6976117: SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
Summary: Reorg the SSLContext implementation
Reviewed-by: weijun
/*
* Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ssl;
import java.security.*;
/**
* The "KeyManager" for ephemeral RSA keys. Ephemeral DH and ECDH keys
* are handled by the DHCrypt and ECDHCrypt classes, respectively.
*
* @author Andreas Sterbenz
*/
final class EphemeralKeyManager {
// indices for the keys array below
private final static int INDEX_RSA512 = 0;
private final static int INDEX_RSA1024 = 1;
/*
* Current cached RSA KeyPairs. Elements are never null.
* Indexed via the the constants above.
*/
private final EphemeralKeyPair[] keys = new EphemeralKeyPair[] {
new EphemeralKeyPair(null),
new EphemeralKeyPair(null),
};
EphemeralKeyManager() {
// empty
}
/*
* Get a temporary RSA KeyPair.
*/
KeyPair getRSAKeyPair(boolean export, SecureRandom random) {
int length, index;
if (export) {
length = 512;
index = INDEX_RSA512;
} else {
length = 1024;
index = INDEX_RSA1024;
}
synchronized (keys) {
KeyPair kp = keys[index].getKeyPair();
if (kp == null) {
try {
KeyPairGenerator kgen = JsseJce.getKeyPairGenerator("RSA");
kgen.initialize(length, random);
keys[index] = new EphemeralKeyPair(kgen.genKeyPair());
kp = keys[index].getKeyPair();
} catch (Exception e) {
// ignore
}
}
return kp;
}
}
/**
* Inner class to handle storage of ephemeral KeyPairs.
*/
private static class EphemeralKeyPair {
// maximum number of times a KeyPair is used
private final static int MAX_USE = 200;
// maximum time interval in which the keypair is used (1 hour in ms)
private final static long USE_INTERVAL = 3600*1000;
private KeyPair keyPair;
private int uses;
private long expirationTime;
private EphemeralKeyPair(KeyPair keyPair) {
this.keyPair = keyPair;
expirationTime = System.currentTimeMillis() + USE_INTERVAL;
}
/*
* Check if the KeyPair can still be used.
*/
private boolean isValid() {
return (keyPair != null) && (uses < MAX_USE)
&& (System.currentTimeMillis() < expirationTime);
}
/*
* Return the KeyPair or null if it is invalid.
*/
private KeyPair getKeyPair() {
if (isValid() == false) {
keyPair = null;
return null;
}
uses++;
return keyPair;
}
}
}