44 import java.util.Queue; |
44 import java.util.Queue; |
45 import javax.crypto.SecretKey; |
45 import javax.crypto.SecretKey; |
46 import javax.net.ssl.SNIServerName; |
46 import javax.net.ssl.SNIServerName; |
47 import javax.net.ssl.SSLHandshakeException; |
47 import javax.net.ssl.SSLHandshakeException; |
48 import javax.security.auth.x500.X500Principal; |
48 import javax.security.auth.x500.X500Principal; |
49 import sun.security.ssl.SupportedGroupsExtension.NamedGroup; |
49 import sun.security.ssl.NamedGroup.NamedGroupType; |
50 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType; |
50 import static sun.security.ssl.NamedGroup.NamedGroupType.*; |
51 import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*; |
|
52 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups; |
51 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups; |
53 |
52 |
54 abstract class HandshakeContext implements ConnectionContext { |
53 abstract class HandshakeContext implements ConnectionContext { |
55 // System properties |
54 // System properties |
56 |
55 |
517 if (suite.keyExchange == null) { |
516 if (suite.keyExchange == null) { |
518 // TLS 1.3, no definition of key exchange in cipher suite. |
517 // TLS 1.3, no definition of key exchange in cipher suite. |
519 return true; |
518 return true; |
520 } |
519 } |
521 |
520 |
522 boolean available; |
521 // Is at least one of the group types available? |
523 NamedGroupType groupType = suite.keyExchange.groupType; |
522 boolean groupAvailable, retval = false; |
524 if (groupType != NAMED_GROUP_NONE) { |
523 NamedGroupType[] groupTypes = suite.keyExchange.groupTypes; |
525 Boolean checkedStatus = cachedStatus.get(groupType); |
524 for (NamedGroupType groupType : groupTypes) { |
526 if (checkedStatus == null) { |
525 if (groupType != NAMED_GROUP_NONE) { |
527 available = SupportedGroups.isActivatable( |
526 Boolean checkedStatus = cachedStatus.get(groupType); |
528 algorithmConstraints, groupType); |
527 if (checkedStatus == null) { |
529 cachedStatus.put(groupType, available); |
528 groupAvailable = SupportedGroups.isActivatable( |
530 |
529 algorithmConstraints, groupType); |
531 if (!available && |
530 cachedStatus.put(groupType, groupAvailable); |
532 SSLLogger.isOn && SSLLogger.isOn("verbose")) { |
531 |
533 SSLLogger.fine("No activated named group"); |
532 if (!groupAvailable && |
|
533 SSLLogger.isOn && SSLLogger.isOn("verbose")) { |
|
534 SSLLogger.fine( |
|
535 "No activated named group in " + groupType); |
|
536 } |
|
537 } else { |
|
538 groupAvailable = checkedStatus; |
534 } |
539 } |
|
540 |
|
541 retval |= groupAvailable; |
535 } else { |
542 } else { |
536 available = checkedStatus; |
543 retval |= true; |
537 } |
544 } |
538 |
545 } |
539 if (!available && SSLLogger.isOn && SSLLogger.isOn("verbose")) { |
546 |
540 SSLLogger.fine( |
547 if (!retval && SSLLogger.isOn && SSLLogger.isOn("verbose")) { |
541 "No active named group, ignore " + suite); |
548 SSLLogger.fine("No active named group(s), ignore " + suite); |
542 } |
549 } |
543 return available; |
550 |
544 } else { |
551 return retval; |
545 return true; |
552 |
546 } |
|
547 } else if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { |
553 } else if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { |
548 SSLLogger.fine("Ignore disabled cipher suite: " + suite); |
554 SSLLogger.fine("Ignore disabled cipher suite: " + suite); |
549 } |
555 } |
550 |
556 |
551 return false; |
557 return false; |