diff --git a/src/java.base/share/classes/com/sun/net/ssl/HostnameVerifier.java b/src/java.base/share/classes/com/sun/net/ssl/HostnameVerifier.java deleted file mode 100644 index f6413802395..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/HostnameVerifier.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.HostnameVerifier - */ - -package com.sun.net.ssl; - -/** - * HostnameVerifier provides a callback mechanism so that - * implementers of this interface can supply a policy for - * handling the case where the host to connect to and - * the server name from the certificate mismatch. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.HostnameVerifier} and - * {@link javax.net.ssl.CertificateHostnameVerifier}. - */ -@Deprecated(since="1.4") -public interface HostnameVerifier { - /** - * Verify that the hostname from the URL is an acceptable - * match with the value from the common name entry in the - * server certificate's distinguished name. - * - * @param urlHostname the host name of the URL - * @param certHostname the common name entry from the certificate - * @return true if the certificate host name is acceptable - */ - public boolean verify(String urlHostname, String certHostname); -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java b/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java deleted file mode 100644 index 8a1e69f9d5f..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/HttpsURLConnection.java +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.HttpsURLConnection - */ - -package com.sun.net.ssl; - -import java.net.URL; -import java.net.HttpURLConnection; -import java.io.IOException; -import java.security.cert.Certificate; -import javax.net.SocketFactory; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.SSLPeerUnverifiedException; - -/** - * HTTP URL connection with support for HTTPS-specific features. See - * the spec for - * details. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.HttpsURLConnection}. - */ -@Deprecated(since="1.4") -public abstract -class HttpsURLConnection extends HttpURLConnection -{ - /* - * Initialize an HTTPS URLConnection ... could check that the URL - * is an "https" URL, and that the handler is also an HTTPS one, - * but that's established by other code in this package. - * @param url the URL - */ - public HttpsURLConnection(URL url) throws IOException { - super(url); - } - - /** - * Returns the cipher suite in use on this connection. - * @return the cipher suite - */ - public abstract String getCipherSuite(); - - /** - * Returns the server's X.509 certificate chain, or null if - * the server did not authenticate. - *

- * Note: The returned value may not be a valid certificate chain - * and should not be relied on for trust decisions. - * - * @return the server certificate chain - */ - public abstract Certificate[] getServerCertificates() - throws SSLPeerUnverifiedException; - - /** - * HostnameVerifier provides a callback mechanism so that - * implementers of this interface can supply a policy for - * handling the case where the host to connect to and - * the server name from the certificate mismatch. - * - * The default implementation will deny such connections. - */ - private static HostnameVerifier defaultHostnameVerifier = - new HostnameVerifier() { - public boolean verify(String urlHostname, String certHostname) { - return false; - } - }; - - protected HostnameVerifier hostnameVerifier = defaultHostnameVerifier; - - /** - * Sets the default HostnameVerifier inherited when an instance - * of this class is created. - * @param v the default host name verifier - */ - public static void setDefaultHostnameVerifier(HostnameVerifier v) { - if (v == null) { - throw new IllegalArgumentException( - "no default HostnameVerifier specified"); - } - - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkPermission(new SSLPermission("setHostnameVerifier")); - } - defaultHostnameVerifier = v; - } - - /** - * Gets the default HostnameVerifier. - * @return the default host name verifier - */ - public static HostnameVerifier getDefaultHostnameVerifier() { - return defaultHostnameVerifier; - } - - /** - * Sets the HostnameVerifier. - * @param v the host name verifier - */ - public void setHostnameVerifier(HostnameVerifier v) { - if (v == null) { - throw new IllegalArgumentException( - "no HostnameVerifier specified"); - } - - hostnameVerifier = v; - } - - /** - * Gets the HostnameVerifier. - * @return the host name verifier - */ - public HostnameVerifier getHostnameVerifier() { - return hostnameVerifier; - } - - private static SSLSocketFactory defaultSSLSocketFactory = null; - - private SSLSocketFactory sslSocketFactory = getDefaultSSLSocketFactory(); - - /** - * Sets the default SSL socket factory inherited when an instance - * of this class is created. - * @param sf the default SSL socket factory - */ - public static void setDefaultSSLSocketFactory(SSLSocketFactory sf) { - if (sf == null) { - throw new IllegalArgumentException( - "no default SSLSocketFactory specified"); - } - - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkSetFactory(); - } - defaultSSLSocketFactory = sf; - } - - /** - * Gets the default SSL socket factory. - * @return the default SSL socket factory - */ - public static SSLSocketFactory getDefaultSSLSocketFactory() { - if (defaultSSLSocketFactory == null) { - defaultSSLSocketFactory = - (SSLSocketFactory)SSLSocketFactory.getDefault(); - } - return defaultSSLSocketFactory; - } - - /** - * Sets the SSL socket factory. - * @param sf the SSL socket factory - */ - public void setSSLSocketFactory(SSLSocketFactory sf) { - if (sf == null) { - throw new IllegalArgumentException( - "no SSLSocketFactory specified"); - } - - SecurityManager sm = System.getSecurityManager(); - if (sm != null) { - sm.checkSetFactory(); - } - - sslSocketFactory = sf; - } - - /** - * Gets the SSL socket factory. - * @return the SSL socket factory - */ - public SSLSocketFactory getSSLSocketFactory() { - return sslSocketFactory; - } -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/KeyManager.java b/src/java.base/share/classes/com/sun/net/ssl/KeyManager.java deleted file mode 100644 index 903e2578e79..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/KeyManager.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.KeyManager - */ - -package com.sun.net.ssl; - -/** - * Base interface for JSSE key managers. These manage the - * key material which is used to authenticate to the peer - * of a secure socket. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.KeyManager}. - */ -@Deprecated(since="1.4") -public interface KeyManager { -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactory.java b/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactory.java deleted file mode 100644 index 2142dd50ebb..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactory.java +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.KeyManagerFactory - */ - -package com.sun.net.ssl; - -import java.security.*; - -/** - * This class acts as a factory for key managers based on a - * source of key material. Each key manager manages a specific - * type of key material for use by secure sockets. The key - * material is based on a KeyStore and/or provider specific sources. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.KeyManagerFactory}. - */ -@Deprecated(since="1.4") -public class KeyManagerFactory { - // The provider - private Provider provider; - - // The provider implementation (delegate) - private KeyManagerFactorySpi factorySpi; - - // The name of the key management algorithm. - private String algorithm; - - /** - *

The default KeyManager can be changed by setting the value of the - * {@code sun.ssl.keymanager.type} security property to the desired name. - * - * @return the default type as specified by the - * {@code sun.ssl.keymanager.type} security property, or an - * implementation-specific default if no such property exists. - * - * @see java.security.Security security properties - */ - public static final String getDefaultAlgorithm() { - String type; - type = AccessController.doPrivileged(new PrivilegedAction<>() { - public String run() { - return Security.getProperty("sun.ssl.keymanager.type"); - } - }); - if (type == null) { - type = "SunX509"; - } - return type; - - } - - /** - * Creates a KeyManagerFactory object. - * - * @param factorySpi the delegate - * @param provider the provider - * @param algorithm the algorithm - */ - protected KeyManagerFactory(KeyManagerFactorySpi factorySpi, - Provider provider, String algorithm) { - this.factorySpi = factorySpi; - this.provider = provider; - this.algorithm = algorithm; - } - - /** - * Returns the algorithm name of this KeyManagerFactory object. - * - *

This is the same name that was specified in one of the - * getInstance calls that created this - * KeyManagerFactory object. - * - * @return the algorithm name of this KeyManagerFactory object. - */ - public final String getAlgorithm() { - return this.algorithm; - } - - /** - * Generates a KeyManagerFactory object that implements the - * specified key management algorithm. - * If the default provider package provides an implementation of the - * requested key management algorithm, an instance of - * KeyManagerFactory containing that implementation is - * returned. If the algorithm is not available in the default provider - * package, other provider packages are searched. - * - * @param algorithm the standard name of the requested - * algorithm. - * - * @return the new KeyManagerFactory object - * - * @exception NoSuchAlgorithmException if the specified algorithm is not - * available in the default provider package or any of the other provider - * packages that were searched. - */ - public static final KeyManagerFactory getInstance(String algorithm) - throws NoSuchAlgorithmException - { - try { - Object[] objs = SSLSecurity.getImpl(algorithm, "KeyManagerFactory", - (String) null); - return new KeyManagerFactory((KeyManagerFactorySpi)objs[0], - (Provider)objs[1], - algorithm); - } catch (NoSuchProviderException e) { - throw new NoSuchAlgorithmException(algorithm + " not found"); - } - } - - /** - * Generates a KeyManagerFactory object for the specified - * key management algorithm from the specified provider. - * - * @param algorithm the standard name of the requested - * algorithm. - * @param provider the name of the provider - * - * @return the new KeyManagerFactory object - * - * @exception NoSuchAlgorithmException if the specified algorithm is not - * available from the specified provider. - * @exception NoSuchProviderException if the specified provider has not - * been configured. - */ - public static final KeyManagerFactory getInstance(String algorithm, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException - { - if (provider == null || provider.isEmpty()) - throw new IllegalArgumentException("missing provider"); - Object[] objs = SSLSecurity.getImpl(algorithm, "KeyManagerFactory", - provider); - return new KeyManagerFactory((KeyManagerFactorySpi)objs[0], - (Provider)objs[1], algorithm); - } - - /** - * Generates a KeyManagerFactory object for the specified - * key management algorithm from the specified provider. - * - * @param algorithm the standard name of the requested - * algorithm. - * @param provider an instance of the provider - * - * @return the new KeyManagerFactory object - * - * @exception NoSuchAlgorithmException if the specified algorithm is not - * available from the specified provider. - */ - public static final KeyManagerFactory getInstance(String algorithm, - Provider provider) - throws NoSuchAlgorithmException - { - if (provider == null) - throw new IllegalArgumentException("missing provider"); - Object[] objs = SSLSecurity.getImpl(algorithm, "KeyManagerFactory", - provider); - return new KeyManagerFactory((KeyManagerFactorySpi)objs[0], - (Provider)objs[1], algorithm); - } - - /** - * Returns the provider of this KeyManagerFactory object. - * - * @return the provider of this KeyManagerFactory object - */ - public final Provider getProvider() { - return this.provider; - } - - - /** - * Initializes this factory with a source of key material. The - * provider may also include a provider-specific source - * of key material. - * - * @param ks the key store or null - * @param password the password for recovering keys - */ - public void init(KeyStore ks, char[] password) - throws KeyStoreException, NoSuchAlgorithmException, - UnrecoverableKeyException { - factorySpi.engineInit(ks, password); - } - - /** - * Returns one key manager for each type of key material. - * @return the key managers - */ - public KeyManager[] getKeyManagers() { - return factorySpi.engineGetKeyManagers(); - } -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactorySpi.java b/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactorySpi.java deleted file mode 100644 index eb72c96954d..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/KeyManagerFactorySpi.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.KeyManagerFactorySpi - */ - -package com.sun.net.ssl; - -import java.security.*; - -/** - * This class defines the Service Provider Interface (SPI) - * for the KeyManagerFactory class. - * - *

All the abstract methods in this class must be implemented by each - * cryptographic service provider who wishes to supply the implementation - * of a particular key manager factory. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.KeyManagerFactorySpi}. - */ -@Deprecated(since="1.4") -public abstract class KeyManagerFactorySpi { - /** - * Initializes this factory with a source of key material. The - * provider may also include a provider-specific source - * of key material. - * - * @param ks the key store or null - * @param password the password for recovering keys - */ - protected abstract void engineInit(KeyStore ks, char[] password) - throws KeyStoreException, NoSuchAlgorithmException, - UnrecoverableKeyException; - - /** - * Returns one trust manager for each type of trust material. - * @return the key managers - */ - protected abstract KeyManager[] engineGetKeyManagers(); -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/SSLContext.java b/src/java.base/share/classes/com/sun/net/ssl/SSLContext.java deleted file mode 100644 index 84cc2d1182a..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/SSLContext.java +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.SSLContext - */ - -package com.sun.net.ssl; - -import java.security.*; -import java.util.*; -import javax.net.ssl.*; - -import sun.security.ssl.SSLSocketFactoryImpl; -import sun.security.ssl.SSLServerSocketFactoryImpl; - -/** - * Instances of this class represent a secure socket protocol - * implementation which acts as a factory for secure socket - * factories. This class is initialized with an optional set of - * key and trust managers and source of secure random bytes. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.SSLContext}. - */ -@Deprecated(since="1.4") -public class SSLContext { - private Provider provider; - - private SSLContextSpi contextSpi; - - private String protocol; - - /** - * Creates an SSLContext object. - * - * @param contextSpi the delegate - * @param provider the provider - * @param protocol the protocol - */ - protected SSLContext(SSLContextSpi contextSpi, Provider provider, - String protocol) { - this.contextSpi = contextSpi; - this.provider = provider; - this.protocol = protocol; - } - - /** - * Generates a SSLContext object that implements the - * specified secure socket protocol. - * - * @param protocol the standard name of the requested protocol. - * - * @return the new SSLContext object - * - * @exception NoSuchAlgorithmException if the specified protocol is not - * available in the default provider package or any of the other provider - * packages that were searched. - */ - public static SSLContext getInstance(String protocol) - throws NoSuchAlgorithmException - { - try { - Object[] objs = SSLSecurity.getImpl(protocol, "SSLContext", - (String) null); - return new SSLContext((SSLContextSpi)objs[0], (Provider)objs[1], - protocol); - } catch (NoSuchProviderException e) { - throw new NoSuchAlgorithmException(protocol + " not found"); - } - } - - /** - * Generates a SSLContext object that implements the - * specified secure socket protocol. - * - * @param protocol the standard name of the requested protocol. - * @param provider the name of the provider - * - * @return the new SSLContext object - * - * @exception NoSuchAlgorithmException if the specified protocol is not - * available from the specified provider. - * @exception NoSuchProviderException if the specified provider has not - * been configured. - */ - public static SSLContext getInstance(String protocol, String provider) - throws NoSuchAlgorithmException, NoSuchProviderException - { - if (provider == null || provider.isEmpty()) - throw new IllegalArgumentException("missing provider"); - Object[] objs = SSLSecurity.getImpl(protocol, "SSLContext", - provider); - return new SSLContext((SSLContextSpi)objs[0], (Provider)objs[1], - protocol); - } - - /** - * Generates a SSLContext object that implements the - * specified secure socket protocol. - * - * @param protocol the standard name of the requested protocol. - * @param provider an instance of the provider - * - * @return the new SSLContext object - * - * @exception NoSuchAlgorithmException if the specified protocol is not - * available from the specified provider. - */ - public static SSLContext getInstance(String protocol, Provider provider) - throws NoSuchAlgorithmException - { - if (provider == null) - throw new IllegalArgumentException("missing provider"); - Object[] objs = SSLSecurity.getImpl(protocol, "SSLContext", - provider); - return new SSLContext((SSLContextSpi)objs[0], (Provider)objs[1], - protocol); - } - - /** - * Returns the protocol name of this SSLContext object. - * - *

This is the same name that was specified in one of the - * getInstance calls that created this - * SSLContext object. - * - * @return the protocol name of this SSLContext object. - */ - public final String getProtocol() { - return this.protocol; - } - - /** - * Returns the provider of this SSLContext object. - * - * @return the provider of this SSLContext object - */ - public final Provider getProvider() { - return this.provider; - } - - /** - * Initializes this context. Either of the first two parameters - * may be null in which case the installed security providers will - * be searched for the highest priority implementation of the - * appropriate factory. Likewise, the secure random parameter may - * be null in which case the default implementation will be used. - * - * @param km the sources of authentication keys or null - * @param tm the sources of peer authentication trust decisions or null - * @param random the source of randomness for this generator or null - */ - public final void init(KeyManager[] km, TrustManager[] tm, - SecureRandom random) - throws KeyManagementException { - contextSpi.engineInit(km, tm, random); - } - - /** - * Returns a SocketFactory object for this - * context. - * - * @return the factory - */ - public final SSLSocketFactory getSocketFactory() { - return contextSpi.engineGetSocketFactory(); - } - - /** - * Returns a ServerSocketFactory object for - * this context. - * - * @return the factory - */ - public final SSLServerSocketFactory getServerSocketFactory() { - return contextSpi.engineGetServerSocketFactory(); - } -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/SSLContextSpi.java b/src/java.base/share/classes/com/sun/net/ssl/SSLContextSpi.java deleted file mode 100644 index 993f86f614d..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/SSLContextSpi.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.SSLContextSpi - */ - -package com.sun.net.ssl; - -import java.util.*; -import java.security.*; -import javax.net.ssl.*; - -/** - * This class defines the Service Provider Interface (SPI) - * for the SSLContext class. - * - *

All the abstract methods in this class must be implemented by each - * cryptographic service provider who wishes to supply the implementation - * of a particular SSL context. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.SSLContextSpi}. - */ -@Deprecated(since="1.4") -public abstract class SSLContextSpi { - /** - * Initializes this context. - * - * @param ah the sources of authentication keys - * @param th the sources of peer authentication trust decisions - * @param sr the source of randomness for this generator - */ - protected abstract void engineInit(KeyManager[] ah, TrustManager[] th, - SecureRandom sr) throws KeyManagementException; - - /** - * Returns a SocketFactory object for this - * context. - * - * @return the factory - */ - protected abstract SSLSocketFactory engineGetSocketFactory(); - - /** - * Returns a ServerSocketFactory object for - * this context. - * - * @return the factory - */ - protected abstract SSLServerSocketFactory engineGetServerSocketFactory(); -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/SSLPermission.java b/src/java.base/share/classes/com/sun/net/ssl/SSLPermission.java deleted file mode 100644 index 93469a0c867..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/SSLPermission.java +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.SSLPermission - */ - -package com.sun.net.ssl; - -import java.security.*; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.StringTokenizer; -import java.security.Permissions; -import java.lang.SecurityManager; - -/** - * This class is for various network permissions. - * An SSLPermission contains a name (also referred to as a "target name") but - * no actions list; you either have the named permission - * or you don't. - *

- * The target name is the name of the network permission (see below). The naming - * convention follows the hierarchical property naming convention. - * Also, an asterisk - * may appear at the end of the name, following a ".", or by itself, to - * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard - * match, while "*foo" and "a*b" do not. - *

- * The following table lists all the possible SSLPermission target names, - * and for each provides a description of what the permission allows - * and a discussion of the risks of granting code the permission. - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - *
Permission Target NameWhat the Permission AllowsRisks of Allowing this Permission
setHostnameVerifierThe ability to set a callback which can decide whether to - * allow a mismatch between the host being connected to by - * an HttpsURLConnection and the common name field in - * server certificate. - * Malicious - * code can set a verifier that monitors host names visited by - * HttpsURLConnection requests or that allows server certificates - * with invalid common names. - *
getSSLSessionContextThe ability to get the SSLSessionContext of an SSLSession. - * Malicious code may monitor sessions which have been established - * with SSL peers or might invalidate sessions to slow down performance. - *
- * - * @see java.security.BasicPermission - * @see java.security.Permission - * @see java.security.Permissions - * @see java.security.PermissionCollection - * @see java.lang.SecurityManager - * - * - * @author Marianne Mueller - * @author Roland Schemers - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.SSLPermission}. - */ -@Deprecated(since="1.4") -public final class SSLPermission extends BasicPermission { - - private static final long serialVersionUID = -2583684302506167542L; - - /** - * Creates a new SSLPermission with the specified name. - * The name is the symbolic name of the SSLPermission, such as - * "setDefaultAuthenticator", etc. An asterisk - * may appear at the end of the name, following a ".", or by itself, to - * signify a wildcard match. - * - * @param name the name of the SSLPermission. - */ - - public SSLPermission(String name) - { - super(name); - } - - /** - * Creates a new SSLPermission object with the specified name. - * The name is the symbolic name of the SSLPermission, and the - * actions String is currently unused and should be null. This - * constructor exists for use by the Policy object - * to instantiate new Permission objects. - * - * @param name the name of the SSLPermission. - * @param actions should be null. - */ - - public SSLPermission(String name, String actions) - { - super(name, actions); - } -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/SSLSecurity.java b/src/java.base/share/classes/com/sun/net/ssl/SSLSecurity.java deleted file mode 100644 index 664b53e0489..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/SSLSecurity.java +++ /dev/null @@ -1,699 +0,0 @@ -/* - * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.SSLSecurity, - * but was heavily modified to allow com.sun.* users to - * access providers written using the javax.sun.* APIs. - */ - -package com.sun.net.ssl; - -import java.util.*; -import java.io.*; -import java.security.*; -import java.security.Provider.Service; -import java.net.Socket; - -import sun.security.jca.*; - -/** - * This class instantiates implementations of JSSE engine classes from - * providers registered with the java.security.Security object. - * - * @author Jan Luehe - * @author Jeff Nisewanger - * @author Brad Wetmore - */ - -final class SSLSecurity { - - /* - * Don't let anyone instantiate this. - */ - private SSLSecurity() { - } - - - // ProviderList.getService() is not accessible now, implement our own loop - private static Service getService(String type, String alg) { - ProviderList list = Providers.getProviderList(); - for (Provider p : list.providers()) { - Service s = p.getService(type, alg); - if (s != null) { - return s; - } - } - return null; - } - - /** - * The body of the driver for the getImpl method. - */ - private static Object[] getImpl1(String algName, String engineType, - Service service) throws NoSuchAlgorithmException - { - Provider provider = service.getProvider(); - String className = service.getClassName(); - Class implClass; - try { - ClassLoader cl = provider.getClass().getClassLoader(); - if (cl == null) { - // system class - implClass = Class.forName(className); - } else { - implClass = cl.loadClass(className); - } - } catch (ClassNotFoundException e) { - throw new NoSuchAlgorithmException("Class " + className + - " configured for " + - engineType + - " not found: " + - e.getMessage()); - } catch (SecurityException e) { - throw new NoSuchAlgorithmException("Class " + className + - " configured for " + - engineType + - " cannot be accessed: " + - e.getMessage()); - } - - /* - * JSSE 1.0, 1.0.1, and 1.0.2 used the com.sun.net.ssl API as the - * API was being developed. As JSSE was folded into the main - * release, it was decided to promote the com.sun.net.ssl API to - * be javax.net.ssl. It is desired to keep binary compatibility - * with vendors of JSSE implementation written using the - * com.sun.net.sll API, so we do this magic to handle everything. - * - * API used Implementation used Supported? - * ======== =================== ========== - * com.sun javax Yes - * com.sun com.sun Yes - * javax javax Yes - * javax com.sun Not Currently - * - * Make sure the implementation class is a subclass of the - * corresponding engine class. - * - * In wrapping these classes, there's no way to know how to - * wrap all possible classes that extend the TrustManager/KeyManager. - * We only wrap the x509 variants. - */ - - try { // catch instantiation errors - - /* - * (The following Class.forName()s should alway work, because - * this class and all the SPI classes in javax.crypto are - * loaded by the same class loader.) That is, unless they - * give us a SPI class that doesn't exist, say SSLFoo, - * or someone has removed classes from the java.base module. - */ - - Class typeClassJavax; - Class typeClassCom; - Object obj = null; - - /* - * Odds are more likely that we have a javax variant, try this - * first. - */ - if (((typeClassJavax = Class.forName("javax.net.ssl." + - engineType + "Spi")) != null) && - (checkSuperclass(implClass, typeClassJavax))) { - - if (engineType.equals("SSLContext")) { - obj = new SSLContextSpiWrapper(algName, provider); - } else if (engineType.equals("TrustManagerFactory")) { - obj = new TrustManagerFactorySpiWrapper(algName, provider); - } else if (engineType.equals("KeyManagerFactory")) { - obj = new KeyManagerFactorySpiWrapper(algName, provider); - } else { - /* - * We should throw an error if we get - * something totally unexpected. Don't ever - * expect to see this one... - */ - throw new IllegalStateException( - "Class " + implClass.getName() + - " unknown engineType wrapper:" + engineType); - } - - } else if (((typeClassCom = Class.forName("com.sun.net.ssl." + - engineType + "Spi")) != null) && - (checkSuperclass(implClass, typeClassCom))) { - obj = service.newInstance(null); - } - - if (obj != null) { - return new Object[] { obj, provider }; - } else { - throw new NoSuchAlgorithmException( - "Couldn't locate correct object or wrapper: " + - engineType + " " + algName); - } - - } catch (ClassNotFoundException e) { - IllegalStateException exc = new IllegalStateException( - "Engine Class Not Found for " + engineType); - exc.initCause(e); - throw exc; - } - } - - /** - * Returns an array of objects: the first object in the array is - * an instance of an implementation of the requested algorithm - * and type, and the second object in the array identifies the provider - * of that implementation. - * The provName argument can be null, in which case all - * configured providers will be searched in order of preference. - */ - static Object[] getImpl(String algName, String engineType, String provName) - throws NoSuchAlgorithmException, NoSuchProviderException - { - Service service; - if (provName != null) { - ProviderList list = Providers.getProviderList(); - Provider prov = list.getProvider(provName); - if (prov == null) { - throw new NoSuchProviderException("No such provider: " + - provName); - } - service = prov.getService(engineType, algName); - } else { - service = getService(engineType, algName); - } - if (service == null) { - throw new NoSuchAlgorithmException("Algorithm " + algName - + " not available"); - } - return getImpl1(algName, engineType, service); - } - - - /** - * Returns an array of objects: the first object in the array is - * an instance of an implementation of the requested algorithm - * and type, and the second object in the array identifies the provider - * of that implementation. - * The prov argument can be null, in which case all - * configured providers will be searched in order of preference. - */ - static Object[] getImpl(String algName, String engineType, Provider prov) - throws NoSuchAlgorithmException - { - Service service = prov.getService(engineType, algName); - if (service == null) { - throw new NoSuchAlgorithmException("No such algorithm: " + - algName); - } - return getImpl1(algName, engineType, service); - } - - /* - * Checks whether one class is the superclass of another - */ - private static boolean checkSuperclass(Class subclass, Class superclass) { - if ((subclass == null) || (superclass == null)) - return false; - - while (!subclass.equals(superclass)) { - subclass = subclass.getSuperclass(); - if (subclass == null) { - return false; - } - } - return true; - } - - /* - * Return at most the first "resize" elements of an array. - * - * Didn't want to use java.util.Arrays, as PJava may not have it. - */ - static Object[] truncateArray(Object[] oldArray, Object[] newArray) { - - for (int i = 0; i < newArray.length; i++) { - newArray[i] = oldArray[i]; - } - - return newArray; - } - -} - - -/* - * ================================================================= - * The remainder of this file is for the wrapper and wrapper-support - * classes. When SSLSecurity finds something which extends the - * javax.net.ssl.*Spi, we need to go grab a real instance of the - * thing that the Spi supports, and wrap into a com.sun.net.ssl.*Spi - * object. This also mean that anything going down into the SPI - * needs to be wrapped, as well as anything coming back up. - */ -@SuppressWarnings("deprecation") -final class SSLContextSpiWrapper extends SSLContextSpi { - - private javax.net.ssl.SSLContext theSSLContext; - - SSLContextSpiWrapper(String algName, Provider prov) throws - NoSuchAlgorithmException { - theSSLContext = javax.net.ssl.SSLContext.getInstance(algName, prov); - } - - @SuppressWarnings("deprecation") - protected void engineInit(KeyManager[] kma, TrustManager[] tma, - SecureRandom sr) throws KeyManagementException { - - // Keep track of the actual number of array elements copied - int dst; - int src; - javax.net.ssl.KeyManager[] kmaw; - javax.net.ssl.TrustManager[] tmaw; - - // Convert com.sun.net.ssl.kma to a javax.net.ssl.kma - // wrapper if need be. - if (kma != null) { - kmaw = new javax.net.ssl.KeyManager[kma.length]; - for (src = 0, dst = 0; src < kma.length; ) { - /* - * These key managers may implement both javax - * and com.sun interfaces, so if they do - * javax, there's no need to wrap them. - */ - if (!(kma[src] instanceof javax.net.ssl.KeyManager)) { - /* - * Do we know how to convert them? If not, oh well... - * We'll have to drop them on the floor in this - * case, cause we don't know how to handle them. - * This will be pretty rare, but put here for - * completeness. - */ - if (kma[src] instanceof X509KeyManager) { - kmaw[dst] = (javax.net.ssl.KeyManager) - new X509KeyManagerJavaxWrapper( - (X509KeyManager)kma[src]); - dst++; - } - } else { - // We can convert directly, since they implement. - kmaw[dst] = (javax.net.ssl.KeyManager)kma[src]; - dst++; - } - src++; - } - - /* - * If dst != src, there were more items in the original array - * than in the new array. Compress the new elements to avoid - * any problems down the road. - */ - if (dst != src) { - kmaw = (javax.net.ssl.KeyManager []) - SSLSecurity.truncateArray(kmaw, - new javax.net.ssl.KeyManager [dst]); - } - } else { - kmaw = null; - } - - // Now do the same thing with the TrustManagers. - if (tma != null) { - tmaw = new javax.net.ssl.TrustManager[tma.length]; - - for (src = 0, dst = 0; src < tma.length; ) { - /* - * These key managers may implement both...see above... - */ - if (!(tma[src] instanceof javax.net.ssl.TrustManager)) { - // Do we know how to convert them? - if (tma[src] instanceof X509TrustManager) { - tmaw[dst] = (javax.net.ssl.TrustManager) - new X509TrustManagerJavaxWrapper( - (X509TrustManager)tma[src]); - dst++; - } - } else { - tmaw[dst] = (javax.net.ssl.TrustManager)tma[src]; - dst++; - } - src++; - } - - if (dst != src) { - tmaw = (javax.net.ssl.TrustManager []) - SSLSecurity.truncateArray(tmaw, - new javax.net.ssl.TrustManager [dst]); - } - } else { - tmaw = null; - } - - theSSLContext.init(kmaw, tmaw, sr); - } - - protected javax.net.ssl.SSLSocketFactory - engineGetSocketFactory() { - return theSSLContext.getSocketFactory(); - } - - protected javax.net.ssl.SSLServerSocketFactory - engineGetServerSocketFactory() { - return theSSLContext.getServerSocketFactory(); - } - -} - -@SuppressWarnings("deprecation") -final class TrustManagerFactorySpiWrapper extends TrustManagerFactorySpi { - - private javax.net.ssl.TrustManagerFactory theTrustManagerFactory; - - TrustManagerFactorySpiWrapper(String algName, Provider prov) throws - NoSuchAlgorithmException { - theTrustManagerFactory = - javax.net.ssl.TrustManagerFactory.getInstance(algName, prov); - } - - protected void engineInit(KeyStore ks) throws KeyStoreException { - theTrustManagerFactory.init(ks); - } - - protected TrustManager[] engineGetTrustManagers() { - - int dst; - int src; - - javax.net.ssl.TrustManager[] tma = - theTrustManagerFactory.getTrustManagers(); - - TrustManager[] tmaw = new TrustManager[tma.length]; - - for (src = 0, dst = 0; src < tma.length; ) { - if (!(tma[src] instanceof com.sun.net.ssl.TrustManager)) { - // We only know how to wrap X509TrustManagers, as - // TrustManagers don't have any methods to wrap. - if (tma[src] instanceof javax.net.ssl.X509TrustManager) { - tmaw[dst] = (TrustManager) - new X509TrustManagerComSunWrapper( - (javax.net.ssl.X509TrustManager)tma[src]); - dst++; - } - } else { - tmaw[dst] = (TrustManager)tma[src]; - dst++; - } - src++; - } - - if (dst != src) { - tmaw = (TrustManager []) - SSLSecurity.truncateArray(tmaw, new TrustManager [dst]); - } - - return tmaw; - } - -} - -@SuppressWarnings("deprecation") -final class KeyManagerFactorySpiWrapper extends KeyManagerFactorySpi { - - private javax.net.ssl.KeyManagerFactory theKeyManagerFactory; - - KeyManagerFactorySpiWrapper(String algName, Provider prov) throws - NoSuchAlgorithmException { - theKeyManagerFactory = - javax.net.ssl.KeyManagerFactory.getInstance(algName, prov); - } - - protected void engineInit(KeyStore ks, char[] password) - throws KeyStoreException, NoSuchAlgorithmException, - UnrecoverableKeyException { - theKeyManagerFactory.init(ks, password); - } - - protected KeyManager[] engineGetKeyManagers() { - - int dst; - int src; - - javax.net.ssl.KeyManager[] kma = - theKeyManagerFactory.getKeyManagers(); - - KeyManager[] kmaw = new KeyManager[kma.length]; - - for (src = 0, dst = 0; src < kma.length; ) { - if (!(kma[src] instanceof com.sun.net.ssl.KeyManager)) { - // We only know how to wrap X509KeyManagers, as - // KeyManagers don't have any methods to wrap. - if (kma[src] instanceof javax.net.ssl.X509KeyManager) { - kmaw[dst] = (KeyManager) - new X509KeyManagerComSunWrapper( - (javax.net.ssl.X509KeyManager)kma[src]); - dst++; - } - } else { - kmaw[dst] = (KeyManager)kma[src]; - dst++; - } - src++; - } - - if (dst != src) { - kmaw = (KeyManager []) - SSLSecurity.truncateArray(kmaw, new KeyManager [dst]); - } - - return kmaw; - } - -} - -// ================================= - -@SuppressWarnings("deprecation") -final class X509KeyManagerJavaxWrapper implements - javax.net.ssl.X509KeyManager { - - private X509KeyManager theX509KeyManager; - - X509KeyManagerJavaxWrapper(X509KeyManager obj) { - theX509KeyManager = obj; - } - - public String[] getClientAliases(String keyType, Principal[] issuers) { - return theX509KeyManager.getClientAliases(keyType, issuers); - } - - public String chooseClientAlias(String[] keyTypes, Principal[] issuers, - Socket socket) { - String retval; - - if (keyTypes == null) { - return null; - } - - /* - * Scan the list, look for something we can pass back. - */ - for (int i = 0; i < keyTypes.length; i++) { - if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i], - issuers)) != null) - return retval; - } - return null; - - } - - /* - * JSSE 1.0.x was only socket based, but it's possible someone might - * want to install a really old provider. We should at least - * try to be nice. - */ - public String chooseEngineClientAlias( - String[] keyTypes, Principal[] issuers, - javax.net.ssl.SSLEngine engine) { - String retval; - - if (keyTypes == null) { - return null; - } - - /* - * Scan the list, look for something we can pass back. - */ - for (int i = 0; i < keyTypes.length; i++) { - if ((retval = theX509KeyManager.chooseClientAlias(keyTypes[i], - issuers)) != null) - return retval; - } - - return null; - } - - public String[] getServerAliases(String keyType, Principal[] issuers) { - return theX509KeyManager.getServerAliases(keyType, issuers); - } - - public String chooseServerAlias(String keyType, Principal[] issuers, - Socket socket) { - - if (keyType == null) { - return null; - } - return theX509KeyManager.chooseServerAlias(keyType, issuers); - } - - /* - * JSSE 1.0.x was only socket based, but it's possible someone might - * want to install a really old provider. We should at least - * try to be nice. - */ - public String chooseEngineServerAlias( - String keyType, Principal[] issuers, - javax.net.ssl.SSLEngine engine) { - - if (keyType == null) { - return null; - } - return theX509KeyManager.chooseServerAlias(keyType, issuers); - } - - public java.security.cert.X509Certificate[] - getCertificateChain(String alias) { - return theX509KeyManager.getCertificateChain(alias); - } - - public PrivateKey getPrivateKey(String alias) { - return theX509KeyManager.getPrivateKey(alias); - } -} - -@SuppressWarnings("deprecation") -final class X509TrustManagerJavaxWrapper implements - javax.net.ssl.X509TrustManager { - - private X509TrustManager theX509TrustManager; - - X509TrustManagerJavaxWrapper(X509TrustManager obj) { - theX509TrustManager = obj; - } - - public void checkClientTrusted( - java.security.cert.X509Certificate[] chain, String authType) - throws java.security.cert.CertificateException { - if (!theX509TrustManager.isClientTrusted(chain)) { - throw new java.security.cert.CertificateException( - "Untrusted Client Certificate Chain"); - } - } - - public void checkServerTrusted( - java.security.cert.X509Certificate[] chain, String authType) - throws java.security.cert.CertificateException { - if (!theX509TrustManager.isServerTrusted(chain)) { - throw new java.security.cert.CertificateException( - "Untrusted Server Certificate Chain"); - } - } - - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return theX509TrustManager.getAcceptedIssuers(); - } -} - -@SuppressWarnings("deprecation") -final class X509KeyManagerComSunWrapper implements X509KeyManager { - - private javax.net.ssl.X509KeyManager theX509KeyManager; - - X509KeyManagerComSunWrapper(javax.net.ssl.X509KeyManager obj) { - theX509KeyManager = obj; - } - - public String[] getClientAliases(String keyType, Principal[] issuers) { - return theX509KeyManager.getClientAliases(keyType, issuers); - } - - public String chooseClientAlias(String keyType, Principal[] issuers) { - String [] keyTypes = new String [] { keyType }; - return theX509KeyManager.chooseClientAlias(keyTypes, issuers, null); - } - - public String[] getServerAliases(String keyType, Principal[] issuers) { - return theX509KeyManager.getServerAliases(keyType, issuers); - } - - public String chooseServerAlias(String keyType, Principal[] issuers) { - return theX509KeyManager.chooseServerAlias(keyType, issuers, null); - } - - public java.security.cert.X509Certificate[] - getCertificateChain(String alias) { - return theX509KeyManager.getCertificateChain(alias); - } - - public PrivateKey getPrivateKey(String alias) { - return theX509KeyManager.getPrivateKey(alias); - } -} - -@SuppressWarnings("deprecation") -final class X509TrustManagerComSunWrapper implements X509TrustManager { - - private javax.net.ssl.X509TrustManager theX509TrustManager; - - X509TrustManagerComSunWrapper(javax.net.ssl.X509TrustManager obj) { - theX509TrustManager = obj; - } - - public boolean isClientTrusted( - java.security.cert.X509Certificate[] chain) { - try { - theX509TrustManager.checkClientTrusted(chain, "UNKNOWN"); - return true; - } catch (java.security.cert.CertificateException e) { - return false; - } - } - - public boolean isServerTrusted( - java.security.cert.X509Certificate[] chain) { - try { - theX509TrustManager.checkServerTrusted(chain, "UNKNOWN"); - return true; - } catch (java.security.cert.CertificateException e) { - return false; - } - } - - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return theX509TrustManager.getAcceptedIssuers(); - } -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/TrustManager.java b/src/java.base/share/classes/com/sun/net/ssl/TrustManager.java deleted file mode 100644 index 376b111fd81..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/TrustManager.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.TrustManager - */ - -package com.sun.net.ssl; - -/** - * Base interface for JSSE trust managers which manage - * authentication trust decisions for different types of - * authentication material. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.TrustManager}. - */ -@Deprecated(since="1.4") -public interface TrustManager { -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactory.java b/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactory.java deleted file mode 100644 index b580f04af34..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactory.java +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.TrustManagerFactory - */ - -package com.sun.net.ssl; - -import java.security.*; - -/** - * This class acts as a factory for trust managers based on a - * source of trust material. Each trust manager manages a specific - * type of trust material for use by secure sockets. The trust - * material is based on a KeyStore and/or provider specific sources. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.TrustManagerFactory}. - */ -@Deprecated(since="1.4") -public class TrustManagerFactory { - // The provider - private Provider provider; - - // The provider implementation (delegate) - private TrustManagerFactorySpi factorySpi; - - // The name of the trust management algorithm. - private String algorithm; - - /** - *

The default TrustManager can be changed by setting the value of the - * {@code sun.ssl.trustmanager.type} security property to the desired name. - * - * @return the default type as specified by the - * {@code sun.ssl.trustmanager.type} security property, or an - * implementation-specific default if no such property exists. - * - * @see java.security.Security security properties - */ - public static final String getDefaultAlgorithm() { - String type; - type = AccessController.doPrivileged(new PrivilegedAction<>() { - public String run() { - return Security.getProperty("sun.ssl.trustmanager.type"); - } - }); - if (type == null) { - type = "SunX509"; - } - return type; - - } - - /** - * Creates a TrustManagerFactory object. - * - * @param factorySpi the delegate - * @param provider the provider - * @param algorithm the algorithm - */ - protected TrustManagerFactory(TrustManagerFactorySpi factorySpi, - Provider provider, String algorithm) { - this.factorySpi = factorySpi; - this.provider = provider; - this.algorithm = algorithm; - } - - /** - * Returns the algorithm name of this TrustManagerFactory - * object. - * - *

This is the same name that was specified in one of the - * getInstance calls that created this - * TrustManagerFactory object. - * - * @return the algorithm name of this TrustManagerFactory - * object. - */ - public final String getAlgorithm() { - return this.algorithm; - } - - /** - * Generates a TrustManagerFactory object that implements the - * specified trust management algorithm. - * If the default provider package provides an implementation of the - * requested trust management algorithm, an instance of - * TrustManagerFactory containing that implementation is - * returned. If the algorithm is not available in the default provider - * package, other provider packages are searched. - * - * @param algorithm the standard name of the requested trust management - * algorithm. - * - * @return the new TrustManagerFactory object - * - * @exception NoSuchAlgorithmException if the specified algorithm is not - * available in the default provider package or any of the other provider - * packages that were searched. - */ - public static final TrustManagerFactory getInstance(String algorithm) - throws NoSuchAlgorithmException - { - try { - Object[] objs = SSLSecurity.getImpl(algorithm, - "TrustManagerFactory", (String) null); - return new TrustManagerFactory((TrustManagerFactorySpi)objs[0], - (Provider)objs[1], - algorithm); - } catch (NoSuchProviderException e) { - throw new NoSuchAlgorithmException(algorithm + " not found"); - } - } - - /** - * Generates a TrustManagerFactory object for the specified - * trust management algorithm from the specified provider. - * - * @param algorithm the standard name of the requested trust management - * algorithm. - * @param provider the name of the provider - * - * @return the new TrustManagerFactory object - * - * @exception NoSuchAlgorithmException if the specified algorithm is not - * available from the specified provider. - * @exception NoSuchProviderException if the specified provider has not - * been configured. - */ - public static final TrustManagerFactory getInstance(String algorithm, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException - { - if (provider == null || provider.isEmpty()) - throw new IllegalArgumentException("missing provider"); - Object[] objs = SSLSecurity.getImpl(algorithm, "TrustManagerFactory", - provider); - return new TrustManagerFactory((TrustManagerFactorySpi)objs[0], - (Provider)objs[1], algorithm); - } - - /** - * Generates a TrustManagerFactory object for the specified - * trust management algorithm from the specified provider. - * - * @param algorithm the standard name of the requested trust management - * algorithm. - * @param provider an instance of the provider - * - * @return the new TrustManagerFactory object - * - * @exception NoSuchAlgorithmException if the specified algorithm is not - * available from the specified provider. - */ - public static final TrustManagerFactory getInstance(String algorithm, - Provider provider) - throws NoSuchAlgorithmException - { - if (provider == null) - throw new IllegalArgumentException("missing provider"); - Object[] objs = SSLSecurity.getImpl(algorithm, "TrustManagerFactory", - provider); - return new TrustManagerFactory((TrustManagerFactorySpi)objs[0], - (Provider)objs[1], algorithm); - } - - /** - * Returns the provider of this TrustManagerFactory object. - * - * @return the provider of this TrustManagerFactory object - */ - public final Provider getProvider() { - return this.provider; - } - - - /** - * Initializes this factory with a source of certificate - * authorities and related trust material. The - * provider may also include a provider-specific source - * of key material. - * - * @param ks the key store or null - */ - public void init(KeyStore ks) throws KeyStoreException { - factorySpi.engineInit(ks); - } - - /** - * Returns one trust manager for each type of trust material. - * @return the trust managers - */ - public TrustManager[] getTrustManagers() { - return factorySpi.engineGetTrustManagers(); - } -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactorySpi.java b/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactorySpi.java deleted file mode 100644 index 8ab1901c4ea..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/TrustManagerFactorySpi.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.TrustManagerFactorySpi - */ - -package com.sun.net.ssl; - -import java.security.*; - -/** - * This class defines the Service Provider Interface (SPI) - * for the TrustManagerFactory class. - * - *

All the abstract methods in this class must be implemented by each - * cryptographic service provider who wishes to supply the implementation - * of a particular trust manager factory. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.TrustManagerFactorySpi}. - */ -@Deprecated(since="1.4") -public abstract class TrustManagerFactorySpi { - /** - * Initializes this factory with a source of certificate - * authorities and related trust material. The - * provider may also include a provider-specific source - * of key material. - * - * @param ks the key store or null - */ - protected abstract void engineInit(KeyStore ks) throws KeyStoreException; - - /** - * Returns one trust manager for each type of trust material. - * @return the trust managers - */ - protected abstract TrustManager[] engineGetTrustManagers(); -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/X509KeyManager.java b/src/java.base/share/classes/com/sun/net/ssl/X509KeyManager.java deleted file mode 100644 index 8d4019c8721..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/X509KeyManager.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.X509KeyManager - */ - -package com.sun.net.ssl; - -import java.security.KeyManagementException; -import java.security.PrivateKey; -import java.security.Principal; -import java.security.cert.X509Certificate; - -/** - * Instances of this interface manage which X509 certificate-based - * key pairs are used to authenticate the local side of a secure - * socket. The individual entries are identified by unique alias names. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.X509KeyManager}. - */ -@Deprecated(since="1.4") -public interface X509KeyManager extends KeyManager { - /** - * Get the matching aliases for authenticating the client side of a secure - * socket given the public key type and the list of - * certificate issuer authorities recognized by the peer (if any). - * - * @param keyType the key algorithm type name - * @param issuers the list of acceptable CA issuer subject names - * @return the matching alias names - */ - public String[] getClientAliases(String keyType, Principal[] issuers); - - /** - * Choose an alias to authenticate the client side of a secure - * socket given the public key type and the list of - * certificate issuer authorities recognized by the peer (if any). - * - * @param keyType the key algorithm type name - * @param issuers the list of acceptable CA issuer subject names - * @return the alias name for the desired key - */ - public String chooseClientAlias(String keyType, Principal[] issuers); - - /** - * Get the matching aliases for authenticating the server side of a secure - * socket given the public key type and the list of - * certificate issuer authorities recognized by the peer (if any). - * - * @param keyType the key algorithm type name - * @param issuers the list of acceptable CA issuer subject names - * @return the matching alias names - */ - public String[] getServerAliases(String keyType, Principal[] issuers); - - /** - * Choose an alias to authenticate the server side of a secure - * socket given the public key type and the list of - * certificate issuer authorities recognized by the peer (if any). - * - * @param keyType the key algorithm type name - * @param issuers the list of acceptable CA issuer subject names - * @return the alias name for the desired key - */ - public String chooseServerAlias(String keyType, Principal[] issuers); - - /** - * Returns the certificate chain associated with the given alias. - * - * @param alias the alias name - * - * @return the certificate chain (ordered with the user's certificate first - * and the root certificate authority last) - */ - public X509Certificate[] getCertificateChain(String alias); - - /* - * Returns the key associated with the given alias. - * - * @param alias the alias name - * - * @return the requested key - */ - public PrivateKey getPrivateKey(String alias); -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/X509TrustManager.java b/src/java.base/share/classes/com/sun/net/ssl/X509TrustManager.java deleted file mode 100644 index 041c3e6f587..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/X509TrustManager.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: this file was copied from javax.net.ssl.X509TrustManager - */ - -package com.sun.net.ssl; - -import java.security.cert.X509Certificate; - -/** - * Instance of this interface manage which X509 certificates - * may be used to authenticate the remote side of a secure - * socket. Decisions may be based on trusted certificate - * authorities, certificate revocation lists, online - * status checking or other means. - * - * @deprecated As of JDK 1.4, this implementation-specific class was - * replaced by {@link javax.net.ssl.X509TrustManager}. - */ -@Deprecated(since="1.4") -public interface X509TrustManager extends TrustManager { - /** - * Given the partial or complete certificate chain - * provided by the peer, build a certificate path - * to a trusted root and return true if it can be - * validated and is trusted for client SSL authentication. - * - * @param chain the peer certificate chain - */ - public boolean isClientTrusted(X509Certificate[] chain); - - /** - * Given the partial or complete certificate chain - * provided by the peer, build a certificate path - * to a trusted root and return true if it can be - * validated and is trusted for server SSL authentication. - * - * @param chain the peer certificate chain - */ - public boolean isServerTrusted(X509Certificate[] chain); - - /** - * Return an array of certificate authority certificates - * which are trusted for authenticating peers. - * - * @return the acceptable CA issuer certificates - */ - public X509Certificate[] getAcceptedIssuers(); -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/Provider.java b/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/Provider.java deleted file mode 100644 index 40e3317dd0f..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/Provider.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.net.ssl.internal.ssl; - -import sun.security.ssl.SunJSSE; - -/** - * Main class for the SunJSSE provider. The actual code was moved to the - * class sun.security.ssl.SunJSSE, but for backward compatibility we - * continue to use this class as the main Provider class. - */ -@Deprecated(since="9") -public final class Provider extends SunJSSE { - - private static final long serialVersionUID = 3231825739635378733L; - - // standard constructor - public Provider() { - super(); - } - - /** - * Installs the JSSE provider. - */ - public static synchronized void install() { - /* nop. Remove this method in the future. */ - } - -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/X509ExtendedTrustManager.java b/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/X509ExtendedTrustManager.java deleted file mode 100644 index 2af41b97fe5..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/internal/ssl/X509ExtendedTrustManager.java +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.net.ssl.internal.ssl; - -import javax.net.ssl.X509TrustManager; - -import java.security.cert.X509Certificate; -import java.security.cert.CertificateException; - -/** - * Instance of this class is an extension of X509TrustManager. - *

- * Note that this class is referenced by the Deploy workspace. Any updates - * must make sure that they do not cause any breakage there. - *

- * It takes the responsiblity of checking the peer identity with its - * principal declared in the cerificate. - *

- * The class provides an alternative to HostnameVerifer. - * If application customizes its HostnameVerifer for - * HttpsURLConnection, the peer identity will be checked - * by the customized HostnameVerifer; otherwise, it will - * be checked by the extended trust manager. - *

- * RFC2830 defines the server identification specification for "LDAP" - * algorithm. RFC2818 defines both the server identification and the - * client identification specification for "HTTPS" algorithm. - * - * @see X509TrustManager - * @see HostnameVerifier - * - * @since 1.6 - * @author Xuelei Fan - */ -@Deprecated(since="9") -public abstract class X509ExtendedTrustManager implements X509TrustManager { - /** - * Constructor used by subclasses only. - */ - protected X509ExtendedTrustManager() { - } - - /** - * Given the partial or complete certificate chain provided by the - * peer, check its identity and build a certificate path to a trusted - * root, return if it can be validated and is trusted for client SSL - * authentication based on the authentication type. - *

- * The authentication type is determined by the actual certificate - * used. For instance, if RSAPublicKey is used, the authType - * should be "RSA". Checking is case-sensitive. - *

- * The algorithm parameter specifies the client identification protocol - * to use. If the algorithm and the peer hostname are available, the - * peer hostname is checked against the peer's identity presented in - * the X509 certificate, in order to prevent masquerade attacks. - * - * @param chain the peer certificate chain - * @param authType the authentication type based on the client certificate - * @param hostname the peer hostname - * @param algorithm the identification algorithm - * @throws IllegalArgumentException if null or zero-length chain - * is passed in for the chain parameter or if null or zero-length - * string is passed in for the authType parameter - * @throws CertificateException if the certificate chain is not trusted - * by this TrustManager. - */ - public abstract void checkClientTrusted(X509Certificate[] chain, - String authType, String hostname, String algorithm) - throws CertificateException; - - /** - * Given the partial or complete certificate chain provided by the - * peer, check its identity and build a certificate path to a trusted - * root, return if it can be validated and is trusted for server SSL - * authentication based on the authentication type. - *

- * The authentication type is the key exchange algorithm portion - * of the cipher suites represented as a String, such as "RSA", - * "DHE_DSS". Checking is case-sensitive. - *

- * The algorithm parameter specifies the server identification protocol - * to use. If the algorithm and the peer hostname are available, the - * peer hostname is checked against the peer's identity presented in - * the X509 certificate, in order to prevent masquerade attacks. - * - * @param chain the peer certificate chain - * @param authType the key exchange algorithm used - * @param hostname the peer hostname - * @param algorithm the identification algorithm - * @throws IllegalArgumentException if null or zero-length chain - * is passed in for the chain parameter or if null or zero-length - * string is passed in for the authType parameter - * @throws CertificateException if the certificate chain is not trusted - * by this TrustManager. - */ - public abstract void checkServerTrusted(X509Certificate[] chain, - String authType, String hostname, String algorithm) - throws CertificateException; -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java b/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java deleted file mode 100644 index 46b8e299911..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.net.ssl.internal.www.protocol.https; - -import java.net.URL; -import java.net.Proxy; -import java.io.IOException; -import java.util.Collection; -import java.util.List; -import java.util.Iterator; - -import java.security.Principal; -import java.security.cert.*; - -import javax.security.auth.x500.X500Principal; - -import sun.security.util.HostnameChecker; -import sun.security.util.DerValue; -import sun.security.x509.X500Name; - -import sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection; - -/** - * This class was introduced to provide an additional level of - * abstraction between javax.net.ssl.HttpURLConnection and - * com.sun.net.ssl.HttpURLConnection objects.

- * - * javax.net.ssl.HttpURLConnection is used in the new sun.net version - * of protocol implementation (this one) - * com.sun.net.ssl.HttpURLConnection is used in the com.sun version. - * - */ -@Deprecated(since="9") -@SuppressWarnings("deprecation") // HttpsURLConnection is deprecated -public class DelegateHttpsURLConnection extends AbstractDelegateHttpsURLConnection { - - // we need a reference to the HttpsURLConnection to get - // the properties set there - // we also need it to be public so that it can be referenced - // from sun.net.www.protocol.http.HttpURLConnection - // this is for ResponseCache.put(URI, URLConnection) - // second parameter needs to be cast to javax.net.ssl.HttpsURLConnection - // instead of AbstractDelegateHttpsURLConnection - - public com.sun.net.ssl.HttpsURLConnection httpsURLConnection; - - DelegateHttpsURLConnection(URL url, - sun.net.www.protocol.http.Handler handler, - com.sun.net.ssl.HttpsURLConnection httpsURLConnection) - throws IOException { - this(url, null, handler, httpsURLConnection); - } - - DelegateHttpsURLConnection(URL url, Proxy p, - sun.net.www.protocol.http.Handler handler, - com.sun.net.ssl.HttpsURLConnection httpsURLConnection) - throws IOException { - super(url, p, handler); - this.httpsURLConnection = httpsURLConnection; - } - - protected javax.net.ssl.SSLSocketFactory getSSLSocketFactory() { - return httpsURLConnection.getSSLSocketFactory(); - } - - protected javax.net.ssl.HostnameVerifier getHostnameVerifier() { - // note: getHostnameVerifier() never returns null - return new VerifierWrapper(httpsURLConnection.getHostnameVerifier()); - } - - /* - * Called by layered delegator's finalize() method to handle closing - * the underlying object. - */ - protected void dispose() throws Throwable { - super.finalize(); - } -} - -class VerifierWrapper implements javax.net.ssl.HostnameVerifier { - @SuppressWarnings("deprecation") - private com.sun.net.ssl.HostnameVerifier verifier; - - @SuppressWarnings("deprecation") - VerifierWrapper(com.sun.net.ssl.HostnameVerifier verifier) { - this.verifier = verifier; - } - - /* - * In com.sun.net.ssl.HostnameVerifier the method is defined - * as verify(String urlHostname, String certHostname). - * This means we need to extract the hostname from the X.509 certificate - * in this wrapper. - */ - public boolean verify(String hostname, javax.net.ssl.SSLSession session) { - try { - Certificate[] serverChain = session.getPeerCertificates(); - if ((serverChain == null) || (serverChain.length == 0)) { - return false; - } - if (serverChain[0] instanceof X509Certificate == false) { - return false; - } - X509Certificate serverCert = (X509Certificate)serverChain[0]; - String serverName = getServername(serverCert); - if (serverName == null) { - return false; - } - return verifier.verify(hostname, serverName); - } catch (javax.net.ssl.SSLPeerUnverifiedException e) { - return false; - } - } - - /* - * Extract the name of the SSL server from the certificate. - * - * Note this code is essentially a subset of the hostname extraction - * code in HostnameChecker. - */ - private static String getServername(X509Certificate peerCert) { - try { - // compare to subjectAltNames if dnsName is present - Collection> subjAltNames = peerCert.getSubjectAlternativeNames(); - if (subjAltNames != null) { - for (Iterator> itr = subjAltNames.iterator(); itr.hasNext(); ) { - List next = itr.next(); - if (((Integer)next.get(0)).intValue() == 2) { - // compare dNSName with host in url - String dnsName = ((String)next.get(1)); - return dnsName; - } - } - } - - // else check against common name in the subject field - X500Name subject = HostnameChecker.getSubjectX500Name(peerCert); - - DerValue derValue = subject.findMostSpecificAttribute - (X500Name.commonName_oid); - if (derValue != null) { - try { - String name = derValue.getAsString(); - return name; - } catch (IOException e) { - // ignore - } - } - } catch (java.security.cert.CertificateException e) { - // ignore - } - return null; - } - -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/Handler.java b/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/Handler.java deleted file mode 100644 index 42874841bfc..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/Handler.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.net.ssl.internal.www.protocol.https; - -import java.io.IOException; -import java.net.URL; -import java.net.Proxy; - -/** - * This class exists for compatibility with previous JSSE releases - * only. The HTTPS implementation can now be found in - * sun.net.www.protocol.https. - * - */ -@Deprecated(since="9") -public class Handler extends sun.net.www.protocol.https.Handler { - - public Handler() { - super(); - } - - public Handler(String proxy, int port) { - super(proxy, port); - } - - protected java.net.URLConnection openConnection(URL u) throws IOException { - return openConnection(u, (Proxy)null); - } - - protected java.net.URLConnection openConnection(URL u, Proxy p) throws IOException { - return new HttpsURLConnectionOldImpl(u, p, this); - } -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java b/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java deleted file mode 100644 index eb7c11b21f9..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java +++ /dev/null @@ -1,506 +0,0 @@ -/* - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * NOTE: This class lives in the package sun.net.www.protocol.https. - * There is a copy in com.sun.net.ssl.internal.www.protocol.https for JSSE - * 1.0.2 compatibility. It is 100% identical except the package and extends - * lines. Any changes should be made to be class in sun.net.* and then copied - * to com.sun.net.*. - */ - -// For both copies of the file, uncomment one line and comment the other -// package sun.net.www.protocol.https; -package com.sun.net.ssl.internal.www.protocol.https; - -import java.net.URL; -import java.net.Proxy; -import java.net.ProtocolException; -import java.net.MalformedURLException; -import java.io.*; -import java.net.Authenticator; -import javax.net.ssl.*; -import java.security.Permission; -import java.util.Map; -import java.util.List; -import sun.net.www.http.HttpClient; - -/** - * A class to represent an HTTP connection to a remote object. - * - * Ideally, this class should subclass and inherit the http handler - * implementation, but it can't do so because that class have the - * wrong Java Type. Thus it uses the delegate (aka, the - * Adapter/Wrapper design pattern) to reuse code from the http - * handler. - * - * Since it would use a delegate to access - * sun.net.www.protocol.http.HttpURLConnection functionalities, it - * needs to implement all public methods in it's super class and all - * the way to Object. - * - */ - -// For both copies of the file, uncomment one line and comment the other -// public class HttpsURLConnectionImpl -// extends javax.net.ssl.HttpsURLConnection { -@Deprecated(since="9") -@SuppressWarnings("deprecation") // HttpsURLConnection is deprecated -public class HttpsURLConnectionOldImpl - extends com.sun.net.ssl.HttpsURLConnection { - - private DelegateHttpsURLConnection delegate; - -// For both copies of the file, uncomment one line and comment the other -// HttpsURLConnectionImpl(URL u, Handler handler) throws IOException { - HttpsURLConnectionOldImpl(URL u, Handler handler) throws IOException { - this(u, null, handler); - } - - static URL checkURL(URL u) throws IOException { - if (u != null) { - if (u.toExternalForm().indexOf('\n') > -1) { - throw new MalformedURLException("Illegal character in URL"); - } - } - return u; - } -// For both copies of the file, uncomment one line and comment the other -// HttpsURLConnectionImpl(URL u, Handler handler) throws IOException { - HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { - super(checkURL(u)); - delegate = new DelegateHttpsURLConnection(url, p, handler, this); - } - - /** - * Create a new HttpClient object, bypassing the cache of - * HTTP client objects/connections. - * - * @param url the URL being accessed - */ - protected void setNewClient(URL url) throws IOException { - delegate.setNewClient(url, false); - } - - /** - * Obtain a HttpClient object. Use the cached copy if specified. - * - * @param url the URL being accessed - * @param useCache whether the cached connection should be used - * if present - */ - protected void setNewClient(URL url, boolean useCache) - throws IOException { - delegate.setNewClient(url, useCache); - } - - /** - * Create a new HttpClient object, set up so that it uses - * per-instance proxying to the given HTTP proxy. This - * bypasses the cache of HTTP client objects/connections. - * - * @param url the URL being accessed - * @param proxyHost the proxy host to use - * @param proxyPort the proxy port to use - */ - protected void setProxiedClient(URL url, String proxyHost, int proxyPort) - throws IOException { - delegate.setProxiedClient(url, proxyHost, proxyPort); - } - - /** - * Obtain a HttpClient object, set up so that it uses per-instance - * proxying to the given HTTP proxy. Use the cached copy of HTTP - * client objects/connections if specified. - * - * @param url the URL being accessed - * @param proxyHost the proxy host to use - * @param proxyPort the proxy port to use - * @param useCache whether the cached connection should be used - * if present - */ - protected void setProxiedClient(URL url, String proxyHost, int proxyPort, - boolean useCache) throws IOException { - delegate.setProxiedClient(url, proxyHost, proxyPort, useCache); - } - - /** - * Implements the HTTP protocol handler's "connect" method, - * establishing an SSL connection to the server as necessary. - */ - public void connect() throws IOException { - delegate.connect(); - } - - /** - * Used by subclass to access "connected" variable. Since we are - * delegating the actual implementation to "delegate", we need to - * delegate the access of "connected" as well. - */ - protected boolean isConnected() { - return delegate.isConnected(); - } - - /** - * Used by subclass to access "connected" variable. Since we are - * delegating the actual implementation to "delegate", we need to - * delegate the access of "connected" as well. - */ - protected void setConnected(boolean conn) { - delegate.setConnected(conn); - } - - /** - * Returns the cipher suite in use on this connection. - */ - public String getCipherSuite() { - return delegate.getCipherSuite(); - } - - /** - * Returns the certificate chain the client sent to the - * server, or null if the client did not authenticate. - */ - public java.security.cert.Certificate [] - getLocalCertificates() { - return delegate.getLocalCertificates(); - } - - /** - * Returns the server's certificate chain, or throws - * SSLPeerUnverified Exception if - * the server did not authenticate. - */ - public java.security.cert.Certificate [] - getServerCertificates() throws SSLPeerUnverifiedException { - return delegate.getServerCertificates(); - } - - /* - * Allowable input/output sequences: - * [interpreted as POST/PUT] - * - get output, [write output,] get input, [read input] - * - get output, [write output] - * [interpreted as GET] - * - get input, [read input] - * Disallowed: - * - get input, [read input,] get output, [write output] - */ - - public synchronized OutputStream getOutputStream() throws IOException { - return delegate.getOutputStream(); - } - - public synchronized InputStream getInputStream() throws IOException { - return delegate.getInputStream(); - } - - public InputStream getErrorStream() { - return delegate.getErrorStream(); - } - - /** - * Disconnect from the server. - */ - public void disconnect() { - delegate.disconnect(); - } - - public boolean usingProxy() { - return delegate.usingProxy(); - } - - /** - * Returns an unmodifiable Map of the header fields. - * The Map keys are Strings that represent the - * response-header field names. Each Map value is an - * unmodifiable List of Strings that represents - * the corresponding field values. - * - * @return a Map of header fields - * @since 1.4 - */ - public Map> getHeaderFields() { - return delegate.getHeaderFields(); - } - - /** - * Gets a header field by name. Returns null if not known. - * @param name the name of the header field - */ - public String getHeaderField(String name) { - return delegate.getHeaderField(name); - } - - /** - * Gets a header field by index. Returns null if not known. - * @param n the index of the header field - */ - public String getHeaderField(int n) { - return delegate.getHeaderField(n); - } - - /** - * Gets a header field by index. Returns null if not known. - * @param n the index of the header field - */ - public String getHeaderFieldKey(int n) { - return delegate.getHeaderFieldKey(n); - } - - /** - * Sets request property. If a property with the key already - * exists, overwrite its value with the new value. - * @param value the value to be set - */ - public void setRequestProperty(String key, String value) { - delegate.setRequestProperty(key, value); - } - - /** - * Adds a general request property specified by a - * key-value pair. This method will not overwrite - * existing values associated with the same key. - * - * @param key the keyword by which the request is known - * (e.g., "accept"). - * @param value the value associated with it. - * @see #getRequestProperties(java.lang.String) - * @since 1.4 - */ - public void addRequestProperty(String key, String value) { - delegate.addRequestProperty(key, value); - } - - /** - * Overwrite super class method - */ - public int getResponseCode() throws IOException { - return delegate.getResponseCode(); - } - - public String getRequestProperty(String key) { - return delegate.getRequestProperty(key); - } - - /** - * Returns an unmodifiable Map of general request - * properties for this connection. The Map keys - * are Strings that represent the request-header - * field names. Each Map value is a unmodifiable List - * of Strings that represents the corresponding - * field values. - * - * @return a Map of the general request properties for this connection. - * @throws IllegalStateException if already connected - * @since 1.4 - */ - public Map> getRequestProperties() { - return delegate.getRequestProperties(); - } - - /* - * We support JDK 1.2.x so we can't count on these from JDK 1.3. - * We override and supply our own version. - */ - public void setInstanceFollowRedirects(boolean shouldFollow) { - delegate.setInstanceFollowRedirects(shouldFollow); - } - - public boolean getInstanceFollowRedirects() { - return delegate.getInstanceFollowRedirects(); - } - - public void setRequestMethod(String method) throws ProtocolException { - delegate.setRequestMethod(method); - } - - public String getRequestMethod() { - return delegate.getRequestMethod(); - } - - public String getResponseMessage() throws IOException { - return delegate.getResponseMessage(); - } - - public long getHeaderFieldDate(String name, long Default) { - return delegate.getHeaderFieldDate(name, Default); - } - - public Permission getPermission() throws IOException { - return delegate.getPermission(); - } - - public URL getURL() { - return delegate.getURL(); - } - - public int getContentLength() { - return delegate.getContentLength(); - } - - public long getContentLengthLong() { - return delegate.getContentLengthLong(); - } - - public String getContentType() { - return delegate.getContentType(); - } - - public String getContentEncoding() { - return delegate.getContentEncoding(); - } - - public long getExpiration() { - return delegate.getExpiration(); - } - - public long getDate() { - return delegate.getDate(); - } - - public long getLastModified() { - return delegate.getLastModified(); - } - - public int getHeaderFieldInt(String name, int Default) { - return delegate.getHeaderFieldInt(name, Default); - } - - public long getHeaderFieldLong(String name, long Default) { - return delegate.getHeaderFieldLong(name, Default); - } - - public Object getContent() throws IOException { - return delegate.getContent(); - } - - @SuppressWarnings("rawtypes") - public Object getContent(Class[] classes) throws IOException { - return delegate.getContent(classes); - } - - public String toString() { - return delegate.toString(); - } - - public void setDoInput(boolean doinput) { - delegate.setDoInput(doinput); - } - - public boolean getDoInput() { - return delegate.getDoInput(); - } - - public void setDoOutput(boolean dooutput) { - delegate.setDoOutput(dooutput); - } - - public boolean getDoOutput() { - return delegate.getDoOutput(); - } - - public void setAllowUserInteraction(boolean allowuserinteraction) { - delegate.setAllowUserInteraction(allowuserinteraction); - } - - public boolean getAllowUserInteraction() { - return delegate.getAllowUserInteraction(); - } - - public void setUseCaches(boolean usecaches) { - delegate.setUseCaches(usecaches); - } - - public boolean getUseCaches() { - return delegate.getUseCaches(); - } - - public void setIfModifiedSince(long ifmodifiedsince) { - delegate.setIfModifiedSince(ifmodifiedsince); - } - - public long getIfModifiedSince() { - return delegate.getIfModifiedSince(); - } - - public boolean getDefaultUseCaches() { - return delegate.getDefaultUseCaches(); - } - - public void setDefaultUseCaches(boolean defaultusecaches) { - delegate.setDefaultUseCaches(defaultusecaches); - } - - /* - * finalize (dispose) the delegated object. Otherwise - * sun.net.www.protocol.http.HttpURLConnection's finalize() - * would have to be made public. - */ - protected void finalize() throws Throwable { - delegate.dispose(); - } - - public boolean equals(Object obj) { - return delegate.equals(obj); - } - - public int hashCode() { - return delegate.hashCode(); - } - - public void setConnectTimeout(int timeout) { - delegate.setConnectTimeout(timeout); - } - - public int getConnectTimeout() { - return delegate.getConnectTimeout(); - } - - public void setReadTimeout(int timeout) { - delegate.setReadTimeout(timeout); - } - - public int getReadTimeout() { - return delegate.getReadTimeout(); - } - - public void setFixedLengthStreamingMode (int contentLength) { - delegate.setFixedLengthStreamingMode(contentLength); - } - - public void setFixedLengthStreamingMode(long contentLength) { - delegate.setFixedLengthStreamingMode(contentLength); - } - - public void setChunkedStreamingMode (int chunklen) { - delegate.setChunkedStreamingMode(chunklen); - } - - @Override - public void setAuthenticator(Authenticator auth) { - delegate.setAuthenticator(auth); - } -} diff --git a/src/java.base/share/classes/com/sun/net/ssl/package-info.java b/src/java.base/share/classes/com/sun/net/ssl/package-info.java deleted file mode 100644 index eb59e238164..00000000000 --- a/src/java.base/share/classes/com/sun/net/ssl/package-info.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/** - * Provides classes related to creating and configuring secure socket - * factories. These classes are used with the Sun reference - * implementation of the Java Secure Socket Extension (JSSE). - */ -package com.sun.net.ssl; diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java index 3280acd0e7d..6484f3ba6ea 100644 --- a/src/java.base/share/classes/java/security/Security.java +++ b/src/java.base/share/classes/java/security/Security.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -201,7 +201,7 @@ public final class Security { private static void initializeStatic() { props.put("security.provider.1", "sun.security.provider.Sun"); props.put("security.provider.2", "sun.security.rsa.SunRsaSign"); - props.put("security.provider.3", "com.sun.net.ssl.internal.ssl.Provider"); + props.put("security.provider.3", "sun.security.ssl.SunJSSE"); props.put("security.provider.4", "com.sun.crypto.provider.SunJCE"); props.put("security.provider.5", "sun.security.jgss.SunProvider"); props.put("security.provider.6", "com.sun.security.sasl.Provider"); diff --git a/src/java.base/share/classes/java/security/Signature.java b/src/java.base/share/classes/java/security/Signature.java index 001f740f07c..10b8223acc7 100644 --- a/src/java.base/share/classes/java/security/Signature.java +++ b/src/java.base/share/classes/java/security/Signature.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -285,7 +285,6 @@ public abstract class Signature extends SignatureSpi { signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE); signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE); signatureInfo.put("sun.security.rsa.RSAPSSSignature", TRUE); - signatureInfo.put("com.sun.net.ssl.internal.ssl.RSASignature", TRUE); signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE); } diff --git a/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java b/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java index 13cd88007db..f14f3f02867 100644 --- a/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java +++ b/src/java.base/share/classes/sun/net/www/protocol/https/AbstractDelegateHttpsURLConnection.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -71,10 +71,6 @@ public abstract class AbstractDelegateHttpsURLConnection extends * Create a new HttpClient object, bypassing the cache of * HTTP client objects/connections. * - * Note: this method is changed from protected to public because - * the com.sun.ssl.internal.www.protocol.https handler reuses this - * class for its actual implemantation - * * @param url the URL being accessed */ public void setNewClient (URL url) @@ -85,10 +81,6 @@ public abstract class AbstractDelegateHttpsURLConnection extends /** * Obtain a HttpClient object. Use the cached copy if specified. * - * Note: this method is changed from protected to public because - * the com.sun.ssl.internal.www.protocol.https handler reuses this - * class for its actual implemantation - * * @param url the URL being accessed * @param useCache whether the cached connection should be used * if present @@ -107,10 +99,6 @@ public abstract class AbstractDelegateHttpsURLConnection extends * per-instance proxying to the given HTTP proxy. This * bypasses the cache of HTTP client objects/connections. * - * Note: this method is changed from protected to public because - * the com.sun.ssl.internal.www.protocol.https handler reuses this - * class for its actual implemantation - * * @param url the URL being accessed * @param proxyHost the proxy host to use * @param proxyPort the proxy port to use @@ -125,10 +113,6 @@ public abstract class AbstractDelegateHttpsURLConnection extends * proxying to the given HTTP proxy. Use the cached copy of HTTP * client objects/connections if specified. * - * Note: this method is changed from protected to public because - * the com.sun.ssl.internal.www.protocol.https handler reuses this - * class for its actual implemantation - * * @param url the URL being accessed * @param proxyHost the proxy host to use * @param proxyPort the proxy port to use diff --git a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java index 3ac480025d1..05b215c18ca 100644 --- a/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java +++ b/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,17 +23,7 @@ * questions. */ -/* - * NOTE: This class lives in the package sun.net.www.protocol.https. - * There is a copy in com.sun.net.ssl.internal.www.protocol.https for JSSE - * 1.0.2 compatibility. It is 100% identical except the package and extends - * lines. Any changes should be made to be class in sun.net.* and then copied - * to com.sun.net.*. - */ - -// For both copies of the file, uncomment one line and comment the other package sun.net.www.protocol.https; -// package com.sun.net.ssl.internal.www.protocol.https; import java.net.URL; import java.net.Proxy; @@ -64,21 +54,13 @@ import sun.net.www.http.HttpClient; * the way to Object. * */ - -// For both copies of the file, uncomment one line and comment the -// other. The differences between the two copies are introduced for -// plugin, and it is marked as such. public class HttpsURLConnectionImpl extends javax.net.ssl.HttpsURLConnection { -// public class HttpsURLConnectionOldImpl -// extends com.sun.net.ssl.HttpsURLConnection { // NOTE: made protected for plugin so that subclass can set it. protected DelegateHttpsURLConnection delegate; -// For both copies of the file, uncomment one line and comment the other HttpsURLConnectionImpl(URL u, Handler handler) throws IOException { -// HttpsURLConnectionOldImpl(URL u, Handler handler) throws IOException { this(u, null, handler); } @@ -90,9 +72,8 @@ public class HttpsURLConnectionImpl } return u; } -// For both copies of the file, uncomment one line and comment the other + HttpsURLConnectionImpl(URL u, Proxy p, Handler handler) throws IOException { -// HttpsURLConnectionOldImpl(URL u, Proxy p, Handler handler) throws IOException { super(checkURL(u)); delegate = new DelegateHttpsURLConnection(url, p, handler, this); } diff --git a/src/java.base/share/classes/sun/security/jca/ProviderConfig.java b/src/java.base/share/classes/sun/security/jca/ProviderConfig.java index ffa06f51fb5..fad94936184 100644 --- a/src/java.base/share/classes/sun/security/jca/ProviderConfig.java +++ b/src/java.base/share/classes/sun/security/jca/ProviderConfig.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -178,8 +178,12 @@ final class ProviderConfig { p = new sun.security.rsa.SunRsaSign(); } else if (provName.equals("SunJCE") || provName.equals("com.sun.crypto.provider.SunJCE")) { p = new com.sun.crypto.provider.SunJCE(); - } else if (provName.equals("SunJSSE") || provName.equals("com.sun.net.ssl.internal.ssl.Provider")) { - p = new com.sun.net.ssl.internal.ssl.Provider(); + } else if (provName.equals("SunJSSE") || + provName.equals("com.sun.net.ssl.internal.ssl.Provider")) { + // com.sun.net.ssl.internal.ssl.Provider is the legacy SunJSSE + // provider implementation. For compatibility, let's continue to + // support the legacy name for a while. + p = new sun.security.ssl.SunJSSE(); } else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) { // need to use reflection since this class only exists on MacOsx p = AccessController.doPrivileged(new PrivilegedAction() { diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java index e1975b2a8f0..b8e9a68c3c2 100644 --- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java +++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java @@ -58,7 +58,7 @@ import static sun.security.provider.SunEntries.createAliases; * FIPS mode. * */ -public abstract class SunJSSE extends java.security.Provider { +public class SunJSSE extends java.security.Provider { private static final long serialVersionUID = 3231825739635378733L; @@ -66,9 +66,8 @@ public abstract class SunJSSE extends java.security.Provider { "(PKCS12, SunX509/PKIX key/trust factories, " + "SSLv3/TLSv1/TLSv1.1/TLSv1.2/TLSv1.3/DTLSv1.0/DTLSv1.2)"; - protected SunJSSE() { + public SunJSSE() { super("SunJSSE", PROVIDER_VER, info); - subclassCheck(); registerAlgorithms(); } @@ -136,12 +135,4 @@ public abstract class SunJSSE extends java.security.Provider { ps("KeyStore", "PKCS12", "sun.security.pkcs12.PKCS12KeyStore", null, null); } - - // com.sun.net.ssl.internal.ssl.Provider has been deprecated since JDK 9 - @SuppressWarnings("deprecation") - private void subclassCheck() { - if (getClass() != com.sun.net.ssl.internal.ssl.Provider.class) { - throw new AssertionError("Illegal subclass: " + getClass()); - } - } } diff --git a/test/jdk/TEST.groups b/test/jdk/TEST.groups index 9bb5f7b6fb5..668341bb903 100644 --- a/test/jdk/TEST.groups +++ b/test/jdk/TEST.groups @@ -1,4 +1,4 @@ -# Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -214,8 +214,7 @@ jdk_security3 = \ sun/security \ -sun/security/krb5 \ -sun/security/jgss \ - javax/net \ - com/sun/net/ssl + javax/net jdk_security4 = \ com/sun/security/jgss \ diff --git a/test/jdk/com/sun/net/ssl/SSLSecurity/ComKeyManagerFactoryImpl.java b/test/jdk/com/sun/net/ssl/SSLSecurity/ComKeyManagerFactoryImpl.java deleted file mode 100644 index 84c12bdf5e3..00000000000 --- a/test/jdk/com/sun/net/ssl/SSLSecurity/ComKeyManagerFactoryImpl.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -import java.security.*; -import com.sun.net.ssl.*; - -public class ComKeyManagerFactoryImpl extends KeyManagerFactorySpi { - - public ComKeyManagerFactoryImpl() { - System.out.println("ComKeyManagerFactoryImpl initialized"); - } - - protected void engineInit(KeyStore ks, char [] password) - throws KeyStoreException { - System.out.println("ComKeyManagerFactoryImpl init'd"); - } - - protected KeyManager[] engineGetKeyManagers() { - return null; - } -} diff --git a/test/jdk/com/sun/net/ssl/SSLSecurity/ComSSLContextImpl.java b/test/jdk/com/sun/net/ssl/SSLSecurity/ComSSLContextImpl.java deleted file mode 100644 index ee5403a345c..00000000000 --- a/test/jdk/com/sun/net/ssl/SSLSecurity/ComSSLContextImpl.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -import java.security.*; -import com.sun.net.ssl.*; - -public class ComSSLContextImpl extends SSLContextSpi { - - public ComSSLContextImpl() { - System.out.println("ComSSLContextImpl initialized"); - } - - protected void engineInit(KeyManager[] km, - TrustManager[] tm, SecureRandom sr) throws KeyManagementException { - System.out.println("ComSSLContextImpl init'd"); - } - - protected javax.net.ssl.SSLSocketFactory engineGetSocketFactory() { - return null; - } - - protected javax.net.ssl.SSLServerSocketFactory - engineGetServerSocketFactory() { - return null; - } - -} diff --git a/test/jdk/com/sun/net/ssl/SSLSecurity/ComTrustManagerFactoryImpl.java b/test/jdk/com/sun/net/ssl/SSLSecurity/ComTrustManagerFactoryImpl.java deleted file mode 100644 index d4286fe59d0..00000000000 --- a/test/jdk/com/sun/net/ssl/SSLSecurity/ComTrustManagerFactoryImpl.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -import java.security.*; -import com.sun.net.ssl.*; - -public class ComTrustManagerFactoryImpl extends TrustManagerFactorySpi { - - public ComTrustManagerFactoryImpl() { - System.out.println("ComTrustManagerFactoryImpl initialized"); - } - - protected void engineInit(KeyStore ks) throws KeyStoreException { - System.out.println("ComTrustManagerFactoryImpl init'd"); - } - - protected TrustManager[] engineGetTrustManagers() { - return null; - } -} diff --git a/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxKeyManagerFactoryImpl.java b/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxKeyManagerFactoryImpl.java deleted file mode 100644 index 3c074ba485f..00000000000 --- a/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxKeyManagerFactoryImpl.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -import java.security.*; -import javax.net.ssl.*; - -public class JavaxKeyManagerFactoryImpl extends KeyManagerFactorySpi { - - public JavaxKeyManagerFactoryImpl () { - System.out.println("JavaxKeyManagerFactoryImpl initialized"); - } - - protected void engineInit(KeyStore ks, char[] passwd) - throws KeyStoreException { - System.out.println("JavaxKeyManagerFactoryImpl init'd"); - } - - protected void engineInit(ManagerFactoryParameters spec) - throws InvalidAlgorithmParameterException { - } - - protected KeyManager[] engineGetKeyManagers() { - return null; - } -} diff --git a/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxSSLContextImpl.java b/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxSSLContextImpl.java deleted file mode 100644 index 2b39bb8fd79..00000000000 --- a/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxSSLContextImpl.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -import java.security.*; -import javax.net.ssl.*; - -public class JavaxSSLContextImpl extends SSLContextSpi { - - public JavaxSSLContextImpl() { - System.out.println("JavaxSSLContextImpl initialized"); - } - - protected void engineInit(KeyManager[] km, - TrustManager[] tm, SecureRandom sr) throws KeyManagementException { - System.out.println("JavaxSSLContextImpl init'd"); - } - - protected SSLEngine engineCreateSSLEngine() { - return null; - } - - protected SSLEngine engineCreateSSLEngine(String host, int port) { - return null; - } - - protected SSLSocketFactory engineGetSocketFactory() { - return null; - } - - protected SSLServerSocketFactory engineGetServerSocketFactory() { - return null; - } - - protected SSLSessionContext engineGetServerSessionContext() { - return null; - } - - protected SSLSessionContext engineGetClientSessionContext() { - return null; - } -} diff --git a/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxTrustManagerFactoryImpl.java b/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxTrustManagerFactoryImpl.java deleted file mode 100644 index bcf57c2a5c9..00000000000 --- a/test/jdk/com/sun/net/ssl/SSLSecurity/JavaxTrustManagerFactoryImpl.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -import java.security.*; -import javax.net.ssl.*; - -public class JavaxTrustManagerFactoryImpl extends TrustManagerFactorySpi { - - public JavaxTrustManagerFactoryImpl () { - System.out.println("JavaxTrustManagerFactoryImpl initialized"); - } - - protected void engineInit(KeyStore ks) throws KeyStoreException { - System.out.println("JavaxTrustManagerFactoryImpl init'd"); - } - - protected void engineInit(ManagerFactoryParameters spec) - throws InvalidAlgorithmParameterException { - } - - protected TrustManager[] engineGetTrustManagers() { - return null; - } -} diff --git a/test/jdk/com/sun/net/ssl/SSLSecurity/ProviderTest.java b/test/jdk/com/sun/net/ssl/SSLSecurity/ProviderTest.java deleted file mode 100644 index e4d46d873a7..00000000000 --- a/test/jdk/com/sun/net/ssl/SSLSecurity/ProviderTest.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 4667976 8130181 - * @modules java.base/com.sun.net.ssl - * @compile JavaxSSLContextImpl.java ComSSLContextImpl.java - * JavaxTrustManagerFactoryImpl.java ComTrustManagerFactoryImpl.java - * JavaxKeyManagerFactoryImpl.java ComKeyManagerFactoryImpl.java - * @run main/othervm ProviderTest - * @summary brokenness in the com.sun.net.ssl.SSLSecurity wrappers - */ - -import java.security.*; -import com.sun.net.ssl.*; - -public class ProviderTest { - - public static void main(String args[]) throws Exception { - SSLContext sslc; - TrustManagerFactory tmf; - KeyManagerFactory kmf; - - Provider extraProvider = new MyProvider(); - Security.addProvider(extraProvider); - try { - System.out.println("getting a javax SSLContext"); - sslc = SSLContext.getInstance("javax"); - sslc.init(null, null, null); - System.out.println("\ngetting a com SSLContext"); - sslc = SSLContext.getInstance("com"); - sslc.init(null, null, null); - - System.out.println("\ngetting a javax TrustManagerFactory"); - tmf = TrustManagerFactory.getInstance("javax"); - tmf.init((KeyStore) null); - System.out.println("\ngetting a com TrustManagerFactory"); - tmf = TrustManagerFactory.getInstance("com"); - tmf.init((KeyStore) null); - - System.out.println("\ngetting a javax KeyManagerFactory"); - kmf = KeyManagerFactory.getInstance("javax"); - kmf.init((KeyStore) null, null); - System.out.println("\ngetting a com KeyManagerFactory"); - kmf = KeyManagerFactory.getInstance("com"); - kmf.init((KeyStore) null, null); - } finally { - Security.removeProvider(extraProvider.getName()); - } - } -} - -class MyProvider extends Provider { - - private static String info = "Brad's provider"; - - /** - * Installs the JSSE provider. - */ - public static synchronized void install() - { - /* nop. Remove this method in the future. */ - } - - public MyProvider() - { - super("BRAD", "1.0", info); - - AccessController.doPrivileged(new java.security.PrivilegedAction() { - public Object run() { - - put("SSLContext.javax", "JavaxSSLContextImpl"); - put("SSLContext.com", "ComSSLContextImpl"); - put("TrustManagerFactory.javax", - "JavaxTrustManagerFactoryImpl"); - put("TrustManagerFactory.com", - "ComTrustManagerFactoryImpl"); - put("KeyManagerFactory.javax", - "JavaxKeyManagerFactoryImpl"); - put("KeyManagerFactory.com", - "ComKeyManagerFactoryImpl"); - - return null; - } - }); - - } -} diff --git a/test/jdk/com/sun/net/ssl/SSLSecurity/TruncateArray.java b/test/jdk/com/sun/net/ssl/SSLSecurity/TruncateArray.java deleted file mode 100644 index cc25449b5a3..00000000000 --- a/test/jdk/com/sun/net/ssl/SSLSecurity/TruncateArray.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 4665824 - * @summary JSSE - ClassCastException with 1.4 - * @modules java.base/com.sun.net.ssl - */ - -import com.sun.net.ssl.*; - -public class TruncateArray { - - public static void main(String args[]) throws Exception { - try { - - TrustManager tms [] = new TrustManager [] { - new MyTM(), new MyTM(), new MyTM() }; - - KeyManager kms [] = new KeyManager [] { - new MyKM(), new MyKM(), new MyKM() }; - - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kms, tms, null); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SUNX509"); - KeyManager[] km = kmf.getKeyManagers(); - - TrustManagerFactory tmf = - TrustManagerFactory.getInstance("SUNX509"); - TrustManager[] tm = tmf.getTrustManagers(); - - } catch (ClassCastException e) { - throw e; - } catch (Throwable e) { - /* - * swallow anything else, we only are interested - * in class casting errors here. For example, we soon - * may be catching methods called on uninitialized factories. - */ - System.out.println("Caught something else"); - e.printStackTrace(); - } - } - - static class MyTM implements TrustManager { - } - - static class MyKM implements KeyManager { - } -} diff --git a/test/jdk/java/security/BasicPermission/Wildcard.java b/test/jdk/java/security/BasicPermission/Wildcard.java index 9a7441defb2..08023956c25 100644 --- a/test/jdk/java/security/BasicPermission/Wildcard.java +++ b/test/jdk/java/security/BasicPermission/Wildcard.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,8 +33,7 @@ import javax.net.ssl.SSLPermission; * @summary Check that BasicPermission subclasses don't throw exception if name * contains wildcard character ("*") but does not signify a * wildcard match - * @modules java.base/com.sun.net.ssl - * java.sql + * @modules java.sql */ public class Wildcard { @@ -51,6 +50,5 @@ public class Wildcard { new SQLPermission(wildcard); new PropertyPermission(wildcard, "read"); new SSLPermission(wildcard); - new com.sun.net.ssl.SSLPermission(wildcard); } } diff --git a/test/jdk/javax/net/ssl/FixingJavadocs/ComURLNulls.java b/test/jdk/javax/net/ssl/FixingJavadocs/ComURLNulls.java deleted file mode 100644 index 9ede06d1f49..00000000000 --- a/test/jdk/javax/net/ssl/FixingJavadocs/ComURLNulls.java +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 4387882 4451038 - * @summary Need to revisit the javadocs for JSSE, especially the - * promoted classes, and HttpsURLConnection.getCipherSuite throws - * NullPointerException - * @modules java.base/com.sun.net.ssl - * java.base/com.sun.net.ssl.internal.www.protocol.https - * @run main/othervm ComURLNulls - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. - * @author Brad Wetmore - */ - -import java.net.*; -import java.io.*; -import javax.net.ssl.*; -import com.sun.net.ssl.HttpsURLConnection; -import com.sun.net.ssl.HostnameVerifier; - -/* - * Tests that the com null argument changes made it in ok. - */ - -public class ComURLNulls { - - private static class ComSunHTTPSHandlerFactory implements URLStreamHandlerFactory { - private static String SUPPORTED_PROTOCOL = "https"; - - public URLStreamHandler createURLStreamHandler(String protocol) { - if (!protocol.equalsIgnoreCase(SUPPORTED_PROTOCOL)) - return null; - - return new com.sun.net.ssl.internal.www.protocol.https.Handler(); - } - } - - public static void main(String[] args) throws Exception { - HostnameVerifier reservedHV = - HttpsURLConnection.getDefaultHostnameVerifier(); - try { - URL.setURLStreamHandlerFactory(new ComSunHTTPSHandlerFactory()); - - /** - * This test does not establish any connection to the specified - * URL, hence a dummy URL is used. - */ - URL foobar = new URL("https://example.com/"); - - HttpsURLConnection urlc = - (HttpsURLConnection) foobar.openConnection(); - - try { - urlc.getCipherSuite(); - } catch (IllegalStateException e) { - System.out.print("Caught proper exception: "); - System.out.println(e.getMessage()); - } - - try { - urlc.getServerCertificates(); - } catch (IllegalStateException e) { - System.out.print("Caught proper exception: "); - System.out.println(e.getMessage()); - } - - try { - urlc.setDefaultHostnameVerifier(null); - } catch (IllegalArgumentException e) { - System.out.print("Caught proper exception: "); - System.out.println(e.getMessage()); - } - - try { - urlc.setHostnameVerifier(null); - } catch (IllegalArgumentException e) { - System.out.print("Caught proper exception: "); - System.out.println(e.getMessage()); - } - - try { - urlc.setDefaultSSLSocketFactory(null); - } catch (IllegalArgumentException e) { - System.out.print("Caught proper exception: "); - System.out.println(e.getMessage()); - } - - try { - urlc.setSSLSocketFactory(null); - } catch (IllegalArgumentException e) { - System.out.print("Caught proper exception"); - System.out.println(e.getMessage()); - } - System.out.println("TESTS PASSED"); - } finally { - HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); - } - } -} diff --git a/test/jdk/javax/net/ssl/GetInstance.java b/test/jdk/javax/net/ssl/GetInstance.java index 6aec679c127..dd14f946de7 100644 --- a/test/jdk/javax/net/ssl/GetInstance.java +++ b/test/jdk/javax/net/ssl/GetInstance.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,7 +27,6 @@ * @summary verify getInstance() works using Provider.getService() * Export "PKIX" as the standard algorithm name of KeyManagerFactory * @author Andreas Sterbenz - * @modules java.base/com.sun.net.ssl */ import java.security.*; @@ -113,38 +112,7 @@ public class GetInstance { tmf = TrustManagerFactory.getInstance("X.509", p); same(p, tmf.getProvider()); - testComSun(); - long stop = System.currentTimeMillis(); System.out.println("Done (" + (stop - start) + " ms)."); } - - private static void testComSun() throws Exception { - Provider p = Security.getProvider("SunJSSE"); - - com.sun.net.ssl.SSLContext context; - context = com.sun.net.ssl.SSLContext.getInstance("SSL"); - same(p, context.getProvider()); - context = com.sun.net.ssl.SSLContext.getInstance("SSL", "SunJSSE"); - same(p, context.getProvider()); - context = com.sun.net.ssl.SSLContext.getInstance("SSL", p); - same(p, context.getProvider()); - - com.sun.net.ssl.KeyManagerFactory kmf; - kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); - same(p, kmf.getProvider()); - kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509", "SunJSSE"); - same(p, kmf.getProvider()); - kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509", p); - same(p, kmf.getProvider()); - - com.sun.net.ssl.TrustManagerFactory tmf; - tmf = com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509"); - same(p, tmf.getProvider()); - tmf = com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509", "SunJSSE"); - same(p, tmf.getProvider()); - tmf = com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509", p); - same(p, tmf.getProvider()); - } - } diff --git a/test/jdk/javax/net/ssl/SSLSession/CheckMyTrustedKeystore.java b/test/jdk/javax/net/ssl/SSLSession/CheckMyTrustedKeystore.java deleted file mode 100644 index 9d7b8172a1e..00000000000 --- a/test/jdk/javax/net/ssl/SSLSession/CheckMyTrustedKeystore.java +++ /dev/null @@ -1,407 +0,0 @@ -/* - * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. - -/* - * @test - * @bug 4329114 - * @summary Need better way of reflecting the reason when a chain is - * rejected as untrusted. - * @modules java.base/com.sun.net.ssl - * @ignore JSSE supports algorithm constraints with CR 6916074, - * need to update this test case in JDK 7 soon - * @run main/othervm CheckMyTrustedKeystore - * - * @author Brad Wetmore - */ - -// This is a serious hack job! - -import java.io.*; -import java.net.*; -import java.security.*; -import javax.net.ssl.*; -import java.security.cert.*; - -public class CheckMyTrustedKeystore { - - /* - * ============================================================= - * Set the various variables needed for the tests, then - * specify what tests to run on each side. - */ - - /* - * Should we run the client or server in a separate thread? - * Both sides can throw exceptions, but do you have a preference - * as to which side should be the main thread. - */ - static boolean separateServerThread = true; - - /* - * Where do we find the keystores? - */ - final static String pathToStores = "../etc"; - final static String keyStoreFile = "keystore"; - final static String trustStoreFile = "truststore"; - final static String unknownStoreFile = "unknown_keystore"; - final static String passwd = "passphrase"; - final static char[] cpasswd = "passphrase".toCharArray(); - - /* - * Is the server ready to serve? - */ - volatile static boolean serverReady = false; - - /* - * Turn on SSL debugging? - */ - final static boolean debug = false; - - /* - * If the client or server is doing some kind of object creation - * that the other side depends on, and that thread prematurely - * exits, you may experience a hang. The test harness will - * terminate all hung threads after its timeout has expired, - * currently 3 minutes by default, but you might try to be - * smart about it.... - */ - - /* - * Define the server side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doServerSide() throws Exception { - KeyStore ks = KeyStore.getInstance("JKS"); - com.sun.net.ssl.SSLContext ctx = - com.sun.net.ssl.SSLContext.getInstance("TLS"); - com.sun.net.ssl.KeyManagerFactory kmf = - com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); - - ks.load(new FileInputStream(keyFilename), cpasswd); - kmf.init(ks, cpasswd); - - com.sun.net.ssl.TrustManager [] tms = - new com.sun.net.ssl.TrustManager [] - { new MyComX509TrustManager() }; - - ctx.init(kmf.getKeyManagers(), tms, null); - - SSLServerSocketFactory sslssf = - (SSLServerSocketFactory) ctx.getServerSocketFactory(); - - SSLServerSocket sslServerSocket = - (SSLServerSocket) sslssf.createServerSocket(serverPort); - serverPort = sslServerSocket.getLocalPort(); - - sslServerSocket.setNeedClientAuth(true); - - /* - * Create using the other type. - */ - SSLContext ctx1 = - SSLContext.getInstance("TLS"); - KeyManagerFactory kmf1 = - KeyManagerFactory.getInstance("SunX509"); - - TrustManager [] tms1 = - new TrustManager [] - { new MyJavaxX509TrustManager() }; - - kmf1.init(ks, cpasswd); - - ctx1.init(kmf1.getKeyManagers(), tms1, null); - - sslssf = (SSLServerSocketFactory) ctx1.getServerSocketFactory(); - - SSLServerSocket sslServerSocket1 = - (SSLServerSocket) sslssf.createServerSocket(serverPort1); - serverPort1 = sslServerSocket1.getLocalPort(); - sslServerSocket1.setNeedClientAuth(true); - - /* - * Signal Client, we're ready for his connect. - */ - serverReady = true; - - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); - sslServerSocket.close(); - serverReady = false; - - InputStream sslIS = sslSocket.getInputStream(); - OutputStream sslOS = sslSocket.getOutputStream(); - - sslIS.read(); - sslOS.write(85); - sslOS.flush(); - sslSocket.close(); - - sslSocket = (SSLSocket) sslServerSocket1.accept(); - sslIS = sslSocket.getInputStream(); - sslOS = sslSocket.getOutputStream(); - - sslIS.read(); - sslOS.write(85); - sslOS.flush(); - sslSocket.close(); - - System.out.println("Server exiting!"); - System.out.flush(); - } - - void doTest(SSLSocket sslSocket) throws Exception { - InputStream sslIS = sslSocket.getInputStream(); - OutputStream sslOS = sslSocket.getOutputStream(); - - System.out.println(" Writing"); - sslOS.write(280); - sslOS.flush(); - System.out.println(" Reading"); - sslIS.read(); - - sslSocket.close(); - } - - /* - * Define the client side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doClientSide() throws Exception { - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - /* - * See if an unknown keystore actually gets checked ok. - */ - System.out.println("=============="); - System.out.println("Starting test0"); - KeyStore uks = KeyStore.getInstance("JKS"); - SSLContext ctx = - SSLContext.getInstance("TLS"); - KeyManagerFactory kmf = - KeyManagerFactory.getInstance("SunX509"); - - uks.load(new FileInputStream(unknownFilename), cpasswd); - kmf.init(uks, cpasswd); - - TrustManager [] tms = new TrustManager [] - { new MyJavaxX509TrustManager() }; - - ctx.init(kmf.getKeyManagers(), tms, null); - - SSLSocketFactory sslsf = - (SSLSocketFactory) ctx.getSocketFactory(); - - System.out.println("Trying first socket " + serverPort); - SSLSocket sslSocket = (SSLSocket) - sslsf.createSocket("localhost", serverPort); - - doTest(sslSocket); - - /* - * Now try the other way. - */ - com.sun.net.ssl.SSLContext ctx1 = - com.sun.net.ssl.SSLContext.getInstance("TLS"); - com.sun.net.ssl.KeyManagerFactory kmf1 = - com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); - kmf1.init(uks, cpasswd); - - com.sun.net.ssl.TrustManager [] tms1 = - new com.sun.net.ssl.TrustManager [] - { new MyComX509TrustManager() }; - - ctx1.init(kmf1.getKeyManagers(), tms1, null); - - sslsf = (SSLSocketFactory) ctx1.getSocketFactory(); - - System.out.println("Trying second socket " + serverPort1); - sslSocket = (SSLSocket) sslsf.createSocket("localhost", - serverPort1); - - doTest(sslSocket); - System.out.println("Completed test1"); - } - - /* - * ============================================================= - * The remainder is just support stuff - */ - - int serverPort = 0; - int serverPort1 = 0; - - volatile Exception serverException = null; - volatile Exception clientException = null; - - final static String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - final static String unknownFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + unknownStoreFile; - - public static void main(String[] args) throws Exception { - - if (debug) - System.setProperty("javax.net.debug", "all"); - - /* - * Start the tests. - */ - new CheckMyTrustedKeystore(); - } - - Thread clientThread = null; - Thread serverThread = null; - - /* - * Primary constructor, used to drive remainder of the test. - * - * Fork off the other side, then do your work. - */ - CheckMyTrustedKeystore() throws Exception { - if (separateServerThread) { - startServer(true); - startClient(false); - } else { - startClient(true); - startServer(false); - } - - /* - * Wait for other side to close down. - */ - if (separateServerThread) { - serverThread.join(); - } else { - clientThread.join(); - } - - /* - * When we get here, the test is pretty much over. - * - * If the main thread excepted, that propagates back - * immediately. If the other thread threw an exception, we - * should report back. - */ - if (serverException != null) { - System.out.print("Server Exception:"); - throw serverException; - } - if (clientException != null) { - System.out.print("Client Exception:"); - throw clientException; - } - } - - void startServer(boolean newThread) throws Exception { - if (newThread) { - serverThread = new Thread() { - public void run() { - try { - doServerSide(); - } catch (Exception e) { - /* - * Our server thread just died. - * - * Release the client, if not active already... - */ - System.err.println("Server died..."); - serverReady = true; - serverException = e; - } - } - }; - serverThread.start(); - } else { - doServerSide(); - } - } - - void startClient(boolean newThread) throws Exception { - if (newThread) { - clientThread = new Thread() { - public void run() { - try { - doClientSide(); - } catch (Exception e) { - /* - * Our client thread just died. - */ - System.err.println("Client died..."); - clientException = e; - } - } - }; - clientThread.start(); - } else { - doClientSide(); - } - } -} - -class MyComX509TrustManager implements com.sun.net.ssl.X509TrustManager { - - public X509Certificate[] getAcceptedIssuers() { - return (new X509Certificate[0]); - } - - public boolean isClientTrusted(X509Certificate[] chain) { - System.out.println(" IsClientTrusted?"); - return true; - } - - public boolean isServerTrusted(X509Certificate[] chain) { - System.out.println(" IsServerTrusted?"); - return true; - } -} - -class MyJavaxX509TrustManager implements X509TrustManager { - - public X509Certificate[] getAcceptedIssuers() { - return (new X509Certificate[0]); - } - - public void checkClientTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - System.out.println(" CheckClientTrusted(" + authType + ")?"); - } - - public void checkServerTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - System.out.println(" CheckServerTrusted(" + authType + ")?"); - } -} diff --git a/test/jdk/sun/net/www/protocol/https/HttpsURLConnection/CheckMethods.java b/test/jdk/sun/net/www/protocol/https/HttpsURLConnection/CheckMethods.java index 9ca30a19855..fc1de1261d9 100644 --- a/test/jdk/sun/net/www/protocol/https/HttpsURLConnection/CheckMethods.java +++ b/test/jdk/sun/net/www/protocol/https/HttpsURLConnection/CheckMethods.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,13 +26,12 @@ * @bug 4423074 * @summary Need to rebase all the duplicated classes from Merlin. * This test will check out http POST - * @modules java.base/sun.net.www.protocol.https java.base/com.sun.net.ssl.internal.www.protocol.https + * @modules java.base/sun.net.www.protocol.https */ import java.net.*; import java.util.*; import java.lang.reflect.*; import sun.net.www.protocol.https.HttpsURLConnectionImpl; -import com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl; public class CheckMethods { static boolean debug = false; @@ -85,9 +84,8 @@ public class CheckMethods { } } - // check HttpsURLConnectionImpl and HttpsURLConnectionOldImpl - // contain all public and protected methods defined in - // HttpURLConnection and URLConnection + // check HttpsURLConnectionImpl contain all public and protected methods + // defined in HttpURLConnection and URLConnection public static void main(String[] args) { ArrayList allMethods = new ArrayList( Arrays.asList(HttpURLConnection.class.getDeclaredMethods())); @@ -121,24 +119,6 @@ public class CheckMethods { throw new RuntimeException("Method definition test failed on HttpsURLConnectionImpl"); } - // testing HttpsURLConnectionOldImpl - List httpsOldMethods = - Arrays.asList(HttpsURLConnectionOldImpl.class.getDeclaredMethods()); - - ArrayList httpsOldMethodSignatures = new ArrayList(); - for (Iterator itr = httpsOldMethods.iterator(); itr.hasNext(); ) { - Method m = (Method)itr.next(); - if (!Modifier.isStatic(m.getModifiers())) { - httpsOldMethodSignatures.add( - new MethodSignature(m.getName(), m.getParameterTypes())); - } - } - - if (!httpsOldMethodSignatures.containsAll(allMethodSignatures)) { - throw new RuntimeException("Method definition test failed" + - " on HttpsURLConnectionOldImpl"); - } - // testing for non static public field ArrayList allFields = new ArrayList( Arrays.asList(URLConnection.class.getFields())); diff --git a/test/jdk/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java b/test/jdk/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java deleted file mode 100644 index 7b301270c6d..00000000000 --- a/test/jdk/sun/net/www/protocol/https/NewImpl/ComHTTPSConnection.java +++ /dev/null @@ -1,393 +0,0 @@ -/* - * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 4474255 - * @summary Can no longer obtain a com.sun.net.ssl.HttpsURLConnection - * @modules java.base/com.sun.net.ssl - * java.base/com.sun.net.ssl.internal.www.protocol.https - * @run main/othervm ComHTTPSConnection - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. - * @author Brad Wetmore - */ - -import java.io.*; -import java.net.*; -import java.security.cert.Certificate; -import javax.net.ssl.*; -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; - -/** - * See if we can obtain a com.sun.net.ssl.HttpsURLConnection, - * and then play with it a bit. - */ -public class ComHTTPSConnection { - - /* - * ============================================================= - * Set the various variables needed for the tests, then - * specify what tests to run on each side. - */ - - /* - * Should we run the client or server in a separate thread? - * Both sides can throw exceptions, but do you have a preference - * as to which side should be the main thread. - */ - static boolean separateServerThread = true; - - /* - * Where do we find the keystores? - */ - static String pathToStores = "../../../../../../javax/net/ssl/etc"; - static String keyStoreFile = "keystore"; - static String trustStoreFile = "truststore"; - static String passwd = "passphrase"; - - /* - * Is the server ready to serve? - */ - volatile static boolean serverReady = false; - - /* - * Turn on SSL debugging? - */ - static boolean debug = false; - - /* - * If the client or server is doing some kind of object creation - * that the other side depends on, and that thread prematurely - * exits, you may experience a hang. The test harness will - * terminate all hung threads after its timeout has expired, - * currently 3 minutes by default, but you might try to be - * smart about it.... - */ - - /** - * Returns the path to the file obtained from - * parsing the HTML header. - */ - private static String getPath(DataInputStream in) - throws IOException - { - String line = in.readLine(); - String path = ""; - // extract class from GET line - if (line.startsWith("GET /")) { - line = line.substring(5, line.length()-1).trim(); - int index = line.indexOf(' '); - if (index != -1) { - path = line.substring(0, index); - } - } - - // eat the rest of header - do { - line = in.readLine(); - } while ((line.length() != 0) && - (line.charAt(0) != '\r') && (line.charAt(0) != '\n')); - - if (path.length() != 0) { - return path; - } else { - throw new IOException("Malformed Header"); - } - } - - /** - * Returns an array of bytes containing the bytes for - * the file represented by the argument path. - * - * In our case, we just pretend to send something back. - * - * @return the bytes for the file - * @exception FileNotFoundException if the file corresponding - * to path could not be loaded. - */ - private byte[] getBytes(String path) - throws IOException - { - return "Hello world, I am here".getBytes(); - } - - /* - * Define the server side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doServerSide() throws Exception { - - SSLServerSocketFactory sslssf = - (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); - SSLServerSocket sslServerSocket = - (SSLServerSocket) sslssf.createServerSocket(serverPort); - serverPort = sslServerSocket.getLocalPort(); - - /* - * Signal Client, we're ready for his connect. - */ - serverReady = true; - - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); - DataOutputStream out = - new DataOutputStream(sslSocket.getOutputStream()); - - try { - // get path to class file from header - DataInputStream in = - new DataInputStream(sslSocket.getInputStream()); - String path = getPath(in); - // retrieve bytecodes - byte[] bytecodes = getBytes(path); - // send bytecodes in response (assumes HTTP/1.0 or later) - try { - out.writeBytes("HTTP/1.0 200 OK\r\n"); - out.writeBytes("Content-Length: " + bytecodes.length + "\r\n"); - out.writeBytes("Content-Type: text/html\r\n\r\n"); - out.write(bytecodes); - out.flush(); - } catch (IOException ie) { - ie.printStackTrace(); - return; - } - - } catch (Exception e) { - e.printStackTrace(); - // write out error response - out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n"); - out.writeBytes("Content-Type: text/html\r\n\r\n"); - out.flush(); - } finally { - // close the socket - System.out.println("Server closing socket"); - sslSocket.close(); - serverReady = false; - } - } - - private static class ComSunHTTPSHandlerFactory implements URLStreamHandlerFactory { - private static String SUPPORTED_PROTOCOL = "https"; - - public URLStreamHandler createURLStreamHandler(String protocol) { - if (!protocol.equalsIgnoreCase(SUPPORTED_PROTOCOL)) - return null; - - return new com.sun.net.ssl.internal.www.protocol.https.Handler(); - } - } - - /* - * Define the client side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doClientSide() throws Exception { - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - HostnameVerifier reservedHV = - HttpsURLConnection.getDefaultHostnameVerifier(); - try { - URL.setURLStreamHandlerFactory(new ComSunHTTPSHandlerFactory()); - HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); - - URL url = new URL("https://" + "localhost:" + serverPort + - "/etc/hosts"); - URLConnection urlc = url.openConnection(); - - if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) { - throw new Exception( - "URLConnection ! instanceof " + - "com.sun.net.ssl.HttpsURLConnection"); - } - - BufferedReader in = null; - try { - in = new BufferedReader(new InputStreamReader( - urlc.getInputStream())); - String inputLine; - System.out.print("Client reading... "); - while ((inputLine = in.readLine()) != null) - System.out.println(inputLine); - - System.out.println("Cipher Suite: " + - ((HttpsURLConnection)urlc).getCipherSuite()); - Certificate[] certs = - ((HttpsURLConnection)urlc).getServerCertificates(); - for (int i = 0; i < certs.length; i++) { - System.out.println(certs[0]); - } - - in.close(); - } catch (SSLException e) { - if (in != null) - in.close(); - throw e; - } - System.out.println("Client reports: SUCCESS"); - } finally { - HttpsURLConnection.setDefaultHostnameVerifier(reservedHV); - } - } - - static class NameVerifier implements HostnameVerifier { - public boolean verify(String urlHostname, - String certHostname) { - System.out.println( - "CertificateHostnameVerifier: " + urlHostname + " == " - + certHostname + " returning true"); - return true; - } - } - - /* - * ============================================================= - * The remainder is just support stuff - */ - - // use any free port by default - volatile int serverPort = 0; - - volatile Exception serverException = null; - volatile Exception clientException = null; - - public static void main(String[] args) throws Exception { - String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; - - System.setProperty("javax.net.ssl.keyStore", keyFilename); - System.setProperty("javax.net.ssl.keyStorePassword", passwd); - System.setProperty("javax.net.ssl.trustStore", trustFilename); - System.setProperty("javax.net.ssl.trustStorePassword", passwd); - - if (debug) - System.setProperty("javax.net.debug", "all"); - - /* - * Start the tests. - */ - new ComHTTPSConnection(); - } - - Thread clientThread = null; - Thread serverThread = null; - - /* - * Primary constructor, used to drive remainder of the test. - * - * Fork off the other side, then do your work. - */ - ComHTTPSConnection() throws Exception { - if (separateServerThread) { - startServer(true); - startClient(false); - } else { - startClient(true); - startServer(false); - } - - /* - * Wait for other side to close down. - */ - if (separateServerThread) { - serverThread.join(); - } else { - clientThread.join(); - } - - /* - * When we get here, the test is pretty much over. - * - * If the main thread excepted, that propagates back - * immediately. If the other thread threw an exception, we - * should report back. - */ - if (serverException != null) { - System.out.print("Server Exception:"); - throw serverException; - } - if (clientException != null) { - System.out.print("Client Exception:"); - throw clientException; - } - } - - void startServer(boolean newThread) throws Exception { - if (newThread) { - serverThread = new Thread() { - public void run() { - try { - doServerSide(); - } catch (Exception e) { - /* - * Our server thread just died. - * - * Release the client, if not active already... - */ - System.err.println("Server died..."); - serverReady = true; - serverException = e; - } - } - }; - serverThread.start(); - } else { - doServerSide(); - } - } - - void startClient(boolean newThread) throws Exception { - if (newThread) { - clientThread = new Thread() { - public void run() { - try { - doClientSide(); - } catch (Exception e) { - /* - * Our client thread just died. - */ - System.err.println("Client died..."); - clientException = e; - } - } - }; - clientThread.start(); - } else { - doClientSide(); - } - } -} diff --git a/test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java b/test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java deleted file mode 100644 index 2a1f80a4cac..00000000000 --- a/test/jdk/sun/net/www/protocol/https/NewImpl/ComHostnameVerifier.java +++ /dev/null @@ -1,362 +0,0 @@ -/* - * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -// SunJSSE does not support dynamic system properties, no way to re-use -// system properties in samevm/agentvm mode. - -/* - * @test - * @bug 4474255 4484246 - * @summary When an application enables anonymous SSL cipher suite, - * Hostname verification is not required - * @modules java.base/com.sun.net.ssl - * java.base/com.sun.net.ssl.internal.www.protocol.https - * @run main/othervm ComHostnameVerifier - */ - -import java.io.*; -import java.net.*; -import java.security.Security; -import javax.net.ssl.*; -import javax.security.cert.*; -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; - -/** - * Use com.net.net.ssl.HostnameVerifier - */ -public class ComHostnameVerifier { - - /* - * ============================================================= - * Set the various variables needed for the tests, then - * specify what tests to run on each side. - */ - - /* - * Should we run the client or server in a separate thread? - * Both sides can throw exceptions, but do you have a preference - * as to which side should be the main thread. - */ - static boolean separateServerThread = true; - - /* - * Is the server ready to serve? - */ - volatile static boolean serverReady = false; - - /* - * Turn on SSL debugging? - */ - static boolean debug = false; - - /* - * If the client or server is doing some kind of object creation - * that the other side depends on, and that thread prematurely - * exits, you may experience a hang. The test harness will - * terminate all hung threads after its timeout has expired, - * currently 3 minutes by default, but you might try to be - * smart about it.... - */ - - /** - * Returns the path to the file obtained from - * parsing the HTML header. - */ - private static String getPath(DataInputStream in) - throws IOException - { - String line = in.readLine(); - if (line == null) - return null; - String path = ""; - // extract class from GET line - if (line.startsWith("GET /")) { - line = line.substring(5, line.length()-1).trim(); - int index = line.indexOf(' '); - if (index != -1) { - path = line.substring(0, index); - } - } - - // eat the rest of header - do { - line = in.readLine(); - } while ((line.length() != 0) && - (line.charAt(0) != '\r') && (line.charAt(0) != '\n')); - - if (path.length() != 0) { - return path; - } else { - throw new IOException("Malformed Header"); - } - } - - /** - * Returns an array of bytes containing the bytes for - * the file represented by the argument path. - * - * In our case, we just pretend to send something back. - * - * @return the bytes for the file - * @exception FileNotFoundException if the file corresponding - * to path could not be loaded. - */ - private byte[] getBytes(String path) - throws IOException - { - return "Hello world, I am here".getBytes(); - } - - /* - * Define the server side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doServerSide() throws Exception { - - SSLServerSocketFactory sslssf = - (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); - SSLServerSocket sslServerSocket = - (SSLServerSocket) sslssf.createServerSocket(serverPort); - serverPort = sslServerSocket.getLocalPort(); - - String ciphers[]= { "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" }; - sslServerSocket.setEnabledCipherSuites(ciphers); - - /* - * Signal Client, we're ready for his connect. - */ - serverReady = true; - - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); - DataOutputStream out = - new DataOutputStream(sslSocket.getOutputStream()); - - try { - // get path to class file from header - DataInputStream in = - new DataInputStream(sslSocket.getInputStream()); - String path = getPath(in); - // retrieve bytecodes - byte[] bytecodes = getBytes(path); - // send bytecodes in response (assumes HTTP/1.0 or later) - try { - out.writeBytes("HTTP/1.0 200 OK\r\n"); - out.writeBytes("Content-Length: " + bytecodes.length + "\r\n"); - out.writeBytes("Content-Type: text/html\r\n\r\n"); - out.write(bytecodes); - out.flush(); - } catch (IOException ie) { - ie.printStackTrace(); - return; - } - - } catch (Exception e) { - e.printStackTrace(); - // write out error response - out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n"); - out.writeBytes("Content-Type: text/html\r\n\r\n"); - out.flush(); - } finally { - // close the socket - System.out.println("Server closing socket"); - sslSocket.close(); - serverReady = false; - } - } - - private static class ComSunHTTPSHandlerFactory implements URLStreamHandlerFactory { - private static String SUPPORTED_PROTOCOL = "https"; - - public URLStreamHandler createURLStreamHandler(String protocol) { - if (!protocol.equalsIgnoreCase(SUPPORTED_PROTOCOL)) - return null; - - return new com.sun.net.ssl.internal.www.protocol.https.Handler(); - } - } - - /* - * Define the client side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doClientSide() throws Exception { - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - URL.setURLStreamHandlerFactory(new ComSunHTTPSHandlerFactory()); - - System.setProperty("https.cipherSuites", - "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); - - // use the default hostname verifier - - URL url = new URL("https://" + "localhost:" + serverPort + - "/etc/hosts"); - URLConnection urlc = url.openConnection(); - - if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) { - throw new Exception( - "URLConnection ! instanceof " + - "com.sun.net.ssl.HttpsURLConnection"); - } - - BufferedReader in = null; - try { - in = new BufferedReader(new InputStreamReader( - urlc.getInputStream())); - String inputLine; - System.out.print("Client reading... "); - while ((inputLine = in.readLine()) != null) - System.out.println(inputLine); - System.out.println("Cipher Suite: " + - ((HttpsURLConnection)urlc).getCipherSuite()); - in.close(); - } catch (SSLException e) { - if (in != null) - in.close(); - throw e; - } - System.out.println("Client reports: SUCCESS"); - } - - /* - * ============================================================= - * The remainder is just support stuff - */ - - // use any free port by default - volatile int serverPort = 0; - - volatile Exception serverException = null; - volatile Exception clientException = null; - - public static void main(String[] args) throws Exception { - // re-enable 3DES - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - - if (debug) - System.setProperty("javax.net.debug", "all"); - - /* - * Start the tests. - */ - new ComHostnameVerifier(); - } - - Thread clientThread = null; - Thread serverThread = null; - - /* - * Primary constructor, used to drive remainder of the test. - * - * Fork off the other side, then do your work. - */ - ComHostnameVerifier() throws Exception { - if (separateServerThread) { - startServer(true); - startClient(false); - } else { - startClient(true); - startServer(false); - } - - /* - * Wait for other side to close down. - */ - if (separateServerThread) { - serverThread.join(); - } else { - clientThread.join(); - } - - /* - * When we get here, the test is pretty much over. - * - * If the main thread excepted, that propagates back - * immediately. If the other thread threw an exception, we - * should report back. - */ - if (serverException != null) { - System.out.print("Server Exception:"); - throw serverException; - } - if (clientException != null) { - System.out.print("Client Exception:"); - throw clientException; - } - } - - void startServer(boolean newThread) throws Exception { - if (newThread) { - serverThread = new Thread() { - public void run() { - try { - doServerSide(); - } catch (Exception e) { - /* - * Our server thread just died. - * - * Release the client, if not active already... - */ - System.err.println("Server died..."); - serverReady = true; - serverException = e; - } - } - }; - serverThread.start(); - } else { - doServerSide(); - } - } - - void startClient(boolean newThread) throws Exception { - if (newThread) { - clientThread = new Thread() { - public void run() { - try { - doClientSide(); - } catch (Exception e) { - /* - * Our client thread just died. - */ - System.err.println("Client died..."); - clientException = e; - } - } - }; - clientThread.start(); - } else { - doClientSide(); - } - } -} diff --git a/test/jdk/sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java b/test/jdk/sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java index ad00042c01f..452fe1b4570 100644 --- a/test/jdk/sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java +++ b/test/jdk/sun/security/ssl/X509TrustManagerImpl/CheckNullEntity.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,7 +27,6 @@ * @summary unspecified exceptions in X509TrustManager.checkClient[Server]Truste d * @author Xuelei Fan - * @modules java.base/com.sun.net.ssl.internal.ssl */ import java.io.*; @@ -37,8 +36,6 @@ import java.security.cert.X509Certificate; import java.security.*; import java.util.Enumeration; -import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager; - public class CheckNullEntity { /* @@ -157,7 +154,7 @@ public class CheckNullEntity { if (trustManager instanceof X509ExtendedTrustManager) { try { ((X509ExtendedTrustManager)trustManager).checkClientTrusted( - certChain, (String)null, "localhost", null); + certChain, (String)null, (Socket)null); } catch (IllegalArgumentException iae) { // get the right exception extFailed >>= 1; @@ -165,7 +162,7 @@ public class CheckNullEntity { try { ((X509ExtendedTrustManager)trustManager).checkServerTrusted( - certChain, (String)null, "localhost", null); + certChain, (String)null, (Socket)null); } catch (IllegalArgumentException iae) { // get the right exception extFailed >>= 1; @@ -173,7 +170,7 @@ public class CheckNullEntity { try { ((X509ExtendedTrustManager)trustManager).checkClientTrusted( - certChain, "", "localhost", null); + certChain, "", (Socket)null); } catch (IllegalArgumentException iae) { // get the right exception extFailed >>= 1; @@ -181,7 +178,7 @@ public class CheckNullEntity { try { ((X509ExtendedTrustManager)trustManager).checkServerTrusted( - certChain, "", "localhost", null); + certChain, "", (Socket)null); } catch (IllegalArgumentException iae) { // get the right exception extFailed >>= 1; @@ -189,7 +186,7 @@ public class CheckNullEntity { try { ((X509ExtendedTrustManager)trustManager).checkClientTrusted( - null, authType, "localhost", null); + null, authType, (Socket)null); } catch (IllegalArgumentException iae) { // get the right exception extFailed >>= 1; @@ -197,7 +194,7 @@ public class CheckNullEntity { try { ((X509ExtendedTrustManager)trustManager).checkServerTrusted( - null, authType, "localhost", null); + null, authType, (Socket)null); } catch (IllegalArgumentException iae) { // get the right exception extFailed >>= 1; diff --git a/test/jdk/sun/security/ssl/X509TrustManagerImpl/ClientServer.java b/test/jdk/sun/security/ssl/X509TrustManagerImpl/ClientServer.java deleted file mode 100644 index 54c6c538437..00000000000 --- a/test/jdk/sun/security/ssl/X509TrustManagerImpl/ClientServer.java +++ /dev/null @@ -1,365 +0,0 @@ -/* - * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 4717766 - * @author Brad Wetmore - * @summary 1.0.3 JsseX509TrustManager erroneously calls isClientTrusted() - * @modules java.base/com.sun.net.ssl - * @run main/manual ClientServer - */ - -/* - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. - * - * JSSE supports algorithm constraints with CR 6916074, need to update - * this test case in JDK 7 soon. - * - * This problem didn't exist in JSSE 1.4, only JSSE 1.0.3. However, - * this is a useful test, so I decided to include it in 1.4.2. - */ - -import java.io.*; -import java.net.*; -import javax.net.ssl.*; -import java.security.cert.*; -import java.security.*; -import com.sun.net.ssl.*; - -public class ClientServer { - - /* - * ============================================================= - * Set the various variables needed for the tests, then - * specify what tests to run on each side. - */ - - /* - * Should we run the client or server in a separate thread? - * Both sides can throw exceptions, but do you have a preference - * as to which side should be the main thread. - */ - static boolean separateServerThread = true; - - /* - * Where do we find the keystores? - */ - static String pathToStores = "../../../../javax/net/ssl/etc"; - static String keyStoreFile = "keystore"; - static String trustStoreFile = "truststore"; - static String passwd = "passphrase"; - - /* - * Is the server ready to serve? - */ - volatile static boolean serverReady = false; - - /* - * Turn on SSL debugging? - */ - static boolean debug = false; - - /* - * If the client or server is doing some kind of object creation - * that the other side depends on, and that thread prematurely - * exits, you may experience a hang. The test harness will - * terminate all hung threads after its timeout has expired, - * currently 3 minutes by default, but you might try to be - * smart about it.... - */ - - /* - * Define the server side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doServerSide() throws Exception { - SSLServerSocketFactory sslssf = getDefaultServer(); - SSLServerSocket sslServerSocket = - (SSLServerSocket) sslssf.createServerSocket(serverPort); - serverPort = sslServerSocket.getLocalPort(); - - /* - * Signal Client, we're ready for his connect. - */ - serverReady = true; - - SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); - sslSocket.setNeedClientAuth(true); - InputStream sslIS = sslSocket.getInputStream(); - OutputStream sslOS = sslSocket.getOutputStream(); - - sslIS.read(); - sslOS.write(85); - sslOS.flush(); - - sslSocket.close(); - - if (!serverTM.wasServerChecked() && serverTM.wasClientChecked()) { - System.out.println("SERVER TEST PASSED!"); - } else { - throw new Exception("SERVER TEST FAILED! " + - !serverTM.wasServerChecked() + " " + - serverTM.wasClientChecked()); - } - } - - /* - * Define the client side of the test. - * - * If the server prematurely exits, serverReady will be set to true - * to avoid infinite hangs. - */ - void doClientSide() throws Exception { - - /* - * Wait for server to get started. - */ - while (!serverReady) { - Thread.sleep(50); - } - - SSLSocketFactory sslsf = getDefaultClient(); - SSLSocket sslSocket = (SSLSocket) - sslsf.createSocket("localhost", serverPort); - - InputStream sslIS = sslSocket.getInputStream(); - OutputStream sslOS = sslSocket.getOutputStream(); - - sslOS.write(280); - sslOS.flush(); - sslIS.read(); - - sslSocket.close(); - - if (clientTM.wasServerChecked() && !clientTM.wasClientChecked()) { - System.out.println("CLIENT TEST PASSED!"); - } else { - throw new Exception("CLIENT TEST FAILED! " + - clientTM.wasServerChecked() + " " + - !clientTM.wasClientChecked()); - } - } - - private com.sun.net.ssl.SSLContext getDefault(MyX509TM tm) - throws Exception { - - String keyFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + keyStoreFile; - String trustFilename = - System.getProperty("test.src", "./") + "/" + pathToStores + - "/" + trustStoreFile; - - char[] passphrase = "passphrase".toCharArray(); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(new FileInputStream(keyFilename), passphrase); - - com.sun.net.ssl.KeyManagerFactory kmf = - com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, passphrase); - - ks = KeyStore.getInstance("JKS"); - ks.load(new FileInputStream(trustFilename), passphrase); - - com.sun.net.ssl.TrustManagerFactory tmf = - com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509"); - tmf.init(ks); - - com.sun.net.ssl.TrustManager [] tms = tmf.getTrustManagers(); - - int i; - for (i = 0; i < tms.length; i++) { - if (tms[i] instanceof com.sun.net.ssl.X509TrustManager) { - break; - } - } - - if (i >= tms.length) { - throw new Exception("Couldn't find X509TM"); - } - - tm.init((com.sun.net.ssl.X509TrustManager)tms[i]); - tms = new MyX509TM [] { tm }; - - com.sun.net.ssl.SSLContext ctx = - com.sun.net.ssl.SSLContext.getInstance("TLS"); - ctx.init(kmf.getKeyManagers(), tms, null); - return ctx; - } - - MyX509TM serverTM; - MyX509TM clientTM; - - private SSLServerSocketFactory getDefaultServer() throws Exception { - serverTM = new MyX509TM(); - return getDefault(serverTM).getServerSocketFactory(); - } - - private SSLSocketFactory getDefaultClient() throws Exception { - clientTM = new MyX509TM(); - return getDefault(clientTM).getSocketFactory(); - } - - static class MyX509TM implements com.sun.net.ssl.X509TrustManager { - - com.sun.net.ssl.X509TrustManager tm; - boolean clientChecked; - boolean serverChecked; - - void init(com.sun.net.ssl.X509TrustManager x509TM) { - tm = x509TM; - } - - public boolean wasClientChecked() { - return clientChecked; - } - - public boolean wasServerChecked() { - return serverChecked; - } - - public boolean isClientTrusted(X509Certificate[] chain) { - clientChecked = true; - return true; - } - - public boolean isServerTrusted(X509Certificate[] chain) { - serverChecked = true; - return true; - } - - public X509Certificate[] getAcceptedIssuers() { - return tm.getAcceptedIssuers(); - } - } - - /* - * ============================================================= - * The remainder is just support stuff - */ - - // use any free port by default - volatile int serverPort = 0; - - volatile Exception serverException = null; - volatile Exception clientException = null; - - public static void main(String[] args) throws Exception { - - if (debug) - System.setProperty("javax.net.debug", "all"); - - /* - * Start the tests. - */ - new ClientServer(); - } - - Thread clientThread = null; - Thread serverThread = null; - - /* - * Primary constructor, used to drive remainder of the test. - * - * Fork off the other side, then do your work. - */ - ClientServer() throws Exception { - if (separateServerThread) { - startServer(true); - startClient(false); - } else { - startClient(true); - startServer(false); - } - - /* - * Wait for other side to close down. - */ - if (separateServerThread) { - serverThread.join(); - } else { - clientThread.join(); - } - - /* - * When we get here, the test is pretty much over. - * - * If the main thread excepted, that propagates back - * immediately. If the other thread threw an exception, we - * should report back. - */ - if (serverException != null) - throw serverException; - if (clientException != null) - throw clientException; - } - - void startServer(boolean newThread) throws Exception { - if (newThread) { - serverThread = new Thread() { - public void run() { - try { - doServerSide(); - } catch (Exception e) { - /* - * Our server thread just died. - * - * Release the client, if not active already... - */ - System.err.println("Server died..."); - serverReady = true; - serverException = e; - } - } - }; - serverThread.start(); - } else { - doServerSide(); - } - } - - void startClient(boolean newThread) throws Exception { - if (newThread) { - clientThread = new Thread() { - public void run() { - try { - doClientSide(); - } catch (Exception e) { - /* - * Our client thread just died. - */ - System.err.println("Client died..."); - clientException = e; - } - } - }; - clientThread.start(); - } else { - doClientSide(); - } - } -}