archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 06:45:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
jdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
Weijun Wang 6765f90250 8266459: Implement JEP 411: Deprecate the Security Manager for Removal 
Co-authored-by: Sean Mullan <mullan@openjdk.org>
Co-authored-by: Lance Andersen <lancea@openjdk.org>
Co-authored-by: Weijun Wang <weijun@openjdk.org>
Reviewed-by: erikj, darcy, chegar, naoto, joehw, alanb, mchung, kcr, prr, lancea
2021-06-02 11:57:31 +00:00

127 lines
4.9 KiB
Java
Raw Blame History

/*
* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ssl;
import java.security.*;
import java.util.*;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
/**
* The JSSE provider.
*
* SunJSSE now supports an experimental FIPS compliant mode when used with an
* appropriate FIPS certified crypto provider. In FIPS mode, we:
* . allow only TLS 1.0 or later
* . allow only FIPS approved ciphersuites
* . perform all crypto in the FIPS crypto provider
*
* It is currently not possible to use both FIPS compliant SunJSSE and
* standard JSSE at the same time because of the various static data structures
* we use.
*
* However, we do want to allow FIPS mode to be enabled at runtime and without
* editing the java.security file. That means we need to allow
* Security.removeProvider("SunJSSE") to work, which creates an instance of
* this class in non-FIPS mode. That is why we delay the selection of the mode
* as long as possible. This is until we open an SSL/TLS connection and the
* data structures need to be initialized or until SunJSSE is initialized in
* FIPS mode.
*
*/
public class SunJSSE extends java.security.Provider {
@java.io.Serial
private static final long serialVersionUID = 3231825739635378733L;
private static final String info = "Sun JSSE provider" +
"(PKCS12, SunX509/PKIX key/trust factories, " +
"SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3/DTLSv1.0/DTLSv1.2)";
public SunJSSE() {
super("SunJSSE", PROVIDER_VER, info);
registerAlgorithms();
}
@SuppressWarnings("removal")
private void registerAlgorithms() {
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
doRegister();
return null;
});
}
private void ps(String type, String algo, String cn,
List<String> a, HashMap<String, String> attrs) {
putService(new Provider.Service(this, type, algo, cn, a, attrs));
}
private void doRegister() {
ps("Signature", "MD5andSHA1withRSA",
"sun.security.ssl.RSASignature", null, null);
ps("KeyManagerFactory", "SunX509",
"sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null);
ps("KeyManagerFactory", "NewSunX509",
"sun.security.ssl.KeyManagerFactoryImpl$X509",
List.of("PKIX"), null);
ps("TrustManagerFactory", "SunX509",
"sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory",
null, null);
ps("TrustManagerFactory", "PKIX",
"sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory",
List.of("SunPKIX", "X509", "X.509"), null);
ps("SSLContext", "TLSv1",
"sun.security.ssl.SSLContextImpl$TLS10Context",
List.of("SSLv3"), null);
ps("SSLContext", "TLSv1.1",
"sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
ps("SSLContext", "TLSv1.2",
"sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
ps("SSLContext", "TLSv1.3",
"sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
ps("SSLContext", "TLS",
"sun.security.ssl.SSLContextImpl$TLSContext",
List.of("SSL"), null);
ps("SSLContext", "DTLSv1.0",
"sun.security.ssl.SSLContextImpl$DTLS10Context", null, null);
ps("SSLContext", "DTLSv1.2",
"sun.security.ssl.SSLContextImpl$DTLS12Context", null, null);
ps("SSLContext", "DTLS",
"sun.security.ssl.SSLContextImpl$DTLSContext", null, null);
ps("SSLContext", "Default",
"sun.security.ssl.SSLContextImpl$DefaultSSLContext", null, null);
/*
* KeyStore
*/
ps("KeyStore", "PKCS12",
"sun.security.pkcs12.PKCS12KeyStore", null, null);
}
}
Reference in a new issue View git blame Copy permalink