jdk-sandbox: src/java.base/share/classes/sun/security/ssl/X509Authentication.java@9c3209ff7550 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	2	* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.security.PrivateKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.security.PublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.cert.X509Certificate;
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	31	import java.security.interfaces.ECKey;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.security.interfaces.ECPublicKey;
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	33	import java.security.interfaces.XECKey;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	34	import java.security.spec.AlgorithmParameterSpec;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.security.spec.ECParameterSpec;
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	36	import java.security.spec.NamedParameterSpec;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.util.AbstractMap.SimpleImmutableEntry;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import java.util.Map;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import javax.net.ssl.SSLEngine;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import javax.net.ssl.SSLSocket;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import javax.net.ssl.X509ExtendedKeyManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	enum X509Authentication implements SSLAuthentication {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	// Require rsaEncryption public key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	RSA ("RSA", new X509PossessionGenerator(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	new String[]{"RSA"})),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	// Require RSASSA-PSS public key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	RSASSA_PSS ("RSASSA-PSS", new X509PossessionGenerator(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	new String[] {"RSASSA-PSS"})),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	// Require rsaEncryption or RSASSA-PSS public key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	// Note that this is a specifical scheme for TLS 1.2. (EC)DHE_RSA cipher
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	// suites of TLS 1.2 can use either rsaEncryption or RSASSA-PSS public
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	// key for authentication and handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	RSA_OR_PSS ("RSA_OR_PSS", new X509PossessionGenerator(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	new String[] {"RSA", "RSASSA-PSS"})),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	// Require DSA public key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	DSA ("DSA", new X509PossessionGenerator(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	new String[] {"DSA"})),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	// Require EC public key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	EC ("EC", new X509PossessionGenerator(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	new String[] {"EC"}));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	final String keyType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	final SSLPossessionGenerator possessionGenerator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71
55452 1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	72	private X509Authentication(String keyType,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	SSLPossessionGenerator possessionGenerator) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	this.keyType = keyType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	this.possessionGenerator = possessionGenerator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	static X509Authentication valueOf(SignatureScheme signatureScheme) {
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	79	for (X509Authentication au : X509Authentication.values()) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	if (au.keyType.equals(signatureScheme.keyAlgorithm)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	return au;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	public SSLPossession createPossession(HandshakeContext handshakeContext) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	return possessionGenerator.createPossession(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	public SSLHandshake[] getRelatedHandshakers(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	HandshakeContext handshakeContext) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	if (!handshakeContext.negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	return new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	SSLHandshake.CERTIFICATE_REQUEST
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	} // Otherwise, TLS 1.3 does not use this method.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	return new SSLHandshake[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	public Map.Entry<Byte, HandshakeProducer>[] getHandshakeProducers(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	HandshakeContext handshakeContext) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	if (!handshakeContext.negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	return (Map.Entry<Byte, HandshakeProducer>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	new SimpleImmutableEntry<Byte, HandshakeProducer>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	SSLHandshake.CERTIFICATE.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	SSLHandshake.CERTIFICATE
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	});
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	} // Otherwise, TLS 1.3 does not use this method.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	return (Map.Entry<Byte, HandshakeProducer>[])(new Map.Entry[0]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	static final class X509Possession implements SSLPossession {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	// Proof of possession of the private key corresponding to the public
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	// key for which a certificate is being provided for authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	final X509Certificate[] popCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	final PrivateKey popPrivateKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	X509Possession(PrivateKey popPrivateKey,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	X509Certificate[] popCerts) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	this.popCerts = popCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	this.popPrivateKey = popPrivateKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	}
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	133
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	134	ECParameterSpec getECParameterSpec() {
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	135	if (popPrivateKey == null \|\|
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	136	!"EC".equals(popPrivateKey.getAlgorithm())) {
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	137	return null;
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	138	}
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	139
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	140	if (popPrivateKey instanceof ECKey) {
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	141	return ((ECKey)popPrivateKey).getParams();
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	142	} else if (popCerts != null && popCerts.length != 0) {
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	143	// The private key not extractable, get the parameters from
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	144	// the X.509 certificate.
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	145	PublicKey publicKey = popCerts[0].getPublicKey();
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	146	if (publicKey instanceof ECKey) {
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	147	return ((ECKey)publicKey).getParams();
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	148	}
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	149	}
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	150
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	151	return null;
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 52153 diff changeset	152	}
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	153
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	154	// Similar to above, but for XEC.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	155	NamedParameterSpec getXECParameterSpec() {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	156	if (popPrivateKey == null \|\|
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	157	!"XEC".equals(popPrivateKey.getAlgorithm())) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	158	return null;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	159	}
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	160
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	161	if (popPrivateKey instanceof XECKey) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	162	AlgorithmParameterSpec params =
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	163	((XECKey)popPrivateKey).getParams();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	164	if (params instanceof NamedParameterSpec){
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	165	return (NamedParameterSpec)params;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	166	}
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	167	} else if (popCerts != null && popCerts.length != 0) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	168	// The private key not extractable, get the parameters from
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	169	// the X.509 certificate.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	170	PublicKey publicKey = popCerts[0].getPublicKey();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	171	if (publicKey instanceof XECKey) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	172	AlgorithmParameterSpec params =
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	173	((XECKey)publicKey).getParams();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	174	if (params instanceof NamedParameterSpec){
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	175	return (NamedParameterSpec)params;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	176	}
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	177	}
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	178	}
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	179
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	180	return null;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	181	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	static final class X509Credentials implements SSLCredentials {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	final X509Certificate[] popCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	final PublicKey popPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	X509Credentials(PublicKey popPublicKey, X509Certificate[] popCerts) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	this.popCerts = popCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	this.popPublicKey = popPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	class X509PossessionGenerator implements SSLPossessionGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	private final String[] keyTypes;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	private X509PossessionGenerator(String[] keyTypes) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	this.keyTypes = keyTypes;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	public SSLPossession createPossession(HandshakeContext context) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	if (context.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	for (String keyType : keyTypes) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	SSLPossession poss = createClientPossession(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	(ClientHandshakeContext)context, keyType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	if (poss != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	return poss;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	for (String keyType : keyTypes) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	SSLPossession poss = createServerPossession(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	(ServerHandshakeContext)context, keyType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	if (poss != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	return poss;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224
52153 3b17277860e7 8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 jnimeh parents: 51574 diff changeset	225	// Used by TLS 1.2 and TLS 1.3.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	private SSLPossession createClientPossession(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	ClientHandshakeContext chc, String keyType) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	String clientAlias = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	if (chc.conContext.transport instanceof SSLSocketImpl) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	clientAlias = km.chooseClientAlias(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	new String[] { keyType },
52153 3b17277860e7 8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 jnimeh parents: 51574 diff changeset	233	chc.peerSupportedAuthorities,
3b17277860e7 8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 jnimeh parents: 51574 diff changeset	234	(SSLSocket)chc.conContext.transport);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	} else if (chc.conContext.transport instanceof SSLEngineImpl) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	clientAlias = km.chooseEngineClientAlias(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	new String[] { keyType },
52153 3b17277860e7 8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 jnimeh parents: 51574 diff changeset	238	chc.peerSupportedAuthorities,
3b17277860e7 8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 jnimeh parents: 51574 diff changeset	239	(SSLEngine)chc.conContext.transport);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	if (clientAlias == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	SSLLogger.finest("No X.509 cert selected for " + keyType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	PrivateKey clientPrivateKey = km.getPrivateKey(clientAlias);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	if (clientPrivateKey == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	clientAlias + " is not a private key entry");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	X509Certificate[] clientCerts = km.getCertificateChain(clientAlias);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	if ((clientCerts == null) \|\| (clientCerts.length == 0)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	SSLLogger.finest(clientAlias +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	" is a private key entry with no cert chain stored");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	PublicKey clientPublicKey = clientCerts[0].getPublicKey();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	if ((!clientPrivateKey.getAlgorithm().equals(keyType))
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	\|\| (!clientPublicKey.getAlgorithm().equals(keyType))) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	clientAlias + " private or public key is not of " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	keyType + " algorithm");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	return new X509Possession(clientPrivateKey, clientCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	private SSLPossession createServerPossession(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	ServerHandshakeContext shc, String keyType) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	X509ExtendedKeyManager km = shc.sslContext.getX509KeyManager();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	String serverAlias = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	if (shc.conContext.transport instanceof SSLSocketImpl) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	serverAlias = km.chooseServerAlias(keyType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	null, (SSLSocket)shc.conContext.transport);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	} else if (shc.conContext.transport instanceof SSLEngineImpl) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	serverAlias = km.chooseEngineServerAlias(keyType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	null, (SSLEngine)shc.conContext.transport);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	if (serverAlias == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	SSLLogger.finest("No X.509 cert selected for " + keyType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	PrivateKey serverPrivateKey = km.getPrivateKey(serverAlias);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	if (serverPrivateKey == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	serverAlias + " is not a private key entry");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	X509Certificate[] serverCerts = km.getCertificateChain(serverAlias);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	if ((serverCerts == null) \|\| (serverCerts.length == 0)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	serverAlias + " is not a certificate entry");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	PublicKey serverPublicKey = serverCerts[0].getPublicKey();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	if ((!serverPrivateKey.getAlgorithm().equals(keyType))
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	\|\| (!serverPublicKey.getAlgorithm().equals(keyType))) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	serverAlias + " private or public key is not of " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	keyType + " algorithm");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328
55452 1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	329	// For TLS 1.2 and prior versions, the public key of a EC cert
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	330	// MUST use a curve and point format supported by the client.
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	331	// But for TLS 1.3, signature algorithms are negotiated
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	332	// independently via the "signature_algorithms" extension.
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	333	if (!shc.negotiatedProtocol.useTLS13PlusSpec() &&
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	334	keyType.equals("EC")) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	if (!(serverPublicKey instanceof ECPublicKey)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	SSLLogger.warning(serverAlias +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	" public key is not an instance of ECPublicKey");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	// For ECC certs, check whether we support the EC domain
55452 1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	344	// parameters. If the client sent a supported_groups
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	345	// ClientHello extension, check against that too for
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	346	// TLS 1.2 and prior versions.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	ECParameterSpec params =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	((ECPublicKey)serverPublicKey).getParams();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	NamedGroup namedGroup = NamedGroup.valueOf(params);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	if ((namedGroup == null) \|\|
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	351	(!SupportedGroups.isSupported(namedGroup)) \|\|
ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	352	((shc.clientRequestedNamedGroups != null) &&
ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	353	!shc.clientRequestedNamedGroups.contains(namedGroup))) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	"Unsupported named group (" + namedGroup +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	") used in the " + serverAlias + " certificate");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	return new X509Possession(serverPrivateKey, serverCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	}

author	chegar
	Thu, 17 Oct 2019 20:54:25 +0100
branch	datagramsocketimpl-branch
changeset 58679	9c3209ff7550
parent 58678	9cf78a70fa4f
parent 55452	1170b6d92d1c
permissions	-rw-r--r--