--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Tue Feb 12 15:19:25 2019 -0500
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Tue Feb 12 13:36:15 2019 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -66,97 +66,16 @@
"(PKCS12, SunX509/PKIX key/trust factories, " +
"SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3/DTLSv1.0/DTLSv1.2)";
- private static String fipsInfo =
- "Sun JSSE provider (FIPS mode, crypto provider ";
-
- // tri-valued flag:
- // null := no final decision made
- // false := data structures initialized in non-FIPS mode
- // true := data structures initialized in FIPS mode
- private static Boolean fips;
-
- // the FIPS certificate crypto provider that we use to perform all crypto
- // operations. null in non-FIPS mode
- static java.security.Provider cryptoProvider;
-
- protected static synchronized boolean isFIPS() {
- if (fips == null) {
- fips = false;
- }
- return fips;
- }
-
- // ensure we can use FIPS mode using the specified crypto provider.
- // enable FIPS mode if not already enabled.
- private static synchronized void ensureFIPS(java.security.Provider p) {
- if (fips == null) {
- fips = true;
- cryptoProvider = p;
- } else {
- if (fips == false) {
- throw new ProviderException
- ("SunJSSE already initialized in non-FIPS mode");
- }
- if (cryptoProvider != p) {
- throw new ProviderException
- ("SunJSSE already initialized with FIPS crypto provider "
- + cryptoProvider);
- }
- }
- }
-
- // standard constructor
protected SunJSSE() {
super("SunJSSE", PROVIDER_VER, info);
subclassCheck();
- if (Boolean.TRUE.equals(fips)) {
- throw new ProviderException
- ("SunJSSE is already initialized in FIPS mode");
- }
- registerAlgorithms(false);
- }
-
- // preferred constructor to enable FIPS mode at runtime
- protected SunJSSE(java.security.Provider cryptoProvider){
- this(checkNull(cryptoProvider), cryptoProvider.getName());
- }
-
- // constructor to enable FIPS mode from java.security file
- protected SunJSSE(String cryptoProvider){
- this(null, checkNull(cryptoProvider));
- }
-
- private static <T> T checkNull(T t) {
- if (t == null) {
- throw new ProviderException("cryptoProvider must not be null");
- }
- return t;
+ registerAlgorithms();
}
- private SunJSSE(java.security.Provider cryptoProvider,
- String providerName) {
- super("SunJSSE", PROVIDER_VER, fipsInfo + providerName + ")");
- subclassCheck();
- if (cryptoProvider == null) {
- // Calling Security.getProvider() will cause other providers to be
- // loaded. That is not good but unavoidable here.
- cryptoProvider = Security.getProvider(providerName);
- if (cryptoProvider == null) {
- throw new ProviderException
- ("Crypto provider not installed: " + providerName);
- }
- }
- ensureFIPS(cryptoProvider);
- registerAlgorithms(true);
- }
-
- private void registerAlgorithms(final boolean isfips) {
- AccessController.doPrivileged(new PrivilegedAction<Object>() {
- @Override
- public Object run() {
- doRegister(isfips);
- return null;
- }
+ private void registerAlgorithms() {
+ AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
+ doRegister();
+ return null;
});
}
@@ -165,14 +84,13 @@
putService(new Provider.Service(this, type, algo, cn, aliases, attrs));
}
- private void doRegister(boolean isfips) {
- if (isfips == false) {
- Iterator<Provider.Service> rsaIter =
- new SunRsaSignEntries(this).iterator();
- while (rsaIter.hasNext()) {
- putService(rsaIter.next());
- }
+ private void doRegister() {
+ Iterator<Provider.Service> rsaIter =
+ new SunRsaSignEntries(this).iterator();
+ while (rsaIter.hasNext()) {
+ putService(rsaIter.next());
}
+
ps("Signature", "MD5andSHA1withRSA",
"sun.security.ssl.RSASignature", null, null);
@@ -183,14 +101,15 @@
createAliases("PKIX"), null);
ps("TrustManagerFactory", "SunX509",
- "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory", null, null);
+ "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory",
+ null, null);
ps("TrustManagerFactory", "PKIX",
"sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory",
createAliases("SunPKIX", "X509", "X.509"), null);
ps("SSLContext", "TLSv1",
"sun.security.ssl.SSLContextImpl$TLS10Context",
- (isfips? null : createAliases("SSLv3")), null);
+ createAliases("SSLv3"), null);
ps("SSLContext", "TLSv1.1",
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2",
@@ -199,7 +118,7 @@
"sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext",
- (isfips? null : createAliases("SSL")), null);
+ createAliases("SSL"), null);
ps("SSLContext", "DTLSv1.0",
"sun.security.ssl.SSLContextImpl$DTLS10Context", null, null);
@@ -225,12 +144,4 @@
throw new AssertionError("Illegal subclass: " + getClass());
}
}
-
- @Override
- @SuppressWarnings("deprecation")
- protected final void finalize() throws Throwable {
- // empty
- super.finalize();
- }
-
}