jdk-sandbox: jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java@c459f79af46b (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	2	* Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.net.Socket;
90ce3da70b43 Initial load duke parents: diff changeset	29
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	30	import java.io.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	31	import java.util.*;
2 90ce3da70b43 Initial load duke parents: diff changeset	32	import java.security.*;
90ce3da70b43 Initial load duke parents: diff changeset	33	import java.security.cert.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	34	import java.security.cert.Certificate;
2 90ce3da70b43 Initial load duke parents: diff changeset	35
90ce3da70b43 Initial load duke parents: diff changeset	36	import javax.net.ssl.*;
90ce3da70b43 Initial load duke parents: diff changeset	37
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	38	import sun.security.provider.certpath.AlgorithmChecker;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	39
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	40	public abstract class SSLContextImpl extends SSLContextSpi {
2 90ce3da70b43 Initial load duke parents: diff changeset	41
90ce3da70b43 Initial load duke parents: diff changeset	42	private static final Debug debug = Debug.getInstance("ssl");
90ce3da70b43 Initial load duke parents: diff changeset	43
90ce3da70b43 Initial load duke parents: diff changeset	44	private final EphemeralKeyManager ephemeralKeyManager;
90ce3da70b43 Initial load duke parents: diff changeset	45	private final SSLSessionContextImpl clientCache;
90ce3da70b43 Initial load duke parents: diff changeset	46	private final SSLSessionContextImpl serverCache;
90ce3da70b43 Initial load duke parents: diff changeset	47
90ce3da70b43 Initial load duke parents: diff changeset	48	private boolean isInitialized;
90ce3da70b43 Initial load duke parents: diff changeset	49
90ce3da70b43 Initial load duke parents: diff changeset	50	private X509ExtendedKeyManager keyManager;
90ce3da70b43 Initial load duke parents: diff changeset	51	private X509TrustManager trustManager;
90ce3da70b43 Initial load duke parents: diff changeset	52	private SecureRandom secureRandom;
90ce3da70b43 Initial load duke parents: diff changeset	53
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	54	// The default algrithm constraints
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	55	private AlgorithmConstraints defaultAlgorithmConstraints =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	56	new SSLAlgorithmConstraints(null);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	57
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	58	// supported and default protocols
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	59	private ProtocolList defaultServerProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	60	private ProtocolList defaultClientProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	61	private ProtocolList supportedProtocolList;
2 90ce3da70b43 Initial load duke parents: diff changeset	62
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	63	// supported and default cipher suites
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	64	private CipherSuiteList defaultServerCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	65	private CipherSuiteList defaultClientCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	66	private CipherSuiteList supportedCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	67
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	68	SSLContextImpl() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	69	ephemeralKeyManager = new EphemeralKeyManager();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	70	clientCache = new SSLSessionContextImpl();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	71	serverCache = new SSLSessionContextImpl();
2 90ce3da70b43 Initial load duke parents: diff changeset	72	}
90ce3da70b43 Initial load duke parents: diff changeset	73
90ce3da70b43 Initial load duke parents: diff changeset	74	protected void engineInit(KeyManager[] km, TrustManager[] tm,
90ce3da70b43 Initial load duke parents: diff changeset	75	SecureRandom sr) throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	76	isInitialized = false;
90ce3da70b43 Initial load duke parents: diff changeset	77	keyManager = chooseKeyManager(km);
90ce3da70b43 Initial load duke parents: diff changeset	78
90ce3da70b43 Initial load duke parents: diff changeset	79	if (tm == null) {
90ce3da70b43 Initial load duke parents: diff changeset	80	try {
90ce3da70b43 Initial load duke parents: diff changeset	81	TrustManagerFactory tmf = TrustManagerFactory.getInstance(
90ce3da70b43 Initial load duke parents: diff changeset	82	TrustManagerFactory.getDefaultAlgorithm());
90ce3da70b43 Initial load duke parents: diff changeset	83	tmf.init((KeyStore)null);
90ce3da70b43 Initial load duke parents: diff changeset	84	tm = tmf.getTrustManagers();
90ce3da70b43 Initial load duke parents: diff changeset	85	} catch (Exception e) {
90ce3da70b43 Initial load duke parents: diff changeset	86	// eat
90ce3da70b43 Initial load duke parents: diff changeset	87	}
90ce3da70b43 Initial load duke parents: diff changeset	88	}
90ce3da70b43 Initial load duke parents: diff changeset	89	trustManager = chooseTrustManager(tm);
90ce3da70b43 Initial load duke parents: diff changeset	90
90ce3da70b43 Initial load duke parents: diff changeset	91	if (sr == null) {
90ce3da70b43 Initial load duke parents: diff changeset	92	secureRandom = JsseJce.getSecureRandom();
90ce3da70b43 Initial load duke parents: diff changeset	93	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	94	if (SunJSSE.isFIPS() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	95	(sr.getProvider() != SunJSSE.cryptoProvider)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	96	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	97	("FIPS mode: SecureRandom must be from provider "
90ce3da70b43 Initial load duke parents: diff changeset	98	+ SunJSSE.cryptoProvider.getName());
90ce3da70b43 Initial load duke parents: diff changeset	99	}
90ce3da70b43 Initial load duke parents: diff changeset	100	secureRandom = sr;
90ce3da70b43 Initial load duke parents: diff changeset	101	}
90ce3da70b43 Initial load duke parents: diff changeset	102
90ce3da70b43 Initial load duke parents: diff changeset	103	/*
90ce3da70b43 Initial load duke parents: diff changeset	104	* The initial delay of seeding the random number generator
90ce3da70b43 Initial load duke parents: diff changeset	105	* could be long enough to cause the initial handshake on our
90ce3da70b43 Initial load duke parents: diff changeset	106	* first connection to timeout and fail. Make sure it is
90ce3da70b43 Initial load duke parents: diff changeset	107	* primed and ready by getting some initial output from it.
90ce3da70b43 Initial load duke parents: diff changeset	108	*/
90ce3da70b43 Initial load duke parents: diff changeset	109	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	110	System.out.println("trigger seeding of SecureRandom");
90ce3da70b43 Initial load duke parents: diff changeset	111	}
90ce3da70b43 Initial load duke parents: diff changeset	112	secureRandom.nextInt();
90ce3da70b43 Initial load duke parents: diff changeset	113	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	114	System.out.println("done seeding SecureRandom");
90ce3da70b43 Initial load duke parents: diff changeset	115	}
90ce3da70b43 Initial load duke parents: diff changeset	116	isInitialized = true;
90ce3da70b43 Initial load duke parents: diff changeset	117	}
90ce3da70b43 Initial load duke parents: diff changeset	118
90ce3da70b43 Initial load duke parents: diff changeset	119	private X509TrustManager chooseTrustManager(TrustManager[] tm)
90ce3da70b43 Initial load duke parents: diff changeset	120	throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	121	// We only use the first instance of X509TrustManager passed to us.
90ce3da70b43 Initial load duke parents: diff changeset	122	for (int i = 0; tm != null && i < tm.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	123	if (tm[i] instanceof X509TrustManager) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	124	if (SunJSSE.isFIPS() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	125	!(tm[i] instanceof X509TrustManagerImpl)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	126	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	127	("FIPS mode: only SunJSSE TrustManagers may be used");
90ce3da70b43 Initial load duke parents: diff changeset	128	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	129
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	130	if (tm[i] instanceof X509ExtendedTrustManager) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	131	return (X509TrustManager)tm[i];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	132	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	133	return new AbstractTrustManagerWrapper(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	134	(X509TrustManager)tm[i]);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	135	}
2 90ce3da70b43 Initial load duke parents: diff changeset	136	}
90ce3da70b43 Initial load duke parents: diff changeset	137	}
90ce3da70b43 Initial load duke parents: diff changeset	138
90ce3da70b43 Initial load duke parents: diff changeset	139	// nothing found, return a dummy X509TrustManager.
90ce3da70b43 Initial load duke parents: diff changeset	140	return DummyX509TrustManager.INSTANCE;
90ce3da70b43 Initial load duke parents: diff changeset	141	}
90ce3da70b43 Initial load duke parents: diff changeset	142
90ce3da70b43 Initial load duke parents: diff changeset	143	private X509ExtendedKeyManager chooseKeyManager(KeyManager[] kms)
90ce3da70b43 Initial load duke parents: diff changeset	144	throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	145	for (int i = 0; kms != null && i < kms.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	146	KeyManager km = kms[i];
90ce3da70b43 Initial load duke parents: diff changeset	147	if (km instanceof X509KeyManager == false) {
90ce3da70b43 Initial load duke parents: diff changeset	148	continue;
90ce3da70b43 Initial load duke parents: diff changeset	149	}
90ce3da70b43 Initial load duke parents: diff changeset	150	if (SunJSSE.isFIPS()) {
90ce3da70b43 Initial load duke parents: diff changeset	151	// In FIPS mode, require that one of SunJSSE's own keymanagers
90ce3da70b43 Initial load duke parents: diff changeset	152	// is used. Otherwise, we cannot be sure that only keys from
90ce3da70b43 Initial load duke parents: diff changeset	153	// the FIPS token are used.
90ce3da70b43 Initial load duke parents: diff changeset	154	if ((km instanceof X509KeyManagerImpl)
90ce3da70b43 Initial load duke parents: diff changeset	155	\|\| (km instanceof SunX509KeyManagerImpl)) {
90ce3da70b43 Initial load duke parents: diff changeset	156	return (X509ExtendedKeyManager)km;
90ce3da70b43 Initial load duke parents: diff changeset	157	} else {
90ce3da70b43 Initial load duke parents: diff changeset	158	// throw exception, we don't want to silently use the
90ce3da70b43 Initial load duke parents: diff changeset	159	// dummy keymanager without telling the user.
90ce3da70b43 Initial load duke parents: diff changeset	160	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	161	("FIPS mode: only SunJSSE KeyManagers may be used");
90ce3da70b43 Initial load duke parents: diff changeset	162	}
90ce3da70b43 Initial load duke parents: diff changeset	163	}
90ce3da70b43 Initial load duke parents: diff changeset	164	if (km instanceof X509ExtendedKeyManager) {
90ce3da70b43 Initial load duke parents: diff changeset	165	return (X509ExtendedKeyManager)km;
90ce3da70b43 Initial load duke parents: diff changeset	166	}
90ce3da70b43 Initial load duke parents: diff changeset	167	if (debug != null && Debug.isOn("sslctx")) {
90ce3da70b43 Initial load duke parents: diff changeset	168	System.out.println(
90ce3da70b43 Initial load duke parents: diff changeset	169	"X509KeyManager passed to " +
90ce3da70b43 Initial load duke parents: diff changeset	170	"SSLContext.init(): need an " +
90ce3da70b43 Initial load duke parents: diff changeset	171	"X509ExtendedKeyManager for SSLEngine use");
90ce3da70b43 Initial load duke parents: diff changeset	172	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	173	return new AbstractKeyManagerWrapper((X509KeyManager)km);
2 90ce3da70b43 Initial load duke parents: diff changeset	174	}
90ce3da70b43 Initial load duke parents: diff changeset	175
90ce3da70b43 Initial load duke parents: diff changeset	176	// nothing found, return a dummy X509ExtendedKeyManager
90ce3da70b43 Initial load duke parents: diff changeset	177	return DummyX509KeyManager.INSTANCE;
90ce3da70b43 Initial load duke parents: diff changeset	178	}
90ce3da70b43 Initial load duke parents: diff changeset	179
90ce3da70b43 Initial load duke parents: diff changeset	180	protected SSLSocketFactory engineGetSocketFactory() {
90ce3da70b43 Initial load duke parents: diff changeset	181	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	182	throw new IllegalStateException(
90ce3da70b43 Initial load duke parents: diff changeset	183	"SSLContextImpl is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	184	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	185	return new SSLSocketFactoryImpl(this);
2 90ce3da70b43 Initial load duke parents: diff changeset	186	}
90ce3da70b43 Initial load duke parents: diff changeset	187
90ce3da70b43 Initial load duke parents: diff changeset	188	protected SSLServerSocketFactory engineGetServerSocketFactory() {
90ce3da70b43 Initial load duke parents: diff changeset	189	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	190	throw new IllegalStateException("SSLContext is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	191	}
90ce3da70b43 Initial load duke parents: diff changeset	192	return new SSLServerSocketFactoryImpl(this);
90ce3da70b43 Initial load duke parents: diff changeset	193	}
90ce3da70b43 Initial load duke parents: diff changeset	194
90ce3da70b43 Initial load duke parents: diff changeset	195	protected SSLEngine engineCreateSSLEngine() {
90ce3da70b43 Initial load duke parents: diff changeset	196	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	197	throw new IllegalStateException(
90ce3da70b43 Initial load duke parents: diff changeset	198	"SSLContextImpl is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	199	}
90ce3da70b43 Initial load duke parents: diff changeset	200	return new SSLEngineImpl(this);
90ce3da70b43 Initial load duke parents: diff changeset	201	}
90ce3da70b43 Initial load duke parents: diff changeset	202
90ce3da70b43 Initial load duke parents: diff changeset	203	protected SSLEngine engineCreateSSLEngine(String host, int port) {
90ce3da70b43 Initial load duke parents: diff changeset	204	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	205	throw new IllegalStateException(
90ce3da70b43 Initial load duke parents: diff changeset	206	"SSLContextImpl is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	207	}
90ce3da70b43 Initial load duke parents: diff changeset	208	return new SSLEngineImpl(this, host, port);
90ce3da70b43 Initial load duke parents: diff changeset	209	}
90ce3da70b43 Initial load duke parents: diff changeset	210
90ce3da70b43 Initial load duke parents: diff changeset	211	protected SSLSessionContext engineGetClientSessionContext() {
90ce3da70b43 Initial load duke parents: diff changeset	212	return clientCache;
90ce3da70b43 Initial load duke parents: diff changeset	213	}
90ce3da70b43 Initial load duke parents: diff changeset	214
90ce3da70b43 Initial load duke parents: diff changeset	215	protected SSLSessionContext engineGetServerSessionContext() {
90ce3da70b43 Initial load duke parents: diff changeset	216	return serverCache;
90ce3da70b43 Initial load duke parents: diff changeset	217	}
90ce3da70b43 Initial load duke parents: diff changeset	218
90ce3da70b43 Initial load duke parents: diff changeset	219	SecureRandom getSecureRandom() {
90ce3da70b43 Initial load duke parents: diff changeset	220	return secureRandom;
90ce3da70b43 Initial load duke parents: diff changeset	221	}
90ce3da70b43 Initial load duke parents: diff changeset	222
90ce3da70b43 Initial load duke parents: diff changeset	223	X509ExtendedKeyManager getX509KeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	224	return keyManager;
90ce3da70b43 Initial load duke parents: diff changeset	225	}
90ce3da70b43 Initial load duke parents: diff changeset	226
90ce3da70b43 Initial load duke parents: diff changeset	227	X509TrustManager getX509TrustManager() {
90ce3da70b43 Initial load duke parents: diff changeset	228	return trustManager;
90ce3da70b43 Initial load duke parents: diff changeset	229	}
90ce3da70b43 Initial load duke parents: diff changeset	230
90ce3da70b43 Initial load duke parents: diff changeset	231	EphemeralKeyManager getEphemeralKeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	232	return ephemeralKeyManager;
90ce3da70b43 Initial load duke parents: diff changeset	233	}
90ce3da70b43 Initial load duke parents: diff changeset	234
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	235	abstract SSLParameters getDefaultServerSSLParams();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	236	abstract SSLParameters getDefaultClientSSLParams();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	237	abstract SSLParameters getSupportedSSLParams();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	238
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	239	// Get suported ProtoclList.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	240	ProtocolList getSuportedProtocolList() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	241	if (supportedProtocolList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	242	supportedProtocolList =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	243	new ProtocolList(getSupportedSSLParams().getProtocols());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	244	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	245
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	246	return supportedProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	247	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	248
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	249	// Get default ProtoclList.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	250	ProtocolList getDefaultProtocolList(boolean roleIsServer) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	251	if (roleIsServer) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	252	if (defaultServerProtocolList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	253	defaultServerProtocolList = new ProtocolList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	254	getDefaultServerSSLParams().getProtocols());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	255	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	256
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	257	return defaultServerProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	258	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	259	if (defaultClientProtocolList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	260	defaultClientProtocolList = new ProtocolList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	261	getDefaultClientSSLParams().getProtocols());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	262	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	263
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	264	return defaultClientProtocolList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	265	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	266	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	267
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	268	// Get suported CipherSuiteList.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	269	CipherSuiteList getSuportedCipherSuiteList() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	270	// Clear cache of available ciphersuites.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	271	clearAvailableCache();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	272
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	273	if (supportedCipherSuiteList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	274	supportedCipherSuiteList =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	275	getApplicableCipherSuiteList(getSuportedProtocolList(), false);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	276	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	277
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	278	return supportedCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	279	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	280
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	281	// Get default CipherSuiteList.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	282	CipherSuiteList getDefaultCipherSuiteList(boolean roleIsServer) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	283	// Clear cache of available ciphersuites.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	284	clearAvailableCache();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	285
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	286	if (roleIsServer) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	287	if (defaultServerCipherSuiteList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	288	defaultServerCipherSuiteList = getApplicableCipherSuiteList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	289	getDefaultProtocolList(true), true);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	290	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	291
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	292	return defaultServerCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	293	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	294	if (defaultClientCipherSuiteList == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	295	defaultClientCipherSuiteList = getApplicableCipherSuiteList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	296	getDefaultProtocolList(false), true);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	297	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	298
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	299	return defaultClientCipherSuiteList;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	300	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	301	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	302
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	303	/**
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	304	* Return whether a protocol list is the original default enabled
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	305	* protocols. See: SSLSocket/SSLEngine.setEnabledProtocols()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	306	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	307	boolean isDefaultProtocolList(ProtocolList protocols) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	308	return (protocols == defaultServerProtocolList) \|\|
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	309	(protocols == defaultClientProtocolList);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	310	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	311
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	312
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	313	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	314	* Return the list of all available CipherSuites with a priority of
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	315	* minPriority or above.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	316	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	317	private CipherSuiteList getApplicableCipherSuiteList(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	318	ProtocolList protocols, boolean onlyEnabled) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	319
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	320	int minPriority = CipherSuite.SUPPORTED_SUITES_PRIORITY;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	321	if (onlyEnabled) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	322	minPriority = CipherSuite.DEFAULT_SUITES_PRIORITY;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	323	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	324
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	325	Collection<CipherSuite> allowedCipherSuites =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	326	CipherSuite.allowedCipherSuites();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	327
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	328	ArrayList<CipherSuite> suites = new ArrayList<>();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	329	if (!(protocols.collection().isEmpty()) &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	330	protocols.min.v != ProtocolVersion.NONE.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	331	for (CipherSuite suite : allowedCipherSuites) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	332	if (suite.allowed == false \|\| suite.priority < minPriority) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	333	continue;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	334	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	335
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	336	if (suite.isAvailable() &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	337	suite.obsoleted > protocols.min.v &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	338	suite.supported <= protocols.max.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	339	if (defaultAlgorithmConstraints.permits(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	340	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	341	suite.name, null)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	342	suites.add(suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	343	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	344	} else if (debug != null &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	345	Debug.isOn("sslctx") && Debug.isOn("verbose")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	346	if (suite.obsoleted <= protocols.min.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	347	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	348	"Ignoring obsoleted cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	349	} else if (suite.supported > protocols.max.v) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	350	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	351	"Ignoring unsupported cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	352	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	353	System.out.println(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	354	"Ignoring unavailable cipher suite: " + suite);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	355	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	356	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	357	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	358	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	359
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	360	return new CipherSuiteList(suites);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	361	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	362
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	363	/**
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	364	* Clear cache of available ciphersuites. If we support all ciphers
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	365	* internally, there is no need to clear the cache and calling this
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	366	* method has no effect.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	367	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	368	synchronized void clearAvailableCache() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	369	if (CipherSuite.DYNAMIC_AVAILABILITY) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	370	supportedCipherSuiteList = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	371	defaultServerCipherSuiteList = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	372	defaultClientCipherSuiteList = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	373	CipherSuite.BulkCipher.clearAvailableCache();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	374	JsseJce.clearEcAvailable();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	375	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	376	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	377
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	378	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	379	* The SSLContext implementation for TLS/SSL algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	380	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	381	* SSL/TLS protocols specify the forward compatibility and version
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	382	* roll-back attack protections, however, a number of SSL/TLS server
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	383	* vendors did not implement these aspects properly, and some current
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	384	* SSL/TLS servers may refuse to talk to a TLS 1.1 or later client.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	385	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	386	* Considering above interoperability issues, SunJSSE will not set
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	387	* TLS 1.1 and TLS 1.2 as the enabled protocols for client by default.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	388	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	389	* For SSL/TLS servers, there is no such interoperability issues as
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	390	* SSL/TLS clients. In SunJSSE, TLS 1.1 or later version will be the
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	391	* enabled protocols for server by default.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	392	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	393	* We may change the behavior when popular TLS/SSL vendors support TLS
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	394	* forward compatibility properly.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	395	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	396	* SSLv2Hello is no longer necessary. This interoperability option was
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	397	* put in place in the late 90's when SSLv3/TLS1.0 were relatively new
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	398	* and there were a fair number of SSLv2-only servers deployed. Because
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	399	* of the security issues in SSLv2, it is rarely (if ever) used, as
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	400	* deployments should now be using SSLv3 and TLSv1.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	401	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	402	* Considering the issues of SSLv2Hello, we should not enable SSLv2Hello
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	403	* by default. Applications still can use it by enabling SSLv2Hello with
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	404	* the series of setEnabledProtocols APIs.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	405	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	406
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	407	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	408	* The conservative SSLContext implementation for TLS, SSL, SSLv3 and
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	409	* TLS10 algorithm.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	410	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	411	* This is a super class of DefaultSSLContext and TLS10Context.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	412	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	413	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	414	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	415	private static class ConservativeSSLContext extends SSLContextImpl {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	416	// parameters
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	417	private static SSLParameters defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	418	private static SSLParameters defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	419	private static SSLParameters supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	420
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	421	static {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	422	if (SunJSSE.isFIPS()) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	423	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	424	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	425	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	426	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	427	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	428	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	429
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	430	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	431
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	432	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	433	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	434	ProtocolVersion.TLS10.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	435	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	436
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	437	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	438	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	439	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	440	ProtocolVersion.SSL20Hello.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	441	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	442	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	443	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	444	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	445	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	446
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	447	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	448
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	449	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	450	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	451	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	452	ProtocolVersion.TLS10.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	453	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	454	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	455	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	456
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	457	SSLParameters getDefaultServerSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	458	return defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	459	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	460
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	461	SSLParameters getDefaultClientSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	462	return defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	463	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	464
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	465	SSLParameters getSupportedSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	466	return supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	467	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	468	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	469
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	470	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	471	* The SSLContext implementation for default algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	472	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	473	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	474	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	475	public static final class DefaultSSLContext extends ConservativeSSLContext {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	476	private static final String NONE = "NONE";
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	477	private static final String P11KEYSTORE = "PKCS11";
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	478
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	479	private static volatile SSLContextImpl defaultImpl;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	480
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	481	private static TrustManager[] defaultTrustManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	482	private static KeyManager[] defaultKeyManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	483
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	484	public DefaultSSLContext() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	485	try {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	486	super.engineInit(getDefaultKeyManager(),
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	487	getDefaultTrustManager(), null);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	488	} catch (Exception e) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	489	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	490	System.out.println("default context init failed: " + e);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	491	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	492	throw e;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	493	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	494
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	495	if (defaultImpl == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	496	defaultImpl = this;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	497	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	498	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	499
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	500	protected void engineInit(KeyManager[] km, TrustManager[] tm,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	501	SecureRandom sr) throws KeyManagementException {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	502	throw new KeyManagementException
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	503	("Default SSLContext is initialized automatically");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	504	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	505
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	506	static synchronized SSLContextImpl getDefaultImpl() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	507	if (defaultImpl == null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	508	new DefaultSSLContext();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	509	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	510	return defaultImpl;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	511	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	512
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	513	private static synchronized TrustManager[] getDefaultTrustManager()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	514	throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	515	if (defaultTrustManagers != null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	516	return defaultTrustManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	517	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	518
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	519	KeyStore ks =
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	520	TrustManagerFactoryImpl.getCacertsKeyStore("defaultctx");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	521
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	522	TrustManagerFactory tmf = TrustManagerFactory.getInstance(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	523	TrustManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	524	tmf.init(ks);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	525	defaultTrustManagers = tmf.getTrustManagers();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	526	return defaultTrustManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	527	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	528
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	529	private static synchronized KeyManager[] getDefaultKeyManager()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	530	throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	531	if (defaultKeyManagers != null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	532	return defaultKeyManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	533	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	534
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	535	final Map<String,String> props = new HashMap<>();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	536	AccessController.doPrivileged(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	537	new PrivilegedExceptionAction<Object>() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	538	public Object run() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	539	props.put("keyStore", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	540	"javax.net.ssl.keyStore", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	541	props.put("keyStoreType", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	542	"javax.net.ssl.keyStoreType",
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	543	KeyStore.getDefaultType()));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	544	props.put("keyStoreProvider", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	545	"javax.net.ssl.keyStoreProvider", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	546	props.put("keyStorePasswd", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	547	"javax.net.ssl.keyStorePassword", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	548	return null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	549	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	550	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	551
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	552	final String defaultKeyStore = props.get("keyStore");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	553	String defaultKeyStoreType = props.get("keyStoreType");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	554	String defaultKeyStoreProvider = props.get("keyStoreProvider");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	555	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	556	System.out.println("keyStore is : " + defaultKeyStore);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	557	System.out.println("keyStore type is : " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	558	defaultKeyStoreType);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	559	System.out.println("keyStore provider is : " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	560	defaultKeyStoreProvider);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	561	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	562
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	563	if (P11KEYSTORE.equals(defaultKeyStoreType) &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	564	!NONE.equals(defaultKeyStore)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	565	throw new IllegalArgumentException("if keyStoreType is "
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	566	+ P11KEYSTORE + ", then keyStore must be " + NONE);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	567	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	568
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	569	FileInputStream fs = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	570	if (defaultKeyStore.length() != 0 && !NONE.equals(defaultKeyStore)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	571	fs = AccessController.doPrivileged(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	572	new PrivilegedExceptionAction<FileInputStream>() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	573	public FileInputStream run() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	574	return new FileInputStream(defaultKeyStore);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	575	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	576	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	577	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	578
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	579	String defaultKeyStorePassword = props.get("keyStorePasswd");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	580	char[] passwd = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	581	if (defaultKeyStorePassword.length() != 0) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	582	passwd = defaultKeyStorePassword.toCharArray();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	583	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	584
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	585	/**
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	586	* Try to initialize key store.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	587	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	588	KeyStore ks = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	589	if ((defaultKeyStoreType.length()) != 0) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	590	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	591	System.out.println("init keystore");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	592	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	593	if (defaultKeyStoreProvider.length() == 0) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	594	ks = KeyStore.getInstance(defaultKeyStoreType);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	595	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	596	ks = KeyStore.getInstance(defaultKeyStoreType,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	597	defaultKeyStoreProvider);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	598	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	599
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	600	// if defaultKeyStore is NONE, fs will be null
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	601	ks.load(fs, passwd);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	602	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	603	if (fs != null) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	604	fs.close();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	605	fs = null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	606	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	607
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	608	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	609	* Try to initialize key manager.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	610	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	611	if (debug != null && Debug.isOn("defaultctx")) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	612	System.out.println("init keymanager of type " +
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	613	KeyManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	614	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	615	KeyManagerFactory kmf = KeyManagerFactory.getInstance(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	616	KeyManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	617
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	618	if (P11KEYSTORE.equals(defaultKeyStoreType)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	619	kmf.init(ks, null); // do not pass key passwd if using token
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	620	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	621	kmf.init(ks, passwd);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	622	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	623
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	624	defaultKeyManagers = kmf.getKeyManagers();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	625	return defaultKeyManagers;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	626	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	627	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	628
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	629	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	630	* The SSLContext implementation for TLS, SSL, SSLv3 and TLS10 algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	631	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	632	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	633	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	634	public static final class TLS10Context extends ConservativeSSLContext {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	635	// use the default constructor and methods
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	636	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	637
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	638	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	639	* The SSLContext implementation for TLS11 algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	640	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	641	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	642	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	643	public static final class TLS11Context extends SSLContextImpl {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	644	// parameters
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	645	private static SSLParameters defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	646	private static SSLParameters defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	647	private static SSLParameters supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	648
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	649	static {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	650	if (SunJSSE.isFIPS()) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	651	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	652	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	653	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	654	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	655	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	656	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	657
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	658	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	659
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	660	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	661	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	662	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	663	ProtocolVersion.TLS11.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	664	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	665
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	666	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	667	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	668	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	669	ProtocolVersion.SSL20Hello.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	670	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	671	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	672	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	673	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	674	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	675
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	676	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	677
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	678	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	679	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	680	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	681	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	682	ProtocolVersion.TLS11.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	683	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	684	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	685	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	686
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	687	SSLParameters getDefaultServerSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	688	return defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	689	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	690
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	691	SSLParameters getDefaultClientSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	692	return defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	693	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	694
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	695	SSLParameters getSupportedSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	696	return supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	697	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	698	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	699
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	700	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	701	* The SSLContext implementation for TLS12 algorithm
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	702	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	703	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	704	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	705	public static final class TLS12Context extends SSLContextImpl {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	706	// parameters
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	707	private static SSLParameters defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	708	private static SSLParameters defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	709	private static SSLParameters supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	710
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	711	static {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	712	if (SunJSSE.isFIPS()) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	713	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	714	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	715	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	716	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	717	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	718	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	719
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	720	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	721
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	722	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	723	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	724	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	725	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	726	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	727	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	728
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	729	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	730	supportedSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	731	supportedSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	732	ProtocolVersion.SSL20Hello.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	733	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	734	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	735	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	736	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	737	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	738
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	739	defaultServerSSLParams = supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	740
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	741	defaultClientSSLParams = new SSLParameters();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	742	defaultClientSSLParams.setProtocols(new String[] {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	743	ProtocolVersion.SSL30.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	744	ProtocolVersion.TLS10.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	745	ProtocolVersion.TLS11.name,
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	746	ProtocolVersion.TLS12.name
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	747	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	748	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	749	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	750
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	751	SSLParameters getDefaultServerSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	752	return defaultServerSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	753	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	754
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	755	SSLParameters getDefaultClientSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	756	return defaultClientSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	757	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	758
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	759	SSLParameters getSupportedSSLParams() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	760	return supportedSSLParams;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	761	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	762	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	763
2 90ce3da70b43 Initial load duke parents: diff changeset	764	}
90ce3da70b43 Initial load duke parents: diff changeset	765
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	766
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	767	final class AbstractTrustManagerWrapper extends X509ExtendedTrustManager
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	768	implements X509TrustManager {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	769
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	770	private final X509TrustManager tm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	771
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	772	AbstractTrustManagerWrapper(X509TrustManager tm) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	773	this.tm = tm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	774	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	775
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	776	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	777	public void checkClientTrusted(X509Certificate[] chain, String authType)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	778	throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	779	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	780	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	781
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	782	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	783	public void checkServerTrusted(X509Certificate[] chain, String authType)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	784	throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	785	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	786	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	787
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	788	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	789	public X509Certificate[] getAcceptedIssuers() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	790	return tm.getAcceptedIssuers();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	791	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	792
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	793	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	794	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	795	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	796	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	797	checkAdditionalTrust(chain, authType, socket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	798	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	799
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	800	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	801	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	802	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	803	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	804	checkAdditionalTrust(chain, authType, socket, false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	805	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	806
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	807	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	808	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	809	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	810	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	811	checkAdditionalTrust(chain, authType, engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	812	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	813
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	814	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	815	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	816	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	817	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	818	checkAdditionalTrust(chain, authType, engine, false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	819	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	820
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	821	private void checkAdditionalTrust(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	822	Socket socket, boolean isClient) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	823	if (socket != null && socket.isConnected() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	824	socket instanceof SSLSocket) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	825
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	826	SSLSocket sslSocket = (SSLSocket)socket;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	827	SSLSession session = sslSocket.getHandshakeSession();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	828	if (session == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	829	throw new CertificateException("No handshake session");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	830	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	831
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	832	// check endpoint identity
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	833	String identityAlg = sslSocket.getSSLParameters().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	834	getEndpointIdentificationAlgorithm();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	835	if (identityAlg != null && identityAlg.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	836	String hostname = session.getPeerHost();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	837	X509TrustManagerImpl.checkIdentity(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	838	hostname, chain[0], identityAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	839	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	840
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	841	// try the best to check the algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	842	ProtocolVersion protocolVersion =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	843	ProtocolVersion.valueOf(session.getProtocol());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	844	AlgorithmConstraints constraints = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	845	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	846	if (session instanceof ExtendedSSLSession) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	847	ExtendedSSLSession extSession =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	848	(ExtendedSSLSession)session;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	849	String[] peerSupportedSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	850	extSession.getLocalSupportedSignatureAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	851
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	852	constraints = new SSLAlgorithmConstraints(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	853	sslSocket, peerSupportedSignAlgs, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	854	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	855	constraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	856	new SSLAlgorithmConstraints(sslSocket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	857	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	858	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	859	constraints = new SSLAlgorithmConstraints(sslSocket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	860	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	861
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	862	AlgorithmChecker checker = new AlgorithmChecker(constraints);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	863	try {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	864	checker.init(false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	865
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	866	// a forward checker, need to check from trust to target
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	867	for (int i = chain.length - 1; i >= 0; i--) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	868	Certificate cert = chain[i];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	869	// We don't care about the unresolved critical extensions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	870	checker.check(cert, Collections.<String>emptySet());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	871	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	872	} catch (CertPathValidatorException cpve) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	873	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	874	"Certificates does not conform to algorithm constraints");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	875	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	876	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	877	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	878
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	879	private void checkAdditionalTrust(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	880	SSLEngine engine, boolean isClient) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	881	if (engine != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	882	SSLSession session = engine.getHandshakeSession();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	883	if (session == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	884	throw new CertificateException("No handshake session");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	885	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	886
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	887	// check endpoint identity
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	888	String identityAlg = engine.getSSLParameters().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	889	getEndpointIdentificationAlgorithm();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	890	if (identityAlg != null && identityAlg.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	891	String hostname = session.getPeerHost();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	892	X509TrustManagerImpl.checkIdentity(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	893	hostname, chain[0], identityAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	894	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	895
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	896	// try the best to check the algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	897	ProtocolVersion protocolVersion =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	898	ProtocolVersion.valueOf(session.getProtocol());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	899	AlgorithmConstraints constraints = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	900	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	901	if (session instanceof ExtendedSSLSession) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	902	ExtendedSSLSession extSession =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	903	(ExtendedSSLSession)session;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	904	String[] peerSupportedSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	905	extSession.getLocalSupportedSignatureAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	906
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	907	constraints = new SSLAlgorithmConstraints(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	908	engine, peerSupportedSignAlgs, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	909	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	910	constraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	911	new SSLAlgorithmConstraints(engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	912	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	913	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	914	constraints = new SSLAlgorithmConstraints(engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	915	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	916
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	917	AlgorithmChecker checker = new AlgorithmChecker(constraints);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	918	try {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	919	checker.init(false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	920
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	921	// A forward checker, need to check from trust to target
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	922	for (int i = chain.length - 1; i >= 0; i--) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	923	Certificate cert = chain[i];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	924	// We don't care about the unresolved critical extensions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	925	checker.check(cert, Collections.<String>emptySet());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	926	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	927	} catch (CertPathValidatorException cpve) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	928	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	929	"Certificates does not conform to algorithm constraints");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	930	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	931	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	932	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	933	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	934
2 90ce3da70b43 Initial load duke parents: diff changeset	935	// Dummy X509TrustManager implementation, rejects all peer certificates.
90ce3da70b43 Initial load duke parents: diff changeset	936	// Used if the application did not specify a proper X509TrustManager.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	937	final class DummyX509TrustManager extends X509ExtendedTrustManager
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	938	implements X509TrustManager {
2 90ce3da70b43 Initial load duke parents: diff changeset	939
90ce3da70b43 Initial load duke parents: diff changeset	940	static final X509TrustManager INSTANCE = new DummyX509TrustManager();
90ce3da70b43 Initial load duke parents: diff changeset	941
90ce3da70b43 Initial load duke parents: diff changeset	942	private DummyX509TrustManager() {
90ce3da70b43 Initial load duke parents: diff changeset	943	// empty
90ce3da70b43 Initial load duke parents: diff changeset	944	}
90ce3da70b43 Initial load duke parents: diff changeset	945
90ce3da70b43 Initial load duke parents: diff changeset	946	/*
90ce3da70b43 Initial load duke parents: diff changeset	947	* Given the partial or complete certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	948	* provided by the peer, build a certificate path
90ce3da70b43 Initial load duke parents: diff changeset	949	* to a trusted root and return if it can be
90ce3da70b43 Initial load duke parents: diff changeset	950	* validated and is trusted for client SSL authentication.
90ce3da70b43 Initial load duke parents: diff changeset	951	* If not, it throws an exception.
90ce3da70b43 Initial load duke parents: diff changeset	952	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	953	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	954	public void checkClientTrusted(X509Certificate[] chain, String authType)
90ce3da70b43 Initial load duke parents: diff changeset	955	throws CertificateException {
90ce3da70b43 Initial load duke parents: diff changeset	956	throw new CertificateException(
90ce3da70b43 Initial load duke parents: diff changeset	957	"No X509TrustManager implementation avaiable");
90ce3da70b43 Initial load duke parents: diff changeset	958	}
90ce3da70b43 Initial load duke parents: diff changeset	959
90ce3da70b43 Initial load duke parents: diff changeset	960	/*
90ce3da70b43 Initial load duke parents: diff changeset	961	* Given the partial or complete certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	962	* provided by the peer, build a certificate path
90ce3da70b43 Initial load duke parents: diff changeset	963	* to a trusted root and return if it can be
90ce3da70b43 Initial load duke parents: diff changeset	964	* validated and is trusted for server SSL authentication.
90ce3da70b43 Initial load duke parents: diff changeset	965	* If not, it throws an exception.
90ce3da70b43 Initial load duke parents: diff changeset	966	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	967	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	968	public void checkServerTrusted(X509Certificate[] chain, String authType)
90ce3da70b43 Initial load duke parents: diff changeset	969	throws CertificateException {
90ce3da70b43 Initial load duke parents: diff changeset	970	throw new CertificateException(
90ce3da70b43 Initial load duke parents: diff changeset	971	"No X509TrustManager implementation available");
90ce3da70b43 Initial load duke parents: diff changeset	972	}
90ce3da70b43 Initial load duke parents: diff changeset	973
90ce3da70b43 Initial load duke parents: diff changeset	974	/*
90ce3da70b43 Initial load duke parents: diff changeset	975	* Return an array of issuer certificates which are trusted
90ce3da70b43 Initial load duke parents: diff changeset	976	* for authenticating peers.
90ce3da70b43 Initial load duke parents: diff changeset	977	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	978	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	979	public X509Certificate[] getAcceptedIssuers() {
90ce3da70b43 Initial load duke parents: diff changeset	980	return new X509Certificate[0];
90ce3da70b43 Initial load duke parents: diff changeset	981	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	982
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	983	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	984	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	985	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	986	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	987	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	988	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	989
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	990	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	991	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	992	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	993	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	994	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	995	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	996
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	997	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	998	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	999	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1000	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1001	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1002	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1003
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1004	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1005	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1006	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1007	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1008	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1009	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1010	}
90ce3da70b43 Initial load duke parents: diff changeset	1011
90ce3da70b43 Initial load duke parents: diff changeset	1012	/*
90ce3da70b43 Initial load duke parents: diff changeset	1013	* A wrapper class to turn a X509KeyManager into an X509ExtendedKeyManager
90ce3da70b43 Initial load duke parents: diff changeset	1014	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1015	final class AbstractKeyManagerWrapper extends X509ExtendedKeyManager {
2 90ce3da70b43 Initial load duke parents: diff changeset	1016
90ce3da70b43 Initial load duke parents: diff changeset	1017	private final X509KeyManager km;
90ce3da70b43 Initial load duke parents: diff changeset	1018
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1019	AbstractKeyManagerWrapper(X509KeyManager km) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1020	this.km = km;
90ce3da70b43 Initial load duke parents: diff changeset	1021	}
90ce3da70b43 Initial load duke parents: diff changeset	1022
90ce3da70b43 Initial load duke parents: diff changeset	1023	public String[] getClientAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1024	return km.getClientAliases(keyType, issuers);
90ce3da70b43 Initial load duke parents: diff changeset	1025	}
90ce3da70b43 Initial load duke parents: diff changeset	1026
90ce3da70b43 Initial load duke parents: diff changeset	1027	public String chooseClientAlias(String[] keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1028	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1029	return km.chooseClientAlias(keyType, issuers, socket);
90ce3da70b43 Initial load duke parents: diff changeset	1030	}
90ce3da70b43 Initial load duke parents: diff changeset	1031
90ce3da70b43 Initial load duke parents: diff changeset	1032	public String[] getServerAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1033	return km.getServerAliases(keyType, issuers);
90ce3da70b43 Initial load duke parents: diff changeset	1034	}
90ce3da70b43 Initial load duke parents: diff changeset	1035
90ce3da70b43 Initial load duke parents: diff changeset	1036	public String chooseServerAlias(String keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1037	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1038	return km.chooseServerAlias(keyType, issuers, socket);
90ce3da70b43 Initial load duke parents: diff changeset	1039	}
90ce3da70b43 Initial load duke parents: diff changeset	1040
90ce3da70b43 Initial load duke parents: diff changeset	1041	public X509Certificate[] getCertificateChain(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1042	return km.getCertificateChain(alias);
90ce3da70b43 Initial load duke parents: diff changeset	1043	}
90ce3da70b43 Initial load duke parents: diff changeset	1044
90ce3da70b43 Initial load duke parents: diff changeset	1045	public PrivateKey getPrivateKey(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1046	return km.getPrivateKey(alias);
90ce3da70b43 Initial load duke parents: diff changeset	1047	}
90ce3da70b43 Initial load duke parents: diff changeset	1048
90ce3da70b43 Initial load duke parents: diff changeset	1049	// Inherit chooseEngineClientAlias() and chooseEngineServerAlias() from
90ce3da70b43 Initial load duke parents: diff changeset	1050	// X509ExtendedKeymanager. It defines them to return null;
90ce3da70b43 Initial load duke parents: diff changeset	1051	}
90ce3da70b43 Initial load duke parents: diff changeset	1052
90ce3da70b43 Initial load duke parents: diff changeset	1053
90ce3da70b43 Initial load duke parents: diff changeset	1054	// Dummy X509KeyManager implementation, never returns any certificates/keys.
90ce3da70b43 Initial load duke parents: diff changeset	1055	// Used if the application did not specify a proper X509TrustManager.
90ce3da70b43 Initial load duke parents: diff changeset	1056	final class DummyX509KeyManager extends X509ExtendedKeyManager {
90ce3da70b43 Initial load duke parents: diff changeset	1057
90ce3da70b43 Initial load duke parents: diff changeset	1058	static final X509ExtendedKeyManager INSTANCE = new DummyX509KeyManager();
90ce3da70b43 Initial load duke parents: diff changeset	1059
90ce3da70b43 Initial load duke parents: diff changeset	1060	private DummyX509KeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	1061	// empty
90ce3da70b43 Initial load duke parents: diff changeset	1062	}
90ce3da70b43 Initial load duke parents: diff changeset	1063
90ce3da70b43 Initial load duke parents: diff changeset	1064	/*
90ce3da70b43 Initial load duke parents: diff changeset	1065	* Get the matching aliases for authenticating the client side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1066	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1067	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1068	*/
90ce3da70b43 Initial load duke parents: diff changeset	1069	public String[] getClientAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1070	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1071	}
90ce3da70b43 Initial load duke parents: diff changeset	1072
90ce3da70b43 Initial load duke parents: diff changeset	1073	/*
90ce3da70b43 Initial load duke parents: diff changeset	1074	* Choose an alias to authenticate the client side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1075	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1076	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1077	*/
90ce3da70b43 Initial load duke parents: diff changeset	1078	public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1079	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1080	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1081	}
90ce3da70b43 Initial load duke parents: diff changeset	1082
90ce3da70b43 Initial load duke parents: diff changeset	1083	/*
90ce3da70b43 Initial load duke parents: diff changeset	1084	* Choose an alias to authenticate the client side of an
90ce3da70b43 Initial load duke parents: diff changeset	1085	* engine given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1086	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1087	*/
90ce3da70b43 Initial load duke parents: diff changeset	1088	public String chooseEngineClientAlias(
90ce3da70b43 Initial load duke parents: diff changeset	1089	String[] keyTypes, Principal[] issuers, SSLEngine engine) {
90ce3da70b43 Initial load duke parents: diff changeset	1090	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1091	}
90ce3da70b43 Initial load duke parents: diff changeset	1092
90ce3da70b43 Initial load duke parents: diff changeset	1093	/*
90ce3da70b43 Initial load duke parents: diff changeset	1094	* Get the matching aliases for authenticating the server side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1095	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1096	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1097	*/
90ce3da70b43 Initial load duke parents: diff changeset	1098	public String[] getServerAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1099	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1100	}
90ce3da70b43 Initial load duke parents: diff changeset	1101
90ce3da70b43 Initial load duke parents: diff changeset	1102	/*
90ce3da70b43 Initial load duke parents: diff changeset	1103	* Choose an alias to authenticate the server side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1104	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1105	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1106	*/
90ce3da70b43 Initial load duke parents: diff changeset	1107	public String chooseServerAlias(String keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1108	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1109	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1110	}
90ce3da70b43 Initial load duke parents: diff changeset	1111
90ce3da70b43 Initial load duke parents: diff changeset	1112	/*
90ce3da70b43 Initial load duke parents: diff changeset	1113	* Choose an alias to authenticate the server side of an engine
90ce3da70b43 Initial load duke parents: diff changeset	1114	* given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1115	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1116	*/
90ce3da70b43 Initial load duke parents: diff changeset	1117	public String chooseEngineServerAlias(
90ce3da70b43 Initial load duke parents: diff changeset	1118	String keyType, Principal[] issuers, SSLEngine engine) {
90ce3da70b43 Initial load duke parents: diff changeset	1119	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1120	}
90ce3da70b43 Initial load duke parents: diff changeset	1121
90ce3da70b43 Initial load duke parents: diff changeset	1122	/**
90ce3da70b43 Initial load duke parents: diff changeset	1123	* Returns the certificate chain associated with the given alias.
90ce3da70b43 Initial load duke parents: diff changeset	1124	*
90ce3da70b43 Initial load duke parents: diff changeset	1125	* @param alias the alias name
90ce3da70b43 Initial load duke parents: diff changeset	1126	*
90ce3da70b43 Initial load duke parents: diff changeset	1127	* @return the certificate chain (ordered with the user's certificate first
90ce3da70b43 Initial load duke parents: diff changeset	1128	* and the root certificate authority last)
90ce3da70b43 Initial load duke parents: diff changeset	1129	*/
90ce3da70b43 Initial load duke parents: diff changeset	1130	public X509Certificate[] getCertificateChain(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1131	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1132	}
90ce3da70b43 Initial load duke parents: diff changeset	1133
90ce3da70b43 Initial load duke parents: diff changeset	1134	/*
90ce3da70b43 Initial load duke parents: diff changeset	1135	* Returns the key associated with the given alias, using the given
90ce3da70b43 Initial load duke parents: diff changeset	1136	* password to recover it.
90ce3da70b43 Initial load duke parents: diff changeset	1137	*
90ce3da70b43 Initial load duke parents: diff changeset	1138	* @param alias the alias name
90ce3da70b43 Initial load duke parents: diff changeset	1139	*
90ce3da70b43 Initial load duke parents: diff changeset	1140	* @return the requested key
90ce3da70b43 Initial load duke parents: diff changeset	1141	*/
90ce3da70b43 Initial load duke parents: diff changeset	1142	public PrivateKey getPrivateKey(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1143	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1144	}
90ce3da70b43 Initial load duke parents: diff changeset	1145	}

author	xuelei
	Fri, 08 Apr 2011 02:00:09 -0700
changeset 9246	c459f79af46b
parent 7043	5e2d1edeb2c7
child 10125	c70d99150c40
permissions	-rw-r--r--