< prev index next >

src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java

Print this page




  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.io.*;
  29 import java.net.Socket;
  30 import java.security.*;
  31 import java.security.cert.*;
  32 import java.util.*;
  33 import java.util.concurrent.locks.ReentrantLock;
  34 import javax.net.ssl.*;
  35 import sun.security.action.GetPropertyAction;
  36 import sun.security.provider.certpath.AlgorithmChecker;
  37 import sun.security.validator.Validator;
  38 
  39 /**
  40  * Implementation of an SSLContext.
  41  *
  42  * Implementation note: Instances of this class and the child classes are
  43  * immutable, except that the context initialization (SSLContext.init()) may
  44  * reset the key, trust managers and source of secure random.
  45  */
  46 
  47 public abstract class SSLContextImpl extends SSLContextSpi {
  48 
  49     private final EphemeralKeyManager ephemeralKeyManager;
  50     private final SSLSessionContextImpl clientCache;
  51     private final SSLSessionContextImpl serverCache;
  52 
  53     private boolean isInitialized;
  54 
  55     private X509ExtendedKeyManager keyManager;
  56     private X509TrustManager trustManager;
  57     private SecureRandom secureRandom;
  58 
  59     // DTLS cookie exchange manager
  60     private volatile HelloCookieManager.Builder helloCookieManagerBuilder;
  61 
  62     private final boolean clientEnableStapling = Utilities.getBooleanProperty(
  63             "jdk.tls.client.enableStatusRequestExtension", true);
  64     private final boolean serverEnableStapling = Utilities.getBooleanProperty(
  65             "jdk.tls.server.enableStatusRequestExtension", false);
  66     private static final Collection<CipherSuite> clientCustomizedCipherSuites =
  67             getCustomizedCipherSuites("jdk.tls.client.cipherSuites");
  68     private static final Collection<CipherSuite> serverCustomizedCipherSuites =
  69             getCustomizedCipherSuites("jdk.tls.server.cipherSuites");
  70 
  71     private volatile StatusResponseManager statusResponseManager;
  72 
  73     private final ReentrantLock contextLock = new ReentrantLock();
  74 
  75     SSLContextImpl() {
  76         ephemeralKeyManager = new EphemeralKeyManager();
  77         clientCache = new SSLSessionContextImpl();
  78         serverCache = new SSLSessionContextImpl();
  79     }
  80 
  81     @Override
  82     protected void engineInit(KeyManager[] km, TrustManager[] tm,
  83                                 SecureRandom sr) throws KeyManagementException {
  84         isInitialized = false;
  85         keyManager = chooseKeyManager(km);
  86 
  87         if (tm == null) {
  88             try {
  89                 TrustManagerFactory tmf = TrustManagerFactory.getInstance(
  90                         TrustManagerFactory.getDefaultAlgorithm());
  91                 tmf.init((KeyStore)null);
  92                 tm = tmf.getTrustManagers();
  93             } catch (Exception e) {
  94                 // eat


 216 
 217     SecureRandom getSecureRandom() {
 218         return secureRandom;
 219     }
 220 
 221     X509ExtendedKeyManager getX509KeyManager() {
 222         return keyManager;
 223     }
 224 
 225     X509TrustManager getX509TrustManager() {
 226         return trustManager;
 227     }
 228 
 229     EphemeralKeyManager getEphemeralKeyManager() {
 230         return ephemeralKeyManager;
 231     }
 232 
 233     // Used for DTLS in server mode only.
 234     HelloCookieManager getHelloCookieManager(ProtocolVersion protocolVersion) {
 235         if (helloCookieManagerBuilder == null) {
 236             contextLock.lock();
 237             try {
 238                 if (helloCookieManagerBuilder == null) {
 239                     helloCookieManagerBuilder =
 240                             new HelloCookieManager.Builder(secureRandom);
 241                 }
 242             } finally {
 243                 contextLock.unlock();
 244             }
 245         }
 246 
 247         return helloCookieManagerBuilder.valueOf(protocolVersion);
 248     }
 249 
 250     StatusResponseManager getStatusResponseManager() {
 251         if (serverEnableStapling && statusResponseManager == null) {
 252             contextLock.lock();
 253             try {
 254                 if (statusResponseManager == null) {
 255                     if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
 256                         SSLLogger.finest(
 257                                 "Initializing StatusResponseManager");
 258                     }
 259                     statusResponseManager = new StatusResponseManager();
 260                 }
 261             } finally {
 262                 contextLock.unlock();
 263             }
 264         }
 265 
 266         return statusResponseManager;
 267     }
 268 
 269     // Get supported protocols.
 270     abstract List<ProtocolVersion> getSupportedProtocolVersions();
 271 
 272     // Get default protocols for server mode.
 273     abstract List<ProtocolVersion> getServerDefaultProtocolVersions();
 274 
 275     // Get default protocols for client mode.
 276     abstract List<ProtocolVersion> getClientDefaultProtocolVersions();
 277 
 278     // Get supported CipherSuite list.
 279     abstract List<CipherSuite> getSupportedCipherSuites();
 280 
 281     // Get default CipherSuite list for server mode.
 282     abstract List<CipherSuite> getServerDefaultCipherSuites();




  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.io.*;
  29 import java.net.Socket;
  30 import java.security.*;
  31 import java.security.cert.*;
  32 import java.util.*;

  33 import javax.net.ssl.*;
  34 import sun.security.action.GetPropertyAction;
  35 import sun.security.provider.certpath.AlgorithmChecker;
  36 import sun.security.validator.Validator;
  37 
  38 /**
  39  * Implementation of an SSLContext.
  40  *
  41  * Implementation note: Instances of this class and the child classes are
  42  * immutable, except that the context initialization (SSLContext.init()) may
  43  * reset the key, trust managers and source of secure random.
  44  */
  45 
  46 public abstract class SSLContextImpl extends SSLContextSpi {
  47 
  48     private final EphemeralKeyManager ephemeralKeyManager;
  49     private final SSLSessionContextImpl clientCache;
  50     private final SSLSessionContextImpl serverCache;
  51 
  52     private boolean isInitialized;
  53 
  54     private X509ExtendedKeyManager keyManager;
  55     private X509TrustManager trustManager;
  56     private SecureRandom secureRandom;
  57 
  58     // DTLS cookie exchange manager
  59     private volatile HelloCookieManager.Builder helloCookieManagerBuilder;
  60 
  61     private final boolean clientEnableStapling = Utilities.getBooleanProperty(
  62             "jdk.tls.client.enableStatusRequestExtension", true);
  63     private final boolean serverEnableStapling = Utilities.getBooleanProperty(
  64             "jdk.tls.server.enableStatusRequestExtension", false);
  65     private static final Collection<CipherSuite> clientCustomizedCipherSuites =
  66             getCustomizedCipherSuites("jdk.tls.client.cipherSuites");
  67     private static final Collection<CipherSuite> serverCustomizedCipherSuites =
  68             getCustomizedCipherSuites("jdk.tls.server.cipherSuites");
  69 
  70     private volatile StatusResponseManager statusResponseManager;
  71 


  72     SSLContextImpl() {
  73         ephemeralKeyManager = new EphemeralKeyManager();
  74         clientCache = new SSLSessionContextImpl();
  75         serverCache = new SSLSessionContextImpl();
  76     }
  77 
  78     @Override
  79     protected void engineInit(KeyManager[] km, TrustManager[] tm,
  80                                 SecureRandom sr) throws KeyManagementException {
  81         isInitialized = false;
  82         keyManager = chooseKeyManager(km);
  83 
  84         if (tm == null) {
  85             try {
  86                 TrustManagerFactory tmf = TrustManagerFactory.getInstance(
  87                         TrustManagerFactory.getDefaultAlgorithm());
  88                 tmf.init((KeyStore)null);
  89                 tm = tmf.getTrustManagers();
  90             } catch (Exception e) {
  91                 // eat


 213 
 214     SecureRandom getSecureRandom() {
 215         return secureRandom;
 216     }
 217 
 218     X509ExtendedKeyManager getX509KeyManager() {
 219         return keyManager;
 220     }
 221 
 222     X509TrustManager getX509TrustManager() {
 223         return trustManager;
 224     }
 225 
 226     EphemeralKeyManager getEphemeralKeyManager() {
 227         return ephemeralKeyManager;
 228     }
 229 
 230     // Used for DTLS in server mode only.
 231     HelloCookieManager getHelloCookieManager(ProtocolVersion protocolVersion) {
 232         if (helloCookieManagerBuilder == null) {
 233             synchronized (this) {

 234                 if (helloCookieManagerBuilder == null) {
 235                     helloCookieManagerBuilder =
 236                             new HelloCookieManager.Builder(secureRandom);
 237                 }


 238             }
 239         }
 240 
 241         return helloCookieManagerBuilder.valueOf(protocolVersion);
 242     }
 243 
 244     StatusResponseManager getStatusResponseManager() {
 245         if (serverEnableStapling && statusResponseManager == null) {
 246             synchronized (this) {

 247                 if (statusResponseManager == null) {
 248                     if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
 249                         SSLLogger.finest(
 250                                 "Initializing StatusResponseManager");
 251                     }
 252                     statusResponseManager = new StatusResponseManager();
 253                 }


 254             }
 255         }
 256 
 257         return statusResponseManager;
 258     }
 259 
 260     // Get supported protocols.
 261     abstract List<ProtocolVersion> getSupportedProtocolVersions();
 262 
 263     // Get default protocols for server mode.
 264     abstract List<ProtocolVersion> getServerDefaultProtocolVersions();
 265 
 266     // Get default protocols for client mode.
 267     abstract List<ProtocolVersion> getClientDefaultProtocolVersions();
 268 
 269     // Get supported CipherSuite list.
 270     abstract List<CipherSuite> getSupportedCipherSuites();
 271 
 272     // Get default CipherSuite list for server mode.
 273     abstract List<CipherSuite> getServerDefaultCipherSuites();


< prev index next >