1 /*
   2  * Copyright (c) 1999, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.net.Socket;
  29 
  30 import java.io.*;
  31 import java.util.*;
  32 import java.security.*;
  33 import java.security.cert.*;
  34 import java.security.cert.Certificate;
  35 
  36 import javax.net.ssl.*;
  37 
  38 import sun.security.provider.certpath.AlgorithmChecker;
  39 import sun.security.action.GetPropertyAction;
  40 
  41 public abstract class SSLContextImpl extends SSLContextSpi {
  42 
  43     private static final Debug debug = Debug.getInstance("ssl");
  44 
  45     private final EphemeralKeyManager ephemeralKeyManager;
  46     private final SSLSessionContextImpl clientCache;
  47     private final SSLSessionContextImpl serverCache;
  48 
  49     private boolean isInitialized;
  50 
  51     private X509ExtendedKeyManager keyManager;
  52     private X509TrustManager trustManager;
  53     private SecureRandom secureRandom;
  54 
  55     // DTLS cookie exchange manager
  56     private volatile HelloCookieManager helloCookieManager;
  57 
  58     private final boolean clientEnableStapling = Debug.getBooleanProperty(
  59             "jdk.tls.client.enableStatusRequestExtension", true);
  60     private final boolean serverEnableStapling = Debug.getBooleanProperty(
  61             "jdk.tls.server.enableStatusRequestExtension", false);
  62     private volatile StatusResponseManager statusResponseManager;
  63 
  64     SSLContextImpl() {
  65         ephemeralKeyManager = new EphemeralKeyManager();
  66         clientCache = new SSLSessionContextImpl();
  67         serverCache = new SSLSessionContextImpl();
  68     }
  69 
  70     @Override
  71     protected void engineInit(KeyManager[] km, TrustManager[] tm,
  72                                 SecureRandom sr) throws KeyManagementException {
  73         isInitialized = false;
  74         keyManager = chooseKeyManager(km);
  75 
  76         if (tm == null) {
  77             try {
  78                 TrustManagerFactory tmf = TrustManagerFactory.getInstance(
  79                         TrustManagerFactory.getDefaultAlgorithm());
  80                 tmf.init((KeyStore)null);
  81                 tm = tmf.getTrustManagers();
  82             } catch (Exception e) {
  83                 // eat
  84             }
  85         }
  86         trustManager = chooseTrustManager(tm);
  87 
  88         if (sr == null) {
  89             secureRandom = JsseJce.getSecureRandom();
  90         } else {
  91             if (SunJSSE.isFIPS() &&
  92                         (sr.getProvider() != SunJSSE.cryptoProvider)) {
  93                 throw new KeyManagementException
  94                     ("FIPS mode: SecureRandom must be from provider "
  95                     + SunJSSE.cryptoProvider.getName());
  96             }
  97             secureRandom = sr;
  98         }
  99 
 100         /*
 101          * The initial delay of seeding the random number generator
 102          * could be long enough to cause the initial handshake on our
 103          * first connection to timeout and fail. Make sure it is
 104          * primed and ready by getting some initial output from it.
 105          */
 106         if (debug != null && Debug.isOn("sslctx")) {
 107             System.out.println("trigger seeding of SecureRandom");
 108         }
 109         secureRandom.nextInt();
 110         if (debug != null && Debug.isOn("sslctx")) {
 111             System.out.println("done seeding SecureRandom");
 112         }
 113 
 114         isInitialized = true;
 115     }
 116 
 117     private X509TrustManager chooseTrustManager(TrustManager[] tm)
 118             throws KeyManagementException {
 119         // We only use the first instance of X509TrustManager passed to us.
 120         for (int i = 0; tm != null && i < tm.length; i++) {
 121             if (tm[i] instanceof X509TrustManager) {
 122                 if (SunJSSE.isFIPS() &&
 123                         !(tm[i] instanceof X509TrustManagerImpl)) {
 124                     throw new KeyManagementException
 125                         ("FIPS mode: only SunJSSE TrustManagers may be used");
 126                 }
 127 
 128                 if (tm[i] instanceof X509ExtendedTrustManager) {
 129                     return (X509TrustManager)tm[i];
 130                 } else {
 131                     return new AbstractTrustManagerWrapper(
 132                                         (X509TrustManager)tm[i]);
 133                 }
 134             }
 135         }
 136 
 137         // nothing found, return a dummy X509TrustManager.
 138         return DummyX509TrustManager.INSTANCE;
 139     }
 140 
 141     private X509ExtendedKeyManager chooseKeyManager(KeyManager[] kms)
 142             throws KeyManagementException {
 143         for (int i = 0; kms != null && i < kms.length; i++) {
 144             KeyManager km = kms[i];
 145             if (!(km instanceof X509KeyManager)) {
 146                 continue;
 147             }
 148             if (SunJSSE.isFIPS()) {
 149                 // In FIPS mode, require that one of SunJSSE's own keymanagers
 150                 // is used. Otherwise, we cannot be sure that only keys from
 151                 // the FIPS token are used.
 152                 if ((km instanceof X509KeyManagerImpl)
 153                             || (km instanceof SunX509KeyManagerImpl)) {
 154                     return (X509ExtendedKeyManager)km;
 155                 } else {
 156                     // throw exception, we don't want to silently use the
 157                     // dummy keymanager without telling the user.
 158                     throw new KeyManagementException
 159                         ("FIPS mode: only SunJSSE KeyManagers may be used");
 160                 }
 161             }
 162             if (km instanceof X509ExtendedKeyManager) {
 163                 return (X509ExtendedKeyManager)km;
 164             }
 165             if (debug != null && Debug.isOn("sslctx")) {
 166                 System.out.println(
 167                     "X509KeyManager passed to " +
 168                     "SSLContext.init():  need an " +
 169                     "X509ExtendedKeyManager for SSLEngine use");
 170             }
 171             return new AbstractKeyManagerWrapper((X509KeyManager)km);
 172         }
 173 
 174         // nothing found, return a dummy X509ExtendedKeyManager
 175         return DummyX509KeyManager.INSTANCE;
 176     }
 177 
 178     abstract SSLEngine createSSLEngineImpl();
 179     abstract SSLEngine createSSLEngineImpl(String host, int port);
 180 
 181     @Override
 182     protected SSLEngine engineCreateSSLEngine() {
 183         if (!isInitialized) {
 184             throw new IllegalStateException("SSLContext is not initialized");
 185         }
 186         return createSSLEngineImpl();
 187     }
 188 
 189     @Override
 190     protected SSLEngine engineCreateSSLEngine(String host, int port) {
 191         if (!isInitialized) {
 192             throw new IllegalStateException("SSLContext is not initialized");
 193         }
 194         return createSSLEngineImpl(host, port);
 195     }
 196 
 197     @Override
 198     protected SSLSocketFactory engineGetSocketFactory() {
 199         if (!isInitialized) {
 200             throw new IllegalStateException("SSLContext is not initialized");
 201         }
 202        return new SSLSocketFactoryImpl(this);
 203     }
 204 
 205     @Override
 206     protected SSLServerSocketFactory engineGetServerSocketFactory() {
 207         if (!isInitialized) {
 208             throw new IllegalStateException("SSLContext is not initialized");
 209         }
 210         return new SSLServerSocketFactoryImpl(this);
 211     }
 212 
 213     @Override
 214     protected SSLSessionContext engineGetClientSessionContext() {
 215         return clientCache;
 216     }
 217 
 218     @Override
 219     protected SSLSessionContext engineGetServerSessionContext() {
 220         return serverCache;
 221     }
 222 
 223     SecureRandom getSecureRandom() {
 224         return secureRandom;
 225     }
 226 
 227     X509ExtendedKeyManager getX509KeyManager() {
 228         return keyManager;
 229     }
 230 
 231     X509TrustManager getX509TrustManager() {
 232         return trustManager;
 233     }
 234 
 235     EphemeralKeyManager getEphemeralKeyManager() {
 236         return ephemeralKeyManager;
 237     }
 238 
 239     // Used for DTLS in server mode only, see ServerHandshaker.
 240     HelloCookieManager getHelloCookieManager() {
 241         if (!isInitialized) {
 242             throw new IllegalStateException("SSLContext is not initialized");
 243         }
 244 
 245         if (helloCookieManager != null) {
 246             return helloCookieManager;
 247         }
 248 
 249         synchronized (this) {
 250             if (helloCookieManager == null) {
 251                 helloCookieManager = getHelloCookieManager(secureRandom);
 252             }
 253         }
 254 
 255         return helloCookieManager;
 256     }
 257 
 258     HelloCookieManager getHelloCookieManager(SecureRandom secureRandom) {
 259         throw new UnsupportedOperationException(
 260                 "Cookie exchange applies to DTLS only");
 261     }
 262 
 263     StatusResponseManager getStatusResponseManager() {
 264         if (serverEnableStapling && statusResponseManager == null) {
 265             synchronized (this) {
 266                 if (statusResponseManager == null) {
 267                     if (debug != null && Debug.isOn("sslctx")) {
 268                         System.out.println(
 269                                 "Initializing StatusResponseManager");
 270                     }
 271                     statusResponseManager = new StatusResponseManager();
 272                 }
 273             }
 274         }
 275 
 276         return statusResponseManager;
 277     }
 278 
 279     // Get supported ProtocolList.
 280     abstract ProtocolList getSuportedProtocolList();
 281 
 282     // Get default ProtocolList for server mode.
 283     abstract ProtocolList getServerDefaultProtocolList();
 284 
 285     // Get default ProtocolList for client mode.
 286     abstract ProtocolList getClientDefaultProtocolList();
 287 
 288     // Get supported CipherSuiteList.
 289     abstract CipherSuiteList getSupportedCipherSuiteList();
 290 
 291     // Get default CipherSuiteList for server mode.
 292     abstract CipherSuiteList getServerDefaultCipherSuiteList();
 293 
 294     // Get default CipherSuiteList for client mode.
 295     abstract CipherSuiteList getClientDefaultCipherSuiteList();
 296 
 297     // Get default ProtocolList.
 298     ProtocolList getDefaultProtocolList(boolean roleIsServer) {
 299         return roleIsServer ? getServerDefaultProtocolList()
 300                             : getClientDefaultProtocolList();
 301     }
 302 
 303     // Get default CipherSuiteList.
 304     CipherSuiteList getDefaultCipherSuiteList(boolean roleIsServer) {
 305         return roleIsServer ? getServerDefaultCipherSuiteList()
 306                             : getClientDefaultCipherSuiteList();
 307     }
 308 
 309     /**
 310      * Return whether a protocol list is the original default enabled
 311      * protocols.  See: SSLSocket/SSLEngine.setEnabledProtocols()
 312      */
 313     boolean isDefaultProtocolList(ProtocolList protocols) {
 314         return (protocols == getServerDefaultProtocolList()) ||
 315                (protocols == getClientDefaultProtocolList());
 316     }
 317 
 318     /**
 319      * Return whether a protocol list is the original default enabled
 320      * protocols.  See: SSLSocket/SSLEngine.setEnabledProtocols()
 321      */
 322     boolean isDefaultCipherSuiteList(CipherSuiteList cipherSuites) {
 323         return (cipherSuites == getServerDefaultCipherSuiteList()) ||
 324                (cipherSuites == getClientDefaultCipherSuiteList());
 325     }
 326 
 327     /**
 328      * Return whether client or server side stapling has been enabled
 329      * for this SSLContextImpl
 330      * @param isClient true if the caller is operating in a client side role,
 331      * false if acting as a server.
 332      * @return true if stapling has been enabled for the specified role, false
 333      * otherwise.
 334      */
 335     boolean isStaplingEnabled(boolean isClient) {
 336         return isClient ? clientEnableStapling : serverEnableStapling;
 337     }
 338 
 339     /*
 340      * Return the list of all available CipherSuites with a priority of
 341      * minPriority or above.
 342      */
 343     private static CipherSuiteList getApplicableCipherSuiteList(
 344             ProtocolList protocols, boolean onlyEnabled) {
 345 
 346         int minPriority = CipherSuite.SUPPORTED_SUITES_PRIORITY;
 347         if (onlyEnabled) {
 348             minPriority = CipherSuite.DEFAULT_SUITES_PRIORITY;
 349         }
 350 
 351         Collection<CipherSuite> allowedCipherSuites =
 352                                     CipherSuite.allowedCipherSuites();
 353 
 354         TreeSet<CipherSuite> suites = new TreeSet<>();
 355         if (!(protocols.collection().isEmpty()) &&
 356                 protocols.min.v != ProtocolVersion.NONE.v) {
 357             for (CipherSuite suite : allowedCipherSuites) {
 358                 if (!suite.allowed || suite.priority < minPriority) {
 359                     continue;
 360                 }
 361 
 362                 if (suite.isAvailable() &&
 363                         !protocols.min.obsoletes(suite) &&
 364                         protocols.max.supports(suite)) {
 365                     if (SSLAlgorithmConstraints.DEFAULT.permits(
 366                             EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
 367                             suite.name, null)) {
 368                         suites.add(suite);
 369                     }
 370                 } else if (debug != null &&
 371                         Debug.isOn("sslctx") && Debug.isOn("verbose")) {
 372                     if (protocols.min.obsoletes(suite)) {
 373                         System.out.println(
 374                             "Ignoring obsoleted cipher suite: " + suite);
 375                     } else if (!protocols.max.supports(suite)) {
 376                         System.out.println(
 377                             "Ignoring unsupported cipher suite: " + suite);
 378                     } else {
 379                         System.out.println(
 380                             "Ignoring unavailable cipher suite: " + suite);
 381                     }
 382                 }
 383             }
 384         }
 385 
 386         return new CipherSuiteList(suites);
 387     }
 388 
 389     private static String[] getAvailableProtocols(
 390             ProtocolVersion[] protocolCandidates) {
 391 
 392         List<String> availableProtocols = Collections.<String>emptyList();
 393         if (protocolCandidates !=  null && protocolCandidates.length != 0) {
 394             availableProtocols = new ArrayList<>(protocolCandidates.length);
 395             for (ProtocolVersion p : protocolCandidates) {
 396                 if (ProtocolVersion.availableProtocols.contains(p)) {
 397                     availableProtocols.add(p.name);
 398                 }
 399             }
 400         }
 401 
 402         return availableProtocols.toArray(new String[0]);
 403     }
 404 
 405 
 406     /*
 407      * The SSLContext implementation for SSL/(D)TLS algorithm
 408      *
 409      * SSL/TLS protocols specify the forward compatibility and version
 410      * roll-back attack protections, however, a number of SSL/TLS server
 411      * vendors did not implement these aspects properly, and some current
 412      * SSL/TLS servers may refuse to talk to a TLS 1.1 or later client.
 413      *
 414      * Considering above interoperability issues, SunJSSE will not set
 415      * TLS 1.1 and TLS 1.2 as the enabled protocols for client by default.
 416      *
 417      * For SSL/TLS servers, there is no such interoperability issues as
 418      * SSL/TLS clients. In SunJSSE, TLS 1.1 or later version will be the
 419      * enabled protocols for server by default.
 420      *
 421      * We may change the behavior when popular TLS/SSL vendors support TLS
 422      * forward compatibility properly.
 423      *
 424      * SSLv2Hello is no longer necessary.  This interoperability option was
 425      * put in place in the late 90's when SSLv3/TLS1.0 were relatively new
 426      * and there were a fair number of SSLv2-only servers deployed.  Because
 427      * of the security issues in SSLv2, it is rarely (if ever) used, as
 428      * deployments should now be using SSLv3 and TLSv1.
 429      *
 430      * Considering the issues of SSLv2Hello, we should not enable SSLv2Hello
 431      * by default. Applications still can use it by enabling SSLv2Hello with
 432      * the series of setEnabledProtocols APIs.
 433      */
 434 
 435     /*
 436      * The base abstract SSLContext implementation for the Transport Layer
 437      * Security (TLS) protocols.
 438      *
 439      * This abstract class encapsulates supported and the default server
 440      * SSL/TLS parameters.
 441      *
 442      * @see SSLContext
 443      */
 444     private abstract static class AbstractTLSContext extends SSLContextImpl {
 445         private static final ProtocolList supportedProtocolList;
 446         private static final ProtocolList serverDefaultProtocolList;
 447 
 448         private static final CipherSuiteList supportedCipherSuiteList;
 449         private static final CipherSuiteList serverDefaultCipherSuiteList;
 450 
 451         static {
 452             if (SunJSSE.isFIPS()) {
 453                 supportedProtocolList = new ProtocolList(new String[] {
 454                     ProtocolVersion.TLS10.name,
 455                     ProtocolVersion.TLS11.name,
 456                     ProtocolVersion.TLS12.name
 457                 });
 458 
 459                 serverDefaultProtocolList = new ProtocolList(
 460                         getAvailableProtocols(new ProtocolVersion[] {
 461                     ProtocolVersion.TLS10,
 462                     ProtocolVersion.TLS11,
 463                     ProtocolVersion.TLS12
 464                 }));
 465             } else {
 466                 supportedProtocolList = new ProtocolList(new String[] {
 467                     ProtocolVersion.SSL20Hello.name,
 468                     ProtocolVersion.SSL30.name,
 469                     ProtocolVersion.TLS10.name,
 470                     ProtocolVersion.TLS11.name,
 471                     ProtocolVersion.TLS12.name
 472                 });
 473 
 474                 serverDefaultProtocolList = new ProtocolList(
 475                         getAvailableProtocols(new ProtocolVersion[] {
 476                     ProtocolVersion.SSL20Hello,
 477                     ProtocolVersion.SSL30,
 478                     ProtocolVersion.TLS10,
 479                     ProtocolVersion.TLS11,
 480                     ProtocolVersion.TLS12
 481                 }));
 482             }
 483 
 484             supportedCipherSuiteList = getApplicableCipherSuiteList(
 485                     supportedProtocolList, false);          // all supported
 486             serverDefaultCipherSuiteList = getApplicableCipherSuiteList(
 487                     serverDefaultProtocolList, true);       // enabled only
 488         }
 489 
 490         @Override
 491         ProtocolList getSuportedProtocolList() {
 492             return supportedProtocolList;
 493         }
 494 
 495         @Override
 496         CipherSuiteList getSupportedCipherSuiteList() {
 497             return supportedCipherSuiteList;
 498         }
 499 
 500         @Override
 501         ProtocolList getServerDefaultProtocolList() {
 502             return serverDefaultProtocolList;
 503         }
 504 
 505         @Override
 506         CipherSuiteList getServerDefaultCipherSuiteList() {
 507             return serverDefaultCipherSuiteList;
 508         }
 509 
 510         @Override
 511         SSLEngine createSSLEngineImpl() {
 512             return new SSLEngineImpl(this, false);
 513         }
 514 
 515         @Override
 516         SSLEngine createSSLEngineImpl(String host, int port) {
 517             return new SSLEngineImpl(this, host, port, false);
 518         }
 519     }
 520 
 521     /*
 522      * The SSLContext implementation for SSLv3 and TLS10 algorithm
 523      *
 524      * @see SSLContext
 525      */
 526     public static final class TLS10Context extends AbstractTLSContext {
 527         private static final ProtocolList clientDefaultProtocolList;
 528         private static final CipherSuiteList clientDefaultCipherSuiteList;
 529 
 530         static {
 531             if (SunJSSE.isFIPS()) {
 532                 clientDefaultProtocolList = new ProtocolList(
 533                         getAvailableProtocols(new ProtocolVersion[] {
 534                     ProtocolVersion.TLS10
 535                 }));
 536             } else {
 537                 clientDefaultProtocolList = new ProtocolList(
 538                         getAvailableProtocols(new ProtocolVersion[] {
 539                     ProtocolVersion.SSL30,
 540                     ProtocolVersion.TLS10
 541                 }));
 542             }
 543 
 544             clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
 545                     clientDefaultProtocolList, true);       // enabled only
 546         }
 547 
 548         @Override
 549         ProtocolList getClientDefaultProtocolList() {
 550             return clientDefaultProtocolList;
 551         }
 552 
 553         @Override
 554         CipherSuiteList getClientDefaultCipherSuiteList() {
 555             return clientDefaultCipherSuiteList;
 556         }
 557     }
 558 
 559     /*
 560      * The SSLContext implementation for TLS11 algorithm
 561      *
 562      * @see SSLContext
 563      */
 564     public static final class TLS11Context extends AbstractTLSContext {
 565         private static final ProtocolList clientDefaultProtocolList;
 566         private static final CipherSuiteList clientDefaultCipherSuiteList;
 567 
 568         static {
 569             if (SunJSSE.isFIPS()) {
 570                 clientDefaultProtocolList = new ProtocolList(
 571                         getAvailableProtocols(new ProtocolVersion[] {
 572                     ProtocolVersion.TLS10,
 573                     ProtocolVersion.TLS11
 574                 }));
 575             } else {
 576                 clientDefaultProtocolList = new ProtocolList(
 577                         getAvailableProtocols(new ProtocolVersion[] {
 578                     ProtocolVersion.SSL30,
 579                     ProtocolVersion.TLS10,
 580                     ProtocolVersion.TLS11
 581                 }));
 582             }
 583 
 584             clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
 585                     clientDefaultProtocolList, true);       // enabled only
 586         }
 587 
 588         @Override
 589         ProtocolList getClientDefaultProtocolList() {
 590             return clientDefaultProtocolList;
 591         }
 592 
 593         @Override
 594         CipherSuiteList getClientDefaultCipherSuiteList() {
 595             return clientDefaultCipherSuiteList;
 596         }
 597     }
 598 
 599     /*
 600      * The SSLContext implementation for TLS12 algorithm
 601      *
 602      * @see SSLContext
 603      */
 604     public static final class TLS12Context extends AbstractTLSContext {
 605         private static final ProtocolList clientDefaultProtocolList;
 606         private static final CipherSuiteList clientDefaultCipherSuiteList;
 607 
 608         static {
 609             if (SunJSSE.isFIPS()) {
 610                 clientDefaultProtocolList = new ProtocolList(
 611                         getAvailableProtocols(new ProtocolVersion[] {
 612                     ProtocolVersion.TLS10,
 613                     ProtocolVersion.TLS11,
 614                     ProtocolVersion.TLS12
 615                 }));
 616             } else {
 617                 clientDefaultProtocolList = new ProtocolList(
 618                         getAvailableProtocols(new ProtocolVersion[] {
 619                     ProtocolVersion.SSL30,
 620                     ProtocolVersion.TLS10,
 621                     ProtocolVersion.TLS11,
 622                     ProtocolVersion.TLS12
 623                 }));
 624             }
 625 
 626             clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
 627                     clientDefaultProtocolList, true);       // enabled only
 628         }
 629 
 630         @Override
 631         ProtocolList getClientDefaultProtocolList() {
 632             return clientDefaultProtocolList;
 633         }
 634 
 635         @Override
 636         CipherSuiteList getClientDefaultCipherSuiteList() {
 637             return clientDefaultCipherSuiteList;
 638         }
 639     }
 640 
 641     /*
 642      * The interface for the customized SSL/(D)TLS SSLContext.
 643      *
 644      * @see SSLContext
 645      */
 646     private static class CustomizedSSLProtocols {
 647         private static final String PROPERTY_NAME = "jdk.tls.client.protocols";
 648         static IllegalArgumentException reservedException = null;
 649         static ArrayList<ProtocolVersion>
 650                                 customizedProtocols = new ArrayList<>();
 651 
 652         // Don't want a java.lang.LinkageError for illegal system property.
 653         //
 654         // Please don't throw exception in this static block.  Otherwise,
 655         // java.lang.LinkageError may be thrown during the instantiation of
 656         // the provider service. Instead, please handle the initialization
 657         // exception in the caller's constructor.
 658         static {
 659             String property = GetPropertyAction.getProperty(PROPERTY_NAME);
 660             if (property != null && property.length() != 0) {
 661                 // remove double quote marks from beginning/end of the property
 662                 if (property.length() > 1 && property.charAt(0) == '"' &&
 663                         property.charAt(property.length() - 1) == '"') {
 664                     property = property.substring(1, property.length() - 1);
 665                 }
 666             }
 667 
 668             if (property != null && property.length() != 0) {
 669                 String[] protocols = property.split(",");
 670                 for (int i = 0; i < protocols.length; i++) {
 671                     protocols[i] = protocols[i].trim();
 672                     // Is it a supported protocol name?
 673                     try {
 674                         ProtocolVersion pro =
 675                                 ProtocolVersion.valueOf(protocols[i]);
 676 
 677                         if (SunJSSE.isFIPS() &&
 678                                 ((pro.v == ProtocolVersion.SSL30.v) ||
 679                                  (pro.v == ProtocolVersion.SSL20Hello.v))) {
 680                             reservedException = new IllegalArgumentException(
 681                                     PROPERTY_NAME + ": " + pro +
 682                                     " is not FIPS compliant");
 683 
 684                             break;
 685                         }
 686 
 687                         // ignore duplicated protocols
 688                         if (!customizedProtocols.contains(pro)) {
 689                             customizedProtocols.add(pro);
 690                         }
 691                     } catch (IllegalArgumentException iae) {
 692                         reservedException = new IllegalArgumentException(
 693                                 PROPERTY_NAME + ": " + protocols[i] +
 694                                 " is not a standard SSL protocol name", iae);
 695                     }
 696                 }
 697             }
 698         }
 699     }
 700 
 701     /*
 702      * The SSLContext implementation for customized TLS protocols
 703      *
 704      * @see SSLContext
 705      */
 706     private static class CustomizedTLSContext extends AbstractTLSContext {
 707 
 708         private static final ProtocolList clientDefaultProtocolList;
 709         private static final CipherSuiteList clientDefaultCipherSuiteList;
 710 
 711         private static IllegalArgumentException reservedException = null;
 712 
 713         // Don't want a java.lang.LinkageError for illegal system property.
 714         //
 715         // Please don't throw exception in this static block.  Otherwise,
 716         // java.lang.LinkageError may be thrown during the instantiation of
 717         // the provider service. Instead, let's handle the initialization
 718         // exception in constructor.
 719         static {
 720             reservedException = CustomizedSSLProtocols.reservedException;
 721             if (reservedException == null) {
 722                 ArrayList<ProtocolVersion>
 723                         customizedTLSProtocols = new ArrayList<>();
 724                 for (ProtocolVersion protocol :
 725                         CustomizedSSLProtocols.customizedProtocols) {
 726                     if (!protocol.isDTLSProtocol()) {
 727                         customizedTLSProtocols.add(protocol);
 728                     }
 729                 }
 730 
 731                 // candidates for available protocols
 732                 ProtocolVersion[] candidates;
 733                 if (customizedTLSProtocols.isEmpty()) {
 734                     // Use the default enabled client protocols if no
 735                     // customized TLS protocols.
 736                     if (SunJSSE.isFIPS()) {
 737                         candidates = new ProtocolVersion[] {
 738                             ProtocolVersion.TLS10,
 739                             ProtocolVersion.TLS11,
 740                             ProtocolVersion.TLS12
 741                         };
 742                     } else {
 743                         candidates = new ProtocolVersion[] {
 744                             ProtocolVersion.SSL30,
 745                             ProtocolVersion.TLS10,
 746                             ProtocolVersion.TLS11,
 747                             ProtocolVersion.TLS12
 748                         };
 749                     }
 750                 } else {
 751                     // Use the customized TLS protocols.
 752                     candidates =
 753                             new ProtocolVersion[customizedTLSProtocols.size()];
 754                     candidates = customizedTLSProtocols.toArray(candidates);
 755                 }
 756 
 757                 clientDefaultProtocolList = new ProtocolList(
 758                         getAvailableProtocols(candidates));
 759                 clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
 760                     clientDefaultProtocolList, true);   // enabled only
 761             } else {
 762                 clientDefaultProtocolList = null;       // unlikely to be used
 763                 clientDefaultCipherSuiteList = null;    // unlikely to be used
 764             }
 765         }
 766 
 767         protected CustomizedTLSContext() {
 768             if (reservedException != null) {
 769                 throw reservedException;
 770             }
 771         }
 772 
 773         @Override
 774         ProtocolList getClientDefaultProtocolList() {
 775             return clientDefaultProtocolList;
 776         }
 777 
 778         @Override
 779         CipherSuiteList getClientDefaultCipherSuiteList() {
 780             return clientDefaultCipherSuiteList;
 781         }
 782     }
 783 
 784     /*
 785      * The SSLContext implementation for default "TLS" algorithm
 786      *
 787      * @see SSLContext
 788      */
 789     public static final class TLSContext extends CustomizedTLSContext {
 790         // use the default constructor and methods
 791     }
 792 
 793     // lazy initialization holder class idiom for static default parameters
 794     //
 795     // See Effective Java Second Edition: Item 71.
 796     private static final class DefaultManagersHolder {
 797         private static final String NONE = "NONE";
 798         private static final String P11KEYSTORE = "PKCS11";
 799 
 800         private static final TrustManager[] trustManagers;
 801         private static final KeyManager[] keyManagers;
 802 
 803         static Exception reservedException = null;
 804 
 805         static {
 806             TrustManager[] tmMediator;
 807             try {
 808                 tmMediator = getTrustManagers();
 809             } catch (Exception e) {
 810                 reservedException = e;
 811                 tmMediator = new TrustManager[0];
 812             }
 813             trustManagers = tmMediator;
 814 
 815             if (reservedException == null) {
 816                 KeyManager[] kmMediator;
 817                 try {
 818                     kmMediator = getKeyManagers();
 819                 } catch (Exception e) {
 820                     reservedException = e;
 821                     kmMediator = new KeyManager[0];
 822                 }
 823                 keyManagers = kmMediator;
 824             } else {
 825                 keyManagers = new KeyManager[0];
 826             }
 827         }
 828 
 829         private static TrustManager[] getTrustManagers() throws Exception {
 830             KeyStore ks =
 831                 TrustManagerFactoryImpl.getCacertsKeyStore("defaultctx");
 832 
 833             TrustManagerFactory tmf = TrustManagerFactory.getInstance(
 834                 TrustManagerFactory.getDefaultAlgorithm());
 835             tmf.init(ks);
 836             return tmf.getTrustManagers();
 837         }
 838 
 839         private static KeyManager[] getKeyManagers() throws Exception {
 840 
 841             final Map<String,String> props = new HashMap<>();
 842             AccessController.doPrivileged(
 843                         new PrivilegedExceptionAction<Object>() {
 844                 @Override
 845                 public Object run() throws Exception {
 846                     props.put("keyStore",  System.getProperty(
 847                                 "javax.net.ssl.keyStore", ""));
 848                     props.put("keyStoreType", System.getProperty(
 849                                 "javax.net.ssl.keyStoreType",
 850                                 KeyStore.getDefaultType()));
 851                     props.put("keyStoreProvider", System.getProperty(
 852                                 "javax.net.ssl.keyStoreProvider", ""));
 853                     props.put("keyStorePasswd", System.getProperty(
 854                                 "javax.net.ssl.keyStorePassword", ""));
 855                     return null;
 856                 }
 857             });
 858 
 859             final String defaultKeyStore = props.get("keyStore");
 860             String defaultKeyStoreType = props.get("keyStoreType");
 861             String defaultKeyStoreProvider = props.get("keyStoreProvider");
 862             if (debug != null && Debug.isOn("defaultctx")) {
 863                 System.out.println("keyStore is : " + defaultKeyStore);
 864                 System.out.println("keyStore type is : " +
 865                                         defaultKeyStoreType);
 866                 System.out.println("keyStore provider is : " +
 867                                         defaultKeyStoreProvider);
 868             }
 869 
 870             if (P11KEYSTORE.equals(defaultKeyStoreType) &&
 871                     !NONE.equals(defaultKeyStore)) {
 872                 throw new IllegalArgumentException("if keyStoreType is "
 873                     + P11KEYSTORE + ", then keyStore must be " + NONE);
 874             }
 875 
 876             FileInputStream fs = null;
 877             KeyStore ks = null;
 878             char[] passwd = null;
 879             try {
 880                 if (defaultKeyStore.length() != 0 &&
 881                         !NONE.equals(defaultKeyStore)) {
 882                     fs = AccessController.doPrivileged(
 883                             new PrivilegedExceptionAction<FileInputStream>() {
 884                         @Override
 885                         public FileInputStream run() throws Exception {
 886                             return new FileInputStream(defaultKeyStore);
 887                         }
 888                     });
 889                 }
 890 
 891                 String defaultKeyStorePassword = props.get("keyStorePasswd");
 892                 if (defaultKeyStorePassword.length() != 0) {
 893                     passwd = defaultKeyStorePassword.toCharArray();
 894                 }
 895 
 896                 /**
 897                  * Try to initialize key store.
 898                  */
 899                 if ((defaultKeyStoreType.length()) != 0) {
 900                     if (debug != null && Debug.isOn("defaultctx")) {
 901                         System.out.println("init keystore");
 902                     }
 903                     if (defaultKeyStoreProvider.length() == 0) {
 904                         ks = KeyStore.getInstance(defaultKeyStoreType);
 905                     } else {
 906                         ks = KeyStore.getInstance(defaultKeyStoreType,
 907                                             defaultKeyStoreProvider);
 908                     }
 909 
 910                     // if defaultKeyStore is NONE, fs will be null
 911                     ks.load(fs, passwd);
 912                 }
 913             } finally {
 914                 if (fs != null) {
 915                     fs.close();
 916                     fs = null;
 917                 }
 918             }
 919 
 920             /*
 921              * Try to initialize key manager.
 922              */
 923             if (debug != null && Debug.isOn("defaultctx")) {
 924                 System.out.println("init keymanager of type " +
 925                     KeyManagerFactory.getDefaultAlgorithm());
 926             }
 927             KeyManagerFactory kmf = KeyManagerFactory.getInstance(
 928                 KeyManagerFactory.getDefaultAlgorithm());
 929 
 930             if (P11KEYSTORE.equals(defaultKeyStoreType)) {
 931                 kmf.init(ks, null); // do not pass key passwd if using token
 932             } else {
 933                 kmf.init(ks, passwd);
 934             }
 935 
 936             return kmf.getKeyManagers();
 937         }
 938     }
 939 
 940     // lazy initialization holder class idiom for static default parameters
 941     //
 942     // See Effective Java Second Edition: Item 71.
 943     private static final class DefaultSSLContextHolder {
 944 
 945         private static final SSLContextImpl sslContext;
 946         static Exception reservedException = null;
 947 
 948         static {
 949             SSLContextImpl mediator = null;
 950             if (DefaultManagersHolder.reservedException != null) {
 951                 reservedException = DefaultManagersHolder.reservedException;
 952             } else {
 953                 try {
 954                     mediator = new DefaultSSLContext();
 955                 } catch (Exception e) {
 956                     reservedException = e;
 957                 }
 958             }
 959 
 960             sslContext = mediator;
 961         }
 962     }
 963 
 964     /*
 965      * The SSLContext implementation for default "Default" algorithm
 966      *
 967      * @see SSLContext
 968      */
 969     public static final class DefaultSSLContext extends CustomizedTLSContext {
 970 
 971         // public constructor for SSLContext.getInstance("Default")
 972         public DefaultSSLContext() throws Exception {
 973             if (DefaultManagersHolder.reservedException != null) {
 974                 throw DefaultManagersHolder.reservedException;
 975             }
 976 
 977             try {
 978                 super.engineInit(DefaultManagersHolder.keyManagers,
 979                         DefaultManagersHolder.trustManagers, null);
 980             } catch (Exception e) {
 981                 if (debug != null && Debug.isOn("defaultctx")) {
 982                     System.out.println("default context init failed: " + e);
 983                 }
 984                 throw e;
 985             }
 986         }
 987 
 988         @Override
 989         protected void engineInit(KeyManager[] km, TrustManager[] tm,
 990             SecureRandom sr) throws KeyManagementException {
 991             throw new KeyManagementException
 992                 ("Default SSLContext is initialized automatically");
 993         }
 994 
 995         static SSLContextImpl getDefaultImpl() throws Exception {
 996             if (DefaultSSLContextHolder.reservedException != null) {
 997                 throw DefaultSSLContextHolder.reservedException;
 998             }
 999 
1000             return DefaultSSLContextHolder.sslContext;
1001         }
1002     }
1003 
1004     /*
1005      * The base abstract SSLContext implementation for the Datagram Transport
1006      * Layer Security (DTLS) protocols.
1007      *
1008      * This abstract class encapsulates supported and the default server DTLS
1009      * parameters.
1010      *
1011      * @see SSLContext
1012      */
1013     private abstract static class AbstractDTLSContext extends SSLContextImpl {
1014         private static final ProtocolList supportedProtocolList;
1015         private static final ProtocolList serverDefaultProtocolList;
1016 
1017         private static final CipherSuiteList supportedCipherSuiteList;
1018         private static final CipherSuiteList serverDefaultCipherSuiteList;
1019 
1020         static {
1021             // Both DTLSv1.0 and DTLSv1.2 can be used in FIPS mode.
1022             supportedProtocolList = new ProtocolList(new String[] {
1023                 ProtocolVersion.DTLS10.name,
1024                 ProtocolVersion.DTLS12.name
1025             });
1026 
1027             // available protocols for server mode
1028             serverDefaultProtocolList = new ProtocolList(
1029                     getAvailableProtocols(new ProtocolVersion[] {
1030                 ProtocolVersion.DTLS10,
1031                 ProtocolVersion.DTLS12
1032             }));
1033 
1034             supportedCipherSuiteList = getApplicableCipherSuiteList(
1035                     supportedProtocolList, false);          // all supported
1036             serverDefaultCipherSuiteList = getApplicableCipherSuiteList(
1037                     serverDefaultProtocolList, true);       // enabled only
1038         }
1039 
1040         @Override
1041         ProtocolList getSuportedProtocolList() {
1042             return supportedProtocolList;
1043         }
1044 
1045         @Override
1046         CipherSuiteList getSupportedCipherSuiteList() {
1047             return supportedCipherSuiteList;
1048         }
1049 
1050         @Override
1051         ProtocolList getServerDefaultProtocolList() {
1052             return serverDefaultProtocolList;
1053         }
1054 
1055         @Override
1056         CipherSuiteList getServerDefaultCipherSuiteList() {
1057             return serverDefaultCipherSuiteList;
1058         }
1059 
1060         @Override
1061         SSLEngine createSSLEngineImpl() {
1062             return new SSLEngineImpl(this, true);
1063         }
1064 
1065         @Override
1066         SSLEngine createSSLEngineImpl(String host, int port) {
1067             return new SSLEngineImpl(this, host, port, true);
1068         }
1069 
1070         @Override
1071         HelloCookieManager getHelloCookieManager(SecureRandom secureRandom) {
1072             return new HelloCookieManager(secureRandom);
1073         }
1074     }
1075 
1076     /*
1077      * The SSLContext implementation for DTLSv1.0 algorithm.
1078      *
1079      * @see SSLContext
1080      */
1081     public static final class DTLS10Context extends AbstractDTLSContext {
1082         private static final ProtocolList clientDefaultProtocolList;
1083         private static final CipherSuiteList clientDefaultCipherSuiteList;
1084 
1085         static {
1086             // available protocols for client mode
1087             clientDefaultProtocolList = new ProtocolList(
1088                     getAvailableProtocols(new ProtocolVersion[] {
1089                 ProtocolVersion.DTLS10
1090             }));
1091 
1092             clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
1093                     clientDefaultProtocolList, true);       // enabled only
1094         }
1095 
1096         @Override
1097         ProtocolList getClientDefaultProtocolList() {
1098             return clientDefaultProtocolList;
1099         }
1100 
1101         @Override
1102         CipherSuiteList getClientDefaultCipherSuiteList() {
1103             return clientDefaultCipherSuiteList;
1104         }
1105     }
1106 
1107     /*
1108      * The SSLContext implementation for DTLSv1.2 algorithm.
1109      *
1110      * @see SSLContext
1111      */
1112     public static final class DTLS12Context extends AbstractDTLSContext {
1113         private static final ProtocolList clientDefaultProtocolList;
1114         private static final CipherSuiteList clientDefaultCipherSuiteList;
1115 
1116         static {
1117             // available protocols for client mode
1118             clientDefaultProtocolList = new ProtocolList(
1119                     getAvailableProtocols(new ProtocolVersion[] {
1120                 ProtocolVersion.DTLS10,
1121                 ProtocolVersion.DTLS12
1122             }));
1123 
1124             clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
1125                     clientDefaultProtocolList, true);       // enabled only
1126         }
1127 
1128         @Override
1129         ProtocolList getClientDefaultProtocolList() {
1130             return clientDefaultProtocolList;
1131         }
1132 
1133         @Override
1134         CipherSuiteList getClientDefaultCipherSuiteList() {
1135             return clientDefaultCipherSuiteList;
1136         }
1137     }
1138 
1139     /*
1140      * The SSLContext implementation for customized TLS protocols
1141      *
1142      * @see SSLContext
1143      */
1144     private static class CustomizedDTLSContext extends AbstractDTLSContext {
1145         private static final ProtocolList clientDefaultProtocolList;
1146         private static final CipherSuiteList clientDefaultCipherSuiteList;
1147 
1148         private static IllegalArgumentException reservedException = null;
1149 
1150         // Don't want a java.lang.LinkageError for illegal system property.
1151         //
1152         // Please don't throw exception in this static block.  Otherwise,
1153         // java.lang.LinkageError may be thrown during the instantiation of
1154         // the provider service. Instead, let's handle the initialization
1155         // exception in constructor.
1156         static {
1157             reservedException = CustomizedSSLProtocols.reservedException;
1158             if (reservedException == null) {
1159                 ArrayList<ProtocolVersion>
1160                         customizedDTLSProtocols = new ArrayList<>();
1161                 for (ProtocolVersion protocol :
1162                         CustomizedSSLProtocols.customizedProtocols) {
1163                     if (protocol.isDTLSProtocol()) {
1164                         customizedDTLSProtocols.add(protocol);
1165                     }
1166                 }
1167 
1168                 // candidates for available protocols
1169                 ProtocolVersion[] candidates;
1170                 if (customizedDTLSProtocols.isEmpty()) {
1171                     // Use the default enabled client protocols if no
1172                     // customized TLS protocols.
1173                     //
1174                     // Both DTLSv1.0 and DTLSv1.2 can be used in FIPS mode.
1175                     candidates = new ProtocolVersion[] {
1176                         ProtocolVersion.DTLS10,
1177                         ProtocolVersion.DTLS12
1178                     };
1179 
1180                 } else {
1181                     // Use the customized TLS protocols.
1182                     candidates =
1183                             new ProtocolVersion[customizedDTLSProtocols.size()];
1184                     candidates = customizedDTLSProtocols.toArray(candidates);
1185                 }
1186 
1187                 clientDefaultProtocolList = new ProtocolList(
1188                         getAvailableProtocols(candidates));
1189                 clientDefaultCipherSuiteList = getApplicableCipherSuiteList(
1190                     clientDefaultProtocolList, true);   // enabled only
1191             } else {
1192                 clientDefaultProtocolList = null;       // unlikely to be used
1193                 clientDefaultCipherSuiteList = null;    // unlikely to be used
1194             }
1195         }
1196 
1197         protected CustomizedDTLSContext() {
1198             if (reservedException != null) {
1199                 throw reservedException;
1200             }
1201         }
1202 
1203         @Override
1204         ProtocolList getClientDefaultProtocolList() {
1205             return clientDefaultProtocolList;
1206         }
1207 
1208         @Override
1209         CipherSuiteList getClientDefaultCipherSuiteList() {
1210             return clientDefaultCipherSuiteList;
1211         }
1212     }
1213 
1214     /*
1215      * The SSLContext implementation for default "DTLS" algorithm
1216      *
1217      * @see SSLContext
1218      */
1219     public static final class DTLSContext extends CustomizedDTLSContext {
1220         // use the default constructor and methods
1221     }
1222 
1223 }
1224 
1225 
1226 final class AbstractTrustManagerWrapper extends X509ExtendedTrustManager
1227             implements X509TrustManager {
1228 
1229     // the delegated trust manager
1230     private final X509TrustManager tm;
1231 
1232     AbstractTrustManagerWrapper(X509TrustManager tm) {
1233         this.tm = tm;
1234     }
1235 
1236     @Override
1237     public void checkClientTrusted(X509Certificate[] chain, String authType)
1238         throws CertificateException {
1239         tm.checkClientTrusted(chain, authType);
1240     }
1241 
1242     @Override
1243     public void checkServerTrusted(X509Certificate[] chain, String authType)
1244         throws CertificateException {
1245         tm.checkServerTrusted(chain, authType);
1246     }
1247 
1248     @Override
1249     public X509Certificate[] getAcceptedIssuers() {
1250         return tm.getAcceptedIssuers();
1251     }
1252 
1253     @Override
1254     public void checkClientTrusted(X509Certificate[] chain, String authType,
1255                 Socket socket) throws CertificateException {
1256         tm.checkClientTrusted(chain, authType);
1257         checkAdditionalTrust(chain, authType, socket, true);
1258     }
1259 
1260     @Override
1261     public void checkServerTrusted(X509Certificate[] chain, String authType,
1262             Socket socket) throws CertificateException {
1263         tm.checkServerTrusted(chain, authType);
1264         checkAdditionalTrust(chain, authType, socket, false);
1265     }
1266 
1267     @Override
1268     public void checkClientTrusted(X509Certificate[] chain, String authType,
1269             SSLEngine engine) throws CertificateException {
1270         tm.checkClientTrusted(chain, authType);
1271         checkAdditionalTrust(chain, authType, engine, true);
1272     }
1273 
1274     @Override
1275     public void checkServerTrusted(X509Certificate[] chain, String authType,
1276             SSLEngine engine) throws CertificateException {
1277         tm.checkServerTrusted(chain, authType);
1278         checkAdditionalTrust(chain, authType, engine, false);
1279     }
1280 
1281     private void checkAdditionalTrust(X509Certificate[] chain, String authType,
1282                 Socket socket, boolean isClient) throws CertificateException {
1283         if (socket != null && socket.isConnected() &&
1284                                     socket instanceof SSLSocket) {
1285 
1286             SSLSocket sslSocket = (SSLSocket)socket;
1287             SSLSession session = sslSocket.getHandshakeSession();
1288             if (session == null) {
1289                 throw new CertificateException("No handshake session");
1290             }
1291 
1292             // check endpoint identity
1293             String identityAlg = sslSocket.getSSLParameters().
1294                                         getEndpointIdentificationAlgorithm();
1295             if (identityAlg != null && identityAlg.length() != 0) {
1296                 String hostname = session.getPeerHost();
1297                 X509TrustManagerImpl.checkIdentity(
1298                                     hostname, chain[0], identityAlg);
1299             }
1300 
1301             // try the best to check the algorithm constraints
1302             ProtocolVersion protocolVersion =
1303                 ProtocolVersion.valueOf(session.getProtocol());
1304             AlgorithmConstraints constraints = null;
1305             if (protocolVersion.useTLS12PlusSpec()) {
1306                 if (session instanceof ExtendedSSLSession) {
1307                     ExtendedSSLSession extSession =
1308                                     (ExtendedSSLSession)session;
1309                     String[] peerSupportedSignAlgs =
1310                             extSession.getLocalSupportedSignatureAlgorithms();
1311 
1312                     constraints = new SSLAlgorithmConstraints(
1313                                     sslSocket, peerSupportedSignAlgs, true);
1314                 } else {
1315                     constraints =
1316                             new SSLAlgorithmConstraints(sslSocket, true);
1317                 }
1318             } else {
1319                 constraints = new SSLAlgorithmConstraints(sslSocket, true);
1320             }
1321 
1322             checkAlgorithmConstraints(chain, constraints);
1323         }
1324     }
1325 
1326     private void checkAdditionalTrust(X509Certificate[] chain, String authType,
1327             SSLEngine engine, boolean isClient) throws CertificateException {
1328         if (engine != null) {
1329             SSLSession session = engine.getHandshakeSession();
1330             if (session == null) {
1331                 throw new CertificateException("No handshake session");
1332             }
1333 
1334             // check endpoint identity
1335             String identityAlg = engine.getSSLParameters().
1336                                         getEndpointIdentificationAlgorithm();
1337             if (identityAlg != null && identityAlg.length() != 0) {
1338                 String hostname = session.getPeerHost();
1339                 X509TrustManagerImpl.checkIdentity(
1340                                     hostname, chain[0], identityAlg);
1341             }
1342 
1343             // try the best to check the algorithm constraints
1344             ProtocolVersion protocolVersion =
1345                 ProtocolVersion.valueOf(session.getProtocol());
1346             AlgorithmConstraints constraints = null;
1347             if (protocolVersion.useTLS12PlusSpec()) {
1348                 if (session instanceof ExtendedSSLSession) {
1349                     ExtendedSSLSession extSession =
1350                                     (ExtendedSSLSession)session;
1351                     String[] peerSupportedSignAlgs =
1352                             extSession.getLocalSupportedSignatureAlgorithms();
1353 
1354                     constraints = new SSLAlgorithmConstraints(
1355                                     engine, peerSupportedSignAlgs, true);
1356                 } else {
1357                     constraints =
1358                             new SSLAlgorithmConstraints(engine, true);
1359                 }
1360             } else {
1361                 constraints = new SSLAlgorithmConstraints(engine, true);
1362             }
1363 
1364             checkAlgorithmConstraints(chain, constraints);
1365         }
1366     }
1367 
1368     private void checkAlgorithmConstraints(X509Certificate[] chain,
1369             AlgorithmConstraints constraints) throws CertificateException {
1370 
1371         try {
1372             // Does the certificate chain end with a trusted certificate?
1373             int checkedLength = chain.length - 1;
1374 
1375             Collection<X509Certificate> trustedCerts = new HashSet<>();
1376             X509Certificate[] certs = tm.getAcceptedIssuers();
1377             if ((certs != null) && (certs.length > 0)){
1378                 Collections.addAll(trustedCerts, certs);
1379             }
1380 
1381             if (trustedCerts.contains(chain[checkedLength])) {
1382                     checkedLength--;
1383             }
1384 
1385             // A forward checker, need to check from trust to target
1386             if (checkedLength >= 0) {
1387                 AlgorithmChecker checker = new AlgorithmChecker(constraints);
1388                 checker.init(false);
1389                 for (int i = checkedLength; i >= 0; i--) {
1390                     Certificate cert = chain[i];
1391                     // We don't care about the unresolved critical extensions.
1392                     checker.check(cert, Collections.<String>emptySet());
1393                 }
1394             }
1395         } catch (CertPathValidatorException cpve) {
1396             throw new CertificateException(
1397                 "Certificates does not conform to algorithm constraints");
1398         }
1399     }
1400 }
1401 
1402 // Dummy X509TrustManager implementation, rejects all peer certificates.
1403 // Used if the application did not specify a proper X509TrustManager.
1404 final class DummyX509TrustManager extends X509ExtendedTrustManager
1405             implements X509TrustManager {
1406 
1407     static final X509TrustManager INSTANCE = new DummyX509TrustManager();
1408 
1409     private DummyX509TrustManager() {
1410         // empty
1411     }
1412 
1413     /*
1414      * Given the partial or complete certificate chain
1415      * provided by the peer, build a certificate path
1416      * to a trusted root and return if it can be
1417      * validated and is trusted for client SSL authentication.
1418      * If not, it throws an exception.
1419      */
1420     @Override
1421     public void checkClientTrusted(X509Certificate[] chain, String authType)
1422         throws CertificateException {
1423         throw new CertificateException(
1424             "No X509TrustManager implementation avaiable");
1425     }
1426 
1427     /*
1428      * Given the partial or complete certificate chain
1429      * provided by the peer, build a certificate path
1430      * to a trusted root and return if it can be
1431      * validated and is trusted for server SSL authentication.
1432      * If not, it throws an exception.
1433      */
1434     @Override
1435     public void checkServerTrusted(X509Certificate[] chain, String authType)
1436         throws CertificateException {
1437         throw new CertificateException(
1438             "No X509TrustManager implementation available");
1439     }
1440 
1441     /*
1442      * Return an array of issuer certificates which are trusted
1443      * for authenticating peers.
1444      */
1445     @Override
1446     public X509Certificate[] getAcceptedIssuers() {
1447         return new X509Certificate[0];
1448     }
1449 
1450     @Override
1451     public void checkClientTrusted(X509Certificate[] chain, String authType,
1452                 Socket socket) throws CertificateException {
1453         throw new CertificateException(
1454             "No X509TrustManager implementation available");
1455     }
1456 
1457     @Override
1458     public void checkServerTrusted(X509Certificate[] chain, String authType,
1459             Socket socket) throws CertificateException {
1460         throw new CertificateException(
1461             "No X509TrustManager implementation available");
1462     }
1463 
1464     @Override
1465     public void checkClientTrusted(X509Certificate[] chain, String authType,
1466             SSLEngine engine) throws CertificateException {
1467         throw new CertificateException(
1468             "No X509TrustManager implementation available");
1469     }
1470 
1471     @Override
1472     public void checkServerTrusted(X509Certificate[] chain, String authType,
1473             SSLEngine engine) throws CertificateException {
1474         throw new CertificateException(
1475             "No X509TrustManager implementation available");
1476     }
1477 }
1478 
1479 /*
1480  * A wrapper class to turn a X509KeyManager into an X509ExtendedKeyManager
1481  */
1482 final class AbstractKeyManagerWrapper extends X509ExtendedKeyManager {
1483 
1484     private final X509KeyManager km;
1485 
1486     AbstractKeyManagerWrapper(X509KeyManager km) {
1487         this.km = km;
1488     }
1489 
1490     @Override
1491     public String[] getClientAliases(String keyType, Principal[] issuers) {
1492         return km.getClientAliases(keyType, issuers);
1493     }
1494 
1495     @Override
1496     public String chooseClientAlias(String[] keyType, Principal[] issuers,
1497             Socket socket) {
1498         return km.chooseClientAlias(keyType, issuers, socket);
1499     }
1500 
1501     @Override
1502     public String[] getServerAliases(String keyType, Principal[] issuers) {
1503         return km.getServerAliases(keyType, issuers);
1504     }
1505 
1506     @Override
1507     public String chooseServerAlias(String keyType, Principal[] issuers,
1508             Socket socket) {
1509         return km.chooseServerAlias(keyType, issuers, socket);
1510     }
1511 
1512     @Override
1513     public X509Certificate[] getCertificateChain(String alias) {
1514         return km.getCertificateChain(alias);
1515     }
1516 
1517     @Override
1518     public PrivateKey getPrivateKey(String alias) {
1519         return km.getPrivateKey(alias);
1520     }
1521 
1522     // Inherit chooseEngineClientAlias() and chooseEngineServerAlias() from
1523     // X509ExtendedKeymanager. It defines them to return null;
1524 }
1525 
1526 
1527 // Dummy X509KeyManager implementation, never returns any certificates/keys.
1528 // Used if the application did not specify a proper X509TrustManager.
1529 final class DummyX509KeyManager extends X509ExtendedKeyManager {
1530 
1531     static final X509ExtendedKeyManager INSTANCE = new DummyX509KeyManager();
1532 
1533     private DummyX509KeyManager() {
1534         // empty
1535     }
1536 
1537     /*
1538      * Get the matching aliases for authenticating the client side of a secure
1539      * socket given the public key type and the list of
1540      * certificate issuer authorities recognized by the peer (if any).
1541      */
1542     @Override
1543     public String[] getClientAliases(String keyType, Principal[] issuers) {
1544         return null;
1545     }
1546 
1547     /*
1548      * Choose an alias to authenticate the client side of a secure
1549      * socket given the public key type and the list of
1550      * certificate issuer authorities recognized by the peer (if any).
1551      */
1552     @Override
1553     public String chooseClientAlias(String[] keyTypes, Principal[] issuers,
1554             Socket socket) {
1555         return null;
1556     }
1557 
1558     /*
1559      * Choose an alias to authenticate the client side of an
1560      * engine given the public key type and the list of
1561      * certificate issuer authorities recognized by the peer (if any).
1562      */
1563     @Override
1564     public String chooseEngineClientAlias(
1565             String[] keyTypes, Principal[] issuers, SSLEngine engine) {
1566         return null;
1567     }
1568 
1569     /*
1570      * Get the matching aliases for authenticating the server side of a secure
1571      * socket given the public key type and the list of
1572      * certificate issuer authorities recognized by the peer (if any).
1573      */
1574     @Override
1575     public String[] getServerAliases(String keyType, Principal[] issuers) {
1576         return null;
1577     }
1578 
1579     /*
1580      * Choose an alias to authenticate the server side of a secure
1581      * socket given the public key type and the list of
1582      * certificate issuer authorities recognized by the peer (if any).
1583      */
1584     @Override
1585     public String chooseServerAlias(String keyType, Principal[] issuers,
1586             Socket socket) {
1587         return null;
1588     }
1589 
1590     /*
1591      * Choose an alias to authenticate the server side of an engine
1592      * given the public key type and the list of
1593      * certificate issuer authorities recognized by the peer (if any).
1594      */
1595     @Override
1596     public String chooseEngineServerAlias(
1597             String keyType, Principal[] issuers, SSLEngine engine) {
1598         return null;
1599     }
1600 
1601     /**
1602      * Returns the certificate chain associated with the given alias.
1603      *
1604      * @param alias the alias name
1605      *
1606      * @return the certificate chain (ordered with the user's certificate first
1607      * and the root certificate authority last)
1608      */
1609     @Override
1610     public X509Certificate[] getCertificateChain(String alias) {
1611         return null;
1612     }
1613 
1614     /*
1615      * Returns the key associated with the given alias, using the given
1616      * password to recover it.
1617      *
1618      * @param alias the alias name
1619      *
1620      * @return the requested key
1621      */
1622     @Override
1623     public PrivateKey getPrivateKey(String alias) {
1624         return null;
1625     }
1626 }