8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029
authorxuelei
Wed, 25 Jul 2018 17:21:04 -0700
changeset 51244 d31dcfaa96f3
parent 51243 9e04723f53c7
child 51245 f095e3bc2d41
8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029 Reviewed-by: ascarpino
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
--- a/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java	Wed Jul 25 17:22:25 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java	Wed Jul 25 17:21:04 2018 -0700
@@ -71,32 +71,35 @@
 
     SSLAlgorithmConstraints(SSLSocket socket,
             boolean withDefaultCertPathConstraints) {
-        AlgorithmConstraints configuredConstraints = null;
-        if (socket != null) {
-            // Note that the KeyManager or TrustManager implementation may be
-            // not implemented in the same provider as SSLSocket/SSLEngine.
-            // Please check the instance before casting to use SSLSocketImpl.
-            if (socket instanceof SSLSocketImpl) {
-                HandshakeContext hc =
-                        ((SSLSocketImpl)socket).conContext.handshakeContext;
-                if (hc != null) {
-                    configuredConstraints = hc.sslConfig.algorithmConstraints;
-                } else {
-                    configuredConstraints = null;
-                }
-            } else {
-                configuredConstraints =
-                        socket.getSSLParameters().getAlgorithmConstraints();
-            }
-        }
-        this.userSpecifiedConstraints = configuredConstraints;
+        this.userSpecifiedConstraints = getConstraints(socket);
         this.peerSpecifiedConstraints = null;
         this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
     }
 
     SSLAlgorithmConstraints(SSLEngine engine,
             boolean withDefaultCertPathConstraints) {
-        AlgorithmConstraints configuredConstraints = null;
+        this.userSpecifiedConstraints = getConstraints(engine);
+        this.peerSpecifiedConstraints = null;
+        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
+    }
+
+    SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
+            boolean withDefaultCertPathConstraints) {
+        this.userSpecifiedConstraints = getConstraints(socket);
+        this.peerSpecifiedConstraints =
+                new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
+        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
+    }
+
+    SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
+            boolean withDefaultCertPathConstraints) {
+        this.userSpecifiedConstraints = getConstraints(engine);
+        this.peerSpecifiedConstraints =
+                new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
+        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
+    }
+
+    private static AlgorithmConstraints getConstraints(SSLEngine engine) {
         if (engine != null) {
             // Note that the KeyManager or TrustManager implementation may be
             // not implemented in the same provider as SSLSocket/SSLEngine.
@@ -105,60 +108,33 @@
                 HandshakeContext hc =
                         ((SSLEngineImpl)engine).conContext.handshakeContext;
                 if (hc != null) {
-                    configuredConstraints = hc.sslConfig.algorithmConstraints;
-                } else {
-                    configuredConstraints = null;
+                    return hc.sslConfig.algorithmConstraints;
                 }
             } else {
-                configuredConstraints =
-                        engine.getSSLParameters().getAlgorithmConstraints();
+                return engine.getSSLParameters().getAlgorithmConstraints();
             }
         }
-        this.userSpecifiedConstraints = configuredConstraints;
-        this.peerSpecifiedConstraints = null;
-        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
+
+        return null;
     }
 
-    SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
-            boolean withDefaultCertPathConstraints) {
-        AlgorithmConstraints configuredConstraints = null;
-        AlgorithmConstraints negotiatedConstraints = null;
+    private static AlgorithmConstraints getConstraints(SSLSocket socket) {
         if (socket != null) {
-            HandshakeContext hc =
-                    ((SSLSocketImpl)socket).conContext.handshakeContext;
-            if (hc != null) {
-                configuredConstraints = hc.sslConfig.algorithmConstraints;
+            // Note that the KeyManager or TrustManager implementation may be
+            // not implemented in the same provider as SSLSocket/SSLEngine.
+            // Please check the instance before casting to use SSLSocketImpl.
+            if (socket instanceof SSLSocketImpl) {
+                HandshakeContext hc =
+                        ((SSLSocketImpl)socket).conContext.handshakeContext;
+                if (hc != null) {
+                    return hc.sslConfig.algorithmConstraints;
+                }
             } else {
-                configuredConstraints = null;
+                return socket.getSSLParameters().getAlgorithmConstraints();
             }
-
-            negotiatedConstraints =
-                new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
         }
-        this.userSpecifiedConstraints = configuredConstraints;
-        this.peerSpecifiedConstraints = negotiatedConstraints;
-        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
-    }
 
-    SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
-            boolean withDefaultCertPathConstraints) {
-        AlgorithmConstraints configuredConstraints = null;
-        AlgorithmConstraints negotiatedConstraints = null;
-        if (engine != null) {
-            HandshakeContext hc =
-                    ((SSLEngineImpl)engine).conContext.handshakeContext;
-            if (hc != null) {
-                configuredConstraints = hc.sslConfig.algorithmConstraints;
-            } else {
-                configuredConstraints = null;
-            }
-
-            negotiatedConstraints =
-                new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
-        }
-        this.userSpecifiedConstraints = configuredConstraints;
-        this.peerSpecifiedConstraints = negotiatedConstraints;
-        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
+        return null;
     }
 
     @Override