--- a/src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java Mon Jun 11 07:24:50 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java Mon Jun 11 17:19:28 2018 -0700
@@ -32,12 +32,12 @@
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.function.BiFunction;
-import javax.crypto.KeyGenerator;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
@@ -50,7 +50,7 @@
/**
* SSL/(D)TLS configuration.
*/
-class SSLConfiguration implements Cloneable {
+final class SSLConfiguration implements Cloneable {
// configurations with SSLParameters
AlgorithmConstraints algorithmConstraints;
List<ProtocolVersion> enabledProtocols;
@@ -366,17 +366,8 @@
*/
SSLExtension[] getEnabledExtensions(
SSLHandshake handshakeType, ProtocolVersion protocolVersion) {
- List<SSLExtension> extensions = new ArrayList<>();
- for (SSLExtension extension : SSLExtension.values()) {
- if (extension.handshakeType == handshakeType) {
- if (isAvailable(extension) &&
- extension.isAvailable(protocolVersion)) {
- extensions.add(extension);
- }
- }
- }
-
- return extensions.toArray(new SSLExtension[0]);
+ return getEnabledExtensions(
+ handshakeType, Arrays.asList(protocolVersion));
}
/**
--- a/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java Mon Jun 11 07:24:50 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java Mon Jun 11 17:19:28 2018 -0700
@@ -70,31 +70,37 @@
ProtocolVersion.PROTOCOLS_TO_13),
// RSASSA-PSS algorithms with public key OID rsaEncryption
+ //
+ // The minimalKeySize is calculated as (See RFC 8017 for details):
+ // hash length + salt length + 16
RSA_PSS_RSAE_SHA256 (0x0804, "rsa_pss_rsae_sha256",
"RSASSA-PSS", "RSA",
- SigAlgParamSpec.RSA_PSS_SHA256, 512,
+ SigAlgParamSpec.RSA_PSS_SHA256, 528,
ProtocolVersion.PROTOCOLS_OF_13),
RSA_PSS_RSAE_SHA384 (0x0805, "rsa_pss_rsae_sha384",
"RSASSA-PSS", "RSA",
- SigAlgParamSpec.RSA_PSS_SHA384, 768,
+ SigAlgParamSpec.RSA_PSS_SHA384, 784,
ProtocolVersion.PROTOCOLS_OF_13),
RSA_PSS_RSAE_SHA512 (0x0806, "rsa_pss_rsae_sha512",
"RSASSA-PSS", "RSA",
- SigAlgParamSpec.RSA_PSS_SHA512, 768,
+ SigAlgParamSpec.RSA_PSS_SHA512, 1040,
ProtocolVersion.PROTOCOLS_OF_13),
// RSASSA-PSS algorithms with public key OID RSASSA-PSS
+ //
+ // The minimalKeySize is calculated as (See RFC 8017 for details):
+ // hash length + salt length + 16
RSA_PSS_PSS_SHA256 (0x0809, "rsa_pss_pss_sha256",
"RSASSA-PSS", "RSASSA-PSS",
- SigAlgParamSpec.RSA_PSS_SHA256, 512,
+ SigAlgParamSpec.RSA_PSS_SHA256, 528,
ProtocolVersion.PROTOCOLS_OF_13),
RSA_PSS_PSS_SHA384 (0x080A, "rsa_pss_pss_sha384",
"RSASSA-PSS", "RSASSA-PSS",
- SigAlgParamSpec.RSA_PSS_SHA384, 768,
+ SigAlgParamSpec.RSA_PSS_SHA384, 784,
ProtocolVersion.PROTOCOLS_OF_13),
RSA_PSS_PSS_SHA512 (0x080B, "rsa_pss_pss_sha512",
"RSASSA-PSS", "RSASSA-PSS",
- SigAlgParamSpec.RSA_PSS_SHA512, 768,
+ SigAlgParamSpec.RSA_PSS_SHA512, 1040,
ProtocolVersion.PROTOCOLS_OF_13),
// RSASSA-PKCS1-v1_5 algorithms
@@ -413,7 +419,8 @@
String keyAlgorithm = signingKey.getAlgorithm();
int keySize;
// Only need to check RSA algorithm at present.
- if (keyAlgorithm.equalsIgnoreCase("rsa")) {
+ if (keyAlgorithm.equalsIgnoreCase("RSA") ||
+ keyAlgorithm.equalsIgnoreCase("RSASSA-PSS")) {
keySize = KeyUtil.getKeySize(signingKey);
} else {
keySize = Integer.MAX_VALUE;