archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8196584: TLS 1.3 Implementation

Browse source 
Co-authored-by: Adam Petcher <adam.petcher@oracle.com>
Co-authored-by: Amanda Jiang <amanda.jiang@oracle.com>
Co-authored-by: Anthony Scarpino <anthony.scarpino@oracle.com>
Co-authored-by: Bradford Wetmore <bradford.wetmore@oracle.com>
Co-authored-by: Jamil Nimeh <jamil.j.nimeh@oracle.com>
Co-authored-by: John Jiang <sha.jiang@oracle.com>
Co-authored-by: Rajan Halade <rajan.halade@oracle.com>
Co-authored-by: Sibabrata Sahoo <sibabrata.sahoo@oracle.com>
Co-authored-by: Valerie Peng <valerie.peng@oracle.com>
Co-authored-by: Weijun Wang <weijun.wang@oracle.com>
Reviewed-by: ascarpino, coffeys, dfuchs, jjiang, jnimeh, mullan, rhalade, ssahoo, valeriep, weijun, wetmore, xuelei
This commit is contained in:
Xue-Lei Andrew Fan 2018-06-25 13:41:39 -07:00
parent c7c819cd8b
commit 87c6761704
262 changed files with 44368 additions and 32552 deletions
Download patch file Download diff file Expand all files Collapse all files

123
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,18 +26,13 @@
package sun.security.ssl;
import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.AlgorithmParameters;
import javax.net.ssl.*;
import java.security.CryptoPrimitive;
import java.security.Key;
import java.util.Set;
import javax.net.ssl.*;
import sun.security.util.DisabledAlgorithmConstraints;
import static sun.security.util.DisabledAlgorithmConstraints.*;
import sun.security.ssl.CipherSuite.*;
/**
* Algorithm constraints for disabled algorithms property
@ -55,10 +50,10 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS,
new SSLAlgorithmDecomposer(true));
private AlgorithmConstraints userAlgConstraints = null;
private AlgorithmConstraints peerAlgConstraints = null;
private final AlgorithmConstraints userSpecifiedConstraints;
private final AlgorithmConstraints peerSpecifiedConstraints;
private boolean enabledX509DisabledAlgConstraints = true;
private final boolean enabledX509DisabledAlgConstraints;
// the default algorithm constraints
static final AlgorithmConstraints DEFAULT =
@ -68,60 +63,86 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
static final AlgorithmConstraints DEFAULT_SSL_ONLY =
new SSLAlgorithmConstraints((SSLSocket)null, false);
SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
userAlgConstraints = algorithmConstraints;
SSLAlgorithmConstraints(AlgorithmConstraints userSpecifiedConstraints) {
this.userSpecifiedConstraints = userSpecifiedConstraints;
this.peerSpecifiedConstraints = null;
this.enabledX509DisabledAlgConstraints = true;
}
SSLAlgorithmConstraints(SSLSocket socket,
boolean withDefaultCertPathConstraints) {
AlgorithmConstraints configuredConstraints = null;
if (socket != null) {
userAlgConstraints =
socket.getSSLParameters().getAlgorithmConstraints();
}
if (!withDefaultCertPathConstraints) {
enabledX509DisabledAlgConstraints = false;
HandshakeContext hc =
((SSLSocketImpl)socket).conContext.handshakeContext;
if (hc != null) {
configuredConstraints = hc.sslConfig.algorithmConstraints;
} else {
configuredConstraints = null;
}
}
this.userSpecifiedConstraints = configuredConstraints;
this.peerSpecifiedConstraints = null;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLEngine engine,
boolean withDefaultCertPathConstraints) {
AlgorithmConstraints configuredConstraints = null;
if (engine != null) {
userAlgConstraints =
engine.getSSLParameters().getAlgorithmConstraints();
}
if (!withDefaultCertPathConstraints) {
enabledX509DisabledAlgConstraints = false;
HandshakeContext hc =
((SSLEngineImpl)engine).conContext.handshakeContext;
if (hc != null) {
configuredConstraints = hc.sslConfig.algorithmConstraints;
} else {
configuredConstraints = null;
}
}
this.userSpecifiedConstraints = configuredConstraints;
this.peerSpecifiedConstraints = null;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
AlgorithmConstraints configuredConstraints = null;
AlgorithmConstraints negotiatedConstraints = null;
if (socket != null) {
userAlgConstraints =
socket.getSSLParameters().getAlgorithmConstraints();
peerAlgConstraints =
HandshakeContext hc =
((SSLSocketImpl)socket).conContext.handshakeContext;
if (hc != null) {
configuredConstraints = hc.sslConfig.algorithmConstraints;
} else {
configuredConstraints = null;
}
negotiatedConstraints =
new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
}
if (!withDefaultCertPathConstraints) {
enabledX509DisabledAlgConstraints = false;
}
this.userSpecifiedConstraints = configuredConstraints;
this.peerSpecifiedConstraints = negotiatedConstraints;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
AlgorithmConstraints configuredConstraints = null;
AlgorithmConstraints negotiatedConstraints = null;
if (engine != null) {
userAlgConstraints =
engine.getSSLParameters().getAlgorithmConstraints();
peerAlgConstraints =
HandshakeContext hc =
((SSLEngineImpl)engine).conContext.handshakeContext;
if (hc != null) {
configuredConstraints = hc.sslConfig.algorithmConstraints;
} else {
configuredConstraints = null;
}
negotiatedConstraints =
new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
}
if (!withDefaultCertPathConstraints) {
enabledX509DisabledAlgConstraints = false;
}
this.userSpecifiedConstraints = configuredConstraints;
this.peerSpecifiedConstraints = negotiatedConstraints;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
@Override
@ -130,13 +151,13 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
boolean permitted = true;
if (peerAlgConstraints != null) {
permitted = peerAlgConstraints.permits(
if (peerSpecifiedConstraints != null) {
permitted = peerSpecifiedConstraints.permits(
primitives, algorithm, parameters);
}
if (permitted && userAlgConstraints != null) {
permitted = userAlgConstraints.permits(
if (permitted && userSpecifiedConstraints != null) {
permitted = userSpecifiedConstraints.permits(
primitives, algorithm, parameters);
}
@ -158,12 +179,12 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
boolean permitted = true;
if (peerAlgConstraints != null) {
permitted = peerAlgConstraints.permits(primitives, key);
if (peerSpecifiedConstraints != null) {
permitted = peerSpecifiedConstraints.permits(primitives, key);
}
if (permitted && userAlgConstraints != null) {
permitted = userAlgConstraints.permits(primitives, key);
if (permitted && userSpecifiedConstraints != null) {
permitted = userSpecifiedConstraints.permits(primitives, key);
}
if (permitted) {
@ -183,13 +204,13 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
boolean permitted = true;
if (peerAlgConstraints != null) {
permitted = peerAlgConstraints.permits(
if (peerSpecifiedConstraints != null) {
permitted = peerSpecifiedConstraints.permits(
primitives, algorithm, key, parameters);
}
if (permitted && userAlgConstraints != null) {
permitted = userAlgConstraints.permits(
if (permitted && userSpecifiedConstraints != null) {
permitted = userSpecifiedConstraints.permits(
primitives, algorithm, key, parameters);
}