8207029: Unable to use custom SSLEngine with default TrustManagerFactory after updating to JDK 11 b21

Reviewed-by: wetmore
2018-07-13 07:08:59 -07:00 · 2018-07-13 07:08:59 -07:00 · a98ec3e8bd
commit a98ec3e8bd
parent 5bd94254bb
1 changed files with 26 additions and 10 deletions
--- a/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
@ -73,12 +73,20 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
            boolean withDefaultCertPathConstraints) {
        AlgorithmConstraints configuredConstraints = null;
        if (socket != null) {
-            HandshakeContext hc =
-                    ((SSLSocketImpl)socket).conContext.handshakeContext;
-            if (hc != null) {
-                configuredConstraints = hc.sslConfig.algorithmConstraints;
+            // Note that the KeyManager or TrustManager implementation may be
+            // not implemented in the same provider as SSLSocket/SSLEngine.
+            // Please check the instance before casting to use SSLSocketImpl.
+            if (socket instanceof SSLSocketImpl) {
+                HandshakeContext hc =
+                        ((SSLSocketImpl)socket).conContext.handshakeContext;
+                if (hc != null) {
+                    configuredConstraints = hc.sslConfig.algorithmConstraints;
+                } else {
+                    configuredConstraints = null;
+                }
            } else {
-                configuredConstraints = null;
+                configuredConstraints =
+                        socket.getSSLParameters().getAlgorithmConstraints();
            }
        }
        this.userSpecifiedConstraints = configuredConstraints;
@ -90,12 +98,20 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
            boolean withDefaultCertPathConstraints) {
        AlgorithmConstraints configuredConstraints = null;
        if (engine != null) {
-            HandshakeContext hc =
-                    ((SSLEngineImpl)engine).conContext.handshakeContext;
-            if (hc != null) {
-                configuredConstraints = hc.sslConfig.algorithmConstraints;
+            // Note that the KeyManager or TrustManager implementation may be
+            // not implemented in the same provider as SSLSocket/SSLEngine.
+            // Please check the instance before casting to use SSLEngineImpl.
+            if (engine instanceof SSLEngineImpl) {
+                HandshakeContext hc =
+                        ((SSLEngineImpl)engine).conContext.handshakeContext;
+                if (hc != null) {
+                    configuredConstraints = hc.sslConfig.algorithmConstraints;
+                } else {
+                    configuredConstraints = null;
+                }
            } else {
-                configuredConstraints = null;
+                configuredConstraints =
+                        engine.getSSLParameters().getAlgorithmConstraints();
            }
        }
        this.userSpecifiedConstraints = configuredConstraints;