jdk/src/share/classes/sun/security/ssl/SunJSSE.java
author ascarpino
Thu, 19 Sep 2013 11:59:14 -0700
changeset 20485 8af87f3d549c
parent 14664 e71aa0962e70
child 21278 ef8a3a2a72f2
permissions -rw-r--r--
7122707: Security Providers need to have their version numbers updated for JDK8 Reviewed-by: xuelei
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     1
/*
20485
8af87f3d549c 7122707: Security Providers need to have their version numbers updated for JDK8
ascarpino
parents: 14664
diff changeset
     2
 * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     4
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
     5
 * This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load
duke
parents:
diff changeset
     6
 * under the terms of the GNU General Public License version 2 only, as
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 3618
diff changeset
     7
 * published by the Free Software Foundation.  Oracle designates this
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     8
 * particular file as subject to the "Classpath" exception as provided
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 3618
diff changeset
     9
 * by Oracle in the LICENSE file that accompanied this code.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    10
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    11
 * This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load
duke
parents:
diff changeset
    12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load
duke
parents:
diff changeset
    13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
90ce3da70b43 Initial load
duke
parents:
diff changeset
    14
 * version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load
duke
parents:
diff changeset
    15
 * accompanied this code).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    16
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    17
 * You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load
duke
parents:
diff changeset
    18
 * 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    20
 *
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 3618
diff changeset
    21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 3618
diff changeset
    22
 * or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 3618
diff changeset
    23
 * questions.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    24
 */
90ce3da70b43 Initial load
duke
parents:
diff changeset
    25
90ce3da70b43 Initial load
duke
parents:
diff changeset
    26
90ce3da70b43 Initial load
duke
parents:
diff changeset
    27
package sun.security.ssl;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    28
90ce3da70b43 Initial load
duke
parents:
diff changeset
    29
import java.security.*;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    30
90ce3da70b43 Initial load
duke
parents:
diff changeset
    31
/**
90ce3da70b43 Initial load
duke
parents:
diff changeset
    32
 * The JSSE provider.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    33
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    34
 * The RSA implementation has been removed from JSSE, but we still need to
90ce3da70b43 Initial load
duke
parents:
diff changeset
    35
 * register the same algorithms for compatibility. We just point to the RSA
90ce3da70b43 Initial load
duke
parents:
diff changeset
    36
 * implementation in the SunRsaSign provider. This works because all classes
90ce3da70b43 Initial load
duke
parents:
diff changeset
    37
 * are in the bootclasspath and therefore loaded by the same classloader.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    38
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    39
 * SunJSSE now supports an experimental FIPS compliant mode when used with an
90ce3da70b43 Initial load
duke
parents:
diff changeset
    40
 * appropriate FIPS certified crypto provider. In FIPS mode, we:
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 5506
diff changeset
    41
 *  . allow only TLS 1.0 or later
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    42
 *  . allow only FIPS approved ciphersuites
90ce3da70b43 Initial load
duke
parents:
diff changeset
    43
 *  . perform all crypto in the FIPS crypto provider
90ce3da70b43 Initial load
duke
parents:
diff changeset
    44
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    45
 * It is currently not possible to use both FIPS compliant SunJSSE and
90ce3da70b43 Initial load
duke
parents:
diff changeset
    46
 * standard JSSE at the same time because of the various static data structures
90ce3da70b43 Initial load
duke
parents:
diff changeset
    47
 * we use.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    48
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    49
 * However, we do want to allow FIPS mode to be enabled at runtime and without
90ce3da70b43 Initial load
duke
parents:
diff changeset
    50
 * editing the java.security file. That means we need to allow
90ce3da70b43 Initial load
duke
parents:
diff changeset
    51
 * Security.removeProvider("SunJSSE") to work, which creates an instance of
90ce3da70b43 Initial load
duke
parents:
diff changeset
    52
 * this class in non-FIPS mode. That is why we delay the selection of the mode
90ce3da70b43 Initial load
duke
parents:
diff changeset
    53
 * as long as possible. This is until we open an SSL/TLS connection and the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    54
 * data structures need to be initialized or until SunJSSE is initialized in
90ce3da70b43 Initial load
duke
parents:
diff changeset
    55
 * FIPS mode.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    56
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    57
 */
90ce3da70b43 Initial load
duke
parents:
diff changeset
    58
public abstract class SunJSSE extends java.security.Provider {
90ce3da70b43 Initial load
duke
parents:
diff changeset
    59
90ce3da70b43 Initial load
duke
parents:
diff changeset
    60
    private static final long serialVersionUID = 3231825739635378733L;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    61
90ce3da70b43 Initial load
duke
parents:
diff changeset
    62
    private static String info = "Sun JSSE provider" +
90ce3da70b43 Initial load
duke
parents:
diff changeset
    63
        "(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)";
90ce3da70b43 Initial load
duke
parents:
diff changeset
    64
90ce3da70b43 Initial load
duke
parents:
diff changeset
    65
    private static String fipsInfo =
90ce3da70b43 Initial load
duke
parents:
diff changeset
    66
        "Sun JSSE provider (FIPS mode, crypto provider ";
90ce3da70b43 Initial load
duke
parents:
diff changeset
    67
90ce3da70b43 Initial load
duke
parents:
diff changeset
    68
    // tri-valued flag:
90ce3da70b43 Initial load
duke
parents:
diff changeset
    69
    // null  := no final decision made
90ce3da70b43 Initial load
duke
parents:
diff changeset
    70
    // false := data structures initialized in non-FIPS mode
90ce3da70b43 Initial load
duke
parents:
diff changeset
    71
    // true  := data structures initialized in FIPS mode
90ce3da70b43 Initial load
duke
parents:
diff changeset
    72
    private static Boolean fips;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    73
90ce3da70b43 Initial load
duke
parents:
diff changeset
    74
    // the FIPS certificate crypto provider that we use to perform all crypto
90ce3da70b43 Initial load
duke
parents:
diff changeset
    75
    // operations. null in non-FIPS mode
90ce3da70b43 Initial load
duke
parents:
diff changeset
    76
    static java.security.Provider cryptoProvider;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    77
90ce3da70b43 Initial load
duke
parents:
diff changeset
    78
    protected static synchronized boolean isFIPS() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
    79
        if (fips == null) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
    80
            fips = false;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    81
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
    82
        return fips;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    83
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
    84
90ce3da70b43 Initial load
duke
parents:
diff changeset
    85
    // ensure we can use FIPS mode using the specified crypto provider.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    86
    // enable FIPS mode if not already enabled.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    87
    private static synchronized void ensureFIPS(java.security.Provider p) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
    88
        if (fips == null) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
    89
            fips = true;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    90
            cryptoProvider = p;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    91
        } else {
90ce3da70b43 Initial load
duke
parents:
diff changeset
    92
            if (fips == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
    93
                throw new ProviderException
90ce3da70b43 Initial load
duke
parents:
diff changeset
    94
                    ("SunJSSE already initialized in non-FIPS mode");
90ce3da70b43 Initial load
duke
parents:
diff changeset
    95
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
    96
            if (cryptoProvider != p) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
    97
                throw new ProviderException
90ce3da70b43 Initial load
duke
parents:
diff changeset
    98
                    ("SunJSSE already initialized with FIPS crypto provider "
90ce3da70b43 Initial load
duke
parents:
diff changeset
    99
                    + cryptoProvider);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   100
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   101
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   102
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   103
90ce3da70b43 Initial load
duke
parents:
diff changeset
   104
    // standard constructor
90ce3da70b43 Initial load
duke
parents:
diff changeset
   105
    protected SunJSSE() {
14194
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server
xuelei
parents: 9246
diff changeset
   106
        super("SunJSSE", 1.8d, info);
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   107
        subclassCheck();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   108
        if (Boolean.TRUE.equals(fips)) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   109
            throw new ProviderException
90ce3da70b43 Initial load
duke
parents:
diff changeset
   110
                ("SunJSSE is already initialized in FIPS mode");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   111
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   112
        registerAlgorithms(false);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   113
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   114
90ce3da70b43 Initial load
duke
parents:
diff changeset
   115
    // prefered constructor to enable FIPS mode at runtime
90ce3da70b43 Initial load
duke
parents:
diff changeset
   116
    protected SunJSSE(java.security.Provider cryptoProvider){
90ce3da70b43 Initial load
duke
parents:
diff changeset
   117
        this(checkNull(cryptoProvider), cryptoProvider.getName());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   118
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   119
90ce3da70b43 Initial load
duke
parents:
diff changeset
   120
    // constructor to enable FIPS mode from java.security file
90ce3da70b43 Initial load
duke
parents:
diff changeset
   121
    protected SunJSSE(String cryptoProvider){
90ce3da70b43 Initial load
duke
parents:
diff changeset
   122
        this(null, checkNull(cryptoProvider));
90ce3da70b43 Initial load
duke
parents:
diff changeset
   123
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   124
90ce3da70b43 Initial load
duke
parents:
diff changeset
   125
    private static <T> T checkNull(T t) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   126
        if (t == null) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   127
            throw new ProviderException("cryptoProvider must not be null");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   128
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   129
        return t;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   130
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   131
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   132
    private SunJSSE(java.security.Provider cryptoProvider,
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   133
            String providerName) {
20485
8af87f3d549c 7122707: Security Providers need to have their version numbers updated for JDK8
ascarpino
parents: 14664
diff changeset
   134
        super("SunJSSE", 1.8d, fipsInfo + providerName + ")");
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   135
        subclassCheck();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   136
        if (cryptoProvider == null) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   137
            // Calling Security.getProvider() will cause other providers to be
90ce3da70b43 Initial load
duke
parents:
diff changeset
   138
            // loaded. That is not good but unavoidable here.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   139
            cryptoProvider = Security.getProvider(providerName);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   140
            if (cryptoProvider == null) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   141
                throw new ProviderException
90ce3da70b43 Initial load
duke
parents:
diff changeset
   142
                    ("Crypto provider not installed: " + providerName);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   143
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   144
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   145
        ensureFIPS(cryptoProvider);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   146
        registerAlgorithms(true);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   147
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   148
90ce3da70b43 Initial load
duke
parents:
diff changeset
   149
    private void registerAlgorithms(final boolean isfips) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   150
        AccessController.doPrivileged(new PrivilegedAction<Object>() {
14664
e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents: 14194
diff changeset
   151
            @Override
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   152
            public Object run() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   153
                doRegister(isfips);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   154
                return null;
90ce3da70b43 Initial load
duke
parents:
diff changeset
   155
            }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   156
        });
90ce3da70b43 Initial load
duke
parents:
diff changeset
   157
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   158
90ce3da70b43 Initial load
duke
parents:
diff changeset
   159
    private void doRegister(boolean isfips) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   160
        if (isfips == false) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   161
            put("KeyFactory.RSA",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   162
                "sun.security.rsa.RSAKeyFactory");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   163
            put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   164
            put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   165
90ce3da70b43 Initial load
duke
parents:
diff changeset
   166
            put("KeyPairGenerator.RSA",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   167
                "sun.security.rsa.RSAKeyPairGenerator");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   168
            put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   169
            put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   170
90ce3da70b43 Initial load
duke
parents:
diff changeset
   171
            put("Signature.MD2withRSA",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   172
                "sun.security.rsa.RSASignature$MD2withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   173
            put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   174
            put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   175
                "MD2withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   176
90ce3da70b43 Initial load
duke
parents:
diff changeset
   177
            put("Signature.MD5withRSA",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   178
                "sun.security.rsa.RSASignature$MD5withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   179
            put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   180
            put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   181
                "MD5withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   182
90ce3da70b43 Initial load
duke
parents:
diff changeset
   183
            put("Signature.SHA1withRSA",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   184
                "sun.security.rsa.RSASignature$SHA1withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   185
            put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   186
            put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   187
                "SHA1withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   188
            put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   189
            put("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   190
90ce3da70b43 Initial load
duke
parents:
diff changeset
   191
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   192
        put("Signature.MD5andSHA1withRSA",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   193
            "sun.security.ssl.RSASignature");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   194
90ce3da70b43 Initial load
duke
parents:
diff changeset
   195
        put("KeyManagerFactory.SunX509",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   196
            "sun.security.ssl.KeyManagerFactoryImpl$SunX509");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   197
        put("KeyManagerFactory.NewSunX509",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   198
            "sun.security.ssl.KeyManagerFactoryImpl$X509");
8791
f5106bbf577d 7022855: Export "PKIX" as the standard algorithm name of KeyManagerFactory
xuelei
parents: 7043
diff changeset
   199
        put("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509");
f5106bbf577d 7022855: Export "PKIX" as the standard algorithm name of KeyManagerFactory
xuelei
parents: 7043
diff changeset
   200
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   201
        put("TrustManagerFactory.SunX509",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   202
            "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   203
        put("TrustManagerFactory.PKIX",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   204
            "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   205
        put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   206
        put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   207
        put("Alg.Alias.TrustManagerFactory.X.509", "PKIX");
9246
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
xuelei
parents: 8791
diff changeset
   208
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
xuelei
parents: 8791
diff changeset
   209
        put("SSLContext.TLSv1",
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
xuelei
parents: 8791
diff changeset
   210
            "sun.security.ssl.SSLContextImpl$TLS10Context");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
xuelei
parents: 8791
diff changeset
   211
        put("Alg.Alias.SSLContext.TLS", "TLSv1");
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   212
        if (isfips == false) {
9246
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
xuelei
parents: 8791
diff changeset
   213
            put("Alg.Alias.SSLContext.SSL", "TLSv1");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
xuelei
parents: 8791
diff changeset
   214
            put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   215
        }
9246
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
xuelei
parents: 8791
diff changeset
   216
7039
6464c8e62a18 4873188: Support TLS 1.1
xuelei
parents: 5506
diff changeset
   217
        put("SSLContext.TLSv1.1",
9246
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
xuelei
parents: 8791
diff changeset
   218
            "sun.security.ssl.SSLContextImpl$TLS11Context");
7043
5e2d1edeb2c7 6916074: Add support for TLS 1.2
xuelei
parents: 7039
diff changeset
   219
        put("SSLContext.TLSv1.2",
9246
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
xuelei
parents: 8791
diff changeset
   220
            "sun.security.ssl.SSLContextImpl$TLS12Context");
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   221
        put("SSLContext.Default",
9246
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
xuelei
parents: 8791
diff changeset
   222
            "sun.security.ssl.SSLContextImpl$DefaultSSLContext");
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
   223
90ce3da70b43 Initial load
duke
parents:
diff changeset
   224
        /*
90ce3da70b43 Initial load
duke
parents:
diff changeset
   225
         * KeyStore
90ce3da70b43 Initial load
duke
parents:
diff changeset
   226
         */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   227
        put("KeyStore.PKCS12",
90ce3da70b43 Initial load
duke
parents:
diff changeset
   228
            "sun.security.pkcs12.PKCS12KeyStore");
90ce3da70b43 Initial load
duke
parents:
diff changeset
   229
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   230
90ce3da70b43 Initial load
duke
parents:
diff changeset
   231
    private void subclassCheck() {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   232
        if (getClass() != com.sun.net.ssl.internal.ssl.Provider.class) {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   233
            throw new AssertionError("Illegal subclass: " + getClass());
90ce3da70b43 Initial load
duke
parents:
diff changeset
   234
        }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   235
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   236
90ce3da70b43 Initial load
duke
parents:
diff changeset
   237
    @Override
90ce3da70b43 Initial load
duke
parents:
diff changeset
   238
    protected final void finalize() throws Throwable {
90ce3da70b43 Initial load
duke
parents:
diff changeset
   239
        // empty
90ce3da70b43 Initial load
duke
parents:
diff changeset
   240
        super.finalize();
90ce3da70b43 Initial load
duke
parents:
diff changeset
   241
    }
90ce3da70b43 Initial load
duke
parents:
diff changeset
   242
90ce3da70b43 Initial load
duke
parents:
diff changeset
   243
}