8215430: Remove the internal package com.sun.net.ssl
Reviewed-by: chegar, mullan, wetmore
--- a/src/java.base/share/classes/com/sun/net/ssl/HostnameVerifier.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.HostnameVerifier
- */
-
-package com.sun.net.ssl;
-
-/**
- * HostnameVerifier provides a callback mechanism so that
- * implementers of this interface can supply a policy for
- * handling the case where the host to connect to and
- * the server name from the certificate mismatch.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.HostnameVerifier} and
- * {@link javax.net.ssl.CertificateHostnameVerifier}.
- */
-@Deprecated(since="1.4")
-public interface HostnameVerifier {
- /**
- * Verify that the hostname from the URL is an acceptable
- * match with the value from the common name entry in the
- * server certificate's distinguished name.
- *
- * @param urlHostname the host name of the URL
- * @param certHostname the common name entry from the certificate
- * @return true if the certificate host name is acceptable
- */
- public boolean verify(String urlHostname, String certHostname);
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,203 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.HttpsURLConnection
- */
-
-package com.sun.net.ssl;
-
-import java.net.URL;
-import java.net.HttpURLConnection;
-import java.io.IOException;
-import java.security.cert.Certificate;
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.SSLPeerUnverifiedException;
-
-/**
- * HTTP URL connection with support for HTTPS-specific features. See
- * <A HREF="http://www.w3.org/pub/WWW/Protocols/"> the spec </A> for
- * details.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.HttpsURLConnection}.
- */
-@Deprecated(since="1.4")
-public abstract
-class HttpsURLConnection extends HttpURLConnection
-{
- /*
- * Initialize an HTTPS URLConnection ... could check that the URL
- * is an "https" URL, and that the handler is also an HTTPS one,
- * but that's established by other code in this package.
- * @param url the URL
- */
- public HttpsURLConnection(URL url) throws IOException {
- super(url);
- }
-
- /**
- * Returns the cipher suite in use on this connection.
- * @return the cipher suite
- */
- public abstract String getCipherSuite();
-
- /**
- * Returns the server's X.509 certificate chain, or null if
- * the server did not authenticate.
- * <P>
- * Note: The returned value may not be a valid certificate chain
- * and should not be relied on for trust decisions.
- *
- * @return the server certificate chain
- */
- public abstract Certificate[] getServerCertificates()
- throws SSLPeerUnverifiedException;
-
- /**
- * HostnameVerifier provides a callback mechanism so that
- * implementers of this interface can supply a policy for
- * handling the case where the host to connect to and
- * the server name from the certificate mismatch.
- *
- * The default implementation will deny such connections.
- */
- private static HostnameVerifier defaultHostnameVerifier =
- new HostnameVerifier() {
- public boolean verify(String urlHostname, String certHostname) {
- return false;
- }
- };
-
- protected HostnameVerifier hostnameVerifier = defaultHostnameVerifier;
-
- /**
- * Sets the default HostnameVerifier inherited when an instance
- * of this class is created.
- * @param v the default host name verifier
- */
- public static void setDefaultHostnameVerifier(HostnameVerifier v) {
- if (v == null) {
- throw new IllegalArgumentException(
- "no default HostnameVerifier specified");
- }
-
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- sm.checkPermission(new SSLPermission("setHostnameVerifier"));
- }
- defaultHostnameVerifier = v;
- }
-
- /**
- * Gets the default HostnameVerifier.
- * @return the default host name verifier
- */
- public static HostnameVerifier getDefaultHostnameVerifier() {
- return defaultHostnameVerifier;
- }
-
- /**
- * Sets the HostnameVerifier.
- * @param v the host name verifier
- */
- public void setHostnameVerifier(HostnameVerifier v) {
- if (v == null) {
- throw new IllegalArgumentException(
- "no HostnameVerifier specified");
- }
-
- hostnameVerifier = v;
- }
-
- /**
- * Gets the HostnameVerifier.
- * @return the host name verifier
- */
- public HostnameVerifier getHostnameVerifier() {
- return hostnameVerifier;
- }
-
- private static SSLSocketFactory defaultSSLSocketFactory = null;
-
- private SSLSocketFactory sslSocketFactory = getDefaultSSLSocketFactory();
-
- /**
- * Sets the default SSL socket factory inherited when an instance
- * of this class is created.
- * @param sf the default SSL socket factory
- */
- public static void setDefaultSSLSocketFactory(SSLSocketFactory sf) {
- if (sf == null) {
- throw new IllegalArgumentException(
- "no default SSLSocketFactory specified");
- }
-
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- sm.checkSetFactory();
- }
- defaultSSLSocketFactory = sf;
- }
-
- /**
- * Gets the default SSL socket factory.
- * @return the default SSL socket factory
- */
- public static SSLSocketFactory getDefaultSSLSocketFactory() {
- if (defaultSSLSocketFactory == null) {
- defaultSSLSocketFactory =
- (SSLSocketFactory)SSLSocketFactory.getDefault();
- }
- return defaultSSLSocketFactory;
- }
-
- /**
- * Sets the SSL socket factory.
- * @param sf the SSL socket factory
- */
- public void setSSLSocketFactory(SSLSocketFactory sf) {
- if (sf == null) {
- throw new IllegalArgumentException(
- "no SSLSocketFactory specified");
- }
-
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- sm.checkSetFactory();
- }
-
- sslSocketFactory = sf;
- }
-
- /**
- * Gets the SSL socket factory.
- * @return the SSL socket factory
- */
- public SSLSocketFactory getSSLSocketFactory() {
- return sslSocketFactory;
- }
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/KeyManager.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.KeyManager
- */
-
-package com.sun.net.ssl;
-
-/**
- * Base interface for JSSE key managers. These manage the
- * key material which is used to authenticate to the peer
- * of a secure socket.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.KeyManager}.
- */
-@Deprecated(since="1.4")
-public interface KeyManager {
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactory.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,220 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.KeyManagerFactory
- */
-
-package com.sun.net.ssl;
-
-import java.security.*;
-
-/**
- * This class acts as a factory for key managers based on a
- * source of key material. Each key manager manages a specific
- * type of key material for use by secure sockets. The key
- * material is based on a KeyStore and/or provider specific sources.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.KeyManagerFactory}.
- */
-@Deprecated(since="1.4")
-public class KeyManagerFactory {
- // The provider
- private Provider provider;
-
- // The provider implementation (delegate)
- private KeyManagerFactorySpi factorySpi;
-
- // The name of the key management algorithm.
- private String algorithm;
-
- /**
- * <p>The default KeyManager can be changed by setting the value of the
- * {@code sun.ssl.keymanager.type} security property to the desired name.
- *
- * @return the default type as specified by the
- * {@code sun.ssl.keymanager.type} security property, or an
- * implementation-specific default if no such property exists.
- *
- * @see java.security.Security security properties
- */
- public static final String getDefaultAlgorithm() {
- String type;
- type = AccessController.doPrivileged(new PrivilegedAction<>() {
- public String run() {
- return Security.getProperty("sun.ssl.keymanager.type");
- }
- });
- if (type == null) {
- type = "SunX509";
- }
- return type;
-
- }
-
- /**
- * Creates a KeyManagerFactory object.
- *
- * @param factorySpi the delegate
- * @param provider the provider
- * @param algorithm the algorithm
- */
- protected KeyManagerFactory(KeyManagerFactorySpi factorySpi,
- Provider provider, String algorithm) {
- this.factorySpi = factorySpi;
- this.provider = provider;
- this.algorithm = algorithm;
- }
-
- /**
- * Returns the algorithm name of this <code>KeyManagerFactory</code> object.
- *
- * <p>This is the same name that was specified in one of the
- * <code>getInstance</code> calls that created this
- * <code>KeyManagerFactory</code> object.
- *
- * @return the algorithm name of this <code>KeyManagerFactory</code> object.
- */
- public final String getAlgorithm() {
- return this.algorithm;
- }
-
- /**
- * Generates a <code>KeyManagerFactory</code> object that implements the
- * specified key management algorithm.
- * If the default provider package provides an implementation of the
- * requested key management algorithm, an instance of
- * <code>KeyManagerFactory</code> containing that implementation is
- * returned. If the algorithm is not available in the default provider
- * package, other provider packages are searched.
- *
- * @param algorithm the standard name of the requested
- * algorithm.
- *
- * @return the new <code>KeyManagerFactory</code> object
- *
- * @exception NoSuchAlgorithmException if the specified algorithm is not
- * available in the default provider package or any of the other provider
- * packages that were searched.
- */
- public static final KeyManagerFactory getInstance(String algorithm)
- throws NoSuchAlgorithmException
- {
- try {
- Object[] objs = SSLSecurity.getImpl(algorithm, "KeyManagerFactory",
- (String) null);
- return new KeyManagerFactory((KeyManagerFactorySpi)objs[0],
- (Provider)objs[1],
- algorithm);
- } catch (NoSuchProviderException e) {
- throw new NoSuchAlgorithmException(algorithm + " not found");
- }
- }
-
- /**
- * Generates a <code>KeyManagerFactory</code> object for the specified
- * key management algorithm from the specified provider.
- *
- * @param algorithm the standard name of the requested
- * algorithm.
- * @param provider the name of the provider
- *
- * @return the new <code>KeyManagerFactory</code> object
- *
- * @exception NoSuchAlgorithmException if the specified algorithm is not
- * available from the specified provider.
- * @exception NoSuchProviderException if the specified provider has not
- * been configured.
- */
- public static final KeyManagerFactory getInstance(String algorithm,
- String provider)
- throws NoSuchAlgorithmException, NoSuchProviderException
- {
- if (provider == null || provider.isEmpty())
- throw new IllegalArgumentException("missing provider");
- Object[] objs = SSLSecurity.getImpl(algorithm, "KeyManagerFactory",
- provider);
- return new KeyManagerFactory((KeyManagerFactorySpi)objs[0],
- (Provider)objs[1], algorithm);
- }
-
- /**
- * Generates a <code>KeyManagerFactory</code> object for the specified
- * key management algorithm from the specified provider.
- *
- * @param algorithm the standard name of the requested
- * algorithm.
- * @param provider an instance of the provider
- *
- * @return the new <code>KeyManagerFactory</code> object
- *
- * @exception NoSuchAlgorithmException if the specified algorithm is not
- * available from the specified provider.
- */
- public static final KeyManagerFactory getInstance(String algorithm,
- Provider provider)
- throws NoSuchAlgorithmException
- {
- if (provider == null)
- throw new IllegalArgumentException("missing provider");
- Object[] objs = SSLSecurity.getImpl(algorithm, "KeyManagerFactory",
- provider);
- return new KeyManagerFactory((KeyManagerFactorySpi)objs[0],
- (Provider)objs[1], algorithm);
- }
-
- /**
- * Returns the provider of this <code>KeyManagerFactory</code> object.
- *
- * @return the provider of this <code>KeyManagerFactory</code> object
- */
- public final Provider getProvider() {
- return this.provider;
- }
-
-
- /**
- * Initializes this factory with a source of key material. The
- * provider may also include a provider-specific source
- * of key material.
- *
- * @param ks the key store or null
- * @param password the password for recovering keys
- */
- public void init(KeyStore ks, char[] password)
- throws KeyStoreException, NoSuchAlgorithmException,
- UnrecoverableKeyException {
- factorySpi.engineInit(ks, password);
- }
-
- /**
- * Returns one key manager for each type of key material.
- * @return the key managers
- */
- public KeyManager[] getKeyManagers() {
- return factorySpi.engineGetKeyManagers();
- }
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactorySpi.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.KeyManagerFactorySpi
- */
-
-package com.sun.net.ssl;
-
-import java.security.*;
-
-/**
- * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
- * for the <code>KeyManagerFactory</code> class.
- *
- * <p> All the abstract methods in this class must be implemented by each
- * cryptographic service provider who wishes to supply the implementation
- * of a particular key manager factory.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.KeyManagerFactorySpi}.
- */
-@Deprecated(since="1.4")
-public abstract class KeyManagerFactorySpi {
- /**
- * Initializes this factory with a source of key material. The
- * provider may also include a provider-specific source
- * of key material.
- *
- * @param ks the key store or null
- * @param password the password for recovering keys
- */
- protected abstract void engineInit(KeyStore ks, char[] password)
- throws KeyStoreException, NoSuchAlgorithmException,
- UnrecoverableKeyException;
-
- /**
- * Returns one trust manager for each type of trust material.
- * @return the key managers
- */
- protected abstract KeyManager[] engineGetKeyManagers();
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/SSLContext.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,201 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.SSLContext
- */
-
-package com.sun.net.ssl;
-
-import java.security.*;
-import java.util.*;
-import javax.net.ssl.*;
-
-import sun.security.ssl.SSLSocketFactoryImpl;
-import sun.security.ssl.SSLServerSocketFactoryImpl;
-
-/**
- * Instances of this class represent a secure socket protocol
- * implementation which acts as a factory for secure socket
- * factories. This class is initialized with an optional set of
- * key and trust managers and source of secure random bytes.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.SSLContext}.
- */
-@Deprecated(since="1.4")
-public class SSLContext {
- private Provider provider;
-
- private SSLContextSpi contextSpi;
-
- private String protocol;
-
- /**
- * Creates an SSLContext object.
- *
- * @param contextSpi the delegate
- * @param provider the provider
- * @param protocol the protocol
- */
- protected SSLContext(SSLContextSpi contextSpi, Provider provider,
- String protocol) {
- this.contextSpi = contextSpi;
- this.provider = provider;
- this.protocol = protocol;
- }
-
- /**
- * Generates a <code>SSLContext</code> object that implements the
- * specified secure socket protocol.
- *
- * @param protocol the standard name of the requested protocol.
- *
- * @return the new <code>SSLContext</code> object
- *
- * @exception NoSuchAlgorithmException if the specified protocol is not
- * available in the default provider package or any of the other provider
- * packages that were searched.
- */
- public static SSLContext getInstance(String protocol)
- throws NoSuchAlgorithmException
- {
- try {
- Object[] objs = SSLSecurity.getImpl(protocol, "SSLContext",
- (String) null);
- return new SSLContext((SSLContextSpi)objs[0], (Provider)objs[1],
- protocol);
- } catch (NoSuchProviderException e) {
- throw new NoSuchAlgorithmException(protocol + " not found");
- }
- }
-
- /**
- * Generates a <code>SSLContext</code> object that implements the
- * specified secure socket protocol.
- *
- * @param protocol the standard name of the requested protocol.
- * @param provider the name of the provider
- *
- * @return the new <code>SSLContext</code> object
- *
- * @exception NoSuchAlgorithmException if the specified protocol is not
- * available from the specified provider.
- * @exception NoSuchProviderException if the specified provider has not
- * been configured.
- */
- public static SSLContext getInstance(String protocol, String provider)
- throws NoSuchAlgorithmException, NoSuchProviderException
- {
- if (provider == null || provider.isEmpty())
- throw new IllegalArgumentException("missing provider");
- Object[] objs = SSLSecurity.getImpl(protocol, "SSLContext",
- provider);
- return new SSLContext((SSLContextSpi)objs[0], (Provider)objs[1],
- protocol);
- }
-
- /**
- * Generates a <code>SSLContext</code> object that implements the
- * specified secure socket protocol.
- *
- * @param protocol the standard name of the requested protocol.
- * @param provider an instance of the provider
- *
- * @return the new <code>SSLContext</code> object
- *
- * @exception NoSuchAlgorithmException if the specified protocol is not
- * available from the specified provider.
- */
- public static SSLContext getInstance(String protocol, Provider provider)
- throws NoSuchAlgorithmException
- {
- if (provider == null)
- throw new IllegalArgumentException("missing provider");
- Object[] objs = SSLSecurity.getImpl(protocol, "SSLContext",
- provider);
- return new SSLContext((SSLContextSpi)objs[0], (Provider)objs[1],
- protocol);
- }
-
- /**
- * Returns the protocol name of this <code>SSLContext</code> object.
- *
- * <p>This is the same name that was specified in one of the
- * <code>getInstance</code> calls that created this
- * <code>SSLContext</code> object.
- *
- * @return the protocol name of this <code>SSLContext</code> object.
- */
- public final String getProtocol() {
- return this.protocol;
- }
-
- /**
- * Returns the provider of this <code>SSLContext</code> object.
- *
- * @return the provider of this <code>SSLContext</code> object
- */
- public final Provider getProvider() {
- return this.provider;
- }
-
- /**
- * Initializes this context. Either of the first two parameters
- * may be null in which case the installed security providers will
- * be searched for the highest priority implementation of the
- * appropriate factory. Likewise, the secure random parameter may
- * be null in which case the default implementation will be used.
- *
- * @param km the sources of authentication keys or null
- * @param tm the sources of peer authentication trust decisions or null
- * @param random the source of randomness for this generator or null
- */
- public final void init(KeyManager[] km, TrustManager[] tm,
- SecureRandom random)
- throws KeyManagementException {
- contextSpi.engineInit(km, tm, random);
- }
-
- /**
- * Returns a <code>SocketFactory</code> object for this
- * context.
- *
- * @return the factory
- */
- public final SSLSocketFactory getSocketFactory() {
- return contextSpi.engineGetSocketFactory();
- }
-
- /**
- * Returns a <code>ServerSocketFactory</code> object for
- * this context.
- *
- * @return the factory
- */
- public final SSLServerSocketFactory getServerSocketFactory() {
- return contextSpi.engineGetServerSocketFactory();
- }
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/SSLContextSpi.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.SSLContextSpi
- */
-
-package com.sun.net.ssl;
-
-import java.util.*;
-import java.security.*;
-import javax.net.ssl.*;
-
-/**
- * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
- * for the <code>SSLContext</code> class.
- *
- * <p> All the abstract methods in this class must be implemented by each
- * cryptographic service provider who wishes to supply the implementation
- * of a particular SSL context.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.SSLContextSpi}.
- */
-@Deprecated(since="1.4")
-public abstract class SSLContextSpi {
- /**
- * Initializes this context.
- *
- * @param ah the sources of authentication keys
- * @param th the sources of peer authentication trust decisions
- * @param sr the source of randomness for this generator
- */
- protected abstract void engineInit(KeyManager[] ah, TrustManager[] th,
- SecureRandom sr) throws KeyManagementException;
-
- /**
- * Returns a <code>SocketFactory</code> object for this
- * context.
- *
- * @return the factory
- */
- protected abstract SSLSocketFactory engineGetSocketFactory();
-
- /**
- * Returns a <code>ServerSocketFactory</code> object for
- * this context.
- *
- * @return the factory
- */
- protected abstract SSLServerSocketFactory engineGetServerSocketFactory();
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/SSLPermission.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.SSLPermission
- */
-
-package com.sun.net.ssl;
-
-import java.security.*;
-import java.util.Enumeration;
-import java.util.Hashtable;
-import java.util.StringTokenizer;
-import java.security.Permissions;
-import java.lang.SecurityManager;
-
-/**
- * This class is for various network permissions.
- * An SSLPermission contains a name (also referred to as a "target name") but
- * no actions list; you either have the named permission
- * or you don't.
- * <P>
- * The target name is the name of the network permission (see below). The naming
- * convention follows the hierarchical property naming convention.
- * Also, an asterisk
- * may appear at the end of the name, following a ".", or by itself, to
- * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard
- * match, while "*foo" and "a*b" do not.
- * <P>
- * The following table lists all the possible SSLPermission target names,
- * and for each provides a description of what the permission allows
- * and a discussion of the risks of granting code the permission.
- *
- * <table border=1 cellpadding=5>
- * <tr>
- * <th>Permission Target Name</th>
- * <th>What the Permission Allows</th>
- * <th>Risks of Allowing this Permission</th>
- * </tr>
- *
- * <tr>
- * <td>setHostnameVerifier</td>
- * <td>The ability to set a callback which can decide whether to
- * allow a mismatch between the host being connected to by
- * an HttpsURLConnection and the common name field in
- * server certificate.
- * </td>
- * <td>Malicious
- * code can set a verifier that monitors host names visited by
- * HttpsURLConnection requests or that allows server certificates
- * with invalid common names.
- * </td>
- * </tr>
- *
- * <tr>
- * <td>getSSLSessionContext</td>
- * <td>The ability to get the SSLSessionContext of an SSLSession.
- * </td>
- * <td>Malicious code may monitor sessions which have been established
- * with SSL peers or might invalidate sessions to slow down performance.
- * </td>
- * </tr>
- *
- * </table>
- *
- * @see java.security.BasicPermission
- * @see java.security.Permission
- * @see java.security.Permissions
- * @see java.security.PermissionCollection
- * @see java.lang.SecurityManager
- *
- *
- * @author Marianne Mueller
- * @author Roland Schemers
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.SSLPermission}.
- */
-@Deprecated(since="1.4")
-public final class SSLPermission extends BasicPermission {
-
- private static final long serialVersionUID = -2583684302506167542L;
-
- /**
- * Creates a new SSLPermission with the specified name.
- * The name is the symbolic name of the SSLPermission, such as
- * "setDefaultAuthenticator", etc. An asterisk
- * may appear at the end of the name, following a ".", or by itself, to
- * signify a wildcard match.
- *
- * @param name the name of the SSLPermission.
- */
-
- public SSLPermission(String name)
- {
- super(name);
- }
-
- /**
- * Creates a new SSLPermission object with the specified name.
- * The name is the symbolic name of the SSLPermission, and the
- * actions String is currently unused and should be null. This
- * constructor exists for use by the <code>Policy</code> object
- * to instantiate new Permission objects.
- *
- * @param name the name of the SSLPermission.
- * @param actions should be null.
- */
-
- public SSLPermission(String name, String actions)
- {
- super(name, actions);
- }
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/SSLSecurity.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,699 +0,0 @@
-/*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.SSLSecurity,
- * but was heavily modified to allow com.sun.* users to
- * access providers written using the javax.sun.* APIs.
- */
-
-package com.sun.net.ssl;
-
-import java.util.*;
-import java.io.*;
-import java.security.*;
-import java.security.Provider.Service;
-import java.net.Socket;
-
-import sun.security.jca.*;
-
-/**
- * This class instantiates implementations of JSSE engine classes from
- * providers registered with the java.security.Security object.
- *
- * @author Jan Luehe
- * @author Jeff Nisewanger
- * @author Brad Wetmore
- */
-
-final class SSLSecurity {
-
- /*
- * Don't let anyone instantiate this.
- */
- private SSLSecurity() {
- }
-
-
- // ProviderList.getService() is not accessible now, implement our own loop
- private static Service getService(String type, String alg) {
- ProviderList list = Providers.getProviderList();
- for (Provider p : list.providers()) {
- Service s = p.getService(type, alg);
- if (s != null) {
- return s;
- }
- }
- return null;
- }
-
- /**
- * The body of the driver for the getImpl method.
- */
- private static Object[] getImpl1(String algName, String engineType,
- Service service) throws NoSuchAlgorithmException
- {
- Provider provider = service.getProvider();
- String className = service.getClassName();
- Class<?> implClass;
- try {
- ClassLoader cl = provider.getClass().getClassLoader();
- if (cl == null) {
- // system class
- implClass = Class.forName(className);
- } else {
- implClass = cl.loadClass(className);
- }
- } catch (ClassNotFoundException e) {
- throw new NoSuchAlgorithmException("Class " + className +
- " configured for " +
- engineType +
- " not found: " +
- e.getMessage());
- } catch (SecurityException e) {
- throw new NoSuchAlgorithmException("Class " + className +
- " configured for " +
- engineType +
- " cannot be accessed: " +
- e.getMessage());
- }
-
- /*
- * JSSE 1.0, 1.0.1, and 1.0.2 used the com.sun.net.ssl API as the
- * API was being developed. As JSSE was folded into the main
- * release, it was decided to promote the com.sun.net.ssl API to
- * be javax.net.ssl. It is desired to keep binary compatibility
- * with vendors of JSSE implementation written using the
- * com.sun.net.sll API, so we do this magic to handle everything.
- *
- * API used Implementation used Supported?
- * ======== =================== ==========
- * com.sun javax Yes
- * com.sun com.sun Yes
- * javax javax Yes
- * javax com.sun Not Currently
- *
- * Make sure the implementation class is a subclass of the
- * corresponding engine class.
- *
- * In wrapping these classes, there's no way to know how to
- * wrap all possible classes that extend the TrustManager/KeyManager.
- * We only wrap the x509 variants.
- */
-
- try { // catch instantiation errors
-
- /*
- * (The following Class.forName()s should alway work, because
- * this class and all the SPI classes in javax.crypto are
- * loaded by the same class loader.) That is, unless they
- * give us a SPI class that doesn't exist, say SSLFoo,
- * or someone has removed classes from the java.base module.
- */
-
- Class<?> typeClassJavax;
- Class<?> typeClassCom;
- Object obj = null;
-
- /*
- * Odds are more likely that we have a javax variant, try this
- * first.
- */
- if (((typeClassJavax = Class.forName("javax.net.ssl." +
- engineType + "Spi")) != null) &&
- (checkSuperclass(implClass, typeClassJavax))) {
-
- if (engineType.equals("SSLContext")) {
- obj = new SSLContextSpiWrapper(algName, provider);
- } else if (engineType.equals("TrustManagerFactory")) {
- obj = new TrustManagerFactorySpiWrapper(algName, provider);
- } else if (engineType.equals("KeyManagerFactory")) {
- obj = new KeyManagerFactorySpiWrapper(algName, provider);
- } else {
- /*
- * We should throw an error if we get
- * something totally unexpected. Don't ever
- * expect to see this one...
- */
- throw new IllegalStateException(
- "Class " + implClass.getName() +
- " unknown engineType wrapper:" + engineType);
- }
-
- } else if (((typeClassCom = Class.forName("com.sun.net.ssl." +
- engineType + "Spi")) != null) &&
- (checkSuperclass(implClass, typeClassCom))) {
- obj = service.newInstance(null);
- }
-
- if (obj != null) {
- return new Object[] { obj, provider };
- } else {
- throw new NoSuchAlgorithmException(
- "Couldn't locate correct object or wrapper: " +
- engineType + " " + algName);
- }
-
- } catch (ClassNotFoundException e) {
- IllegalStateException exc = new IllegalStateException(
- "Engine Class Not Found for " + engineType);
- exc.initCause(e);
- throw exc;
- }
- }
-
- /**
- * Returns an array of objects: the first object in the array is
- * an instance of an implementation of the requested algorithm
- * and type, and the second object in the array identifies the provider
- * of that implementation.
- * The <code>provName</code> argument can be null, in which case all
- * configured providers will be searched in order of preference.
- */
- static Object[] getImpl(String algName, String engineType, String provName)
- throws NoSuchAlgorithmException, NoSuchProviderException
- {
- Service service;
- if (provName != null) {
- ProviderList list = Providers.getProviderList();
- Provider prov = list.getProvider(provName);
- if (prov == null) {
- throw new NoSuchProviderException("No such provider: " +
- provName);
- }
- service = prov.getService(engineType, algName);
- } else {
- service = getService(engineType, algName);
- }
- if (service == null) {
- throw new NoSuchAlgorithmException("Algorithm " + algName
- + " not available");
- }
- return getImpl1(algName, engineType, service);
- }
-
-
- /**
- * Returns an array of objects: the first object in the array is
- * an instance of an implementation of the requested algorithm
- * and type, and the second object in the array identifies the provider
- * of that implementation.
- * The <code>prov</code> argument can be null, in which case all
- * configured providers will be searched in order of preference.
- */
- static Object[] getImpl(String algName, String engineType, Provider prov)
- throws NoSuchAlgorithmException
- {
- Service service = prov.getService(engineType, algName);
- if (service == null) {
- throw new NoSuchAlgorithmException("No such algorithm: " +
- algName);
- }
- return getImpl1(algName, engineType, service);
- }
-
- /*
- * Checks whether one class is the superclass of another
- */
- private static boolean checkSuperclass(Class<?> subclass, Class<?> superclass) {
- if ((subclass == null) || (superclass == null))
- return false;
-
- while (!subclass.equals(superclass)) {
- subclass = subclass.getSuperclass();
- if (subclass == null) {
- return false;
- }
- }
- return true;
- }
-
- /*
- * Return at most the first "resize" elements of an array.
- *
- * Didn't want to use java.util.Arrays, as PJava may not have it.
- */
- static Object[] truncateArray(Object[] oldArray, Object[] newArray) {
-
- for (int i = 0; i < newArray.length; i++) {
- newArray[i] = oldArray[i];
- }
-
- return newArray;
- }
-
-}
-
-
-/*
- * =================================================================
- * The remainder of this file is for the wrapper and wrapper-support
- * classes. When SSLSecurity finds something which extends the
- * javax.net.ssl.*Spi, we need to go grab a real instance of the
- * thing that the Spi supports, and wrap into a com.sun.net.ssl.*Spi
- * object. This also mean that anything going down into the SPI
- * needs to be wrapped, as well as anything coming back up.
- */
-@SuppressWarnings("deprecation")
-final class SSLContextSpiWrapper extends SSLContextSpi {
-
- private javax.net.ssl.SSLContext theSSLContext;
-
- SSLContextSpiWrapper(String algName, Provider prov) throws
- NoSuchAlgorithmException {
- theSSLContext = javax.net.ssl.SSLContext.getInstance(algName, prov);
- }
-
- @SuppressWarnings("deprecation")
- protected void engineInit(KeyManager[] kma, TrustManager[] tma,
- SecureRandom sr) throws KeyManagementException {
-
- // Keep track of the actual number of array elements copied
- int dst;
- int src;
- javax.net.ssl.KeyManager[] kmaw;
- javax.net.ssl.TrustManager[] tmaw;
-
- // Convert com.sun.net.ssl.kma to a javax.net.ssl.kma
- // wrapper if need be.
- if (kma != null) {
- kmaw = new javax.net.ssl.KeyManager[kma.length];
- for (src = 0, dst = 0; src < kma.length; ) {
- /*
- * These key managers may implement both javax
- * and com.sun interfaces, so if they do
- * javax, there's no need to wrap them.
- */
- if (!(kma[src] instanceof javax.net.ssl.KeyManager)) {
- /*
- * Do we know how to convert them? If not, oh well...
- * We'll have to drop them on the floor in this
- * case, cause we don't know how to handle them.
- * This will be pretty rare, but put here for
- * completeness.
- */
- if (kma[src] instanceof X509KeyManager) {
- kmaw[dst] = (javax.net.ssl.KeyManager)
- new X509KeyManagerJavaxWrapper(
- (X509KeyManager)kma[src]);
- dst++;
- }
- } else {
- // We can convert directly, since they implement.
- kmaw[dst] = (javax.net.ssl.KeyManager)kma[src];
- dst++;
- }
- src++;
- }
-
- /*
- * If dst != src, there were more items in the original array
- * than in the new array. Compress the new elements to avoid
- * any problems down the road.
- */
- if (dst != src) {
- kmaw = (javax.net.ssl.KeyManager [])
- SSLSecurity.truncateArray(kmaw,
- new javax.net.ssl.KeyManager [dst]);
- }
- } else {
- kmaw = null;
- }
-
- // Now do the same thing with the TrustManagers.
- if (tma != null) {
- tmaw = new javax.net.ssl.TrustManager[tma.length];
-
- for (src = 0, dst = 0; src < tma.length; ) {
- /*
- * These key managers may implement both...see above...
- */
- if (!(tma[src] instanceof javax.net.ssl.TrustManager)) {
- // Do we know how to convert them?
- if (tma[src] instanceof X509TrustManager) {
- tmaw[dst] = (javax.net.ssl.TrustManager)
- new X509TrustManagerJavaxWrapper(
- (X509TrustManager)tma[src]);
- dst++;
- }
- } else {
- tmaw[dst] = (javax.net.ssl.TrustManager)tma[src];
- dst++;
- }
- src++;
- }
-
- if (dst != src) {
- tmaw = (javax.net.ssl.TrustManager [])
- SSLSecurity.truncateArray(tmaw,
- new javax.net.ssl.TrustManager [dst]);
- }
- } else {
- tmaw = null;
- }
-
- theSSLContext.init(kmaw, tmaw, sr);
- }
-
- protected javax.net.ssl.SSLSocketFactory
- engineGetSocketFactory() {
- return theSSLContext.getSocketFactory();
- }
-
- protected javax.net.ssl.SSLServerSocketFactory
- engineGetServerSocketFactory() {
- return theSSLContext.getServerSocketFactory();
- }
-
-}
-
-@SuppressWarnings("deprecation")
-final class TrustManagerFactorySpiWrapper extends TrustManagerFactorySpi {
-
- private javax.net.ssl.TrustManagerFactory theTrustManagerFactory;
-
- TrustManagerFactorySpiWrapper(String algName, Provider prov) throws
- NoSuchAlgorithmException {
- theTrustManagerFactory =
- javax.net.ssl.TrustManagerFactory.getInstance(algName, prov);
- }
-
- protected void engineInit(KeyStore ks) throws KeyStoreException {
- theTrustManagerFactory.init(ks);
- }
-
- protected TrustManager[] engineGetTrustManagers() {
-
- int dst;
- int src;
-
- javax.net.ssl.TrustManager[] tma =
- theTrustManagerFactory.getTrustManagers();
-
- TrustManager[] tmaw = new TrustManager[tma.length];
-
- for (src = 0, dst = 0; src < tma.length; ) {
- if (!(tma[src] instanceof com.sun.net.ssl.TrustManager)) {
- // We only know how to wrap X509TrustManagers, as
- // TrustManagers don't have any methods to wrap.
- if (tma[src] instanceof javax.net.ssl.X509TrustManager) {
- tmaw[dst] = (TrustManager)
- new X509TrustManagerComSunWrapper(
- (javax.net.ssl.X509TrustManager)tma[src]);
- dst++;
- }
- } else {
- tmaw[dst] = (TrustManager)tma[src];
- dst++;
- }
- src++;
- }
-
- if (dst != src) {
- tmaw = (TrustManager [])
- SSLSecurity.truncateArray(tmaw, new TrustManager [dst]);
- }
-
- return tmaw;
- }
-
-}
-
-@SuppressWarnings("deprecation")
-final class KeyManagerFactorySpiWrapper extends KeyManagerFactorySpi {
-
- private javax.net.ssl.KeyManagerFactory theKeyManagerFactory;
-
- KeyManagerFactorySpiWrapper(String algName, Provider prov) throws
- NoSuchAlgorithmException {
- theKeyManagerFactory =
- javax.net.ssl.KeyManagerFactory.getInstance(algName, prov);
- }
-
- protected void engineInit(KeyStore ks, char[] password)
- throws KeyStoreException, NoSuchAlgorithmException,
- UnrecoverableKeyException {
- theKeyManagerFactory.init(ks, password);
- }
-
- protected KeyManager[] engineGetKeyManagers() {
-
- int dst;
- int src;
-
- javax.net.ssl.KeyManager[] kma =
- theKeyManagerFactory.getKeyManagers();
-
- KeyManager[] kmaw = new KeyManager[kma.length];
-
- for (src = 0, dst = 0; src < kma.length; ) {
- if (!(kma[src] instanceof com.sun.net.ssl.KeyManager)) {
- // We only know how to wrap X509KeyManagers, as
- // KeyManagers don't have any methods to wrap.
- if (kma[src] instanceof javax.net.ssl.X509KeyManager) {
- kmaw[dst] = (KeyManager)
- new X509KeyManagerComSunWrapper(
- (javax.net.ssl.X509KeyManager)kma[src]);
- dst++;
- }
- } else {
- kmaw[dst] = (KeyManager)kma[src];
- dst++;
- }
- src++;
- }
-
- if (dst != src) {
- kmaw = (KeyManager [])
- SSLSecurity.truncateArray(kmaw, new KeyManager [dst]);
- }
-
- return kmaw;
- }
-
-}
-
-// =================================
-
-@SuppressWarnings("deprecation")
-final class X509KeyManagerJavaxWrapper implements
- javax.net.ssl.X509KeyManager {
-
- private X509KeyManager theX509KeyManager;
-
- X509KeyManagerJavaxWrapper(X509KeyManager obj) {
- theX509KeyManager = obj;
- }
-
- public String[] getClientAliases(String keyType, Principal[] issuers) {
- return theX509KeyManager.getClientAliases(keyType, issuers);
- }
-
- public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
- Socket socket) {
- String retval;
-
- if (keyTypes == null) {
- return null;
- }
-
- /*
- * Scan the list, look for something we can pass back.
- */
- for (int i = 0; i < keyTypes.length; i++) {
- if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i],
- issuers)) != null)
- return retval;
- }
- return null;
-
- }
-
- /*
- * JSSE 1.0.x was only socket based, but it's possible someone might
- * want to install a really old provider. We should at least
- * try to be nice.
- */
- public String chooseEngineClientAlias(
- String[] keyTypes, Principal[] issuers,
- javax.net.ssl.SSLEngine engine) {
- String retval;
-
- if (keyTypes == null) {
- return null;
- }
-
- /*
- * Scan the list, look for something we can pass back.
- */
- for (int i = 0; i < keyTypes.length; i++) {
- if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i],
- issuers)) != null)
- return retval;
- }
-
- return null;
- }
-
- public String[] getServerAliases(String keyType, Principal[] issuers) {
- return theX509KeyManager.getServerAliases(keyType, issuers);
- }
-
- public String chooseServerAlias(String keyType, Principal[] issuers,
- Socket socket) {
-
- if (keyType == null) {
- return null;
- }
- return theX509KeyManager.chooseServerAlias(keyType, issuers);
- }
-
- /*
- * JSSE 1.0.x was only socket based, but it's possible someone might
- * want to install a really old provider. We should at least
- * try to be nice.
- */
- public String chooseEngineServerAlias(
- String keyType, Principal[] issuers,
- javax.net.ssl.SSLEngine engine) {
-
- if (keyType == null) {
- return null;
- }
- return theX509KeyManager.chooseServerAlias(keyType, issuers);
- }
-
- public java.security.cert.X509Certificate[]
- getCertificateChain(String alias) {
- return theX509KeyManager.getCertificateChain(alias);
- }
-
- public PrivateKey getPrivateKey(String alias) {
- return theX509KeyManager.getPrivateKey(alias);
- }
-}
-
-@SuppressWarnings("deprecation")
-final class X509TrustManagerJavaxWrapper implements
- javax.net.ssl.X509TrustManager {
-
- private X509TrustManager theX509TrustManager;
-
- X509TrustManagerJavaxWrapper(X509TrustManager obj) {
- theX509TrustManager = obj;
- }
-
- public void checkClientTrusted(
- java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- if (!theX509TrustManager.isClientTrusted(chain)) {
- throw new java.security.cert.CertificateException(
- "Untrusted Client Certificate Chain");
- }
- }
-
- public void checkServerTrusted(
- java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- if (!theX509TrustManager.isServerTrusted(chain)) {
- throw new java.security.cert.CertificateException(
- "Untrusted Server Certificate Chain");
- }
- }
-
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return theX509TrustManager.getAcceptedIssuers();
- }
-}
-
-@SuppressWarnings("deprecation")
-final class X509KeyManagerComSunWrapper implements X509KeyManager {
-
- private javax.net.ssl.X509KeyManager theX509KeyManager;
-
- X509KeyManagerComSunWrapper(javax.net.ssl.X509KeyManager obj) {
- theX509KeyManager = obj;
- }
-
- public String[] getClientAliases(String keyType, Principal[] issuers) {
- return theX509KeyManager.getClientAliases(keyType, issuers);
- }
-
- public String chooseClientAlias(String keyType, Principal[] issuers) {
- String [] keyTypes = new String [] { keyType };
- return theX509KeyManager.chooseClientAlias(keyTypes, issuers, null);
- }
-
- public String[] getServerAliases(String keyType, Principal[] issuers) {
- return theX509KeyManager.getServerAliases(keyType, issuers);
- }
-
- public String chooseServerAlias(String keyType, Principal[] issuers) {
- return theX509KeyManager.chooseServerAlias(keyType, issuers, null);
- }
-
- public java.security.cert.X509Certificate[]
- getCertificateChain(String alias) {
- return theX509KeyManager.getCertificateChain(alias);
- }
-
- public PrivateKey getPrivateKey(String alias) {
- return theX509KeyManager.getPrivateKey(alias);
- }
-}
-
-@SuppressWarnings("deprecation")
-final class X509TrustManagerComSunWrapper implements X509TrustManager {
-
- private javax.net.ssl.X509TrustManager theX509TrustManager;
-
- X509TrustManagerComSunWrapper(javax.net.ssl.X509TrustManager obj) {
- theX509TrustManager = obj;
- }
-
- public boolean isClientTrusted(
- java.security.cert.X509Certificate[] chain) {
- try {
- theX509TrustManager.checkClientTrusted(chain, "UNKNOWN");
- return true;
- } catch (java.security.cert.CertificateException e) {
- return false;
- }
- }
-
- public boolean isServerTrusted(
- java.security.cert.X509Certificate[] chain) {
- try {
- theX509TrustManager.checkServerTrusted(chain, "UNKNOWN");
- return true;
- } catch (java.security.cert.CertificateException e) {
- return false;
- }
- }
-
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return theX509TrustManager.getAcceptedIssuers();
- }
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/TrustManager.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.TrustManager
- */
-
-package com.sun.net.ssl;
-
-/**
- * Base interface for JSSE trust managers which manage
- * authentication trust decisions for different types of
- * authentication material.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.TrustManager}.
- */
-@Deprecated(since="1.4")
-public interface TrustManager {
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactory.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,220 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.TrustManagerFactory
- */
-
-package com.sun.net.ssl;
-
-import java.security.*;
-
-/**
- * This class acts as a factory for trust managers based on a
- * source of trust material. Each trust manager manages a specific
- * type of trust material for use by secure sockets. The trust
- * material is based on a KeyStore and/or provider specific sources.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.TrustManagerFactory}.
- */
-@Deprecated(since="1.4")
-public class TrustManagerFactory {
- // The provider
- private Provider provider;
-
- // The provider implementation (delegate)
- private TrustManagerFactorySpi factorySpi;
-
- // The name of the trust management algorithm.
- private String algorithm;
-
- /**
- * <p>The default TrustManager can be changed by setting the value of the
- * {@code sun.ssl.trustmanager.type} security property to the desired name.
- *
- * @return the default type as specified by the
- * {@code sun.ssl.trustmanager.type} security property, or an
- * implementation-specific default if no such property exists.
- *
- * @see java.security.Security security properties
- */
- public static final String getDefaultAlgorithm() {
- String type;
- type = AccessController.doPrivileged(new PrivilegedAction<>() {
- public String run() {
- return Security.getProperty("sun.ssl.trustmanager.type");
- }
- });
- if (type == null) {
- type = "SunX509";
- }
- return type;
-
- }
-
- /**
- * Creates a TrustManagerFactory object.
- *
- * @param factorySpi the delegate
- * @param provider the provider
- * @param algorithm the algorithm
- */
- protected TrustManagerFactory(TrustManagerFactorySpi factorySpi,
- Provider provider, String algorithm) {
- this.factorySpi = factorySpi;
- this.provider = provider;
- this.algorithm = algorithm;
- }
-
- /**
- * Returns the algorithm name of this <code>TrustManagerFactory</code>
- * object.
- *
- * <p>This is the same name that was specified in one of the
- * <code>getInstance</code> calls that created this
- * <code>TrustManagerFactory</code> object.
- *
- * @return the algorithm name of this <code>TrustManagerFactory</code>
- * object.
- */
- public final String getAlgorithm() {
- return this.algorithm;
- }
-
- /**
- * Generates a <code>TrustManagerFactory</code> object that implements the
- * specified trust management algorithm.
- * If the default provider package provides an implementation of the
- * requested trust management algorithm, an instance of
- * <code>TrustManagerFactory</code> containing that implementation is
- * returned. If the algorithm is not available in the default provider
- * package, other provider packages are searched.
- *
- * @param algorithm the standard name of the requested trust management
- * algorithm.
- *
- * @return the new <code>TrustManagerFactory</code> object
- *
- * @exception NoSuchAlgorithmException if the specified algorithm is not
- * available in the default provider package or any of the other provider
- * packages that were searched.
- */
- public static final TrustManagerFactory getInstance(String algorithm)
- throws NoSuchAlgorithmException
- {
- try {
- Object[] objs = SSLSecurity.getImpl(algorithm,
- "TrustManagerFactory", (String) null);
- return new TrustManagerFactory((TrustManagerFactorySpi)objs[0],
- (Provider)objs[1],
- algorithm);
- } catch (NoSuchProviderException e) {
- throw new NoSuchAlgorithmException(algorithm + " not found");
- }
- }
-
- /**
- * Generates a <code>TrustManagerFactory</code> object for the specified
- * trust management algorithm from the specified provider.
- *
- * @param algorithm the standard name of the requested trust management
- * algorithm.
- * @param provider the name of the provider
- *
- * @return the new <code>TrustManagerFactory</code> object
- *
- * @exception NoSuchAlgorithmException if the specified algorithm is not
- * available from the specified provider.
- * @exception NoSuchProviderException if the specified provider has not
- * been configured.
- */
- public static final TrustManagerFactory getInstance(String algorithm,
- String provider)
- throws NoSuchAlgorithmException, NoSuchProviderException
- {
- if (provider == null || provider.isEmpty())
- throw new IllegalArgumentException("missing provider");
- Object[] objs = SSLSecurity.getImpl(algorithm, "TrustManagerFactory",
- provider);
- return new TrustManagerFactory((TrustManagerFactorySpi)objs[0],
- (Provider)objs[1], algorithm);
- }
-
- /**
- * Generates a <code>TrustManagerFactory</code> object for the specified
- * trust management algorithm from the specified provider.
- *
- * @param algorithm the standard name of the requested trust management
- * algorithm.
- * @param provider an instance of the provider
- *
- * @return the new <code>TrustManagerFactory</code> object
- *
- * @exception NoSuchAlgorithmException if the specified algorithm is not
- * available from the specified provider.
- */
- public static final TrustManagerFactory getInstance(String algorithm,
- Provider provider)
- throws NoSuchAlgorithmException
- {
- if (provider == null)
- throw new IllegalArgumentException("missing provider");
- Object[] objs = SSLSecurity.getImpl(algorithm, "TrustManagerFactory",
- provider);
- return new TrustManagerFactory((TrustManagerFactorySpi)objs[0],
- (Provider)objs[1], algorithm);
- }
-
- /**
- * Returns the provider of this <code>TrustManagerFactory</code> object.
- *
- * @return the provider of this <code>TrustManagerFactory</code> object
- */
- public final Provider getProvider() {
- return this.provider;
- }
-
-
- /**
- * Initializes this factory with a source of certificate
- * authorities and related trust material. The
- * provider may also include a provider-specific source
- * of key material.
- *
- * @param ks the key store or null
- */
- public void init(KeyStore ks) throws KeyStoreException {
- factorySpi.engineInit(ks);
- }
-
- /**
- * Returns one trust manager for each type of trust material.
- * @return the trust managers
- */
- public TrustManager[] getTrustManagers() {
- return factorySpi.engineGetTrustManagers();
- }
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactorySpi.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.TrustManagerFactorySpi
- */
-
-package com.sun.net.ssl;
-
-import java.security.*;
-
-/**
- * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
- * for the <code>TrustManagerFactory</code> class.
- *
- * <p> All the abstract methods in this class must be implemented by each
- * cryptographic service provider who wishes to supply the implementation
- * of a particular trust manager factory.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.TrustManagerFactorySpi}.
- */
-@Deprecated(since="1.4")
-public abstract class TrustManagerFactorySpi {
- /**
- * Initializes this factory with a source of certificate
- * authorities and related trust material. The
- * provider may also include a provider-specific source
- * of key material.
- *
- * @param ks the key store or null
- */
- protected abstract void engineInit(KeyStore ks) throws KeyStoreException;
-
- /**
- * Returns one trust manager for each type of trust material.
- * @return the trust managers
- */
- protected abstract TrustManager[] engineGetTrustManagers();
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/X509KeyManager.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,109 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.X509KeyManager
- */
-
-package com.sun.net.ssl;
-
-import java.security.KeyManagementException;
-import java.security.PrivateKey;
-import java.security.Principal;
-import java.security.cert.X509Certificate;
-
-/**
- * Instances of this interface manage which X509 certificate-based
- * key pairs are used to authenticate the local side of a secure
- * socket. The individual entries are identified by unique alias names.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.X509KeyManager}.
- */
-@Deprecated(since="1.4")
-public interface X509KeyManager extends KeyManager {
- /**
- * Get the matching aliases for authenticating the client side of a secure
- * socket given the public key type and the list of
- * certificate issuer authorities recognized by the peer (if any).
- *
- * @param keyType the key algorithm type name
- * @param issuers the list of acceptable CA issuer subject names
- * @return the matching alias names
- */
- public String[] getClientAliases(String keyType, Principal[] issuers);
-
- /**
- * Choose an alias to authenticate the client side of a secure
- * socket given the public key type and the list of
- * certificate issuer authorities recognized by the peer (if any).
- *
- * @param keyType the key algorithm type name
- * @param issuers the list of acceptable CA issuer subject names
- * @return the alias name for the desired key
- */
- public String chooseClientAlias(String keyType, Principal[] issuers);
-
- /**
- * Get the matching aliases for authenticating the server side of a secure
- * socket given the public key type and the list of
- * certificate issuer authorities recognized by the peer (if any).
- *
- * @param keyType the key algorithm type name
- * @param issuers the list of acceptable CA issuer subject names
- * @return the matching alias names
- */
- public String[] getServerAliases(String keyType, Principal[] issuers);
-
- /**
- * Choose an alias to authenticate the server side of a secure
- * socket given the public key type and the list of
- * certificate issuer authorities recognized by the peer (if any).
- *
- * @param keyType the key algorithm type name
- * @param issuers the list of acceptable CA issuer subject names
- * @return the alias name for the desired key
- */
- public String chooseServerAlias(String keyType, Principal[] issuers);
-
- /**
- * Returns the certificate chain associated with the given alias.
- *
- * @param alias the alias name
- *
- * @return the certificate chain (ordered with the user's certificate first
- * and the root certificate authority last)
- */
- public X509Certificate[] getCertificateChain(String alias);
-
- /*
- * Returns the key associated with the given alias.
- *
- * @param alias the alias name
- *
- * @return the requested key
- */
- public PrivateKey getPrivateKey(String alias);
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/X509TrustManager.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: this file was copied from javax.net.ssl.X509TrustManager
- */
-
-package com.sun.net.ssl;
-
-import java.security.cert.X509Certificate;
-
-/**
- * Instance of this interface manage which X509 certificates
- * may be used to authenticate the remote side of a secure
- * socket. Decisions may be based on trusted certificate
- * authorities, certificate revocation lists, online
- * status checking or other means.
- *
- * @deprecated As of JDK 1.4, this implementation-specific class was
- * replaced by {@link javax.net.ssl.X509TrustManager}.
- */
-@Deprecated(since="1.4")
-public interface X509TrustManager extends TrustManager {
- /**
- * Given the partial or complete certificate chain
- * provided by the peer, build a certificate path
- * to a trusted root and return true if it can be
- * validated and is trusted for client SSL authentication.
- *
- * @param chain the peer certificate chain
- */
- public boolean isClientTrusted(X509Certificate[] chain);
-
- /**
- * Given the partial or complete certificate chain
- * provided by the peer, build a certificate path
- * to a trusted root and return true if it can be
- * validated and is trusted for server SSL authentication.
- *
- * @param chain the peer certificate chain
- */
- public boolean isServerTrusted(X509Certificate[] chain);
-
- /**
- * Return an array of certificate authority certificates
- * which are trusted for authenticating peers.
- *
- * @return the acceptable CA issuer certificates
- */
- public X509Certificate[] getAcceptedIssuers();
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/Provider.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.net.ssl.internal.ssl;
-
-import sun.security.ssl.SunJSSE;
-
-/**
- * Main class for the SunJSSE provider. The actual code was moved to the
- * class sun.security.ssl.SunJSSE, but for backward compatibility we
- * continue to use this class as the main Provider class.
- */
-@Deprecated(since="9")
-public final class Provider extends SunJSSE {
-
- private static final long serialVersionUID = 3231825739635378733L;
-
- // standard constructor
- public Provider() {
- super();
- }
-
- /**
- * Installs the JSSE provider.
- */
- public static synchronized void install() {
- /* nop. Remove this method in the future. */
- }
-
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/X509ExtendedTrustManager.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,123 +0,0 @@
-/*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.net.ssl.internal.ssl;
-
-import javax.net.ssl.X509TrustManager;
-
-import java.security.cert.X509Certificate;
-import java.security.cert.CertificateException;
-
-/**
- * Instance of this class is an extension of <code>X509TrustManager</code>.
- * <p>
- * Note that this class is referenced by the Deploy workspace. Any updates
- * must make sure that they do not cause any breakage there.
- * <p>
- * It takes the responsiblity of checking the peer identity with its
- * principal declared in the cerificate.
- * <p>
- * The class provides an alternative to <code>HostnameVerifer</code>.
- * If application customizes its <code>HostnameVerifer</code> for
- * <code>HttpsURLConnection</code>, the peer identity will be checked
- * by the customized <code>HostnameVerifer</code>; otherwise, it will
- * be checked by the extended trust manager.
- * <p>
- * RFC2830 defines the server identification specification for "LDAP"
- * algorithm. RFC2818 defines both the server identification and the
- * client identification specification for "HTTPS" algorithm.
- *
- * @see X509TrustManager
- * @see HostnameVerifier
- *
- * @since 1.6
- * @author Xuelei Fan
- */
-@Deprecated(since="9")
-public abstract class X509ExtendedTrustManager implements X509TrustManager {
- /**
- * Constructor used by subclasses only.
- */
- protected X509ExtendedTrustManager() {
- }
-
- /**
- * Given the partial or complete certificate chain provided by the
- * peer, check its identity and build a certificate path to a trusted
- * root, return if it can be validated and is trusted for client SSL
- * authentication based on the authentication type.
- * <p>
- * The authentication type is determined by the actual certificate
- * used. For instance, if RSAPublicKey is used, the authType
- * should be "RSA". Checking is case-sensitive.
- * <p>
- * The algorithm parameter specifies the client identification protocol
- * to use. If the algorithm and the peer hostname are available, the
- * peer hostname is checked against the peer's identity presented in
- * the X509 certificate, in order to prevent masquerade attacks.
- *
- * @param chain the peer certificate chain
- * @param authType the authentication type based on the client certificate
- * @param hostname the peer hostname
- * @param algorithm the identification algorithm
- * @throws IllegalArgumentException if null or zero-length chain
- * is passed in for the chain parameter or if null or zero-length
- * string is passed in for the authType parameter
- * @throws CertificateException if the certificate chain is not trusted
- * by this TrustManager.
- */
- public abstract void checkClientTrusted(X509Certificate[] chain,
- String authType, String hostname, String algorithm)
- throws CertificateException;
-
- /**
- * Given the partial or complete certificate chain provided by the
- * peer, check its identity and build a certificate path to a trusted
- * root, return if it can be validated and is trusted for server SSL
- * authentication based on the authentication type.
- * <p>
- * The authentication type is the key exchange algorithm portion
- * of the cipher suites represented as a String, such as "RSA",
- * "DHE_DSS". Checking is case-sensitive.
- * <p>
- * The algorithm parameter specifies the server identification protocol
- * to use. If the algorithm and the peer hostname are available, the
- * peer hostname is checked against the peer's identity presented in
- * the X509 certificate, in order to prevent masquerade attacks.
- *
- * @param chain the peer certificate chain
- * @param authType the key exchange algorithm used
- * @param hostname the peer hostname
- * @param algorithm the identification algorithm
- * @throws IllegalArgumentException if null or zero-length chain
- * is passed in for the chain parameter or if null or zero-length
- * string is passed in for the authType parameter
- * @throws CertificateException if the certificate chain is not trusted
- * by this TrustManager.
- */
- public abstract void checkServerTrusted(X509Certificate[] chain,
- String authType, String hostname, String algorithm)
- throws CertificateException;
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,178 +0,0 @@
-/*
- * Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.net.ssl.internal.www.protocol.https;
-
-import java.net.URL;
-import java.net.Proxy;
-import java.io.IOException;
-import java.util.Collection;
-import java.util.List;
-import java.util.Iterator;
-
-import java.security.Principal;
-import java.security.cert.*;
-
-import javax.security.auth.x500.X500Principal;
-
-import sun.security.util.HostnameChecker;
-import sun.security.util.DerValue;
-import sun.security.x509.X500Name;
-
-import sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection;
-
-/**
- * This class was introduced to provide an additional level of
- * abstraction between javax.net.ssl.HttpURLConnection and
- * com.sun.net.ssl.HttpURLConnection objects. <p>
- *
- * javax.net.ssl.HttpURLConnection is used in the new sun.net version
- * of protocol implementation (this one)
- * com.sun.net.ssl.HttpURLConnection is used in the com.sun version.
- *
- */
-@Deprecated(since="9")
-@SuppressWarnings("deprecation") // HttpsURLConnection is deprecated
-public class DelegateHttpsURLConnection extends AbstractDelegateHttpsURLConnection {
-
- // we need a reference to the HttpsURLConnection to get
- // the properties set there
- // we also need it to be public so that it can be referenced
- // from sun.net.www.protocol.http.HttpURLConnection
- // this is for ResponseCache.put(URI, URLConnection)
- // second parameter needs to be cast to javax.net.ssl.HttpsURLConnection
- // instead of AbstractDelegateHttpsURLConnection
-
- public com.sun.net.ssl.HttpsURLConnection httpsURLConnection;
-
- DelegateHttpsURLConnection(URL url,
- sun.net.www.protocol.http.Handler handler,
- com.sun.net.ssl.HttpsURLConnection httpsURLConnection)
- throws IOException {
- this(url, null, handler, httpsURLConnection);
- }
-
- DelegateHttpsURLConnection(URL url, Proxy p,
- sun.net.www.protocol.http.Handler handler,
- com.sun.net.ssl.HttpsURLConnection httpsURLConnection)
- throws IOException {
- super(url, p, handler);
- this.httpsURLConnection = httpsURLConnection;
- }
-
- protected javax.net.ssl.SSLSocketFactory getSSLSocketFactory() {
- return httpsURLConnection.getSSLSocketFactory();
- }
-
- protected javax.net.ssl.HostnameVerifier getHostnameVerifier() {
- // note: getHostnameVerifier() never returns null
- return new VerifierWrapper(httpsURLConnection.getHostnameVerifier());
- }
-
- /*
- * Called by layered delegator's finalize() method to handle closing
- * the underlying object.
- */
- protected void dispose() throws Throwable {
- super.finalize();
- }
-}
-
-class VerifierWrapper implements javax.net.ssl.HostnameVerifier {
- @SuppressWarnings("deprecation")
- private com.sun.net.ssl.HostnameVerifier verifier;
-
- @SuppressWarnings("deprecation")
- VerifierWrapper(com.sun.net.ssl.HostnameVerifier verifier) {
- this.verifier = verifier;
- }
-
- /*
- * In com.sun.net.ssl.HostnameVerifier the method is defined
- * as verify(String urlHostname, String certHostname).
- * This means we need to extract the hostname from the X.509 certificate
- * in this wrapper.
- */
- public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
- try {
- Certificate[] serverChain = session.getPeerCertificates();
- if ((serverChain == null) || (serverChain.length == 0)) {
- return false;
- }
- if (serverChain[0] instanceof X509Certificate == false) {
- return false;
- }
- X509Certificate serverCert = (X509Certificate)serverChain[0];
- String serverName = getServername(serverCert);
- if (serverName == null) {
- return false;
- }
- return verifier.verify(hostname, serverName);
- } catch (javax.net.ssl.SSLPeerUnverifiedException e) {
- return false;
- }
- }
-
- /*
- * Extract the name of the SSL server from the certificate.
- *
- * Note this code is essentially a subset of the hostname extraction
- * code in HostnameChecker.
- */
- private static String getServername(X509Certificate peerCert) {
- try {
- // compare to subjectAltNames if dnsName is present
- Collection<List<?>> subjAltNames = peerCert.getSubjectAlternativeNames();
- if (subjAltNames != null) {
- for (Iterator<List<?>> itr = subjAltNames.iterator(); itr.hasNext(); ) {
- List<?> next = itr.next();
- if (((Integer)next.get(0)).intValue() == 2) {
- // compare dNSName with host in url
- String dnsName = ((String)next.get(1));
- return dnsName;
- }
- }
- }
-
- // else check against common name in the subject field
- X500Name subject = HostnameChecker.getSubjectX500Name(peerCert);
-
- DerValue derValue = subject.findMostSpecificAttribute
- (X500Name.commonName_oid);
- if (derValue != null) {
- try {
- String name = derValue.getAsString();
- return name;
- } catch (IOException e) {
- // ignore
- }
- }
- } catch (java.security.cert.CertificateException e) {
- // ignore
- }
- return null;
- }
-
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/Handler.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.sun.net.ssl.internal.www.protocol.https;
-
-import java.io.IOException;
-import java.net.URL;
-import java.net.Proxy;
-
-/**
- * This class exists for compatibility with previous JSSE releases
- * only. The HTTPS implementation can now be found in
- * sun.net.www.protocol.https.
- *
- */
-@Deprecated(since="9")
-public class Handler extends sun.net.www.protocol.https.Handler {
-
- public Handler() {
- super();
- }
-
- public Handler(String proxy, int port) {
- super(proxy, port);
- }
-
- protected java.net.URLConnection openConnection(URL u) throws IOException {
- return openConnection(u, (Proxy)null);
- }
-
- protected java.net.URLConnection openConnection(URL u, Proxy p) throws IOException {
- return new HttpsURLConnectionOldImpl(u, p, this);
- }
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,506 +0,0 @@
-/*
- * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * NOTE: This class lives in the package sun.net.www.protocol.https.
- * There is a copy in com.sun.net.ssl.internal.www.protocol.https for JSSE
- * 1.0.2 compatibility. It is 100% identical except the package and extends
- * lines. Any changes should be made to be class in sun.net.* and then copied
- * to com.sun.net.*.
- */
-
-// For both copies of the file, uncomment one line and comment the other
-// package sun.net.www.protocol.https;
-package com.sun.net.ssl.internal.www.protocol.https;
-
-import java.net.URL;
-import java.net.Proxy;
-import java.net.ProtocolException;
-import java.net.MalformedURLException;
-import java.io.*;
-import java.net.Authenticator;
-import javax.net.ssl.*;
-import java.security.Permission;
-import java.util.Map;
-import java.util.List;
-import sun.net.www.http.HttpClient;
-
-/**
- * A class to represent an HTTP connection to a remote object.
- *
- * Ideally, this class should subclass and inherit the http handler
- * implementation, but it can't do so because that class have the
- * wrong Java Type. Thus it uses the delegate (aka, the
- * Adapter/Wrapper design pattern) to reuse code from the http
- * handler.
- *
- * Since it would use a delegate to access
- * sun.net.www.protocol.http.HttpURLConnection functionalities, it
- * needs to implement all public methods in it's super class and all
- * the way to Object.
- *
- */
-
-// For both copies of the file, uncomment one line and comment the other
-// public class HttpsURLConnectionImpl
-// extends javax.net.ssl.HttpsURLConnection {
-@Deprecated(since="9")
-@SuppressWarnings("deprecation") // HttpsURLConnection is deprecated
-public class HttpsURLConnectionOldImpl
- extends com.sun.net.ssl.HttpsURLConnection {
-
- private DelegateHttpsURLConnection delegate;
-
-// For both copies of the file, uncomment one line and comment the other
-// HttpsURLConnectionImpl(URL u, Handler handler) throws IOException {
- HttpsURLConnectionOldImpl(URL u, Handler handler) throws IOException {
- this(u, null, handler);
- }
-
- static URL checkURL(URL u) throws IOException {
- if (u != null) {
- if (u.toExternalForm().indexOf('\n') > -1) {
- throw new MalformedURLException("Illegal character in URL");
- }
- }
- return u;
- }
-// For both copies of the file, uncomment one line and comment the other
-// HttpsURLConnectionImpl(URL u, Handler handler) throws IOException {
- HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException {
- super(checkURL(u));
- delegate = new DelegateHttpsURLConnection(url, p, handler, this);
- }
-
- /**
- * Create a new HttpClient object, bypassing the cache of
- * HTTP client objects/connections.
- *
- * @param url the URL being accessed
- */
- protected void setNewClient(URL url) throws IOException {
- delegate.setNewClient(url, false);
- }
-
- /**
- * Obtain a HttpClient object. Use the cached copy if specified.
- *
- * @param url the URL being accessed
- * @param useCache whether the cached connection should be used
- * if present
- */
- protected void setNewClient(URL url, boolean useCache)
- throws IOException {
- delegate.setNewClient(url, useCache);
- }
-
- /**
- * Create a new HttpClient object, set up so that it uses
- * per-instance proxying to the given HTTP proxy. This
- * bypasses the cache of HTTP client objects/connections.
- *
- * @param url the URL being accessed
- * @param proxyHost the proxy host to use
- * @param proxyPort the proxy port to use
- */
- protected void setProxiedClient(URL url, String proxyHost, int proxyPort)
- throws IOException {
- delegate.setProxiedClient(url, proxyHost, proxyPort);
- }
-
- /**
- * Obtain a HttpClient object, set up so that it uses per-instance
- * proxying to the given HTTP proxy. Use the cached copy of HTTP
- * client objects/connections if specified.
- *
- * @param url the URL being accessed
- * @param proxyHost the proxy host to use
- * @param proxyPort the proxy port to use
- * @param useCache whether the cached connection should be used
- * if present
- */
- protected void setProxiedClient(URL url, String proxyHost, int proxyPort,
- boolean useCache) throws IOException {
- delegate.setProxiedClient(url, proxyHost, proxyPort, useCache);
- }
-
- /**
- * Implements the HTTP protocol handler's "connect" method,
- * establishing an SSL connection to the server as necessary.
- */
- public void connect() throws IOException {
- delegate.connect();
- }
-
- /**
- * Used by subclass to access "connected" variable. Since we are
- * delegating the actual implementation to "delegate", we need to
- * delegate the access of "connected" as well.
- */
- protected boolean isConnected() {
- return delegate.isConnected();
- }
-
- /**
- * Used by subclass to access "connected" variable. Since we are
- * delegating the actual implementation to "delegate", we need to
- * delegate the access of "connected" as well.
- */
- protected void setConnected(boolean conn) {
- delegate.setConnected(conn);
- }
-
- /**
- * Returns the cipher suite in use on this connection.
- */
- public String getCipherSuite() {
- return delegate.getCipherSuite();
- }
-
- /**
- * Returns the certificate chain the client sent to the
- * server, or null if the client did not authenticate.
- */
- public java.security.cert.Certificate []
- getLocalCertificates() {
- return delegate.getLocalCertificates();
- }
-
- /**
- * Returns the server's certificate chain, or throws
- * SSLPeerUnverified Exception if
- * the server did not authenticate.
- */
- public java.security.cert.Certificate []
- getServerCertificates() throws SSLPeerUnverifiedException {
- return delegate.getServerCertificates();
- }
-
- /*
- * Allowable input/output sequences:
- * [interpreted as POST/PUT]
- * - get output, [write output,] get input, [read input]
- * - get output, [write output]
- * [interpreted as GET]
- * - get input, [read input]
- * Disallowed:
- * - get input, [read input,] get output, [write output]
- */
-
- public synchronized OutputStream getOutputStream() throws IOException {
- return delegate.getOutputStream();
- }
-
- public synchronized InputStream getInputStream() throws IOException {
- return delegate.getInputStream();
- }
-
- public InputStream getErrorStream() {
- return delegate.getErrorStream();
- }
-
- /**
- * Disconnect from the server.
- */
- public void disconnect() {
- delegate.disconnect();
- }
-
- public boolean usingProxy() {
- return delegate.usingProxy();
- }
-
- /**
- * Returns an unmodifiable Map of the header fields.
- * The Map keys are Strings that represent the
- * response-header field names. Each Map value is an
- * unmodifiable List of Strings that represents
- * the corresponding field values.
- *
- * @return a Map of header fields
- * @since 1.4
- */
- public Map<String,List<String>> getHeaderFields() {
- return delegate.getHeaderFields();
- }
-
- /**
- * Gets a header field by name. Returns null if not known.
- * @param name the name of the header field
- */
- public String getHeaderField(String name) {
- return delegate.getHeaderField(name);
- }
-
- /**
- * Gets a header field by index. Returns null if not known.
- * @param n the index of the header field
- */
- public String getHeaderField(int n) {
- return delegate.getHeaderField(n);
- }
-
- /**
- * Gets a header field by index. Returns null if not known.
- * @param n the index of the header field
- */
- public String getHeaderFieldKey(int n) {
- return delegate.getHeaderFieldKey(n);
- }
-
- /**
- * Sets request property. If a property with the key already
- * exists, overwrite its value with the new value.
- * @param value the value to be set
- */
- public void setRequestProperty(String key, String value) {
- delegate.setRequestProperty(key, value);
- }
-
- /**
- * Adds a general request property specified by a
- * key-value pair. This method will not overwrite
- * existing values associated with the same key.
- *
- * @param key the keyword by which the request is known
- * (e.g., "<code>accept</code>").
- * @param value the value associated with it.
- * @see #getRequestProperties(java.lang.String)
- * @since 1.4
- */
- public void addRequestProperty(String key, String value) {
- delegate.addRequestProperty(key, value);
- }
-
- /**
- * Overwrite super class method
- */
- public int getResponseCode() throws IOException {
- return delegate.getResponseCode();
- }
-
- public String getRequestProperty(String key) {
- return delegate.getRequestProperty(key);
- }
-
- /**
- * Returns an unmodifiable Map of general request
- * properties for this connection. The Map keys
- * are Strings that represent the request-header
- * field names. Each Map value is a unmodifiable List
- * of Strings that represents the corresponding
- * field values.
- *
- * @return a Map of the general request properties for this connection.
- * @throws IllegalStateException if already connected
- * @since 1.4
- */
- public Map<String,List<String>> getRequestProperties() {
- return delegate.getRequestProperties();
- }
-
- /*
- * We support JDK 1.2.x so we can't count on these from JDK 1.3.
- * We override and supply our own version.
- */
- public void setInstanceFollowRedirects(boolean shouldFollow) {
- delegate.setInstanceFollowRedirects(shouldFollow);
- }
-
- public boolean getInstanceFollowRedirects() {
- return delegate.getInstanceFollowRedirects();
- }
-
- public void setRequestMethod(String method) throws ProtocolException {
- delegate.setRequestMethod(method);
- }
-
- public String getRequestMethod() {
- return delegate.getRequestMethod();
- }
-
- public String getResponseMessage() throws IOException {
- return delegate.getResponseMessage();
- }
-
- public long getHeaderFieldDate(String name, long Default) {
- return delegate.getHeaderFieldDate(name, Default);
- }
-
- public Permission getPermission() throws IOException {
- return delegate.getPermission();
- }
-
- public URL getURL() {
- return delegate.getURL();
- }
-
- public int getContentLength() {
- return delegate.getContentLength();
- }
-
- public long getContentLengthLong() {
- return delegate.getContentLengthLong();
- }
-
- public String getContentType() {
- return delegate.getContentType();
- }
-
- public String getContentEncoding() {
- return delegate.getContentEncoding();
- }
-
- public long getExpiration() {
- return delegate.getExpiration();
- }
-
- public long getDate() {
- return delegate.getDate();
- }
-
- public long getLastModified() {
- return delegate.getLastModified();
- }
-
- public int getHeaderFieldInt(String name, int Default) {
- return delegate.getHeaderFieldInt(name, Default);
- }
-
- public long getHeaderFieldLong(String name, long Default) {
- return delegate.getHeaderFieldLong(name, Default);
- }
-
- public Object getContent() throws IOException {
- return delegate.getContent();
- }
-
- @SuppressWarnings("rawtypes")
- public Object getContent(Class[] classes) throws IOException {
- return delegate.getContent(classes);
- }
-
- public String toString() {
- return delegate.toString();
- }
-
- public void setDoInput(boolean doinput) {
- delegate.setDoInput(doinput);
- }
-
- public boolean getDoInput() {
- return delegate.getDoInput();
- }
-
- public void setDoOutput(boolean dooutput) {
- delegate.setDoOutput(dooutput);
- }
-
- public boolean getDoOutput() {
- return delegate.getDoOutput();
- }
-
- public void setAllowUserInteraction(boolean allowuserinteraction) {
- delegate.setAllowUserInteraction(allowuserinteraction);
- }
-
- public boolean getAllowUserInteraction() {
- return delegate.getAllowUserInteraction();
- }
-
- public void setUseCaches(boolean usecaches) {
- delegate.setUseCaches(usecaches);
- }
-
- public boolean getUseCaches() {
- return delegate.getUseCaches();
- }
-
- public void setIfModifiedSince(long ifmodifiedsince) {
- delegate.setIfModifiedSince(ifmodifiedsince);
- }
-
- public long getIfModifiedSince() {
- return delegate.getIfModifiedSince();
- }
-
- public boolean getDefaultUseCaches() {
- return delegate.getDefaultUseCaches();
- }
-
- public void setDefaultUseCaches(boolean defaultusecaches) {
- delegate.setDefaultUseCaches(defaultusecaches);
- }
-
- /*
- * finalize (dispose) the delegated object. Otherwise
- * sun.net.www.protocol.http.HttpURLConnection's finalize()
- * would have to be made public.
- */
- protected void finalize() throws Throwable {
- delegate.dispose();
- }
-
- public boolean equals(Object obj) {
- return delegate.equals(obj);
- }
-
- public int hashCode() {
- return delegate.hashCode();
- }
-
- public void setConnectTimeout(int timeout) {
- delegate.setConnectTimeout(timeout);
- }
-
- public int getConnectTimeout() {
- return delegate.getConnectTimeout();
- }
-
- public void setReadTimeout(int timeout) {
- delegate.setReadTimeout(timeout);
- }
-
- public int getReadTimeout() {
- return delegate.getReadTimeout();
- }
-
- public void setFixedLengthStreamingMode (int contentLength) {
- delegate.setFixedLengthStreamingMode(contentLength);
- }
-
- public void setFixedLengthStreamingMode(long contentLength) {
- delegate.setFixedLengthStreamingMode(contentLength);
- }
-
- public void setChunkedStreamingMode (int chunklen) {
- delegate.setChunkedStreamingMode(chunklen);
- }
-
- @Override
- public void setAuthenticator(Authenticator auth) {
- delegate.setAuthenticator(auth);
- }
-}
--- a/src/java.base/share/classes/com/sun/net/ssl/package-info.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,31 +0,0 @@
-/*
- * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/**
- * Provides classes related to creating and configuring secure socket
- * factories. These classes are used with the Sun reference
- * implementation of the Java Secure Socket Extension (JSSE).
- */
-package com.sun.net.ssl;
--- a/src/java.base/share/classes/java/security/Security.java Fri Mar 01 08:14:29 2019 -0500
+++ b/src/java.base/share/classes/java/security/Security.java Fri Mar 01 08:35:14 2019 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -201,7 +201,7 @@
private static void initializeStatic() {
props.put("security.provider.1", "sun.security.provider.Sun");
props.put("security.provider.2", "sun.security.rsa.SunRsaSign");
- props.put("security.provider.3", "com.sun.net.ssl.internal.ssl.Provider");
+ props.put("security.provider.3", "sun.security.ssl.SunJSSE");
props.put("security.provider.4", "com.sun.crypto.provider.SunJCE");
props.put("security.provider.5", "sun.security.jgss.SunProvider");
props.put("security.provider.6", "com.sun.security.sasl.Provider");
--- a/src/java.base/share/classes/java/security/Signature.java Fri Mar 01 08:14:29 2019 -0500
+++ b/src/java.base/share/classes/java/security/Signature.java Fri Mar 01 08:35:14 2019 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -285,7 +285,6 @@
signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSAPSSSignature", TRUE);
- signatureInfo.put("com.sun.net.ssl.internal.ssl.RSASignature", TRUE);
signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE);
}
--- a/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java Fri Mar 01 08:14:29 2019 -0500
+++ b/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java Fri Mar 01 08:35:14 2019 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -71,10 +71,6 @@
* Create a new HttpClient object, bypassing the cache of
* HTTP client objects/connections.
*
- * Note: this method is changed from protected to public because
- * the com.sun.ssl.internal.www.protocol.https handler reuses this
- * class for its actual implemantation
- *
* @param url the URL being accessed
*/
public void setNewClient (URL url)
@@ -85,10 +81,6 @@
/**
* Obtain a HttpClient object. Use the cached copy if specified.
*
- * Note: this method is changed from protected to public because
- * the com.sun.ssl.internal.www.protocol.https handler reuses this
- * class for its actual implemantation
- *
* @param url the URL being accessed
* @param useCache whether the cached connection should be used
* if present
@@ -107,10 +99,6 @@
* per-instance proxying to the given HTTP proxy. This
* bypasses the cache of HTTP client objects/connections.
*
- * Note: this method is changed from protected to public because
- * the com.sun.ssl.internal.www.protocol.https handler reuses this
- * class for its actual implemantation
- *
* @param url the URL being accessed
* @param proxyHost the proxy host to use
* @param proxyPort the proxy port to use
@@ -125,10 +113,6 @@
* proxying to the given HTTP proxy. Use the cached copy of HTTP
* client objects/connections if specified.
*
- * Note: this method is changed from protected to public because
- * the com.sun.ssl.internal.www.protocol.https handler reuses this
- * class for its actual implemantation
- *
* @param url the URL being accessed
* @param proxyHost the proxy host to use
* @param proxyPort the proxy port to use
--- a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java Fri Mar 01 08:14:29 2019 -0500
+++ b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java Fri Mar 01 08:35:14 2019 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,17 +23,7 @@
* questions.
*/
-/*
- * NOTE: This class lives in the package sun.net.www.protocol.https.
- * There is a copy in com.sun.net.ssl.internal.www.protocol.https for JSSE
- * 1.0.2 compatibility. It is 100% identical except the package and extends
- * lines. Any changes should be made to be class in sun.net.* and then copied
- * to com.sun.net.*.
- */
-
-// For both copies of the file, uncomment one line and comment the other
package sun.net.www.protocol.https;
-// package com.sun.net.ssl.internal.www.protocol.https;
import java.net.URL;
import java.net.Proxy;
@@ -64,21 +54,13 @@
* the way to Object.
*
*/
-
-// For both copies of the file, uncomment one line and comment the
-// other. The differences between the two copies are introduced for
-// plugin, and it is marked as such.
public class HttpsURLConnectionImpl
extends javax.net.ssl.HttpsURLConnection {
-// public class HttpsURLConnectionOldImpl
-// extends com.sun.net.ssl.HttpsURLConnection {
// NOTE: made protected for plugin so that subclass can set it.
protected DelegateHttpsURLConnection delegate;
-// For both copies of the file, uncomment one line and comment the other
HttpsURLConnectionImpl(URL u, Handler handler) throws IOException {
-// HttpsURLConnectionOldImpl(URL u, Handler handler) throws IOException {
this(u, null, handler);
}
@@ -90,9 +72,8 @@
}
return u;
}
-// For both copies of the file, uncomment one line and comment the other
+
HttpsURLConnectionImpl(URL u, Proxy p, Handler handler) throws IOException {
-// HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException {
super(checkURL(u));
delegate = new DelegateHttpsURLConnection(url, p, handler, this);
}
--- a/src/java.base/share/classes/sun/security/jca/ProviderConfig.java Fri Mar 01 08:14:29 2019 -0500
+++ b/src/java.base/share/classes/sun/security/jca/ProviderConfig.java Fri Mar 01 08:35:14 2019 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -178,8 +178,12 @@
p = new sun.security.rsa.SunRsaSign();
} else if (provName.equals("SunJCE") || provName.equals("com.sun.crypto.provider.SunJCE")) {
p = new com.sun.crypto.provider.SunJCE();
- } else if (provName.equals("SunJSSE") || provName.equals("com.sun.net.ssl.internal.ssl.Provider")) {
- p = new com.sun.net.ssl.internal.ssl.Provider();
+ } else if (provName.equals("SunJSSE") ||
+ provName.equals("com.sun.net.ssl.internal.ssl.Provider")) {
+ // com.sun.net.ssl.internal.ssl.Provider is the legacy SunJSSE
+ // provider implementation. For compatibility, let's continue to
+ // support the legacy name for a while.
+ p = new sun.security.ssl.SunJSSE();
} else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) {
// need to use reflection since this class only exists on MacOsx
p = AccessController.doPrivileged(new PrivilegedAction<Provider>() {
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Fri Mar 01 08:14:29 2019 -0500
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Fri Mar 01 08:35:14 2019 -0800
@@ -58,7 +58,7 @@
* FIPS mode.
*
*/
-public abstract class SunJSSE extends java.security.Provider {
+public class SunJSSE extends java.security.Provider {
private static final long serialVersionUID = 3231825739635378733L;
@@ -66,9 +66,8 @@
"(PKCS12, SunX509/PKIX key/trust factories, " +
"SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3/DTLSv1.0/DTLSv1.2)";
- protected SunJSSE() {
+ public SunJSSE() {
super("SunJSSE", PROVIDER_VER, info);
- subclassCheck();
registerAlgorithms();
}
@@ -136,12 +135,4 @@
ps("KeyStore", "PKCS12",
"sun.security.pkcs12.PKCS12KeyStore", null, null);
}
-
- // com.sun.net.ssl.internal.ssl.Provider has been deprecated since JDK 9
- @SuppressWarnings("deprecation")
- private void subclassCheck() {
- if (getClass() != com.sun.net.ssl.internal.ssl.Provider.class) {
- throw new AssertionError("Illegal subclass: " + getClass());
- }
- }
}
--- a/test/jdk/TEST.groups Fri Mar 01 08:14:29 2019 -0500
+++ b/test/jdk/TEST.groups Fri Mar 01 08:35:14 2019 -0800
@@ -1,4 +1,4 @@
-# Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -214,8 +214,7 @@
sun/security \
-sun/security/krb5 \
-sun/security/jgss \
- javax/net \
- com/sun/net/ssl
+ javax/net
jdk_security4 = \
com/sun/security/jgss \
--- a/test/jdk/com/sun/net/ssl/SSLSecurity/ComKeyManagerFactoryImpl.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,41 +0,0 @@
-/*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-import java.security.*;
-import com.sun.net.ssl.*;
-
-public class ComKeyManagerFactoryImpl extends KeyManagerFactorySpi {
-
- public ComKeyManagerFactoryImpl() {
- System.out.println("ComKeyManagerFactoryImpl initialized");
- }
-
- protected void engineInit(KeyStore ks, char [] password)
- throws KeyStoreException {
- System.out.println("ComKeyManagerFactoryImpl init'd");
- }
-
- protected KeyManager[] engineGetKeyManagers() {
- return null;
- }
-}
--- a/test/jdk/com/sun/net/ssl/SSLSecurity/ComSSLContextImpl.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-import java.security.*;
-import com.sun.net.ssl.*;
-
-public class ComSSLContextImpl extends SSLContextSpi {
-
- public ComSSLContextImpl() {
- System.out.println("ComSSLContextImpl initialized");
- }
-
- protected void engineInit(KeyManager[] km,
- TrustManager[] tm, SecureRandom sr) throws KeyManagementException {
- System.out.println("ComSSLContextImpl init'd");
- }
-
- protected javax.net.ssl.SSLSocketFactory engineGetSocketFactory() {
- return null;
- }
-
- protected javax.net.ssl.SSLServerSocketFactory
- engineGetServerSocketFactory() {
- return null;
- }
-
-}
--- a/test/jdk/com/sun/net/ssl/SSLSecurity/ComTrustManagerFactoryImpl.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-import java.security.*;
-import com.sun.net.ssl.*;
-
-public class ComTrustManagerFactoryImpl extends TrustManagerFactorySpi {
-
- public ComTrustManagerFactoryImpl() {
- System.out.println("ComTrustManagerFactoryImpl initialized");
- }
-
- protected void engineInit(KeyStore ks) throws KeyStoreException {
- System.out.println("ComTrustManagerFactoryImpl init'd");
- }
-
- protected TrustManager[] engineGetTrustManagers() {
- return null;
- }
-}
--- a/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxKeyManagerFactoryImpl.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-import java.security.*;
-import javax.net.ssl.*;
-
-public class JavaxKeyManagerFactoryImpl extends KeyManagerFactorySpi {
-
- public JavaxKeyManagerFactoryImpl () {
- System.out.println("JavaxKeyManagerFactoryImpl initialized");
- }
-
- protected void engineInit(KeyStore ks, char[] passwd)
- throws KeyStoreException {
- System.out.println("JavaxKeyManagerFactoryImpl init'd");
- }
-
- protected void engineInit(ManagerFactoryParameters spec)
- throws InvalidAlgorithmParameterException {
- }
-
- protected KeyManager[] engineGetKeyManagers() {
- return null;
- }
-}
--- a/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxSSLContextImpl.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-import java.security.*;
-import javax.net.ssl.*;
-
-public class JavaxSSLContextImpl extends SSLContextSpi {
-
- public JavaxSSLContextImpl() {
- System.out.println("JavaxSSLContextImpl initialized");
- }
-
- protected void engineInit(KeyManager[] km,
- TrustManager[] tm, SecureRandom sr) throws KeyManagementException {
- System.out.println("JavaxSSLContextImpl init'd");
- }
-
- protected SSLEngine engineCreateSSLEngine() {
- return null;
- }
-
- protected SSLEngine engineCreateSSLEngine(String host, int port) {
- return null;
- }
-
- protected SSLSocketFactory engineGetSocketFactory() {
- return null;
- }
-
- protected SSLServerSocketFactory engineGetServerSocketFactory() {
- return null;
- }
-
- protected SSLSessionContext engineGetServerSessionContext() {
- return null;
- }
-
- protected SSLSessionContext engineGetClientSessionContext() {
- return null;
- }
-}
--- a/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxTrustManagerFactoryImpl.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-import java.security.*;
-import javax.net.ssl.*;
-
-public class JavaxTrustManagerFactoryImpl extends TrustManagerFactorySpi {
-
- public JavaxTrustManagerFactoryImpl () {
- System.out.println("JavaxTrustManagerFactoryImpl initialized");
- }
-
- protected void engineInit(KeyStore ks) throws KeyStoreException {
- System.out.println("JavaxTrustManagerFactoryImpl init'd");
- }
-
- protected void engineInit(ManagerFactoryParameters spec)
- throws InvalidAlgorithmParameterException {
- }
-
- protected TrustManager[] engineGetTrustManagers() {
- return null;
- }
-}
--- a/test/jdk/com/sun/net/ssl/SSLSecurity/ProviderTest.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,109 +0,0 @@
-/*
- * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 4667976 8130181
- * @modules java.base/com.sun.net.ssl
- * @compile JavaxSSLContextImpl.java ComSSLContextImpl.java
- * JavaxTrustManagerFactoryImpl.java ComTrustManagerFactoryImpl.java
- * JavaxKeyManagerFactoryImpl.java ComKeyManagerFactoryImpl.java
- * @run main/othervm ProviderTest
- * @summary brokenness in the com.sun.net.ssl.SSLSecurity wrappers
- */
-
-import java.security.*;
-import com.sun.net.ssl.*;
-
-public class ProviderTest {
-
- public static void main(String args[]) throws Exception {
- SSLContext sslc;
- TrustManagerFactory tmf;
- KeyManagerFactory kmf;
-
- Provider extraProvider = new MyProvider();
- Security.addProvider(extraProvider);
- try {
- System.out.println("getting a javax SSLContext");
- sslc = SSLContext.getInstance("javax");
- sslc.init(null, null, null);
- System.out.println("\ngetting a com SSLContext");
- sslc = SSLContext.getInstance("com");
- sslc.init(null, null, null);
-
- System.out.println("\ngetting a javax TrustManagerFactory");
- tmf = TrustManagerFactory.getInstance("javax");
- tmf.init((KeyStore) null);
- System.out.println("\ngetting a com TrustManagerFactory");
- tmf = TrustManagerFactory.getInstance("com");
- tmf.init((KeyStore) null);
-
- System.out.println("\ngetting a javax KeyManagerFactory");
- kmf = KeyManagerFactory.getInstance("javax");
- kmf.init((KeyStore) null, null);
- System.out.println("\ngetting a com KeyManagerFactory");
- kmf = KeyManagerFactory.getInstance("com");
- kmf.init((KeyStore) null, null);
- } finally {
- Security.removeProvider(extraProvider.getName());
- }
- }
-}
-
-class MyProvider extends Provider {
-
- private static String info = "Brad's provider";
-
- /**
- * Installs the JSSE provider.
- */
- public static synchronized void install()
- {
- /* nop. Remove this method in the future. */
- }
-
- public MyProvider()
- {
- super("BRAD", "1.0", info);
-
- AccessController.doPrivileged(new java.security.PrivilegedAction() {
- public Object run() {
-
- put("SSLContext.javax", "JavaxSSLContextImpl");
- put("SSLContext.com", "ComSSLContextImpl");
- put("TrustManagerFactory.javax",
- "JavaxTrustManagerFactoryImpl");
- put("TrustManagerFactory.com",
- "ComTrustManagerFactoryImpl");
- put("KeyManagerFactory.javax",
- "JavaxKeyManagerFactoryImpl");
- put("KeyManagerFactory.com",
- "ComKeyManagerFactoryImpl");
-
- return null;
- }
- });
-
- }
-}
--- a/test/jdk/com/sun/net/ssl/SSLSecurity/TruncateArray.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 4665824
- * @summary JSSE - ClassCastException with 1.4
- * @modules java.base/com.sun.net.ssl
- */
-
-import com.sun.net.ssl.*;
-
-public class TruncateArray {
-
- public static void main(String args[]) throws Exception {
- try {
-
- TrustManager tms [] = new TrustManager [] {
- new MyTM(), new MyTM(), new MyTM() };
-
- KeyManager kms [] = new KeyManager [] {
- new MyKM(), new MyKM(), new MyKM() };
-
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null);
-
- KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
- KeyManager[] km = kmf.getKeyManagers();
-
- TrustManagerFactory tmf =
- TrustManagerFactory.getInstance("SUNX509");
- TrustManager[] tm = tmf.getTrustManagers();
-
- } catch (ClassCastException e) {
- throw e;
- } catch (Throwable e) {
- /*
- * swallow anything else, we only are interested
- * in class casting errors here. For example, we soon
- * may be catching methods called on uninitialized factories.
- */
- System.out.println("Caught something else");
- e.printStackTrace();
- }
- }
-
- static class MyTM implements TrustManager {
- }
-
- static class MyKM implements KeyManager {
- }
-}
--- a/test/jdk/java/security/BasicPermission/Wildcard.java Fri Mar 01 08:14:29 2019 -0500
+++ b/test/jdk/java/security/BasicPermission/Wildcard.java Fri Mar 01 08:35:14 2019 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,8 +33,7 @@
* @summary Check that BasicPermission subclasses don't throw exception if name
* contains wildcard character ("*") but does not signify a
* wildcard match
- * @modules java.base/com.sun.net.ssl
- * java.sql
+ * @modules java.sql
*/
public class Wildcard {
@@ -51,6 +50,5 @@
new SQLPermission(wildcard);
new PropertyPermission(wildcard, "read");
new SSLPermission(wildcard);
- new com.sun.net.ssl.SSLPermission(wildcard);
}
}
--- a/test/jdk/javax/net/ssl/FixingJavadocs/ComURLNulls.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,123 +0,0 @@
-/*
- * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 4387882 4451038
- * @summary Need to revisit the javadocs for JSSE, especially the
- * promoted classes, and HttpsURLConnection.getCipherSuite throws
- * NullPointerException
- * @modules java.base/com.sun.net.ssl
- * java.base/com.sun.net.ssl.internal.www.protocol.https
- * @run main/othervm ComURLNulls
- *
- * SunJSSE does not support dynamic system properties, no way to re-use
- * system properties in samevm/agentvm mode.
- * @author Brad Wetmore
- */
-
-import java.net.*;
-import java.io.*;
-import javax.net.ssl.*;
-import com.sun.net.ssl.HttpsURLConnection;
-import com.sun.net.ssl.HostnameVerifier;
-
-/*
- * Tests that the com null argument changes made it in ok.
- */
-
-public class ComURLNulls {
-
- private static class ComSunHTTPSHandlerFactory implements URLStreamHandlerFactory {
- private static String SUPPORTED_PROTOCOL = "https";
-
- public URLStreamHandler createURLStreamHandler(String protocol) {
- if (!protocol.equalsIgnoreCase(SUPPORTED_PROTOCOL))
- return null;
-
- return new com.sun.net.ssl.internal.www.protocol.https.Handler();
- }
- }
-
- public static void main(String[] args) throws Exception {
- HostnameVerifier reservedHV =
- HttpsURLConnection.getDefaultHostnameVerifier();
- try {
- URL.setURLStreamHandlerFactory(new ComSunHTTPSHandlerFactory());
-
- /**
- * This test does not establish any connection to the specified
- * URL, hence a dummy URL is used.
- */
- URL foobar = new URL("https://example.com/");
-
- HttpsURLConnection urlc =
- (HttpsURLConnection) foobar.openConnection();
-
- try {
- urlc.getCipherSuite();
- } catch (IllegalStateException e) {
- System.out.print("Caught proper exception: ");
- System.out.println(e.getMessage());
- }
-
- try {
- urlc.getServerCertificates();
- } catch (IllegalStateException e) {
- System.out.print("Caught proper exception: ");
- System.out.println(e.getMessage());
- }
-
- try {
- urlc.setDefaultHostnameVerifier(null);
- } catch (IllegalArgumentException e) {
- System.out.print("Caught proper exception: ");
- System.out.println(e.getMessage());
- }
-
- try {
- urlc.setHostnameVerifier(null);
- } catch (IllegalArgumentException e) {
- System.out.print("Caught proper exception: ");
- System.out.println(e.getMessage());
- }
-
- try {
- urlc.setDefaultSSLSocketFactory(null);
- } catch (IllegalArgumentException e) {
- System.out.print("Caught proper exception: ");
- System.out.println(e.getMessage());
- }
-
- try {
- urlc.setSSLSocketFactory(null);
- } catch (IllegalArgumentException e) {
- System.out.print("Caught proper exception");
- System.out.println(e.getMessage());
- }
- System.out.println("TESTS PASSED");
- } finally {
- HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
- }
- }
-}
--- a/test/jdk/javax/net/ssl/GetInstance.java Fri Mar 01 08:14:29 2019 -0500
+++ b/test/jdk/javax/net/ssl/GetInstance.java Fri Mar 01 08:35:14 2019 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,6 @@
* @summary verify getInstance() works using Provider.getService()
* Export "PKIX" as the standard algorithm name of KeyManagerFactory
* @author Andreas Sterbenz
- * @modules java.base/com.sun.net.ssl
*/
import java.security.*;
@@ -113,38 +112,7 @@
tmf = TrustManagerFactory.getInstance("X.509", p);
same(p, tmf.getProvider());
- testComSun();
-
long stop = System.currentTimeMillis();
System.out.println("Done (" + (stop - start) + " ms).");
}
-
- private static void testComSun() throws Exception {
- Provider p = Security.getProvider("SunJSSE");
-
- com.sun.net.ssl.SSLContext context;
- context = com.sun.net.ssl.SSLContext.getInstance("SSL");
- same(p, context.getProvider());
- context = com.sun.net.ssl.SSLContext.getInstance("SSL", "SunJSSE");
- same(p, context.getProvider());
- context = com.sun.net.ssl.SSLContext.getInstance("SSL", p);
- same(p, context.getProvider());
-
- com.sun.net.ssl.KeyManagerFactory kmf;
- kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
- same(p, kmf.getProvider());
- kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509", "SunJSSE");
- same(p, kmf.getProvider());
- kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509", p);
- same(p, kmf.getProvider());
-
- com.sun.net.ssl.TrustManagerFactory tmf;
- tmf = com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
- same(p, tmf.getProvider());
- tmf = com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509", "SunJSSE");
- same(p, tmf.getProvider());
- tmf = com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509", p);
- same(p, tmf.getProvider());
- }
-
}
--- a/test/jdk/javax/net/ssl/SSLSession/CheckMyTrustedKeystore.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,407 +0,0 @@
-/*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-// SunJSSE does not support dynamic system properties, no way to re-use
-// system properties in samevm/agentvm mode.
-
-/*
- * @test
- * @bug 4329114
- * @summary Need better way of reflecting the reason when a chain is
- * rejected as untrusted.
- * @modules java.base/com.sun.net.ssl
- * @ignore JSSE supports algorithm constraints with CR 6916074,
- * need to update this test case in JDK 7 soon
- * @run main/othervm CheckMyTrustedKeystore
- *
- * @author Brad Wetmore
- */
-
-// This is a serious hack job!
-
-import java.io.*;
-import java.net.*;
-import java.security.*;
-import javax.net.ssl.*;
-import java.security.cert.*;
-
-public class CheckMyTrustedKeystore {
-
- /*
- * =============================================================
- * Set the various variables needed for the tests, then
- * specify what tests to run on each side.
- */
-
- /*
- * Should we run the client or server in a separate thread?
- * Both sides can throw exceptions, but do you have a preference
- * as to which side should be the main thread.
- */
- static boolean separateServerThread = true;
-
- /*
- * Where do we find the keystores?
- */
- final static String pathToStores = "../etc";
- final static String keyStoreFile = "keystore";
- final static String trustStoreFile = "truststore";
- final static String unknownStoreFile = "unknown_keystore";
- final static String passwd = "passphrase";
- final static char[] cpasswd = "passphrase".toCharArray();
-
- /*
- * Is the server ready to serve?
- */
- volatile static boolean serverReady = false;
-
- /*
- * Turn on SSL debugging?
- */
- final static boolean debug = false;
-
- /*
- * If the client or server is doing some kind of object creation
- * that the other side depends on, and that thread prematurely
- * exits, you may experience a hang. The test harness will
- * terminate all hung threads after its timeout has expired,
- * currently 3 minutes by default, but you might try to be
- * smart about it....
- */
-
- /*
- * Define the server side of the test.
- *
- * If the server prematurely exits, serverReady will be set to true
- * to avoid infinite hangs.
- */
- void doServerSide() throws Exception {
- KeyStore ks = KeyStore.getInstance("JKS");
- com.sun.net.ssl.SSLContext ctx =
- com.sun.net.ssl.SSLContext.getInstance("TLS");
- com.sun.net.ssl.KeyManagerFactory kmf =
- com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
-
- ks.load(new FileInputStream(keyFilename), cpasswd);
- kmf.init(ks, cpasswd);
-
- com.sun.net.ssl.TrustManager [] tms =
- new com.sun.net.ssl.TrustManager []
- { new MyComX509TrustManager() };
-
- ctx.init(kmf.getKeyManagers(), tms, null);
-
- SSLServerSocketFactory sslssf =
- (SSLServerSocketFactory) ctx.getServerSocketFactory();
-
- SSLServerSocket sslServerSocket =
- (SSLServerSocket) sslssf.createServerSocket(serverPort);
- serverPort = sslServerSocket.getLocalPort();
-
- sslServerSocket.setNeedClientAuth(true);
-
- /*
- * Create using the other type.
- */
- SSLContext ctx1 =
- SSLContext.getInstance("TLS");
- KeyManagerFactory kmf1 =
- KeyManagerFactory.getInstance("SunX509");
-
- TrustManager [] tms1 =
- new TrustManager []
- { new MyJavaxX509TrustManager() };
-
- kmf1.init(ks, cpasswd);
-
- ctx1.init(kmf1.getKeyManagers(), tms1, null);
-
- sslssf = (SSLServerSocketFactory) ctx1.getServerSocketFactory();
-
- SSLServerSocket sslServerSocket1 =
- (SSLServerSocket) sslssf.createServerSocket(serverPort1);
- serverPort1 = sslServerSocket1.getLocalPort();
- sslServerSocket1.setNeedClientAuth(true);
-
- /*
- * Signal Client, we're ready for his connect.
- */
- serverReady = true;
-
- SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
- sslServerSocket.close();
- serverReady = false;
-
- InputStream sslIS = sslSocket.getInputStream();
- OutputStream sslOS = sslSocket.getOutputStream();
-
- sslIS.read();
- sslOS.write(85);
- sslOS.flush();
- sslSocket.close();
-
- sslSocket = (SSLSocket) sslServerSocket1.accept();
- sslIS = sslSocket.getInputStream();
- sslOS = sslSocket.getOutputStream();
-
- sslIS.read();
- sslOS.write(85);
- sslOS.flush();
- sslSocket.close();
-
- System.out.println("Server exiting!");
- System.out.flush();
- }
-
- void doTest(SSLSocket sslSocket) throws Exception {
- InputStream sslIS = sslSocket.getInputStream();
- OutputStream sslOS = sslSocket.getOutputStream();
-
- System.out.println(" Writing");
- sslOS.write(280);
- sslOS.flush();
- System.out.println(" Reading");
- sslIS.read();
-
- sslSocket.close();
- }
-
- /*
- * Define the client side of the test.
- *
- * If the server prematurely exits, serverReady will be set to true
- * to avoid infinite hangs.
- */
- void doClientSide() throws Exception {
-
- /*
- * Wait for server to get started.
- */
- while (!serverReady) {
- Thread.sleep(50);
- }
-
- /*
- * See if an unknown keystore actually gets checked ok.
- */
- System.out.println("==============");
- System.out.println("Starting test0");
- KeyStore uks = KeyStore.getInstance("JKS");
- SSLContext ctx =
- SSLContext.getInstance("TLS");
- KeyManagerFactory kmf =
- KeyManagerFactory.getInstance("SunX509");
-
- uks.load(new FileInputStream(unknownFilename), cpasswd);
- kmf.init(uks, cpasswd);
-
- TrustManager [] tms = new TrustManager []
- { new MyJavaxX509TrustManager() };
-
- ctx.init(kmf.getKeyManagers(), tms, null);
-
- SSLSocketFactory sslsf =
- (SSLSocketFactory) ctx.getSocketFactory();
-
- System.out.println("Trying first socket " + serverPort);
- SSLSocket sslSocket = (SSLSocket)
- sslsf.createSocket("localhost", serverPort);
-
- doTest(sslSocket);
-
- /*
- * Now try the other way.
- */
- com.sun.net.ssl.SSLContext ctx1 =
- com.sun.net.ssl.SSLContext.getInstance("TLS");
- com.sun.net.ssl.KeyManagerFactory kmf1 =
- com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
- kmf1.init(uks, cpasswd);
-
- com.sun.net.ssl.TrustManager [] tms1 =
- new com.sun.net.ssl.TrustManager []
- { new MyComX509TrustManager() };
-
- ctx1.init(kmf1.getKeyManagers(), tms1, null);
-
- sslsf = (SSLSocketFactory) ctx1.getSocketFactory();
-
- System.out.println("Trying second socket " + serverPort1);
- sslSocket = (SSLSocket) sslsf.createSocket("localhost",
- serverPort1);
-
- doTest(sslSocket);
- System.out.println("Completed test1");
- }
-
- /*
- * =============================================================
- * The remainder is just support stuff
- */
-
- int serverPort = 0;
- int serverPort1 = 0;
-
- volatile Exception serverException = null;
- volatile Exception clientException = null;
-
- final static String keyFilename =
- System.getProperty("test.src", "./") + "/" + pathToStores +
- "/" + keyStoreFile;
- final static String unknownFilename =
- System.getProperty("test.src", "./") + "/" + pathToStores +
- "/" + unknownStoreFile;
-
- public static void main(String[] args) throws Exception {
-
- if (debug)
- System.setProperty("javax.net.debug", "all");
-
- /*
- * Start the tests.
- */
- new CheckMyTrustedKeystore();
- }
-
- Thread clientThread = null;
- Thread serverThread = null;
-
- /*
- * Primary constructor, used to drive remainder of the test.
- *
- * Fork off the other side, then do your work.
- */
- CheckMyTrustedKeystore() throws Exception {
- if (separateServerThread) {
- startServer(true);
- startClient(false);
- } else {
- startClient(true);
- startServer(false);
- }
-
- /*
- * Wait for other side to close down.
- */
- if (separateServerThread) {
- serverThread.join();
- } else {
- clientThread.join();
- }
-
- /*
- * When we get here, the test is pretty much over.
- *
- * If the main thread excepted, that propagates back
- * immediately. If the other thread threw an exception, we
- * should report back.
- */
- if (serverException != null) {
- System.out.print("Server Exception:");
- throw serverException;
- }
- if (clientException != null) {
- System.out.print("Client Exception:");
- throw clientException;
- }
- }
-
- void startServer(boolean newThread) throws Exception {
- if (newThread) {
- serverThread = new Thread() {
- public void run() {
- try {
- doServerSide();
- } catch (Exception e) {
- /*
- * Our server thread just died.
- *
- * Release the client, if not active already...
- */
- System.err.println("Server died...");
- serverReady = true;
- serverException = e;
- }
- }
- };
- serverThread.start();
- } else {
- doServerSide();
- }
- }
-
- void startClient(boolean newThread) throws Exception {
- if (newThread) {
- clientThread = new Thread() {
- public void run() {
- try {
- doClientSide();
- } catch (Exception e) {
- /*
- * Our client thread just died.
- */
- System.err.println("Client died...");
- clientException = e;
- }
- }
- };
- clientThread.start();
- } else {
- doClientSide();
- }
- }
-}
-
-class MyComX509TrustManager implements com.sun.net.ssl.X509TrustManager {
-
- public X509Certificate[] getAcceptedIssuers() {
- return (new X509Certificate[0]);
- }
-
- public boolean isClientTrusted(X509Certificate[] chain) {
- System.out.println(" IsClientTrusted?");
- return true;
- }
-
- public boolean isServerTrusted(X509Certificate[] chain) {
- System.out.println(" IsServerTrusted?");
- return true;
- }
-}
-
-class MyJavaxX509TrustManager implements X509TrustManager {
-
- public X509Certificate[] getAcceptedIssuers() {
- return (new X509Certificate[0]);
- }
-
- public void checkClientTrusted(X509Certificate[] chain, String authType)
- throws CertificateException {
- System.out.println(" CheckClientTrusted(" + authType + ")?");
- }
-
- public void checkServerTrusted(X509Certificate[] chain, String authType)
- throws CertificateException {
- System.out.println(" CheckServerTrusted(" + authType + ")?");
- }
-}
--- a/test/jdk/sun/net/www/protocol/https/HttpsURLConnection/CheckMethods.java Fri Mar 01 08:14:29 2019 -0500
+++ b/test/jdk/sun/net/www/protocol/https/HttpsURLConnection/CheckMethods.java Fri Mar 01 08:35:14 2019 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,13 +26,12 @@
* @bug 4423074
* @summary Need to rebase all the duplicated classes from Merlin.
* This test will check out http POST
- * @modules java.base/sun.net.www.protocol.https java.base/com.sun.net.ssl.internal.www.protocol.https
+ * @modules java.base/sun.net.www.protocol.https
*/
import java.net.*;
import java.util.*;
import java.lang.reflect.*;
import sun.net.www.protocol.https.HttpsURLConnectionImpl;
-import com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl;
public class CheckMethods {
static boolean debug = false;
@@ -85,9 +84,8 @@
}
}
- // check HttpsURLConnectionImpl and HttpsURLConnectionOldImpl
- // contain all public and protected methods defined in
- // HttpURLConnection and URLConnection
+ // check HttpsURLConnectionImpl contain all public and protected methods
+ // defined in HttpURLConnection and URLConnection
public static void main(String[] args) {
ArrayList allMethods = new ArrayList(
Arrays.asList(HttpURLConnection.class.getDeclaredMethods()));
@@ -121,24 +119,6 @@
throw new RuntimeException("Method definition test failed on HttpsURLConnectionImpl");
}
- // testing HttpsURLConnectionOldImpl
- List httpsOldMethods =
- Arrays.asList(HttpsURLConnectionOldImpl.class.getDeclaredMethods());
-
- ArrayList httpsOldMethodSignatures = new ArrayList();
- for (Iterator itr = httpsOldMethods.iterator(); itr.hasNext(); ) {
- Method m = (Method)itr.next();
- if (!Modifier.isStatic(m.getModifiers())) {
- httpsOldMethodSignatures.add(
- new MethodSignature(m.getName(), m.getParameterTypes()));
- }
- }
-
- if (!httpsOldMethodSignatures.containsAll(allMethodSignatures)) {
- throw new RuntimeException("Method definition test failed" +
- " on HttpsURLConnectionOldImpl");
- }
-
// testing for non static public field
ArrayList allFields = new ArrayList(
Arrays.asList(URLConnection.class.getFields()));
--- a/test/jdk/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,393 +0,0 @@
-/*
- * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 4474255
- * @summary Can no longer obtain a com.sun.net.ssl.HttpsURLConnection
- * @modules java.base/com.sun.net.ssl
- * java.base/com.sun.net.ssl.internal.www.protocol.https
- * @run main/othervm ComHTTPSConnection
- *
- * SunJSSE does not support dynamic system properties, no way to re-use
- * system properties in samevm/agentvm mode.
- * @author Brad Wetmore
- */
-
-import java.io.*;
-import java.net.*;
-import java.security.cert.Certificate;
-import javax.net.ssl.*;
-import com.sun.net.ssl.HostnameVerifier;
-import com.sun.net.ssl.HttpsURLConnection;
-
-/**
- * See if we can obtain a com.sun.net.ssl.HttpsURLConnection,
- * and then play with it a bit.
- */
-public class ComHTTPSConnection {
-
- /*
- * =============================================================
- * Set the various variables needed for the tests, then
- * specify what tests to run on each side.
- */
-
- /*
- * Should we run the client or server in a separate thread?
- * Both sides can throw exceptions, but do you have a preference
- * as to which side should be the main thread.
- */
- static boolean separateServerThread = true;
-
- /*
- * Where do we find the keystores?
- */
- static String pathToStores = "../../../../../../javax/net/ssl/etc";
- static String keyStoreFile = "keystore";
- static String trustStoreFile = "truststore";
- static String passwd = "passphrase";
-
- /*
- * Is the server ready to serve?
- */
- volatile static boolean serverReady = false;
-
- /*
- * Turn on SSL debugging?
- */
- static boolean debug = false;
-
- /*
- * If the client or server is doing some kind of object creation
- * that the other side depends on, and that thread prematurely
- * exits, you may experience a hang. The test harness will
- * terminate all hung threads after its timeout has expired,
- * currently 3 minutes by default, but you might try to be
- * smart about it....
- */
-
- /**
- * Returns the path to the file obtained from
- * parsing the HTML header.
- */
- private static String getPath(DataInputStream in)
- throws IOException
- {
- String line = in.readLine();
- String path = "";
- // extract class from GET line
- if (line.startsWith("GET /")) {
- line = line.substring(5, line.length()-1).trim();
- int index = line.indexOf(' ');
- if (index != -1) {
- path = line.substring(0, index);
- }
- }
-
- // eat the rest of header
- do {
- line = in.readLine();
- } while ((line.length() != 0) &&
- (line.charAt(0) != '\r') && (line.charAt(0) != '\n'));
-
- if (path.length() != 0) {
- return path;
- } else {
- throw new IOException("Malformed Header");
- }
- }
-
- /**
- * Returns an array of bytes containing the bytes for
- * the file represented by the argument <b>path</b>.
- *
- * In our case, we just pretend to send something back.
- *
- * @return the bytes for the file
- * @exception FileNotFoundException if the file corresponding
- * to <b>path</b> could not be loaded.
- */
- private byte[] getBytes(String path)
- throws IOException
- {
- return "Hello world, I am here".getBytes();
- }
-
- /*
- * Define the server side of the test.
- *
- * If the server prematurely exits, serverReady will be set to true
- * to avoid infinite hangs.
- */
- void doServerSide() throws Exception {
-
- SSLServerSocketFactory sslssf =
- (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
- SSLServerSocket sslServerSocket =
- (SSLServerSocket) sslssf.createServerSocket(serverPort);
- serverPort = sslServerSocket.getLocalPort();
-
- /*
- * Signal Client, we're ready for his connect.
- */
- serverReady = true;
-
- SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
- DataOutputStream out =
- new DataOutputStream(sslSocket.getOutputStream());
-
- try {
- // get path to class file from header
- DataInputStream in =
- new DataInputStream(sslSocket.getInputStream());
- String path = getPath(in);
- // retrieve bytecodes
- byte[] bytecodes = getBytes(path);
- // send bytecodes in response (assumes HTTP/1.0 or later)
- try {
- out.writeBytes("HTTP/1.0 200 OK\r\n");
- out.writeBytes("Content-Length: " + bytecodes.length + "\r\n");
- out.writeBytes("Content-Type: text/html\r\n\r\n");
- out.write(bytecodes);
- out.flush();
- } catch (IOException ie) {
- ie.printStackTrace();
- return;
- }
-
- } catch (Exception e) {
- e.printStackTrace();
- // write out error response
- out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
- out.writeBytes("Content-Type: text/html\r\n\r\n");
- out.flush();
- } finally {
- // close the socket
- System.out.println("Server closing socket");
- sslSocket.close();
- serverReady = false;
- }
- }
-
- private static class ComSunHTTPSHandlerFactory implements URLStreamHandlerFactory {
- private static String SUPPORTED_PROTOCOL = "https";
-
- public URLStreamHandler createURLStreamHandler(String protocol) {
- if (!protocol.equalsIgnoreCase(SUPPORTED_PROTOCOL))
- return null;
-
- return new com.sun.net.ssl.internal.www.protocol.https.Handler();
- }
- }
-
- /*
- * Define the client side of the test.
- *
- * If the server prematurely exits, serverReady will be set to true
- * to avoid infinite hangs.
- */
- void doClientSide() throws Exception {
- /*
- * Wait for server to get started.
- */
- while (!serverReady) {
- Thread.sleep(50);
- }
-
- HostnameVerifier reservedHV =
- HttpsURLConnection.getDefaultHostnameVerifier();
- try {
- URL.setURLStreamHandlerFactory(new ComSunHTTPSHandlerFactory());
- HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
-
- URL url = new URL("https://" + "localhost:" + serverPort +
- "/etc/hosts");
- URLConnection urlc = url.openConnection();
-
- if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) {
- throw new Exception(
- "URLConnection ! instanceof " +
- "com.sun.net.ssl.HttpsURLConnection");
- }
-
- BufferedReader in = null;
- try {
- in = new BufferedReader(new InputStreamReader(
- urlc.getInputStream()));
- String inputLine;
- System.out.print("Client reading... ");
- while ((inputLine = in.readLine()) != null)
- System.out.println(inputLine);
-
- System.out.println("Cipher Suite: " +
- ((HttpsURLConnection)urlc).getCipherSuite());
- Certificate[] certs =
- ((HttpsURLConnection)urlc).getServerCertificates();
- for (int i = 0; i < certs.length; i++) {
- System.out.println(certs[0]);
- }
-
- in.close();
- } catch (SSLException e) {
- if (in != null)
- in.close();
- throw e;
- }
- System.out.println("Client reports: SUCCESS");
- } finally {
- HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
- }
- }
-
- static class NameVerifier implements HostnameVerifier {
- public boolean verify(String urlHostname,
- String certHostname) {
- System.out.println(
- "CertificateHostnameVerifier: " + urlHostname + " == "
- + certHostname + " returning true");
- return true;
- }
- }
-
- /*
- * =============================================================
- * The remainder is just support stuff
- */
-
- // use any free port by default
- volatile int serverPort = 0;
-
- volatile Exception serverException = null;
- volatile Exception clientException = null;
-
- public static void main(String[] args) throws Exception {
- String keyFilename =
- System.getProperty("test.src", "./") + "/" + pathToStores +
- "/" + keyStoreFile;
- String trustFilename =
- System.getProperty("test.src", "./") + "/" + pathToStores +
- "/" + trustStoreFile;
-
- System.setProperty("javax.net.ssl.keyStore", keyFilename);
- System.setProperty("javax.net.ssl.keyStorePassword", passwd);
- System.setProperty("javax.net.ssl.trustStore", trustFilename);
- System.setProperty("javax.net.ssl.trustStorePassword", passwd);
-
- if (debug)
- System.setProperty("javax.net.debug", "all");
-
- /*
- * Start the tests.
- */
- new ComHTTPSConnection();
- }
-
- Thread clientThread = null;
- Thread serverThread = null;
-
- /*
- * Primary constructor, used to drive remainder of the test.
- *
- * Fork off the other side, then do your work.
- */
- ComHTTPSConnection() throws Exception {
- if (separateServerThread) {
- startServer(true);
- startClient(false);
- } else {
- startClient(true);
- startServer(false);
- }
-
- /*
- * Wait for other side to close down.
- */
- if (separateServerThread) {
- serverThread.join();
- } else {
- clientThread.join();
- }
-
- /*
- * When we get here, the test is pretty much over.
- *
- * If the main thread excepted, that propagates back
- * immediately. If the other thread threw an exception, we
- * should report back.
- */
- if (serverException != null) {
- System.out.print("Server Exception:");
- throw serverException;
- }
- if (clientException != null) {
- System.out.print("Client Exception:");
- throw clientException;
- }
- }
-
- void startServer(boolean newThread) throws Exception {
- if (newThread) {
- serverThread = new Thread() {
- public void run() {
- try {
- doServerSide();
- } catch (Exception e) {
- /*
- * Our server thread just died.
- *
- * Release the client, if not active already...
- */
- System.err.println("Server died...");
- serverReady = true;
- serverException = e;
- }
- }
- };
- serverThread.start();
- } else {
- doServerSide();
- }
- }
-
- void startClient(boolean newThread) throws Exception {
- if (newThread) {
- clientThread = new Thread() {
- public void run() {
- try {
- doClientSide();
- } catch (Exception e) {
- /*
- * Our client thread just died.
- */
- System.err.println("Client died...");
- clientException = e;
- }
- }
- };
- clientThread.start();
- } else {
- doClientSide();
- }
- }
-}
--- a/test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,362 +0,0 @@
-/*
- * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-// SunJSSE does not support dynamic system properties, no way to re-use
-// system properties in samevm/agentvm mode.
-
-/*
- * @test
- * @bug 4474255 4484246
- * @summary When an application enables anonymous SSL cipher suite,
- * Hostname verification is not required
- * @modules java.base/com.sun.net.ssl
- * java.base/com.sun.net.ssl.internal.www.protocol.https
- * @run main/othervm ComHostnameVerifier
- */
-
-import java.io.*;
-import java.net.*;
-import java.security.Security;
-import javax.net.ssl.*;
-import javax.security.cert.*;
-import com.sun.net.ssl.HostnameVerifier;
-import com.sun.net.ssl.HttpsURLConnection;
-
-/**
- * Use com.net.net.ssl.HostnameVerifier
- */
-public class ComHostnameVerifier {
-
- /*
- * =============================================================
- * Set the various variables needed for the tests, then
- * specify what tests to run on each side.
- */
-
- /*
- * Should we run the client or server in a separate thread?
- * Both sides can throw exceptions, but do you have a preference
- * as to which side should be the main thread.
- */
- static boolean separateServerThread = true;
-
- /*
- * Is the server ready to serve?
- */
- volatile static boolean serverReady = false;
-
- /*
- * Turn on SSL debugging?
- */
- static boolean debug = false;
-
- /*
- * If the client or server is doing some kind of object creation
- * that the other side depends on, and that thread prematurely
- * exits, you may experience a hang. The test harness will
- * terminate all hung threads after its timeout has expired,
- * currently 3 minutes by default, but you might try to be
- * smart about it....
- */
-
- /**
- * Returns the path to the file obtained from
- * parsing the HTML header.
- */
- private static String getPath(DataInputStream in)
- throws IOException
- {
- String line = in.readLine();
- if (line == null)
- return null;
- String path = "";
- // extract class from GET line
- if (line.startsWith("GET /")) {
- line = line.substring(5, line.length()-1).trim();
- int index = line.indexOf(' ');
- if (index != -1) {
- path = line.substring(0, index);
- }
- }
-
- // eat the rest of header
- do {
- line = in.readLine();
- } while ((line.length() != 0) &&
- (line.charAt(0) != '\r') && (line.charAt(0) != '\n'));
-
- if (path.length() != 0) {
- return path;
- } else {
- throw new IOException("Malformed Header");
- }
- }
-
- /**
- * Returns an array of bytes containing the bytes for
- * the file represented by the argument <b>path</b>.
- *
- * In our case, we just pretend to send something back.
- *
- * @return the bytes for the file
- * @exception FileNotFoundException if the file corresponding
- * to <b>path</b> could not be loaded.
- */
- private byte[] getBytes(String path)
- throws IOException
- {
- return "Hello world, I am here".getBytes();
- }
-
- /*
- * Define the server side of the test.
- *
- * If the server prematurely exits, serverReady will be set to true
- * to avoid infinite hangs.
- */
- void doServerSide() throws Exception {
-
- SSLServerSocketFactory sslssf =
- (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
- SSLServerSocket sslServerSocket =
- (SSLServerSocket) sslssf.createServerSocket(serverPort);
- serverPort = sslServerSocket.getLocalPort();
-
- String ciphers[]= { "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" };
- sslServerSocket.setEnabledCipherSuites(ciphers);
-
- /*
- * Signal Client, we're ready for his connect.
- */
- serverReady = true;
-
- SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
- DataOutputStream out =
- new DataOutputStream(sslSocket.getOutputStream());
-
- try {
- // get path to class file from header
- DataInputStream in =
- new DataInputStream(sslSocket.getInputStream());
- String path = getPath(in);
- // retrieve bytecodes
- byte[] bytecodes = getBytes(path);
- // send bytecodes in response (assumes HTTP/1.0 or later)
- try {
- out.writeBytes("HTTP/1.0 200 OK\r\n");
- out.writeBytes("Content-Length: " + bytecodes.length + "\r\n");
- out.writeBytes("Content-Type: text/html\r\n\r\n");
- out.write(bytecodes);
- out.flush();
- } catch (IOException ie) {
- ie.printStackTrace();
- return;
- }
-
- } catch (Exception e) {
- e.printStackTrace();
- // write out error response
- out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
- out.writeBytes("Content-Type: text/html\r\n\r\n");
- out.flush();
- } finally {
- // close the socket
- System.out.println("Server closing socket");
- sslSocket.close();
- serverReady = false;
- }
- }
-
- private static class ComSunHTTPSHandlerFactory implements URLStreamHandlerFactory {
- private static String SUPPORTED_PROTOCOL = "https";
-
- public URLStreamHandler createURLStreamHandler(String protocol) {
- if (!protocol.equalsIgnoreCase(SUPPORTED_PROTOCOL))
- return null;
-
- return new com.sun.net.ssl.internal.www.protocol.https.Handler();
- }
- }
-
- /*
- * Define the client side of the test.
- *
- * If the server prematurely exits, serverReady will be set to true
- * to avoid infinite hangs.
- */
- void doClientSide() throws Exception {
- /*
- * Wait for server to get started.
- */
- while (!serverReady) {
- Thread.sleep(50);
- }
-
- URL.setURLStreamHandlerFactory(new ComSunHTTPSHandlerFactory());
-
- System.setProperty("https.cipherSuites",
- "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
-
- // use the default hostname verifier
-
- URL url = new URL("https://" + "localhost:" + serverPort +
- "/etc/hosts");
- URLConnection urlc = url.openConnection();
-
- if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) {
- throw new Exception(
- "URLConnection ! instanceof " +
- "com.sun.net.ssl.HttpsURLConnection");
- }
-
- BufferedReader in = null;
- try {
- in = new BufferedReader(new InputStreamReader(
- urlc.getInputStream()));
- String inputLine;
- System.out.print("Client reading... ");
- while ((inputLine = in.readLine()) != null)
- System.out.println(inputLine);
- System.out.println("Cipher Suite: " +
- ((HttpsURLConnection)urlc).getCipherSuite());
- in.close();
- } catch (SSLException e) {
- if (in != null)
- in.close();
- throw e;
- }
- System.out.println("Client reports: SUCCESS");
- }
-
- /*
- * =============================================================
- * The remainder is just support stuff
- */
-
- // use any free port by default
- volatile int serverPort = 0;
-
- volatile Exception serverException = null;
- volatile Exception clientException = null;
-
- public static void main(String[] args) throws Exception {
- // re-enable 3DES
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
-
- if (debug)
- System.setProperty("javax.net.debug", "all");
-
- /*
- * Start the tests.
- */
- new ComHostnameVerifier();
- }
-
- Thread clientThread = null;
- Thread serverThread = null;
-
- /*
- * Primary constructor, used to drive remainder of the test.
- *
- * Fork off the other side, then do your work.
- */
- ComHostnameVerifier() throws Exception {
- if (separateServerThread) {
- startServer(true);
- startClient(false);
- } else {
- startClient(true);
- startServer(false);
- }
-
- /*
- * Wait for other side to close down.
- */
- if (separateServerThread) {
- serverThread.join();
- } else {
- clientThread.join();
- }
-
- /*
- * When we get here, the test is pretty much over.
- *
- * If the main thread excepted, that propagates back
- * immediately. If the other thread threw an exception, we
- * should report back.
- */
- if (serverException != null) {
- System.out.print("Server Exception:");
- throw serverException;
- }
- if (clientException != null) {
- System.out.print("Client Exception:");
- throw clientException;
- }
- }
-
- void startServer(boolean newThread) throws Exception {
- if (newThread) {
- serverThread = new Thread() {
- public void run() {
- try {
- doServerSide();
- } catch (Exception e) {
- /*
- * Our server thread just died.
- *
- * Release the client, if not active already...
- */
- System.err.println("Server died...");
- serverReady = true;
- serverException = e;
- }
- }
- };
- serverThread.start();
- } else {
- doServerSide();
- }
- }
-
- void startClient(boolean newThread) throws Exception {
- if (newThread) {
- clientThread = new Thread() {
- public void run() {
- try {
- doClientSide();
- } catch (Exception e) {
- /*
- * Our client thread just died.
- */
- System.err.println("Client died...");
- clientException = e;
- }
- }
- };
- clientThread.start();
- } else {
- doClientSide();
- }
- }
-}
--- a/test/jdk/sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java Fri Mar 01 08:14:29 2019 -0500
+++ b/test/jdk/sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java Fri Mar 01 08:35:14 2019 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,6 @@
* @summary unspecified exceptions in X509TrustManager.checkClient[Server]Truste
d
* @author Xuelei Fan
- * @modules java.base/com.sun.net.ssl.internal.ssl
*/
import java.io.*;
@@ -37,8 +36,6 @@
import java.security.*;
import java.util.Enumeration;
-import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager;
-
public class CheckNullEntity {
/*
@@ -157,7 +154,7 @@
if (trustManager instanceof X509ExtendedTrustManager) {
try {
((X509ExtendedTrustManager)trustManager).checkClientTrusted(
- certChain, (String)null, "localhost", null);
+ certChain, (String)null, (Socket)null);
} catch (IllegalArgumentException iae) {
// get the right exception
extFailed >>= 1;
@@ -165,7 +162,7 @@
try {
((X509ExtendedTrustManager)trustManager).checkServerTrusted(
- certChain, (String)null, "localhost", null);
+ certChain, (String)null, (Socket)null);
} catch (IllegalArgumentException iae) {
// get the right exception
extFailed >>= 1;
@@ -173,7 +170,7 @@
try {
((X509ExtendedTrustManager)trustManager).checkClientTrusted(
- certChain, "", "localhost", null);
+ certChain, "", (Socket)null);
} catch (IllegalArgumentException iae) {
// get the right exception
extFailed >>= 1;
@@ -181,7 +178,7 @@
try {
((X509ExtendedTrustManager)trustManager).checkServerTrusted(
- certChain, "", "localhost", null);
+ certChain, "", (Socket)null);
} catch (IllegalArgumentException iae) {
// get the right exception
extFailed >>= 1;
@@ -189,7 +186,7 @@
try {
((X509ExtendedTrustManager)trustManager).checkClientTrusted(
- null, authType, "localhost", null);
+ null, authType, (Socket)null);
} catch (IllegalArgumentException iae) {
// get the right exception
extFailed >>= 1;
@@ -197,7 +194,7 @@
try {
((X509ExtendedTrustManager)trustManager).checkServerTrusted(
- null, authType, "localhost", null);
+ null, authType, (Socket)null);
} catch (IllegalArgumentException iae) {
// get the right exception
extFailed >>= 1;
--- a/test/jdk/sun/security/ssl/X509TrustManagerImpl/ClientServer.java Fri Mar 01 08:14:29 2019 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,365 +0,0 @@
-/*
- * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 4717766
- * @author Brad Wetmore
- * @summary 1.0.3 JsseX509TrustManager erroneously calls isClientTrusted()
- * @modules java.base/com.sun.net.ssl
- * @run main/manual ClientServer
- */
-
-/*
- * SunJSSE does not support dynamic system properties, no way to re-use
- * system properties in samevm/agentvm mode.
- *
- * JSSE supports algorithm constraints with CR 6916074, need to update
- * this test case in JDK 7 soon.
- *
- * This problem didn't exist in JSSE 1.4, only JSSE 1.0.3. However,
- * this is a useful test, so I decided to include it in 1.4.2.
- */
-
-import java.io.*;
-import java.net.*;
-import javax.net.ssl.*;
-import java.security.cert.*;
-import java.security.*;
-import com.sun.net.ssl.*;
-
-public class ClientServer {
-
- /*
- * =============================================================
- * Set the various variables needed for the tests, then
- * specify what tests to run on each side.
- */
-
- /*
- * Should we run the client or server in a separate thread?
- * Both sides can throw exceptions, but do you have a preference
- * as to which side should be the main thread.
- */
- static boolean separateServerThread = true;
-
- /*
- * Where do we find the keystores?
- */
- static String pathToStores = "../../../../javax/net/ssl/etc";
- static String keyStoreFile = "keystore";
- static String trustStoreFile = "truststore";
- static String passwd = "passphrase";
-
- /*
- * Is the server ready to serve?
- */
- volatile static boolean serverReady = false;
-
- /*
- * Turn on SSL debugging?
- */
- static boolean debug = false;
-
- /*
- * If the client or server is doing some kind of object creation
- * that the other side depends on, and that thread prematurely
- * exits, you may experience a hang. The test harness will
- * terminate all hung threads after its timeout has expired,
- * currently 3 minutes by default, but you might try to be
- * smart about it....
- */
-
- /*
- * Define the server side of the test.
- *
- * If the server prematurely exits, serverReady will be set to true
- * to avoid infinite hangs.
- */
- void doServerSide() throws Exception {
- SSLServerSocketFactory sslssf = getDefaultServer();
- SSLServerSocket sslServerSocket =
- (SSLServerSocket) sslssf.createServerSocket(serverPort);
- serverPort = sslServerSocket.getLocalPort();
-
- /*
- * Signal Client, we're ready for his connect.
- */
- serverReady = true;
-
- SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
- sslSocket.setNeedClientAuth(true);
- InputStream sslIS = sslSocket.getInputStream();
- OutputStream sslOS = sslSocket.getOutputStream();
-
- sslIS.read();
- sslOS.write(85);
- sslOS.flush();
-
- sslSocket.close();
-
- if (!serverTM.wasServerChecked() && serverTM.wasClientChecked()) {
- System.out.println("SERVER TEST PASSED!");
- } else {
- throw new Exception("SERVER TEST FAILED! " +
- !serverTM.wasServerChecked() + " " +
- serverTM.wasClientChecked());
- }
- }
-
- /*
- * Define the client side of the test.
- *
- * If the server prematurely exits, serverReady will be set to true
- * to avoid infinite hangs.
- */
- void doClientSide() throws Exception {
-
- /*
- * Wait for server to get started.
- */
- while (!serverReady) {
- Thread.sleep(50);
- }
-
- SSLSocketFactory sslsf = getDefaultClient();
- SSLSocket sslSocket = (SSLSocket)
- sslsf.createSocket("localhost", serverPort);
-
- InputStream sslIS = sslSocket.getInputStream();
- OutputStream sslOS = sslSocket.getOutputStream();
-
- sslOS.write(280);
- sslOS.flush();
- sslIS.read();
-
- sslSocket.close();
-
- if (clientTM.wasServerChecked() && !clientTM.wasClientChecked()) {
- System.out.println("CLIENT TEST PASSED!");
- } else {
- throw new Exception("CLIENT TEST FAILED! " +
- clientTM.wasServerChecked() + " " +
- !clientTM.wasClientChecked());
- }
- }
-
- private com.sun.net.ssl.SSLContext getDefault(MyX509TM tm)
- throws Exception {
-
- String keyFilename =
- System.getProperty("test.src", "./") + "/" + pathToStores +
- "/" + keyStoreFile;
- String trustFilename =
- System.getProperty("test.src", "./") + "/" + pathToStores +
- "/" + trustStoreFile;
-
- char[] passphrase = "passphrase".toCharArray();
- KeyStore ks = KeyStore.getInstance("JKS");
- ks.load(new FileInputStream(keyFilename), passphrase);
-
- com.sun.net.ssl.KeyManagerFactory kmf =
- com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
- kmf.init(ks, passphrase);
-
- ks = KeyStore.getInstance("JKS");
- ks.load(new FileInputStream(trustFilename), passphrase);
-
- com.sun.net.ssl.TrustManagerFactory tmf =
- com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
- tmf.init(ks);
-
- com.sun.net.ssl.TrustManager [] tms = tmf.getTrustManagers();
-
- int i;
- for (i = 0; i < tms.length; i++) {
- if (tms[i] instanceof com.sun.net.ssl.X509TrustManager) {
- break;
- }
- }
-
- if (i >= tms.length) {
- throw new Exception("Couldn't find X509TM");
- }
-
- tm.init((com.sun.net.ssl.X509TrustManager)tms[i]);
- tms = new MyX509TM [] { tm };
-
- com.sun.net.ssl.SSLContext ctx =
- com.sun.net.ssl.SSLContext.getInstance("TLS");
- ctx.init(kmf.getKeyManagers(), tms, null);
- return ctx;
- }
-
- MyX509TM serverTM;
- MyX509TM clientTM;
-
- private SSLServerSocketFactory getDefaultServer() throws Exception {
- serverTM = new MyX509TM();
- return getDefault(serverTM).getServerSocketFactory();
- }
-
- private SSLSocketFactory getDefaultClient() throws Exception {
- clientTM = new MyX509TM();
- return getDefault(clientTM).getSocketFactory();
- }
-
- static class MyX509TM implements com.sun.net.ssl.X509TrustManager {
-
- com.sun.net.ssl.X509TrustManager tm;
- boolean clientChecked;
- boolean serverChecked;
-
- void init(com.sun.net.ssl.X509TrustManager x509TM) {
- tm = x509TM;
- }
-
- public boolean wasClientChecked() {
- return clientChecked;
- }
-
- public boolean wasServerChecked() {
- return serverChecked;
- }
-
- public boolean isClientTrusted(X509Certificate[] chain) {
- clientChecked = true;
- return true;
- }
-
- public boolean isServerTrusted(X509Certificate[] chain) {
- serverChecked = true;
- return true;
- }
-
- public X509Certificate[] getAcceptedIssuers() {
- return tm.getAcceptedIssuers();
- }
- }
-
- /*
- * =============================================================
- * The remainder is just support stuff
- */
-
- // use any free port by default
- volatile int serverPort = 0;
-
- volatile Exception serverException = null;
- volatile Exception clientException = null;
-
- public static void main(String[] args) throws Exception {
-
- if (debug)
- System.setProperty("javax.net.debug", "all");
-
- /*
- * Start the tests.
- */
- new ClientServer();
- }
-
- Thread clientThread = null;
- Thread serverThread = null;
-
- /*
- * Primary constructor, used to drive remainder of the test.
- *
- * Fork off the other side, then do your work.
- */
- ClientServer() throws Exception {
- if (separateServerThread) {
- startServer(true);
- startClient(false);
- } else {
- startClient(true);
- startServer(false);
- }
-
- /*
- * Wait for other side to close down.
- */
- if (separateServerThread) {
- serverThread.join();
- } else {
- clientThread.join();
- }
-
- /*
- * When we get here, the test is pretty much over.
- *
- * If the main thread excepted, that propagates back
- * immediately. If the other thread threw an exception, we
- * should report back.
- */
- if (serverException != null)
- throw serverException;
- if (clientException != null)
- throw clientException;
- }
-
- void startServer(boolean newThread) throws Exception {
- if (newThread) {
- serverThread = new Thread() {
- public void run() {
- try {
- doServerSide();
- } catch (Exception e) {
- /*
- * Our server thread just died.
- *
- * Release the client, if not active already...
- */
- System.err.println("Server died...");
- serverReady = true;
- serverException = e;
- }
- }
- };
- serverThread.start();
- } else {
- doServerSide();
- }
- }
-
- void startClient(boolean newThread) throws Exception {
- if (newThread) {
- clientThread = new Thread() {
- public void run() {
- try {
- doClientSide();
- } catch (Exception e) {
- /*
- * Our client thread just died.
- */
- System.err.println("Client died...");
- clientException = e;
- }
- }
- };
- clientThread.start();
- } else {
- doClientSide();
- }
- }
-}