--- a/src/java.base/share/classes/com/sun/net/ssl/SSLSecurity.java Sat Mar 09 12:52:30 2019 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,699 +0,0 @@
-/*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.SSLSecurity,
- * but was heavily modified to allow com.sun.* users to
- * access providers written using the javax.sun.* APIs.
- */
-
-package com.sun.net.ssl;
-
-import java.util.*;
-import java.io.*;
-import java.security.*;
-import java.security.Provider.Service;
-import java.net.Socket;
-
-import sun.security.jca.*;
-
-/**
- * This class instantiates implementations of JSSE engine classes from
- * providers registered with the java.security.Security object.
- *
- * @author Jan Luehe
- * @author Jeff Nisewanger
- * @author Brad Wetmore
- */
-
-final class SSLSecurity {
-
- /*
- * Don't let anyone instantiate this.
- */
- private SSLSecurity() {
- }
-
-
- // ProviderList.getService() is not accessible now, implement our own loop
- private static Service getService(String type, String alg) {
- ProviderList list = Providers.getProviderList();
- for (Provider p : list.providers()) {
- Service s = p.getService(type, alg);
- if (s != null) {
- return s;
- }
- }
- return null;
- }
-
- /**
- * The body of the driver for the getImpl method.
- */
- private static Object[] getImpl1(String algName, String engineType,
- Service service) throws NoSuchAlgorithmException
- {
- Provider provider = service.getProvider();
- String className = service.getClassName();
- Class<?> implClass;
- try {
- ClassLoader cl = provider.getClass().getClassLoader();
- if (cl == null) {
- // system class
- implClass = Class.forName(className);
- } else {
- implClass = cl.loadClass(className);
- }
- } catch (ClassNotFoundException e) {
- throw new NoSuchAlgorithmException("Class " + className +
- " configured for " +
- engineType +
- " not found: " +
- e.getMessage());
- } catch (SecurityException e) {
- throw new NoSuchAlgorithmException("Class " + className +
- " configured for " +
- engineType +
- " cannot be accessed: " +
- e.getMessage());
- }
-
- /*
- * JSSE 1.0, 1.0.1, and 1.0.2 used the com.sun.net.ssl API as the
- * API was being developed. As JSSE was folded into the main
- * release, it was decided to promote the com.sun.net.ssl API to
- * be javax.net.ssl. It is desired to keep binary compatibility
- * with vendors of JSSE implementation written using the
- * com.sun.net.sll API, so we do this magic to handle everything.
- *
- * API used Implementation used Supported?
- * ======== =================== ==========
- * com.sun javax Yes
- * com.sun com.sun Yes
- * javax javax Yes
- * javax com.sun Not Currently
- *
- * Make sure the implementation class is a subclass of the
- * corresponding engine class.
- *
- * In wrapping these classes, there's no way to know how to
- * wrap all possible classes that extend the TrustManager/KeyManager.
- * We only wrap the x509 variants.
- */
-
- try { // catch instantiation errors
-
- /*
- * (The following Class.forName()s should alway work, because
- * this class and all the SPI classes in javax.crypto are
- * loaded by the same class loader.) That is, unless they
- * give us a SPI class that doesn't exist, say SSLFoo,
- * or someone has removed classes from the java.base module.
- */
-
- Class<?> typeClassJavax;
- Class<?> typeClassCom;
- Object obj = null;
-
- /*
- * Odds are more likely that we have a javax variant, try this
- * first.
- */
- if (((typeClassJavax = Class.forName("javax.net.ssl." +
- engineType + "Spi")) != null) &&
- (checkSuperclass(implClass, typeClassJavax))) {
-
- if (engineType.equals("SSLContext")) {
- obj = new SSLContextSpiWrapper(algName, provider);
- } else if (engineType.equals("TrustManagerFactory")) {
- obj = new TrustManagerFactorySpiWrapper(algName, provider);
- } else if (engineType.equals("KeyManagerFactory")) {
- obj = new KeyManagerFactorySpiWrapper(algName, provider);
- } else {
- /*
- * We should throw an error if we get
- * something totally unexpected. Don't ever
- * expect to see this one...
- */
- throw new IllegalStateException(
- "Class " + implClass.getName() +
- " unknown engineType wrapper:" + engineType);
- }
-
- } else if (((typeClassCom = Class.forName("com.sun.net.ssl." +
- engineType + "Spi")) != null) &&
- (checkSuperclass(implClass, typeClassCom))) {
- obj = service.newInstance(null);
- }
-
- if (obj != null) {
- return new Object[] { obj, provider };
- } else {
- throw new NoSuchAlgorithmException(
- "Couldn't locate correct object or wrapper: " +
- engineType + " " + algName);
- }
-
- } catch (ClassNotFoundException e) {
- IllegalStateException exc = new IllegalStateException(
- "Engine Class Not Found for " + engineType);
- exc.initCause(e);
- throw exc;
- }
- }
-
- /**
- * Returns an array of objects: the first object in the array is
- * an instance of an implementation of the requested algorithm
- * and type, and the second object in the array identifies the provider
- * of that implementation.
- * The <code>provName</code> argument can be null, in which case all
- * configured providers will be searched in order of preference.
- */
- static Object[] getImpl(String algName, String engineType, String provName)
- throws NoSuchAlgorithmException, NoSuchProviderException
- {
- Service service;
- if (provName != null) {
- ProviderList list = Providers.getProviderList();
- Provider prov = list.getProvider(provName);
- if (prov == null) {
- throw new NoSuchProviderException("No such provider: " +
- provName);
- }
- service = prov.getService(engineType, algName);
- } else {
- service = getService(engineType, algName);
- }
- if (service == null) {
- throw new NoSuchAlgorithmException("Algorithm " + algName
- + " not available");
- }
- return getImpl1(algName, engineType, service);
- }
-
-
- /**
- * Returns an array of objects: the first object in the array is
- * an instance of an implementation of the requested algorithm
- * and type, and the second object in the array identifies the provider
- * of that implementation.
- * The <code>prov</code> argument can be null, in which case all
- * configured providers will be searched in order of preference.
- */
- static Object[] getImpl(String algName, String engineType, Provider prov)
- throws NoSuchAlgorithmException
- {
- Service service = prov.getService(engineType, algName);
- if (service == null) {
- throw new NoSuchAlgorithmException("No such algorithm: " +
- algName);
- }
- return getImpl1(algName, engineType, service);
- }
-
- /*
- * Checks whether one class is the superclass of another
- */
- private static boolean checkSuperclass(Class<?> subclass, Class<?> superclass) {
- if ((subclass == null) || (superclass == null))
- return false;
-
- while (!subclass.equals(superclass)) {
- subclass = subclass.getSuperclass();
- if (subclass == null) {
- return false;
- }
- }
- return true;
- }
-
- /*
- * Return at most the first "resize" elements of an array.
- *
- * Didn't want to use java.util.Arrays, as PJava may not have it.
- */
- static Object[] truncateArray(Object[] oldArray, Object[] newArray) {
-
- for (int i = 0; i < newArray.length; i++) {
- newArray[i] = oldArray[i];
- }
-
- return newArray;
- }
-
-}
-
-
-/*
- * =================================================================
- * The remainder of this file is for the wrapper and wrapper-support
- * classes. When SSLSecurity finds something which extends the
- * javax.net.ssl.*Spi, we need to go grab a real instance of the
- * thing that the Spi supports, and wrap into a com.sun.net.ssl.*Spi
- * object. This also mean that anything going down into the SPI
- * needs to be wrapped, as well as anything coming back up.
- */
-@SuppressWarnings("deprecation")
-final class SSLContextSpiWrapper extends SSLContextSpi {
-
- private javax.net.ssl.SSLContext theSSLContext;
-
- SSLContextSpiWrapper(String algName, Provider prov) throws
- NoSuchAlgorithmException {
- theSSLContext = javax.net.ssl.SSLContext.getInstance(algName, prov);
- }
-
- @SuppressWarnings("deprecation")
- protected void engineInit(KeyManager[] kma, TrustManager[] tma,
- SecureRandom sr) throws KeyManagementException {
-
- // Keep track of the actual number of array elements copied
- int dst;
- int src;
- javax.net.ssl.KeyManager[] kmaw;
- javax.net.ssl.TrustManager[] tmaw;
-
- // Convert com.sun.net.ssl.kma to a javax.net.ssl.kma
- // wrapper if need be.
- if (kma != null) {
- kmaw = new javax.net.ssl.KeyManager[kma.length];
- for (src = 0, dst = 0; src < kma.length; ) {
- /*
- * These key managers may implement both javax
- * and com.sun interfaces, so if they do
- * javax, there's no need to wrap them.
- */
- if (!(kma[src] instanceof javax.net.ssl.KeyManager)) {
- /*
- * Do we know how to convert them? If not, oh well...
- * We'll have to drop them on the floor in this
- * case, cause we don't know how to handle them.
- * This will be pretty rare, but put here for
- * completeness.
- */
- if (kma[src] instanceof X509KeyManager) {
- kmaw[dst] = (javax.net.ssl.KeyManager)
- new X509KeyManagerJavaxWrapper(
- (X509KeyManager)kma[src]);
- dst++;
- }
- } else {
- // We can convert directly, since they implement.
- kmaw[dst] = (javax.net.ssl.KeyManager)kma[src];
- dst++;
- }
- src++;
- }
-
- /*
- * If dst != src, there were more items in the original array
- * than in the new array. Compress the new elements to avoid
- * any problems down the road.
- */
- if (dst != src) {
- kmaw = (javax.net.ssl.KeyManager [])
- SSLSecurity.truncateArray(kmaw,
- new javax.net.ssl.KeyManager [dst]);
- }
- } else {
- kmaw = null;
- }
-
- // Now do the same thing with the TrustManagers.
- if (tma != null) {
- tmaw = new javax.net.ssl.TrustManager[tma.length];
-
- for (src = 0, dst = 0; src < tma.length; ) {
- /*
- * These key managers may implement both...see above...
- */
- if (!(tma[src] instanceof javax.net.ssl.TrustManager)) {
- // Do we know how to convert them?
- if (tma[src] instanceof X509TrustManager) {
- tmaw[dst] = (javax.net.ssl.TrustManager)
- new X509TrustManagerJavaxWrapper(
- (X509TrustManager)tma[src]);
- dst++;
- }
- } else {
- tmaw[dst] = (javax.net.ssl.TrustManager)tma[src];
- dst++;
- }
- src++;
- }
-
- if (dst != src) {
- tmaw = (javax.net.ssl.TrustManager [])
- SSLSecurity.truncateArray(tmaw,
- new javax.net.ssl.TrustManager [dst]);
- }
- } else {
- tmaw = null;
- }
-
- theSSLContext.init(kmaw, tmaw, sr);
- }
-
- protected javax.net.ssl.SSLSocketFactory
- engineGetSocketFactory() {
- return theSSLContext.getSocketFactory();
- }
-
- protected javax.net.ssl.SSLServerSocketFactory
- engineGetServerSocketFactory() {
- return theSSLContext.getServerSocketFactory();
- }
-
-}
-
-@SuppressWarnings("deprecation")
-final class TrustManagerFactorySpiWrapper extends TrustManagerFactorySpi {
-
- private javax.net.ssl.TrustManagerFactory theTrustManagerFactory;
-
- TrustManagerFactorySpiWrapper(String algName, Provider prov) throws
- NoSuchAlgorithmException {
- theTrustManagerFactory =
- javax.net.ssl.TrustManagerFactory.getInstance(algName, prov);
- }
-
- protected void engineInit(KeyStore ks) throws KeyStoreException {
- theTrustManagerFactory.init(ks);
- }
-
- protected TrustManager[] engineGetTrustManagers() {
-
- int dst;
- int src;
-
- javax.net.ssl.TrustManager[] tma =
- theTrustManagerFactory.getTrustManagers();
-
- TrustManager[] tmaw = new TrustManager[tma.length];
-
- for (src = 0, dst = 0; src < tma.length; ) {
- if (!(tma[src] instanceof com.sun.net.ssl.TrustManager)) {
- // We only know how to wrap X509TrustManagers, as
- // TrustManagers don't have any methods to wrap.
- if (tma[src] instanceof javax.net.ssl.X509TrustManager) {
- tmaw[dst] = (TrustManager)
- new X509TrustManagerComSunWrapper(
- (javax.net.ssl.X509TrustManager)tma[src]);
- dst++;
- }
- } else {
- tmaw[dst] = (TrustManager)tma[src];
- dst++;
- }
- src++;
- }
-
- if (dst != src) {
- tmaw = (TrustManager [])
- SSLSecurity.truncateArray(tmaw, new TrustManager [dst]);
- }
-
- return tmaw;
- }
-
-}
-
-@SuppressWarnings("deprecation")
-final class KeyManagerFactorySpiWrapper extends KeyManagerFactorySpi {
-
- private javax.net.ssl.KeyManagerFactory theKeyManagerFactory;
-
- KeyManagerFactorySpiWrapper(String algName, Provider prov) throws
- NoSuchAlgorithmException {
- theKeyManagerFactory =
- javax.net.ssl.KeyManagerFactory.getInstance(algName, prov);
- }
-
- protected void engineInit(KeyStore ks, char[] password)
- throws KeyStoreException, NoSuchAlgorithmException,
- UnrecoverableKeyException {
- theKeyManagerFactory.init(ks, password);
- }
-
- protected KeyManager[] engineGetKeyManagers() {
-
- int dst;
- int src;
-
- javax.net.ssl.KeyManager[] kma =
- theKeyManagerFactory.getKeyManagers();
-
- KeyManager[] kmaw = new KeyManager[kma.length];
-
- for (src = 0, dst = 0; src < kma.length; ) {
- if (!(kma[src] instanceof com.sun.net.ssl.KeyManager)) {
- // We only know how to wrap X509KeyManagers, as
- // KeyManagers don't have any methods to wrap.
- if (kma[src] instanceof javax.net.ssl.X509KeyManager) {
- kmaw[dst] = (KeyManager)
- new X509KeyManagerComSunWrapper(
- (javax.net.ssl.X509KeyManager)kma[src]);
- dst++;
- }
- } else {
- kmaw[dst] = (KeyManager)kma[src];
- dst++;
- }
- src++;
- }
-
- if (dst != src) {
- kmaw = (KeyManager [])
- SSLSecurity.truncateArray(kmaw, new KeyManager [dst]);
- }
-
- return kmaw;
- }
-
-}
-
-// =================================
-
-@SuppressWarnings("deprecation")
-final class X509KeyManagerJavaxWrapper implements
- javax.net.ssl.X509KeyManager {
-
- private X509KeyManager theX509KeyManager;
-
- X509KeyManagerJavaxWrapper(X509KeyManager obj) {
- theX509KeyManager = obj;
- }
-
- public String[] getClientAliases(String keyType, Principal[] issuers) {
- return theX509KeyManager.getClientAliases(keyType, issuers);
- }
-
- public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
- Socket socket) {
- String retval;
-
- if (keyTypes == null) {
- return null;
- }
-
- /*
- * Scan the list, look for something we can pass back.
- */
- for (int i = 0; i < keyTypes.length; i++) {
- if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i],
- issuers)) != null)
- return retval;
- }
- return null;
-
- }
-
- /*
- * JSSE 1.0.x was only socket based, but it's possible someone might
- * want to install a really old provider. We should at least
- * try to be nice.
- */
- public String chooseEngineClientAlias(
- String[] keyTypes, Principal[] issuers,
- javax.net.ssl.SSLEngine engine) {
- String retval;
-
- if (keyTypes == null) {
- return null;
- }
-
- /*
- * Scan the list, look for something we can pass back.
- */
- for (int i = 0; i < keyTypes.length; i++) {
- if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i],
- issuers)) != null)
- return retval;
- }
-
- return null;
- }
-
- public String[] getServerAliases(String keyType, Principal[] issuers) {
- return theX509KeyManager.getServerAliases(keyType, issuers);
- }
-
- public String chooseServerAlias(String keyType, Principal[] issuers,
- Socket socket) {
-
- if (keyType == null) {
- return null;
- }
- return theX509KeyManager.chooseServerAlias(keyType, issuers);
- }
-
- /*
- * JSSE 1.0.x was only socket based, but it's possible someone might
- * want to install a really old provider. We should at least
- * try to be nice.
- */
- public String chooseEngineServerAlias(
- String keyType, Principal[] issuers,
- javax.net.ssl.SSLEngine engine) {
-
- if (keyType == null) {
- return null;
- }
- return theX509KeyManager.chooseServerAlias(keyType, issuers);
- }
-
- public java.security.cert.X509Certificate[]
- getCertificateChain(String alias) {
- return theX509KeyManager.getCertificateChain(alias);
- }
-
- public PrivateKey getPrivateKey(String alias) {
- return theX509KeyManager.getPrivateKey(alias);
- }
-}
-
-@SuppressWarnings("deprecation")
-final class X509TrustManagerJavaxWrapper implements
- javax.net.ssl.X509TrustManager {
-
- private X509TrustManager theX509TrustManager;
-
- X509TrustManagerJavaxWrapper(X509TrustManager obj) {
- theX509TrustManager = obj;
- }
-
- public void checkClientTrusted(
- java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- if (!theX509TrustManager.isClientTrusted(chain)) {
- throw new java.security.cert.CertificateException(
- "Untrusted Client Certificate Chain");
- }
- }
-
- public void checkServerTrusted(
- java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- if (!theX509TrustManager.isServerTrusted(chain)) {
- throw new java.security.cert.CertificateException(
- "Untrusted Server Certificate Chain");
- }
- }
-
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return theX509TrustManager.getAcceptedIssuers();
- }
-}
-
-@SuppressWarnings("deprecation")
-final class X509KeyManagerComSunWrapper implements X509KeyManager {
-
- private javax.net.ssl.X509KeyManager theX509KeyManager;
-
- X509KeyManagerComSunWrapper(javax.net.ssl.X509KeyManager obj) {
- theX509KeyManager = obj;
- }
-
- public String[] getClientAliases(String keyType, Principal[] issuers) {
- return theX509KeyManager.getClientAliases(keyType, issuers);
- }
-
- public String chooseClientAlias(String keyType, Principal[] issuers) {
- String [] keyTypes = new String [] { keyType };
- return theX509KeyManager.chooseClientAlias(keyTypes, issuers, null);
- }
-
- public String[] getServerAliases(String keyType, Principal[] issuers) {
- return theX509KeyManager.getServerAliases(keyType, issuers);
- }
-
- public String chooseServerAlias(String keyType, Principal[] issuers) {
- return theX509KeyManager.chooseServerAlias(keyType, issuers, null);
- }
-
- public java.security.cert.X509Certificate[]
- getCertificateChain(String alias) {
- return theX509KeyManager.getCertificateChain(alias);
- }
-
- public PrivateKey getPrivateKey(String alias) {
- return theX509KeyManager.getPrivateKey(alias);
- }
-}
-
-@SuppressWarnings("deprecation")
-final class X509TrustManagerComSunWrapper implements X509TrustManager {
-
- private javax.net.ssl.X509TrustManager theX509TrustManager;
-
- X509TrustManagerComSunWrapper(javax.net.ssl.X509TrustManager obj) {
- theX509TrustManager = obj;
- }
-
- public boolean isClientTrusted(
- java.security.cert.X509Certificate[] chain) {
- try {
- theX509TrustManager.checkClientTrusted(chain, "UNKNOWN");
- return true;
- } catch (java.security.cert.CertificateException e) {
- return false;
- }
- }
-
- public boolean isServerTrusted(
- java.security.cert.X509Certificate[] chain) {
- try {
- theX509TrustManager.checkServerTrusted(chain, "UNKNOWN");
- return true;
- } catch (java.security.cert.CertificateException e) {
- return false;
- }
- }
-
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return theX509TrustManager.getAcceptedIssuers();
- }
-}