConstraints(chain, constraints);
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1366	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1367	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1368
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1369	private void checkAlgorithmConstraints(X509Certificate[] chain,
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1370	AlgorithmConstraints constraints) throws CertificateException {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1371
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1372	try {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1373	// Does the certificate chain end with a trusted certificate?
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1374	int checkedLength = chain.length - 1;
12302 0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1375
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1376	Collection<X509Certificate> trustedCerts = new HashSet<>();
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1377	X509Certificate[] certs = tm.getAcceptedIssuers();
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1378	if ((certs != null) && (certs.length > 0)){
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1379	Collections.addAll(trustedCerts, certs);
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1380	}
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1381
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1382	if (trustedCerts.contains(chain[checkedLength])) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1383	checkedLength--;
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1384	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1385
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1386	// A forward checker, need to check from trust to target
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1387	if (checkedLength >= 0) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1388	AlgorithmChecker checker = new AlgorithmChecker(constraints);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1389	checker.init(false);
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1390	for (int i = checkedLength; i >= 0; i--) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1391	Certificate cert = chain[i];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1392	// We don't care about the unresolved critical extensions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1393	checker.check(cert, Collections.<String>emptySet());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1394	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1395	}
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1396	} catch (CertPathValidatorException cpve) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1397	throw new CertificateException(
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1398	"Certificates does not conform to algorithm constraints");
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1399	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1400	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1401	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1402
2 90ce3da70b43 Initial load duke parents: diff changeset	1403	// Dummy X509TrustManager implementation, rejects all peer certificates.
90ce3da70b43 Initial load duke parents: diff changeset	1404	// Used if the application did not specify a proper X509TrustManager.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1405	final class DummyX509TrustManager extends X509ExtendedTrustManager
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1406	implements X509TrustManager {
2 90ce3da70b43 Initial load duke parents: diff changeset	1407
90ce3da70b43 Initial load duke parents: diff changeset	1408	static final X509TrustManager INSTANCE = new DummyX509TrustManager();
90ce3da70b43 Initial load duke parents: diff changeset	1409
90ce3da70b43 Initial load duke parents: diff changeset	1410	private DummyX509TrustManager() {
90ce3da70b43 Initial load duke parents: diff changeset	1411	// empty
90ce3da70b43 Initial load duke parents: diff changeset	1412	}
90ce3da70b43 Initial load duke parents: diff changeset	1413
90ce3da70b43 Initial load duke parents: diff changeset	1414	/*
90ce3da70b43 Initial load duke parents: diff changeset	1415	* Given the partial or complete certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	1416	* provided by the peer, build a certificate path
90ce3da70b43 Initial load duke parents: diff changeset	1417	* to a trusted root and return if it can be
90ce3da70b43 Initial load duke parents: diff changeset	1418	* validated and is trusted for client SSL authentication.
90ce3da70b43 Initial load duke parents: diff changeset	1419	* If not, it throws an exception.
90ce3da70b43 Initial load duke parents: diff changeset	1420	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1421	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1422	public void checkClientTrusted(X509Certificate[] chain, String authType)
90ce3da70b43 Initial load duke parents: diff changeset	1423	throws CertificateException {
90ce3da70b43 Initial load duke parents: diff changeset	1424	throw new CertificateException(
90ce3da70b43 Initial load duke parents: diff changeset	1425	"No X509TrustManager implementation avaiable");
90ce3da70b43 Initial load duke parents: diff changeset	1426	}
90ce3da70b43 Initial load duke parents: diff changeset	1427
90ce3da70b43 Initial load duke parents: diff changeset	1428	/*
90ce3da70b43 Initial load duke parents: diff changeset	1429	* Given the partial or complete certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	1430	* provided by the peer, build a certificate path
90ce3da70b43 Initial load duke parents: diff changeset	1431	* to a trusted root and return if it can be
90ce3da70b43 Initial load duke parents: diff changeset	1432	* validated and is trusted for server SSL authentication.
90ce3da70b43 Initial load duke parents: diff changeset	1433	* If not, it throws an exception.
90ce3da70b43 Initial load duke parents: diff changeset	1434	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1435	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1436	public void checkServerTrusted(X509Certificate[] chain, String authType)
90ce3da70b43 Initial load duke parents: diff changeset	1437	throws CertificateException {
90ce3da70b43 Initial load duke parents: diff changeset	1438	throw new CertificateException(
90ce3da70b43 Initial load duke parents: diff changeset	1439	"No X509TrustManager implementation available");
90ce3da70b43 Initial load duke parents: diff changeset	1440	}
90ce3da70b43 Initial load duke parents: diff changeset	1441
90ce3da70b43 Initial load duke parents: diff changeset	1442	/*
90ce3da70b43 Initial load duke parents: diff changeset	1443	* Return an array of issuer certificates which are trusted
90ce3da70b43 Initial load duke parents: diff changeset	1444	* for authenticating peers.
90ce3da70b43 Initial load duke parents: diff changeset	1445	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1446	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1447	public X509Certificate[] getAcceptedIssuers() {
90ce3da70b43 Initial load duke parents: diff changeset	1448	return new X509Certificate[0];
90ce3da70b43 Initial load duke parents: diff changeset	1449	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1450
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1451	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1452	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1453	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1454	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1455	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1456	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1457
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1458	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1459	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1460	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1461	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1462	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1463	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1464
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1465	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1466	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1467	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1468	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1469	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1470	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1471
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1472	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1473	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1474	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1475	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1476	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1477	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1478	}
90ce3da70b43 Initial load duke parents: diff changeset	1479
90ce3da70b43 Initial load duke parents: diff changeset	1480	/*
90ce3da70b43 Initial load duke parents: diff changeset	1481	* A wrapper class to turn a X509KeyManager into an X509ExtendedKeyManager
90ce3da70b43 Initial load duke parents: diff changeset	1482	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1483	final class AbstractKeyManagerWrapper extends X509ExtendedKeyManager {
2 90ce3da70b43 Initial load duke parents: diff changeset	1484
90ce3da70b43 Initial load duke parents: diff changeset	1485	private final X509KeyManager km;
90ce3da70b43 Initial load duke parents: diff changeset	1486
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1487	AbstractKeyManagerWrapper(X509KeyManager km) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1488	this.km = km;
90ce3da70b43 Initial load duke parents: diff changeset	1489	}
90ce3da70b43 Initial load duke parents: diff changeset	1490
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1491	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1492	public String[] getClientAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1493	return km.getClientAliases(keyType, issuers);
90ce3da70b43 Initial load duke parents: diff changeset	1494	}
90ce3da70b43 Initial load duke parents: diff changeset	1495
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1496	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1497	public String chooseClientAlias(String[] keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1498	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1499	return km.chooseClientAlias(keyType, issuers, socket);
90ce3da70b43 Initial load duke parents: diff changeset	1500	}
90ce3da70b43 Initial load duke parents: diff changeset	1501
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1502	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1503	public String[] getServerAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1504	return km.getServerAliases(keyType, issuers);
90ce3da70b43 Initial load duke parents: diff changeset	1505	}
90ce3da70b43 Initial load duke parents: diff changeset	1506
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1507	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1508	public String chooseServerAlias(String keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1509	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1510	return km.chooseServerAlias(keyType, issuers, socket);
90ce3da70b43 Initial load duke parents: diff changeset	1511	}
90ce3da70b43 Initial load duke parents: diff changeset	1512
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1513	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1514	public X509Certificate[] getCertificateChain(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1515	return km.getCertificateChain(alias);
90ce3da70b43 Initial load duke parents: diff changeset	1516	}
90ce3da70b43 Initial load duke parents: diff changeset	1517
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1518	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1519	public PrivateKey getPrivateKey(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1520	return km.getPrivateKey(alias);
90ce3da70b43 Initial load duke parents: diff changeset	1521	}
90ce3da70b43 Initial load duke parents: diff changeset	1522
90ce3da70b43 Initial load duke parents: diff changeset	1523	// Inherit chooseEngineClientAlias() and chooseEngineServerAlias() from
90ce3da70b43 Initial load duke parents: diff changeset	1524	// X509ExtendedKeymanager. It defines them to return null;
90ce3da70b43 Initial load duke parents: diff changeset	1525	}
90ce3da70b43 Initial load duke parents: diff changeset	1526
90ce3da70b43 Initial load duke parents: diff changeset	1527
90ce3da70b43 Initial load duke parents: diff changeset	1528	// Dummy X509KeyManager implementation, never returns any certificates/keys.
90ce3da70b43 Initial load duke parents: diff changeset	1529	// Used if the application did not specify a proper X509TrustManager.
90ce3da70b43 Initial load duke parents: diff changeset	1530	final class DummyX509KeyManager extends X509ExtendedKeyManager {
90ce3da70b43 Initial load duke parents: diff changeset	1531
90ce3da70b43 Initial load duke parents: diff changeset	1532	static final X509ExtendedKeyManager INSTANCE = new DummyX509KeyManager();
90ce3da70b43 Initial load duke parents: diff changeset	1533
90ce3da70b43 Initial load duke parents: diff changeset	1534	private DummyX509KeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	1535	// empty
90ce3da70b43 Initial load duke parents: diff changeset	1536	}
90ce3da70b43 Initial load duke parents: diff changeset	1537
90ce3da70b43 Initial load duke parents: diff changeset	1538	/*
90ce3da70b43 Initial load duke parents: diff changeset	1539	* Get the matching aliases for authenticating the client side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1540	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1541	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1542	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1543	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1544	public String[] getClientAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1545	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1546	}
90ce3da70b43 Initial load duke parents: diff changeset	1547
90ce3da70b43 Initial load duke parents: diff changeset	1548	/*
90ce3da70b43 Initial load duke parents: diff changeset	1549	* Choose an alias to authenticate the client side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1550	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1551	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1552	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1553	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1554	public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1555	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1556	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1557	}
90ce3da70b43 Initial load duke parents: diff changeset	1558
90ce3da70b43 Initial load duke parents: diff changeset	1559	/*
90ce3da70b43 Initial load duke parents: diff changeset	1560	* Choose an alias to authenticate the client side of an
90ce3da70b43 Initial load duke parents: diff changeset	1561	* engine given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1562	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1563	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1564	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1565	public String chooseEngineClientAlias(
90ce3da70b43 Initial load duke parents: diff changeset	1566	String[] keyTypes, Principal[] issuers, SSLEngine engine) {
90ce3da70b43 Initial load duke parents: diff changeset	1567	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1568	}
90ce3da70b43 Initial load duke parents: diff changeset	1569
90ce3da70b43 Initial load duke parents: diff changeset	1570	/*
90ce3da70b43 Initial load duke parents: diff changeset	1571	* Get the matching aliases for authenticating the server side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1572	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1573	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1574	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1575	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1576	public String[] getServerAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1577	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1578	}
90ce3da70b43 Initial load duke parents: diff changeset	1579
90ce3da70b43 Initial load duke parents: diff changeset	1580	/*
90ce3da70b43 Initial load duke parents: diff changeset	1581	* Choose an alias to authenticate the server side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1582	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1583	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1584	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1585	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1586	public String chooseServerAlias(String keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1587	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1588	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1589	}
90ce3da70b43 Initial load duke parents: diff changeset	1590
90ce3da70b43 Initial load duke parents: diff changeset	1591	/*
90ce3da70b43 Initial load duke parents: diff changeset	1592	* Choose an alias to authenticate the server side of an engine
90ce3da70b43 Initial load duke parents: diff changeset	1593	* given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1594	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1595	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1596	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1597	public String chooseEngineServerAlias(
90ce3da70b43 Initial load duke parents: diff changeset	1598	String keyType, Principal[] issuers, SSLEngine engine) {
90ce3da70b43 Initial load duke parents: diff changeset	1599	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1600	}
90ce3da70b43 Initial load duke parents: diff changeset	1601
90ce3da70b43 Initial load duke parents: diff changeset	1602	/**
90ce3da70b43 Initial load duke parents: diff changeset	1603	* Returns the certificate chain associated with the given alias.
90ce3da70b43 Initial load duke parents: diff changeset	1604	*
90ce3da70b43 Initial load duke parents: diff changeset	1605	* @param alias the alias name
90ce3da70b43 Initial load duke parents: diff changeset	1606	*
90ce3da70b43 Initial load duke parents: diff changeset	1607	* @return the certificate chain (ordered with the user's certificate first
90ce3da70b43 Initial load duke parents: diff changeset	1608	* and the root certificate authority last)
90ce3da70b43 Initial load duke parents: diff changeset	1609	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1610	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1611	public X509Certificate[] getCertificateChain(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1612	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1613	}
90ce3da70b43 Initial load duke parents: diff changeset	1614
90ce3da70b43 Initial load duke parents: diff changeset	1615	/*
90ce3da70b43 Initial load duke parents: diff changeset	1616	* Returns the key associated with the given alias, using the given
90ce3da70b43 Initial load duke parents: diff changeset	1617	* password to recover it.
90ce3da70b43 Initial load duke parents: diff changeset	1618	*
90ce3da70b43 Initial load duke parents: diff changeset	1619	* @param alias the alias name
90ce3da70b43 Initial load duke parents: diff changeset	1620	*
90ce3da70b43 Initial load duke parents: diff changeset	1621	* @return the requested key
90ce3da70b43 Initial load duke parents: diff changeset	1622	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1623	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1624	public PrivateKey getPrivateKey(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1625	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1626	}
90ce3da70b43 Initial load duke parents: diff changeset	1627	}

author	redestad
	Tue, 03 May 2016 15:50:54 +0200
changeset 37781	71ed5645f17c
parent 37593	824750ada3d6
child 40275	6a37d5a9619d
permissions	-rw-r--r--