jdk-sandbox: comparison src/java.base/share/classes/sun/security/ssl/JsseJce.java

equal deleted inserted replaced

-:356eaea05bf0
+:68fa3d4026ea
 /*
-* Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * questions.
 */
 package sun.security.ssl;
-import java.util.*;
 import java.math.BigInteger;
 import java.security.*;
 import java.security.interfaces.RSAPublicKey;
 import java.security.spec.*;
+import java.util.*;
 import javax.crypto.*;
+import sun.security.jca.ProviderList;
-// explicit import to override the Provider class in this package
-import java.security.Provider;
-// need internal Sun classes for FIPS tricks
 import sun.security.jca.Providers;
-import sun.security.jca.ProviderList;
+import static sun.security.ssl.SunJSSE.cryptoProvider;
 import sun.security.util.ECUtil;
-import static sun.security.ssl.SunJSSE.cryptoProvider;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
 /**
 * This class contains a few static methods for interaction with the JCA/JCE
 * to obtain implementations, etc.
 *
 * @author  Andreas Sterbenz
 */
 final class JsseJce {
+static final boolean ALLOW_ECC =
+Utilities.getBooleanProperty("com.sun.net.ssl.enableECC", true);
 private static final ProviderList fipsProviderList;
-// Flag indicating whether Kerberos crypto is available.
-// If true, then all the Kerberos-based crypto we need is available.
-private static final boolean kerberosAvailable;
-static {
-ClientKeyExchangeService p =
-ClientKeyExchangeService.find("KRB5");
-kerberosAvailable = (p != null);
-}
 static {
 // force FIPS flag initialization
 // Because isFIPS() is synchronized and cryptoProvider is not modified
 // after it completes, this also eliminates the need for any further
 /**
 * JCE transformation string for RSA with PKCS#1 v1.5 padding.
 * Can be used for encryption, decryption, signing, verifying.
 */
 static final String CIPHER_RSA_PKCS1 = "RSA/ECB/PKCS1Padding";
 /**
 * JCE transformation string for the stream cipher RC4.
 */
 static final String CIPHER_RC4 = "RC4";
 /**
 * JCE transformation string for DES in CBC mode without padding.
 */
 static final String CIPHER_DES = "DES/CBC/NoPadding";
 /**
 * JCE transformation string for (3-key) Triple DES in CBC mode
 * without padding.
 */
 static final String CIPHER_3DES = "DESede/CBC/NoPadding";
 /**
 * JCE transformation string for AES in CBC mode
 * without padding.
 */
 static final String CIPHER_AES = "AES/CBC/NoPadding";
 /**
 * JCE transformation string for AES in GCM mode
 * without padding.
 */
 static final String CIPHER_AES_GCM = "AES/GCM/NoPadding";
 /**
 * JCA identifier string for DSA, i.e. a DSA with SHA-1.
 */
 static final String SIGNATURE_DSA = "DSA";
 /**
 * JCA identifier string for ECDSA, i.e. a ECDSA with SHA-1.
 */
 static final String SIGNATURE_ECDSA = "SHA1withECDSA";
 /**
 * JCA identifier string for Raw DSA, i.e. a DSA signature without
 * hashing where the application provides the SHA-1 hash of the data.
 * Note that the standard name is "NONEwithDSA" but we use "RawDSA"
 * for compatibility.
 */
 static final String SIGNATURE_RAWDSA = "RawDSA";
 /**
 * JCA identifier string for Raw ECDSA, i.e. a DSA signature without
 * hashing where the application provides the SHA-1 hash of the data.
 */
 static final String SIGNATURE_RAWECDSA = "NONEwithECDSA";
 /**
 * JCA identifier string for Raw RSA, i.e. a RSA PKCS#1 v1.5 signature
 * without hashing where the application provides the hash of the data.
 * Used for RSA client authentication with a 36 byte hash.
 */
 static final String SIGNATURE_RAWRSA = "NONEwithRSA";
 /**
 * JCA identifier string for the SSL/TLS style RSA Signature. I.e.
 * an signature using RSA with PKCS#1 v1.5 padding signing a
 * concatenation of an MD5 and SHA-1 digest.
 */
 // no instantiation of this class
 }
 static boolean isEcAvailable() {
 return EcAvailability.isAvailable;
-}
-static boolean isKerberosAvailable() {
-return kerberosAvailable;
 }
 /**
 * Return an JCE cipher implementation for the specified algorithm.
 */
 // ignore
 }
 for (Provider.Service s : cryptoProvider.getServices()) {
 if (s.getType().equals("SecureRandom")) {
 try {
-return SecureRandom.getInstance(s.getAlgorithm(), cryptoProvider);
+return SecureRandom.getInstance(
+s.getAlgorithm(), cryptoProvider);
 } catch (NoSuchAlgorithmException ee) {
 // ignore
 }
 }
 }
 // lazy initialization holder class idiom for static default parameters
 //
 // See Effective Java Second Edition: Item 71.
 private static class EcAvailability {
 // Is EC crypto available?
-private final static boolean isAvailable;
+private static final boolean isAvailable;
 static {
 boolean mediator = true;
 try {
 JsseJce.getSignature(SIGNATURE_ECDSA);

changeset 50768	68fa3d4026ea
parent 47216	71c04702a3d5
child 51773	720fd6544b03