jdk-sandbox: src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java@f8f7e604e1f8 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2	* Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	28	import java.io.*;
2 90ce3da70b43 Initial load duke parents: diff changeset	29	import java.net.Socket;
90ce3da70b43 Initial load duke parents: diff changeset	30	import java.security.*;
90ce3da70b43 Initial load duke parents: diff changeset	31	import java.security.cert.*;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	32	import java.util.*;
2 90ce3da70b43 Initial load duke parents: diff changeset	33	import javax.net.ssl.*;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	34	import sun.security.action.GetPropertyAction;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	35	import sun.security.provider.certpath.AlgorithmChecker;
43701 fe8c324ba97c 8160655: Fix denyAfter and usage types for security properties ascarpino parents: 43009 diff changeset	36	import sun.security.validator.Validator;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	37
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	38	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	39	* Implementation of an SSLContext.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	40	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	41	* Instances of this class are immutable after the context is initialized.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	42	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	43
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	44	public abstract class SSLContextImpl extends SSLContextSpi {
2 90ce3da70b43 Initial load duke parents: diff changeset	45
90ce3da70b43 Initial load duke parents: diff changeset	46	private final EphemeralKeyManager ephemeralKeyManager;
90ce3da70b43 Initial load duke parents: diff changeset	47	private final SSLSessionContextImpl clientCache;
90ce3da70b43 Initial load duke parents: diff changeset	48	private final SSLSessionContextImpl serverCache;
90ce3da70b43 Initial load duke parents: diff changeset	49
90ce3da70b43 Initial load duke parents: diff changeset	50	private boolean isInitialized;
90ce3da70b43 Initial load duke parents: diff changeset	51
90ce3da70b43 Initial load duke parents: diff changeset	52	private X509ExtendedKeyManager keyManager;
90ce3da70b43 Initial load duke parents: diff changeset	53	private X509TrustManager trustManager;
90ce3da70b43 Initial load duke parents: diff changeset	54	private SecureRandom secureRandom;
90ce3da70b43 Initial load duke parents: diff changeset	55
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	56	// DTLS cookie exchange manager
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	57	private volatile HelloCookieManager helloCookieManager;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	58
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	59	private final boolean clientEnableStapling = Utilities.getBooleanProperty(
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	60	"jdk.tls.client.enableStatusRequestExtension", true);
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	61	private final boolean serverEnableStapling = Utilities.getBooleanProperty(
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	62	"jdk.tls.server.enableStatusRequestExtension", false);
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	63	private static final Collection<CipherSuite> clientCustomizedCipherSuites =
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	64	getCustomizedCipherSuites("jdk.tls.client.cipherSuites");
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	65	private static final Collection<CipherSuite> serverCustomizedCipherSuites =
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	66	getCustomizedCipherSuites("jdk.tls.server.cipherSuites");
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	67
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	68	private volatile StatusResponseManager statusResponseManager;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 30904 diff changeset	69
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	70	SSLContextImpl() {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	71	ephemeralKeyManager = new EphemeralKeyManager();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	72	clientCache = new SSLSessionContextImpl();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	73	serverCache = new SSLSessionContextImpl();
2 90ce3da70b43 Initial load duke parents: diff changeset	74	}
90ce3da70b43 Initial load duke parents: diff changeset	75
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	76	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	77	protected void engineInit(KeyManager[] km, TrustManager[] tm,
90ce3da70b43 Initial load duke parents: diff changeset	78	SecureRandom sr) throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	79	isInitialized = false;
90ce3da70b43 Initial load duke parents: diff changeset	80	keyManager = chooseKeyManager(km);
90ce3da70b43 Initial load duke parents: diff changeset	81
90ce3da70b43 Initial load duke parents: diff changeset	82	if (tm == null) {
90ce3da70b43 Initial load duke parents: diff changeset	83	try {
90ce3da70b43 Initial load duke parents: diff changeset	84	TrustManagerFactory tmf = TrustManagerFactory.getInstance(
90ce3da70b43 Initial load duke parents: diff changeset	85	TrustManagerFactory.getDefaultAlgorithm());
90ce3da70b43 Initial load duke parents: diff changeset	86	tmf.init((KeyStore)null);
90ce3da70b43 Initial load duke parents: diff changeset	87	tm = tmf.getTrustManagers();
90ce3da70b43 Initial load duke parents: diff changeset	88	} catch (Exception e) {
90ce3da70b43 Initial load duke parents: diff changeset	89	// eat
90ce3da70b43 Initial load duke parents: diff changeset	90	}
90ce3da70b43 Initial load duke parents: diff changeset	91	}
90ce3da70b43 Initial load duke parents: diff changeset	92	trustManager = chooseTrustManager(tm);
90ce3da70b43 Initial load duke parents: diff changeset	93
90ce3da70b43 Initial load duke parents: diff changeset	94	if (sr == null) {
90ce3da70b43 Initial load duke parents: diff changeset	95	secureRandom = JsseJce.getSecureRandom();
90ce3da70b43 Initial load duke parents: diff changeset	96	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	97	if (SunJSSE.isFIPS() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	98	(sr.getProvider() != SunJSSE.cryptoProvider)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	99	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	100	("FIPS mode: SecureRandom must be from provider "
90ce3da70b43 Initial load duke parents: diff changeset	101	+ SunJSSE.cryptoProvider.getName());
90ce3da70b43 Initial load duke parents: diff changeset	102	}
90ce3da70b43 Initial load duke parents: diff changeset	103	secureRandom = sr;
90ce3da70b43 Initial load duke parents: diff changeset	104	}
90ce3da70b43 Initial load duke parents: diff changeset	105
90ce3da70b43 Initial load duke parents: diff changeset	106	/*
90ce3da70b43 Initial load duke parents: diff changeset	107	* The initial delay of seeding the random number generator
90ce3da70b43 Initial load duke parents: diff changeset	108	* could be long enough to cause the initial handshake on our
90ce3da70b43 Initial load duke parents: diff changeset	109	* first connection to timeout and fail. Make sure it is
90ce3da70b43 Initial load duke parents: diff changeset	110	* primed and ready by getting some initial output from it.
90ce3da70b43 Initial load duke parents: diff changeset	111	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	112	if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	113	SSLLogger.finest("trigger seeding of SecureRandom");
2 90ce3da70b43 Initial load duke parents: diff changeset	114	}
90ce3da70b43 Initial load duke parents: diff changeset	115	secureRandom.nextInt();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	116	if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	117	SSLLogger.finest("done seeding of SecureRandom");
2 90ce3da70b43 Initial load duke parents: diff changeset	118	}
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	119
2 90ce3da70b43 Initial load duke parents: diff changeset	120	isInitialized = true;
90ce3da70b43 Initial load duke parents: diff changeset	121	}
90ce3da70b43 Initial load duke parents: diff changeset	122
90ce3da70b43 Initial load duke parents: diff changeset	123	private X509TrustManager chooseTrustManager(TrustManager[] tm)
90ce3da70b43 Initial load duke parents: diff changeset	124	throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	125	// We only use the first instance of X509TrustManager passed to us.
90ce3da70b43 Initial load duke parents: diff changeset	126	for (int i = 0; tm != null && i < tm.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	127	if (tm[i] instanceof X509TrustManager) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	128	if (SunJSSE.isFIPS() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	129	!(tm[i] instanceof X509TrustManagerImpl)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	130	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	131	("FIPS mode: only SunJSSE TrustManagers may be used");
90ce3da70b43 Initial load duke parents: diff changeset	132	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	133
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	134	if (tm[i] instanceof X509ExtendedTrustManager) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	135	return (X509TrustManager)tm[i];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	136	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	137	return new AbstractTrustManagerWrapper(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	138	(X509TrustManager)tm[i]);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	139	}
2 90ce3da70b43 Initial load duke parents: diff changeset	140	}
90ce3da70b43 Initial load duke parents: diff changeset	141	}
90ce3da70b43 Initial load duke parents: diff changeset	142
90ce3da70b43 Initial load duke parents: diff changeset	143	// nothing found, return a dummy X509TrustManager.
90ce3da70b43 Initial load duke parents: diff changeset	144	return DummyX509TrustManager.INSTANCE;
90ce3da70b43 Initial load duke parents: diff changeset	145	}
90ce3da70b43 Initial load duke parents: diff changeset	146
90ce3da70b43 Initial load duke parents: diff changeset	147	private X509ExtendedKeyManager chooseKeyManager(KeyManager[] kms)
90ce3da70b43 Initial load duke parents: diff changeset	148	throws KeyManagementException {
90ce3da70b43 Initial load duke parents: diff changeset	149	for (int i = 0; kms != null && i < kms.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	150	KeyManager km = kms[i];
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	151	if (!(km instanceof X509KeyManager)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	152	continue;
90ce3da70b43 Initial load duke parents: diff changeset	153	}
90ce3da70b43 Initial load duke parents: diff changeset	154	if (SunJSSE.isFIPS()) {
90ce3da70b43 Initial load duke parents: diff changeset	155	// In FIPS mode, require that one of SunJSSE's own keymanagers
90ce3da70b43 Initial load duke parents: diff changeset	156	// is used. Otherwise, we cannot be sure that only keys from
90ce3da70b43 Initial load duke parents: diff changeset	157	// the FIPS token are used.
90ce3da70b43 Initial load duke parents: diff changeset	158	if ((km instanceof X509KeyManagerImpl)
90ce3da70b43 Initial load duke parents: diff changeset	159	\|\| (km instanceof SunX509KeyManagerImpl)) {
90ce3da70b43 Initial load duke parents: diff changeset	160	return (X509ExtendedKeyManager)km;
90ce3da70b43 Initial load duke parents: diff changeset	161	} else {
90ce3da70b43 Initial load duke parents: diff changeset	162	// throw exception, we don't want to silently use the
90ce3da70b43 Initial load duke parents: diff changeset	163	// dummy keymanager without telling the user.
90ce3da70b43 Initial load duke parents: diff changeset	164	throw new KeyManagementException
90ce3da70b43 Initial load duke parents: diff changeset	165	("FIPS mode: only SunJSSE KeyManagers may be used");
90ce3da70b43 Initial load duke parents: diff changeset	166	}
90ce3da70b43 Initial load duke parents: diff changeset	167	}
90ce3da70b43 Initial load duke parents: diff changeset	168	if (km instanceof X509ExtendedKeyManager) {
90ce3da70b43 Initial load duke parents: diff changeset	169	return (X509ExtendedKeyManager)km;
90ce3da70b43 Initial load duke parents: diff changeset	170	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	171
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	172	if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	173	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	174	"X509KeyManager passed to SSLContext.init(): need an " +
2 90ce3da70b43 Initial load duke parents: diff changeset	175	"X509ExtendedKeyManager for SSLEngine use");
90ce3da70b43 Initial load duke parents: diff changeset	176	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	177	return new AbstractKeyManagerWrapper((X509KeyManager)km);
2 90ce3da70b43 Initial load duke parents: diff changeset	178	}
90ce3da70b43 Initial load duke parents: diff changeset	179
90ce3da70b43 Initial load duke parents: diff changeset	180	// nothing found, return a dummy X509ExtendedKeyManager
90ce3da70b43 Initial load duke parents: diff changeset	181	return DummyX509KeyManager.INSTANCE;
90ce3da70b43 Initial load duke parents: diff changeset	182	}
90ce3da70b43 Initial load duke parents: diff changeset	183
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	184	abstract SSLEngine createSSLEngineImpl();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	185	abstract SSLEngine createSSLEngineImpl(String host, int port);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	186
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	187	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	188	protected SSLEngine engineCreateSSLEngine() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	189	if (!isInitialized) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	190	throw new IllegalStateException("SSLContext is not initialized");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	191	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	192	return createSSLEngineImpl();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	193	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	194
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	195	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	196	protected SSLEngine engineCreateSSLEngine(String host, int port) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	197	if (!isInitialized) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	198	throw new IllegalStateException("SSLContext is not initialized");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	199	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	200	return createSSLEngineImpl(host, port);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	201	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	202
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	203	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	204	protected SSLSocketFactory engineGetSocketFactory() {
90ce3da70b43 Initial load duke parents: diff changeset	205	if (!isInitialized) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	206	throw new IllegalStateException("SSLContext is not initialized");
2 90ce3da70b43 Initial load duke parents: diff changeset	207	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	208	return new SSLSocketFactoryImpl(this);
2 90ce3da70b43 Initial load duke parents: diff changeset	209	}
90ce3da70b43 Initial load duke parents: diff changeset	210
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	211	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	212	protected SSLServerSocketFactory engineGetServerSocketFactory() {
90ce3da70b43 Initial load duke parents: diff changeset	213	if (!isInitialized) {
90ce3da70b43 Initial load duke parents: diff changeset	214	throw new IllegalStateException("SSLContext is not initialized");
90ce3da70b43 Initial load duke parents: diff changeset	215	}
90ce3da70b43 Initial load duke parents: diff changeset	216	return new SSLServerSocketFactoryImpl(this);
90ce3da70b43 Initial load duke parents: diff changeset	217	}
90ce3da70b43 Initial load duke parents: diff changeset	218
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	219	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	220	protected SSLSessionContext engineGetClientSessionContext() {
90ce3da70b43 Initial load duke parents: diff changeset	221	return clientCache;
90ce3da70b43 Initial load duke parents: diff changeset	222	}
90ce3da70b43 Initial load duke parents: diff changeset	223
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	224	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	225	protected SSLSessionContext engineGetServerSessionContext() {
90ce3da70b43 Initial load duke parents: diff changeset	226	return serverCache;
90ce3da70b43 Initial load duke parents: diff changeset	227	}
90ce3da70b43 Initial load duke parents: diff changeset	228
90ce3da70b43 Initial load duke parents: diff changeset	229	SecureRandom getSecureRandom() {
90ce3da70b43 Initial load duke parents: diff changeset	230	return secureRandom;
90ce3da70b43 Initial load duke parents: diff changeset	231	}
90ce3da70b43 Initial load duke parents: diff changeset	232
90ce3da70b43 Initial load duke parents: diff changeset	233	X509ExtendedKeyManager getX509KeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	234	return keyManager;
90ce3da70b43 Initial load duke parents: diff changeset	235	}
90ce3da70b43 Initial load duke parents: diff changeset	236
90ce3da70b43 Initial load duke parents: diff changeset	237	X509TrustManager getX509TrustManager() {
90ce3da70b43 Initial load duke parents: diff changeset	238	return trustManager;
90ce3da70b43 Initial load duke parents: diff changeset	239	}
90ce3da70b43 Initial load duke parents: diff changeset	240
90ce3da70b43 Initial load duke parents: diff changeset	241	EphemeralKeyManager getEphemeralKeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	242	return ephemeralKeyManager;
90ce3da70b43 Initial load duke parents: diff changeset	243	}
90ce3da70b43 Initial load duke parents: diff changeset	244
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	245	// Used for DTLS in server mode only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	246	HelloCookieManager getHelloCookieManager(ProtocolVersion protocolVersion) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	247	if (helloCookieManager != null) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	248	return helloCookieManager.valueOf(protocolVersion);
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	249	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	250
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	251	synchronized (this) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	252	if (helloCookieManager == null) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	253	helloCookieManager = new HelloCookieManager(secureRandom);
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	254	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	255	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	256
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	257	return helloCookieManager.valueOf(protocolVersion);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	258	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	259
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 30904 diff changeset	260	StatusResponseManager getStatusResponseManager() {
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	261	if (serverEnableStapling && statusResponseManager == null) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	262	synchronized (this) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	263	if (statusResponseManager == null) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	264	if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	265	SSLLogger.finest(
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	266	"Initializing StatusResponseManager");
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	267	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	268	statusResponseManager = new StatusResponseManager();
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	269	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	270	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	271	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	272
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 30904 diff changeset	273	return statusResponseManager;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 30904 diff changeset	274	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 30904 diff changeset	275
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	276	// Get supported protocols.
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	277	abstract List<ProtocolVersion> getSupportedProtocolVersions();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	278
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	279	// Get default protocols for server mode.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	280	abstract List<ProtocolVersion> getServerDefaultProtocolVersions();
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	281
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	282	// Get default protocols for client mode.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	283	abstract List<ProtocolVersion> getClientDefaultProtocolVersions();
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	284
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	285	// Get supported CipherSuite list.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	286	abstract List<CipherSuite> getSupportedCipherSuites();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	287
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	288	// Get default CipherSuite list for server mode.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	289	abstract List<CipherSuite> getServerDefaultCipherSuites();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	290
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	291	// Get default CipherSuite list for client mode.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	292	abstract List<CipherSuite> getClientDefaultCipherSuites();
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	293
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	294	// Is the context for DTLS protocols?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	295	abstract boolean isDTLS();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	296
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	297	// Get default protocols.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	298	List<ProtocolVersion> getDefaultProtocolVersions(boolean roleIsServer) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	299	return roleIsServer ? getServerDefaultProtocolVersions()
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	300	: getClientDefaultProtocolVersions();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	301	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	302
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	303	// Get default CipherSuite list.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	304	List<CipherSuite> getDefaultCipherSuites(boolean roleIsServer) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	305	return roleIsServer ? getServerDefaultCipherSuites()
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	306	: getClientDefaultCipherSuites();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	307	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	308
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	309	/**
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	310	* Return whether a protocol list is the original default enabled
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	311	* protocols. See: SSLSocket/SSLEngine.setEnabledProtocols()
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	312	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	313	boolean isDefaultProtocolVesions(List<ProtocolVersion> protocols) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	314	return (protocols == getServerDefaultProtocolVersions()) \|\|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	315	(protocols == getClientDefaultProtocolVersions());
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	316	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	317
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	318	/**
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	319	* Return whether a protocol list is the original default enabled
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	320	* protocols. See: SSLSocket/SSLEngine.setEnabledProtocols()
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	321	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	322	boolean isDefaultCipherSuiteList(List<CipherSuite> cipherSuites) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	323	return (cipherSuites == getServerDefaultCipherSuites()) \|\|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	324	(cipherSuites == getClientDefaultCipherSuites());
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	325	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	326
36132 c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	327	/**
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	328	* Return whether client or server side stapling has been enabled
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	329	* for this SSLContextImpl
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	330	* @param isClient true if the caller is operating in a client side role,
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	331	* false if acting as a server.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	332	* @return true if stapling has been enabled for the specified role, false
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	333	* otherwise.
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	334	*/
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	335	boolean isStaplingEnabled(boolean isClient) {
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	336	return isClient ? clientEnableStapling : serverEnableStapling;
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	337	}
c99a60377145 8145854: SSLContextImpl.statusResponseManager should be generated if required jnimeh parents: 34826 diff changeset	338
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	339	/*
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	340	* Return the list of all available CipherSuites that are supported
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	341	* using currently installed providers.
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	342	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	343	private static List<CipherSuite> getApplicableSupportedCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	344	List<ProtocolVersion> protocols) {
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	345
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	346	return getApplicableCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	347	CipherSuite.allowedCipherSuites(), protocols);
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	348	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	349
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	350	/*
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	351	* Return the list of all available CipherSuites that are default enabled
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	352	* in client or server side.
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	353	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	354	private static List<CipherSuite> getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	355	List<ProtocolVersion> protocols, boolean isClient) {
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	356
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	357	if (isClient) {
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	358	if (!clientCustomizedCipherSuites.isEmpty()) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	359	return getApplicableCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	360	clientCustomizedCipherSuites, protocols);
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	361	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	362	} else {
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	363	if (!serverCustomizedCipherSuites.isEmpty()) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	364	return getApplicableCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	365	serverCustomizedCipherSuites, protocols);
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	366	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	367	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	368
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	369	return getApplicableCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	370	CipherSuite.defaultCipherSuites(), protocols);
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	371	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	372
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	373	/*
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	374	* Return the list of available CipherSuites which are applicable to
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	375	* the specified protocols.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	376	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	377	private static List<CipherSuite> getApplicableCipherSuites(
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	378	Collection<CipherSuite> allowedCipherSuites,
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	379	List<ProtocolVersion> protocols) {
12874 14df9c7c18e1 7174244: NPE in Krb5ProxyImpl.getServerKeys() xuelei parents: 12677 diff changeset	380	TreeSet<CipherSuite> suites = new TreeSet<>();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	381	if (protocols != null && (!protocols.isEmpty())) {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	382	for (CipherSuite suite : allowedCipherSuites) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	383	if (!suite.isAvailable()) {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	384	continue;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	385	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	386
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	387	boolean isSupported = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	388	for (ProtocolVersion protocol : protocols) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	389	if (!suite.supports(protocol)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	390	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	391	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	392
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	393	if (SSLAlgorithmConstraints.DEFAULT.permits(
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	394	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	395	suite.name, null)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	396	suites.add(suite);
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	397	isSupported = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	398	} else if (SSLLogger.isOn &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	399	SSLLogger.isOn("ssl,sslctx,verbose")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	400	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	401	"Ignore disabled cipher suite: " + suite.name);
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	402	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	403
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	404	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	405	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	406
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	407	if (!isSupported && SSLLogger.isOn &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	408	SSLLogger.isOn("ssl,sslctx,verbose")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	409	SSLLogger.finest(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	410	"Ignore unsupported cipher suite: " + suite);
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	411	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	412	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	413	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	414
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	415	return Arrays.asList(suites.toArray(new CipherSuite[0]));
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	416	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	417
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	418	/*
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	419	* Get the customized cipher suites specified by the given system property.
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	420	*/
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	421	private static Collection<CipherSuite> getCustomizedCipherSuites(
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	422	String propertyName) {
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	423
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	424	String property = GetPropertyAction.privilegedGetProperty(propertyName);
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	425	if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	426	SSLLogger.fine(
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	427	"System property " + propertyName + " is set to '" +
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	428	property + "'");
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	429	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	430	if (property != null && property.length() != 0) {
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	431	// remove double quote marks from beginning/end of the property
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	432	if (property.length() > 1 && property.charAt(0) == '"' &&
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	433	property.charAt(property.length() - 1) == '"') {
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	434	property = property.substring(1, property.length() - 1);
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	435	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	436	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	437
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	438	if (property != null && property.length() != 0) {
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	439	String[] cipherSuiteNames = property.split(",");
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	440	Collection<CipherSuite> cipherSuites =
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	441	new ArrayList<>(cipherSuiteNames.length);
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	442	for (int i = 0; i < cipherSuiteNames.length; i++) {
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	443	cipherSuiteNames[i] = cipherSuiteNames[i].trim();
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	444	if (cipherSuiteNames[i].isEmpty()) {
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	445	continue;
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	446	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	447
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	448	CipherSuite suite;
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	449	try {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	450	suite = CipherSuite.nameOf(cipherSuiteNames[i]);
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	451	} catch (IllegalArgumentException iae) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	452	if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	453	SSLLogger.fine(
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	454	"Unknown or unsupported cipher suite name: " +
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	455	cipherSuiteNames[i]);
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	456	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	457
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	458	continue;
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	459	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	460
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	461	if (suite != null && suite.isAvailable()) {
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	462	cipherSuites.add(suite);
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	463	} else {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	464	if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	465	SSLLogger.fine(
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	466	"The current installed providers do not " +
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	467	"support cipher suite: " + cipherSuiteNames[i]);
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	468	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	469	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	470	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	471
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	472	return cipherSuites;
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	473	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	474
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	475	return Collections.emptyList();
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	476	}
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	477
6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	478
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	479	private static List<ProtocolVersion> getAvailableProtocols(
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	480	ProtocolVersion[] protocolCandidates) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	481
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	482	List<ProtocolVersion> availableProtocols =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	483	Collections.<ProtocolVersion>emptyList();
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	484	if (protocolCandidates != null && protocolCandidates.length != 0) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	485	availableProtocols = new ArrayList<>(protocolCandidates.length);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	486	for (ProtocolVersion p : protocolCandidates) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	487	if (p.isAvailable) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	488	availableProtocols.add(p);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	489	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	490	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	491	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	492
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	493	return availableProtocols;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	494	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	495
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	496	/*
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	497	* The SSLContext implementation for SSL/(D)TLS algorithm
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	498	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	499	* SSL/TLS protocols specify the forward compatibility and version
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	500	* roll-back attack protections, however, a number of SSL/TLS server
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	501	* vendors did not implement these aspects properly, and some current
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	502	* SSL/TLS servers may refuse to talk to a TLS 1.1 or later client.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	503	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	504	* Considering above interoperability issues, SunJSSE will not set
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	505	* TLS 1.1 and TLS 1.2 as the enabled protocols for client by default.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	506	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	507	* For SSL/TLS servers, there is no such interoperability issues as
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	508	* SSL/TLS clients. In SunJSSE, TLS 1.1 or later version will be the
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	509	* enabled protocols for server by default.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	510	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	511	* We may change the behavior when popular TLS/SSL vendors support TLS
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	512	* forward compatibility properly.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	513	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	514	* SSLv2Hello is no longer necessary. This interoperability option was
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	515	* put in place in the late 90's when SSLv3/TLS1.0 were relatively new
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	516	* and there were a fair number of SSLv2-only servers deployed. Because
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	517	* of the security issues in SSLv2, it is rarely (if ever) used, as
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	518	* deployments should now be using SSLv3 and TLSv1.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	519	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	520	* Considering the issues of SSLv2Hello, we should not enable SSLv2Hello
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	521	* by default. Applications still can use it by enabling SSLv2Hello with
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	522	* the series of setEnabledProtocols APIs.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	523	*/
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	524
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	525	/*
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	526	* The base abstract SSLContext implementation for the Transport Layer
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	527	* Security (TLS) protocols.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	528	*
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	529	* This abstract class encapsulates supported and the default server
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	530	* SSL/TLS parameters.
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	531	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	532	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	533	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	534	private abstract static class AbstractTLSContext extends SSLContextImpl {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	535	private static final List<ProtocolVersion> supportedProtocols;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	536	private static final List<ProtocolVersion> serverDefaultProtocols;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	537
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	538	private static final List<CipherSuite> supportedCipherSuites;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	539	private static final List<CipherSuite> serverDefaultCipherSuites;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	540
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	541	static {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	542	if (SunJSSE.isFIPS()) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	543	supportedProtocols = Arrays.asList(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	544	ProtocolVersion.TLS13,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	545	ProtocolVersion.TLS12,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	546	ProtocolVersion.TLS11,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	547	ProtocolVersion.TLS10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	548	);
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	549
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	550	serverDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	551	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	552	ProtocolVersion.TLS13,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	553	ProtocolVersion.TLS12,
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	554	ProtocolVersion.TLS11,
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	555	ProtocolVersion.TLS10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	556	});
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	557	} else {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	558	supportedProtocols = Arrays.asList(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	559	ProtocolVersion.TLS13,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	560	ProtocolVersion.TLS12,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	561	ProtocolVersion.TLS11,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	562	ProtocolVersion.TLS10,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	563	ProtocolVersion.SSL30,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	564	ProtocolVersion.SSL20Hello
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	565	);
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	566
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	567	serverDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	568	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	569	ProtocolVersion.TLS13,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	570	ProtocolVersion.TLS12,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	571	ProtocolVersion.TLS11,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	572	ProtocolVersion.TLS10,
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	573	ProtocolVersion.SSL30,
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	574	ProtocolVersion.SSL20Hello
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	575	});
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	576	}
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	577
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	578	supportedCipherSuites = getApplicableSupportedCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	579	supportedProtocols);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	580	serverDefaultCipherSuites = getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	581	serverDefaultProtocols, false);
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	582	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	583
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	584	@Override
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	585	List<ProtocolVersion> getSupportedProtocolVersions() {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	586	return supportedProtocols;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	587	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	588
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	589	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	590	List<CipherSuite> getSupportedCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	591	return supportedCipherSuites;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	592	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	593
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	594	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	595	List<ProtocolVersion> getServerDefaultProtocolVersions() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	596	return serverDefaultProtocols;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	597	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	598
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	599	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	600	List<CipherSuite> getServerDefaultCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	601	return serverDefaultCipherSuites;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	602	}
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	603
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	604	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	605	SSLEngine createSSLEngineImpl() {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	606	return new SSLEngineImpl(this);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	607	}
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	608
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	609	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	610	SSLEngine createSSLEngineImpl(String host, int port) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	611	return new SSLEngineImpl(this, host, port);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	612	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	613
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	614	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	615	boolean isDTLS() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	616	return false;
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	617	}
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	618
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	619	static ProtocolVersion[] getSupportedProtocols() {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	620	if (SunJSSE.isFIPS()) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	621	return new ProtocolVersion[] {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	622	ProtocolVersion.TLS13,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	623	ProtocolVersion.TLS12,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	624	ProtocolVersion.TLS11,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	625	ProtocolVersion.TLS10
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	626	};
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	627	} else {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	628	return new ProtocolVersion[]{
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	629	ProtocolVersion.TLS13,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	630	ProtocolVersion.TLS12,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	631	ProtocolVersion.TLS11,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	632	ProtocolVersion.TLS10,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	633	ProtocolVersion.SSL30,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	634	ProtocolVersion.SSL20Hello
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	635	};
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	636	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	637	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	638	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	639
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	640	/*
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	641	* The SSLContext implementation for SSLv3 and TLS10 algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	642	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	643	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	644	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	645	public static final class TLS10Context extends AbstractTLSContext {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	646	private static final List<ProtocolVersion> clientDefaultProtocols;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	647	private static final List<CipherSuite> clientDefaultCipherSuites;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	648
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	649	static {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	650	if (SunJSSE.isFIPS()) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	651	clientDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	652	new ProtocolVersion[] {
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	653	ProtocolVersion.TLS10
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	654	});
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	655	} else {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	656	clientDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	657	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	658	ProtocolVersion.TLS10,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	659	ProtocolVersion.SSL30
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	660	});
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	661	}
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	662
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	663	clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	664	clientDefaultProtocols, true);
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	665	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	666
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	667	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	668	List<ProtocolVersion> getClientDefaultProtocolVersions() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	669	return clientDefaultProtocols;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	670	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	671
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	672	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	673	List<CipherSuite> getClientDefaultCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	674	return clientDefaultCipherSuites;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	675	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	676	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	677
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	678	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	679	* The SSLContext implementation for TLS11 algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	680	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	681	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	682	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	683	public static final class TLS11Context extends AbstractTLSContext {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	684	private static final List<ProtocolVersion> clientDefaultProtocols;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	685	private static final List<CipherSuite> clientDefaultCipherSuites;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	686
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	687	static {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	688	if (SunJSSE.isFIPS()) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	689	clientDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	690	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	691	ProtocolVersion.TLS11,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	692	ProtocolVersion.TLS10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	693	});
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	694	} else {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	695	clientDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	696	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	697	ProtocolVersion.TLS11,
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	698	ProtocolVersion.TLS10,
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	699	ProtocolVersion.SSL30
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	700	});
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	701	}
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	702
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	703	clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	704	clientDefaultProtocols, true);
40275 6a37d5a9619d 8162362: Introduce system property to control enabled ciphersuites xuelei parents: 37781 diff changeset	705
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	706	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	707
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	708	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	709	List<ProtocolVersion> getClientDefaultProtocolVersions() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	710	return clientDefaultProtocols;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	711	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	712
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	713	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	714	List<CipherSuite> getClientDefaultCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	715	return clientDefaultCipherSuites;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	716	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	717	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	718
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	719	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	720	* The SSLContext implementation for TLS12 algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	721	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	722	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	723	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	724	public static final class TLS12Context extends AbstractTLSContext {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	725	private static final List<ProtocolVersion> clientDefaultProtocols;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	726	private static final List<CipherSuite> clientDefaultCipherSuites;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	727
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	728	static {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	729	if (SunJSSE.isFIPS()) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	730	clientDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	731	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	732	ProtocolVersion.TLS12,
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	733	ProtocolVersion.TLS11,
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	734	ProtocolVersion.TLS10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	735	});
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	736	} else {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	737	clientDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	738	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	739	ProtocolVersion.TLS12,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	740	ProtocolVersion.TLS11,
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	741	ProtocolVersion.TLS10,
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	742	ProtocolVersion.SSL30
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	743	});
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	744	}
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	745
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	746	clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	747	clientDefaultProtocols, true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	748	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	749
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	750	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	751	List<ProtocolVersion> getClientDefaultProtocolVersions() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	752	return clientDefaultProtocols;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	753	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	754
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	755	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	756	List<CipherSuite> getClientDefaultCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	757	return clientDefaultCipherSuites;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	758	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	759	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	760
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	761	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	762	* The SSLContext implementation for TLS1.3 algorithm
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	763	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	764	* @see SSLContext
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	765	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	766	public static final class TLS13Context extends AbstractTLSContext {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	767	private static final List<ProtocolVersion> clientDefaultProtocols;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	768	private static final List<CipherSuite> clientDefaultCipherSuites;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	769
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	770	static {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	771	if (SunJSSE.isFIPS()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	772	clientDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	773	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	774	ProtocolVersion.TLS13,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	775	ProtocolVersion.TLS12,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	776	ProtocolVersion.TLS11,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	777	ProtocolVersion.TLS10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	778	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	779	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	780	clientDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	781	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	782	ProtocolVersion.TLS13,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	783	ProtocolVersion.TLS12,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	784	ProtocolVersion.TLS11,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	785	ProtocolVersion.TLS10,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	786	ProtocolVersion.SSL30
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	787	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	788	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	789
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	790	clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	791	clientDefaultProtocols, true);
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	792	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	793
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	794	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	795	List<ProtocolVersion> getClientDefaultProtocolVersions() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	796	return clientDefaultProtocols;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	797	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	798
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	799	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	800	List<CipherSuite> getClientDefaultCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	801	return clientDefaultCipherSuites;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	802	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	803	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	804
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	805	/*
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	806	* The interface for the customized SSL/(D)TLS SSLContext.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	807	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	808	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	809	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	810	private static class CustomizedSSLProtocols {
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	811	private static final String JDK_TLS_CLIENT_PROTOCOLS =
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	812	"jdk.tls.client.protocols";
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	813	private static final String JDK_TLS_SERVER_PROTOCOLS =
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	814	"jdk.tls.server.protocols";
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	815	static IllegalArgumentException reservedException = null;
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	816	static final ArrayList<ProtocolVersion> customizedClientProtocols =
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	817	new ArrayList<>();
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	818	static final ArrayList<ProtocolVersion> customizedServerProtocols =
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	819	new ArrayList<>();
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	820
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	821	// Don't want a java.lang.LinkageError for illegal system property.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	822	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	823	// Please don't throw exception in this static block. Otherwise,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	824	// java.lang.LinkageError may be thrown during the instantiation of
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	825	// the provider service. Instead, please handle the initialization
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	826	// exception in the caller's constructor.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	827	static {
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	828	populate(JDK_TLS_CLIENT_PROTOCOLS, customizedClientProtocols);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	829	populate(JDK_TLS_SERVER_PROTOCOLS, customizedServerProtocols);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	830	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	831
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	832	private static void populate(String propname,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	833	ArrayList<ProtocolVersion> arrayList) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	834	String property = GetPropertyAction.privilegedGetProperty(propname);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	835	if (property == null) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	836	return;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	837	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	838
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	839	if (property.length() != 0) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	840	// remove double quote marks from beginning/end of the property
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	841	if (property.length() > 1 && property.charAt(0) == '"' &&
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	842	property.charAt(property.length() - 1) == '"') {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	843	property = property.substring(1, property.length() - 1);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	844	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	845	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	846
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	847	if (property.length() != 0) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	848	String[] protocols = property.split(",");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	849	for (int i = 0; i < protocols.length; i++) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	850	protocols[i] = protocols[i].trim();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	851	// Is it a supported protocol name?
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	852	ProtocolVersion pv =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	853	ProtocolVersion.nameOf(protocols[i]);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	854	if (pv == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	855	reservedException = new IllegalArgumentException(
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	856	propname + ": " + protocols[i] +
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	857	" is not a supported SSL protocol name");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	858	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	859
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	860	if (SunJSSE.isFIPS() &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	861	((pv == ProtocolVersion.SSL30) \|\|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	862	(pv == ProtocolVersion.SSL20Hello))) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	863	reservedException = new IllegalArgumentException(
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	864	propname + ": " + pv +
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	865	" is not FIPS compliant");
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	866
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	867	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	868	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	869
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	870	// ignore duplicated protocols
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	871	if (!arrayList.contains(pv)) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	872	arrayList.add(pv);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	873	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	874	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	875	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	876	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	877	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	878
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	879	/*
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	880	* The SSLContext implementation for customized TLS protocols
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	881	*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	882	* @see SSLContext
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	883	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	884	private static class CustomizedTLSContext extends AbstractTLSContext {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	885
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	886	private static final List<ProtocolVersion> clientDefaultProtocols;
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	887	private static final List<ProtocolVersion> serverDefaultProtocols;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	888	private static final List<CipherSuite> clientDefaultCipherSuites;
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	889	private static final List<CipherSuite> serverDefaultCipherSuites;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	890	private static final IllegalArgumentException reservedException;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	891
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	892	// Don't want a java.lang.LinkageError for illegal system property.
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	893	//
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	894	// Please don't throw exception in this static block. Otherwise,
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	895	// java.lang.LinkageError may be thrown during the instantiation of
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	896	// the provider service. Instead, let's handle the initialization
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	897	// exception in constructor.
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	898	static {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	899	reservedException = CustomizedSSLProtocols.reservedException;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	900	if (reservedException == null) {
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	901	clientDefaultProtocols = customizedProtocols(true,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	902	CustomizedSSLProtocols.customizedClientProtocols);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	903	serverDefaultProtocols = customizedProtocols(false,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	904	CustomizedSSLProtocols.customizedServerProtocols);
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	905
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	906	clientDefaultCipherSuites =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	907	getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	908	clientDefaultProtocols, true);
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	909	serverDefaultCipherSuites =
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	910	getApplicableEnabledCipherSuites(
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	911	serverDefaultProtocols, false);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	912
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	913	} else {
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	914	// unlikely to be used
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	915	clientDefaultProtocols = null;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	916	serverDefaultProtocols = null;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	917	clientDefaultCipherSuites = null;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	918	serverDefaultCipherSuites = null;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	919	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	920	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	921
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	922	private static List<ProtocolVersion> customizedProtocols(
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	923	boolean client, List<ProtocolVersion> customized) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	924	List<ProtocolVersion> refactored = new ArrayList<>();
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	925	for (ProtocolVersion pv : customized) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	926	if (!pv.isDTLS) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	927	refactored.add(pv);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	928	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	929	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	930
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	931	// Use the default enabled protocols if no customization
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	932	ProtocolVersion[] candidates;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	933	if (refactored.isEmpty()) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	934	if (client) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	935	candidates = getProtocols();
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	936	} else {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	937	candidates = getSupportedProtocols();
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	938	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	939	} else {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	940	// Use the customized TLS protocols.
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	941	candidates = new ProtocolVersion[refactored.size()];
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	942	candidates = refactored.toArray(candidates);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	943	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	944	System.out.println(refactored.toString());
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	945
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	946	return getAvailableProtocols(candidates);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	947	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	948
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	949	static ProtocolVersion[] getProtocols() {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	950	if (SunJSSE.isFIPS()) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	951	return new ProtocolVersion[]{
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	952	ProtocolVersion.TLS13,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	953	ProtocolVersion.TLS12,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	954	ProtocolVersion.TLS11,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	955	ProtocolVersion.TLS10
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	956	};
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	957	} else {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	958	return new ProtocolVersion[]{
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	959	ProtocolVersion.TLS13,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	960	ProtocolVersion.TLS12,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	961	ProtocolVersion.TLS11,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	962	ProtocolVersion.TLS10,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	963	ProtocolVersion.SSL30
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	964	};
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	965	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	966	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	967
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	968	protected CustomizedTLSContext() {
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	969	if (reservedException != null) {
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	970	throw reservedException;
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	971	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	972	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	973
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	974	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	975	List<ProtocolVersion> getClientDefaultProtocolVersions() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	976	return clientDefaultProtocols;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	977	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	978
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	979	@Override
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	980	List<ProtocolVersion> getServerDefaultProtocolVersions() {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	981	return serverDefaultProtocols;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	982	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	983
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	984	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	985	List<CipherSuite> getClientDefaultCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	986	return clientDefaultCipherSuites;
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	987	}
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	988
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	989	@Override
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	990	List<CipherSuite> getServerDefaultCipherSuites() {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	991	return serverDefaultCipherSuites;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	992	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	993
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	994
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	995	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	996
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	997	/*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	998	* The SSLContext implementation for default "TLS" algorithm
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	999	*
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	1000	* @see SSLContext
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	1001	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1002	public static final class TLSContext extends CustomizedTLSContext {
22068 95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	1003	// use the default constructor and methods
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	1004	}
95a7a3cd72a0 7093640: Enable client-side TLS 1.2 by default xuelei parents: 21278 diff changeset	1005
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1006	// lazy initialization holder class idiom for static default parameters
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1007	//
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1008	// See Effective Java Second Edition: Item 71.
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1009	private static final class DefaultManagersHolder {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1010	private static final String NONE = "NONE";
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1011	private static final String P11KEYSTORE = "PKCS11";
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1012
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1013	private static final TrustManager[] trustManagers;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1014	private static final KeyManager[] keyManagers;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1015
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1016	private static final Exception reservedException;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1017
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1018	static {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1019	Exception reserved = null;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1020	TrustManager[] tmMediator;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1021	try {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1022	tmMediator = getTrustManagers();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1023	} catch (Exception e) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1024	reserved = e;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1025	tmMediator = new TrustManager[0];
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1026	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1027	trustManagers = tmMediator;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1028
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1029	if (reserved == null) {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1030	KeyManager[] kmMediator;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1031	try {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1032	kmMediator = getKeyManagers();
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1033	} catch (Exception e) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1034	reserved = e;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1035	kmMediator = new KeyManager[0];
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1036	}
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1037	keyManagers = kmMediator;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1038	} else {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1039	keyManagers = new KeyManager[0];
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1040	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1041
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1042	reservedException = reserved;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1043	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1044
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1045	private static TrustManager[] getTrustManagers() throws Exception {
43009 5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1046	TrustManagerFactory tmf = TrustManagerFactory.getInstance(
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1047	TrustManagerFactory.getDefaultAlgorithm());
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1048	if ("SunJSSE".equals(tmf.getProvider().getName())) {
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1049	// The implementation will load the default KeyStore
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1050	// automatically. Cached trust materials may be used
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1051	// for performance improvement.
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1052	tmf.init((KeyStore)null);
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1053	} else {
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1054	// Use the explicitly specified KeyStore for third party's
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1055	// TrustManagerFactory implementation.
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1056	KeyStore ks = TrustStoreManager.getTrustedKeyStore();
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1057	tmf.init(ks);
5af9f7aa93e5 8129988: JSSE should create a single instance of the cacerts KeyStore xuelei parents: 42221 diff changeset	1058	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1059
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1060	return tmf.getTrustManagers();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1061	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1062
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1063	private static KeyManager[] getKeyManagers() throws Exception {
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1064
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1065	final Map<String,String> props = new HashMap<>();
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1066	AccessController.doPrivileged(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1067	new PrivilegedExceptionAction<Object>() {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1068	@Override
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1069	public Object run() throws Exception {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1070	props.put("keyStore", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1071	"javax.net.ssl.keyStore", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1072	props.put("keyStoreType", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1073	"javax.net.ssl.keyStoreType",
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1074	KeyStore.getDefaultType()));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1075	props.put("keyStoreProvider", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1076	"javax.net.ssl.keyStoreProvider", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1077	props.put("keyStorePasswd", System.getProperty(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1078	"javax.net.ssl.keyStorePassword", ""));
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1079	return null;
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1080	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1081	});
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1082
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1083	final String defaultKeyStore = props.get("keyStore");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1084	String defaultKeyStoreType = props.get("keyStoreType");
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1085	String defaultKeyStoreProvider = props.get("keyStoreProvider");
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1086	if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1087	SSLLogger.fine("keyStore is : " + defaultKeyStore);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1088	SSLLogger.fine("keyStore type is : " +
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1089	defaultKeyStoreType);
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1090	SSLLogger.fine("keyStore provider is : " +
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1091	defaultKeyStoreProvider);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1092	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1093
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1094	if (P11KEYSTORE.equals(defaultKeyStoreType) &&
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1095	!NONE.equals(defaultKeyStore)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1096	throw new IllegalArgumentException("if keyStoreType is "
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1097	+ P11KEYSTORE + ", then keyStore must be " + NONE);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1098	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1099
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1100	FileInputStream fs = null;
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1101	KeyStore ks = null;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1102	char[] passwd = null;
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1103	try {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1104	if (defaultKeyStore.length() != 0 &&
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1105	!NONE.equals(defaultKeyStore)) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1106	fs = AccessController.doPrivileged(
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1107	new PrivilegedExceptionAction<FileInputStream>() {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1108	@Override
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1109	public FileInputStream run() throws Exception {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1110	return new FileInputStream(defaultKeyStore);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1111	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1112	});
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1113	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1114
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1115	String defaultKeyStorePassword = props.get("keyStorePasswd");
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1116	if (defaultKeyStorePassword.length() != 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1117	passwd = defaultKeyStorePassword.toCharArray();
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1118	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1119
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1120	/**
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1121	* Try to initialize key store.
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1122	*/
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1123	if ((defaultKeyStoreType.length()) != 0) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1124	if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1125	SSLLogger.finest("init keystore");
10125 c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1126	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1127	if (defaultKeyStoreProvider.length() == 0) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1128	ks = KeyStore.getInstance(defaultKeyStoreType);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1129	} else {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1130	ks = KeyStore.getInstance(defaultKeyStoreType,
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1131	defaultKeyStoreProvider);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1132	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1133
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1134	// if defaultKeyStore is NONE, fs will be null
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1135	ks.load(fs, passwd);
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1136	}
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1137	} finally {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1138	if (fs != null) {
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1139	fs.close();
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1140	fs = null;
c70d99150c40 7059709: close the IO in a final block xuelei parents: 9246 diff changeset	1141	}
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1142	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1143
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1144	/*
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1145	* Try to initialize key manager.
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1146	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1147	if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1148	SSLLogger.fine("init keymanager of type " +
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1149	KeyManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1150	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1151	KeyManagerFactory kmf = KeyManagerFactory.getInstance(
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1152	KeyManagerFactory.getDefaultAlgorithm());
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1153
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1154	if (P11KEYSTORE.equals(defaultKeyStoreType)) {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1155	kmf.init(ks, null); // do not pass key passwd if using token
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1156	} else {
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1157	kmf.init(ks, passwd);
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1158	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1159
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1160	return kmf.getKeyManagers();
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1161	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1162	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1163
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1164	// lazy initialization holder class idiom for static default parameters
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1165	//
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1166	// See Effective Java Second Edition: Item 71.
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1167	private static final class DefaultSSLContextHolder {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1168
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1169	private static final SSLContextImpl sslContext;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1170	static Exception reservedException = null;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1171
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1172	static {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1173	SSLContextImpl mediator = null;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1174	if (DefaultManagersHolder.reservedException != null) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1175	reservedException = DefaultManagersHolder.reservedException;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1176	} else {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1177	try {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1178	mediator = new DefaultSSLContext();
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1179	} catch (Exception e) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1180	reservedException = e;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1181	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1182	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1183
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1184	sslContext = mediator;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1185	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1186	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1187
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1188	/*
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1189	* The SSLContext implementation for default "Default" algorithm
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1190	*
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1191	* @see SSLContext
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1192	*/
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1193	public static final class DefaultSSLContext extends CustomizedTLSContext {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1194
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1195	// public constructor for SSLContext.getInstance("Default")
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1196	public DefaultSSLContext() throws Exception {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1197	if (DefaultManagersHolder.reservedException != null) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1198	throw DefaultManagersHolder.reservedException;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1199	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1200
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1201	try {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1202	super.engineInit(DefaultManagersHolder.keyManagers,
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1203	DefaultManagersHolder.trustManagers, null);
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1204	} catch (Exception e) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1205	if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1206	SSLLogger.fine("default context init failed: ", e);
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1207	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1208	throw e;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1209	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1210	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1211
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1212	@Override
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1213	protected void engineInit(KeyManager[] km, TrustManager[] tm,
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1214	SecureRandom sr) throws KeyManagementException {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1215	throw new KeyManagementException
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1216	("Default SSLContext is initialized automatically");
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1217	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1218
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1219	static SSLContextImpl getDefaultImpl() throws Exception {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1220	if (DefaultSSLContextHolder.reservedException != null) {
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1221	throw DefaultSSLContextHolder.reservedException;
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1222	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1223
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1224	return DefaultSSLContextHolder.sslContext;
9246 c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1225	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1226	}
c459f79af46b 6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled xuelei parents: 7043 diff changeset	1227
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1228	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1229	* The base abstract SSLContext implementation for the Datagram Transport
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1230	* Layer Security (DTLS) protocols.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1231	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1232	* This abstract class encapsulates supported and the default server DTLS
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1233	* parameters.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1234	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1235	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1236	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1237	private abstract static class AbstractDTLSContext extends SSLContextImpl {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1238	private static final List<ProtocolVersion> supportedProtocols;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1239	private static final List<ProtocolVersion> serverDefaultProtocols;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1240
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1241	private static final List<CipherSuite> supportedCipherSuites;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1242	private static final List<CipherSuite> serverDefaultCipherSuites;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1243
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1244	static {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1245	// Both DTLSv1.0 and DTLSv1.2 can be used in FIPS mode.
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1246	supportedProtocols = Arrays.asList(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1247	ProtocolVersion.DTLS12,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1248	ProtocolVersion.DTLS10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1249	);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1250
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1251	// available protocols for server mode
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1252	serverDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1253	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1254	ProtocolVersion.DTLS12,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1255	ProtocolVersion.DTLS10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1256	});
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1257
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1258	supportedCipherSuites = getApplicableSupportedCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1259	supportedProtocols);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1260	serverDefaultCipherSuites = getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1261	serverDefaultProtocols, false);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1262	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1263
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1264	@Override
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1265	List<ProtocolVersion> getSupportedProtocolVersions() {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1266	return supportedProtocols;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1267	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1268
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1269	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1270	List<CipherSuite> getSupportedCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1271	return supportedCipherSuites;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1272	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1273
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1274	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1275	List<ProtocolVersion> getServerDefaultProtocolVersions() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1276	return serverDefaultProtocols;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1277	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1278
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1279	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1280	List<CipherSuite> getServerDefaultCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1281	return serverDefaultCipherSuites;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1282	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1283
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1284	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1285	SSLEngine createSSLEngineImpl() {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1286	return new SSLEngineImpl(this);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1287	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1288
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1289	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1290	SSLEngine createSSLEngineImpl(String host, int port) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1291	return new SSLEngineImpl(this, host, port);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1292	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1293
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1294	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1295	boolean isDTLS() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1296	return true;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1297	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1298	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1299
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1300	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1301	* The SSLContext implementation for DTLSv1.0 algorithm.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1302	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1303	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1304	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1305	public static final class DTLS10Context extends AbstractDTLSContext {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1306	private static final List<ProtocolVersion> clientDefaultProtocols;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1307	private static final List<CipherSuite> clientDefaultCipherSuites;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1308
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1309	static {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1310	// available protocols for client mode
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1311	clientDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1312	new ProtocolVersion[] {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1313	ProtocolVersion.DTLS10
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1314	});
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1315
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1316	clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1317	clientDefaultProtocols, true);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1318	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1319
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1320	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1321	List<ProtocolVersion> getClientDefaultProtocolVersions() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1322	return clientDefaultProtocols;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1323	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1324
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1325	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1326	List<CipherSuite> getClientDefaultCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1327	return clientDefaultCipherSuites;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1328	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1329	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1330
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1331	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1332	* The SSLContext implementation for DTLSv1.2 algorithm.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1333	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1334	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1335	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1336	public static final class DTLS12Context extends AbstractDTLSContext {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1337	private static final List<ProtocolVersion> clientDefaultProtocols;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1338	private static final List<CipherSuite> clientDefaultCipherSuites;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1339
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1340	static {
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1341	// available protocols for client mode
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1342	clientDefaultProtocols = getAvailableProtocols(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1343	new ProtocolVersion[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1344	ProtocolVersion.DTLS12,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1345	ProtocolVersion.DTLS10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1346	});
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1347
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1348	clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1349	clientDefaultProtocols, true);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1350	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1351
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1352	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1353	List<ProtocolVersion> getClientDefaultProtocolVersions() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1354	return clientDefaultProtocols;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1355	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1356
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1357	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1358	List<CipherSuite> getClientDefaultCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1359	return clientDefaultCipherSuites;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1360	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1361	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1362
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1363	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1364	* The SSLContext implementation for customized TLS protocols
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1365	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1366	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1367	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1368	private static class CustomizedDTLSContext extends AbstractDTLSContext {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1369	private static final List<ProtocolVersion> clientDefaultProtocols;
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1370	private static final List<ProtocolVersion> serverDefaultProtocols;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1371	private static final List<CipherSuite> clientDefaultCipherSuites;
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1372	private static final List<CipherSuite> serverDefaultCipherSuites;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1373
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1374	private static IllegalArgumentException reservedException = null;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1375
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1376	// Don't want a java.lang.LinkageError for illegal system property.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1377	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1378	// Please don't throw exception in this static block. Otherwise,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1379	// java.lang.LinkageError may be thrown during the instantiation of
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1380	// the provider service. Instead, let's handle the initialization
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1381	// exception in constructor.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1382	static {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1383	reservedException = CustomizedSSLProtocols.reservedException;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1384	if (reservedException == null) {
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1385	clientDefaultProtocols = customizedProtocols(true,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1386	CustomizedSSLProtocols.customizedClientProtocols);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1387	serverDefaultProtocols = customizedProtocols(false,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1388	CustomizedSSLProtocols.customizedServerProtocols);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1389
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1390	clientDefaultCipherSuites =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1391	getApplicableEnabledCipherSuites(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1392	clientDefaultProtocols, true);
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1393	serverDefaultCipherSuites =
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1394	getApplicableEnabledCipherSuites(
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1395	serverDefaultProtocols, false);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1396
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1397	} else {
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1398	// unlikely to be used
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1399	clientDefaultProtocols = null;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1400	serverDefaultProtocols = null;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1401	clientDefaultCipherSuites = null;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1402	serverDefaultCipherSuites = null;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1403	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1404	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1405
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1406	private static List<ProtocolVersion> customizedProtocols(boolean client,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1407	List<ProtocolVersion> customized) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1408	List<ProtocolVersion> refactored = new ArrayList<>();
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1409	for (ProtocolVersion pv : customized) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1410	if (pv.isDTLS) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1411	refactored.add(pv);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1412	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1413	}
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1414
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1415	ProtocolVersion[] candidates;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1416	// Use the default enabled protocols if no customization
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1417	if (refactored.isEmpty()) {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1418	candidates = new ProtocolVersion[]{
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1419	ProtocolVersion.DTLS12,
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1420	ProtocolVersion.DTLS10
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1421	};
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1422	if (!client)
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1423	return Arrays.asList(candidates);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1424	} else {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1425	// Use the customized TLS protocols.
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1426	candidates =
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1427	new ProtocolVersion[customized.size()];
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1428	candidates = customized.toArray(candidates);
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1429	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1430
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1431	return getAvailableProtocols(candidates);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1432	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1433
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1434	protected CustomizedDTLSContext() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1435	if (reservedException != null) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1436	throw reservedException;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1437	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1438	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1439
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1440	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1441	List<ProtocolVersion> getClientDefaultProtocolVersions() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1442	return clientDefaultProtocols;
34826 4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1443	}
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1444
4bbdce2630f8 8133070: Hot lock on BulkCipher.isAvailable xuelei parents: 32649 diff changeset	1445	@Override
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1446	List<ProtocolVersion> getServerDefaultProtocolVersions() {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1447	return serverDefaultProtocols;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1448	}
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1449
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1450	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1451	List<CipherSuite> getClientDefaultCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1452	return clientDefaultCipherSuites;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1453	}
56611 f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1454
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1455	@Override
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1456	List<CipherSuite> getServerDefaultCipherSuites() {
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1457	return serverDefaultCipherSuites;
f8f7e604e1f8 added jdk.tls.server.protocols ascarpino parents: 56542 diff changeset	1458	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1459	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1460
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1461	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1462	* The SSLContext implementation for default "DTLS" algorithm
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1463	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1464	* @see SSLContext
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1465	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1466	public static final class DTLSContext extends CustomizedDTLSContext {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1467	// use the default constructor and methods
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1468	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	1469
2 90ce3da70b43 Initial load duke parents: diff changeset	1470	}
90ce3da70b43 Initial load duke parents: diff changeset	1471
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1472	final class AbstractTrustManagerWrapper extends X509ExtendedTrustManager
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1473	implements X509TrustManager {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1474
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1475	// the delegated trust manager
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1476	private final X509TrustManager tm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1477
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1478	AbstractTrustManagerWrapper(X509TrustManager tm) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1479	this.tm = tm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1480	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1481
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1482	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1483	public void checkClientTrusted(X509Certificate[] chain, String authType)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1484	throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1485	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1486	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1487
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1488	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1489	public void checkServerTrusted(X509Certificate[] chain, String authType)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1490	throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1491	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1492	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1493
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1494	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1495	public X509Certificate[] getAcceptedIssuers() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1496	return tm.getAcceptedIssuers();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1497	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1498
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1499	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1500	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1501	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1502	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1503	checkAdditionalTrust(chain, authType, socket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1504	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1505
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1506	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1507	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1508	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1509	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1510	checkAdditionalTrust(chain, authType, socket, false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1511	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1512
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1513	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1514	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1515	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1516	tm.checkClientTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1517	checkAdditionalTrust(chain, authType, engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1518	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1519
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1520	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1521	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1522	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1523	tm.checkServerTrusted(chain, authType);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1524	checkAdditionalTrust(chain, authType, engine, false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1525	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1526
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1527	private void checkAdditionalTrust(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1528	Socket socket, boolean isClient) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1529	if (socket != null && socket.isConnected() &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1530	socket instanceof SSLSocket) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1531
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1532	SSLSocket sslSocket = (SSLSocket)socket;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1533	SSLSession session = sslSocket.getHandshakeSession();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1534	if (session == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1535	throw new CertificateException("No handshake session");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1536	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1537
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1538	// check endpoint identity
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1539	String identityAlg = sslSocket.getSSLParameters().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1540	getEndpointIdentificationAlgorithm();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1541	if (identityAlg != null && identityAlg.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1542	String hostname = session.getPeerHost();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1543	X509TrustManagerImpl.checkIdentity(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1544	hostname, chain[0], identityAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1545	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1546
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1547	// try the best to check the algorithm constraints
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1548	AlgorithmConstraints constraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1549	if (ProtocolVersion.useTLS12PlusSpec(session.getProtocol())) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1550	if (session instanceof ExtendedSSLSession) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1551	ExtendedSSLSession extSession =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1552	(ExtendedSSLSession)session;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1553	String[] peerSupportedSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1554	extSession.getLocalSupportedSignatureAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1555
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1556	constraints = new SSLAlgorithmConstraints(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1557	sslSocket, peerSupportedSignAlgs, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1558	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1559	constraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1560	new SSLAlgorithmConstraints(sslSocket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1561	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1562	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1563	constraints = new SSLAlgorithmConstraints(sslSocket, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1564	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1565
43701 fe8c324ba97c 8160655: Fix denyAfter and usage types for security properties ascarpino parents: 43009 diff changeset	1566	checkAlgorithmConstraints(chain, constraints, isClient);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1567	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1568	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1569
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1570	private void checkAdditionalTrust(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1571	SSLEngine engine, boolean isClient) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1572	if (engine != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1573	SSLSession session = engine.getHandshakeSession();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1574	if (session == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1575	throw new CertificateException("No handshake session");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1576	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1577
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1578	// check endpoint identity
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1579	String identityAlg = engine.getSSLParameters().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1580	getEndpointIdentificationAlgorithm();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1581	if (identityAlg != null && identityAlg.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1582	String hostname = session.getPeerHost();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1583	X509TrustManagerImpl.checkIdentity(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1584	hostname, chain[0], identityAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1585	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1586
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1587	// try the best to check the algorithm constraints
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1588	AlgorithmConstraints constraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1589	if (ProtocolVersion.useTLS12PlusSpec(session.getProtocol())) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1590	if (session instanceof ExtendedSSLSession) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1591	ExtendedSSLSession extSession =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1592	(ExtendedSSLSession)session;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1593	String[] peerSupportedSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1594	extSession.getLocalSupportedSignatureAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1595
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1596	constraints = new SSLAlgorithmConstraints(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1597	engine, peerSupportedSignAlgs, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1598	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1599	constraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1600	new SSLAlgorithmConstraints(engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1601	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1602	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1603	constraints = new SSLAlgorithmConstraints(engine, true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1604	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1605
43701 fe8c324ba97c 8160655: Fix denyAfter and usage types for security properties ascarpino parents: 43009 diff changeset	1606	checkAlgorithmConstraints(chain, constraints, isClient);
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1607	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1608	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1609
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1610	private void checkAlgorithmConstraints(X509Certificate[] chain,
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1611	AlgorithmConstraints constraints,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1612	boolean isClient) throws CertificateException {
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1613	try {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1614	// Does the certificate chain end with a trusted certificate?
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1615	int checkedLength = chain.length - 1;
12302 0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1616
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1617	Collection<X509Certificate> trustedCerts = new HashSet<>();
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1618	X509Certificate[] certs = tm.getAcceptedIssuers();
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1619	if ((certs != null) && (certs.length > 0)){
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1620	Collections.addAll(trustedCerts, certs);
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1621	}
0c8557ba0b8f 7142172: Custom TrustManagers that return null for getAcceptedIssuers will NPE wetmore parents: 11037 diff changeset	1622
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1623	if (trustedCerts.contains(chain[checkedLength])) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1624	checkedLength--;
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1625	}
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1626
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1627	// A forward checker, need to check from trust to target
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1628	if (checkedLength >= 0) {
43701 fe8c324ba97c 8160655: Fix denyAfter and usage types for security properties ascarpino parents: 43009 diff changeset	1629	AlgorithmChecker checker =
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1630	new AlgorithmChecker(constraints, null,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1631	(isClient ? Validator.VAR_TLS_CLIENT :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1632	Validator.VAR_TLS_SERVER));
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1633	checker.init(false);
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1634	for (int i = checkedLength; i >= 0; i--) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1635	X509Certificate cert = chain[i];
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1636	// We don't care about the unresolved critical extensions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1637	checker.check(cert, Collections.<String>emptySet());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1638	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1639	}
11037 03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1640	} catch (CertPathValidatorException cpve) {
03c29eb4afa0 7113275: compatibility issue with MD2 trust anchor and old X509TrustManager xuelei parents: 10125 diff changeset	1641	throw new CertificateException(
40700 b75806acf716 8164846: CertificateException missing cause of underlying exception coffeys parents: 40275 diff changeset	1642	"Certificates do not conform to algorithm constraints", cpve);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1643	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1644	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1645	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1646
2 90ce3da70b43 Initial load duke parents: diff changeset	1647	// Dummy X509TrustManager implementation, rejects all peer certificates.
90ce3da70b43 Initial load duke parents: diff changeset	1648	// Used if the application did not specify a proper X509TrustManager.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1649	final class DummyX509TrustManager extends X509ExtendedTrustManager
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1650	implements X509TrustManager {
2 90ce3da70b43 Initial load duke parents: diff changeset	1651
90ce3da70b43 Initial load duke parents: diff changeset	1652	static final X509TrustManager INSTANCE = new DummyX509TrustManager();
90ce3da70b43 Initial load duke parents: diff changeset	1653
90ce3da70b43 Initial load duke parents: diff changeset	1654	private DummyX509TrustManager() {
90ce3da70b43 Initial load duke parents: diff changeset	1655	// empty
90ce3da70b43 Initial load duke parents: diff changeset	1656	}
90ce3da70b43 Initial load duke parents: diff changeset	1657
90ce3da70b43 Initial load duke parents: diff changeset	1658	/*
90ce3da70b43 Initial load duke parents: diff changeset	1659	* Given the partial or complete certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	1660	* provided by the peer, build a certificate path
90ce3da70b43 Initial load duke parents: diff changeset	1661	* to a trusted root and return if it can be
90ce3da70b43 Initial load duke parents: diff changeset	1662	* validated and is trusted for client SSL authentication.
90ce3da70b43 Initial load duke parents: diff changeset	1663	* If not, it throws an exception.
90ce3da70b43 Initial load duke parents: diff changeset	1664	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1665	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1666	public void checkClientTrusted(X509Certificate[] chain, String authType)
90ce3da70b43 Initial load duke parents: diff changeset	1667	throws CertificateException {
90ce3da70b43 Initial load duke parents: diff changeset	1668	throw new CertificateException(
90ce3da70b43 Initial load duke parents: diff changeset	1669	"No X509TrustManager implementation avaiable");
90ce3da70b43 Initial load duke parents: diff changeset	1670	}
90ce3da70b43 Initial load duke parents: diff changeset	1671
90ce3da70b43 Initial load duke parents: diff changeset	1672	/*
90ce3da70b43 Initial load duke parents: diff changeset	1673	* Given the partial or complete certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	1674	* provided by the peer, build a certificate path
90ce3da70b43 Initial load duke parents: diff changeset	1675	* to a trusted root and return if it can be
90ce3da70b43 Initial load duke parents: diff changeset	1676	* validated and is trusted for server SSL authentication.
90ce3da70b43 Initial load duke parents: diff changeset	1677	* If not, it throws an exception.
90ce3da70b43 Initial load duke parents: diff changeset	1678	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1679	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1680	public void checkServerTrusted(X509Certificate[] chain, String authType)
90ce3da70b43 Initial load duke parents: diff changeset	1681	throws CertificateException {
90ce3da70b43 Initial load duke parents: diff changeset	1682	throw new CertificateException(
90ce3da70b43 Initial load duke parents: diff changeset	1683	"No X509TrustManager implementation available");
90ce3da70b43 Initial load duke parents: diff changeset	1684	}
90ce3da70b43 Initial load duke parents: diff changeset	1685
90ce3da70b43 Initial load duke parents: diff changeset	1686	/*
90ce3da70b43 Initial load duke parents: diff changeset	1687	* Return an array of issuer certificates which are trusted
90ce3da70b43 Initial load duke parents: diff changeset	1688	* for authenticating peers.
90ce3da70b43 Initial load duke parents: diff changeset	1689	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1690	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1691	public X509Certificate[] getAcceptedIssuers() {
90ce3da70b43 Initial load duke parents: diff changeset	1692	return new X509Certificate[0];
90ce3da70b43 Initial load duke parents: diff changeset	1693	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1694
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1695	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1696	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1697	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1698	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1699	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1700	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1701
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1702	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1703	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1704	Socket socket) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1705	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1706	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1707	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1708
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1709	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1710	public void checkClientTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1711	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1712	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1713	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1714	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1715
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1716	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1717	public void checkServerTrusted(X509Certificate[] chain, String authType,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1718	SSLEngine engine) throws CertificateException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1719	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1720	"No X509TrustManager implementation available");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1721	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1722	}
90ce3da70b43 Initial load duke parents: diff changeset	1723
90ce3da70b43 Initial load duke parents: diff changeset	1724	/*
90ce3da70b43 Initial load duke parents: diff changeset	1725	* A wrapper class to turn a X509KeyManager into an X509ExtendedKeyManager
90ce3da70b43 Initial load duke parents: diff changeset	1726	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1727	final class AbstractKeyManagerWrapper extends X509ExtendedKeyManager {
2 90ce3da70b43 Initial load duke parents: diff changeset	1728
90ce3da70b43 Initial load duke parents: diff changeset	1729	private final X509KeyManager km;
90ce3da70b43 Initial load duke parents: diff changeset	1730
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	1731	AbstractKeyManagerWrapper(X509KeyManager km) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1732	this.km = km;
90ce3da70b43 Initial load duke parents: diff changeset	1733	}
90ce3da70b43 Initial load duke parents: diff changeset	1734
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1735	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1736	public String[] getClientAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1737	return km.getClientAliases(keyType, issuers);
90ce3da70b43 Initial load duke parents: diff changeset	1738	}
90ce3da70b43 Initial load duke parents: diff changeset	1739
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1740	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1741	public String chooseClientAlias(String[] keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1742	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1743	return km.chooseClientAlias(keyType, issuers, socket);
90ce3da70b43 Initial load duke parents: diff changeset	1744	}
90ce3da70b43 Initial load duke parents: diff changeset	1745
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1746	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1747	public String[] getServerAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1748	return km.getServerAliases(keyType, issuers);
90ce3da70b43 Initial load duke parents: diff changeset	1749	}
90ce3da70b43 Initial load duke parents: diff changeset	1750
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1751	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1752	public String chooseServerAlias(String keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1753	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1754	return km.chooseServerAlias(keyType, issuers, socket);
90ce3da70b43 Initial load duke parents: diff changeset	1755	}
90ce3da70b43 Initial load duke parents: diff changeset	1756
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1757	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1758	public X509Certificate[] getCertificateChain(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1759	return km.getCertificateChain(alias);
90ce3da70b43 Initial load duke parents: diff changeset	1760	}
90ce3da70b43 Initial load duke parents: diff changeset	1761
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1762	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1763	public PrivateKey getPrivateKey(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1764	return km.getPrivateKey(alias);
90ce3da70b43 Initial load duke parents: diff changeset	1765	}
90ce3da70b43 Initial load duke parents: diff changeset	1766
90ce3da70b43 Initial load duke parents: diff changeset	1767	// Inherit chooseEngineClientAlias() and chooseEngineServerAlias() from
90ce3da70b43 Initial load duke parents: diff changeset	1768	// X509ExtendedKeymanager. It defines them to return null;
90ce3da70b43 Initial load duke parents: diff changeset	1769	}
90ce3da70b43 Initial load duke parents: diff changeset	1770
90ce3da70b43 Initial load duke parents: diff changeset	1771
90ce3da70b43 Initial load duke parents: diff changeset	1772	// Dummy X509KeyManager implementation, never returns any certificates/keys.
90ce3da70b43 Initial load duke parents: diff changeset	1773	// Used if the application did not specify a proper X509TrustManager.
90ce3da70b43 Initial load duke parents: diff changeset	1774	final class DummyX509KeyManager extends X509ExtendedKeyManager {
90ce3da70b43 Initial load duke parents: diff changeset	1775
90ce3da70b43 Initial load duke parents: diff changeset	1776	static final X509ExtendedKeyManager INSTANCE = new DummyX509KeyManager();
90ce3da70b43 Initial load duke parents: diff changeset	1777
90ce3da70b43 Initial load duke parents: diff changeset	1778	private DummyX509KeyManager() {
90ce3da70b43 Initial load duke parents: diff changeset	1779	// empty
90ce3da70b43 Initial load duke parents: diff changeset	1780	}
90ce3da70b43 Initial load duke parents: diff changeset	1781
90ce3da70b43 Initial load duke parents: diff changeset	1782	/*
90ce3da70b43 Initial load duke parents: diff changeset	1783	* Get the matching aliases for authenticating the client side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1784	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1785	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1786	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1787	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1788	public String[] getClientAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1789	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1790	}
90ce3da70b43 Initial load duke parents: diff changeset	1791
90ce3da70b43 Initial load duke parents: diff changeset	1792	/*
90ce3da70b43 Initial load duke parents: diff changeset	1793	* Choose an alias to authenticate the client side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1794	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1795	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1796	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1797	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1798	public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1799	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1800	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1801	}
90ce3da70b43 Initial load duke parents: diff changeset	1802
90ce3da70b43 Initial load duke parents: diff changeset	1803	/*
90ce3da70b43 Initial load duke parents: diff changeset	1804	* Choose an alias to authenticate the client side of an
90ce3da70b43 Initial load duke parents: diff changeset	1805	* engine given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1806	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1807	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1808	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1809	public String chooseEngineClientAlias(
90ce3da70b43 Initial load duke parents: diff changeset	1810	String[] keyTypes, Principal[] issuers, SSLEngine engine) {
90ce3da70b43 Initial load duke parents: diff changeset	1811	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1812	}
90ce3da70b43 Initial load duke parents: diff changeset	1813
90ce3da70b43 Initial load duke parents: diff changeset	1814	/*
90ce3da70b43 Initial load duke parents: diff changeset	1815	* Get the matching aliases for authenticating the server side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1816	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1817	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1818	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1819	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1820	public String[] getServerAliases(String keyType, Principal[] issuers) {
90ce3da70b43 Initial load duke parents: diff changeset	1821	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1822	}
90ce3da70b43 Initial load duke parents: diff changeset	1823
90ce3da70b43 Initial load duke parents: diff changeset	1824	/*
90ce3da70b43 Initial load duke parents: diff changeset	1825	* Choose an alias to authenticate the server side of a secure
90ce3da70b43 Initial load duke parents: diff changeset	1826	* socket given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1827	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1828	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1829	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1830	public String chooseServerAlias(String keyType, Principal[] issuers,
90ce3da70b43 Initial load duke parents: diff changeset	1831	Socket socket) {
90ce3da70b43 Initial load duke parents: diff changeset	1832	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1833	}
90ce3da70b43 Initial load duke parents: diff changeset	1834
90ce3da70b43 Initial load duke parents: diff changeset	1835	/*
90ce3da70b43 Initial load duke parents: diff changeset	1836	* Choose an alias to authenticate the server side of an engine
90ce3da70b43 Initial load duke parents: diff changeset	1837	* given the public key type and the list of
90ce3da70b43 Initial load duke parents: diff changeset	1838	* certificate issuer authorities recognized by the peer (if any).
90ce3da70b43 Initial load duke parents: diff changeset	1839	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1840	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1841	public String chooseEngineServerAlias(
90ce3da70b43 Initial load duke parents: diff changeset	1842	String keyType, Principal[] issuers, SSLEngine engine) {
90ce3da70b43 Initial load duke parents: diff changeset	1843	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1844	}
90ce3da70b43 Initial load duke parents: diff changeset	1845
90ce3da70b43 Initial load duke parents: diff changeset	1846	/**
90ce3da70b43 Initial load duke parents: diff changeset	1847	* Returns the certificate chain associated with the given alias.
90ce3da70b43 Initial load duke parents: diff changeset	1848	*
90ce3da70b43 Initial load duke parents: diff changeset	1849	* @param alias the alias name
90ce3da70b43 Initial load duke parents: diff changeset	1850	*
90ce3da70b43 Initial load duke parents: diff changeset	1851	* @return the certificate chain (ordered with the user's certificate first
90ce3da70b43 Initial load duke parents: diff changeset	1852	* and the root certificate authority last)
90ce3da70b43 Initial load duke parents: diff changeset	1853	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1854	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1855	public X509Certificate[] getCertificateChain(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1856	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1857	}
90ce3da70b43 Initial load duke parents: diff changeset	1858
90ce3da70b43 Initial load duke parents: diff changeset	1859	/*
90ce3da70b43 Initial load duke parents: diff changeset	1860	* Returns the key associated with the given alias, using the given
90ce3da70b43 Initial load duke parents: diff changeset	1861	* password to recover it.
90ce3da70b43 Initial load duke parents: diff changeset	1862	*
90ce3da70b43 Initial load duke parents: diff changeset	1863	* @param alias the alias name
90ce3da70b43 Initial load duke parents: diff changeset	1864	*
90ce3da70b43 Initial load duke parents: diff changeset	1865	* @return the requested key
90ce3da70b43 Initial load duke parents: diff changeset	1866	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 13815 diff changeset	1867	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1868	public PrivateKey getPrivateKey(String alias) {
90ce3da70b43 Initial load duke parents: diff changeset	1869	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1870	}
90ce3da70b43 Initial load duke parents: diff changeset	1871	}

author	ascarpino
	Fri, 25 May 2018 12:43:45 -0700
branch	JDK-8145252-TLS13-branch
changeset 56611	f8f7e604e1f8
parent 56542	56aaa6cb3693
child 56701	5d76e867b5cd
permissions	-rw-r--r--