8196584: TLS 1.3 Implementation

Co-authored-by: Adam Petcher <adam.petcher@oracle.com>
Co-authored-by: Amanda Jiang <amanda.jiang@oracle.com>
Co-authored-by: Anthony Scarpino <anthony.scarpino@oracle.com>
Co-authored-by: Bradford Wetmore <bradford.wetmore@oracle.com>
Co-authored-by: Jamil Nimeh <jamil.j.nimeh@oracle.com>
Co-authored-by: John Jiang <sha.jiang@oracle.com>
Co-authored-by: Rajan Halade <rajan.halade@oracle.com>
Co-authored-by: Sibabrata Sahoo <sibabrata.sahoo@oracle.com>
Co-authored-by: Valerie Peng <valerie.peng@oracle.com>
Co-authored-by: Weijun Wang <weijun.wang@oracle.com>
Reviewed-by: ascarpino, coffeys, dfuchs, jjiang, jnimeh, mullan, rhalade, ssahoo, valeriep, weijun, wetmore, xuelei

src/java.base/share/classes/com/sun/crypto/provider/TlsMasterSecretGenerator.java

@@ -95,7 +95,7 @@ public final class TlsMasterSecretGenerator extends KeyGeneratorSpi {
             premasterMajor = premaster[0] & 0xff;
             premasterMinor = premaster[1] & 0xff;
         } else {
-            // DH, KRB5, others
+            // DH, others
             premasterMajor = -1;
             premasterMinor = -1;
         }

src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java

@@ -113,27 +113,19 @@ class VerifierWrapper implements javax.net.ssl.HostnameVerifier {
      * In com.sun.net.ssl.HostnameVerifier the method is defined
      * as verify(String urlHostname, String certHostname).
      * This means we need to extract the hostname from the X.509 certificate
-     * or from the Kerberos principal name, in this wrapper.
+     * in this wrapper.
      */
     public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
         try {
-            String serverName;
-            // Use ciphersuite to determine whether Kerberos is active.
-            if (session.getCipherSuite().startsWith("TLS_KRB5")) {
-                serverName =
-                    HostnameChecker.getServerName(getPeerPrincipal(session));
-
-            } else { // X.509
-                Certificate[] serverChain = session.getPeerCertificates();
-                if ((serverChain == null) || (serverChain.length == 0)) {
-                    return false;
-                }
-                if (serverChain[0] instanceof X509Certificate == false) {
-                    return false;
-                }
-                X509Certificate serverCert = (X509Certificate)serverChain[0];
-                serverName = getServername(serverCert);
+            Certificate[] serverChain = session.getPeerCertificates();
+            if ((serverChain == null) || (serverChain.length == 0)) {
+                return false;
             }
+            if (serverChain[0] instanceof X509Certificate == false) {
+                return false;
+            }
+            X509Certificate serverCert = (X509Certificate)serverChain[0];
+            String serverName = getServername(serverCert);
             if (serverName == null) {
                 return false;
             }
@@ -143,23 +135,6 @@ class VerifierWrapper implements javax.net.ssl.HostnameVerifier {
         }
     }
 
-    /*
-     * Get the peer principal from the session
-     */
-    private Principal getPeerPrincipal(javax.net.ssl.SSLSession session)
-        throws javax.net.ssl.SSLPeerUnverifiedException
-    {
-        Principal principal;
-        try {
-            principal = session.getPeerPrincipal();
-        } catch (AbstractMethodError e) {
-            // if the provider does not support it, return null, since
-            // we need it only for Kerberos.
-            principal = null;
-        }
-        return principal;
-    }
-
     /*
      * Extract the name of the SSL server from the certificate.
      *