< prev index next >

src/java.base/share/classes/sun/security/ssl/X509Authentication.java

Print this page

  1 /*
  2  * Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
  3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  4  *
  5  * This code is free software; you can redistribute it and/or modify it
  6  * under the terms of the GNU General Public License version 2 only, as
  7  * published by the Free Software Foundation.  Oracle designates this
  8  * particular file as subject to the "Classpath" exception as provided
  9  * by Oracle in the LICENSE file that accompanied this code.
 10  *
 11  * This code is distributed in the hope that it will be useful, but WITHOUT
 12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 14  * version 2 for more details (a copy is included in the LICENSE file that
 15  * accompanied this code).
 16  *
 17  * You should have received a copy of the GNU General Public License version
 18  * 2 along with this work; if not, write to the Free Software Foundation,
 19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 20  *
 21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 22  * or visit www.oracle.com if you need additional information or have any

184             this.popCerts = popCerts;
185             this.popPublicKey = popPublicKey;
186         }
187     }
188 
189     public static SSLPossession createPossession(
190             HandshakeContext context, String[] keyTypes) {
191         if (context.sslConfig.isClientMode) {
192             return createClientPossession(
193                     (ClientHandshakeContext) context, keyTypes);
194         } else {
195             return createServerPossession(
196                     (ServerHandshakeContext) context, keyTypes);
197         }
198     }
199 
200     // Used by TLS 1.2 and TLS 1.3.
201     private static SSLPossession createClientPossession(
202             ClientHandshakeContext chc, String[] keyTypes) {
203         X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager();




204         String clientAlias = null;
205         if (chc.conContext.transport instanceof SSLSocketImpl socket) {
206             clientAlias = km.chooseClientAlias(
207                     keyTypes,
208                     chc.peerSupportedAuthorities == null ? null :
209                             chc.peerSupportedAuthorities.clone(),
210                     socket);
211         } else if (chc.conContext.transport instanceof SSLEngineImpl engine) {
212             clientAlias = km.chooseEngineClientAlias(
213                     keyTypes,
214                     chc.peerSupportedAuthorities == null ? null :
215                             chc.peerSupportedAuthorities.clone(),
216                     engine);
217         }
218 
219         if (clientAlias == null) {
220             if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
221                 SSLLogger.finest("No X.509 cert selected for "
222                         + Arrays.toString(keyTypes));
223             }

253         }
254 
255         String publicKeyAlgorithm = clientCerts[0].getPublicKey().getAlgorithm();
256         if (!privateKeyAlgorithm.equals(publicKeyAlgorithm)) {
257             if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
258                 SSLLogger.fine(
259                         clientAlias + " private or public key is not of " +
260                                 "same algorithm: " +
261                                 privateKeyAlgorithm + " vs " +
262                                 publicKeyAlgorithm);
263             }
264             return null;
265         }
266 
267         return new X509Possession(clientPrivateKey, clientCerts);
268     }
269 
270     private static SSLPossession createServerPossession(
271             ServerHandshakeContext shc, String[] keyTypes) {
272         X509ExtendedKeyManager km = shc.sslContext.getX509KeyManager();




273         String serverAlias = null;
274         for (String keyType : keyTypes) {
275             if (shc.conContext.transport instanceof SSLSocketImpl socket) {
276                 serverAlias = km.chooseServerAlias(keyType,
277                         shc.peerSupportedAuthorities == null ? null :
278                                 shc.peerSupportedAuthorities.clone(),
279                         socket);
280             } else if (shc.conContext.transport instanceof SSLEngineImpl engine) {
281                 serverAlias = km.chooseEngineServerAlias(keyType,
282                         shc.peerSupportedAuthorities == null ? null :
283                                 shc.peerSupportedAuthorities.clone(),
284                         engine);
285             }
286 
287             if (serverAlias == null) {
288                 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
289                     SSLLogger.finest("No X.509 cert selected for " + keyType);
290                 }
291                 continue;
292             }

  1 /*
  2  * Copyright (c) 2018, 2024, Oracle and/or its affiliates. All rights reserved.
  3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  4  *
  5  * This code is free software; you can redistribute it and/or modify it
  6  * under the terms of the GNU General Public License version 2 only, as
  7  * published by the Free Software Foundation.  Oracle designates this
  8  * particular file as subject to the "Classpath" exception as provided
  9  * by Oracle in the LICENSE file that accompanied this code.
 10  *
 11  * This code is distributed in the hope that it will be useful, but WITHOUT
 12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 14  * version 2 for more details (a copy is included in the LICENSE file that
 15  * accompanied this code).
 16  *
 17  * You should have received a copy of the GNU General Public License version
 18  * 2 along with this work; if not, write to the Free Software Foundation,
 19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 20  *
 21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 22  * or visit www.oracle.com if you need additional information or have any

184             this.popCerts = popCerts;
185             this.popPublicKey = popPublicKey;
186         }
187     }
188 
189     public static SSLPossession createPossession(
190             HandshakeContext context, String[] keyTypes) {
191         if (context.sslConfig.isClientMode) {
192             return createClientPossession(
193                     (ClientHandshakeContext) context, keyTypes);
194         } else {
195             return createServerPossession(
196                     (ServerHandshakeContext) context, keyTypes);
197         }
198     }
199 
200     // Used by TLS 1.2 and TLS 1.3.
201     private static SSLPossession createClientPossession(
202             ClientHandshakeContext chc, String[] keyTypes) {
203         X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager();
204         if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
205             SSLLogger.finest("X509KeyManager class: " +
206                     km.getClass().getName());
207         }
208         String clientAlias = null;
209         if (chc.conContext.transport instanceof SSLSocketImpl socket) {
210             clientAlias = km.chooseClientAlias(
211                     keyTypes,
212                     chc.peerSupportedAuthorities == null ? null :
213                             chc.peerSupportedAuthorities.clone(),
214                     socket);
215         } else if (chc.conContext.transport instanceof SSLEngineImpl engine) {
216             clientAlias = km.chooseEngineClientAlias(
217                     keyTypes,
218                     chc.peerSupportedAuthorities == null ? null :
219                             chc.peerSupportedAuthorities.clone(),
220                     engine);
221         }
222 
223         if (clientAlias == null) {
224             if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
225                 SSLLogger.finest("No X.509 cert selected for "
226                         + Arrays.toString(keyTypes));
227             }

257         }
258 
259         String publicKeyAlgorithm = clientCerts[0].getPublicKey().getAlgorithm();
260         if (!privateKeyAlgorithm.equals(publicKeyAlgorithm)) {
261             if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
262                 SSLLogger.fine(
263                         clientAlias + " private or public key is not of " +
264                                 "same algorithm: " +
265                                 privateKeyAlgorithm + " vs " +
266                                 publicKeyAlgorithm);
267             }
268             return null;
269         }
270 
271         return new X509Possession(clientPrivateKey, clientCerts);
272     }
273 
274     private static SSLPossession createServerPossession(
275             ServerHandshakeContext shc, String[] keyTypes) {
276         X509ExtendedKeyManager km = shc.sslContext.getX509KeyManager();
277         if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
278             SSLLogger.finest("X509KeyManager class: " +
279                     km.getClass().getName());
280         }
281         String serverAlias = null;
282         for (String keyType : keyTypes) {
283             if (shc.conContext.transport instanceof SSLSocketImpl socket) {
284                 serverAlias = km.chooseServerAlias(keyType,
285                         shc.peerSupportedAuthorities == null ? null :
286                                 shc.peerSupportedAuthorities.clone(),
287                         socket);
288             } else if (shc.conContext.transport instanceof SSLEngineImpl engine) {
289                 serverAlias = km.chooseEngineServerAlias(keyType,
290                         shc.peerSupportedAuthorities == null ? null :
291                                 shc.peerSupportedAuthorities.clone(),
292                         engine);
293             }
294 
295             if (serverAlias == null) {
296                 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
297                     SSLLogger.finest("No X.509 cert selected for " + keyType);
298                 }
299                 continue;
300             }
< prev index next >