44 *
45 * It is currently not possible to use both FIPS compliant SunJSSE and
46 * standard JSSE at the same time because of the various static data structures
47 * we use.
48 *
49 * However, we do want to allow FIPS mode to be enabled at runtime and without
50 * editing the java.security file. That means we need to allow
51 * Security.removeProvider("SunJSSE") to work, which creates an instance of
52 * this class in non-FIPS mode. That is why we delay the selection of the mode
53 * as long as possible. This is until we open an SSL/TLS connection and the
54 * data structures need to be initialized or until SunJSSE is initialized in
55 * FIPS mode.
56 *
57 */
58 public abstract class SunJSSE extends java.security.Provider {
59
60 private static final long serialVersionUID = 3231825739635378733L;
61
62 private static String info = "Sun JSSE provider" +
63 "(PKCS12, SunX509/PKIX key/trust factories, " +
64 "SSLv3/TLSv1/TLSv1.1/TLSv1.2)";
65
66 private static String fipsInfo =
67 "Sun JSSE provider (FIPS mode, crypto provider ";
68
69 // tri-valued flag:
70 // null := no final decision made
71 // false := data structures initialized in non-FIPS mode
72 // true := data structures initialized in FIPS mode
73 private static Boolean fips;
74
75 // the FIPS certificate crypto provider that we use to perform all crypto
76 // operations. null in non-FIPS mode
77 static java.security.Provider cryptoProvider;
78
79 protected static synchronized boolean isFIPS() {
80 if (fips == null) {
81 fips = false;
82 }
83 return fips;
84 }
203 "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory");
204 put("TrustManagerFactory.PKIX",
205 "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory");
206 put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX");
207 put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
208 put("Alg.Alias.TrustManagerFactory.X.509", "PKIX");
209
210 put("SSLContext.TLSv1",
211 "sun.security.ssl.SSLContextImpl$TLS10Context");
212 put("SSLContext.TLSv1.1",
213 "sun.security.ssl.SSLContextImpl$TLS11Context");
214 put("SSLContext.TLSv1.2",
215 "sun.security.ssl.SSLContextImpl$TLS12Context");
216 put("SSLContext.TLS",
217 "sun.security.ssl.SSLContextImpl$TLSContext");
218 if (isfips == false) {
219 put("Alg.Alias.SSLContext.SSL", "TLS");
220 put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
221 }
222
223 put("SSLContext.Default",
224 "sun.security.ssl.SSLContextImpl$DefaultSSLContext");
225
226 /*
227 * KeyStore
228 */
229 put("KeyStore.PKCS12",
230 "sun.security.pkcs12.PKCS12KeyStore");
231 }
232
233 private void subclassCheck() {
234 if (getClass() != com.sun.net.ssl.internal.ssl.Provider.class) {
235 throw new AssertionError("Illegal subclass: " + getClass());
236 }
237 }
238
239 @Override
240 protected final void finalize() throws Throwable {
241 // empty
242 super.finalize();
|
44 *
45 * It is currently not possible to use both FIPS compliant SunJSSE and
46 * standard JSSE at the same time because of the various static data structures
47 * we use.
48 *
49 * However, we do want to allow FIPS mode to be enabled at runtime and without
50 * editing the java.security file. That means we need to allow
51 * Security.removeProvider("SunJSSE") to work, which creates an instance of
52 * this class in non-FIPS mode. That is why we delay the selection of the mode
53 * as long as possible. This is until we open an SSL/TLS connection and the
54 * data structures need to be initialized or until SunJSSE is initialized in
55 * FIPS mode.
56 *
57 */
58 public abstract class SunJSSE extends java.security.Provider {
59
60 private static final long serialVersionUID = 3231825739635378733L;
61
62 private static String info = "Sun JSSE provider" +
63 "(PKCS12, SunX509/PKIX key/trust factories, " +
64 "SSLv3/TLSv1/TLSv1.1/TLSv1.2/DTLSv1.0/DTLSv1.2)";
65
66 private static String fipsInfo =
67 "Sun JSSE provider (FIPS mode, crypto provider ";
68
69 // tri-valued flag:
70 // null := no final decision made
71 // false := data structures initialized in non-FIPS mode
72 // true := data structures initialized in FIPS mode
73 private static Boolean fips;
74
75 // the FIPS certificate crypto provider that we use to perform all crypto
76 // operations. null in non-FIPS mode
77 static java.security.Provider cryptoProvider;
78
79 protected static synchronized boolean isFIPS() {
80 if (fips == null) {
81 fips = false;
82 }
83 return fips;
84 }
203 "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory");
204 put("TrustManagerFactory.PKIX",
205 "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory");
206 put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX");
207 put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
208 put("Alg.Alias.TrustManagerFactory.X.509", "PKIX");
209
210 put("SSLContext.TLSv1",
211 "sun.security.ssl.SSLContextImpl$TLS10Context");
212 put("SSLContext.TLSv1.1",
213 "sun.security.ssl.SSLContextImpl$TLS11Context");
214 put("SSLContext.TLSv1.2",
215 "sun.security.ssl.SSLContextImpl$TLS12Context");
216 put("SSLContext.TLS",
217 "sun.security.ssl.SSLContextImpl$TLSContext");
218 if (isfips == false) {
219 put("Alg.Alias.SSLContext.SSL", "TLS");
220 put("Alg.Alias.SSLContext.SSLv3", "TLSv1");
221 }
222
223 put("SSLContext.DTLSv1.0",
224 "sun.security.ssl.SSLContextImpl$DTLS10Context");
225 put("SSLContext.DTLSv1.2",
226 "sun.security.ssl.SSLContextImpl$DTLS12Context");
227 put("SSLContext.DTLS",
228 "sun.security.ssl.SSLContextImpl$DTLSContext");
229
230 put("SSLContext.Default",
231 "sun.security.ssl.SSLContextImpl$DefaultSSLContext");
232
233 /*
234 * KeyStore
235 */
236 put("KeyStore.PKCS12",
237 "sun.security.pkcs12.PKCS12KeyStore");
238 }
239
240 private void subclassCheck() {
241 if (getClass() != com.sun.net.ssl.internal.ssl.Provider.class) {
242 throw new AssertionError("Illegal subclass: " + getClass());
243 }
244 }
245
246 @Override
247 protected final void finalize() throws Throwable {
248 // empty
249 super.finalize();
|