1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029

Browse Source 
Reviewed-by: ascarpino
This commit is contained in:
Xue-Lei Andrew Fan 2018-07-25 17:21:04 -07:00
parent 398db3a0c7
commit d2b2780859
1 changed files with 39 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
View File

@ -71,32 +71,35 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
SSLAlgorithmConstraints(SSLSocket socket, SSLAlgorithmConstraints(SSLSocket socket,
boolean withDefaultCertPathConstraints) { boolean withDefaultCertPathConstraints) {
AlgorithmConstraints configuredConstraints = null; this.userSpecifiedConstraints = getConstraints(socket);
if (socket != null) {
// Note that the KeyManager or TrustManager implementation may be
// not implemented in the same provider as SSLSocket/SSLEngine.
// Please check the instance before casting to use SSLSocketImpl.
if (socket instanceof SSLSocketImpl) {
HandshakeContext hc =
((SSLSocketImpl)socket).conContext.handshakeContext;
if (hc != null) {
configuredConstraints = hc.sslConfig.algorithmConstraints;
} else {
configuredConstraints = null;
}
} else {
configuredConstraints =
socket.getSSLParameters().getAlgorithmConstraints();
}
}
this.userSpecifiedConstraints = configuredConstraints;
this.peerSpecifiedConstraints = null; this.peerSpecifiedConstraints = null;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints; this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
} }
SSLAlgorithmConstraints(SSLEngine engine, SSLAlgorithmConstraints(SSLEngine engine,
boolean withDefaultCertPathConstraints) { boolean withDefaultCertPathConstraints) {
AlgorithmConstraints configuredConstraints = null; this.userSpecifiedConstraints = getConstraints(engine);
this.peerSpecifiedConstraints = null;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
this.userSpecifiedConstraints = getConstraints(socket);
this.peerSpecifiedConstraints =
new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
this.userSpecifiedConstraints = getConstraints(engine);
this.peerSpecifiedConstraints =
new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
private static AlgorithmConstraints getConstraints(SSLEngine engine) {
if (engine != null) { if (engine != null) {
// Note that the KeyManager or TrustManager implementation may be // Note that the KeyManager or TrustManager implementation may be
// not implemented in the same provider as SSLSocket/SSLEngine. // not implemented in the same provider as SSLSocket/SSLEngine.
@ -105,60 +108,33 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
HandshakeContext hc = HandshakeContext hc =
((SSLEngineImpl)engine).conContext.handshakeContext; ((SSLEngineImpl)engine).conContext.handshakeContext;
if (hc != null) { if (hc != null) {
configuredConstraints = hc.sslConfig.algorithmConstraints; return hc.sslConfig.algorithmConstraints;
} else {
configuredConstraints = null;
} }
} else { } else {
configuredConstraints = return engine.getSSLParameters().getAlgorithmConstraints();
engine.getSSLParameters().getAlgorithmConstraints();
} }
} }
this.userSpecifiedConstraints = configuredConstraints;
this.peerSpecifiedConstraints = null; return null;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
} }
SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms, private static AlgorithmConstraints getConstraints(SSLSocket socket) {
boolean withDefaultCertPathConstraints) {
AlgorithmConstraints configuredConstraints = null;
AlgorithmConstraints negotiatedConstraints = null;
if (socket != null) { if (socket != null) {
HandshakeContext hc = // Note that the KeyManager or TrustManager implementation may be
((SSLSocketImpl)socket).conContext.handshakeContext; // not implemented in the same provider as SSLSocket/SSLEngine.
if (hc != null) { // Please check the instance before casting to use SSLSocketImpl.
configuredConstraints = hc.sslConfig.algorithmConstraints; if (socket instanceof SSLSocketImpl) {
HandshakeContext hc =
((SSLSocketImpl)socket).conContext.handshakeContext;
if (hc != null) {
return hc.sslConfig.algorithmConstraints;
}
} else { } else {
configuredConstraints = null; return socket.getSSLParameters().getAlgorithmConstraints();
} }
negotiatedConstraints =
new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
} }
this.userSpecifiedConstraints = configuredConstraints;
this.peerSpecifiedConstraints = negotiatedConstraints;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms, return null;
boolean withDefaultCertPathConstraints) {
AlgorithmConstraints configuredConstraints = null;
AlgorithmConstraints negotiatedConstraints = null;
if (engine != null) {
HandshakeContext hc =
((SSLEngineImpl)engine).conContext.handshakeContext;
if (hc != null) {
configuredConstraints = hc.sslConfig.algorithmConstraints;
} else {
configuredConstraints = null;
}
negotiatedConstraints =
new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
}
this.userSpecifiedConstraints = configuredConstraints;
this.peerSpecifiedConstraints = negotiatedConstraints;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
} }
@Override @Override