archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 14:54:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8196584: TLS 1.3 Implementation

Browse source 
Co-authored-by: Adam Petcher <adam.petcher@oracle.com>
Co-authored-by: Amanda Jiang <amanda.jiang@oracle.com>
Co-authored-by: Anthony Scarpino <anthony.scarpino@oracle.com>
Co-authored-by: Bradford Wetmore <bradford.wetmore@oracle.com>
Co-authored-by: Jamil Nimeh <jamil.j.nimeh@oracle.com>
Co-authored-by: John Jiang <sha.jiang@oracle.com>
Co-authored-by: Rajan Halade <rajan.halade@oracle.com>
Co-authored-by: Sibabrata Sahoo <sibabrata.sahoo@oracle.com>
Co-authored-by: Valerie Peng <valerie.peng@oracle.com>
Co-authored-by: Weijun Wang <weijun.wang@oracle.com>
Reviewed-by: ascarpino, coffeys, dfuchs, jjiang, jnimeh, mullan, rhalade, ssahoo, valeriep, weijun, wetmore, xuelei
This commit is contained in:
Xue-Lei Andrew Fan 2018-06-25 13:41:39 -07:00
parent c7c819cd8b
commit 87c6761704
262 changed files with 44368 additions and 32552 deletions
Download patch file Download diff file Expand all files Collapse all files

46
src/java.base/share/classes/sun/security/util/HostnameChecker.java
View file

@ -35,9 +35,8 @@ import javax.security.auth.x500.X500Principal;
import javax.net.ssl.SNIHostName;
import sun.net.util.IPAddressUtil;
import sun.security.ssl.ClientKeyExchangeService;
import sun.security.ssl.Debug;
import sun.security.x509.X500Name;
import sun.security.ssl.SSLLogger;
/**
* Class to check hostnames against the names specified in a certificate as
@ -60,8 +59,6 @@ public class HostnameChecker {
private static final int ALTNAME_DNS = 2;
private static final int ALTNAME_IP = 7;
private static final Debug debug = Debug.getInstance("ssl");
// the algorithm to follow to perform the check. Currently unused.
private final byte checkType;
@ -106,26 +103,6 @@ public class HostnameChecker {
match(expectedName, cert, false);
}
/**
* Perform the check for Kerberos.
*/
public static boolean match(String expectedName, Principal principal) {
String hostName = getServerName(principal);
return (expectedName.equalsIgnoreCase(hostName));
}
/**
* Return the Server name from Kerberos principal.
*/
public static String getServerName(Principal principal) {
ClientKeyExchangeService p =
ClientKeyExchangeService.find("KRB5");
if (p == null) {
throw new AssertionError("Kerberos should have been available");
}
return p.getServiceHostName(principal);
}
/**
* Test whether the given hostname looks like a literal IPv4 or IPv6
* address. The hostname does not need to be a fully qualified name.
@ -316,9 +293,10 @@ public class HostnameChecker {
boolean chainsToPublicCA) {
// not ok if it is a single wildcard character or "*."
if (template.equals("*") || template.equals("*.")) {
if (debug != null) {
debug.println("Certificate domain name has illegal single " +
"wildcard character: " + template);
if (SSLLogger.isOn) {
SSLLogger.fine(
"Certificate domain name has illegal single " +
"wildcard character: " + template);
}
return true;
}
@ -335,9 +313,10 @@ public class HostnameChecker {
// not ok if there is no dot after wildcard (ex: "*com")
if (firstDotIndex == -1) {
if (debug != null) {
debug.println("Certificate domain name has illegal wildcard, " +
"no dot after wildcard character: " + template);
if (SSLLogger.isOn) {
SSLLogger.fine(
"Certificate domain name has illegal wildcard, " +
"no dot after wildcard character: " + template);
}
return true;
}
@ -354,9 +333,10 @@ public class HostnameChecker {
if (rd.isPresent()) {
String wDomain = afterWildcard.substring(firstDotIndex + 1);
if (rd.get().publicSuffix().equalsIgnoreCase(wDomain)) {
if (debug != null) {
debug.println("Certificate domain name has illegal " +
"wildcard for public suffix: " + template);
if (SSLLogger.isOn) {
SSLLogger.fine(
"Certificate domain name has illegal " +
"wildcard for public suffix: " + template);
}
return true;
}