44 import java.util.Queue; |
44 import java.util.Queue; |
45 import javax.crypto.SecretKey; |
45 import javax.crypto.SecretKey; |
46 import javax.net.ssl.SNIServerName; |
46 import javax.net.ssl.SNIServerName; |
47 import javax.net.ssl.SSLHandshakeException; |
47 import javax.net.ssl.SSLHandshakeException; |
48 import javax.security.auth.x500.X500Principal; |
48 import javax.security.auth.x500.X500Principal; |
49 import sun.security.ssl.NamedGroup.NamedGroupType; |
49 import sun.security.ssl.NamedGroup.NamedGroupSpec; |
50 import static sun.security.ssl.NamedGroup.NamedGroupType.*; |
50 import static sun.security.ssl.NamedGroup.NamedGroupSpec.*; |
51 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups; |
51 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups; |
52 |
52 |
53 abstract class HandshakeContext implements ConnectionContext { |
53 abstract class HandshakeContext implements ConnectionContext { |
54 // System properties |
54 // System properties |
55 |
55 |
281 // Ignore disabled protocol. |
281 // Ignore disabled protocol. |
282 continue; |
282 continue; |
283 } |
283 } |
284 |
284 |
285 boolean found = false; |
285 boolean found = false; |
286 Map<NamedGroupType, Boolean> cachedStatus = |
286 Map<NamedGroupSpec, Boolean> cachedStatus = |
287 new EnumMap<>(NamedGroupType.class); |
287 new EnumMap<>(NamedGroupSpec.class); |
288 for (CipherSuite suite : enabledCipherSuites) { |
288 for (CipherSuite suite : enabledCipherSuites) { |
289 if (suite.isAvailable() && suite.supports(protocol)) { |
289 if (suite.isAvailable() && suite.supports(protocol)) { |
290 if (isActivatable(suite, |
290 if (isActivatable(suite, |
291 algorithmConstraints, cachedStatus)) { |
291 algorithmConstraints, cachedStatus)) { |
292 protocols.add(protocol); |
292 protocols.add(protocol); |
321 List<CipherSuite> enabledCipherSuites, |
321 List<CipherSuite> enabledCipherSuites, |
322 AlgorithmConstraints algorithmConstraints) { |
322 AlgorithmConstraints algorithmConstraints) { |
323 |
323 |
324 List<CipherSuite> suites = new LinkedList<>(); |
324 List<CipherSuite> suites = new LinkedList<>(); |
325 if (enabledProtocols != null && !enabledProtocols.isEmpty()) { |
325 if (enabledProtocols != null && !enabledProtocols.isEmpty()) { |
326 Map<NamedGroupType, Boolean> cachedStatus = |
326 Map<NamedGroupSpec, Boolean> cachedStatus = |
327 new EnumMap<>(NamedGroupType.class); |
327 new EnumMap<>(NamedGroupSpec.class); |
328 for (CipherSuite suite : enabledCipherSuites) { |
328 for (CipherSuite suite : enabledCipherSuites) { |
329 if (!suite.isAvailable()) { |
329 if (!suite.isAvailable()) { |
330 continue; |
330 continue; |
331 } |
331 } |
332 |
332 |
507 this.conContext.protocolVersion = protocolVersion; |
507 this.conContext.protocolVersion = protocolVersion; |
508 } |
508 } |
509 |
509 |
510 private static boolean isActivatable(CipherSuite suite, |
510 private static boolean isActivatable(CipherSuite suite, |
511 AlgorithmConstraints algorithmConstraints, |
511 AlgorithmConstraints algorithmConstraints, |
512 Map<NamedGroupType, Boolean> cachedStatus) { |
512 Map<NamedGroupSpec, Boolean> cachedStatus) { |
513 |
513 |
514 if (algorithmConstraints.permits( |
514 if (algorithmConstraints.permits( |
515 EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), suite.name, null)) { |
515 EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), suite.name, null)) { |
516 if (suite.keyExchange == null) { |
516 if (suite.keyExchange == null) { |
517 // TLS 1.3, no definition of key exchange in cipher suite. |
517 // TLS 1.3, no definition of key exchange in cipher suite. |
518 return true; |
518 return true; |
519 } |
519 } |
520 |
520 |
521 // Is at least one of the group types available? |
521 // Is at least one of the group types available? |
522 boolean groupAvailable, retval = false; |
522 boolean groupAvailable, retval = false; |
523 NamedGroupType[] groupTypes = suite.keyExchange.groupTypes; |
523 NamedGroupSpec[] groupTypes = suite.keyExchange.groupTypes; |
524 for (NamedGroupType groupType : groupTypes) { |
524 for (NamedGroupSpec groupType : groupTypes) { |
525 if (groupType != NAMED_GROUP_NONE) { |
525 if (groupType != NAMED_GROUP_NONE) { |
526 Boolean checkedStatus = cachedStatus.get(groupType); |
526 Boolean checkedStatus = cachedStatus.get(groupType); |
527 if (checkedStatus == null) { |
527 if (checkedStatus == null) { |
528 groupAvailable = SupportedGroups.isActivatable( |
528 groupAvailable = SupportedGroups.isActivatable( |
529 algorithmConstraints, groupType); |
529 algorithmConstraints, groupType); |