stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8215430: Remove the internal package com.sun.net.ssl

Browse Source 
Reviewed-by: chegar, mullan, wetmore
This commit is contained in:
Xue-Lei Andrew Fan 2019-03-01 08:35:14 -08:00
parent e7eae4444d
commit 25f0d60a58
44 changed files with 31 additions and 5384 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/java.base/share/classes/com/sun/net/ssl/HostnameVerifier.java
View File

@ -1,54 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.HostnameVerifier
*/
package com.sun.net.ssl;
/**
* HostnameVerifier provides a callback mechanism so that
* implementers of this interface can supply a policy for
* handling the case where the host to connect to and
* the server name from the certificate mismatch.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.HostnameVerifier} and
* {@link javax.net.ssl.CertificateHostnameVerifier}.
*/
@Deprecated(since="1.4")
public interface HostnameVerifier {
/**
* Verify that the hostname from the URL is an acceptable
* match with the value from the common name entry in the
* server certificate's distinguished name.
*
* @param urlHostname the host name of the URL
* @param certHostname the common name entry from the certificate
* @return true if the certificate host name is acceptable
*/
public boolean verify(String urlHostname, String certHostname);
}

203
src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java
View File

@ -1,203 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.HttpsURLConnection
*/
package com.sun.net.ssl;
import java.net.URL;
import java.net.HttpURLConnection;
import java.io.IOException;
import java.security.cert.Certificate;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.SSLPeerUnverifiedException;
/**
* HTTP URL connection with support for HTTPS-specific features. See
* <A HREF="http://www.w3.org/pub/WWW/Protocols/"> the spec </A> for
* details.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.HttpsURLConnection}.
*/
@Deprecated(since="1.4")
public abstract
class HttpsURLConnection extends HttpURLConnection
{
/*
* Initialize an HTTPS URLConnection ... could check that the URL
* is an "https" URL, and that the handler is also an HTTPS one,
* but that's established by other code in this package.
* @param url the URL
*/
public HttpsURLConnection(URL url) throws IOException {
super(url);
}
/**
* Returns the cipher suite in use on this connection.
* @return the cipher suite
*/
public abstract String getCipherSuite();
/**
* Returns the server's X.509 certificate chain, or null if
* the server did not authenticate.
* <P>
* Note: The returned value may not be a valid certificate chain
* and should not be relied on for trust decisions.
*
* @return the server certificate chain
*/
public abstract Certificate[] getServerCertificates()
throws SSLPeerUnverifiedException;
/**
* HostnameVerifier provides a callback mechanism so that
* implementers of this interface can supply a policy for
* handling the case where the host to connect to and
* the server name from the certificate mismatch.
*
* The default implementation will deny such connections.
*/
private static HostnameVerifier defaultHostnameVerifier =
new HostnameVerifier() {
public boolean verify(String urlHostname, String certHostname) {
return false;
}
};
protected HostnameVerifier hostnameVerifier = defaultHostnameVerifier;
/**
* Sets the default HostnameVerifier inherited when an instance
* of this class is created.
* @param v the default host name verifier
*/
public static void setDefaultHostnameVerifier(HostnameVerifier v) {
if (v == null) {
throw new IllegalArgumentException(
"no default HostnameVerifier specified");
}
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SSLPermission("setHostnameVerifier"));
}
defaultHostnameVerifier = v;
}
/**
* Gets the default HostnameVerifier.
* @return the default host name verifier
*/
public static HostnameVerifier getDefaultHostnameVerifier() {
return defaultHostnameVerifier;
}
/**
* Sets the HostnameVerifier.
* @param v the host name verifier
*/
public void setHostnameVerifier(HostnameVerifier v) {
if (v == null) {
throw new IllegalArgumentException(
"no HostnameVerifier specified");
}
hostnameVerifier = v;
}
/**
* Gets the HostnameVerifier.
* @return the host name verifier
*/
public HostnameVerifier getHostnameVerifier() {
return hostnameVerifier;
}
private static SSLSocketFactory defaultSSLSocketFactory = null;
private SSLSocketFactory sslSocketFactory = getDefaultSSLSocketFactory();
/**
* Sets the default SSL socket factory inherited when an instance
* of this class is created.
* @param sf the default SSL socket factory
*/
public static void setDefaultSSLSocketFactory(SSLSocketFactory sf) {
if (sf == null) {
throw new IllegalArgumentException(
"no default SSLSocketFactory specified");
}
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkSetFactory();
}
defaultSSLSocketFactory = sf;
}
/**
* Gets the default SSL socket factory.
* @return the default SSL socket factory
*/
public static SSLSocketFactory getDefaultSSLSocketFactory() {
if (defaultSSLSocketFactory == null) {
defaultSSLSocketFactory =
(SSLSocketFactory)SSLSocketFactory.getDefault();
}
return defaultSSLSocketFactory;
}
/**
* Sets the SSL socket factory.
* @param sf the SSL socket factory
*/
public void setSSLSocketFactory(SSLSocketFactory sf) {
if (sf == null) {
throw new IllegalArgumentException(
"no SSLSocketFactory specified");
}
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkSetFactory();
}
sslSocketFactory = sf;
}
/**
* Gets the SSL socket factory.
* @return the SSL socket factory
*/
public SSLSocketFactory getSSLSocketFactory() {
return sslSocketFactory;
}
}

42
src/java.base/share/classes/com/sun/net/ssl/KeyManager.java
View File

@ -1,42 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.KeyManager
*/
package com.sun.net.ssl;
/**
* Base interface for JSSE key managers. These manage the
* key material which is used to authenticate to the peer
* of a secure socket.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.KeyManager}.
*/
@Deprecated(since="1.4")
public interface KeyManager {
}

220
src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactory.java
View File

@ -1,220 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.KeyManagerFactory
*/
package com.sun.net.ssl;
import java.security.*;
/**
* This class acts as a factory for key managers based on a
* source of key material. Each key manager manages a specific
* type of key material for use by secure sockets. The key
* material is based on a KeyStore and/or provider specific sources.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.KeyManagerFactory}.
*/
@Deprecated(since="1.4")
public class KeyManagerFactory {
// The provider
private Provider provider;
// The provider implementation (delegate)
private KeyManagerFactorySpi factorySpi;
// The name of the key management algorithm.
private String algorithm;
/**
* <p>The default KeyManager can be changed by setting the value of the
* {@code sun.ssl.keymanager.type} security property to the desired name.
*
* @return the default type as specified by the
* {@code sun.ssl.keymanager.type} security property, or an
* implementation-specific default if no such property exists.
*
* @see java.security.Security security properties
*/
public static final String getDefaultAlgorithm() {
String type;
type = AccessController.doPrivileged(new PrivilegedAction<>() {
public String run() {
return Security.getProperty("sun.ssl.keymanager.type");
}
});
if (type == null) {
type = "SunX509";
}
return type;
}
/**
* Creates a KeyManagerFactory object.
*
* @param factorySpi the delegate
* @param provider the provider
* @param algorithm the algorithm
*/
protected KeyManagerFactory(KeyManagerFactorySpi factorySpi,
Provider provider, String algorithm) {
this.factorySpi = factorySpi;
this.provider = provider;
this.algorithm = algorithm;
}
/**
* Returns the algorithm name of this <code>KeyManagerFactory</code> object.
*
* <p>This is the same name that was specified in one of the
* <code>getInstance</code> calls that created this
* <code>KeyManagerFactory</code> object.
*
* @return the algorithm name of this <code>KeyManagerFactory</code> object.
*/
public final String getAlgorithm() {
return this.algorithm;
}
/**
* Generates a <code>KeyManagerFactory</code> object that implements the
* specified key management algorithm.
* If the default provider package provides an implementation of the
* requested key management algorithm, an instance of
* <code>KeyManagerFactory</code> containing that implementation is
* returned. If the algorithm is not available in the default provider
* package, other provider packages are searched.
*
* @param algorithm the standard name of the requested
* algorithm.
*
* @return the new <code>KeyManagerFactory</code> object
*
* @exception NoSuchAlgorithmException if the specified algorithm is not
* available in the default provider package or any of the other provider
* packages that were searched.
*/
public static final KeyManagerFactory getInstance(String algorithm)
throws NoSuchAlgorithmException
{
try {
Object[] objs = SSLSecurity.getImpl(algorithm, "KeyManagerFactory",
(String) null);
return new KeyManagerFactory((KeyManagerFactorySpi)objs[0],
(Provider)objs[1],
algorithm);
} catch (NoSuchProviderException e) {
throw new NoSuchAlgorithmException(algorithm + " not found");
}
}
/**
* Generates a <code>KeyManagerFactory</code> object for the specified
* key management algorithm from the specified provider.
*
* @param algorithm the standard name of the requested
* algorithm.
* @param provider the name of the provider
*
* @return the new <code>KeyManagerFactory</code> object
*
* @exception NoSuchAlgorithmException if the specified algorithm is not
* available from the specified provider.
* @exception NoSuchProviderException if the specified provider has not
* been configured.
*/
public static final KeyManagerFactory getInstance(String algorithm,
String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
{
if (provider == null || provider.isEmpty())
throw new IllegalArgumentException("missing provider");
Object[] objs = SSLSecurity.getImpl(algorithm, "KeyManagerFactory",
provider);
return new KeyManagerFactory((KeyManagerFactorySpi)objs[0],
(Provider)objs[1], algorithm);
}
/**
* Generates a <code>KeyManagerFactory</code> object for the specified
* key management algorithm from the specified provider.
*
* @param algorithm the standard name of the requested
* algorithm.
* @param provider an instance of the provider
*
* @return the new <code>KeyManagerFactory</code> object
*
* @exception NoSuchAlgorithmException if the specified algorithm is not
* available from the specified provider.
*/
public static final KeyManagerFactory getInstance(String algorithm,
Provider provider)
throws NoSuchAlgorithmException
{
if (provider == null)
throw new IllegalArgumentException("missing provider");
Object[] objs = SSLSecurity.getImpl(algorithm, "KeyManagerFactory",
provider);
return new KeyManagerFactory((KeyManagerFactorySpi)objs[0],
(Provider)objs[1], algorithm);
}
/**
* Returns the provider of this <code>KeyManagerFactory</code> object.
*
* @return the provider of this <code>KeyManagerFactory</code> object
*/
public final Provider getProvider() {
return this.provider;
}
/**
* Initializes this factory with a source of key material. The
* provider may also include a provider-specific source
* of key material.
*
* @param ks the key store or null
* @param password the password for recovering keys
*/
public void init(KeyStore ks, char[] password)
throws KeyStoreException, NoSuchAlgorithmException,
UnrecoverableKeyException {
factorySpi.engineInit(ks, password);
}
/**
* Returns one key manager for each type of key material.
* @return the key managers
*/
public KeyManager[] getKeyManagers() {
return factorySpi.engineGetKeyManagers();
}
}

64
src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactorySpi.java
View File

@ -1,64 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.KeyManagerFactorySpi
*/
package com.sun.net.ssl;
import java.security.*;
/**
* This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
* for the <code>KeyManagerFactory</code> class.
*
* <p> All the abstract methods in this class must be implemented by each
* cryptographic service provider who wishes to supply the implementation
* of a particular key manager factory.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.KeyManagerFactorySpi}.
*/
@Deprecated(since="1.4")
public abstract class KeyManagerFactorySpi {
/**
* Initializes this factory with a source of key material. The
* provider may also include a provider-specific source
* of key material.
*
* @param ks the key store or null
* @param password the password for recovering keys
*/
protected abstract void engineInit(KeyStore ks, char[] password)
throws KeyStoreException, NoSuchAlgorithmException,
UnrecoverableKeyException;
/**
* Returns one trust manager for each type of trust material.
* @return the key managers
*/
protected abstract KeyManager[] engineGetKeyManagers();
}

201
src/java.base/share/classes/com/sun/net/ssl/SSLContext.java
View File

@ -1,201 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.SSLContext
*/
package com.sun.net.ssl;
import java.security.*;
import java.util.*;
import javax.net.ssl.*;
import sun.security.ssl.SSLSocketFactoryImpl;
import sun.security.ssl.SSLServerSocketFactoryImpl;
/**
* Instances of this class represent a secure socket protocol
* implementation which acts as a factory for secure socket
* factories. This class is initialized with an optional set of
* key and trust managers and source of secure random bytes.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.SSLContext}.
*/
@Deprecated(since="1.4")
public class SSLContext {
private Provider provider;
private SSLContextSpi contextSpi;
private String protocol;
/**
* Creates an SSLContext object.
*
* @param contextSpi the delegate
* @param provider the provider
* @param protocol the protocol
*/
protected SSLContext(SSLContextSpi contextSpi, Provider provider,
String protocol) {
this.contextSpi = contextSpi;
this.provider = provider;
this.protocol = protocol;
}
/**
* Generates a <code>SSLContext</code> object that implements the
* specified secure socket protocol.
*
* @param protocol the standard name of the requested protocol.
*
* @return the new <code>SSLContext</code> object
*
* @exception NoSuchAlgorithmException if the specified protocol is not
* available in the default provider package or any of the other provider
* packages that were searched.
*/
public static SSLContext getInstance(String protocol)
throws NoSuchAlgorithmException
{
try {
Object[] objs = SSLSecurity.getImpl(protocol, "SSLContext",
(String) null);
return new SSLContext((SSLContextSpi)objs[0], (Provider)objs[1],
protocol);
} catch (NoSuchProviderException e) {
throw new NoSuchAlgorithmException(protocol + " not found");
}
}
/**
* Generates a <code>SSLContext</code> object that implements the
* specified secure socket protocol.
*
* @param protocol the standard name of the requested protocol.
* @param provider the name of the provider
*
* @return the new <code>SSLContext</code> object
*
* @exception NoSuchAlgorithmException if the specified protocol is not
* available from the specified provider.
* @exception NoSuchProviderException if the specified provider has not
* been configured.
*/
public static SSLContext getInstance(String protocol, String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
{
if (provider == null || provider.isEmpty())
throw new IllegalArgumentException("missing provider");
Object[] objs = SSLSecurity.getImpl(protocol, "SSLContext",
provider);
return new SSLContext((SSLContextSpi)objs[0], (Provider)objs[1],
protocol);
}
/**
* Generates a <code>SSLContext</code> object that implements the
* specified secure socket protocol.
*
* @param protocol the standard name of the requested protocol.
* @param provider an instance of the provider
*
* @return the new <code>SSLContext</code> object
*
* @exception NoSuchAlgorithmException if the specified protocol is not
* available from the specified provider.
*/
public static SSLContext getInstance(String protocol, Provider provider)
throws NoSuchAlgorithmException
{
if (provider == null)
throw new IllegalArgumentException("missing provider");
Object[] objs = SSLSecurity.getImpl(protocol, "SSLContext",
provider);
return new SSLContext((SSLContextSpi)objs[0], (Provider)objs[1],
protocol);
}
/**
* Returns the protocol name of this <code>SSLContext</code> object.
*
* <p>This is the same name that was specified in one of the
* <code>getInstance</code> calls that created this
* <code>SSLContext</code> object.
*
* @return the protocol name of this <code>SSLContext</code> object.
*/
public final String getProtocol() {
return this.protocol;
}
/**
* Returns the provider of this <code>SSLContext</code> object.
*
* @return the provider of this <code>SSLContext</code> object
*/
public final Provider getProvider() {
return this.provider;
}
/**
* Initializes this context. Either of the first two parameters
* may be null in which case the installed security providers will
* be searched for the highest priority implementation of the
* appropriate factory. Likewise, the secure random parameter may
* be null in which case the default implementation will be used.
*
* @param km the sources of authentication keys or null
* @param tm the sources of peer authentication trust decisions or null
* @param random the source of randomness for this generator or null
*/
public final void init(KeyManager[] km, TrustManager[] tm,
SecureRandom random)
throws KeyManagementException {
contextSpi.engineInit(km, tm, random);
}
/**
* Returns a <code>SocketFactory</code> object for this
* context.
*
* @return the factory
*/
public final SSLSocketFactory getSocketFactory() {
return contextSpi.engineGetSocketFactory();
}
/**
* Returns a <code>ServerSocketFactory</code> object for
* this context.
*
* @return the factory
*/
public final SSLServerSocketFactory getServerSocketFactory() {
return contextSpi.engineGetServerSocketFactory();
}
}

74
src/java.base/share/classes/com/sun/net/ssl/SSLContextSpi.java
View File

@ -1,74 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.SSLContextSpi
*/
package com.sun.net.ssl;
import java.util.*;
import java.security.*;
import javax.net.ssl.*;
/**
* This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
* for the <code>SSLContext</code> class.
*
* <p> All the abstract methods in this class must be implemented by each
* cryptographic service provider who wishes to supply the implementation
* of a particular SSL context.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.SSLContextSpi}.
*/
@Deprecated(since="1.4")
public abstract class SSLContextSpi {
/**
* Initializes this context.
*
* @param ah the sources of authentication keys
* @param th the sources of peer authentication trust decisions
* @param sr the source of randomness for this generator
*/
protected abstract void engineInit(KeyManager[] ah, TrustManager[] th,
SecureRandom sr) throws KeyManagementException;
/**
* Returns a <code>SocketFactory</code> object for this
* context.
*
* @return the factory
*/
protected abstract SSLSocketFactory engineGetSocketFactory();
/**
* Returns a <code>ServerSocketFactory</code> object for
* this context.
*
* @return the factory
*/
protected abstract SSLServerSocketFactory engineGetServerSocketFactory();
}

136
src/java.base/share/classes/com/sun/net/ssl/SSLPermission.java
View File

@ -1,136 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.SSLPermission
*/
package com.sun.net.ssl;
import java.security.*;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.security.Permissions;
import java.lang.SecurityManager;
/**
* This class is for various network permissions.
* An SSLPermission contains a name (also referred to as a "target name") but
* no actions list; you either have the named permission
* or you don't.
* <P>
* The target name is the name of the network permission (see below). The naming
* convention follows the hierarchical property naming convention.
* Also, an asterisk
* may appear at the end of the name, following a ".", or by itself, to
* signify a wildcard match. For example: "foo.*" and "*" signify a wildcard
* match, while "*foo" and "a*b" do not.
* <P>
* The following table lists all the possible SSLPermission target names,
* and for each provides a description of what the permission allows
* and a discussion of the risks of granting code the permission.
*
* <table border=1 cellpadding=5>
* <tr>
* <th>Permission Target Name</th>
* <th>What the Permission Allows</th>
* <th>Risks of Allowing this Permission</th>
* </tr>
*
* <tr>
* <td>setHostnameVerifier</td>
* <td>The ability to set a callback which can decide whether to
* allow a mismatch between the host being connected to by
* an HttpsURLConnection and the common name field in
* server certificate.
* </td>
* <td>Malicious
* code can set a verifier that monitors host names visited by
* HttpsURLConnection requests or that allows server certificates
* with invalid common names.
* </td>
* </tr>
*
* <tr>
* <td>getSSLSessionContext</td>
* <td>The ability to get the SSLSessionContext of an SSLSession.
* </td>
* <td>Malicious code may monitor sessions which have been established
* with SSL peers or might invalidate sessions to slow down performance.
* </td>
* </tr>
*
* </table>
*
* @see java.security.BasicPermission
* @see java.security.Permission
* @see java.security.Permissions
* @see java.security.PermissionCollection
* @see java.lang.SecurityManager
*
*
* @author Marianne Mueller
* @author Roland Schemers
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.SSLPermission}.
*/
@Deprecated(since="1.4")
public final class SSLPermission extends BasicPermission {
private static final long serialVersionUID = -2583684302506167542L;
/**
* Creates a new SSLPermission with the specified name.
* The name is the symbolic name of the SSLPermission, such as
* "setDefaultAuthenticator", etc. An asterisk
* may appear at the end of the name, following a ".", or by itself, to
* signify a wildcard match.
*
* @param name the name of the SSLPermission.
*/
public SSLPermission(String name)
{
super(name);
}
/**
* Creates a new SSLPermission object with the specified name.
* The name is the symbolic name of the SSLPermission, and the
* actions String is currently unused and should be null. This
* constructor exists for use by the <code>Policy</code> object
* to instantiate new Permission objects.
*
* @param name the name of the SSLPermission.
* @param actions should be null.
*/
public SSLPermission(String name, String actions)
{
super(name, actions);
}
}

699
src/java.base/share/classes/com/sun/net/ssl/SSLSecurity.java
View File

@ -1,699 +0,0 @@
/*
* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.SSLSecurity,
* but was heavily modified to allow com.sun.* users to
* access providers written using the javax.sun.* APIs.
*/
package com.sun.net.ssl;
import java.util.*;
import java.io.*;
import java.security.*;
import java.security.Provider.Service;
import java.net.Socket;
import sun.security.jca.*;
/**
* This class instantiates implementations of JSSE engine classes from
* providers registered with the java.security.Security object.
*
* @author Jan Luehe
* @author Jeff Nisewanger
* @author Brad Wetmore
*/
final class SSLSecurity {
/*
* Don't let anyone instantiate this.
*/
private SSLSecurity() {
}
// ProviderList.getService() is not accessible now, implement our own loop
private static Service getService(String type, String alg) {
ProviderList list = Providers.getProviderList();
for (Provider p : list.providers()) {
Service s = p.getService(type, alg);
if (s != null) {
return s;
}
}
return null;
}
/**
* The body of the driver for the getImpl method.
*/
private static Object[] getImpl1(String algName, String engineType,
Service service) throws NoSuchAlgorithmException
{
Provider provider = service.getProvider();
String className = service.getClassName();
Class<?> implClass;
try {
ClassLoader cl = provider.getClass().getClassLoader();
if (cl == null) {
// system class
implClass = Class.forName(className);
} else {
implClass = cl.loadClass(className);
}
} catch (ClassNotFoundException e) {
throw new NoSuchAlgorithmException("Class " + className +
" configured for " +
engineType +
" not found: " +
e.getMessage());
} catch (SecurityException e) {
throw new NoSuchAlgorithmException("Class " + className +
" configured for " +
engineType +
" cannot be accessed: " +
e.getMessage());
}
/*
* JSSE 1.0, 1.0.1, and 1.0.2 used the com.sun.net.ssl API as the
* API was being developed. As JSSE was folded into the main
* release, it was decided to promote the com.sun.net.ssl API to
* be javax.net.ssl. It is desired to keep binary compatibility
* with vendors of JSSE implementation written using the
* com.sun.net.sll API, so we do this magic to handle everything.
*
* API used Implementation used Supported?
* ======== =================== ==========
* com.sun javax Yes
* com.sun com.sun Yes
* javax javax Yes
* javax com.sun Not Currently
*
* Make sure the implementation class is a subclass of the
* corresponding engine class.
*
* In wrapping these classes, there's no way to know how to
* wrap all possible classes that extend the TrustManager/KeyManager.
* We only wrap the x509 variants.
*/
try { // catch instantiation errors
/*
* (The following Class.forName()s should alway work, because
* this class and all the SPI classes in javax.crypto are
* loaded by the same class loader.) That is, unless they
* give us a SPI class that doesn't exist, say SSLFoo,
* or someone has removed classes from the java.base module.
*/
Class<?> typeClassJavax;
Class<?> typeClassCom;
Object obj = null;
/*
* Odds are more likely that we have a javax variant, try this
* first.
*/
if (((typeClassJavax = Class.forName("javax.net.ssl." +
engineType + "Spi")) != null) &&
(checkSuperclass(implClass, typeClassJavax))) {
if (engineType.equals("SSLContext")) {
obj = new SSLContextSpiWrapper(algName, provider);
} else if (engineType.equals("TrustManagerFactory")) {
obj = new TrustManagerFactorySpiWrapper(algName, provider);
} else if (engineType.equals("KeyManagerFactory")) {
obj = new KeyManagerFactorySpiWrapper(algName, provider);
} else {
/*
* We should throw an error if we get
* something totally unexpected. Don't ever
* expect to see this one...
*/
throw new IllegalStateException(
"Class " + implClass.getName() +
" unknown engineType wrapper:" + engineType);
}
} else if (((typeClassCom = Class.forName("com.sun.net.ssl." +
engineType + "Spi")) != null) &&
(checkSuperclass(implClass, typeClassCom))) {
obj = service.newInstance(null);
}
if (obj != null) {
return new Object[] { obj, provider };
} else {
throw new NoSuchAlgorithmException(
"Couldn't locate correct object or wrapper: " +
engineType + " " + algName);
}
} catch (ClassNotFoundException e) {
IllegalStateException exc = new IllegalStateException(
"Engine Class Not Found for " + engineType);
exc.initCause(e);
throw exc;
}
}
/**
* Returns an array of objects: the first object in the array is
* an instance of an implementation of the requested algorithm
* and type, and the second object in the array identifies the provider
* of that implementation.
* The <code>provName</code> argument can be null, in which case all
* configured providers will be searched in order of preference.
*/
static Object[] getImpl(String algName, String engineType, String provName)
throws NoSuchAlgorithmException, NoSuchProviderException
{
Service service;
if (provName != null) {
ProviderList list = Providers.getProviderList();
Provider prov = list.getProvider(provName);
if (prov == null) {
throw new NoSuchProviderException("No such provider: " +
provName);
}
service = prov.getService(engineType, algName);
} else {
service = getService(engineType, algName);
}
if (service == null) {
throw new NoSuchAlgorithmException("Algorithm " + algName
+ " not available");
}
return getImpl1(algName, engineType, service);
}
/**
* Returns an array of objects: the first object in the array is
* an instance of an implementation of the requested algorithm
* and type, and the second object in the array identifies the provider
* of that implementation.
* The <code>prov</code> argument can be null, in which case all
* configured providers will be searched in order of preference.
*/
static Object[] getImpl(String algName, String engineType, Provider prov)
throws NoSuchAlgorithmException
{
Service service = prov.getService(engineType, algName);
if (service == null) {
throw new NoSuchAlgorithmException("No such algorithm: " +
algName);
}
return getImpl1(algName, engineType, service);
}
/*
* Checks whether one class is the superclass of another
*/
private static boolean checkSuperclass(Class<?> subclass, Class<?> superclass) {
if ((subclass == null) || (superclass == null))
return false;
while (!subclass.equals(superclass)) {
subclass = subclass.getSuperclass();
if (subclass == null) {
return false;
}
}
return true;
}
/*
* Return at most the first "resize" elements of an array.
*
* Didn't want to use java.util.Arrays, as PJava may not have it.
*/
static Object[] truncateArray(Object[] oldArray, Object[] newArray) {
for (int i = 0; i < newArray.length; i++) {
newArray[i] = oldArray[i];
}
return newArray;
}
}
/*
* =================================================================
* The remainder of this file is for the wrapper and wrapper-support
* classes. When SSLSecurity finds something which extends the
* javax.net.ssl.*Spi, we need to go grab a real instance of the
* thing that the Spi supports, and wrap into a com.sun.net.ssl.*Spi
* object. This also mean that anything going down into the SPI
* needs to be wrapped, as well as anything coming back up.
*/
@SuppressWarnings("deprecation")
final class SSLContextSpiWrapper extends SSLContextSpi {
private javax.net.ssl.SSLContext theSSLContext;
SSLContextSpiWrapper(String algName, Provider prov) throws
NoSuchAlgorithmException {
theSSLContext = javax.net.ssl.SSLContext.getInstance(algName, prov);
}
@SuppressWarnings("deprecation")
protected void engineInit(KeyManager[] kma, TrustManager[] tma,
SecureRandom sr) throws KeyManagementException {
// Keep track of the actual number of array elements copied
int dst;
int src;
javax.net.ssl.KeyManager[] kmaw;
javax.net.ssl.TrustManager[] tmaw;
// Convert com.sun.net.ssl.kma to a javax.net.ssl.kma
// wrapper if need be.
if (kma != null) {
kmaw = new javax.net.ssl.KeyManager[kma.length];
for (src = 0, dst = 0; src < kma.length; ) {
/*
* These key managers may implement both javax
* and com.sun interfaces, so if they do
* javax, there's no need to wrap them.
*/
if (!(kma[src] instanceof javax.net.ssl.KeyManager)) {
/*
* Do we know how to convert them? If not, oh well...
* We'll have to drop them on the floor in this
* case, cause we don't know how to handle them.
* This will be pretty rare, but put here for
* completeness.
*/
if (kma[src] instanceof X509KeyManager) {
kmaw[dst] = (javax.net.ssl.KeyManager)
new X509KeyManagerJavaxWrapper(
(X509KeyManager)kma[src]);
dst++;
}
} else {
// We can convert directly, since they implement.
kmaw[dst] = (javax.net.ssl.KeyManager)kma[src];
dst++;
}
src++;
}
/*
* If dst != src, there were more items in the original array
* than in the new array. Compress the new elements to avoid
* any problems down the road.
*/
if (dst != src) {
kmaw = (javax.net.ssl.KeyManager [])
SSLSecurity.truncateArray(kmaw,
new javax.net.ssl.KeyManager [dst]);
}
} else {
kmaw = null;
}
// Now do the same thing with the TrustManagers.
if (tma != null) {
tmaw = new javax.net.ssl.TrustManager[tma.length];
for (src = 0, dst = 0; src < tma.length; ) {
/*
* These key managers may implement both...see above...
*/
if (!(tma[src] instanceof javax.net.ssl.TrustManager)) {
// Do we know how to convert them?
if (tma[src] instanceof X509TrustManager) {
tmaw[dst] = (javax.net.ssl.TrustManager)
new X509TrustManagerJavaxWrapper(
(X509TrustManager)tma[src]);
dst++;
}
} else {
tmaw[dst] = (javax.net.ssl.TrustManager)tma[src];
dst++;
}
src++;
}
if (dst != src) {
tmaw = (javax.net.ssl.TrustManager [])
SSLSecurity.truncateArray(tmaw,
new javax.net.ssl.TrustManager [dst]);
}
} else {
tmaw = null;
}
theSSLContext.init(kmaw, tmaw, sr);
}
protected javax.net.ssl.SSLSocketFactory
engineGetSocketFactory() {
return theSSLContext.getSocketFactory();
}
protected javax.net.ssl.SSLServerSocketFactory
engineGetServerSocketFactory() {
return theSSLContext.getServerSocketFactory();
}
}
@SuppressWarnings("deprecation")
final class TrustManagerFactorySpiWrapper extends TrustManagerFactorySpi {
private javax.net.ssl.TrustManagerFactory theTrustManagerFactory;
TrustManagerFactorySpiWrapper(String algName, Provider prov) throws
NoSuchAlgorithmException {
theTrustManagerFactory =
javax.net.ssl.TrustManagerFactory.getInstance(algName, prov);
}
protected void engineInit(KeyStore ks) throws KeyStoreException {
theTrustManagerFactory.init(ks);
}
protected TrustManager[] engineGetTrustManagers() {
int dst;
int src;
javax.net.ssl.TrustManager[] tma =
theTrustManagerFactory.getTrustManagers();
TrustManager[] tmaw = new TrustManager[tma.length];
for (src = 0, dst = 0; src < tma.length; ) {
if (!(tma[src] instanceof com.sun.net.ssl.TrustManager)) {
// We only know how to wrap X509TrustManagers, as
// TrustManagers don't have any methods to wrap.
if (tma[src] instanceof javax.net.ssl.X509TrustManager) {
tmaw[dst] = (TrustManager)
new X509TrustManagerComSunWrapper(
(javax.net.ssl.X509TrustManager)tma[src]);
dst++;
}
} else {
tmaw[dst] = (TrustManager)tma[src];
dst++;
}
src++;
}
if (dst != src) {
tmaw = (TrustManager [])
SSLSecurity.truncateArray(tmaw, new TrustManager [dst]);
}
return tmaw;
}
}
@SuppressWarnings("deprecation")
final class KeyManagerFactorySpiWrapper extends KeyManagerFactorySpi {
private javax.net.ssl.KeyManagerFactory theKeyManagerFactory;
KeyManagerFactorySpiWrapper(String algName, Provider prov) throws
NoSuchAlgorithmException {
theKeyManagerFactory =
javax.net.ssl.KeyManagerFactory.getInstance(algName, prov);
}
protected void engineInit(KeyStore ks, char[] password)
throws KeyStoreException, NoSuchAlgorithmException,
UnrecoverableKeyException {
theKeyManagerFactory.init(ks, password);
}
protected KeyManager[] engineGetKeyManagers() {
int dst;
int src;
javax.net.ssl.KeyManager[] kma =
theKeyManagerFactory.getKeyManagers();
KeyManager[] kmaw = new KeyManager[kma.length];
for (src = 0, dst = 0; src < kma.length; ) {
if (!(kma[src] instanceof com.sun.net.ssl.KeyManager)) {
// We only know how to wrap X509KeyManagers, as
// KeyManagers don't have any methods to wrap.
if (kma[src] instanceof javax.net.ssl.X509KeyManager) {
kmaw[dst] = (KeyManager)
new X509KeyManagerComSunWrapper(
(javax.net.ssl.X509KeyManager)kma[src]);
dst++;
}
} else {
kmaw[dst] = (KeyManager)kma[src];
dst++;
}
src++;
}
if (dst != src) {
kmaw = (KeyManager [])
SSLSecurity.truncateArray(kmaw, new KeyManager [dst]);
}
return kmaw;
}
}
// =================================
@SuppressWarnings("deprecation")
final class X509KeyManagerJavaxWrapper implements
javax.net.ssl.X509KeyManager {
private X509KeyManager theX509KeyManager;
X509KeyManagerJavaxWrapper(X509KeyManager obj) {
theX509KeyManager = obj;
}
public String[] getClientAliases(String keyType, Principal[] issuers) {
return theX509KeyManager.getClientAliases(keyType, issuers);
}
public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
Socket socket) {
String retval;
if (keyTypes == null) {
return null;
}
/*
* Scan the list, look for something we can pass back.
*/
for (int i = 0; i < keyTypes.length; i++) {
if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i],
issuers)) != null)
return retval;
}
return null;
}
/*
* JSSE 1.0.x was only socket based, but it's possible someone might
* want to install a really old provider. We should at least
* try to be nice.
*/
public String chooseEngineClientAlias(
String[] keyTypes, Principal[] issuers,
javax.net.ssl.SSLEngine engine) {
String retval;
if (keyTypes == null) {
return null;
}
/*
* Scan the list, look for something we can pass back.
*/
for (int i = 0; i < keyTypes.length; i++) {
if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i],
issuers)) != null)
return retval;
}
return null;
}
public String[] getServerAliases(String keyType, Principal[] issuers) {
return theX509KeyManager.getServerAliases(keyType, issuers);
}
public String chooseServerAlias(String keyType, Principal[] issuers,
Socket socket) {
if (keyType == null) {
return null;
}
return theX509KeyManager.chooseServerAlias(keyType, issuers);
}
/*
* JSSE 1.0.x was only socket based, but it's possible someone might
* want to install a really old provider. We should at least
* try to be nice.
*/
public String chooseEngineServerAlias(
String keyType, Principal[] issuers,
javax.net.ssl.SSLEngine engine) {
if (keyType == null) {
return null;
}
return theX509KeyManager.chooseServerAlias(keyType, issuers);
}
public java.security.cert.X509Certificate[]
getCertificateChain(String alias) {
return theX509KeyManager.getCertificateChain(alias);
}
public PrivateKey getPrivateKey(String alias) {
return theX509KeyManager.getPrivateKey(alias);
}
}
@SuppressWarnings("deprecation")
final class X509TrustManagerJavaxWrapper implements
javax.net.ssl.X509TrustManager {
private X509TrustManager theX509TrustManager;
X509TrustManagerJavaxWrapper(X509TrustManager obj) {
theX509TrustManager = obj;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain, String authType)
throws java.security.cert.CertificateException {
if (!theX509TrustManager.isClientTrusted(chain)) {
throw new java.security.cert.CertificateException(
"Untrusted Client Certificate Chain");
}
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain, String authType)
throws java.security.cert.CertificateException {
if (!theX509TrustManager.isServerTrusted(chain)) {
throw new java.security.cert.CertificateException(
"Untrusted Server Certificate Chain");
}
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return theX509TrustManager.getAcceptedIssuers();
}
}
@SuppressWarnings("deprecation")
final class X509KeyManagerComSunWrapper implements X509KeyManager {
private javax.net.ssl.X509KeyManager theX509KeyManager;
X509KeyManagerComSunWrapper(javax.net.ssl.X509KeyManager obj) {
theX509KeyManager = obj;
}
public String[] getClientAliases(String keyType, Principal[] issuers) {
return theX509KeyManager.getClientAliases(keyType, issuers);
}
public String chooseClientAlias(String keyType, Principal[] issuers) {
String [] keyTypes = new String [] { keyType };
return theX509KeyManager.chooseClientAlias(keyTypes, issuers, null);
}
public String[] getServerAliases(String keyType, Principal[] issuers) {
return theX509KeyManager.getServerAliases(keyType, issuers);
}
public String chooseServerAlias(String keyType, Principal[] issuers) {
return theX509KeyManager.chooseServerAlias(keyType, issuers, null);
}
public java.security.cert.X509Certificate[]
getCertificateChain(String alias) {
return theX509KeyManager.getCertificateChain(alias);
}
public PrivateKey getPrivateKey(String alias) {
return theX509KeyManager.getPrivateKey(alias);
}
}
@SuppressWarnings("deprecation")
final class X509TrustManagerComSunWrapper implements X509TrustManager {
private javax.net.ssl.X509TrustManager theX509TrustManager;
X509TrustManagerComSunWrapper(javax.net.ssl.X509TrustManager obj) {
theX509TrustManager = obj;
}
public boolean isClientTrusted(
java.security.cert.X509Certificate[] chain) {
try {
theX509TrustManager.checkClientTrusted(chain, "UNKNOWN");
return true;
} catch (java.security.cert.CertificateException e) {
return false;
}
}
public boolean isServerTrusted(
java.security.cert.X509Certificate[] chain) {
try {
theX509TrustManager.checkServerTrusted(chain, "UNKNOWN");
return true;
} catch (java.security.cert.CertificateException e) {
return false;
}
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return theX509TrustManager.getAcceptedIssuers();
}
}

42
src/java.base/share/classes/com/sun/net/ssl/TrustManager.java
View File

@ -1,42 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.TrustManager
*/
package com.sun.net.ssl;
/**
* Base interface for JSSE trust managers which manage
* authentication trust decisions for different types of
* authentication material.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.TrustManager}.
*/
@Deprecated(since="1.4")
public interface TrustManager {
}

220
src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactory.java
View File

@ -1,220 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.TrustManagerFactory
*/
package com.sun.net.ssl;
import java.security.*;
/**
* This class acts as a factory for trust managers based on a
* source of trust material. Each trust manager manages a specific
* type of trust material for use by secure sockets. The trust
* material is based on a KeyStore and/or provider specific sources.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.TrustManagerFactory}.
*/
@Deprecated(since="1.4")
public class TrustManagerFactory {
// The provider
private Provider provider;
// The provider implementation (delegate)
private TrustManagerFactorySpi factorySpi;
// The name of the trust management algorithm.
private String algorithm;
/**
* <p>The default TrustManager can be changed by setting the value of the
* {@code sun.ssl.trustmanager.type} security property to the desired name.
*
* @return the default type as specified by the
* {@code sun.ssl.trustmanager.type} security property, or an
* implementation-specific default if no such property exists.
*
* @see java.security.Security security properties
*/
public static final String getDefaultAlgorithm() {
String type;
type = AccessController.doPrivileged(new PrivilegedAction<>() {
public String run() {
return Security.getProperty("sun.ssl.trustmanager.type");
}
});
if (type == null) {
type = "SunX509";
}
return type;
}
/**
* Creates a TrustManagerFactory object.
*
* @param factorySpi the delegate
* @param provider the provider
* @param algorithm the algorithm
*/
protected TrustManagerFactory(TrustManagerFactorySpi factorySpi,
Provider provider, String algorithm) {
this.factorySpi = factorySpi;
this.provider = provider;
this.algorithm = algorithm;
}
/**
* Returns the algorithm name of this <code>TrustManagerFactory</code>
* object.
*
* <p>This is the same name that was specified in one of the
* <code>getInstance</code> calls that created this
* <code>TrustManagerFactory</code> object.
*
* @return the algorithm name of this <code>TrustManagerFactory</code>
* object.
*/
public final String getAlgorithm() {
return this.algorithm;
}
/**
* Generates a <code>TrustManagerFactory</code> object that implements the
* specified trust management algorithm.
* If the default provider package provides an implementation of the
* requested trust management algorithm, an instance of
* <code>TrustManagerFactory</code> containing that implementation is
* returned. If the algorithm is not available in the default provider
* package, other provider packages are searched.
*
* @param algorithm the standard name of the requested trust management
* algorithm.
*
* @return the new <code>TrustManagerFactory</code> object
*
* @exception NoSuchAlgorithmException if the specified algorithm is not
* available in the default provider package or any of the other provider
* packages that were searched.
*/
public static final TrustManagerFactory getInstance(String algorithm)
throws NoSuchAlgorithmException
{
try {
Object[] objs = SSLSecurity.getImpl(algorithm,
"TrustManagerFactory", (String) null);
return new TrustManagerFactory((TrustManagerFactorySpi)objs[0],
(Provider)objs[1],
algorithm);
} catch (NoSuchProviderException e) {
throw new NoSuchAlgorithmException(algorithm + " not found");
}
}
/**
* Generates a <code>TrustManagerFactory</code> object for the specified
* trust management algorithm from the specified provider.
*
* @param algorithm the standard name of the requested trust management
* algorithm.
* @param provider the name of the provider
*
* @return the new <code>TrustManagerFactory</code> object
*
* @exception NoSuchAlgorithmException if the specified algorithm is not
* available from the specified provider.
* @exception NoSuchProviderException if the specified provider has not
* been configured.
*/
public static final TrustManagerFactory getInstance(String algorithm,
String provider)
throws NoSuchAlgorithmException, NoSuchProviderException
{
if (provider == null || provider.isEmpty())
throw new IllegalArgumentException("missing provider");
Object[] objs = SSLSecurity.getImpl(algorithm, "TrustManagerFactory",
provider);
return new TrustManagerFactory((TrustManagerFactorySpi)objs[0],
(Provider)objs[1], algorithm);
}
/**
* Generates a <code>TrustManagerFactory</code> object for the specified
* trust management algorithm from the specified provider.
*
* @param algorithm the standard name of the requested trust management
* algorithm.
* @param provider an instance of the provider
*
* @return the new <code>TrustManagerFactory</code> object
*
* @exception NoSuchAlgorithmException if the specified algorithm is not
* available from the specified provider.
*/
public static final TrustManagerFactory getInstance(String algorithm,
Provider provider)
throws NoSuchAlgorithmException
{
if (provider == null)
throw new IllegalArgumentException("missing provider");
Object[] objs = SSLSecurity.getImpl(algorithm, "TrustManagerFactory",
provider);
return new TrustManagerFactory((TrustManagerFactorySpi)objs[0],
(Provider)objs[1], algorithm);
}
/**
* Returns the provider of this <code>TrustManagerFactory</code> object.
*
* @return the provider of this <code>TrustManagerFactory</code> object
*/
public final Provider getProvider() {
return this.provider;
}
/**
* Initializes this factory with a source of certificate
* authorities and related trust material. The
* provider may also include a provider-specific source
* of key material.
*
* @param ks the key store or null
*/
public void init(KeyStore ks) throws KeyStoreException {
factorySpi.engineInit(ks);
}
/**
* Returns one trust manager for each type of trust material.
* @return the trust managers
*/
public TrustManager[] getTrustManagers() {
return factorySpi.engineGetTrustManagers();
}
}

62
src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactorySpi.java
View File

@ -1,62 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.TrustManagerFactorySpi
*/
package com.sun.net.ssl;
import java.security.*;
/**
* This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)
* for the <code>TrustManagerFactory</code> class.
*
* <p> All the abstract methods in this class must be implemented by each
* cryptographic service provider who wishes to supply the implementation
* of a particular trust manager factory.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.TrustManagerFactorySpi}.
*/
@Deprecated(since="1.4")
public abstract class TrustManagerFactorySpi {
/**
* Initializes this factory with a source of certificate
* authorities and related trust material. The
* provider may also include a provider-specific source
* of key material.
*
* @param ks the key store or null
*/
protected abstract void engineInit(KeyStore ks) throws KeyStoreException;
/**
* Returns one trust manager for each type of trust material.
* @return the trust managers
*/
protected abstract TrustManager[] engineGetTrustManagers();
}

109
src/java.base/share/classes/com/sun/net/ssl/X509KeyManager.java
View File

@ -1,109 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.X509KeyManager
*/
package com.sun.net.ssl;
import java.security.KeyManagementException;
import java.security.PrivateKey;
import java.security.Principal;
import java.security.cert.X509Certificate;
/**
* Instances of this interface manage which X509 certificate-based
* key pairs are used to authenticate the local side of a secure
* socket. The individual entries are identified by unique alias names.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.X509KeyManager}.
*/
@Deprecated(since="1.4")
public interface X509KeyManager extends KeyManager {
/**
* Get the matching aliases for authenticating the client side of a secure
* socket given the public key type and the list of
* certificate issuer authorities recognized by the peer (if any).
*
* @param keyType the key algorithm type name
* @param issuers the list of acceptable CA issuer subject names
* @return the matching alias names
*/
public String[] getClientAliases(String keyType, Principal[] issuers);
/**
* Choose an alias to authenticate the client side of a secure
* socket given the public key type and the list of
* certificate issuer authorities recognized by the peer (if any).
*
* @param keyType the key algorithm type name
* @param issuers the list of acceptable CA issuer subject names
* @return the alias name for the desired key
*/
public String chooseClientAlias(String keyType, Principal[] issuers);
/**
* Get the matching aliases for authenticating the server side of a secure
* socket given the public key type and the list of
* certificate issuer authorities recognized by the peer (if any).
*
* @param keyType the key algorithm type name
* @param issuers the list of acceptable CA issuer subject names
* @return the matching alias names
*/
public String[] getServerAliases(String keyType, Principal[] issuers);
/**
* Choose an alias to authenticate the server side of a secure
* socket given the public key type and the list of
* certificate issuer authorities recognized by the peer (if any).
*
* @param keyType the key algorithm type name
* @param issuers the list of acceptable CA issuer subject names
* @return the alias name for the desired key
*/
public String chooseServerAlias(String keyType, Principal[] issuers);
/**
* Returns the certificate chain associated with the given alias.
*
* @param alias the alias name
*
* @return the certificate chain (ordered with the user's certificate first
* and the root certificate authority last)
*/
public X509Certificate[] getCertificateChain(String alias);
/*
* Returns the key associated with the given alias.
*
* @param alias the alias name
*
* @return the requested key
*/
public PrivateKey getPrivateKey(String alias);
}

73
src/java.base/share/classes/com/sun/net/ssl/X509TrustManager.java
View File

@ -1,73 +0,0 @@
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: this file was copied from javax.net.ssl.X509TrustManager
*/
package com.sun.net.ssl;
import java.security.cert.X509Certificate;
/**
* Instance of this interface manage which X509 certificates
* may be used to authenticate the remote side of a secure
* socket. Decisions may be based on trusted certificate
* authorities, certificate revocation lists, online
* status checking or other means.
*
* @deprecated As of JDK 1.4, this implementation-specific class was
* replaced by {@link javax.net.ssl.X509TrustManager}.
*/
@Deprecated(since="1.4")
public interface X509TrustManager extends TrustManager {
/**
* Given the partial or complete certificate chain
* provided by the peer, build a certificate path
* to a trusted root and return true if it can be
* validated and is trusted for client SSL authentication.
*
* @param chain the peer certificate chain
*/
public boolean isClientTrusted(X509Certificate[] chain);
/**
* Given the partial or complete certificate chain
* provided by the peer, build a certificate path
* to a trusted root and return true if it can be
* validated and is trusted for server SSL authentication.
*
* @param chain the peer certificate chain
*/
public boolean isServerTrusted(X509Certificate[] chain);
/**
* Return an array of certificate authority certificates
* which are trusted for authenticating peers.
*
* @return the acceptable CA issuer certificates
*/
public X509Certificate[] getAcceptedIssuers();
}

52
src/java.base/share/classes/com/sun/net/ssl/internal/ssl/Provider.java
View File

@ -1,52 +0,0 @@
/*
* Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.net.ssl.internal.ssl;
import sun.security.ssl.SunJSSE;
/**
* Main class for the SunJSSE provider. The actual code was moved to the
* class sun.security.ssl.SunJSSE, but for backward compatibility we
* continue to use this class as the main Provider class.
*/
@Deprecated(since="9")
public final class Provider extends SunJSSE {
private static final long serialVersionUID = 3231825739635378733L;
// standard constructor
public Provider() {
super();
}
/**
* Installs the JSSE provider.
*/
public static synchronized void install() {
/* nop. Remove this method in the future. */
}
}

123
src/java.base/share/classes/com/sun/net/ssl/internal/ssl/X509ExtendedTrustManager.java
View File

@ -1,123 +0,0 @@
/*
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.net.ssl.internal.ssl;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
/**
* Instance of this class is an extension of <code>X509TrustManager</code>.
* <p>
* Note that this class is referenced by the Deploy workspace. Any updates
* must make sure that they do not cause any breakage there.
* <p>
* It takes the responsiblity of checking the peer identity with its
* principal declared in the cerificate.
* <p>
* The class provides an alternative to <code>HostnameVerifer</code>.
* If application customizes its <code>HostnameVerifer</code> for
* <code>HttpsURLConnection</code>, the peer identity will be checked
* by the customized <code>HostnameVerifer</code>; otherwise, it will
* be checked by the extended trust manager.
* <p>
* RFC2830 defines the server identification specification for "LDAP"
* algorithm. RFC2818 defines both the server identification and the
* client identification specification for "HTTPS" algorithm.
*
* @see X509TrustManager
* @see HostnameVerifier
*
* @since 1.6
* @author Xuelei Fan
*/
@Deprecated(since="9")
public abstract class X509ExtendedTrustManager implements X509TrustManager {
/**
* Constructor used by subclasses only.
*/
protected X509ExtendedTrustManager() {
}
/**
* Given the partial or complete certificate chain provided by the
* peer, check its identity and build a certificate path to a trusted
* root, return if it can be validated and is trusted for client SSL
* authentication based on the authentication type.
* <p>
* The authentication type is determined by the actual certificate
* used. For instance, if RSAPublicKey is used, the authType
* should be "RSA". Checking is case-sensitive.
* <p>
* The algorithm parameter specifies the client identification protocol
* to use. If the algorithm and the peer hostname are available, the
* peer hostname is checked against the peer's identity presented in
* the X509 certificate, in order to prevent masquerade attacks.
*
* @param chain the peer certificate chain
* @param authType the authentication type based on the client certificate
* @param hostname the peer hostname
* @param algorithm the identification algorithm
* @throws IllegalArgumentException if null or zero-length chain
* is passed in for the chain parameter or if null or zero-length
* string is passed in for the authType parameter
* @throws CertificateException if the certificate chain is not trusted
* by this TrustManager.
*/
public abstract void checkClientTrusted(X509Certificate[] chain,
String authType, String hostname, String algorithm)
throws CertificateException;
/**
* Given the partial or complete certificate chain provided by the
* peer, check its identity and build a certificate path to a trusted
* root, return if it can be validated and is trusted for server SSL
* authentication based on the authentication type.
* <p>
* The authentication type is the key exchange algorithm portion
* of the cipher suites represented as a String, such as "RSA",
* "DHE_DSS". Checking is case-sensitive.
* <p>
* The algorithm parameter specifies the server identification protocol
* to use. If the algorithm and the peer hostname are available, the
* peer hostname is checked against the peer's identity presented in
* the X509 certificate, in order to prevent masquerade attacks.
*
* @param chain the peer certificate chain
* @param authType the key exchange algorithm used
* @param hostname the peer hostname
* @param algorithm the identification algorithm
* @throws IllegalArgumentException if null or zero-length chain
* is passed in for the chain parameter or if null or zero-length
* string is passed in for the authType parameter
* @throws CertificateException if the certificate chain is not trusted
* by this TrustManager.
*/
public abstract void checkServerTrusted(X509Certificate[] chain,
String authType, String hostname, String algorithm)
throws CertificateException;
}

178
src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java
View File

@ -1,178 +0,0 @@
/*
* Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.net.ssl.internal.www.protocol.https;
import java.net.URL;
import java.net.Proxy;
import java.io.IOException;
import java.util.Collection;
import java.util.List;
import java.util.Iterator;
import java.security.Principal;
import java.security.cert.*;
import javax.security.auth.x500.X500Principal;
import sun.security.util.HostnameChecker;
import sun.security.util.DerValue;
import sun.security.x509.X500Name;
import sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection;
/**
* This class was introduced to provide an additional level of
* abstraction between javax.net.ssl.HttpURLConnection and
* com.sun.net.ssl.HttpURLConnection objects. <p>
*
* javax.net.ssl.HttpURLConnection is used in the new sun.net version
* of protocol implementation (this one)
* com.sun.net.ssl.HttpURLConnection is used in the com.sun version.
*
*/
@Deprecated(since="9")
@SuppressWarnings("deprecation") // HttpsURLConnection is deprecated
public class DelegateHttpsURLConnection extends AbstractDelegateHttpsURLConnection {
// we need a reference to the HttpsURLConnection to get
// the properties set there
// we also need it to be public so that it can be referenced
// from sun.net.www.protocol.http.HttpURLConnection
// this is for ResponseCache.put(URI, URLConnection)
// second parameter needs to be cast to javax.net.ssl.HttpsURLConnection
// instead of AbstractDelegateHttpsURLConnection
public com.sun.net.ssl.HttpsURLConnection httpsURLConnection;
DelegateHttpsURLConnection(URL url,
sun.net.www.protocol.http.Handler handler,
com.sun.net.ssl.HttpsURLConnection httpsURLConnection)
throws IOException {
this(url, null, handler, httpsURLConnection);
}
DelegateHttpsURLConnection(URL url, Proxy p,
sun.net.www.protocol.http.Handler handler,
com.sun.net.ssl.HttpsURLConnection httpsURLConnection)
throws IOException {
super(url, p, handler);
this.httpsURLConnection = httpsURLConnection;
}
protected javax.net.ssl.SSLSocketFactory getSSLSocketFactory() {
return httpsURLConnection.getSSLSocketFactory();
}
protected javax.net.ssl.HostnameVerifier getHostnameVerifier() {
// note: getHostnameVerifier() never returns null
return new VerifierWrapper(httpsURLConnection.getHostnameVerifier());
}
/*
* Called by layered delegator's finalize() method to handle closing
* the underlying object.
*/
protected void dispose() throws Throwable {
super.finalize();
}
}
class VerifierWrapper implements javax.net.ssl.HostnameVerifier {
@SuppressWarnings("deprecation")
private com.sun.net.ssl.HostnameVerifier verifier;
@SuppressWarnings("deprecation")
VerifierWrapper(com.sun.net.ssl.HostnameVerifier verifier) {
this.verifier = verifier;
}
/*
* In com.sun.net.ssl.HostnameVerifier the method is defined
* as verify(String urlHostname, String certHostname).
* This means we need to extract the hostname from the X.509 certificate
* in this wrapper.
*/
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
String serverName = getServername(serverCert);
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
/*
* Extract the name of the SSL server from the certificate.
*
* Note this code is essentially a subset of the hostname extraction
* code in HostnameChecker.
*/
private static String getServername(X509Certificate peerCert) {
try {
// compare to subjectAltNames if dnsName is present
Collection<List<?>> subjAltNames = peerCert.getSubjectAlternativeNames();
if (subjAltNames != null) {
for (Iterator<List<?>> itr = subjAltNames.iterator(); itr.hasNext(); ) {
List<?> next = itr.next();
if (((Integer)next.get(0)).intValue() == 2) {
// compare dNSName with host in url
String dnsName = ((String)next.get(1));
return dnsName;
}
}
}
// else check against common name in the subject field
X500Name subject = HostnameChecker.getSubjectX500Name(peerCert);
DerValue derValue = subject.findMostSpecificAttribute
(X500Name.commonName_oid);
if (derValue != null) {
try {
String name = derValue.getAsString();
return name;
} catch (IOException e) {
// ignore
}
}
} catch (java.security.cert.CertificateException e) {
// ignore
}
return null;
}
}

56
src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/Handler.java
View File

@ -1,56 +0,0 @@
/*
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.net.ssl.internal.www.protocol.https;
import java.io.IOException;
import java.net.URL;
import java.net.Proxy;
/**
* This class exists for compatibility with previous JSSE releases
* only. The HTTPS implementation can now be found in
* sun.net.www.protocol.https.
*
*/
@Deprecated(since="9")
public class Handler extends sun.net.www.protocol.https.Handler {
public Handler() {
super();
}
public Handler(String proxy, int port) {
super(proxy, port);
}
protected java.net.URLConnection openConnection(URL u) throws IOException {
return openConnection(u, (Proxy)null);
}
protected java.net.URLConnection openConnection(URL u, Proxy p) throws IOException {
return new HttpsURLConnectionOldImpl(u, p, this);
}
}

506
src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java
View File

@ -1,506 +0,0 @@
/*
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* NOTE: This class lives in the package sun.net.www.protocol.https.
* There is a copy in com.sun.net.ssl.internal.www.protocol.https for JSSE
* 1.0.2 compatibility. It is 100% identical except the package and extends
* lines. Any changes should be made to be class in sun.net.* and then copied
* to com.sun.net.*.
*/
// For both copies of the file, uncomment one line and comment the other
// package sun.net.www.protocol.https;
package com.sun.net.ssl.internal.www.protocol.https;
import java.net.URL;
import java.net.Proxy;
import java.net.ProtocolException;
import java.net.MalformedURLException;
import java.io.*;
import java.net.Authenticator;
import javax.net.ssl.*;
import java.security.Permission;
import java.util.Map;
import java.util.List;
import sun.net.www.http.HttpClient;
/**
* A class to represent an HTTP connection to a remote object.
*
* Ideally, this class should subclass and inherit the http handler
* implementation, but it can't do so because that class have the
* wrong Java Type. Thus it uses the delegate (aka, the
* Adapter/Wrapper design pattern) to reuse code from the http
* handler.
*
* Since it would use a delegate to access
* sun.net.www.protocol.http.HttpURLConnection functionalities, it
* needs to implement all public methods in it's super class and all
* the way to Object.
*
*/
// For both copies of the file, uncomment one line and comment the other
// public class HttpsURLConnectionImpl
// extends javax.net.ssl.HttpsURLConnection {
@Deprecated(since="9")
@SuppressWarnings("deprecation") // HttpsURLConnection is deprecated
public class HttpsURLConnectionOldImpl
extends com.sun.net.ssl.HttpsURLConnection {
private DelegateHttpsURLConnection delegate;
// For both copies of the file, uncomment one line and comment the other
// HttpsURLConnectionImpl(URL u, Handler handler) throws IOException {
HttpsURLConnectionOldImpl(URL u, Handler handler) throws IOException {
this(u, null, handler);
}
static URL checkURL(URL u) throws IOException {
if (u != null) {
if (u.toExternalForm().indexOf('\n') > -1) {
throw new MalformedURLException("Illegal character in URL");
}
}
return u;
}
// For both copies of the file, uncomment one line and comment the other
// HttpsURLConnectionImpl(URL u, Handler handler) throws IOException {
HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException {
super(checkURL(u));
delegate = new DelegateHttpsURLConnection(url, p, handler, this);
}
/**
* Create a new HttpClient object, bypassing the cache of
* HTTP client objects/connections.
*
* @param url the URL being accessed
*/
protected void setNewClient(URL url) throws IOException {
delegate.setNewClient(url, false);
}
/**
* Obtain a HttpClient object. Use the cached copy if specified.
*
* @param url the URL being accessed
* @param useCache whether the cached connection should be used
* if present
*/
protected void setNewClient(URL url, boolean useCache)
throws IOException {
delegate.setNewClient(url, useCache);
}
/**
* Create a new HttpClient object, set up so that it uses
* per-instance proxying to the given HTTP proxy. This
* bypasses the cache of HTTP client objects/connections.
*
* @param url the URL being accessed
* @param proxyHost the proxy host to use
* @param proxyPort the proxy port to use
*/
protected void setProxiedClient(URL url, String proxyHost, int proxyPort)
throws IOException {
delegate.setProxiedClient(url, proxyHost, proxyPort);
}
/**
* Obtain a HttpClient object, set up so that it uses per-instance
* proxying to the given HTTP proxy. Use the cached copy of HTTP
* client objects/connections if specified.
*
* @param url the URL being accessed
* @param proxyHost the proxy host to use
* @param proxyPort the proxy port to use
* @param useCache whether the cached connection should be used
* if present
*/
protected void setProxiedClient(URL url, String proxyHost, int proxyPort,
boolean useCache) throws IOException {
delegate.setProxiedClient(url, proxyHost, proxyPort, useCache);
}
/**
* Implements the HTTP protocol handler's "connect" method,
* establishing an SSL connection to the server as necessary.
*/
public void connect() throws IOException {
delegate.connect();
}
/**
* Used by subclass to access "connected" variable. Since we are
* delegating the actual implementation to "delegate", we need to
* delegate the access of "connected" as well.
*/
protected boolean isConnected() {
return delegate.isConnected();
}
/**
* Used by subclass to access "connected" variable. Since we are
* delegating the actual implementation to "delegate", we need to
* delegate the access of "connected" as well.
*/
protected void setConnected(boolean conn) {
delegate.setConnected(conn);
}
/**
* Returns the cipher suite in use on this connection.
*/
public String getCipherSuite() {
return delegate.getCipherSuite();
}
/**
* Returns the certificate chain the client sent to the
* server, or null if the client did not authenticate.
*/
public java.security.cert.Certificate []
getLocalCertificates() {
return delegate.getLocalCertificates();
}
/**
* Returns the server's certificate chain, or throws
* SSLPeerUnverified Exception if
* the server did not authenticate.
*/
public java.security.cert.Certificate []
getServerCertificates() throws SSLPeerUnverifiedException {
return delegate.getServerCertificates();
}
/*
* Allowable input/output sequences:
* [interpreted as POST/PUT]
* - get output, [write output,] get input, [read input]
* - get output, [write output]
* [interpreted as GET]
* - get input, [read input]
* Disallowed:
* - get input, [read input,] get output, [write output]
*/
public synchronized OutputStream getOutputStream() throws IOException {
return delegate.getOutputStream();
}
public synchronized InputStream getInputStream() throws IOException {
return delegate.getInputStream();
}
public InputStream getErrorStream() {
return delegate.getErrorStream();
}
/**
* Disconnect from the server.
*/
public void disconnect() {
delegate.disconnect();
}
public boolean usingProxy() {
return delegate.usingProxy();
}
/**
* Returns an unmodifiable Map of the header fields.
* The Map keys are Strings that represent the
* response-header field names. Each Map value is an
* unmodifiable List of Strings that represents
* the corresponding field values.
*
* @return a Map of header fields
* @since 1.4
*/
public Map<String,List<String>> getHeaderFields() {
return delegate.getHeaderFields();
}
/**
* Gets a header field by name. Returns null if not known.
* @param name the name of the header field
*/
public String getHeaderField(String name) {
return delegate.getHeaderField(name);
}
/**
* Gets a header field by index. Returns null if not known.
* @param n the index of the header field
*/
public String getHeaderField(int n) {
return delegate.getHeaderField(n);
}
/**
* Gets a header field by index. Returns null if not known.
* @param n the index of the header field
*/
public String getHeaderFieldKey(int n) {
return delegate.getHeaderFieldKey(n);
}
/**
* Sets request property. If a property with the key already
* exists, overwrite its value with the new value.
* @param value the value to be set
*/
public void setRequestProperty(String key, String value) {
delegate.setRequestProperty(key, value);
}
/**
* Adds a general request property specified by a
* key-value pair. This method will not overwrite
* existing values associated with the same key.
*
* @param key the keyword by which the request is known
* (e.g., "<code>accept</code>").
* @param value the value associated with it.
* @see #getRequestProperties(java.lang.String)
* @since 1.4
*/
public void addRequestProperty(String key, String value) {
delegate.addRequestProperty(key, value);
}
/**
* Overwrite super class method
*/
public int getResponseCode() throws IOException {
return delegate.getResponseCode();
}
public String getRequestProperty(String key) {
return delegate.getRequestProperty(key);
}
/**
* Returns an unmodifiable Map of general request
* properties for this connection. The Map keys
* are Strings that represent the request-header
* field names. Each Map value is a unmodifiable List
* of Strings that represents the corresponding
* field values.
*
* @return a Map of the general request properties for this connection.
* @throws IllegalStateException if already connected
* @since 1.4
*/
public Map<String,List<String>> getRequestProperties() {
return delegate.getRequestProperties();
}
/*
* We support JDK 1.2.x so we can't count on these from JDK 1.3.
* We override and supply our own version.
*/
public void setInstanceFollowRedirects(boolean shouldFollow) {
delegate.setInstanceFollowRedirects(shouldFollow);
}
public boolean getInstanceFollowRedirects() {
return delegate.getInstanceFollowRedirects();
}
public void setRequestMethod(String method) throws ProtocolException {
delegate.setRequestMethod(method);
}
public String getRequestMethod() {
return delegate.getRequestMethod();
}
public String getResponseMessage() throws IOException {
return delegate.getResponseMessage();
}
public long getHeaderFieldDate(String name, long Default) {
return delegate.getHeaderFieldDate(name, Default);
}
public Permission getPermission() throws IOException {
return delegate.getPermission();
}
public URL getURL() {
return delegate.getURL();
}
public int getContentLength() {
return delegate.getContentLength();
}
public long getContentLengthLong() {
return delegate.getContentLengthLong();
}
public String getContentType() {
return delegate.getContentType();
}
public String getContentEncoding() {
return delegate.getContentEncoding();
}
public long getExpiration() {
return delegate.getExpiration();
}
public long getDate() {
return delegate.getDate();
}
public long getLastModified() {
return delegate.getLastModified();
}
public int getHeaderFieldInt(String name, int Default) {
return delegate.getHeaderFieldInt(name, Default);
}
public long getHeaderFieldLong(String name, long Default) {
return delegate.getHeaderFieldLong(name, Default);
}
public Object getContent() throws IOException {
return delegate.getContent();
}
@SuppressWarnings("rawtypes")
public Object getContent(Class[] classes) throws IOException {
return delegate.getContent(classes);
}
public String toString() {
return delegate.toString();
}
public void setDoInput(boolean doinput) {
delegate.setDoInput(doinput);
}
public boolean getDoInput() {
return delegate.getDoInput();
}
public void setDoOutput(boolean dooutput) {
delegate.setDoOutput(dooutput);
}
public boolean getDoOutput() {
return delegate.getDoOutput();
}
public void setAllowUserInteraction(boolean allowuserinteraction) {
delegate.setAllowUserInteraction(allowuserinteraction);
}
public boolean getAllowUserInteraction() {
return delegate.getAllowUserInteraction();
}
public void setUseCaches(boolean usecaches) {
delegate.setUseCaches(usecaches);
}
public boolean getUseCaches() {
return delegate.getUseCaches();
}
public void setIfModifiedSince(long ifmodifiedsince) {
delegate.setIfModifiedSince(ifmodifiedsince);
}
public long getIfModifiedSince() {
return delegate.getIfModifiedSince();
}
public boolean getDefaultUseCaches() {
return delegate.getDefaultUseCaches();
}
public void setDefaultUseCaches(boolean defaultusecaches) {
delegate.setDefaultUseCaches(defaultusecaches);
}
/*
* finalize (dispose) the delegated object. Otherwise
* sun.net.www.protocol.http.HttpURLConnection's finalize()
* would have to be made public.
*/
protected void finalize() throws Throwable {
delegate.dispose();
}
public boolean equals(Object obj) {
return delegate.equals(obj);
}
public int hashCode() {
return delegate.hashCode();
}
public void setConnectTimeout(int timeout) {
delegate.setConnectTimeout(timeout);
}
public int getConnectTimeout() {
return delegate.getConnectTimeout();
}
public void setReadTimeout(int timeout) {
delegate.setReadTimeout(timeout);
}
public int getReadTimeout() {
return delegate.getReadTimeout();
}
public void setFixedLengthStreamingMode (int contentLength) {
delegate.setFixedLengthStreamingMode(contentLength);
}
public void setFixedLengthStreamingMode(long contentLength) {
delegate.setFixedLengthStreamingMode(contentLength);
}
public void setChunkedStreamingMode (int chunklen) {
delegate.setChunkedStreamingMode(chunklen);
}
@Override
public void setAuthenticator(Authenticator auth) {
delegate.setAuthenticator(auth);
}
}

31
src/java.base/share/classes/com/sun/net/ssl/package-info.java
View File

@ -1,31 +0,0 @@
/*
* Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* Provides classes related to creating and configuring secure socket
* factories. These classes are used with the Sun reference
* implementation of the Java Secure Socket Extension (JSSE).
*/
package com.sun.net.ssl;

4
src/java.base/share/classes/java/security/Security.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -201,7 +201,7 @@ public final class Security {
private static void initializeStatic() { private static void initializeStatic() {
props.put("security.provider.1", "sun.security.provider.Sun"); props.put("security.provider.1", "sun.security.provider.Sun");
props.put("security.provider.2", "sun.security.rsa.SunRsaSign"); props.put("security.provider.2", "sun.security.rsa.SunRsaSign");
props.put("security.provider.3", "com.sun.net.ssl.internal.ssl.Provider"); props.put("security.provider.3", "sun.security.ssl.SunJSSE");
props.put("security.provider.4", "com.sun.crypto.provider.SunJCE"); props.put("security.provider.4", "com.sun.crypto.provider.SunJCE");
props.put("security.provider.5", "sun.security.jgss.SunProvider"); props.put("security.provider.5", "sun.security.jgss.SunProvider");
props.put("security.provider.6", "com.sun.security.sasl.Provider"); props.put("security.provider.6", "com.sun.security.sasl.Provider");

3
src/java.base/share/classes/java/security/Signature.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -285,7 +285,6 @@ public abstract class Signature extends SignatureSpi {
signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE); signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE); signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSAPSSSignature", TRUE); signatureInfo.put("sun.security.rsa.RSAPSSSignature", TRUE);
signatureInfo.put("com.sun.net.ssl.internal.ssl.RSASignature", TRUE);
signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE); signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE);
} }

18
src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -71,10 +71,6 @@ public abstract class AbstractDelegateHttpsURLConnection extends
* Create a new HttpClient object, bypassing the cache of * Create a new HttpClient object, bypassing the cache of
* HTTP client objects/connections. * HTTP client objects/connections.
* *
* Note: this method is changed from protected to public because
* the com.sun.ssl.internal.www.protocol.https handler reuses this
* class for its actual implemantation
*
* @param url the URL being accessed * @param url the URL being accessed
*/ */
public void setNewClient (URL url) public void setNewClient (URL url)
@ -85,10 +81,6 @@ public abstract class AbstractDelegateHttpsURLConnection extends
/** /**
* Obtain a HttpClient object. Use the cached copy if specified. * Obtain a HttpClient object. Use the cached copy if specified.
* *
* Note: this method is changed from protected to public because
* the com.sun.ssl.internal.www.protocol.https handler reuses this
* class for its actual implemantation
*
* @param url the URL being accessed * @param url the URL being accessed
* @param useCache whether the cached connection should be used * @param useCache whether the cached connection should be used
* if present * if present
@ -107,10 +99,6 @@ public abstract class AbstractDelegateHttpsURLConnection extends
* per-instance proxying to the given HTTP proxy. This * per-instance proxying to the given HTTP proxy. This
* bypasses the cache of HTTP client objects/connections. * bypasses the cache of HTTP client objects/connections.
* *
* Note: this method is changed from protected to public because
* the com.sun.ssl.internal.www.protocol.https handler reuses this
* class for its actual implemantation
*
* @param url the URL being accessed * @param url the URL being accessed
* @param proxyHost the proxy host to use * @param proxyHost the proxy host to use
* @param proxyPort the proxy port to use * @param proxyPort the proxy port to use
@ -125,10 +113,6 @@ public abstract class AbstractDelegateHttpsURLConnection extends
* proxying to the given HTTP proxy. Use the cached copy of HTTP * proxying to the given HTTP proxy. Use the cached copy of HTTP
* client objects/connections if specified. * client objects/connections if specified.
* *
* Note: this method is changed from protected to public because
* the com.sun.ssl.internal.www.protocol.https handler reuses this
* class for its actual implemantation
*
* @param url the URL being accessed * @param url the URL being accessed
* @param proxyHost the proxy host to use * @param proxyHost the proxy host to use
* @param proxyPort the proxy port to use * @param proxyPort the proxy port to use

23
src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,17 +23,7 @@
* questions. * questions.
*/ */
/*
* NOTE: This class lives in the package sun.net.www.protocol.https.
* There is a copy in com.sun.net.ssl.internal.www.protocol.https for JSSE
* 1.0.2 compatibility. It is 100% identical except the package and extends
* lines. Any changes should be made to be class in sun.net.* and then copied
* to com.sun.net.*.
*/
// For both copies of the file, uncomment one line and comment the other
package sun.net.www.protocol.https; package sun.net.www.protocol.https;
// package com.sun.net.ssl.internal.www.protocol.https;
import java.net.URL; import java.net.URL;
import java.net.Proxy; import java.net.Proxy;
@ -64,21 +54,13 @@ import sun.net.www.http.HttpClient;
* the way to Object. * the way to Object.
* *
*/ */
// For both copies of the file, uncomment one line and comment the
// other. The differences between the two copies are introduced for
// plugin, and it is marked as such.
public class HttpsURLConnectionImpl public class HttpsURLConnectionImpl
extends javax.net.ssl.HttpsURLConnection { extends javax.net.ssl.HttpsURLConnection {
// public class HttpsURLConnectionOldImpl
// extends com.sun.net.ssl.HttpsURLConnection {
// NOTE: made protected for plugin so that subclass can set it. // NOTE: made protected for plugin so that subclass can set it.
protected DelegateHttpsURLConnection delegate; protected DelegateHttpsURLConnection delegate;
// For both copies of the file, uncomment one line and comment the other
HttpsURLConnectionImpl(URL u, Handler handler) throws IOException { HttpsURLConnectionImpl(URL u, Handler handler) throws IOException {
// HttpsURLConnectionOldImpl(URL u, Handler handler) throws IOException {
this(u, null, handler); this(u, null, handler);
} }
@ -90,9 +72,8 @@ public class HttpsURLConnectionImpl
} }
return u; return u;
} }
// For both copies of the file, uncomment one line and comment the other
HttpsURLConnectionImpl(URL u, Proxy p, Handler handler) throws IOException { HttpsURLConnectionImpl(URL u, Proxy p, Handler handler) throws IOException {
// HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException {
super(checkURL(u)); super(checkURL(u));
delegate = new DelegateHttpsURLConnection(url, p, handler, this); delegate = new DelegateHttpsURLConnection(url, p, handler, this);
} }

10
src/java.base/share/classes/sun/security/jca/ProviderConfig.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -178,8 +178,12 @@ final class ProviderConfig {
p = new sun.security.rsa.SunRsaSign(); p = new sun.security.rsa.SunRsaSign();
} else if (provName.equals("SunJCE") || provName.equals("com.sun.crypto.provider.SunJCE")) { } else if (provName.equals("SunJCE") || provName.equals("com.sun.crypto.provider.SunJCE")) {
p = new com.sun.crypto.provider.SunJCE(); p = new com.sun.crypto.provider.SunJCE();
} else if (provName.equals("SunJSSE") || provName.equals("com.sun.net.ssl.internal.ssl.Provider")) { } else if (provName.equals("SunJSSE") ||
p = new com.sun.net.ssl.internal.ssl.Provider(); provName.equals("com.sun.net.ssl.internal.ssl.Provider")) {
// com.sun.net.ssl.internal.ssl.Provider is the legacy SunJSSE
// provider implementation. For compatibility, let's continue to
// support the legacy name for a while.
p = new sun.security.ssl.SunJSSE();
} else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) { } else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) {
// need to use reflection since this class only exists on MacOsx // need to use reflection since this class only exists on MacOsx
p = AccessController.doPrivileged(new PrivilegedAction<Provider>() { p = AccessController.doPrivileged(new PrivilegedAction<Provider>() {

13
src/java.base/share/classes/sun/security/ssl/SunJSSE.java
View File

@ -58,7 +58,7 @@ import static sun.security.provider.SunEntries.createAliases;
* FIPS mode. * FIPS mode.
* *
*/ */
public abstract class SunJSSE extends java.security.Provider { public class SunJSSE extends java.security.Provider {
private static final long serialVersionUID = 3231825739635378733L; private static final long serialVersionUID = 3231825739635378733L;
@ -66,9 +66,8 @@ public abstract class SunJSSE extends java.security.Provider {
"(PKCS12, SunX509/PKIX key/trust factories, " + "(PKCS12, SunX509/PKIX key/trust factories, " +
"SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3/DTLSv1.0/DTLSv1.2)"; "SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3/DTLSv1.0/DTLSv1.2)";
protected SunJSSE() { public SunJSSE() {
super("SunJSSE", PROVIDER_VER, info); super("SunJSSE", PROVIDER_VER, info);
subclassCheck();
registerAlgorithms(); registerAlgorithms();
} }
@ -136,12 +135,4 @@ public abstract class SunJSSE extends java.security.Provider {
ps("KeyStore", "PKCS12", ps("KeyStore", "PKCS12",
"sun.security.pkcs12.PKCS12KeyStore", null, null); "sun.security.pkcs12.PKCS12KeyStore", null, null);
} }
// com.sun.net.ssl.internal.ssl.Provider has been deprecated since JDK 9
@SuppressWarnings("deprecation")
private void subclassCheck() {
if (getClass() != com.sun.net.ssl.internal.ssl.Provider.class) {
throw new AssertionError("Illegal subclass: " + getClass());
}
}
} }

5
test/jdk/TEST.groups
View File

@ -1,4 +1,4 @@
# Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. # Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
# #
# This code is free software; you can redistribute it and/or modify it # This code is free software; you can redistribute it and/or modify it
@ -214,8 +214,7 @@ jdk_security3 = \
sun/security \ sun/security \
-sun/security/krb5 \ -sun/security/krb5 \
-sun/security/jgss \ -sun/security/jgss \
javax/net \ javax/net
com/sun/net/ssl
jdk_security4 = \ jdk_security4 = \
com/sun/security/jgss \ com/sun/security/jgss \

41
test/jdk/com/sun/net/ssl/SSLSecurity/ComKeyManagerFactoryImpl.java
View File

@ -1,41 +0,0 @@
/*
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
import com.sun.net.ssl.*;
public class ComKeyManagerFactoryImpl extends KeyManagerFactorySpi {
public ComKeyManagerFactoryImpl() {
System.out.println("ComKeyManagerFactoryImpl initialized");
}
protected void engineInit(KeyStore ks, char [] password)
throws KeyStoreException {
System.out.println("ComKeyManagerFactoryImpl init'd");
}
protected KeyManager[] engineGetKeyManagers() {
return null;
}
}

47
test/jdk/com/sun/net/ssl/SSLSecurity/ComSSLContextImpl.java
View File

@ -1,47 +0,0 @@
/*
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
import com.sun.net.ssl.*;
public class ComSSLContextImpl extends SSLContextSpi {
public ComSSLContextImpl() {
System.out.println("ComSSLContextImpl initialized");
}
protected void engineInit(KeyManager[] km,
TrustManager[] tm, SecureRandom sr) throws KeyManagementException {
System.out.println("ComSSLContextImpl init'd");
}
protected javax.net.ssl.SSLSocketFactory engineGetSocketFactory() {
return null;
}
protected javax.net.ssl.SSLServerSocketFactory
engineGetServerSocketFactory() {
return null;
}
}

40
test/jdk/com/sun/net/ssl/SSLSecurity/ComTrustManagerFactoryImpl.java
View File

@ -1,40 +0,0 @@
/*
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
import com.sun.net.ssl.*;
public class ComTrustManagerFactoryImpl extends TrustManagerFactorySpi {
public ComTrustManagerFactoryImpl() {
System.out.println("ComTrustManagerFactoryImpl initialized");
}
protected void engineInit(KeyStore ks) throws KeyStoreException {
System.out.println("ComTrustManagerFactoryImpl init'd");
}
protected TrustManager[] engineGetTrustManagers() {
return null;
}
}

45
test/jdk/com/sun/net/ssl/SSLSecurity/JavaxKeyManagerFactoryImpl.java
View File

@ -1,45 +0,0 @@
/*
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
import javax.net.ssl.*;
public class JavaxKeyManagerFactoryImpl extends KeyManagerFactorySpi {
public JavaxKeyManagerFactoryImpl () {
System.out.println("JavaxKeyManagerFactoryImpl initialized");
}
protected void engineInit(KeyStore ks, char[] passwd)
throws KeyStoreException {
System.out.println("JavaxKeyManagerFactoryImpl init'd");
}
protected void engineInit(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
}
protected KeyManager[] engineGetKeyManagers() {
return null;
}
}

61
test/jdk/com/sun/net/ssl/SSLSecurity/JavaxSSLContextImpl.java
View File

@ -1,61 +0,0 @@
/*
* Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
import javax.net.ssl.*;
public class JavaxSSLContextImpl extends SSLContextSpi {
public JavaxSSLContextImpl() {
System.out.println("JavaxSSLContextImpl initialized");
}
protected void engineInit(KeyManager[] km,
TrustManager[] tm, SecureRandom sr) throws KeyManagementException {
System.out.println("JavaxSSLContextImpl init'd");
}
protected SSLEngine engineCreateSSLEngine() {
return null;
}
protected SSLEngine engineCreateSSLEngine(String host, int port) {
return null;
}
protected SSLSocketFactory engineGetSocketFactory() {
return null;
}
protected SSLServerSocketFactory engineGetServerSocketFactory() {
return null;
}
protected SSLSessionContext engineGetServerSessionContext() {
return null;
}
protected SSLSessionContext engineGetClientSessionContext() {
return null;
}
}

44
test/jdk/com/sun/net/ssl/SSLSecurity/JavaxTrustManagerFactoryImpl.java
View File

@ -1,44 +0,0 @@
/*
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
import javax.net.ssl.*;
public class JavaxTrustManagerFactoryImpl extends TrustManagerFactorySpi {
public JavaxTrustManagerFactoryImpl () {
System.out.println("JavaxTrustManagerFactoryImpl initialized");
}
protected void engineInit(KeyStore ks) throws KeyStoreException {
System.out.println("JavaxTrustManagerFactoryImpl init'd");
}
protected void engineInit(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
}
protected TrustManager[] engineGetTrustManagers() {
return null;
}
}

109
test/jdk/com/sun/net/ssl/SSLSecurity/ProviderTest.java
View File

@ -1,109 +0,0 @@
/*
* Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 4667976 8130181
* @modules java.base/com.sun.net.ssl
* @compile JavaxSSLContextImpl.java ComSSLContextImpl.java
* JavaxTrustManagerFactoryImpl.java ComTrustManagerFactoryImpl.java
* JavaxKeyManagerFactoryImpl.java ComKeyManagerFactoryImpl.java
* @run main/othervm ProviderTest
* @summary brokenness in the com.sun.net.ssl.SSLSecurity wrappers
*/
import java.security.*;
import com.sun.net.ssl.*;
public class ProviderTest {
public static void main(String args[]) throws Exception {
SSLContext sslc;
TrustManagerFactory tmf;
KeyManagerFactory kmf;
Provider extraProvider = new MyProvider();
Security.addProvider(extraProvider);
try {
System.out.println("getting a javax SSLContext");
sslc = SSLContext.getInstance("javax");
sslc.init(null, null, null);
System.out.println("\ngetting a com SSLContext");
sslc = SSLContext.getInstance("com");
sslc.init(null, null, null);
System.out.println("\ngetting a javax TrustManagerFactory");
tmf = TrustManagerFactory.getInstance("javax");
tmf.init((KeyStore) null);
System.out.println("\ngetting a com TrustManagerFactory");
tmf = TrustManagerFactory.getInstance("com");
tmf.init((KeyStore) null);
System.out.println("\ngetting a javax KeyManagerFactory");
kmf = KeyManagerFactory.getInstance("javax");
kmf.init((KeyStore) null, null);
System.out.println("\ngetting a com KeyManagerFactory");
kmf = KeyManagerFactory.getInstance("com");
kmf.init((KeyStore) null, null);
} finally {
Security.removeProvider(extraProvider.getName());
}
}
}
class MyProvider extends Provider {
private static String info = "Brad's provider";
/**
* Installs the JSSE provider.
*/
public static synchronized void install()
{
/* nop. Remove this method in the future. */
}
public MyProvider()
{
super("BRAD", "1.0", info);
AccessController.doPrivileged(new java.security.PrivilegedAction() {
public Object run() {
put("SSLContext.javax", "JavaxSSLContextImpl");
put("SSLContext.com", "ComSSLContextImpl");
put("TrustManagerFactory.javax",
"JavaxTrustManagerFactoryImpl");
put("TrustManagerFactory.com",
"ComTrustManagerFactoryImpl");
put("KeyManagerFactory.javax",
"JavaxKeyManagerFactoryImpl");
put("KeyManagerFactory.com",
"ComKeyManagerFactoryImpl");
return null;
}
});
}
}

72
test/jdk/com/sun/net/ssl/SSLSecurity/TruncateArray.java
View File

@ -1,72 +0,0 @@
/*
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 4665824
* @summary JSSE - ClassCastException with 1.4
* @modules java.base/com.sun.net.ssl
*/
import com.sun.net.ssl.*;
public class TruncateArray {
public static void main(String args[]) throws Exception {
try {
TrustManager tms [] = new TrustManager [] {
new MyTM(), new MyTM(), new MyTM() };
KeyManager kms [] = new KeyManager [] {
new MyKM(), new MyKM(), new MyKM() };
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kms, tms, null);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509");
KeyManager[] km = kmf.getKeyManagers();
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SUNX509");
TrustManager[] tm = tmf.getTrustManagers();
} catch (ClassCastException e) {
throw e;
} catch (Throwable e) {
/*
* swallow anything else, we only are interested
* in class casting errors here. For example, we soon
* may be catching methods called on uninitialized factories.
*/
System.out.println("Caught something else");
e.printStackTrace();
}
}
static class MyTM implements TrustManager {
}
static class MyKM implements KeyManager {
}
}

6
test/jdk/java/security/BasicPermission/Wildcard.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -33,8 +33,7 @@ import javax.net.ssl.SSLPermission;
* @summary Check that BasicPermission subclasses don't throw exception if name * @summary Check that BasicPermission subclasses don't throw exception if name
* contains wildcard character ("*") but does not signify a * contains wildcard character ("*") but does not signify a
* wildcard match * wildcard match
* @modules java.base/com.sun.net.ssl * @modules java.sql
* java.sql
*/ */
public class Wildcard { public class Wildcard {
@ -51,6 +50,5 @@ public class Wildcard {
new SQLPermission(wildcard); new SQLPermission(wildcard);
new PropertyPermission(wildcard, "read"); new PropertyPermission(wildcard, "read");
new SSLPermission(wildcard); new SSLPermission(wildcard);
new com.sun.net.ssl.SSLPermission(wildcard);
} }
} }

123
test/jdk/javax/net/ssl/FixingJavadocs/ComURLNulls.java
View File

@ -1,123 +0,0 @@
/*
* Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 4387882 4451038
* @summary Need to revisit the javadocs for JSSE, especially the
* promoted classes, and HttpsURLConnection.getCipherSuite throws
* NullPointerException
* @modules java.base/com.sun.net.ssl
* java.base/com.sun.net.ssl.internal.www.protocol.https
* @run main/othervm ComURLNulls
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @author Brad Wetmore
*/
import java.net.*;
import java.io.*;
import javax.net.ssl.*;
import com.sun.net.ssl.HttpsURLConnection;
import com.sun.net.ssl.HostnameVerifier;
/*
* Tests that the com null argument changes made it in ok.
*/
public class ComURLNulls {
private static class ComSunHTTPSHandlerFactory implements URLStreamHandlerFactory {
private static String SUPPORTED_PROTOCOL = "https";
public URLStreamHandler createURLStreamHandler(String protocol) {
if (!protocol.equalsIgnoreCase(SUPPORTED_PROTOCOL))
return null;
return new com.sun.net.ssl.internal.www.protocol.https.Handler();
}
}
public static void main(String[] args) throws Exception {
HostnameVerifier reservedHV =
HttpsURLConnection.getDefaultHostnameVerifier();
try {
URL.setURLStreamHandlerFactory(new ComSunHTTPSHandlerFactory());
/**
* This test does not establish any connection to the specified
* URL, hence a dummy URL is used.
*/
URL foobar = new URL("https://example.com/");
HttpsURLConnection urlc =
(HttpsURLConnection) foobar.openConnection();
try {
urlc.getCipherSuite();
} catch (IllegalStateException e) {
System.out.print("Caught proper exception: ");
System.out.println(e.getMessage());
}
try {
urlc.getServerCertificates();
} catch (IllegalStateException e) {
System.out.print("Caught proper exception: ");
System.out.println(e.getMessage());
}
try {
urlc.setDefaultHostnameVerifier(null);
} catch (IllegalArgumentException e) {
System.out.print("Caught proper exception: ");
System.out.println(e.getMessage());
}
try {
urlc.setHostnameVerifier(null);
} catch (IllegalArgumentException e) {
System.out.print("Caught proper exception: ");
System.out.println(e.getMessage());
}
try {
urlc.setDefaultSSLSocketFactory(null);
} catch (IllegalArgumentException e) {
System.out.print("Caught proper exception: ");
System.out.println(e.getMessage());
}
try {
urlc.setSSLSocketFactory(null);
} catch (IllegalArgumentException e) {
System.out.print("Caught proper exception");
System.out.println(e.getMessage());
}
System.out.println("TESTS PASSED");
} finally {
HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
}
}
}

34
test/jdk/javax/net/ssl/GetInstance.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,6 @@
* @summary verify getInstance() works using Provider.getService() * @summary verify getInstance() works using Provider.getService()
* Export "PKIX" as the standard algorithm name of KeyManagerFactory * Export "PKIX" as the standard algorithm name of KeyManagerFactory
* @author Andreas Sterbenz * @author Andreas Sterbenz
* @modules java.base/com.sun.net.ssl
*/ */
import java.security.*; import java.security.*;
@ -113,38 +112,7 @@ public class GetInstance {
tmf = TrustManagerFactory.getInstance("X.509", p); tmf = TrustManagerFactory.getInstance("X.509", p);
same(p, tmf.getProvider()); same(p, tmf.getProvider());
testComSun();
long stop = System.currentTimeMillis(); long stop = System.currentTimeMillis();
System.out.println("Done (" + (stop - start) + " ms)."); System.out.println("Done (" + (stop - start) + " ms).");
} }
private static void testComSun() throws Exception {
Provider p = Security.getProvider("SunJSSE");
com.sun.net.ssl.SSLContext context;
context = com.sun.net.ssl.SSLContext.getInstance("SSL");
same(p, context.getProvider());
context = com.sun.net.ssl.SSLContext.getInstance("SSL", "SunJSSE");
same(p, context.getProvider());
context = com.sun.net.ssl.SSLContext.getInstance("SSL", p);
same(p, context.getProvider());
com.sun.net.ssl.KeyManagerFactory kmf;
kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
same(p, kmf.getProvider());
kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509", "SunJSSE");
same(p, kmf.getProvider());
kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509", p);
same(p, kmf.getProvider());
com.sun.net.ssl.TrustManagerFactory tmf;
tmf = com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
same(p, tmf.getProvider());
tmf = com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509", "SunJSSE");
same(p, tmf.getProvider());
tmf = com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509", p);
same(p, tmf.getProvider());
}
} }

407
test/jdk/javax/net/ssl/SSLSession/CheckMyTrustedKeystore.java
View File

@ -1,407 +0,0 @@
/*
* Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
/*
* @test
* @bug 4329114
* @summary Need better way of reflecting the reason when a chain is
* rejected as untrusted.
* @modules java.base/com.sun.net.ssl
* @ignore JSSE supports algorithm constraints with CR 6916074,
* need to update this test case in JDK 7 soon
* @run main/othervm CheckMyTrustedKeystore
*
* @author Brad Wetmore
*/
// This is a serious hack job!
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.ssl.*;
import java.security.cert.*;
public class CheckMyTrustedKeystore {
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static boolean separateServerThread = true;
/*
* Where do we find the keystores?
*/
final static String pathToStores = "../etc";
final static String keyStoreFile = "keystore";
final static String trustStoreFile = "truststore";
final static String unknownStoreFile = "unknown_keystore";
final static String passwd = "passphrase";
final static char[] cpasswd = "passphrase".toCharArray();
/*
* Is the server ready to serve?
*/
volatile static boolean serverReady = false;
/*
* Turn on SSL debugging?
*/
final static boolean debug = false;
/*
* If the client or server is doing some kind of object creation
* that the other side depends on, and that thread prematurely
* exits, you may experience a hang. The test harness will
* terminate all hung threads after its timeout has expired,
* currently 3 minutes by default, but you might try to be
* smart about it....
*/
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doServerSide() throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
com.sun.net.ssl.SSLContext ctx =
com.sun.net.ssl.SSLContext.getInstance("TLS");
com.sun.net.ssl.KeyManagerFactory kmf =
com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
ks.load(new FileInputStream(keyFilename), cpasswd);
kmf.init(ks, cpasswd);
com.sun.net.ssl.TrustManager [] tms =
new com.sun.net.ssl.TrustManager []
{ new MyComX509TrustManager() };
ctx.init(kmf.getKeyManagers(), tms, null);
SSLServerSocketFactory sslssf =
(SSLServerSocketFactory) ctx.getServerSocketFactory();
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslssf.createServerSocket(serverPort);
serverPort = sslServerSocket.getLocalPort();
sslServerSocket.setNeedClientAuth(true);
/*
* Create using the other type.
*/
SSLContext ctx1 =
SSLContext.getInstance("TLS");
KeyManagerFactory kmf1 =
KeyManagerFactory.getInstance("SunX509");
TrustManager [] tms1 =
new TrustManager []
{ new MyJavaxX509TrustManager() };
kmf1.init(ks, cpasswd);
ctx1.init(kmf1.getKeyManagers(), tms1, null);
sslssf = (SSLServerSocketFactory) ctx1.getServerSocketFactory();
SSLServerSocket sslServerSocket1 =
(SSLServerSocket) sslssf.createServerSocket(serverPort1);
serverPort1 = sslServerSocket1.getLocalPort();
sslServerSocket1.setNeedClientAuth(true);
/*
* Signal Client, we're ready for his connect.
*/
serverReady = true;
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
sslServerSocket.close();
serverReady = false;
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
sslIS.read();
sslOS.write(85);
sslOS.flush();
sslSocket.close();
sslSocket = (SSLSocket) sslServerSocket1.accept();
sslIS = sslSocket.getInputStream();
sslOS = sslSocket.getOutputStream();
sslIS.read();
sslOS.write(85);
sslOS.flush();
sslSocket.close();
System.out.println("Server exiting!");
System.out.flush();
}
void doTest(SSLSocket sslSocket) throws Exception {
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
System.out.println(" Writing");
sslOS.write(280);
sslOS.flush();
System.out.println(" Reading");
sslIS.read();
sslSocket.close();
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
/*
* See if an unknown keystore actually gets checked ok.
*/
System.out.println("==============");
System.out.println("Starting test0");
KeyStore uks = KeyStore.getInstance("JKS");
SSLContext ctx =
SSLContext.getInstance("TLS");
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
uks.load(new FileInputStream(unknownFilename), cpasswd);
kmf.init(uks, cpasswd);
TrustManager [] tms = new TrustManager []
{ new MyJavaxX509TrustManager() };
ctx.init(kmf.getKeyManagers(), tms, null);
SSLSocketFactory sslsf =
(SSLSocketFactory) ctx.getSocketFactory();
System.out.println("Trying first socket " + serverPort);
SSLSocket sslSocket = (SSLSocket)
sslsf.createSocket("localhost", serverPort);
doTest(sslSocket);
/*
* Now try the other way.
*/
com.sun.net.ssl.SSLContext ctx1 =
com.sun.net.ssl.SSLContext.getInstance("TLS");
com.sun.net.ssl.KeyManagerFactory kmf1 =
com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
kmf1.init(uks, cpasswd);
com.sun.net.ssl.TrustManager [] tms1 =
new com.sun.net.ssl.TrustManager []
{ new MyComX509TrustManager() };
ctx1.init(kmf1.getKeyManagers(), tms1, null);
sslsf = (SSLSocketFactory) ctx1.getSocketFactory();
System.out.println("Trying second socket " + serverPort1);
sslSocket = (SSLSocket) sslsf.createSocket("localhost",
serverPort1);
doTest(sslSocket);
System.out.println("Completed test1");
}
/*
* =============================================================
* The remainder is just support stuff
*/
int serverPort = 0;
int serverPort1 = 0;
volatile Exception serverException = null;
volatile Exception clientException = null;
final static String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
final static String unknownFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + unknownStoreFile;
public static void main(String[] args) throws Exception {
if (debug)
System.setProperty("javax.net.debug", "all");
/*
* Start the tests.
*/
new CheckMyTrustedKeystore();
}
Thread clientThread = null;
Thread serverThread = null;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
CheckMyTrustedKeystore() throws Exception {
if (separateServerThread) {
startServer(true);
startClient(false);
} else {
startClient(true);
startServer(false);
}
/*
* Wait for other side to close down.
*/
if (separateServerThread) {
serverThread.join();
} else {
clientThread.join();
}
/*
* When we get here, the test is pretty much over.
*
* If the main thread excepted, that propagates back
* immediately. If the other thread threw an exception, we
* should report back.
*/
if (serverException != null) {
System.out.print("Server Exception:");
throw serverException;
}
if (clientException != null) {
System.out.print("Client Exception:");
throw clientException;
}
}
void startServer(boolean newThread) throws Exception {
if (newThread) {
serverThread = new Thread() {
public void run() {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died...");
serverReady = true;
serverException = e;
}
}
};
serverThread.start();
} else {
doServerSide();
}
}
void startClient(boolean newThread) throws Exception {
if (newThread) {
clientThread = new Thread() {
public void run() {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
}
};
clientThread.start();
} else {
doClientSide();
}
}
}
class MyComX509TrustManager implements com.sun.net.ssl.X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return (new X509Certificate[0]);
}
public boolean isClientTrusted(X509Certificate[] chain) {
System.out.println(" IsClientTrusted?");
return true;
}
public boolean isServerTrusted(X509Certificate[] chain) {
System.out.println(" IsServerTrusted?");
return true;
}
}
class MyJavaxX509TrustManager implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return (new X509Certificate[0]);
}
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
System.out.println(" CheckClientTrusted(" + authType + ")?");
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
System.out.println(" CheckServerTrusted(" + authType + ")?");
}
}

28
test/jdk/sun/net/www/protocol/https/HttpsURLConnection/CheckMethods.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -26,13 +26,12 @@
* @bug 4423074 * @bug 4423074
* @summary Need to rebase all the duplicated classes from Merlin. * @summary Need to rebase all the duplicated classes from Merlin.
* This test will check out http POST * This test will check out http POST
* @modules java.base/sun.net.www.protocol.https java.base/com.sun.net.ssl.internal.www.protocol.https * @modules java.base/sun.net.www.protocol.https
*/ */
import java.net.*; import java.net.*;
import java.util.*; import java.util.*;
import java.lang.reflect.*; import java.lang.reflect.*;
import sun.net.www.protocol.https.HttpsURLConnectionImpl; import sun.net.www.protocol.https.HttpsURLConnectionImpl;
import com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl;
public class CheckMethods { public class CheckMethods {
static boolean debug = false; static boolean debug = false;
@ -85,9 +84,8 @@ public class CheckMethods {
} }
} }
// check HttpsURLConnectionImpl and HttpsURLConnectionOldImpl // check HttpsURLConnectionImpl contain all public and protected methods
// contain all public and protected methods defined in // defined in HttpURLConnection and URLConnection
// HttpURLConnection and URLConnection
public static void main(String[] args) { public static void main(String[] args) {
ArrayList allMethods = new ArrayList( ArrayList allMethods = new ArrayList(
Arrays.asList(HttpURLConnection.class.getDeclaredMethods())); Arrays.asList(HttpURLConnection.class.getDeclaredMethods()));
@ -121,24 +119,6 @@ public class CheckMethods {
throw new RuntimeException("Method definition test failed on HttpsURLConnectionImpl"); throw new RuntimeException("Method definition test failed on HttpsURLConnectionImpl");
} }
// testing HttpsURLConnectionOldImpl
List httpsOldMethods =
Arrays.asList(HttpsURLConnectionOldImpl.class.getDeclaredMethods());
ArrayList httpsOldMethodSignatures = new ArrayList();
for (Iterator itr = httpsOldMethods.iterator(); itr.hasNext(); ) {
Method m = (Method)itr.next();
if (!Modifier.isStatic(m.getModifiers())) {
httpsOldMethodSignatures.add(
new MethodSignature(m.getName(), m.getParameterTypes()));
}
}
if (!httpsOldMethodSignatures.containsAll(allMethodSignatures)) {
throw new RuntimeException("Method definition test failed" +
" on HttpsURLConnectionOldImpl");
}
// testing for non static public field // testing for non static public field
ArrayList allFields = new ArrayList( ArrayList allFields = new ArrayList(
Arrays.asList(URLConnection.class.getFields())); Arrays.asList(URLConnection.class.getFields()));

393
test/jdk/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java
View File

@ -1,393 +0,0 @@
/*
* Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 4474255
* @summary Can no longer obtain a com.sun.net.ssl.HttpsURLConnection
* @modules java.base/com.sun.net.ssl
* java.base/com.sun.net.ssl.internal.www.protocol.https
* @run main/othervm ComHTTPSConnection
*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
* @author Brad Wetmore
*/
import java.io.*;
import java.net.*;
import java.security.cert.Certificate;
import javax.net.ssl.*;
import com.sun.net.ssl.HostnameVerifier;
import com.sun.net.ssl.HttpsURLConnection;
/**
* See if we can obtain a com.sun.net.ssl.HttpsURLConnection,
* and then play with it a bit.
*/
public class ComHTTPSConnection {
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static boolean separateServerThread = true;
/*
* Where do we find the keystores?
*/
static String pathToStores = "../../../../../../javax/net/ssl/etc";
static String keyStoreFile = "keystore";
static String trustStoreFile = "truststore";
static String passwd = "passphrase";
/*
* Is the server ready to serve?
*/
volatile static boolean serverReady = false;
/*
* Turn on SSL debugging?
*/
static boolean debug = false;
/*
* If the client or server is doing some kind of object creation
* that the other side depends on, and that thread prematurely
* exits, you may experience a hang. The test harness will
* terminate all hung threads after its timeout has expired,
* currently 3 minutes by default, but you might try to be
* smart about it....
*/
/**
* Returns the path to the file obtained from
* parsing the HTML header.
*/
private static String getPath(DataInputStream in)
throws IOException
{
String line = in.readLine();
String path = "";
// extract class from GET line
if (line.startsWith("GET /")) {
line = line.substring(5, line.length()-1).trim();
int index = line.indexOf(' ');
if (index != -1) {
path = line.substring(0, index);
}
}
// eat the rest of header
do {
line = in.readLine();
} while ((line.length() != 0) &&
(line.charAt(0) != '\r') && (line.charAt(0) != '\n'));
if (path.length() != 0) {
return path;
} else {
throw new IOException("Malformed Header");
}
}
/**
* Returns an array of bytes containing the bytes for
* the file represented by the argument <b>path</b>.
*
* In our case, we just pretend to send something back.
*
* @return the bytes for the file
* @exception FileNotFoundException if the file corresponding
* to <b>path</b> could not be loaded.
*/
private byte[] getBytes(String path)
throws IOException
{
return "Hello world, I am here".getBytes();
}
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doServerSide() throws Exception {
SSLServerSocketFactory sslssf =
(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslssf.createServerSocket(serverPort);
serverPort = sslServerSocket.getLocalPort();
/*
* Signal Client, we're ready for his connect.
*/
serverReady = true;
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
DataOutputStream out =
new DataOutputStream(sslSocket.getOutputStream());
try {
// get path to class file from header
DataInputStream in =
new DataInputStream(sslSocket.getInputStream());
String path = getPath(in);
// retrieve bytecodes
byte[] bytecodes = getBytes(path);
// send bytecodes in response (assumes HTTP/1.0 or later)
try {
out.writeBytes("HTTP/1.0 200 OK\r\n");
out.writeBytes("Content-Length: " + bytecodes.length + "\r\n");
out.writeBytes("Content-Type: text/html\r\n\r\n");
out.write(bytecodes);
out.flush();
} catch (IOException ie) {
ie.printStackTrace();
return;
}
} catch (Exception e) {
e.printStackTrace();
// write out error response
out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
out.writeBytes("Content-Type: text/html\r\n\r\n");
out.flush();
} finally {
// close the socket
System.out.println("Server closing socket");
sslSocket.close();
serverReady = false;
}
}
private static class ComSunHTTPSHandlerFactory implements URLStreamHandlerFactory {
private static String SUPPORTED_PROTOCOL = "https";
public URLStreamHandler createURLStreamHandler(String protocol) {
if (!protocol.equalsIgnoreCase(SUPPORTED_PROTOCOL))
return null;
return new com.sun.net.ssl.internal.www.protocol.https.Handler();
}
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
HostnameVerifier reservedHV =
HttpsURLConnection.getDefaultHostnameVerifier();
try {
URL.setURLStreamHandlerFactory(new ComSunHTTPSHandlerFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier());
URL url = new URL("https://" + "localhost:" + serverPort +
"/etc/hosts");
URLConnection urlc = url.openConnection();
if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) {
throw new Exception(
"URLConnection ! instanceof " +
"com.sun.net.ssl.HttpsURLConnection");
}
BufferedReader in = null;
try {
in = new BufferedReader(new InputStreamReader(
urlc.getInputStream()));
String inputLine;
System.out.print("Client reading... ");
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
System.out.println("Cipher Suite: " +
((HttpsURLConnection)urlc).getCipherSuite());
Certificate[] certs =
((HttpsURLConnection)urlc).getServerCertificates();
for (int i = 0; i < certs.length; i++) {
System.out.println(certs[0]);
}
in.close();
} catch (SSLException e) {
if (in != null)
in.close();
throw e;
}
System.out.println("Client reports: SUCCESS");
} finally {
HttpsURLConnection.setDefaultHostnameVerifier(reservedHV);
}
}
static class NameVerifier implements HostnameVerifier {
public boolean verify(String urlHostname,
String certHostname) {
System.out.println(
"CertificateHostnameVerifier: " + urlHostname + " == "
+ certHostname + " returning true");
return true;
}
}
/*
* =============================================================
* The remainder is just support stuff
*/
// use any free port by default
volatile int serverPort = 0;
volatile Exception serverException = null;
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
String trustFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
System.setProperty("javax.net.ssl.keyStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", passwd);
System.setProperty("javax.net.ssl.trustStore", trustFilename);
System.setProperty("javax.net.ssl.trustStorePassword", passwd);
if (debug)
System.setProperty("javax.net.debug", "all");
/*
* Start the tests.
*/
new ComHTTPSConnection();
}
Thread clientThread = null;
Thread serverThread = null;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
ComHTTPSConnection() throws Exception {
if (separateServerThread) {
startServer(true);
startClient(false);
} else {
startClient(true);
startServer(false);
}
/*
* Wait for other side to close down.
*/
if (separateServerThread) {
serverThread.join();
} else {
clientThread.join();
}
/*
* When we get here, the test is pretty much over.
*
* If the main thread excepted, that propagates back
* immediately. If the other thread threw an exception, we
* should report back.
*/
if (serverException != null) {
System.out.print("Server Exception:");
throw serverException;
}
if (clientException != null) {
System.out.print("Client Exception:");
throw clientException;
}
}
void startServer(boolean newThread) throws Exception {
if (newThread) {
serverThread = new Thread() {
public void run() {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died...");
serverReady = true;
serverException = e;
}
}
};
serverThread.start();
} else {
doServerSide();
}
}
void startClient(boolean newThread) throws Exception {
if (newThread) {
clientThread = new Thread() {
public void run() {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
}
};
clientThread.start();
} else {
doClientSide();
}
}
}

362
test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java
View File

@ -1,362 +0,0 @@
/*
* Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
// SunJSSE does not support dynamic system properties, no way to re-use
// system properties in samevm/agentvm mode.
/*
* @test
* @bug 4474255 4484246
* @summary When an application enables anonymous SSL cipher suite,
* Hostname verification is not required
* @modules java.base/com.sun.net.ssl
* java.base/com.sun.net.ssl.internal.www.protocol.https
* @run main/othervm ComHostnameVerifier
*/
import java.io.*;
import java.net.*;
import java.security.Security;
import javax.net.ssl.*;
import javax.security.cert.*;
import com.sun.net.ssl.HostnameVerifier;
import com.sun.net.ssl.HttpsURLConnection;
/**
* Use com.net.net.ssl.HostnameVerifier
*/
public class ComHostnameVerifier {
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static boolean separateServerThread = true;
/*
* Is the server ready to serve?
*/
volatile static boolean serverReady = false;
/*
* Turn on SSL debugging?
*/
static boolean debug = false;
/*
* If the client or server is doing some kind of object creation
* that the other side depends on, and that thread prematurely
* exits, you may experience a hang. The test harness will
* terminate all hung threads after its timeout has expired,
* currently 3 minutes by default, but you might try to be
* smart about it....
*/
/**
* Returns the path to the file obtained from
* parsing the HTML header.
*/
private static String getPath(DataInputStream in)
throws IOException
{
String line = in.readLine();
if (line == null)
return null;
String path = "";
// extract class from GET line
if (line.startsWith("GET /")) {
line = line.substring(5, line.length()-1).trim();
int index = line.indexOf(' ');
if (index != -1) {
path = line.substring(0, index);
}
}
// eat the rest of header
do {
line = in.readLine();
} while ((line.length() != 0) &&
(line.charAt(0) != '\r') && (line.charAt(0) != '\n'));
if (path.length() != 0) {
return path;
} else {
throw new IOException("Malformed Header");
}
}
/**
* Returns an array of bytes containing the bytes for
* the file represented by the argument <b>path</b>.
*
* In our case, we just pretend to send something back.
*
* @return the bytes for the file
* @exception FileNotFoundException if the file corresponding
* to <b>path</b> could not be loaded.
*/
private byte[] getBytes(String path)
throws IOException
{
return "Hello world, I am here".getBytes();
}
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doServerSide() throws Exception {
SSLServerSocketFactory sslssf =
(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslssf.createServerSocket(serverPort);
serverPort = sslServerSocket.getLocalPort();
String ciphers[]= { "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" };
sslServerSocket.setEnabledCipherSuites(ciphers);
/*
* Signal Client, we're ready for his connect.
*/
serverReady = true;
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
DataOutputStream out =
new DataOutputStream(sslSocket.getOutputStream());
try {
// get path to class file from header
DataInputStream in =
new DataInputStream(sslSocket.getInputStream());
String path = getPath(in);
// retrieve bytecodes
byte[] bytecodes = getBytes(path);
// send bytecodes in response (assumes HTTP/1.0 or later)
try {
out.writeBytes("HTTP/1.0 200 OK\r\n");
out.writeBytes("Content-Length: " + bytecodes.length + "\r\n");
out.writeBytes("Content-Type: text/html\r\n\r\n");
out.write(bytecodes);
out.flush();
} catch (IOException ie) {
ie.printStackTrace();
return;
}
} catch (Exception e) {
e.printStackTrace();
// write out error response
out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
out.writeBytes("Content-Type: text/html\r\n\r\n");
out.flush();
} finally {
// close the socket
System.out.println("Server closing socket");
sslSocket.close();
serverReady = false;
}
}
private static class ComSunHTTPSHandlerFactory implements URLStreamHandlerFactory {
private static String SUPPORTED_PROTOCOL = "https";
public URLStreamHandler createURLStreamHandler(String protocol) {
if (!protocol.equalsIgnoreCase(SUPPORTED_PROTOCOL))
return null;
return new com.sun.net.ssl.internal.www.protocol.https.Handler();
}
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
URL.setURLStreamHandlerFactory(new ComSunHTTPSHandlerFactory());
System.setProperty("https.cipherSuites",
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
// use the default hostname verifier
URL url = new URL("https://" + "localhost:" + serverPort +
"/etc/hosts");
URLConnection urlc = url.openConnection();
if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) {
throw new Exception(
"URLConnection ! instanceof " +
"com.sun.net.ssl.HttpsURLConnection");
}
BufferedReader in = null;
try {
in = new BufferedReader(new InputStreamReader(
urlc.getInputStream()));
String inputLine;
System.out.print("Client reading... ");
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
System.out.println("Cipher Suite: " +
((HttpsURLConnection)urlc).getCipherSuite());
in.close();
} catch (SSLException e) {
if (in != null)
in.close();
throw e;
}
System.out.println("Client reports: SUCCESS");
}
/*
* =============================================================
* The remainder is just support stuff
*/
// use any free port by default
volatile int serverPort = 0;
volatile Exception serverException = null;
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
// re-enable 3DES
Security.setProperty("jdk.tls.disabledAlgorithms", "");
if (debug)
System.setProperty("javax.net.debug", "all");
/*
* Start the tests.
*/
new ComHostnameVerifier();
}
Thread clientThread = null;
Thread serverThread = null;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
ComHostnameVerifier() throws Exception {
if (separateServerThread) {
startServer(true);
startClient(false);
} else {
startClient(true);
startServer(false);
}
/*
* Wait for other side to close down.
*/
if (separateServerThread) {
serverThread.join();
} else {
clientThread.join();
}
/*
* When we get here, the test is pretty much over.
*
* If the main thread excepted, that propagates back
* immediately. If the other thread threw an exception, we
* should report back.
*/
if (serverException != null) {
System.out.print("Server Exception:");
throw serverException;
}
if (clientException != null) {
System.out.print("Client Exception:");
throw clientException;
}
}
void startServer(boolean newThread) throws Exception {
if (newThread) {
serverThread = new Thread() {
public void run() {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died...");
serverReady = true;
serverException = e;
}
}
};
serverThread.start();
} else {
doServerSide();
}
}
void startClient(boolean newThread) throws Exception {
if (newThread) {
clientThread = new Thread() {
public void run() {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
}
};
clientThread.start();
} else {
doClientSide();
}
}
}

17
test/jdk/sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,6 @@
* @summary unspecified exceptions in X509TrustManager.checkClient[Server]Truste * @summary unspecified exceptions in X509TrustManager.checkClient[Server]Truste
d d
* @author Xuelei Fan * @author Xuelei Fan
* @modules java.base/com.sun.net.ssl.internal.ssl
*/ */
import java.io.*; import java.io.*;
@ -37,8 +36,6 @@ import java.security.cert.X509Certificate;
import java.security.*; import java.security.*;
import java.util.Enumeration; import java.util.Enumeration;
import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager;
public class CheckNullEntity { public class CheckNullEntity {
/* /*
@ -157,7 +154,7 @@ public class CheckNullEntity {
if (trustManager instanceof X509ExtendedTrustManager) { if (trustManager instanceof X509ExtendedTrustManager) {
try { try {
((X509ExtendedTrustManager)trustManager).checkClientTrusted( ((X509ExtendedTrustManager)trustManager).checkClientTrusted(
certChain, (String)null, "localhost", null); certChain, (String)null, (Socket)null);
} catch (IllegalArgumentException iae) { } catch (IllegalArgumentException iae) {
// get the right exception // get the right exception
extFailed >>= 1; extFailed >>= 1;
@ -165,7 +162,7 @@ public class CheckNullEntity {
try { try {
((X509ExtendedTrustManager)trustManager).checkServerTrusted( ((X509ExtendedTrustManager)trustManager).checkServerTrusted(
certChain, (String)null, "localhost", null); certChain, (String)null, (Socket)null);
} catch (IllegalArgumentException iae) { } catch (IllegalArgumentException iae) {
// get the right exception // get the right exception
extFailed >>= 1; extFailed >>= 1;
@ -173,7 +170,7 @@ public class CheckNullEntity {
try { try {
((X509ExtendedTrustManager)trustManager).checkClientTrusted( ((X509ExtendedTrustManager)trustManager).checkClientTrusted(
certChain, "", "localhost", null); certChain, "", (Socket)null);
} catch (IllegalArgumentException iae) { } catch (IllegalArgumentException iae) {
// get the right exception // get the right exception
extFailed >>= 1; extFailed >>= 1;
@ -181,7 +178,7 @@ public class CheckNullEntity {
try { try {
((X509ExtendedTrustManager)trustManager).checkServerTrusted( ((X509ExtendedTrustManager)trustManager).checkServerTrusted(
certChain, "", "localhost", null); certChain, "", (Socket)null);
} catch (IllegalArgumentException iae) { } catch (IllegalArgumentException iae) {
// get the right exception // get the right exception
extFailed >>= 1; extFailed >>= 1;
@ -189,7 +186,7 @@ public class CheckNullEntity {
try { try {
((X509ExtendedTrustManager)trustManager).checkClientTrusted( ((X509ExtendedTrustManager)trustManager).checkClientTrusted(
null, authType, "localhost", null); null, authType, (Socket)null);
} catch (IllegalArgumentException iae) { } catch (IllegalArgumentException iae) {
// get the right exception // get the right exception
extFailed >>= 1; extFailed >>= 1;
@ -197,7 +194,7 @@ public class CheckNullEntity {
try { try {
((X509ExtendedTrustManager)trustManager).checkServerTrusted( ((X509ExtendedTrustManager)trustManager).checkServerTrusted(
null, authType, "localhost", null); null, authType, (Socket)null);
} catch (IllegalArgumentException iae) { } catch (IllegalArgumentException iae) {
// get the right exception // get the right exception
extFailed >>= 1; extFailed >>= 1;

365
test/jdk/sun/security/ssl/X509TrustManagerImpl/ClientServer.java
View File

@ -1,365 +0,0 @@
/*
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 4717766
* @author Brad Wetmore
* @summary 1.0.3 JsseX509TrustManager erroneously calls isClientTrusted()
* @modules java.base/com.sun.net.ssl
* @run main/manual ClientServer
*/
/*
* SunJSSE does not support dynamic system properties, no way to re-use
* system properties in samevm/agentvm mode.
*
* JSSE supports algorithm constraints with CR 6916074, need to update
* this test case in JDK 7 soon.
*
* This problem didn't exist in JSSE 1.4, only JSSE 1.0.3. However,
* this is a useful test, so I decided to include it in 1.4.2.
*/
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
import java.security.cert.*;
import java.security.*;
import com.sun.net.ssl.*;
public class ClientServer {
/*
* =============================================================
* Set the various variables needed for the tests, then
* specify what tests to run on each side.
*/
/*
* Should we run the client or server in a separate thread?
* Both sides can throw exceptions, but do you have a preference
* as to which side should be the main thread.
*/
static boolean separateServerThread = true;
/*
* Where do we find the keystores?
*/
static String pathToStores = "../../../../javax/net/ssl/etc";
static String keyStoreFile = "keystore";
static String trustStoreFile = "truststore";
static String passwd = "passphrase";
/*
* Is the server ready to serve?
*/
volatile static boolean serverReady = false;
/*
* Turn on SSL debugging?
*/
static boolean debug = false;
/*
* If the client or server is doing some kind of object creation
* that the other side depends on, and that thread prematurely
* exits, you may experience a hang. The test harness will
* terminate all hung threads after its timeout has expired,
* currently 3 minutes by default, but you might try to be
* smart about it....
*/
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doServerSide() throws Exception {
SSLServerSocketFactory sslssf = getDefaultServer();
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslssf.createServerSocket(serverPort);
serverPort = sslServerSocket.getLocalPort();
/*
* Signal Client, we're ready for his connect.
*/
serverReady = true;
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
sslSocket.setNeedClientAuth(true);
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
sslIS.read();
sslOS.write(85);
sslOS.flush();
sslSocket.close();
if (!serverTM.wasServerChecked() && serverTM.wasClientChecked()) {
System.out.println("SERVER TEST PASSED!");
} else {
throw new Exception("SERVER TEST FAILED! " +
!serverTM.wasServerChecked() + " " +
serverTM.wasClientChecked());
}
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
SSLSocketFactory sslsf = getDefaultClient();
SSLSocket sslSocket = (SSLSocket)
sslsf.createSocket("localhost", serverPort);
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
sslOS.write(280);
sslOS.flush();
sslIS.read();
sslSocket.close();
if (clientTM.wasServerChecked() && !clientTM.wasClientChecked()) {
System.out.println("CLIENT TEST PASSED!");
} else {
throw new Exception("CLIENT TEST FAILED! " +
clientTM.wasServerChecked() + " " +
!clientTM.wasClientChecked());
}
}
private com.sun.net.ssl.SSLContext getDefault(MyX509TM tm)
throws Exception {
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
String trustFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + trustStoreFile;
char[] passphrase = "passphrase".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyFilename), passphrase);
com.sun.net.ssl.KeyManagerFactory kmf =
com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(trustFilename), passphrase);
com.sun.net.ssl.TrustManagerFactory tmf =
com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
com.sun.net.ssl.TrustManager [] tms = tmf.getTrustManagers();
int i;
for (i = 0; i < tms.length; i++) {
if (tms[i] instanceof com.sun.net.ssl.X509TrustManager) {
break;
}
}
if (i >= tms.length) {
throw new Exception("Couldn't find X509TM");
}
tm.init((com.sun.net.ssl.X509TrustManager)tms[i]);
tms = new MyX509TM [] { tm };
com.sun.net.ssl.SSLContext ctx =
com.sun.net.ssl.SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(), tms, null);
return ctx;
}
MyX509TM serverTM;
MyX509TM clientTM;
private SSLServerSocketFactory getDefaultServer() throws Exception {
serverTM = new MyX509TM();
return getDefault(serverTM).getServerSocketFactory();
}
private SSLSocketFactory getDefaultClient() throws Exception {
clientTM = new MyX509TM();
return getDefault(clientTM).getSocketFactory();
}
static class MyX509TM implements com.sun.net.ssl.X509TrustManager {
com.sun.net.ssl.X509TrustManager tm;
boolean clientChecked;
boolean serverChecked;
void init(com.sun.net.ssl.X509TrustManager x509TM) {
tm = x509TM;
}
public boolean wasClientChecked() {
return clientChecked;
}
public boolean wasServerChecked() {
return serverChecked;
}
public boolean isClientTrusted(X509Certificate[] chain) {
clientChecked = true;
return true;
}
public boolean isServerTrusted(X509Certificate[] chain) {
serverChecked = true;
return true;
}
public X509Certificate[] getAcceptedIssuers() {
return tm.getAcceptedIssuers();
}
}
/*
* =============================================================
* The remainder is just support stuff
*/
// use any free port by default
volatile int serverPort = 0;
volatile Exception serverException = null;
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
if (debug)
System.setProperty("javax.net.debug", "all");
/*
* Start the tests.
*/
new ClientServer();
}
Thread clientThread = null;
Thread serverThread = null;
/*
* Primary constructor, used to drive remainder of the test.
*
* Fork off the other side, then do your work.
*/
ClientServer() throws Exception {
if (separateServerThread) {
startServer(true);
startClient(false);
} else {
startClient(true);
startServer(false);
}
/*
* Wait for other side to close down.
*/
if (separateServerThread) {
serverThread.join();
} else {
clientThread.join();
}
/*
* When we get here, the test is pretty much over.
*
* If the main thread excepted, that propagates back
* immediately. If the other thread threw an exception, we
* should report back.
*/
if (serverException != null)
throw serverException;
if (clientException != null)
throw clientException;
}
void startServer(boolean newThread) throws Exception {
if (newThread) {
serverThread = new Thread() {
public void run() {
try {
doServerSide();
} catch (Exception e) {
/*
* Our server thread just died.
*
* Release the client, if not active already...
*/
System.err.println("Server died...");
serverReady = true;
serverException = e;
}
}
};
serverThread.start();
} else {
doServerSide();
}
}
void startClient(boolean newThread) throws Exception {
if (newThread) {
clientThread = new Thread() {
public void run() {
try {
doClientSide();
} catch (Exception e) {
/*
* Our client thread just died.
*/
System.err.println("Client died...");
clientException = e;
}
}
};
clientThread.start();
} else {
doClientSide();
}
}
}