< prev index next >
src/java.base/share/classes/sun/security/ssl/JsseJce.java
Print this page
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
@@ -23,50 +23,34 @@
* questions.
*/
package sun.security.ssl;
-import java.util.*;
import java.math.BigInteger;
-
import java.security.*;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.*;
-
+import java.util.*;
import javax.crypto.*;
-
-// explicit import to override the Provider class in this package
-import java.security.Provider;
-
-// need internal Sun classes for FIPS tricks
-import sun.security.jca.Providers;
import sun.security.jca.ProviderList;
-
-import sun.security.util.ECUtil;
-
+import sun.security.jca.Providers;
import static sun.security.ssl.SunJSSE.cryptoProvider;
+import sun.security.util.ECUtil;
import static sun.security.util.SecurityConstants.PROVIDER_VER;
/**
* This class contains a few static methods for interaction with the JCA/JCE
* to obtain implementations, etc.
*
* @author Andreas Sterbenz
*/
final class JsseJce {
+ static final boolean ALLOW_ECC =
+ Utilities.getBooleanProperty("com.sun.net.ssl.enableECC", true);
private static final ProviderList fipsProviderList;
- // Flag indicating whether Kerberos crypto is available.
- // If true, then all the Kerberos-based crypto we need is available.
- private static final boolean kerberosAvailable;
- static {
- ClientKeyExchangeService p =
- ClientKeyExchangeService.find("KRB5");
- kerberosAvailable = (p != null);
- }
-
static {
// force FIPS flag initialization
// Because isFIPS() is synchronized and cryptoProvider is not modified
// after it completes, this also eliminates the need for any further
// synchronization when accessing cryptoProvider
@@ -179,11 +163,11 @@
static boolean isEcAvailable() {
return EcAvailability.isAvailable;
}
static boolean isKerberosAvailable() {
- return kerberosAvailable;
+ return false;
}
/**
* Return an JCE cipher implementation for the specified algorithm.
*/
@@ -297,11 +281,12 @@
// ignore
}
for (Provider.Service s : cryptoProvider.getServices()) {
if (s.getType().equals("SecureRandom")) {
try {
- return SecureRandom.getInstance(s.getAlgorithm(), cryptoProvider);
+ return SecureRandom.getInstance(
+ s.getAlgorithm(), cryptoProvider);
} catch (NoSuchAlgorithmException ee) {
// ignore
}
}
}
@@ -392,11 +377,11 @@
// lazy initialization holder class idiom for static default parameters
//
// See Effective Java Second Edition: Item 71.
private static class EcAvailability {
// Is EC crypto available?
- private final static boolean isAvailable;
+ private static final boolean isAvailable;
static {
boolean mediator = true;
try {
JsseJce.getSignature(SIGNATURE_ECDSA);
< prev index next >