open Cdiff src/java.base/share/classes/sun/security/ssl/JsseJce.java

src/java.base/share/classes/sun/security/ssl/JsseJce.java


*** 1,7 ****
  /*
!  * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
   * under the terms of the GNU General Public License version 2 only, as
   * published by the Free Software Foundation.  Oracle designates this
--- 1,7 ----
  /*
!  * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
   * under the terms of the GNU General Public License version 2 only, as
   * published by the Free Software Foundation.  Oracle designates this
*** 23,72 ****
   * questions.
   */
  
  package sun.security.ssl;
  
- import java.util.*;
  import java.math.BigInteger;
- 
  import java.security.*;
  import java.security.interfaces.RSAPublicKey;
  import java.security.spec.*;
! 
  import javax.crypto.*;
- 
- // explicit import to override the Provider class in this package
- import java.security.Provider;
- 
- // need internal Sun classes for FIPS tricks
- import sun.security.jca.Providers;
  import sun.security.jca.ProviderList;
! 
! import sun.security.util.ECUtil;
! 
  import static sun.security.ssl.SunJSSE.cryptoProvider;
  import static sun.security.util.SecurityConstants.PROVIDER_VER;
  
  /**
   * This class contains a few static methods for interaction with the JCA/JCE
   * to obtain implementations, etc.
   *
   * @author  Andreas Sterbenz
   */
  final class JsseJce {
  
      private static final ProviderList fipsProviderList;
  
-     // Flag indicating whether Kerberos crypto is available.
-     // If true, then all the Kerberos-based crypto we need is available.
-     private static final boolean kerberosAvailable;
-     static {
-         ClientKeyExchangeService p =
-                 ClientKeyExchangeService.find("KRB5");
-         kerberosAvailable = (p != null);
-     }
- 
      static {
          // force FIPS flag initialization
          // Because isFIPS() is synchronized and cryptoProvider is not modified
          // after it completes, this also eliminates the need for any further
          // synchronization when accessing cryptoProvider
--- 23,56 ----
   * questions.
   */
  
  package sun.security.ssl;
  
  import java.math.BigInteger;
  import java.security.*;
  import java.security.interfaces.RSAPublicKey;
  import java.security.spec.*;
! import java.util.*;
  import javax.crypto.*;
  import sun.security.jca.ProviderList;
! import sun.security.jca.Providers;
  import static sun.security.ssl.SunJSSE.cryptoProvider;
+ import sun.security.util.ECUtil;
  import static sun.security.util.SecurityConstants.PROVIDER_VER;
  
  /**
   * This class contains a few static methods for interaction with the JCA/JCE
   * to obtain implementations, etc.
   *
   * @author  Andreas Sterbenz
   */
  final class JsseJce {
+     static final boolean ALLOW_ECC =
+             Utilities.getBooleanProperty("com.sun.net.ssl.enableECC", true);
  
      private static final ProviderList fipsProviderList;
  
      static {
          // force FIPS flag initialization
          // Because isFIPS() is synchronized and cryptoProvider is not modified
          // after it completes, this also eliminates the need for any further
          // synchronization when accessing cryptoProvider
*** 179,189 ****
      static boolean isEcAvailable() {
          return EcAvailability.isAvailable;
      }
  
      static boolean isKerberosAvailable() {
!         return kerberosAvailable;
      }
  
      /**
       * Return an JCE cipher implementation for the specified algorithm.
       */
--- 163,173 ----
      static boolean isEcAvailable() {
          return EcAvailability.isAvailable;
      }
  
      static boolean isKerberosAvailable() {
!         return false;
      }
  
      /**
       * Return an JCE cipher implementation for the specified algorithm.
       */
*** 297,307 ****
              // ignore
          }
          for (Provider.Service s : cryptoProvider.getServices()) {
              if (s.getType().equals("SecureRandom")) {
                  try {
!                     return SecureRandom.getInstance(s.getAlgorithm(), cryptoProvider);
                  } catch (NoSuchAlgorithmException ee) {
                      // ignore
                  }
              }
          }
--- 281,292 ----
              // ignore
          }
          for (Provider.Service s : cryptoProvider.getServices()) {
              if (s.getType().equals("SecureRandom")) {
                  try {
!                     return SecureRandom.getInstance(
!                             s.getAlgorithm(), cryptoProvider);
                  } catch (NoSuchAlgorithmException ee) {
                      // ignore
                  }
              }
          }
*** 392,402 ****
      // lazy initialization holder class idiom for static default parameters
      //
      // See Effective Java Second Edition: Item 71.
      private static class EcAvailability {
          // Is EC crypto available?
!         private final static boolean isAvailable;
  
          static {
              boolean mediator = true;
              try {
                  JsseJce.getSignature(SIGNATURE_ECDSA);
--- 377,387 ----
      // lazy initialization holder class idiom for static default parameters
      //
      // See Effective Java Second Edition: Item 71.
      private static class EcAvailability {
          // Is EC crypto available?
!         private static final boolean isAvailable;
  
          static {
              boolean mediator = true;
              try {
                  JsseJce.getSignature(SIGNATURE_ECDSA);
< prev index next >