archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 14:54:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8237474: Default SSLEngine should create in server role

Browse source 
Reviewed-by: xuelei, coffeys
This commit is contained in:
Prasadrao Koppula 2020-04-14 14:16:58 +00:00
parent b812e8baff
commit aadc7c7ca8
9 changed files with 67 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/java.base/share/classes/javax/net/ssl/SSLContext.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -352,6 +352,14 @@ public class SSLContext {
* Some cipher suites (such as Kerberos) require remote hostname * Some cipher suites (such as Kerberos) require remote hostname
* information, in which case this factory method should not be used. * information, in which case this factory method should not be used.
* *
* @implNote
* It is provider-specific if the returned SSLEngine uses client or
* server mode by default for the (D)TLS connection. The JDK SunJSSE
* provider implementation uses server mode by default. However, it
* is recommended to always set the desired mode explicitly by calling
* {@link SSLEngine#setUseClientMode(boolean) SSLEngine.setUseClientMode()}
* before invoking other methods of the SSLEngine.
*
* @return the {@code SSLEngine} object * @return the {@code SSLEngine} object
* @throws UnsupportedOperationException if the underlying provider * @throws UnsupportedOperationException if the underlying provider
* does not implement the operation. * does not implement the operation.
@ -382,6 +390,14 @@ public class SSLContext {
* Some cipher suites (such as Kerberos) require remote hostname * Some cipher suites (such as Kerberos) require remote hostname
* information, in which case peerHost needs to be specified. * information, in which case peerHost needs to be specified.
* *
* @implNote
* It is provider-specific if the returned SSLEngine uses client or
* server mode by default for the (D)TLS connection. The JDK SunJSSE
* provider implementation uses server mode by default. However, it
* is recommended to always set the desired mode explicitly by calling
* {@link SSLEngine#setUseClientMode(boolean) SSLEngine.setUseClientMode()}
* before invoking other methods of the SSLEngine.
*
* @param peerHost the non-authoritative name of the host * @param peerHost the non-authoritative name of the host
* @param peerPort the non-authoritative port * @param peerPort the non-authoritative port
* @return the new {@code SSLEngine} object * @return the new {@code SSLEngine} object

18
src/java.base/share/classes/javax/net/ssl/SSLContextSpi.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -90,6 +90,14 @@ public abstract class SSLContextSpi {
* Some cipher suites (such as Kerberos) require remote hostname * Some cipher suites (such as Kerberos) require remote hostname
* information, in which case this factory method should not be used. * information, in which case this factory method should not be used.
* *
* @implNote
* It is provider-specific if the returned SSLEngine uses client or
* server mode by default for the (D)TLS connection. The JDK SunJSSE
* provider implementation uses server mode by default. However, it
* is recommended to always set the desired mode explicitly by calling
* {@link SSLEngine#setUseClientMode(boolean) SSLEngine.setUseClientMode()}
* before invoking other methods of the SSLEngine.
*
* @return the {@code SSLEngine} Object * @return the {@code SSLEngine} Object
* @throws IllegalStateException if the SSLContextImpl requires * @throws IllegalStateException if the SSLContextImpl requires
* initialization and the {@code engineInit()} * initialization and the {@code engineInit()}
@ -110,6 +118,14 @@ public abstract class SSLContextSpi {
* Some cipher suites (such as Kerberos) require remote hostname * Some cipher suites (such as Kerberos) require remote hostname
* information, in which case peerHost needs to be specified. * information, in which case peerHost needs to be specified.
* *
* @implNote
* It is provider-specific if the returned SSLEngine uses client or
* server mode by default for the (D)TLS connection. The JDK SunJSSE
* provider implementation uses server mode by default. However, it
* is recommended to always set the desired mode explicitly by calling
* {@link SSLEngine#setUseClientMode(boolean) SSLEngine.setUseClientMode()}
* before invoking other methods of the SSLEngine.
*
* @param host the non-authoritative name of the host * @param host the non-authoritative name of the host
* @param port the non-authoritative port * @param port the non-authoritative port
* @return the {@code SSLEngine} Object * @return the {@code SSLEngine} Object

18
src/java.base/share/classes/javax/net/ssl/SSLEngine.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -329,9 +329,12 @@ import java.util.function.BiFunction;
* each endpoint must decide which role to assume. This choice determines * each endpoint must decide which role to assume. This choice determines
* who begins the handshaking process as well as which type of messages * who begins the handshaking process as well as which type of messages
* should be sent by each party. The method {@link * should be sent by each party. The method {@link
* #setUseClientMode(boolean)} configures the mode. Once the initial * #setUseClientMode(boolean)} configures the mode. Note that the
* handshaking has started, an {@code SSLEngine} can not switch * default mode for a new {@code SSLEngine} is provider-specific.
* between client and server modes, even when performing renegotiations. * Applications should set the mode explicitly before invoking other
* methods of the {@code SSLEngine}. Once the initial handshaking has
* started, an {@code SSLEngine} can not switch between client and server
* modes, even when performing renegotiations.
* <P> * <P>
* Applications might choose to process delegated tasks in different * Applications might choose to process delegated tasks in different
* threads. When an {@code SSLEngine} * threads. When an {@code SSLEngine}
@ -1098,6 +1101,9 @@ public abstract class SSLEngine {
* Servers normally authenticate themselves, and clients * Servers normally authenticate themselves, and clients
* are not required to do so. * are not required to do so.
* *
* @implNote
* The JDK SunJSSE provider implementation default for this mode is false.
*
* @param mode true if the engine should start its handshaking * @param mode true if the engine should start its handshaking
* in "client" mode * in "client" mode
* @throws IllegalArgumentException if a mode change is attempted * @throws IllegalArgumentException if a mode change is attempted
@ -1111,6 +1117,10 @@ public abstract class SSLEngine {
* Returns true if the engine is set to use client mode when * Returns true if the engine is set to use client mode when
* handshaking. * handshaking.
* *
* @implNote
* The JDK SunJSSE provider implementation returns false unless
* {@link setUseClientMode(boolean)} is used to change the mode to true.
*
* @return true if the engine should do handshaking * @return true if the engine should do handshaking
* in "client" mode * in "client" mode
* @see #setUseClientMode(boolean) * @see #setUseClientMode(boolean)

6
src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -1178,6 +1178,10 @@ public abstract class SSLContextImpl extends SSLContextSpi {
@Override @Override
protected SSLParameters engineGetDefaultSSLParameters() { protected SSLParameters engineGetDefaultSSLParameters() {
SSLEngine engine = createSSLEngineImpl(); SSLEngine engine = createSSLEngineImpl();
// Note: The TLSContext defaults to client side SSLParameters.
// We can do the same here. Please don't change the behavior
// for compatibility.
engine.setUseClientMode(true);
return engine.getSSLParameters(); return engine.getSSLParameters();
} }

2
src/java.base/share/classes/sun/security/ssl/TransportContext.java
View file

@ -89,7 +89,7 @@ final class TransportContext implements ConnectionContext {
// Called by SSLEngineImpl // Called by SSLEngineImpl
TransportContext(SSLContextImpl sslContext, SSLTransport transport, TransportContext(SSLContextImpl sslContext, SSLTransport transport,
InputRecord inputRecord, OutputRecord outputRecord) { InputRecord inputRecord, OutputRecord outputRecord) {
this(sslContext, transport, new SSLConfiguration(sslContext, true), this(sslContext, transport, new SSLConfiguration(sslContext, false),
inputRecord, outputRecord, true); inputRecord, outputRecord, true);
} }

3
test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDTLSDefaultProtocols.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,7 @@
/* /*
* @test * @test
* @bug 8237474
* @summary Test jdk.tls.client.protocols with DTLS * @summary Test jdk.tls.client.protocols with DTLS
* @run main/othervm -Djdk.tls.client.protocols="DTLSv1.0" * @run main/othervm -Djdk.tls.client.protocols="DTLSv1.0"
* CustomizedDTLSDefaultProtocols * CustomizedDTLSDefaultProtocols

3
test/jdk/sun/security/ssl/SSLContextImpl/CustomizedDTLSServerDefaultProtocols.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,7 @@
/* /*
* @test * @test
* @bug 8237474
* @summary Test jdk.tls.server.protocols with DTLS * @summary Test jdk.tls.server.protocols with DTLS
* @run main/othervm -Djdk.tls.server.protocols="DTLSv1.0" * @run main/othervm -Djdk.tls.server.protocols="DTLSv1.0"
* CustomizedDTLSServerDefaultProtocols * CustomizedDTLSServerDefaultProtocols

3
test/jdk/sun/security/ssl/SSLContextImpl/DefaultDTLSEnabledProtocols.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,7 @@
/* /*
* @test * @test
* @bug 8237474
* @summary Test jdk.tls.client.protocols with DTLS * @summary Test jdk.tls.client.protocols with DTLS
* @run main/othervm DefaultDTLSEnabledProtocols * @run main/othervm DefaultDTLSEnabledProtocols
*/ */

9
test/jdk/sun/security/ssl/SSLEngineImpl/EngineEnforceUseClientMode.java
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2004, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2004, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@
/* /*
* @test * @test
* @bug 4980882 8207250 * @bug 4980882 8207250 8237474
* @summary SSLEngine should enforce setUseClientMode * @summary SSLEngine should enforce setUseClientMode
* @run main/othervm EngineEnforceUseClientMode * @run main/othervm EngineEnforceUseClientMode
* @author Brad R. Wetmore * @author Brad R. Wetmore
@ -89,6 +89,11 @@ public class EngineEnforceUseClientMode {
ssle3 = sslc.createSSLEngine(); ssle3 = sslc.createSSLEngine();
ssle4 = sslc.createSSLEngine(); ssle4 = sslc.createSSLEngine();
ssle5 = sslc.createSSLEngine(); ssle5 = sslc.createSSLEngine();
//Check default SSLEngine role.
if (ssle5.getUseClientMode()) {
throw new RuntimeException("Expected default role to be server");
}
} }
private void runTest() throws Exception { private void runTest() throws Exception {