< prev index next >
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
Print this page
rev 52899 : 8232424: More constrained algorithms
Reviewed-by: jnimeh, rhalade, ahgross
*** 69,139 ****
this.enabledX509DisabledAlgConstraints = true;
}
SSLAlgorithmConstraints(SSLSocket socket,
boolean withDefaultCertPathConstraints) {
! this.userSpecifiedConstraints = getConstraints(socket);
this.peerSpecifiedConstraints = null;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLEngine engine,
boolean withDefaultCertPathConstraints) {
! this.userSpecifiedConstraints = getConstraints(engine);
this.peerSpecifiedConstraints = null;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
! this.userSpecifiedConstraints = getConstraints(socket);
this.peerSpecifiedConstraints =
new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
! this.userSpecifiedConstraints = getConstraints(engine);
this.peerSpecifiedConstraints =
new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
! private static AlgorithmConstraints getConstraints(SSLEngine engine) {
if (engine != null) {
// Note that the KeyManager or TrustManager implementation may be
// not implemented in the same provider as SSLSocket/SSLEngine.
// Please check the instance before casting to use SSLEngineImpl.
if (engine instanceof SSLEngineImpl) {
HandshakeContext hc =
((SSLEngineImpl)engine).conContext.handshakeContext;
if (hc != null) {
! return hc.sslConfig.algorithmConstraints;
}
- } else {
- return engine.getSSLParameters().getAlgorithmConstraints();
}
}
return null;
}
! private static AlgorithmConstraints getConstraints(SSLSocket socket) {
if (socket != null) {
// Note that the KeyManager or TrustManager implementation may be
// not implemented in the same provider as SSLSocket/SSLEngine.
// Please check the instance before casting to use SSLSocketImpl.
if (socket instanceof SSLSocketImpl) {
HandshakeContext hc =
((SSLSocketImpl)socket).conContext.handshakeContext;
if (hc != null) {
! return hc.sslConfig.algorithmConstraints;
}
- } else {
- return socket.getSSLParameters().getAlgorithmConstraints();
}
}
return null;
}
--- 69,141 ----
this.enabledX509DisabledAlgConstraints = true;
}
SSLAlgorithmConstraints(SSLSocket socket,
boolean withDefaultCertPathConstraints) {
! this.userSpecifiedConstraints = getUserSpecifiedConstraints(socket);
this.peerSpecifiedConstraints = null;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLEngine engine,
boolean withDefaultCertPathConstraints) {
! this.userSpecifiedConstraints = getUserSpecifiedConstraints(engine);
this.peerSpecifiedConstraints = null;
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
! this.userSpecifiedConstraints = getUserSpecifiedConstraints(socket);
this.peerSpecifiedConstraints =
new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
! this.userSpecifiedConstraints = getUserSpecifiedConstraints(engine);
this.peerSpecifiedConstraints =
new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
! private static AlgorithmConstraints getUserSpecifiedConstraints(
! SSLEngine engine) {
if (engine != null) {
// Note that the KeyManager or TrustManager implementation may be
// not implemented in the same provider as SSLSocket/SSLEngine.
// Please check the instance before casting to use SSLEngineImpl.
if (engine instanceof SSLEngineImpl) {
HandshakeContext hc =
((SSLEngineImpl)engine).conContext.handshakeContext;
if (hc != null) {
! return hc.sslConfig.userSpecifiedAlgorithmConstraints;
}
}
+
+ return engine.getSSLParameters().getAlgorithmConstraints();
}
return null;
}
! private static AlgorithmConstraints getUserSpecifiedConstraints(
! SSLSocket socket) {
if (socket != null) {
// Note that the KeyManager or TrustManager implementation may be
// not implemented in the same provider as SSLSocket/SSLEngine.
// Please check the instance before casting to use SSLSocketImpl.
if (socket instanceof SSLSocketImpl) {
HandshakeContext hc =
((SSLSocketImpl)socket).conContext.handshakeContext;
if (hc != null) {
! return hc.sslConfig.userSpecifiedAlgorithmConstraints;
}
}
+
+ return socket.getSSLParameters().getAlgorithmConstraints();
}
return null;
}
< prev index next >