infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-11 19:08:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

minor refactor and clean up

Browse Source
This commit is contained in:
Seán Coffey 2025-04-29 09:50:38 +00:00
parent c3b9a28aee
commit 3114fea4dc
76 changed files with 673 additions and 695 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/java.base/share/classes/sun/security/ssl/Alert.java
View File

@ -228,7 +228,7 @@ enum Alert {
TransportContext tc = (TransportContext)context;
AlertMessage am = new AlertMessage(tc, m);
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("Received alert message", am);
}

18
src/java.base/share/classes/sun/security/ssl/AlpnExtension.java
View File

@ -157,7 +157,7 @@ final class AlpnExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SSLExtension.CH_ALPN)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.info(
"Ignore client unavailable extension: " +
SSLExtension.CH_ALPN.name);
@ -170,7 +170,7 @@ final class AlpnExtension {
String[] laps = chc.sslConfig.applicationProtocols;
if ((laps == null) || (laps.length == 0)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.info(
"No available application protocols");
}
@ -183,7 +183,7 @@ final class AlpnExtension {
int length = ap.getBytes(alpnCharset).length;
if (length == 0) {
// log the configuration problem
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.severe(
"Application protocol name cannot be empty");
}
@ -197,7 +197,7 @@ final class AlpnExtension {
listLength += (length + 1);
} else {
// log the configuration problem
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.severe(
"Application protocol name (" + ap +
") exceeds the size limit (" +
@ -212,7 +212,7 @@ final class AlpnExtension {
if (listLength > MAX_AP_LIST_LENGTH) {
// log the configuration problem
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.severe(
"The configured application protocols (" +
Arrays.toString(laps) +
@ -266,7 +266,7 @@ final class AlpnExtension {
if (!shc.sslConfig.isAvailable(SSLExtension.CH_ALPN)) {
shc.applicationProtocol = "";
shc.conContext.applicationProtocol = "";
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.info(
"Ignore server unavailable extension: " +
SSLExtension.CH_ALPN.name);
@ -288,7 +288,7 @@ final class AlpnExtension {
if (noAPSelector && noAlpnProtocols) {
shc.applicationProtocol = "";
shc.conContext.applicationProtocol = "";
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore server unenabled extension: " +
SSLExtension.CH_ALPN.name);
@ -371,7 +371,7 @@ final class AlpnExtension {
(AlpnSpec)shc.handshakeExtensions.get(SSLExtension.CH_ALPN);
if (requestedAlps == null) {
// Ignore, this extension was not requested and accepted.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
SSLExtension.SH_ALPN.name);
@ -416,7 +416,7 @@ final class AlpnExtension {
// Ignore, no negotiated application layer protocol.
shc.applicationProtocol = "";
shc.conContext.applicationProtocol = "";
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore, no negotiated application layer protocol");
}

8
src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java
View File

@ -89,7 +89,7 @@ final class CertSignAlgsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable " +
"signature_algorithms_cert extension");
@ -139,7 +139,7 @@ final class CertSignAlgsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable " +
"signature_algorithms_cert extension");
@ -230,7 +230,7 @@ final class CertSignAlgsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable " +
"signature_algorithms_cert extension");
@ -278,7 +278,7 @@ final class CertSignAlgsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable " +
"signature_algorithms_cert extension");

32
src/java.base/share/classes/sun/security/ssl/CertStatusExtension.java
View File

@ -144,7 +144,7 @@ final class CertStatusExtension {
if (statusType == CertStatusRequestType.OCSP.id) {
this.statusRequest = new OCSPStatusRequest(statusType, encoded);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.info(
"Unknown certificate status request " +
"(status type: " + statusType + ")");
@ -196,7 +196,7 @@ final class CertStatusExtension {
if (type == CertStatusRequestType.OCSP.id) {
this.statusResponse = new OCSPStatusResponse(type, respData);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.info(
"Unknown certificate status response " +
"(status type: " + type + ")");
@ -557,7 +557,7 @@ final class CertStatusExtension {
}
if (!chc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
SSLExtension.CH_STATUS_REQUEST.name);
@ -598,7 +598,7 @@ final class CertStatusExtension {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
if (!shc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Ignore unavailable extension: " +
SSLExtension.CH_STATUS_REQUEST.name);
}
@ -656,7 +656,7 @@ final class CertStatusExtension {
shc.handshakeExtensions.get(SSLExtension.CH_STATUS_REQUEST);
if (spec == null) {
// Ignore, no status_request extension requested.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("Ignore unavailable extension: " +
SSLExtension.CH_STATUS_REQUEST.name);
}
@ -666,7 +666,7 @@ final class CertStatusExtension {
// Is it a session resuming?
if (shc.isResumption) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"No status_request response for session resuming");
}
@ -839,7 +839,7 @@ final class CertStatusExtension {
statusRequests.add(
new OCSPStatusRequest(statusType, encoded));
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.info(
"Unknown certificate status request " +
"(status type: " + statusType + ")");
@ -915,7 +915,7 @@ final class CertStatusExtension {
}
if (!chc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST_V2)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Ignore unavailable status_request_v2 extension");
}
@ -957,7 +957,7 @@ final class CertStatusExtension {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
if (!shc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST_V2)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Ignore unavailable status_request_v2 extension");
}
@ -1017,7 +1017,7 @@ final class CertStatusExtension {
shc.handshakeExtensions.get(SSLExtension.CH_STATUS_REQUEST_V2);
if (spec == null) {
// Ignore, no status_request_v2 extension requested.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Ignore unavailable status_request_v2 extension");
}
@ -1027,7 +1027,7 @@ final class CertStatusExtension {
// Is it a session resuming?
if (shc.isResumption) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"No status_request_v2 response for session resumption");
}
@ -1112,7 +1112,7 @@ final class CertStatusExtension {
// Stapling needs to be active and have valid data to proceed
if (shc.stapleParams == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Stapling is disabled for this connection");
}
@ -1121,7 +1121,7 @@ final class CertStatusExtension {
// There needs to be a non-null CertificateEntry to proceed
if (shc.currentCertEntry == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("Found null CertificateEntry in context");
}
return null;
@ -1139,7 +1139,7 @@ final class CertStatusExtension {
byte[] respBytes = shc.stapleParams.responseMap.get(x509Cert);
if (respBytes == null) {
// We're done with this entry. Clear it from the context
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest("No status response found for " +
x509Cert.getSubjectX500Principal());
@ -1149,7 +1149,7 @@ final class CertStatusExtension {
}
// Build a proper response buffer from the stapling information
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest("Found status response for " +
x509Cert.getSubjectX500Principal() +
", response length: " + respBytes.length);
@ -1208,7 +1208,7 @@ final class CertStatusExtension {
respList.add(spec.statusResponse.encodedResponse);
chc.handshakeSession.setStatusResponses(respList);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignoring stapled data on resumed session");
}

16
src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java
View File

@ -192,7 +192,7 @@ final class CertificateAuthoritiesExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.CH_CERTIFICATE_AUTHORITIES)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable " +
"certificate_authorities extension");
@ -205,7 +205,7 @@ final class CertificateAuthoritiesExtension {
X509Certificate[] caCerts =
chc.sslContext.getX509TrustManager().getAcceptedIssuers();
if (caCerts.length == 0) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No available certificate authorities");
}
@ -216,7 +216,7 @@ final class CertificateAuthoritiesExtension {
List<byte[]> encodedCAs =
CertificateAuthoritiesSpec.getEncodedAuthorities(caCerts);
if (encodedCAs.isEmpty()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"The number of CAs exceeds the maximum size " +
"of the certificate_authorities extension");
@ -270,7 +270,7 @@ final class CertificateAuthoritiesExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.CH_CERTIFICATE_AUTHORITIES)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable " +
"certificate_authorities extension");
@ -319,7 +319,7 @@ final class CertificateAuthoritiesExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.CR_CERTIFICATE_AUTHORITIES)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable " +
"certificate_authorities extension");
@ -332,7 +332,7 @@ final class CertificateAuthoritiesExtension {
X509Certificate[] caCerts =
shc.sslContext.getX509TrustManager().getAcceptedIssuers();
if (caCerts.length == 0) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No available certificate authorities");
}
@ -343,7 +343,7 @@ final class CertificateAuthoritiesExtension {
List<byte[]> encodedCAs =
CertificateAuthoritiesSpec.getEncodedAuthorities(caCerts);
if (encodedCAs.isEmpty()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Too many certificate authorities to use " +
"the certificate_authorities extension");
@ -397,7 +397,7 @@ final class CertificateAuthoritiesExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.CR_CERTIFICATE_AUTHORITIES)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable " +
"certificate_authorities extension");

32
src/java.base/share/classes/sun/security/ssl/CertificateMessage.java
View File

@ -265,7 +265,7 @@ final class CertificateMessage {
shc.handshakeSession.setLocalCertificates(x509Possession.popCerts);
T12CertificateMessage cm =
new T12CertificateMessage(shc, x509Possession.popCerts);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced server Certificate handshake message", cm);
}
@ -293,7 +293,7 @@ final class CertificateMessage {
// an empty cert chain instead.
if (x509Possession == null) {
if (chc.negotiatedProtocol.useTLS10PlusSpec()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No X.509 certificate for client authentication, " +
"use empty Certificate message instead");
@ -302,7 +302,7 @@ final class CertificateMessage {
x509Possession =
new X509Possession(null, new X509Certificate[0]);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No X.509 certificate for client authentication, " +
"send a no_certificate alert");
@ -324,7 +324,7 @@ final class CertificateMessage {
}
T12CertificateMessage cm =
new T12CertificateMessage(chc, x509Possession.popCerts);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced client Certificate handshake message", cm);
}
@ -360,13 +360,13 @@ final class CertificateMessage {
T12CertificateMessage cm = new T12CertificateMessage(hc, message);
if (hc.sslConfig.isClientMode) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming server Certificate handshake message", cm);
}
onCertificate((ClientHandshakeContext)context, cm);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming client Certificate handshake message", cm);
}
@ -501,7 +501,7 @@ final class CertificateMessage {
try {
thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Attempt to obtain subjectAltNames extension failed!");
}
@ -511,7 +511,7 @@ final class CertificateMessage {
try {
prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Attempt to obtain subjectAltNames extension failed!");
}
@ -980,7 +980,7 @@ final class CertificateMessage {
certEnt.extensions.produce(shc, enabledCTExts);
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced server Certificate message", cm);
}
@ -997,7 +997,7 @@ final class CertificateMessage {
ClientHelloMessage clientHello) {
if (hc.peerRequestedCertSignSchemes == null ||
hc.peerRequestedCertSignSchemes.isEmpty()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"No signature_algorithms(_cert) in ClientHello");
}
@ -1021,7 +1021,7 @@ final class CertificateMessage {
SSLPossession pos = X509Authentication
.createPossession(hc, supportedKeyTypes);
if (pos == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("No available authentication scheme");
}
}
@ -1034,14 +1034,14 @@ final class CertificateMessage {
SSLPossession pos = choosePossession(chc, clientHello);
X509Certificate[] localCerts;
if (pos == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("No available client authentication scheme");
}
localCerts = new X509Certificate[0];
} else {
chc.handshakePossessions.add(pos);
if (!(pos instanceof X509Possession x509Possession)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No X.509 certificate for client authentication");
}
@ -1067,7 +1067,7 @@ final class CertificateMessage {
throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"Failed to produce client Certificate message", ce);
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced client Certificate message", cm);
}
@ -1099,13 +1099,13 @@ final class CertificateMessage {
hc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE.id);
T13CertificateMessage cm = new T13CertificateMessage(hc, message);
if (hc.sslConfig.isClientMode) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming server Certificate handshake message", cm);
}
onConsumeCertificate((ClientHandshakeContext)context, cm);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming client Certificate handshake message", cm);
}

22
src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
View File

@ -297,7 +297,7 @@ final class CertificateRequest {
shc.sslContext.getX509TrustManager().getAcceptedIssuers();
T10CertificateRequestMessage crm = new T10CertificateRequestMessage(
shc, caCerts, shc.negotiatedCipherSuite.keyExchange);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced CertificateRequest handshake message", crm);
}
@ -360,7 +360,7 @@ final class CertificateRequest {
T10CertificateRequestMessage crm =
new T10CertificateRequestMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming CertificateRequest handshake message", crm);
}
@ -400,7 +400,7 @@ final class CertificateRequest {
}
if (clientAlias == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("No available client authentication");
}
return;
@ -408,7 +408,7 @@ final class CertificateRequest {
PrivateKey clientPrivateKey = km.getPrivateKey(clientAlias);
if (clientPrivateKey == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("No available client private key");
}
return;
@ -416,7 +416,7 @@ final class CertificateRequest {
X509Certificate[] clientCerts = km.getCertificateChain(clientAlias);
if ((clientCerts == null) || (clientCerts.length == 0)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("No available client certificate");
}
return;
@ -655,7 +655,7 @@ final class CertificateRequest {
T12CertificateRequestMessage crm = new T12CertificateRequestMessage(
shc, caCerts, shc.negotiatedCipherSuite.keyExchange,
certReqSignAlgs);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced CertificateRequest handshake message", crm);
}
@ -717,7 +717,7 @@ final class CertificateRequest {
T12CertificateRequestMessage crm =
new T12CertificateRequestMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming CertificateRequest handshake message", crm);
}
@ -784,7 +784,7 @@ final class CertificateRequest {
T12CertificateRequestMessage crm) {
if (hc.peerRequestedCertSignSchemes == null ||
hc.peerRequestedCertSignSchemes.isEmpty()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("No signature and hash algorithms " +
"in CertificateRequest");
}
@ -823,7 +823,7 @@ final class CertificateRequest {
SSLPossession pos = X509Authentication
.createPossession(hc, supportedKeyTypes);
if (pos == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("No available authentication scheme");
}
}
@ -933,7 +933,7 @@ final class CertificateRequest {
SSLExtension[] extTypes = shc.sslConfig.getEnabledExtensions(
SSLHandshake.CERTIFICATE_REQUEST, shc.negotiatedProtocol);
crm.extensions.produce(shc, extTypes);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced CertificateRequest message", crm);
}
@ -985,7 +985,7 @@ final class CertificateRequest {
T13CertificateRequestMessage crm =
new T13CertificateRequestMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming CertificateRequest handshake message", crm);
}

6
src/java.base/share/classes/sun/security/ssl/CertificateStatus.java
View File

@ -281,7 +281,7 @@ final class CertificateStatus {
new CertificateStatusMessage(chc, message);
// Log the message
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming server CertificateStatus handshake message",
cst);
@ -325,7 +325,7 @@ final class CertificateStatus {
// Create the CertificateStatus message from info in the
CertificateStatusMessage csm = new CertificateStatusMessage(shc);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced server CertificateStatus handshake message", csm);
}
@ -358,7 +358,7 @@ final class CertificateStatus {
// status_request[_v2] extension. 2) The CertificateStatus
// message was not sent. This means that cert path checking
// was deferred, but must happen immediately.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Server did not send CertificateStatus, " +
"checking cert chain without status info.");
}

26
src/java.base/share/classes/sun/security/ssl/CertificateVerify.java
View File

@ -248,7 +248,7 @@ final class CertificateVerify {
if (x509Possession == null ||
x509Possession.popPrivateKey == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No X.509 credentials negotiated for CertificateVerify");
}
@ -258,7 +258,7 @@ final class CertificateVerify {
S30CertificateVerifyMessage cvm =
new S30CertificateVerifyMessage(chc, x509Possession);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced CertificateVerify handshake message", cvm);
}
@ -300,7 +300,7 @@ final class CertificateVerify {
S30CertificateVerifyMessage cvm =
new S30CertificateVerifyMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming CertificateVerify handshake message", cvm);
}
@ -503,7 +503,7 @@ final class CertificateVerify {
if (x509Possession == null ||
x509Possession.popPrivateKey == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No X.509 credentials negotiated for CertificateVerify");
}
@ -513,7 +513,7 @@ final class CertificateVerify {
T10CertificateVerifyMessage cvm =
new T10CertificateVerifyMessage(chc, x509Possession);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced CertificateVerify handshake message", cvm);
}
@ -555,7 +555,7 @@ final class CertificateVerify {
T10CertificateVerifyMessage cvm =
new T10CertificateVerifyMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming CertificateVerify handshake message", cvm);
}
@ -754,7 +754,7 @@ final class CertificateVerify {
if (x509Possession == null ||
x509Possession.popPrivateKey == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No X.509 credentials negotiated for CertificateVerify");
}
@ -764,7 +764,7 @@ final class CertificateVerify {
T12CertificateVerifyMessage cvm =
new T12CertificateVerifyMessage(chc, x509Possession);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced CertificateVerify handshake message", cvm);
}
@ -806,7 +806,7 @@ final class CertificateVerify {
T12CertificateVerifyMessage cvm =
new T12CertificateVerifyMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming CertificateVerify handshake message", cvm);
}
@ -1092,7 +1092,7 @@ final class CertificateVerify {
if (x509Possession == null ||
x509Possession.popPrivateKey == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No X.509 credentials negotiated for CertificateVerify");
}
@ -1113,7 +1113,7 @@ final class CertificateVerify {
X509Possession x509Possession) throws IOException {
T13CertificateVerifyMessage cvm =
new T13CertificateVerifyMessage(shc, x509Possession);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced server CertificateVerify handshake message", cvm);
}
@ -1130,7 +1130,7 @@ final class CertificateVerify {
X509Possession x509Possession) throws IOException {
T13CertificateVerifyMessage cvm =
new T13CertificateVerifyMessage(chc, x509Possession);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced client CertificateVerify handshake message", cvm);
}
@ -1165,7 +1165,7 @@ final class CertificateVerify {
T13CertificateVerifyMessage cvm =
new T13CertificateVerifyMessage(hc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming CertificateVerify handshake message", cvm);
}

6
src/java.base/share/classes/sun/security/ssl/ChangeCipherSpec.java
View File

@ -110,7 +110,7 @@ final class ChangeCipherSpec {
") and protocol version (" + hc.negotiatedProtocol + ")");
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced ChangeCipherSpec message");
}
@ -144,7 +144,7 @@ final class ChangeCipherSpec {
throw tc.fatal(Alert.UNEXPECTED_MESSAGE,
"Malformed or unexpected ChangeCipherSpec message");
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Consuming ChangeCipherSpec message");
}
@ -240,7 +240,7 @@ final class ChangeCipherSpec {
throw tc.fatal(Alert.UNEXPECTED_MESSAGE,
"Malformed or unexpected ChangeCipherSpec message");
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Consuming ChangeCipherSpec message");
}

42
src/java.base/share/classes/sun/security/ssl/ClientHello.java
View File

@ -430,7 +430,7 @@ final class ClientHello {
if (!session.isRejoinable()) {
session = null;
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, the session is not rejoinable");
@ -443,7 +443,7 @@ final class ClientHello {
sessionSuite = session.getSuite();
if (!chc.isNegotiable(sessionSuite)) {
session = null;
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, unavailable session cipher suite");
@ -456,7 +456,7 @@ final class ClientHello {
sessionVersion = session.getProtocolVersion();
if (!chc.isNegotiable(sessionVersion)) {
session = null;
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, unavailable protocol version");
@ -513,7 +513,7 @@ final class ClientHello {
String sessionIdentityAlg =
session.getIdentificationProtocol();
if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest("Can't resume, endpoint id" +
" algorithm does not match, requested: " +
@ -524,7 +524,7 @@ final class ClientHello {
}
if (session != null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest("Try resuming session", session);
}
@ -547,7 +547,7 @@ final class ClientHello {
cipherSuites = List.of(sessionSuite);
}
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"No new session is allowed, so try to resume " +
@ -634,7 +634,7 @@ final class ClientHello {
SSLHandshake.CLIENT_HELLO, chc.activeProtocols);
chm.extensions.produce(chc, extTypes);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced ClientHello handshake message", chm);
}
@ -700,7 +700,7 @@ final class ClientHello {
//
// The HelloVerifyRequest consumer should have updated the
// ClientHello handshake message with cookie.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced ClientHello(cookie) handshake message",
chc.initialClientHelloMsg);
@ -734,7 +734,7 @@ final class ClientHello {
// TLS 1.3
// The HelloRetryRequest consumer should have updated the
// ClientHello handshake message with cookie.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced ClientHello(HRR) handshake message",
chc.initialClientHelloMsg);
@ -790,7 +790,7 @@ final class ClientHello {
ClientHelloMessage chm =
new ClientHelloMessage(shc, message, enabledExtensions);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Consuming ClientHello handshake message", chm);
}
@ -820,7 +820,7 @@ final class ClientHello {
negotiateProtocol(context, clientHello.clientVersion);
}
context.negotiatedProtocol = negotiatedProtocol;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Negotiated protocol version: " + negotiatedProtocol.name);
}
@ -980,7 +980,7 @@ final class ClientHello {
boolean resumingSession =
(previous != null) && previous.isRejoinable();
if (!resumingSession) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, " +
@ -993,7 +993,7 @@ final class ClientHello {
previous.getProtocolVersion();
if (sessionProtocol != shc.negotiatedProtocol) {
resumingSession = false;
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, not the same protocol version");
@ -1008,7 +1008,7 @@ final class ClientHello {
previous.getPeerPrincipal();
} catch (SSLPeerUnverifiedException e) {
resumingSession = false;
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, " +
@ -1023,7 +1023,7 @@ final class ClientHello {
if ((!shc.isNegotiable(suite)) ||
(!clientHello.cipherSuites.contains(suite))) {
resumingSession = false;
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, " +
@ -1039,7 +1039,7 @@ final class ClientHello {
String sessionIdentityAlg =
previous.getIdentificationProtocol();
if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest("Can't resume, endpoint id" +
" algorithm does not match, requested: " +
@ -1054,7 +1054,7 @@ final class ClientHello {
shc.isResumption = resumingSession;
shc.resumingSession = resumingSession ? previous : null;
if (!resumingSession && SSLLogger.isOn &&
if (!resumingSession && SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Session not resumed.");
}
@ -1321,7 +1321,7 @@ final class ClientHello {
boolean resumingSession =
(previous != null) && previous.isRejoinable();
if (!resumingSession) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, " +
@ -1334,7 +1334,7 @@ final class ClientHello {
previous.getProtocolVersion();
if (sessionProtocol != shc.negotiatedProtocol) {
resumingSession = false;
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, not the same protocol version");
@ -1350,7 +1350,7 @@ final class ClientHello {
previous.getPeerPrincipal();
} catch (SSLPeerUnverifiedException e) {
resumingSession = false;
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, " +
@ -1365,7 +1365,7 @@ final class ClientHello {
if ((!shc.isNegotiable(suite)) ||
(!clientHello.cipherSuites.contains(suite))) {
resumingSession = false;
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, " +

10
src/java.base/share/classes/sun/security/ssl/CookieExtension.java
View File

@ -117,7 +117,7 @@ public class CookieExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable cookie extension");
}
@ -154,7 +154,7 @@ public class CookieExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable cookie extension");
}
@ -218,7 +218,7 @@ public class CookieExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable cookie extension");
}
@ -253,7 +253,7 @@ public class CookieExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable cookie extension");
}
@ -280,7 +280,7 @@ public class CookieExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable cookie extension");
}

4
src/java.base/share/classes/sun/security/ssl/DHClientKeyExchange.java
View File

@ -187,7 +187,7 @@ final class DHClientKeyExchange {
chc.handshakePossessions.add(dhePossession);
DHClientKeyExchangeMessage ckem =
new DHClientKeyExchangeMessage(chc);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced DH ClientKeyExchange handshake message", ckem);
}
@ -269,7 +269,7 @@ final class DHClientKeyExchange {
DHClientKeyExchangeMessage ckem =
new DHClientKeyExchangeMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming DH ClientKeyExchange handshake message", ckem);
}

4
src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java
View File

@ -481,7 +481,7 @@ final class DHServerKeyExchange {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
DHServerKeyExchangeMessage skem =
new DHServerKeyExchangeMessage(shc);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced DH ServerKeyExchange handshake message", skem);
}
@ -512,7 +512,7 @@ final class DHServerKeyExchange {
DHServerKeyExchangeMessage skem =
new DHServerKeyExchangeMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming DH ServerKeyExchange handshake message", skem);
}

76
src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java
View File

@ -125,7 +125,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
return null;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine("Raw read", packet);
}
@ -150,7 +150,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
int contentLen = ((packet.get() & 0xFF) << 8) |
(packet.get() & 0xFF); // pos: 11, 12
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine("READ: " +
ProtocolVersion.nameOf(majorVersion, minorVersion) +
" " + ContentType.nameOf(contentType) + ", length = " +
@ -162,7 +162,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (this.readEpoch > recordEpoch) {
// Reset the position of the packet buffer.
packet.position(recLim);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine("READ: discard this old record", recordEnS);
}
return null;
@ -181,7 +181,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
packet.position(recLim);
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("Premature record (epoch), discard it.");
}
@ -224,7 +224,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
plaintextFragment = plaintext.fragment;
contentType = plaintext.contentType;
} catch (GeneralSecurityException gse) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("Discard invalid record: " + gse);
}
@ -242,7 +242,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Cleanup the handshake reassembler if necessary.
if ((reassembler != null) &&
(reassembler.handshakeEpoch < recordEpoch)) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("Cleanup the handshake reassembler");
}
@ -275,7 +275,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (hsFrag == null) {
// invalid, discard this record
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Invalid handshake message, discard it.");
@ -299,7 +299,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
return pt == null ? null : new Plaintext[] { pt };
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("The reassembler is not initialized yet.");
}
@ -359,7 +359,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
int remaining = plaintextFragment.remaining();
if (remaining < handshakeHeaderSize) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("Discard invalid record: " +
"too small record to hold a handshake fragment");
}
@ -371,7 +371,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Fail fast for unknown handshake message.
byte handshakeType = plaintextFragment.get(); // pos: 0
if (!SSLHandshake.isKnown(handshakeType)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("Discard invalid record: " +
"unknown handshake type size, Handshake.msg_type = " +
(handshakeType & 0xFF));
@ -407,7 +407,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
((plaintextFragment.get() & 0xFF) << 8) |
(plaintextFragment.get() & 0xFF); // pos: 9-11
if ((remaining - handshakeHeaderSize) < fragmentLength) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("Discard invalid record: " +
"not a complete handshake fragment in the record");
}
@ -751,7 +751,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// It's OK to discard retransmission as the handshake hash
// is computed as if each handshake message had been sent
// as a single fragment.
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("Have got the full message, discard it.");
}
@ -773,7 +773,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// The ranges SHOULD NOT overlap.
if (hole.offset > hsf.fragmentOffset || hole.limit < fragmentLimit) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("Discard invalid record: " +
"handshake fragment ranges are overlapping");
}
@ -838,7 +838,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
}
// Read the random (32 bytes)
if (fragmentData.remaining() < 32) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine("Rejected client hello fragment (bad random len) " +
"fo=" + hsf.fragmentOffset + " fl=" + hsf.fragmentLength);
}
@ -862,7 +862,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Cookie
byte[] cookie = Record.getBytes8(fragmentData);
if (firstHello && cookie.length != 0) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine("Rejected initial client hello fragment (bad cookie len) " +
"fo=" + hsf.fragmentOffset + " fl=" + hsf.fragmentLength);
}
@ -898,7 +898,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
}
}
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine("Rejected client hello fragment " +
"fo=" + hsf.fragmentOffset + " fl=" + hsf.fragmentLength);
}
@ -1030,7 +1030,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
int previousEpoch = nextRecordEpoch - 1;
if (rf.recordEpoch < previousEpoch) {
// Too old to use, discard this record.
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Too old epoch to use this record, discard it.");
@ -1077,7 +1077,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (!isDesired) {
// Too old to use, discard this retransmitted record
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Too old retransmission to use, discard it.");
@ -1091,7 +1091,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Previously disordered record for the current epoch.
//
// Should have been retransmitted. Discard this record.
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Lagging behind record (sequence), discard it.");
@ -1130,7 +1130,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
Plaintext acquirePlaintext() throws SSLProtocolException {
if (bufferedFragments.isEmpty()) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("No received handshake messages");
}
@ -1152,7 +1152,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Reset the next handshake flight.
resetHandshakeFlight(precedingFlight);
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("Received a retransmission flight.");
}
@ -1165,7 +1165,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
}
if (!flightIsReady) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"The handshake flight is not ready to use: " +
@ -1251,7 +1251,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (readEpoch != rFrag.recordEpoch) {
if (readEpoch > rFrag.recordEpoch) {
// discard old records
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Discard old buffered ciphertext fragments.");
@ -1264,7 +1264,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
flightIsReady = false;
}
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Not yet ready to decrypt the cached fragments.");
@ -1282,7 +1282,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
plaintextFragment = plaintext.fragment;
rFrag.contentType = plaintext.contentType;
} catch (GeneralSecurityException gse) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("Discard invalid record: ", gse);
}
@ -1305,7 +1305,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (hsFrag == null) {
// invalid, discard this record
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Invalid handshake fragment, discard it",
@ -1457,7 +1457,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (expectCCSFlight) {
// Have the ChangeCipherSpec/Finished flight been received?
boolean isReady = hasFinishedMessage(bufferedFragments);
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Has the final flight been received? " + isReady);
@ -1466,7 +1466,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
return isReady;
}
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("No flight is received yet.");
}
@ -1480,7 +1480,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// single handshake message flight
boolean isReady = hasCompleted(flightType);
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Is the handshake message completed? " + isReady);
@ -1495,7 +1495,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (flightType == SSLHandshake.SERVER_HELLO.id) {
// Firstly, check the first flight handshake message.
if (!hasCompleted(flightType)) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"The ServerHello message is not completed yet.");
@ -1508,7 +1508,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// an abbreviated handshake
//
if (hasFinishedMessage(bufferedFragments)) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("It's an abbreviated handshake.");
}
@ -1523,7 +1523,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
SSLHandshake.SERVER_HELLO_DONE.id);
if ((holes == null) || !holes.isEmpty()) {
// Not yet got the final message of the flight.
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Not yet got the ServerHelloDone message");
@ -1536,7 +1536,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
boolean isReady = hasCompleted(bufferedFragments,
handshakeFlight.minMessageSeq,
handshakeFlight.maxMessageSeq);
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Is the ServerHello flight (message " +
@ -1560,7 +1560,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Firstly, check the first flight handshake message.
if (!hasCompleted(flightType)) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"The ClientKeyExchange or client Certificate " +
@ -1575,7 +1575,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (needClientVerify(bufferedFragments) &&
!hasCompleted(SSLHandshake.CERTIFICATE_VERIFY.id)) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Not yet have the CertificateVerify message");
@ -1587,7 +1587,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (!hasFinishedMessage(bufferedFragments)) {
// not yet have the ChangeCipherSpec/Finished messages
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Not yet have the ChangeCipherSpec and " +
@ -1601,7 +1601,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
boolean isReady = hasCompleted(bufferedFragments,
handshakeFlight.minMessageSeq,
handshakeFlight.maxMessageSeq);
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Is the ClientKeyExchange flight (message " +
@ -1616,7 +1616,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
//
// Otherwise, need to receive more handshake messages.
//
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("Need to receive more handshake messages");
}

22
src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java
View File

@ -92,7 +92,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
void changeWriteCiphers(SSLWriteCipher writeCipher,
boolean useChangeCipherSpec) {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"change_cipher_spec message");
}
@ -120,7 +120,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
@Override
void encodeAlert(byte level, byte description) {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"alert message: " + Alert.nameOf(description));
}
@ -137,7 +137,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
@Override
void encodeChangeCipherSpec() {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"change_cipher_spec message");
}
@ -154,7 +154,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
void encodeHandshake(byte[] source,
int offset, int length) {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"handshake message",
ByteBuffer.wrap(source, offset, length));
@ -179,14 +179,14 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws IOException {
if (isClosed) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"application data or cached messages");
}
return null;
} else if (isCloseWaiting) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"application data");
}
@ -201,7 +201,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
ByteBuffer destination) throws IOException {
if (writeCipher.authenticator.seqNumOverflow()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine(
"sequence number extremely close to overflow " +
"(2^64-1 packets). Closing connection.");
@ -269,7 +269,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
destination.limit(destination.position());
destination.position(dstContent);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name + " " +
ContentType.APPLICATION_DATA.name +
@ -282,7 +282,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
dstPos, dstLim, headerSize,
protocolVersion);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
ByteBuffer temporary = destination.duplicate();
temporary.limit(temporary.position());
temporary.position(dstPos);
@ -497,7 +497,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
dstBuf.limit(dstBuf.position());
dstBuf.position(dstContent);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name + " " +
ContentType.nameOf(memo.contentType) +
@ -511,7 +511,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
ProtocolVersion.valueOf(memo.majorVersion,
memo.minorVersion));
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
ByteBuffer temporary = dstBuf.duplicate();
temporary.limit(temporary.position());
temporary.position(dstPos);

8
src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java
View File

@ -199,7 +199,7 @@ final class ECDHClientKeyExchange {
ECDHClientKeyExchangeMessage cke =
new ECDHClientKeyExchangeMessage(
chc, sslPossession.encode());
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced ECDH ClientKeyExchange handshake message", cke);
}
@ -309,7 +309,7 @@ final class ECDHClientKeyExchange {
// parse either handshake message containing either EC/XEC.
ECDHClientKeyExchangeMessage cke =
new ECDHClientKeyExchangeMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming ECDH ClientKeyExchange handshake message", cke);
}
@ -399,7 +399,7 @@ final class ECDHClientKeyExchange {
new ECDHClientKeyExchangeMessage(
chc, sslPossession.encode());
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced ECDHE ClientKeyExchange handshake message", cke);
}
@ -493,7 +493,7 @@ final class ECDHClientKeyExchange {
// parse the EC/XEC handshake message
ECDHClientKeyExchangeMessage cke =
new ECDHClientKeyExchangeMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming ECDHE ClientKeyExchange handshake message", cke);
}

4
src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java
View File

@ -489,7 +489,7 @@ final class ECDHServerKeyExchange {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
ECDHServerKeyExchangeMessage skem =
new ECDHServerKeyExchangeMessage(shc);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced ECDH ServerKeyExchange handshake message", skem);
}
@ -522,7 +522,7 @@ final class ECDHServerKeyExchange {
// AlgorithmConstraints are checked during decoding
ECDHServerKeyExchangeMessage skem =
new ECDHServerKeyExchangeMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming ECDH ServerKeyExchange handshake message", skem);
}

6
src/java.base/share/classes/sun/security/ssl/ECPointFormatsExtension.java
View File

@ -171,7 +171,7 @@ final class ECPointFormatsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_EC_POINT_FORMATS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable ec_point_formats extension");
}
@ -193,7 +193,7 @@ final class ECPointFormatsExtension {
return extData;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Need no ec_point_formats extension");
}
@ -221,7 +221,7 @@ final class ECPointFormatsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_EC_POINT_FORMATS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable ec_point_formats extension");
}

4
src/java.base/share/classes/sun/security/ssl/EncryptedExtensions.java
View File

@ -134,7 +134,7 @@ final class EncryptedExtensions {
SSLHandshake.ENCRYPTED_EXTENSIONS,
shc.negotiatedProtocol);
eem.extensions.produce(shc, extTypes);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced EncryptedExtensions message", eem);
}
@ -168,7 +168,7 @@ final class EncryptedExtensions {
EncryptedExtensionsMessage eem =
new EncryptedExtensionsMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming EncryptedExtensions handshake message", eem);
}

10
src/java.base/share/classes/sun/security/ssl/ExtendedMasterSecretExtension.java
View File

@ -119,7 +119,7 @@ final class ExtendedMasterSecretExtension {
if (!chc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) ||
!SSLConfiguration.useExtendedMasterSecret ||
!chc.conContext.protocolVersion.useTLS10PlusSpec()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extended_master_secret extension");
}
@ -162,7 +162,7 @@ final class ExtendedMasterSecretExtension {
if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) ||
!SSLConfiguration.useExtendedMasterSecret ||
!shc.negotiatedProtocol.useTLS10PlusSpec()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Ignore unavailable extension: " +
CH_EXTENDED_MASTER_SECRET.name);
}
@ -182,7 +182,7 @@ final class ExtendedMasterSecretExtension {
// with a full handshake.
shc.isResumption = false;
shc.resumingSession = null;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"abort session resumption which did not use " +
"Extended Master Secret extension");
@ -213,7 +213,7 @@ final class ExtendedMasterSecretExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) ||
!SSLConfiguration.useExtendedMasterSecret) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Ignore unavailable extension: " +
CH_EXTENDED_MASTER_SECRET.name);
}
@ -252,7 +252,7 @@ final class ExtendedMasterSecretExtension {
} else { // Otherwise, continue with a full handshake.
shc.isResumption = false;
shc.resumingSession = null;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"abort session resumption, " +
"missing Extended Master Secret extension");

16
src/java.base/share/classes/sun/security/ssl/Finished.java
View File

@ -392,7 +392,7 @@ final class Finished {
// Change write cipher and delivery ChangeCipherSpec message.
ChangeCipherSpec.t10Producer.produce(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced client Finished handshake message", fm);
}
@ -455,7 +455,7 @@ final class Finished {
// Change write cipher and delivery ChangeCipherSpec message.
ChangeCipherSpec.t10Producer.produce(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced server Finished handshake message", fm);
}
@ -544,7 +544,7 @@ final class Finished {
private void onConsumeFinished(ClientHandshakeContext chc,
ByteBuffer message) throws IOException {
FinishedMessage fm = new FinishedMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming server Finished handshake message", fm);
}
@ -604,7 +604,7 @@ final class Finished {
}
FinishedMessage fm = new FinishedMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming client Finished handshake message", fm);
}
@ -683,7 +683,7 @@ final class Finished {
chc.handshakeHash.update();
FinishedMessage fm = new FinishedMessage(chc);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced client Finished handshake message", fm);
}
@ -777,7 +777,7 @@ final class Finished {
shc.handshakeHash.update();
FinishedMessage fm = new FinishedMessage(shc);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced server Finished handshake message", fm);
}
@ -913,7 +913,7 @@ final class Finished {
}
FinishedMessage fm = new FinishedMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming server Finished handshake message", fm);
}
@ -1047,7 +1047,7 @@ final class Finished {
}
FinishedMessage fm = new FinishedMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming client Finished handshake message", fm);
}

12
src/java.base/share/classes/sun/security/ssl/HandshakeContext.java
View File

@ -284,7 +284,7 @@ abstract class HandshakeContext implements ConnectionContext {
found = true;
break;
}
} else if (SSLLogger.isOn &&
} else if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"Ignore unsupported cipher suite: " + suite +
@ -292,7 +292,7 @@ abstract class HandshakeContext implements ConnectionContext {
}
}
if (!found && (SSLLogger.isOn) &&
if (!found && (SSLLogger.logging) &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No available cipher suite for " + protocol.name);
@ -337,7 +337,7 @@ abstract class HandshakeContext implements ConnectionContext {
}
if (!isSupported &&
SSLLogger.isOn &&
SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore unsupported cipher suite: " + suite);
@ -559,7 +559,7 @@ abstract class HandshakeContext implements ConnectionContext {
cachedStatus.put(groupType, groupAvailable);
if (!groupAvailable &&
SSLLogger.isOn &&
SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine(
"No activated named group in " + groupType);
@ -574,14 +574,14 @@ abstract class HandshakeContext implements ConnectionContext {
}
}
if (!retval && SSLLogger.isOn &&
if (!retval && SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("No active named group(s), ignore " + suite);
}
return retval;
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
} else if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("Ignore disabled cipher suite: " + suite);
}

2
src/java.base/share/classes/sun/security/ssl/HandshakeOutStream.java
View File

@ -61,7 +61,7 @@ public class HandshakeOutStream extends ByteArrayOutputStream {
if (!outputRecord.isClosed()) {
outputRecord.encodeHandshake(buf, 0, count);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"handshake messages", ByteBuffer.wrap(buf, 0, count));
}

10
src/java.base/share/classes/sun/security/ssl/HelloRequest.java
View File

@ -101,7 +101,7 @@ final class HelloRequest {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
HelloRequestMessage hrm = new HelloRequestMessage(shc);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced HelloRequest handshake message", hrm);
}
@ -137,7 +137,7 @@ final class HelloRequest {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
HelloRequestMessage hrm = new HelloRequestMessage(shc);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced HelloRequest handshake message", hrm);
}
@ -177,7 +177,7 @@ final class HelloRequest {
// be sent by the server at any time. Please don't clean up this
// handshake consumer.
HelloRequestMessage hrm = new HelloRequestMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming HelloRequest handshake message", hrm);
}
@ -190,7 +190,7 @@ final class HelloRequest {
}
if (!chc.conContext.secureRenegotiation) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Continue with insecure renegotiation");
}
@ -206,7 +206,7 @@ final class HelloRequest {
//
SSLHandshake.CLIENT_HELLO.produce(context, hrm);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore HelloRequest, handshaking is in progress");
}

4
src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java
View File

@ -140,7 +140,7 @@ final class HelloVerifyRequest {
HelloVerifyRequestMessage hvrm =
new HelloVerifyRequestMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced HelloVerifyRequest handshake message", hvrm);
}
@ -197,7 +197,7 @@ final class HelloVerifyRequest {
HelloVerifyRequestMessage hvrm =
new HelloVerifyRequestMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming HelloVerifyRequest handshake message", hvrm);
}

32
src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java
View File

@ -90,7 +90,7 @@ final class KeyShareExtension {
Record.putInt16(m, namedGroupId);
Record.putBytes16(m, keyExchange);
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Unlikely IOException", ioe);
}
@ -222,7 +222,7 @@ final class KeyShareExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable key_share extension");
}
@ -237,7 +237,7 @@ final class KeyShareExtension {
namedGroups = chc.clientRequestedNamedGroups;
if (namedGroups == null || namedGroups.isEmpty()) {
// No supported groups.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore key_share extension, no supported groups");
}
@ -287,7 +287,7 @@ final class KeyShareExtension {
NamedGroup ng) {
SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
if (ke == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"No key exchange for named group " + ng.name);
}
@ -323,7 +323,7 @@ final class KeyShareExtension {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
if (shc.handshakeExtensions.containsKey(SSLExtension.CH_KEY_SHARE)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"The key_share extension has been loaded");
}
@ -332,7 +332,7 @@ final class KeyShareExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable key_share extension");
}
@ -346,7 +346,7 @@ final class KeyShareExtension {
NamedGroup ng = NamedGroup.valueOf(entry.namedGroupId);
if (ng == null || !NamedGroup.isActivatable(shc.sslConfig,
shc.algorithmConstraints, ng)) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unsupported named group: " +
@ -364,7 +364,7 @@ final class KeyShareExtension {
if (!shc.algorithmConstraints.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
namedGroupCredentials.getPublicKey())) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"key share entry of " + ng + " does not " +
@ -379,7 +379,7 @@ final class KeyShareExtension {
credentials.add(kaCred);
}
} catch (GeneralSecurityException ex) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Cannot decode named group: " +
NamedGroup.nameOf(entry.namedGroupId));
@ -522,7 +522,7 @@ final class KeyShareExtension {
SSLExtension.CH_KEY_SHARE);
if (kss == null) {
// Unlikely, no key_share extension requested.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore, no client key_share extension");
}
@ -531,7 +531,7 @@ final class KeyShareExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.SH_KEY_SHARE)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore, no available server key_share extension");
}
@ -542,7 +542,7 @@ final class KeyShareExtension {
if ((shc.handshakeCredentials == null) ||
shc.handshakeCredentials.isEmpty()) {
// Unlikely, HelloRetryRequest should be used earlier.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"No available client key share entries");
}
@ -562,7 +562,7 @@ final class KeyShareExtension {
SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
if (ke == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"No key exchange for named group " + ng.name);
}
@ -597,7 +597,7 @@ final class KeyShareExtension {
if (keyShare == null) {
// Unlikely, HelloRetryRequest should be used instead earlier.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"No available server key_share extension");
}
@ -708,7 +708,7 @@ final class KeyShareExtension {
ClientHandshakeContext chc = (ClientHandshakeContext)context;
// Cannot use the previous requested key shares anymore.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No key_share extension in ServerHello, " +
"cleanup the key shares if necessary");
@ -801,7 +801,7 @@ final class KeyShareExtension {
for (NamedGroup ng : shc.clientRequestedNamedGroups) {
if (NamedGroup.isActivatable(shc.sslConfig,
shc.algorithmConstraints, ng)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"HelloRetryRequest selected named group: " +
ng.name);

8
src/java.base/share/classes/sun/security/ssl/KeyUpdate.java
View File

@ -191,7 +191,7 @@ final class KeyUpdate {
// The consuming happens in client side only.
PostHandshakeContext hc = (PostHandshakeContext)context;
KeyUpdateMessage km = new KeyUpdateMessage(hc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming KeyUpdate post-handshake message", km);
}
@ -235,7 +235,7 @@ final class KeyUpdate {
rc.baseSecret = nplus1;
hc.conContext.inputRecord.changeReadCiphers(rc);
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("KeyUpdate: read key updated");
}
} catch (GeneralSecurityException gse) {
@ -270,7 +270,7 @@ final class KeyUpdate {
// The producing happens in server side only.
PostHandshakeContext hc = (PostHandshakeContext)context;
KeyUpdateMessage km = (KeyUpdateMessage)message;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced KeyUpdate post-handshake message", km);
}
@ -322,7 +322,7 @@ final class KeyUpdate {
// changeWriteCiphers() implementation.
wc.baseSecret = nplus1;
hc.conContext.outputRecord.changeWriteCiphers(wc, km.status.id);
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("KeyUpdate: write key updated");
}

18
src/java.base/share/classes/sun/security/ssl/MaxFragExtension.java
View File

@ -176,7 +176,7 @@ final class MaxFragExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_MAX_FRAGMENT_LENGTH)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable max_fragment_length extension");
}
@ -213,7 +213,7 @@ final class MaxFragExtension {
} else {
// log and ignore, no MFL extension.
chc.maxFragmentLength = -1;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No available max_fragment_length extension can " +
"be used for fragment size of " +
@ -243,7 +243,7 @@ final class MaxFragExtension {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
if (!shc.sslConfig.isAvailable(CH_MAX_FRAGMENT_LENGTH)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable max_fragment_length extension");
}
@ -288,7 +288,7 @@ final class MaxFragExtension {
MaxFragLenSpec spec = (MaxFragLenSpec)
shc.handshakeExtensions.get(CH_MAX_FRAGMENT_LENGTH);
if (spec == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Ignore unavailable max_fragment_length extension");
}
@ -305,7 +305,7 @@ final class MaxFragExtension {
// For better interoperability, abort the maximum
// fragment length negotiation, rather than terminate
// the connection with a fatal alert.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Abort the maximum fragment length negotiation, " +
"may overflow the maximum packet size limit.");
@ -413,7 +413,7 @@ final class MaxFragExtension {
// For better interoperability, abort the maximum
// fragment length negotiation, rather than terminate
// the connection with a fatal alert.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Abort the maximum fragment length negotiation, " +
"may overflow the maximum packet size limit.");
@ -455,7 +455,7 @@ final class MaxFragExtension {
MaxFragLenSpec spec = (MaxFragLenSpec)
shc.handshakeExtensions.get(CH_MAX_FRAGMENT_LENGTH);
if (spec == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Ignore unavailable max_fragment_length extension");
}
@ -472,7 +472,7 @@ final class MaxFragExtension {
// For better interoperability, abort the maximum
// fragment length negotiation, rather than terminate
// the connection with a fatal alert.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Abort the maximum fragment length negotiation, " +
"may overflow the maximum packet size limit.");
@ -578,7 +578,7 @@ final class MaxFragExtension {
// For better interoperability, abort the maximum
// fragment length negotiation, rather than terminate
// the connection with a fatal alert.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Abort the maximum fragment length negotiation, " +
"may overflow the maximum packet size limit.");

8
src/java.base/share/classes/sun/security/ssl/NamedGroup.java
View File

@ -273,7 +273,7 @@ enum NamedGroup {
| NoSuchAlgorithmException exp) {
if (namedGroupSpec != NamedGroupSpec.NAMED_GROUP_XDH) {
mediator = false;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"No AlgorithmParameters for " + name, exp);
}
@ -294,7 +294,7 @@ enum NamedGroup {
// AlgorithmParameters.getInstance(name);
} catch (NoSuchAlgorithmException nsae) {
mediator = false;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"No AlgorithmParameters for " + name, nsae);
}
@ -382,7 +382,7 @@ enum NamedGroup {
for (String ss : namedGroups) {
NamedGroup ng = NamedGroup.nameOf(ss);
if (ng == null || !ng.isAvailable) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore the named group (" + ss
@ -811,7 +811,7 @@ enum NamedGroup {
}
if (groupList.isEmpty() &&
SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("No default named groups");
}
}

38
src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java
View File

@ -199,7 +199,7 @@ final class NewSessionTicket {
this.ticket = Record.getBytes16(m);
if (ticket.length == 0) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"No ticket in the NewSessionTicket handshake message");
}
@ -321,7 +321,7 @@ final class NewSessionTicket {
if (hc instanceof ServerHandshakeContext) {
// Is this session resumable?
if (!hc.handshakeSession.isRejoinable()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("No session ticket produced: " +
"session is not resumable");
}
@ -339,7 +339,7 @@ final class NewSessionTicket {
SSLExtension.PSK_KEY_EXCHANGE_MODES);
if (pkemSpec == null ||
!pkemSpec.contains(PskKeyExchangeMode.PSK_DHE_KE)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("No session ticket produced: " +
"client does not support psk_dhe_ke");
}
@ -350,7 +350,7 @@ final class NewSessionTicket {
// Check if we have sent a PSK already, then we know it is
// using an allowable PSK exchange key mode.
if (!hc.handshakeSession.isPSKable()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("No session ticket produced: " +
"No session ticket allowed in this session");
}
@ -364,7 +364,7 @@ final class NewSessionTicket {
hc.sslContext.engineGetServerSessionContext();
int sessionTimeoutSeconds = sessionCache.getSessionTimeout();
if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("No session ticket produced: " +
"session timeout is too long");
}
@ -451,7 +451,7 @@ final class NewSessionTicket {
if (!nstm.isValid()) {
hc.statelessResumption = false;
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced NewSessionTicket stateless " +
"post-handshake message", nstm);
}
@ -466,7 +466,7 @@ final class NewSessionTicket {
sessionCache.getSessionTimeout(),
hc.sslContext.getSecureRandom(), nonce,
newId.getId());
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced NewSessionTicket " +
"post-handshake message", nstm);
}
@ -480,7 +480,7 @@ final class NewSessionTicket {
return nstm;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("No NewSessionTicket created");
}
@ -518,7 +518,7 @@ final class NewSessionTicket {
shc.sslContext.engineGetServerSessionContext();
int sessionTimeoutSeconds = sessionCache.getSessionTimeout();
if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Session timeout is too long. No ticket sent.");
}
@ -532,7 +532,7 @@ final class NewSessionTicket {
NewSessionTicketMessage nstm = new T12NewSessionTicketMessage(shc,
sessionTimeoutSeconds,
new SessionTicketSpec().encrypt(shc, sessionCopy));
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced NewSessionTicket stateless handshake message",
nstm);
@ -571,7 +571,7 @@ final class NewSessionTicket {
HandshakeContext hc = (HandshakeContext)context;
NewSessionTicketMessage nstm =
new T13NewSessionTicketMessage(hc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming NewSessionTicket message", nstm);
}
@ -582,7 +582,7 @@ final class NewSessionTicket {
// discard tickets with timeout 0
if (nstm.ticketLifetime <= 0 ||
nstm.ticketLifetime > MAX_TICKET_LIFETIME) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Discarding NewSessionTicket with lifetime " +
nstm.ticketLifetime, nstm);
@ -591,7 +591,7 @@ final class NewSessionTicket {
}
if (sessionCache.getSessionTimeout() > MAX_TICKET_LIFETIME) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Session cache lifetime is too long. " +
"Discarding ticket.");
@ -603,7 +603,7 @@ final class NewSessionTicket {
SecretKey resumptionMasterSecret =
sessionToSave.getResumptionMasterSecret();
if (resumptionMasterSecret == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Session has no resumption master secret. " +
"Ignoring ticket.");
@ -629,7 +629,7 @@ final class NewSessionTicket {
sessionCopy.setPskIdentity(nstm.ticket);
sessionCache.put(sessionCopy, sessionCopy.isPSK());
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("MultiNST PSK (Server): " +
Utilities.toHexString(Arrays.copyOf(nstm.ticket, 16)));
}
@ -657,7 +657,7 @@ final class NewSessionTicket {
NewSessionTicketMessage nstm = new T12NewSessionTicketMessage(hc,
message);
if (nstm.ticket.length == 0) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("NewSessionTicket ticket was empty");
}
return;
@ -666,7 +666,7 @@ final class NewSessionTicket {
// discard tickets with timeout 0
if (nstm.ticketLifetime <= 0 ||
nstm.ticketLifetime > MAX_TICKET_LIFETIME) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Discarding NewSessionTicket with lifetime " +
nstm.ticketLifetime, nstm);
@ -678,7 +678,7 @@ final class NewSessionTicket {
hc.sslContext.engineGetClientSessionContext();
if (sessionCache.getSessionTimeout() > MAX_TICKET_LIFETIME) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Session cache lifetime is too long. " +
"Discarding ticket.");
@ -687,7 +687,7 @@ final class NewSessionTicket {
}
hc.handshakeSession.setPskIdentity(nstm.ticket);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Consuming NewSessionTicket\n" + nstm);
}
}

4
src/java.base/share/classes/sun/security/ssl/OutputRecord.java
View File

@ -176,7 +176,7 @@ abstract class OutputRecord
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"change_cipher_spec message");
}
@ -210,7 +210,7 @@ abstract class OutputRecord
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"key_update handshake message");
}

34
src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java
View File

@ -338,7 +338,7 @@ final class PreSharedKeyExtension {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.CH_PRE_SHARED_KEY)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable pre_shared_key extension");
}
@ -390,7 +390,7 @@ final class PreSharedKeyExtension {
}
}
if (b == null || s == null) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Stateless session ticket invalid");
@ -399,7 +399,7 @@ final class PreSharedKeyExtension {
}
if (s != null && canRejoin(clientHello, shc, s)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Resuming session: ", s);
}
@ -432,7 +432,7 @@ final class PreSharedKeyExtension {
// Check protocol version
if (result && s.getProtocolVersion() != shc.negotiatedProtocol) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest("Can't resume, incorrect protocol version");
@ -452,7 +452,7 @@ final class PreSharedKeyExtension {
try {
s.getPeerPrincipal();
} catch (SSLPeerUnverifiedException e) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, " +
@ -467,7 +467,7 @@ final class PreSharedKeyExtension {
if (result &&
!shc.localSupportedCertSignAlgs.containsAll(sessionSigAlgs)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Can't resume. Session uses different " +
"signature algorithms");
}
@ -481,7 +481,7 @@ final class PreSharedKeyExtension {
if (result && identityAlg != null) {
String sessionIdentityAlg = s.getIdentificationProtocol();
if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest("Can't resume, endpoint id" +
@ -495,7 +495,7 @@ final class PreSharedKeyExtension {
// Ensure cipher suite can be negotiated
if (result && (!shc.isNegotiable(s.getSuite()) ||
!clientHello.cipherSuites.contains(s.getSuite()))) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Can't resume, unavailable session cipher suite");
@ -650,7 +650,7 @@ final class PreSharedKeyExtension {
// The producing happens in client side only.
ClientHandshakeContext chc = (ClientHandshakeContext)context;
if (!chc.isResumption || chc.resumingSession == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("No session to resume.");
}
return null;
@ -660,7 +660,7 @@ final class PreSharedKeyExtension {
Collection<SignatureScheme> sessionSigAlgs =
chc.resumingSession.getLocalSupportedSignatureSchemes();
if (!chc.localSupportedCertSignAlgs.containsAll(sessionSigAlgs)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Existing session uses different " +
"signature algorithms");
}
@ -670,7 +670,7 @@ final class PreSharedKeyExtension {
// The session must have a pre-shared key
SecretKey psk = chc.resumingSession.getPreSharedKey();
if (psk == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Existing session has no PSK.");
}
return null;
@ -684,7 +684,7 @@ final class PreSharedKeyExtension {
}
if (chc.pskIdentity == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"PSK has no identity, or identity was already used");
}
@ -696,7 +696,7 @@ final class PreSharedKeyExtension {
chc.sslContext.engineGetClientSessionContext();
sessionCache.remove(chc.resumingSession.getSessionId(), true);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Found resumable session. Preparing PSK message.");
SSLLogger.fine(
@ -826,7 +826,7 @@ final class PreSharedKeyExtension {
public void absent(ConnectionContext context,
HandshakeMessage message) throws IOException {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Handling pre_shared_key absence.");
}
@ -891,7 +891,7 @@ final class PreSharedKeyExtension {
}
SHPreSharedKeySpec shPsk = new SHPreSharedKeySpec(chc, buffer);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Received pre_shared_key extension: ", shPsk);
}
@ -901,7 +901,7 @@ final class PreSharedKeyExtension {
"Selected identity index is not in correct range.");
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Resuming session: ", chc.resumingSession);
}
@ -915,7 +915,7 @@ final class PreSharedKeyExtension {
HandshakeMessage message) throws IOException {
ClientHandshakeContext chc = (ClientHandshakeContext)context;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Handling pre_shared_key absence.");
}

6
src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java
View File

@ -246,7 +246,7 @@ final class PredefinedDHParameterSpecs {
Matcher spacesMatcher = spacesPattern.matcher(property);
property = spacesMatcher.replaceAll("");
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.fine(
"The Security Property " +
PROPERTY_NAME + ": " + property);
@ -262,7 +262,7 @@ final class PredefinedDHParameterSpecs {
String primeModulus = paramsFinder.group(1);
BigInteger p = new BigInteger(primeModulus, 16);
if (!p.isProbablePrime(PRIME_CERTAINTY)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.fine(
"Prime modulus p in Security Property, " +
PROPERTY_NAME + ", is not a prime: " +
@ -279,7 +279,7 @@ final class PredefinedDHParameterSpecs {
DHParameterSpec spec = new DHParameterSpec(p, g);
defaultParams.put(primeLen, spec);
}
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
} else if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.fine("Invalid Security Property, " +
PROPERTY_NAME + ", definition");
}

8
src/java.base/share/classes/sun/security/ssl/PskKeyExchangeModesExtension.java
View File

@ -184,7 +184,7 @@ final class PskKeyExchangeModesExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.PSK_KEY_EXCHANGE_MODES)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable psk_key_exchange_modes extension");
}
@ -216,7 +216,7 @@ final class PskKeyExchangeModesExtension {
if (!spec.contains(PskKeyExchangeMode.PSK_DHE_KE)) {
shc.isResumption = false;
shc.resumingSession = null;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"abort session resumption, " +
"no supported psk_dhe_ke PSK key exchange mode");
@ -247,7 +247,7 @@ final class PskKeyExchangeModesExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.PSK_KEY_EXCHANGE_MODES)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore unavailable psk_key_exchange_modes extension");
}
@ -287,7 +287,7 @@ final class PskKeyExchangeModesExtension {
if (shc.isResumption) { // resumingSession may not be set
shc.isResumption = false;
shc.resumingSession = null;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"abort session resumption, " +
"no supported psk_dhe_ke PSK key exchange mode");

4
src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java
View File

@ -190,7 +190,7 @@ final class RSAClientKeyExchange {
throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
"Cannot generate RSA premaster secret", gse);
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced RSA ClientKeyExchange handshake message", ckem);
}
@ -271,7 +271,7 @@ final class RSAClientKeyExchange {
RSAClientKeyExchangeMessage ckem =
new RSAClientKeyExchangeMessage(shc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming RSA ClientKeyExchange handshake message", ckem);
}

10
src/java.base/share/classes/sun/security/ssl/RSAKeyExchange.java
View File

@ -150,7 +150,7 @@ final class RSAKeyExchange {
needFailover = !KeyUtil.isOracleJCEProvider(
cipher.getProvider().getName());
} catch (InvalidKeyException | UnsupportedOperationException iue) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("The Cipher provider "
+ safeProviderName(cipher)
+ " caused exception: " + iue.getMessage());
@ -197,7 +197,7 @@ final class RSAKeyExchange {
try {
return cipher.getProvider().toString();
} catch (Exception e) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Retrieving The Cipher provider name" +
" caused exception ", e);
}
@ -205,7 +205,7 @@ final class RSAKeyExchange {
try {
return cipher.toString() + " (provider name not available)";
} catch (Exception e) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Retrieving The Cipher name" +
" caused exception ", e);
}
@ -220,7 +220,7 @@ final class RSAKeyExchange {
int clientVersion, int serverVersion, byte[] encodedSecret,
SecureRandom generator) throws GeneralSecurityException {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Generating a premaster secret");
}
@ -235,7 +235,7 @@ final class RSAKeyExchange {
} catch (InvalidAlgorithmParameterException |
NoSuchAlgorithmException iae) {
// unlikely to happen, otherwise, must be a provider exception
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("RSA premaster secret generation error", iae);
}

4
src/java.base/share/classes/sun/security/ssl/RSAServerKeyExchange.java
View File

@ -264,7 +264,7 @@ final class RSAServerKeyExchange {
RSAServerKeyExchangeMessage skem =
new RSAServerKeyExchangeMessage(
shc, x509Possession, rsaPossession);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced RSA ServerKeyExchange handshake message", skem);
}
@ -296,7 +296,7 @@ final class RSAServerKeyExchange {
RSAServerKeyExchangeMessage skem =
new RSAServerKeyExchangeMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming RSA ServerKeyExchange handshake message", skem);
}

24
src/java.base/share/classes/sun/security/ssl/RenegoInfoExtension.java
View File

@ -138,7 +138,7 @@ final class RenegoInfoExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_RENEGOTIATION_INFO)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable renegotiation_info extension");
}
@ -182,7 +182,7 @@ final class RenegoInfoExtension {
return extData;
} else { // not secure renegotiation
if (HandshakeContext.allowUnsafeRenegotiation) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("Using insecure renegotiation");
}
@ -216,7 +216,7 @@ final class RenegoInfoExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_RENEGOTIATION_INFO)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Ignore unavailable extension: " +
CH_RENEGOTIATION_INFO.name);
}
@ -280,7 +280,7 @@ final class RenegoInfoExtension {
for (int id : clientHello.cipherSuiteIds) {
if (id ==
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV.id) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Safe renegotiation, using the SCSV signaling");
}
@ -294,7 +294,7 @@ final class RenegoInfoExtension {
"Failed to negotiate the use of secure renegotiation");
} // otherwise, allow legacy hello message
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("Warning: No renegotiation " +
"indication in ClientHello, allow legacy ClientHello");
}
@ -306,13 +306,13 @@ final class RenegoInfoExtension {
"Inconsistent secure renegotiation indication");
} else { // renegotiation, not secure
if (HandshakeContext.allowUnsafeRenegotiation) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("Using insecure renegotiation");
}
} else {
// Unsafe renegotiation should have been aborted in
// earlier processes.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Terminate insecure renegotiation");
}
throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
@ -345,7 +345,7 @@ final class RenegoInfoExtension {
if (requestedSpec == null && !shc.conContext.secureRenegotiation) {
// Ignore, no renegotiation_info extension or SCSV signaling
// requested.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Ignore unavailable renegotiation_info extension");
}
@ -354,7 +354,7 @@ final class RenegoInfoExtension {
if (!shc.conContext.secureRenegotiation) {
// Ignore, no secure renegotiation is negotiated.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"No secure renegotiation has been negotiated");
}
@ -515,7 +515,7 @@ final class RenegoInfoExtension {
"Failed to negotiate the use of secure renegotiation");
} // otherwise, allow legacy hello message
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("Warning: No renegotiation " +
"indication in ServerHello, allow legacy ServerHello");
}
@ -527,13 +527,13 @@ final class RenegoInfoExtension {
"Inconsistent secure renegotiation indication");
} else { // renegotiation, not secure
if (HandshakeContext.allowUnsafeRenegotiation) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("Using insecure renegotiation");
}
} else {
// Unsafe renegotiation should have been aborted in
// earlier processes.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Terminate insecure renegotiation");
}
throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,

44
src/java.base/share/classes/sun/security/ssl/SSLCipher.java
View File

@ -392,7 +392,7 @@ enum SSLCipher {
if (values[1].contains(tag[0])) {
index = 0;
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("jdk.tls.keyLimits: Unknown action: " +
entry);
}
@ -413,13 +413,13 @@ enum SSLCipher {
"Length exceeded limits");
}
} catch (NumberFormatException e) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("jdk.tls.keyLimits: " + e.getMessage() +
": " + entry);
}
continue;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("jdk.tls.keyLimits: entry = " + entry +
". " + values[0] + ":" + tag[index] + " = " + size);
}
@ -468,7 +468,7 @@ enum SSLCipher {
Cipher.getInstance(transformation);
return true;
} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("Transformation " + transformation + " is" +
" not available.");
}
@ -860,7 +860,7 @@ enum SSLCipher {
"JCE provider " + cipher.getProvider().getName(), sbe);
}
pt.position(pos);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Plaintext after DECRYPTION", pt.duplicate());
}
@ -930,7 +930,7 @@ enum SSLCipher {
authenticator.increaseSequenceNumber();
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.finest(
"Padded plaintext before ENCRYPTION", bb.duplicate());
}
@ -1050,7 +1050,7 @@ enum SSLCipher {
"JCE provider " + cipher.getProvider().getName(), sbe);
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Padded plaintext after DECRYPTION",
pt.duplicate().position(pos));
@ -1182,7 +1182,7 @@ enum SSLCipher {
int len = addPadding(bb, blockSize);
bb.position(pos);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Padded plaintext before ENCRYPTION",
bb.duplicate());
@ -1326,7 +1326,7 @@ enum SSLCipher {
"JCE provider " + cipher.getProvider().getName(), sbe);
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine("Padded plaintext after DECRYPTION",
pt.duplicate().position(pos));
}
@ -1478,7 +1478,7 @@ enum SSLCipher {
int len = addPadding(bb, blockSize);
bb.position(pos);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Padded plaintext before ENCRYPTION",
bb.duplicate());
@ -1650,7 +1650,7 @@ enum SSLCipher {
pt.position(pos);
pt.limit(pos + len);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Plaintext after DECRYPTION", pt.duplicate());
}
@ -1737,7 +1737,7 @@ enum SSLCipher {
// DON'T encrypt the nonce for AEAD mode.
int len, pos = bb.position();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Plaintext before ENCRYPTION",
bb.duplicate());
@ -1823,7 +1823,7 @@ enum SSLCipher {
keyLimitCountdown = cipherLimits.getOrDefault(
algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L);
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("KeyLimit read side: algorithm = " +
algorithm + ":" + tag[0] +
"\ncountdown value = " + keyLimitCountdown);
@ -1932,7 +1932,7 @@ enum SSLCipher {
contentType = pt.get(i);
pt.limit(i);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Plaintext after DECRYPTION", pt.duplicate());
}
@ -1984,7 +1984,7 @@ enum SSLCipher {
keyLimitCountdown = cipherLimits.getOrDefault(
algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L);
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("KeyLimit write side: algorithm = "
+ algorithm + ":" + tag[0] +
"\ncountdown value = " + keyLimitCountdown);
@ -2026,7 +2026,7 @@ enum SSLCipher {
cipher.updateAAD(aad);
int len, pos = bb.position();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Plaintext before ENCRYPTION",
bb.duplicate());
@ -2182,7 +2182,7 @@ enum SSLCipher {
pt.position(pos);
pt.limit(pos + len);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Plaintext after DECRYPTION", pt.duplicate());
}
@ -2231,7 +2231,7 @@ enum SSLCipher {
keyLimitCountdown = cipherLimits.getOrDefault(
algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L);
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("algorithm = " + algorithm +
":" + tag[0] + "\ncountdown value = " +
keyLimitCountdown);
@ -2273,7 +2273,7 @@ enum SSLCipher {
// DON'T encrypt the nonce for AEAD mode.
int pos = bb.position();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Plaintext before ENCRYPTION",
bb.duplicate());
@ -2451,7 +2451,7 @@ enum SSLCipher {
contentType = pt.get(i);
pt.limit(i);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Plaintext after DECRYPTION", pt.duplicate());
}
@ -2500,7 +2500,7 @@ enum SSLCipher {
keyLimitCountdown = cipherLimits.getOrDefault(
algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L);
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("algorithm = " + algorithm +
":" + tag[0] + "\ncountdown value = " +
keyLimitCountdown);
@ -2542,7 +2542,7 @@ enum SSLCipher {
cipher.updateAAD(aad);
int pos = bb.position();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,plaintext")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,plaintext")) {
SSLLogger.fine(
"Plaintext before ENCRYPTION",
bb.duplicate());

8
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java
View File

@ -202,7 +202,7 @@ final class SSLConfiguration implements Cloneable {
if (nstServerCount == null || nstServerCount < 0 ||
nstServerCount > 10) {
serverNewSessionTicketCount = SERVER_NST_DEFAULT;
if (nstServerCount != null && SSLLogger.isOn &&
if (nstServerCount != null && SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"jdk.tls.server.newSessionTicketCount defaults to " +
@ -211,7 +211,7 @@ final class SSLConfiguration implements Cloneable {
}
} else {
serverNewSessionTicketCount = nstServerCount;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"jdk.tls.server.newSessionTicketCount set to " +
serverNewSessionTicketCount);
@ -567,7 +567,7 @@ final class SSLConfiguration implements Cloneable {
*/
private static String[] getCustomizedSignatureScheme(String propertyName) {
String property = System.getProperty(propertyName);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.fine(
"System property " + propertyName + " is set to '" +
property + "'");
@ -595,7 +595,7 @@ final class SSLConfiguration implements Cloneable {
if (scheme != null && scheme.isAvailable) {
signatureSchemes.add(schemeName);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.fine(
"The current installed providers do not " +
"support signature scheme: " + schemeName);

32
src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
View File

@ -103,11 +103,11 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* first connection to time out and fail. Make sure it is
* primed and ready by getting some initial output from it.
*/
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.finest("trigger seeding of SecureRandom");
}
secureRandom.nextInt();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.finest("done seeding of SecureRandom");
}
@ -142,7 +142,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
return (X509ExtendedKeyManager)km;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.warning(
"X509KeyManager passed to SSLContext.init(): need an " +
"X509ExtendedKeyManager for SSLEngine use");
@ -245,7 +245,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
contextLock.lock();
try {
if (statusResponseManager == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.finest(
"Initializing StatusResponseManager");
}
@ -382,7 +382,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
suite.name, null)) {
suites.add(suite);
isSupported = true;
} else if (SSLLogger.isOn &&
} else if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore disabled cipher suite: " + suite.name);
@ -391,7 +391,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
break;
}
if (!isSupported && SSLLogger.isOn &&
if (!isSupported && SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Ignore unsupported cipher suite: " + suite);
@ -409,7 +409,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
String propertyName) {
String property = System.getProperty(propertyName);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.fine(
"System property " + propertyName + " is set to '" +
property + "'");
@ -436,7 +436,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
try {
suite = CipherSuite.nameOf(cipherSuiteNames[i]);
} catch (IllegalArgumentException iae) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.fine(
"Unknown or unsupported cipher suite name: " +
cipherSuiteNames[i]);
@ -448,7 +448,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
if (suite != null && suite.isAvailable()) {
cipherSuites.add(suite);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.fine(
"The current installed providers do not " +
"support cipher suite: " + cipherSuiteNames[i]);
@ -902,7 +902,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
tmMediator = getTrustManagers();
} catch (Exception e) {
reserved = e;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,defaultctx")) {
SSLLogger.warning(
"Failed to load default trust managers", e);
}
@ -914,7 +914,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
kmMediator = getKeyManagers();
} catch (Exception e) {
reserved = e;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,defaultctx")) {
SSLLogger.warning(
"Failed to load default key managers", e);
}
@ -972,7 +972,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
String defaultKeyStore = props.get("keyStore");
String defaultKeyStoreType = props.get("keyStoreType");
String defaultKeyStoreProvider = props.get("keyStoreProvider");
if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,defaultctx")) {
SSLLogger.fine("keyStore is : " + defaultKeyStore);
SSLLogger.fine("keyStore type is : " +
defaultKeyStoreType);
@ -1002,7 +1002,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
// Try to initialize key store.
if ((defaultKeyStoreType.length()) != 0) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,defaultctx")) {
SSLLogger.finest("init keystore");
}
if (defaultKeyStoreProvider.isEmpty()) {
@ -1025,7 +1025,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
/*
* Try to initialize key manager.
*/
if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,defaultctx")) {
SSLLogger.fine("init keymanager of type " +
KeyManagerFactory.getDefaultAlgorithm());
}
@ -1063,7 +1063,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
// exception object, which may be not garbage collection
// friendly as 'reservedException' is a static filed.
reserved = new KeyManagementException(e.getMessage());
if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,defaultctx")) {
SSLLogger.warning(
"Failed to load default SSLContext", e);
}
@ -1092,7 +1092,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
super.engineInit(DefaultManagersHolder.keyManagers,
DefaultManagersHolder.trustManagers, null);
} catch (Exception e) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,defaultctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,defaultctx")) {
SSLLogger.fine("default context init failed: ", e);
}
throw e;

12
src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java
View File

@ -330,7 +330,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
// application data may be discarded accordingly. As could
// be an issue for some applications. This impact can be
// mitigated by sending the last flight twice.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.finest("retransmit the last flight messages");
}
@ -397,7 +397,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
if ((conContext.handshakeContext == null) &&
!conContext.isOutboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("trigger key update");
}
beginHandshake();
@ -419,7 +419,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
!conContext.isOutboundClosed() &&
!conContext.isInboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("trigger NST");
}
conContext.conSession.updateNST = false;
@ -612,7 +612,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
} catch (SSLException ssle) {
// Need to discard invalid records for DTLS protocols.
if (sslContext.isDTLS()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.finest("Discard invalid DTLS records", ssle);
}
@ -780,7 +780,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
return;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("Closing inbound of SSLEngine");
}
@ -819,7 +819,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
return;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("Closing outbound of SSLEngine");
}

8
src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java
View File

@ -172,7 +172,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
return null;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine("Raw read", packet);
}
@ -209,7 +209,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
byte minorVersion = packet.get(); // pos: 2
int contentLen = Record.getInt16(packet); // pos: 3, 4
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"READ: " +
ProtocolVersion.nameOf(majorVersion, minorVersion) +
@ -388,7 +388,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
* error message, one that's treated as fatal by
* clients (Otherwise we'll hang.)
*/
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"Requested to negotiate unsupported SSLv2!");
}
@ -410,7 +410,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
ByteBuffer converted = convertToClientHello(packet);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine(
"[Converted] ClientHello", converted);
}

24
src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java
View File

@ -73,7 +73,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
@Override
void encodeAlert(byte level, byte description) {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"alert message: " + Alert.nameOf(description));
}
@ -91,7 +91,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
void encodeHandshake(byte[] source,
int offset, int length) {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"handshake message",
ByteBuffer.wrap(source, offset, length));
@ -138,7 +138,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
@Override
void encodeChangeCipherSpec() {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"change_cipher_spec message");
}
@ -171,14 +171,14 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws IOException {
if (isClosed) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"application data or cached messages");
}
return null;
} else if (isCloseWaiting) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"application data");
}
@ -193,7 +193,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
ByteBuffer destination) throws IOException {
if (writeCipher.authenticator.seqNumOverflow()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine(
"sequence number extremely close to overflow " +
"(2^64-1 packets). Closing connection.");
@ -275,7 +275,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
destination.limit(destination.position());
destination.position(dstContent);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name + " " +
ContentType.APPLICATION_DATA.name +
@ -288,7 +288,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
dstPos, dstLim, headerSize,
protocolVersion);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
ByteBuffer temporary = destination.duplicate();
temporary.limit(temporary.position());
temporary.position(dstPos);
@ -317,7 +317,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
//
// Please don't change the limit of the destination buffer.
destination.put(SSLRecord.v2NoCipher);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine("Raw write", SSLRecord.v2NoCipher);
}
@ -331,7 +331,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
// deliver the SSLv2 format ClientHello message
//
// Please don't change the limit of the destination buffer.
if (SSLLogger.isOn) {
if (SSLLogger.logging) {
if (SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(Thread.currentThread().getName() +
", WRITE: SSLv2 ClientHello message" +
@ -525,7 +525,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
dstBuf.limit(dstBuf.position());
dstBuf.position(dstContent);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name + " " +
ContentType.nameOf(memo.contentType) +
@ -543,7 +543,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
memo.encodeCipher.dispose();
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
ByteBuffer temporary = dstBuf.duplicate();
temporary.limit(temporary.position());
temporary.position(dstPos);

2
src/java.base/share/classes/sun/security/ssl/SSLExtension.java
View File

@ -820,7 +820,7 @@ enum SSLExtension implements SSLStringizer {
private static Collection<String> getDisabledExtensions(
String propertyName) {
String property = System.getProperty(propertyName);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.fine(
"System property " + propertyName + " is set to '" +
property + "'");

30
src/java.base/share/classes/sun/security/ssl/SSLExtensions.java
View File

@ -43,7 +43,7 @@ final class SSLExtensions {
// Extension map for debug logging
private final Map<Integer, byte[]> logMap =
SSLLogger.isOn ? new LinkedHashMap<>() : null;
SSLLogger.logging ? new LinkedHashMap<>() : null;
SSLExtensions(HandshakeMessage handshakeMessage) {
this.handshakeMessage = handshakeMessage;
@ -93,7 +93,7 @@ final class SSLExtensions {
// However, the implementation of the limit is complicated
// and inefficient, and may not worthy the maintenance.
isSupported = false;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Received buggy supported_groups extension " +
"in the ServerHello handshake message");
@ -143,7 +143,7 @@ final class SSLExtensions {
m.get(extData);
logMap.put(extId, extData);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unknown or unsupported extension",
toString(extId, extData));
@ -171,7 +171,7 @@ final class SSLExtensions {
for (SSLExtension extension : extensions) {
if (context.negotiatedProtocol != null &&
!extension.isAvailable(context.negotiatedProtocol)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unsupported extension: " + extension.name);
}
@ -181,7 +181,7 @@ final class SSLExtensions {
if (!extMap.containsKey(extension)) {
if (extension.onLoadAbsence != null) {
extension.absentOnLoad(context, handshakeMessage);
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
} else if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " + extension.name);
}
@ -190,7 +190,7 @@ final class SSLExtensions {
if (extension.onLoadConsumer == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore unsupported extension: " + extension.name);
}
@ -200,7 +200,7 @@ final class SSLExtensions {
ByteBuffer m = ByteBuffer.wrap(extMap.get(extension));
extension.consumeOnLoad(context, handshakeMessage, m);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Consumed extension: " + extension.name);
}
}
@ -215,7 +215,7 @@ final class SSLExtensions {
if (!extMap.containsKey(extension)) {
if (extension.onTradeAbsence != null) {
extension.absentOnTrade(context, handshakeMessage);
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
} else if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " + extension.name);
}
@ -223,7 +223,7 @@ final class SSLExtensions {
}
if (extension.onTradeConsumer == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore impact of unsupported extension: " +
extension.name);
@ -232,7 +232,7 @@ final class SSLExtensions {
}
extension.consumeOnTrade(context, handshakeMessage);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Populated with extension: " + extension.name);
}
}
@ -245,7 +245,7 @@ final class SSLExtensions {
SSLExtension[] extensions) throws IOException {
for (SSLExtension extension : extensions) {
if (extMap.containsKey(extension)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore, duplicated extension: " +
extension.name);
@ -254,7 +254,7 @@ final class SSLExtensions {
}
if (extension.networkProducer == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore, no extension producer defined: " +
extension.name);
@ -267,7 +267,7 @@ final class SSLExtensions {
extMap.put(extension, encoded);
encodedLength += encoded.length + 4; // extension_type (2)
// extension_data length(2)
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
} else if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
// The extension is not available in the context.
SSLLogger.fine(
"Ignore, context unavailable extension: " +
@ -284,7 +284,7 @@ final class SSLExtensions {
SSLExtension[] extensions) throws IOException {
for (SSLExtension extension : extensions) {
if (extension.networkProducer == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore, no extension producer defined: " +
extension.name);
@ -305,7 +305,7 @@ final class SSLExtensions {
encodedLength += encoded.length + 4;
// extension_type (2)
// extension_data length(2)
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
} else if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
// The extension is not available in the context.
SSLLogger.fine(
"Ignore, context unavailable extension: " +

116
src/java.base/share/classes/sun/security/ssl/SSLLogger.java
View File

@ -60,8 +60,11 @@ import static java.nio.charset.StandardCharsets.UTF_8;
public final class SSLLogger {
private static final System.Logger logger;
private static final String property;
public static final boolean isOn;
static EnumSet<ComponentToken> activeComponents = EnumSet.noneOf(ComponentToken.class);
// high level boolean to track whether "all" or "ssl" option
// is specified. Further checks may be necessary to determine
// if data is logged
public static final boolean logging;
static EnumSet<DebugOption> activeComponents = EnumSet.noneOf(DebugOption.class);
static {
String p = System.getProperty("javax.net.debug");
@ -69,7 +72,7 @@ public final class SSLLogger {
if (p.isEmpty()) {
property = "";
logger = System.getLogger("javax.net.ssl");
activeComponents.add(ComponentToken.EMPTYALL);
activeComponents.add(DebugOption.EMPTYALL);
} else {
property = p.toLowerCase(Locale.ENGLISH);
if (property.contains("help")) {
@ -77,10 +80,10 @@ public final class SSLLogger {
}
logger = new SSLConsoleLogger("javax.net.ssl", p);
if (property.contains("all")) {
activeComponents.add(ComponentToken.EMPTYALL);
activeComponents.add(DebugOption.EMPTYALL);
} else {
String tmpProperty = property;
for (ComponentToken o : ComponentToken.values()) {
for (DebugOption o : DebugOption.values()) {
if (tmpProperty.contains(o.component)) {
activeComponents.add(o);
// remove the pattern to avoid it being reused
@ -89,60 +92,28 @@ public final class SSLLogger {
}
}
// some rules to check
if ((activeComponents.contains(ComponentToken.PLAINTEXT)
|| activeComponents.contains(ComponentToken.PACKET))
&& !activeComponents.contains(ComponentToken.RECORD)) {
activeComponents.remove(ComponentToken.PLAINTEXT);
activeComponents.remove(ComponentToken.PACKET);
if ((activeComponents.contains(DebugOption.PLAINTEXT)
|| activeComponents.contains(DebugOption.PACKET))
&& !activeComponents.contains(DebugOption.RECORD)) {
activeComponents.remove(DebugOption.PLAINTEXT);
activeComponents.remove(DebugOption.PACKET);
}
if (activeComponents.contains(ComponentToken.VERBOSE)
&& !activeComponents.contains(ComponentToken.HANDSHAKE)) {
activeComponents.remove(ComponentToken.VERBOSE);
if (activeComponents.contains(DebugOption.VERBOSE)
&& !activeComponents.contains(DebugOption.HANDSHAKE)) {
activeComponents.remove(DebugOption.VERBOSE);
}
}
}
isOn = activeComponents.contains(ComponentToken.EMPTYALL)
|| activeComponents.contains(ComponentToken.SSL);
logging = activeComponents.contains(DebugOption.EMPTYALL)
|| activeComponents.contains(DebugOption.SSL);
} else {
property = null;
logger = null;
isOn = false;
logging = false;
}
}
private static void help() {
System.err.println();
System.err.println("help print this help message and exit");
System.err.println("expand expanded (less compact) output format");
System.err.println();
System.err.println("all turn on all debugging");
System.err.println("ssl turn on ssl debugging");
System.err.println();
System.err.println("The following can be used with ssl:");
System.err.println("\tdefaultctx print default SSL initialization");
System.err.println("\thandshake print each handshake message");
System.err.println("\tkeymanager print key manager tracing");
System.err.println("\trecord enable per-record tracing");
System.err.println("\trespmgr print OCSP response tracing");
System.err.println("\tsession print session activity");
System.err.println("\tdefaultctx print default SSL initialization");
System.err.println("\tsslctx print SSLContext tracing");
System.err.println("\tsessioncache print session cache tracing");
System.err.println("\tkeymanager print key manager tracing");
System.err.println("\ttrustmanager print trust manager tracing");
System.err.println("\tpluggability print pluggability tracing");
System.err.println();
System.err.println("\thandshake debugging can be widened with:");
System.err.println("\tverbose verbose handshake message printing");
System.err.println();
System.err.println("\trecord debugging can be widened with:");
System.err.println("\tplaintext hex dump of record plaintext");
System.err.println("\tpacket print raw SSL/TLS packets");
System.err.println();
System.exit(0);
}
/**
* Return true if the "javax.net.debug" property contains the
* debug check points, "all" or if the System.Logger is used.
@ -154,17 +125,19 @@ public final class SSLLogger {
* system property value syntax as per help menu.
*/
public static boolean isOn(String checkPoints) {
if (!isOn) {
if (!logging) {
return false;
}
if (activeComponents.contains(ComponentToken.EMPTYALL)) {
if (activeComponents.contains(DebugOption.EMPTYALL)) {
// System.Logger in use or property = "all"
return true;
}
// log any call site using "ssl" value unless
// javax.net.debug value contains sub-component option
if (checkPoints.equals("ssl")) {
return !ComponentToken.isSslFilteringEnabled();
return !DebugOption.isSslFilteringEnabled();
}
if (activeComponents.size() == 1 && !containsWidenOption(checkPoints)) {
@ -239,13 +212,45 @@ public final class SSLLogger {
// Logs a warning message and always returns false. This method
// can be used as an OR Predicate to add a log in a stream filter.
public static boolean logWarning(String option, String s) {
if (SSLLogger.isOn && SSLLogger.isOn(option)) {
if (SSLLogger.logging && SSLLogger.isOn(option)) {
SSLLogger.warning(s);
}
return false;
}
enum ComponentToken {
private static void help() {
System.err.println();
System.err.println("help print this help message and exit");
System.err.println("expand expanded (less compact) output format");
System.err.println();
System.err.println("all turn on all debugging");
System.err.println("ssl turn on ssl debugging");
System.err.println();
System.err.println("The following can be used with ssl:");
System.err.println("\tdefaultctx print default SSL initialization");
System.err.println("\thandshake print each handshake message");
System.err.println("\tkeymanager print key manager tracing");
System.err.println("\trecord enable per-record tracing");
System.err.println("\trespmgr print OCSP response tracing");
System.err.println("\tsession print session activity");
System.err.println("\tdefaultctx print default SSL initialization");
System.err.println("\tsslctx print SSLContext tracing");
System.err.println("\tsessioncache print session cache tracing");
System.err.println("\tkeymanager print key manager tracing");
System.err.println("\ttrustmanager print trust manager tracing");
System.err.println("\tpluggability print pluggability tracing");
System.err.println();
System.err.println("\thandshake debugging can be widened with:");
System.err.println("\tverbose verbose handshake message printing");
System.err.println();
System.err.println("\trecord debugging can be widened with:");
System.err.println("\tplaintext hex dump of record plaintext");
System.err.println("\tpacket print raw SSL/TLS packets");
System.err.println();
System.exit(0);
}
private enum DebugOption {
EMPTYALL,
DEFAULTCTX,
HANDSHAKE,
@ -262,11 +267,11 @@ public final class SSLLogger {
final String component;
ComponentToken() {
DebugOption() {
this.component = this.toString().toLowerCase(Locale.ROOT);
}
static boolean isSslFilteringEnabled() {
private static boolean isSslFilteringEnabled() {
return activeComponents.contains(DEFAULTCTX)
|| activeComponents.contains(HANDSHAKE)
|| activeComponents.contains(KEYMANAGER)
@ -278,7 +283,6 @@ public final class SSLLogger {
}
}
private static class SSLConsoleLogger implements Logger {
private final String loggerName;
private final boolean useCompactFormat;

2
src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java
View File

@ -154,7 +154,7 @@ enum SSLMasterKeyDerivation implements SSLKeyDerivationGenerator {
//
// For RSA premaster secrets, do not signal a protocol error
// due to the Bleichenbacher attack. See comments further down.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("RSA master secret generation error.", iae);
}
throw new ProviderException(iae);

8
src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
View File

@ -343,7 +343,7 @@ final class SSLSessionContextImpl implements SSLSessionContext {
if (t < 0 ||
t > NewSessionTicket.MAX_TICKET_LIFETIME) {
timeout = DEFAULT_SESSION_TIMEOUT;
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("Invalid timeout given " +
"jdk.tls.server.sessionTicketTimeout: " + t +
". Set to default value " + timeout);
@ -353,7 +353,7 @@ final class SSLSessionContextImpl implements SSLSessionContext {
}
} catch (NumberFormatException e) {
setSessionTimeout(DEFAULT_SESSION_TIMEOUT);
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("Invalid timeout for " +
"jdk.tls.server.sessionTicketTimeout: " + s +
". Set to default value " + timeout);
@ -367,7 +367,7 @@ final class SSLSessionContextImpl implements SSLSessionContext {
if (defaultCacheLimit >= 0) {
return defaultCacheLimit;
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
} else if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"invalid System Property javax.net.ssl.sessionCacheSize, " +
"use the default session cache size (" +
@ -375,7 +375,7 @@ final class SSLSessionContextImpl implements SSLSessionContext {
}
} catch (Exception e) {
// unlikely, log it for safe
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"the System Property javax.net.ssl.sessionCacheSize is " +
"not available, use the default value (" +

13
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
View File

@ -27,7 +27,6 @@ package sun.security.ssl;
import sun.security.provider.X509Factory;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.security.Principal;
@ -217,7 +216,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
this.identificationProtocol = hc.sslConfig.identificationProtocol;
this.boundValues = new ConcurrentHashMap<>();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,session")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,session")) {
SSLLogger.finest("Session initialized: " + this);
}
}
@ -250,7 +249,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
this.maximumPacketSize = baseSession.maximumPacketSize;
this.boundValues = baseSession.boundValues;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,session")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,session")) {
SSLLogger.finest("Session initialized: " + this);
}
}
@ -526,7 +525,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
// If there is no getMasterSecret with TLS1.2 or under, do not resume.
if (!protocolVersion.useTLS13PlusSpec() &&
getMasterSecret().getEncoded() == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("No MasterSecret, cannot make stateless" +
" ticket");
}
@ -534,7 +533,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
}
if (boundValues != null && boundValues.size() > 0) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("There are boundValues, cannot make" +
" stateless ticket");
}
@ -936,7 +935,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
void setSuite(CipherSuite suite) {
cipherSuite = suite;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,session")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,session")) {
SSLLogger.finest("Negotiating session: " + this);
}
}
@ -1206,7 +1205,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
return;
}
invalidated = true;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,session")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,session")) {
SSLLogger.finest("Invalidated session: " + this);
}
for (SSLSessionImpl child : childSessions) {

44
src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java
View File

@ -370,7 +370,7 @@ public final class SSLSocketImpl
// start handshaking, if failed, the connection will be closed.
ensureNegotiated(false);
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.severe("handshake failed", ioe);
}
@ -573,7 +573,7 @@ public final class SSLSocketImpl
return;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("duplex close of SSLSocket");
}
@ -591,7 +591,7 @@ public final class SSLSocketImpl
}
} catch (IOException ioe) {
// ignore the exception
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("SSLSocket duplex close failed. Debug info only. Exception details:", ioe);
}
} finally {
@ -601,7 +601,7 @@ public final class SSLSocketImpl
closeSocket(false);
} catch (IOException ioe) {
// ignore the exception
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("SSLSocket close failed. Debug info only. Exception details:", ioe);
}
} finally {
@ -696,7 +696,7 @@ public final class SSLSocketImpl
"close_notify message cannot be sent.");
} else {
super.shutdownOutput();
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"SSLSocket output duplex close failed: " +
"SO_LINGER timeout, " +
@ -717,7 +717,7 @@ public final class SSLSocketImpl
// failed to send the close_notify message.
//
conContext.conSession.invalidate();
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"Invalidate the session: SO_LINGER timeout, " +
"close_notify message cannot be sent.");
@ -832,7 +832,7 @@ public final class SSLSocketImpl
return;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("close inbound of SSLSocket");
}
@ -868,7 +868,7 @@ public final class SSLSocketImpl
return;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("close outbound of SSLSocket");
}
conContext.closeOutbound();
@ -1027,7 +1027,7 @@ public final class SSLSocketImpl
// filed is checked here, in case the closing process is
// still in progress.
if (hasDepleted) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("The input stream has been depleted");
}
@ -1048,7 +1048,7 @@ public final class SSLSocketImpl
// Double check if the input stream has been depleted.
if (hasDepleted) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("The input stream is closing");
}
@ -1134,7 +1134,7 @@ public final class SSLSocketImpl
@Override
public void close() throws IOException {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("Closing input stream");
}
@ -1142,7 +1142,7 @@ public final class SSLSocketImpl
SSLSocketImpl.this.close();
} catch (IOException ioe) {
// ignore the exception
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("input stream close failed. Debug info only. Exception details:", ioe);
}
}
@ -1218,7 +1218,7 @@ public final class SSLSocketImpl
socketInputRecord.deplete(
conContext.isNegotiated && (getSoTimeout() > 0));
} catch (Exception ex) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"input stream close depletion failed", ex);
}
@ -1327,7 +1327,7 @@ public final class SSLSocketImpl
@Override
public void close() throws IOException {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("Closing output stream");
}
@ -1335,7 +1335,7 @@ public final class SSLSocketImpl
SSLSocketImpl.this.close();
} catch (IOException ioe) {
// ignore the exception
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("output stream close failed. Debug info only. Exception details:", ioe);
}
}
@ -1543,7 +1543,7 @@ public final class SSLSocketImpl
if ((conContext.handshakeContext == null) &&
!conContext.isOutboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("trigger key update");
}
startHandshake();
@ -1562,7 +1562,7 @@ public final class SSLSocketImpl
!conContext.isOutboundClosed() &&
!conContext.isInboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("trigger new session ticket");
}
conContext.conSession.updateNST = false;
@ -1670,7 +1670,7 @@ public final class SSLSocketImpl
* This method never returns normally, it always throws an IOException.
*/
private void handleException(Exception cause) throws IOException {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("handling exception", cause);
}
@ -1747,7 +1747,7 @@ public final class SSLSocketImpl
@Override
public void shutdown() throws IOException {
if (!isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("close the underlying socket");
}
@ -1773,7 +1773,7 @@ public final class SSLSocketImpl
}
private void closeSocket(boolean selfInitiated) throws IOException {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("close the SSL connection " +
(selfInitiated ? "(initiative)" : "(passive)"));
}
@ -1828,7 +1828,7 @@ public final class SSLSocketImpl
* transport without waiting for the responding close_notify.
*/
private void waitForClose() throws IOException {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("wait for close_notify or alert");
}
@ -1838,7 +1838,7 @@ public final class SSLSocketImpl
try {
Plaintext plainText = decode(null);
// discard and continue
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest(
"discard plaintext while waiting for close",
plainText);

12
src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java
View File

@ -210,7 +210,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
int contentLen = ((header[3] & 0xFF) << 8) +
(header[4] & 0xFF); // pos: 3, 4
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"READ: " +
ProtocolVersion.nameOf(majorVersion, minorVersion) +
@ -243,7 +243,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
readFully(contentLen);
recordBody.flip();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"READ: " +
ProtocolVersion.nameOf(majorVersion, minorVersion) +
@ -406,7 +406,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
*/
os.write(SSLRecord.v2NoCipher); // SSLv2Hello
if (SSLLogger.isOn) {
if (SSLLogger.logging) {
if (SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"Requested to negotiate unsupported SSLv2!");
@ -445,7 +445,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
ByteBuffer converted = convertToClientHello(recordBody);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine(
"[Converted] ClientHello", converted);
}
@ -488,13 +488,13 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
private static int read(InputStream is, byte[] buf, int off, int len) throws IOException {
int readLen = is.read(buf, off, len);
if (readLen < 0) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine("Raw read: EOF");
}
throw new EOFException("SSL peer shut down incorrectly");
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
ByteBuffer bb = ByteBuffer.wrap(buf, off, readLen);
SSLLogger.fine("Raw read", bb);
}

30
src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java
View File

@ -55,7 +55,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"alert message: " + Alert.nameOf(description));
}
@ -67,7 +67,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
write(level);
write(description);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine("WRITE: " + protocolVersion.name +
" " + ContentType.ALERT.name +
"(" + Alert.nameOf(description) + ")" +
@ -81,7 +81,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(buf, 0, count); // may throw IOException
deliverStream.flush(); // may throw IOException
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(buf, 0, count)));
}
@ -99,7 +99,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"handshake message",
ByteBuffer.wrap(source, offset, length));
@ -127,7 +127,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
int limit = v2ClientHello.limit();
handshakeHash.deliver(record, 2, (limit - 2));
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"WRITE: SSLv2 ClientHello message" +
", length = " + limit);
@ -141,7 +141,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(record, 0, limit);
deliverStream.flush();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(record, 0, limit)));
}
@ -177,7 +177,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
return;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name +
" " + ContentType.HANDSHAKE.name +
@ -191,7 +191,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(buf, 0, count); // may throw IOException
deliverStream.flush(); // may throw IOException
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(buf, 0, count)));
}
@ -212,7 +212,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"change_cipher_spec message");
}
@ -231,7 +231,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(buf, 0, count); // may throw IOException
// deliverStream.flush(); // flush in Finished
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(buf, 0, count)));
}
@ -257,7 +257,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
return;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name +
" " + ContentType.HANDSHAKE.name +
@ -271,7 +271,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(buf, 0, count); // may throw IOException
deliverStream.flush(); // may throw IOException
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(buf, 0, count)));
}
@ -293,7 +293,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
}
if (writeCipher.authenticator.seqNumOverflow()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine(
"sequence number extremely close to overflow " +
"(2^64-1 packets). Closing connection.");
@ -330,7 +330,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
count = position;
write(source, offset, fragLen);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record")) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name +
" " + ContentType.APPLICATION_DATA.name +
@ -345,7 +345,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(buf, 0, count); // may throw IOException
deliverStream.flush(); // may throw IOException
if (SSLLogger.isOn && SSLLogger.isOn("ssl,record,packet")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,record,packet")) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(buf, 0, count)));
}

6
src/java.base/share/classes/sun/security/ssl/SSLTransport.java
View File

@ -113,7 +113,7 @@ interface SSLTransport {
// Code to deliver SSLv2 error message for SSL/TLS connections.
if (!context.sslContext.isDTLS()) {
context.outputRecord.encodeV2NoCipher();
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("may be talking to SSLv2");
}
}
@ -161,7 +161,7 @@ interface SSLTransport {
if (context.handshakeContext != null &&
context.handshakeContext.sslConfig.enableRetransmissions &&
context.sslContext.isDTLS()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("retransmitted handshake flight");
}
@ -181,7 +181,7 @@ interface SSLTransport {
// Note that JDK does not support 0-RTT yet. Otherwise, it is
// needed to check early_data.
if (!context.isNegotiated) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("unexpected application data " +
"before handshake completion");
}

26
src/java.base/share/classes/sun/security/ssl/ServerHello.java
View File

@ -359,7 +359,7 @@ final class ServerHello {
shc.sslConfig.getEnabledExtensions(
SSLHandshake.SERVER_HELLO, shc.negotiatedProtocol);
shm.extensions.produce(shc, serverHelloExtensions);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced ServerHello handshake message", shm);
}
@ -434,7 +434,7 @@ final class ServerHello {
}
// The cipher suite has been negotiated.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("use cipher suite " + cs.name);
}
@ -447,7 +447,7 @@ final class ServerHello {
if (ke != null) {
SSLPossession[] hcds = ke.createPossessions(shc);
if ((hcds != null) && (hcds.length != 0)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"use legacy cipher suite " + cs.name);
}
@ -563,7 +563,7 @@ final class ServerHello {
shc.sslConfig.getEnabledExtensions(
SSLHandshake.SERVER_HELLO, shc.negotiatedProtocol);
shm.extensions.produce(shc, serverHelloExtensions);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Produced ServerHello handshake message", shm);
}
@ -711,14 +711,14 @@ final class ServerHello {
}
// The cipher suite has been negotiated.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("use cipher suite " + cs.name);
}
return cs;
}
if (legacySuite != null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"use legacy cipher suite " + legacySuite.name);
}
@ -771,7 +771,7 @@ final class ServerHello {
shc.sslConfig.getEnabledExtensions(
SSLHandshake.HELLO_RETRY_REQUEST, shc.negotiatedProtocol);
hhrm.extensions.produce(shc, serverHelloExtensions);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced HelloRetryRequest handshake message", hhrm);
}
@ -833,7 +833,7 @@ final class ServerHello {
shc.sslConfig.getEnabledExtensions(
SSLHandshake.MESSAGE_HASH, shc.negotiatedProtocol);
hhrm.extensions.produce(shc, serverHelloExtensions);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Reproduced HelloRetryRequest handshake message", hhrm);
}
@ -874,7 +874,7 @@ final class ServerHello {
}
ServerHelloMessage shm = new ServerHelloMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Consuming ServerHello handshake message", shm);
}
@ -919,7 +919,7 @@ final class ServerHello {
}
chc.negotiatedProtocol = serverVersion;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Negotiated protocol version: " + serverVersion.name);
}
@ -974,7 +974,7 @@ final class ServerHello {
chc.conContext.protocolVersion = chc.negotiatedProtocol;
chc.conContext.outputRecord.setVersion(chc.negotiatedProtocol);
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Negotiated protocol version: " + serverVersion.name);
}
@ -1120,7 +1120,7 @@ final class ServerHello {
chc.handshakeSession = new SSLSessionImpl(chc,
chc.negotiatedCipherSuite, newId);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Locally assigned Session Id: " +
newId.toString());
}
@ -1189,7 +1189,7 @@ final class ServerHello {
private static void setUpPskKD(HandshakeContext hc,
SecretKey psk) throws SSLHandshakeException {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Using PSK to derive early secret");
}

4
src/java.base/share/classes/sun/security/ssl/ServerHelloDone.java
View File

@ -93,7 +93,7 @@ final class ServerHelloDone {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
ServerHelloDoneMessage shdm = new ServerHelloDoneMessage(shc);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Produced ServerHelloDone handshake message", shdm);
}
@ -147,7 +147,7 @@ final class ServerHelloDone {
ServerHelloDoneMessage shdm =
new ServerHelloDoneMessage(chc, message);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Consuming ServerHelloDone handshake message", shdm);
}

20
src/java.base/share/classes/sun/security/ssl/ServerNameExtension.java
View File

@ -216,7 +216,7 @@ final class ServerNameExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_SERVER_NAME)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore unavailable server_name extension");
}
@ -261,7 +261,7 @@ final class ServerNameExtension {
return extData;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("Unable to indicate server name");
}
return null;
@ -287,7 +287,7 @@ final class ServerNameExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_SERVER_NAME)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " + CH_SERVER_NAME.name);
}
@ -305,7 +305,7 @@ final class ServerNameExtension {
if (!shc.sslConfig.sniMatchers.isEmpty()) {
sni = chooseSni(shc.sslConfig.sniMatchers, spec.serverNames);
if (sni != null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"server name indication (" +
sni + ") is accepted");
@ -322,7 +322,7 @@ final class ServerNameExtension {
// connection with a "missing_extension" alert.
//
// We do not reject client without SNI extension currently.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"no server name matchers, " +
"ignore server name indication");
@ -347,7 +347,7 @@ final class ServerNameExtension {
// so don't include the pre-shared key in the
// ServerHello handshake message
shc.handshakeExtensions.remove(SH_PRE_SHARED_KEY);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"abort session resumption, " +
"different server name indication used");
@ -441,7 +441,7 @@ final class ServerNameExtension {
CHServerNamesSpec spec = (CHServerNamesSpec)
shc.handshakeExtensions.get(CH_SERVER_NAME);
if (spec == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Ignore unavailable extension: " + SH_SERVER_NAME.name);
}
@ -451,7 +451,7 @@ final class ServerNameExtension {
// When resuming a session, the server MUST NOT include a
// server_name extension in the server hello.
if (shc.isResumption || shc.negotiatedServerName == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"No expected server name indication response");
}
@ -528,7 +528,7 @@ final class ServerNameExtension {
CHServerNamesSpec spec = (CHServerNamesSpec)
shc.handshakeExtensions.get(CH_SERVER_NAME);
if (spec == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"Ignore unavailable extension: " + EE_SERVER_NAME.name);
}
@ -538,7 +538,7 @@ final class ServerNameExtension {
// When resuming a session, the server MUST NOT include a
// server_name extension in the server hello.
if (shc.isResumption || shc.negotiatedServerName == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest(
"No expected server name indication response");
}

18
src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java
View File

@ -84,7 +84,7 @@ final class SessionTicketExtension {
kt = Integer.parseInt(s) * 1000; // change to ms
if (kt < 0 ||
kt > NewSessionTicket.MAX_TICKET_LIFETIME) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("Invalid timeout for " +
"jdk.tls.server.statelessKeyTimeout: " +
kt + ". Set to default value " +
@ -94,7 +94,7 @@ final class SessionTicketExtension {
}
} catch (NumberFormatException e) {
kt = TIMEOUT_DEFAULT;
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("Invalid timeout for " +
"jdk.tls.server.statelessKeyTimeout: " + s +
". Set to default value " + TIMEOUT_DEFAULT +
@ -235,7 +235,7 @@ final class SessionTicketExtension {
Integer.BYTES + iv.length, encrypted.length);
return result;
} catch (Exception e) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Encryption failed." + e);
}
return new byte[0];
@ -270,7 +270,7 @@ final class SessionTicketExtension {
out.flip();
return out;
} catch (Exception e) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Decryption failed." + e.getMessage());
}
}
@ -334,7 +334,7 @@ final class SessionTicketExtension {
// If the context does not allow stateless tickets, exit
if (!((SSLSessionContextImpl)chc.sslContext.
engineGetClientSessionContext()).statelessEnabled()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Stateless resumption not supported");
}
return null;
@ -346,7 +346,7 @@ final class SessionTicketExtension {
if (!chc.isResumption || chc.resumingSession == null
|| chc.resumingSession.getPskIdentity() == null
|| chc.resumingSession.getProtocolVersion().useTLS13PlusSpec()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Stateless resumption supported");
}
return new byte[0];
@ -390,7 +390,7 @@ final class SessionTicketExtension {
shc.statelessResumption = true;
if (buffer.remaining() == 0) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Client accepts session tickets.");
}
return;
@ -402,11 +402,11 @@ final class SessionTicketExtension {
if (b != null) {
shc.resumingSession = new SSLSessionImpl(shc, b);
shc.isResumption = true;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Valid stateless session ticket found");
}
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Invalid stateless session ticket found");
}
}

4
src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java
View File

@ -179,7 +179,7 @@ final class SignatureAlgorithmsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable signature_algorithms extension");
}
@ -227,7 +227,7 @@ final class SignatureAlgorithmsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable signature_algorithms extension");
}

24
src/java.base/share/classes/sun/security/ssl/SignatureScheme.java
View File

@ -205,7 +205,7 @@ enum SignatureScheme {
NoSuchAlgorithmException | RuntimeException exp) {
// Signature.getParameters() may throw RuntimeException.
mediator = false;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"RSASSA-PSS signature with " + hash +
" is not supported by the underlying providers", exp);
@ -298,7 +298,7 @@ enum SignatureScheme {
Signature.getInstance(algorithm);
} catch (Exception e) {
mediator = false;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Signature algorithm, " + algorithm +
", is not supported by the underlying providers");
@ -421,7 +421,7 @@ enum SignatureScheme {
for (SignatureScheme ss: schemesToCheck) {
if (!ss.isAvailable) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore unsupported signature scheme: " + ss.name);
@ -440,12 +440,12 @@ enum SignatureScheme {
if (isMatch) {
if (ss.isPermitted(constraints, scopes)) {
supported.add(ss);
} else if (SSLLogger.isOn &&
} else if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore disabled signature scheme: " + ss.name);
}
} else if (SSLLogger.isOn &&
} else if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore inactive signature scheme: " + ss.name);
@ -465,7 +465,7 @@ enum SignatureScheme {
for (int ssid : algorithmIds) {
SignatureScheme ss = SignatureScheme.valueOf(ssid);
if (ss == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Unsupported signature scheme: " +
SignatureScheme.nameOf(ssid));
@ -475,7 +475,7 @@ enum SignatureScheme {
&& ss.isAllowed(constraints, protocolVersion, scopes)) {
supported.add(ss);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Unsupported signature scheme: " + ss.name);
}
@ -534,7 +534,7 @@ enum SignatureScheme {
}
}
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore the signature algorithm (" + ss +
@ -563,7 +563,7 @@ enum SignatureScheme {
}
}
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore the legacy signature algorithm (" + ss +
@ -625,7 +625,7 @@ enum SignatureScheme {
for (String ss : signatureSchemes) {
SignatureScheme scheme = SignatureScheme.nameOf(ss);
if (scheme == null || !scheme.isAvailable) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore the signature algorithm (" + ss
@ -651,7 +651,7 @@ enum SignatureScheme {
if (!isAvailable) {
return null;
}
System.err.println("DEBUG:getVerifier:" + algorithm);
Signature verifier = Signature.getInstance(algorithm);
SignatureUtil.initVerifyWithParam(verifier, publicKey,
(signAlgParams != null ? signAlgParams.parameterSpec : null));
@ -676,7 +676,7 @@ enum SignatureScheme {
return signer;
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore unsupported signature algorithm (" +

62
src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
View File

@ -119,13 +119,13 @@ final class StatusResponseManager {
if (cert.getExtensionValue(
PKIXExtensions.OCSPNoCheck_Id.toString()) != null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"OCSP NoCheck extension found. OCSP will be skipped");
}
return null;
} else if (defaultResponder != null && respOverride) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Responder override: URI is " + defaultResponder);
}
@ -165,7 +165,7 @@ final class StatusResponseManager {
Map<X509Certificate, byte[]> responseMap = new HashMap<>();
List<OCSPFetchCall> requestList = new ArrayList<>();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Beginning check: Type = " + type + ", Chain length = " +
chain.length);
@ -192,7 +192,7 @@ final class StatusResponseManager {
requestList.add(new OCSPFetchCall(sInfo, ocspReq));
}
} catch (IOException exc) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Exception during CertId creation: ", exc);
}
@ -219,14 +219,14 @@ final class StatusResponseManager {
requestList.add(new OCSPFetchCall(sInfo, ocspReq));
}
} catch (IOException exc) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Exception during CertId creation: ", exc);
}
}
}
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine("Unsupported status request type: " + type);
}
}
@ -257,7 +257,7 @@ final class StatusResponseManager {
// that, otherwise just log the ExecutionException
Throwable cause = Optional.ofNullable(
exc.getCause()).orElse(exc);
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine("Exception during OCSP fetch: " +
cause);
@ -267,13 +267,13 @@ final class StatusResponseManager {
if (info != null && info.responseData != null) {
responseMap.put(info.cert,
info.responseData.ocspBytes);
} else if (SSLLogger.isOn &&
} else if (SSLLogger.logging &&
SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Completed task had no response data");
}
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine("Found cancelled task");
}
}
@ -281,7 +281,7 @@ final class StatusResponseManager {
} catch (InterruptedException intex) {
// Log and reset the interrupt state
Thread.currentThread().interrupt();
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine("Interrupt occurred while fetching: " +
intex);
}
@ -309,7 +309,7 @@ final class StatusResponseManager {
for (Extension ext : ocspRequest.extensions) {
if (ext.getId().equals(
PKIXExtensions.OCSPNonce_Id.toString())) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Nonce extension found, skipping cache check");
}
@ -324,14 +324,14 @@ final class StatusResponseManager {
// and do not return it as a cache hit.
if (respEntry != null && respEntry.nextUpdate != null &&
respEntry.nextUpdate.before(new Date())) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"nextUpdate threshold exceeded, purging from cache");
}
respEntry = null;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Check cache for SN" + Debug.toString(cid.getSerialNumber())
+ ": " + (respEntry != null ? "HIT" : "MISS"));
@ -494,7 +494,7 @@ final class StatusResponseManager {
*/
@Override
public StatusInfo call() {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Starting fetch for SN " +
Debug.toString(statInfo.cid.getSerialNumber()));
@ -506,13 +506,13 @@ final class StatusResponseManager {
if (statInfo.responder == null) {
// If we have no URI then there's nothing to do
// but return.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Null URI detected, OCSP fetch aborted");
}
return statInfo;
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Attempting fetch from " + statInfo.responder);
}
@ -542,7 +542,7 @@ final class StatusResponseManager {
statInfo.cid);
// Get the response status and act on it appropriately
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine("OCSP Status: " + cacheEntry.status +
" (" + respBytes.length + " bytes)");
}
@ -555,7 +555,7 @@ final class StatusResponseManager {
addToCache(statInfo.cid, cacheEntry);
}
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine("Caught exception: ", ioe);
}
}
@ -574,12 +574,12 @@ final class StatusResponseManager {
// If no cache lifetime has been set on entries then
// don't cache this response if there is no nextUpdate field
if (entry.nextUpdate == null && cacheLifetime == 0) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine("Not caching this OCSP response");
}
} else {
responseCache.put(certId, entry);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,respmgr")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,respmgr")) {
SSLLogger.fine(
"Added response for SN " +
Debug.toString(certId.getSerialNumber()) +
@ -601,7 +601,7 @@ final class StatusResponseManager {
// is necessary. Also, we will only staple if we're doing a full
// handshake.
if (!shc.sslContext.isStaplingEnabled(false) || shc.isResumption) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("Staping disabled or is a resumed session");
}
return null;
@ -624,7 +624,7 @@ final class StatusResponseManager {
// selection yet, only accept a request if the ResponderId field
// is empty. Finally, we'll only do this in (D)TLS 1.2 or earlier.
if (statReqV2 != null && !shc.negotiatedProtocol.useTLS13PlusSpec()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("SH Processing status_request_v2 extension");
}
// RFC 6961 stapling
@ -661,7 +661,7 @@ final class StatusResponseManager {
req = reqItems[ocspIdx];
type = CertStatusRequestType.valueOf(req.statusType);
} else {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("Warning: No suitable request " +
"found in the status_request_v2 extension.");
@ -679,7 +679,7 @@ final class StatusResponseManager {
// we will try processing an asserted status_request.
if ((statReq != null) &&
(ext == null || type == null || req == null)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.fine("SH Processing status_request extension");
}
ext = SSLExtension.CH_STATUS_REQUEST;
@ -693,7 +693,7 @@ final class StatusResponseManager {
if (ocspReq.responderIds.isEmpty()) {
req = ocspReq;
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("Warning: No suitable request " +
"found in the status_request extension.");
}
@ -705,7 +705,7 @@ final class StatusResponseManager {
// find a suitable StatusRequest, then stapling is disabled.
// The ext, type and req variables must have been set to continue.
if (type == null || req == null || ext == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine("No suitable status_request or " +
"status_request_v2, stapling is disabled");
}
@ -722,7 +722,7 @@ final class StatusResponseManager {
}
if (x509Possession == null) { // unlikely
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("Warning: no X.509 certificates found. " +
"Stapling is disabled.");
}
@ -744,7 +744,7 @@ final class StatusResponseManager {
responses = statRespMgr.get(fetchType, req, certs,
shc.statusRespTimeout, TimeUnit.MILLISECONDS);
if (!responses.isEmpty()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("Response manager returned " +
responses.size() + " entries.");
}
@ -753,7 +753,7 @@ final class StatusResponseManager {
if (type == CertStatusRequestType.OCSP) {
byte[] respDER = responses.get(certs[0]);
if (respDER == null || respDER.length == 0) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("Warning: Null or zero-length " +
"response found for leaf certificate. " +
@ -764,7 +764,7 @@ final class StatusResponseManager {
}
params = new StaplingParameters(ext, type, req, responses);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("Warning: no OCSP responses obtained. " +
"Stapling is disabled.");
}
@ -772,7 +772,7 @@ final class StatusResponseManager {
} else {
// This should not happen, but if lazy initialization of the
// StatusResponseManager doesn't occur we should turn off stapling.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.finest("Warning: lazy initialization " +
"of the StatusResponseManager failed. " +
"Stapling is disabled.");

6
src/java.base/share/classes/sun/security/ssl/SunX509KeyManagerImpl.java
View File

@ -156,7 +156,7 @@ final class SunX509KeyManagerImpl extends X509ExtendedKeyManager {
X509Credentials cred = new X509Credentials((PrivateKey)key,
(X509Certificate[])certs);
credentialsMap.put(alias, cred);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine("found key for : " + alias, (Object[])certs);
}
}
@ -384,7 +384,7 @@ final class SunX509KeyManagerImpl extends X509ExtendedKeyManager {
if (issuers.length == 0) {
// no issuer specified, match all
aliases.add(alias);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine("matching alias: " + alias);
}
} else {
@ -393,7 +393,7 @@ final class SunX509KeyManagerImpl extends X509ExtendedKeyManager {
for (int i = 0; i < x500Issuers.length; i++) {
if (certIssuers.contains(issuers[i])) {
aliases.add(alias);
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine("matching alias: " + alias);
}

20
src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
View File

@ -164,7 +164,7 @@ final class SupportedGroupsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_SUPPORTED_GROUPS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable supported_groups extension");
}
@ -177,7 +177,7 @@ final class SupportedGroupsExtension {
for (String name : chc.sslConfig.namedGroups) {
NamedGroup ng = NamedGroup.nameOf(name);
if (ng == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unspecified named group: " + name);
}
@ -193,14 +193,14 @@ final class SupportedGroupsExtension {
ng.isSupported(chc.activeCipherSuites) &&
ng.isPermitted(chc.algorithmConstraints)) {
namedGroups.add(ng);
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
} else if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore inactive or disabled named group: " + ng.name);
}
}
if (namedGroups.isEmpty()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("no available named group");
}
@ -244,7 +244,7 @@ final class SupportedGroupsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_SUPPORTED_GROUPS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable supported_groups extension");
}
@ -319,7 +319,7 @@ final class SupportedGroupsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(EE_SUPPORTED_GROUPS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable supported_groups extension");
}
@ -335,7 +335,7 @@ final class SupportedGroupsExtension {
for (String name : shc.sslConfig.namedGroups) {
NamedGroup ng = NamedGroup.nameOf(name);
if (ng == null) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unspecified named group: " + name);
@ -352,14 +352,14 @@ final class SupportedGroupsExtension {
ng.isSupported(shc.activeCipherSuites) &&
ng.isPermitted(shc.algorithmConstraints)) {
namedGroups.add(ng);
} else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
} else if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore inactive or disabled named group: " + ng.name);
}
}
if (namedGroups.isEmpty()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("no available named group");
}
@ -399,7 +399,7 @@ final class SupportedGroupsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(EE_SUPPORTED_GROUPS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable supported_groups extension");
}

16
src/java.base/share/classes/sun/security/ssl/SupportedVersionsExtension.java
View File

@ -168,7 +168,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
CH_SUPPORTED_VERSIONS.name);
@ -216,7 +216,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
CH_SUPPORTED_VERSIONS.name);
@ -308,7 +308,7 @@ final class SupportedVersionsExtension {
shc.handshakeExtensions.get(CH_SUPPORTED_VERSIONS);
if (svs == null) {
// Unlikely, no key_share extension requested.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore unavailable supported_versions extension");
}
@ -317,7 +317,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
SH_SUPPORTED_VERSIONS.name);
@ -356,7 +356,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
SH_SUPPORTED_VERSIONS.name);
@ -399,7 +399,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
HRR_SUPPORTED_VERSIONS.name);
@ -441,7 +441,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
HRR_SUPPORTED_VERSIONS.name);
@ -483,7 +483,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"[Reproduce] Ignore unavailable extension: " +
HRR_SUPPORTED_VERSIONS.name);

20
src/java.base/share/classes/sun/security/ssl/TransportContext.java
View File

@ -270,7 +270,7 @@ final class TransportContext implements ConnectionContext {
try {
outputRecord.encodeAlert(Alert.Level.WARNING.level, alert.id);
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"Warning: failed to send warning alert " + alert, ioe);
}
@ -330,7 +330,7 @@ final class TransportContext implements ConnectionContext {
// so we'll do it here.
if (closeReason != null) {
if (cause == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"Closed transport, general or untracked problem");
}
@ -341,7 +341,7 @@ final class TransportContext implements ConnectionContext {
if (cause instanceof SSLException) {
throw (SSLException)cause;
} else { // unlikely, but just in case.
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"Closed transport, unexpected rethrowing", cause);
}
@ -364,7 +364,7 @@ final class TransportContext implements ConnectionContext {
}
// shutdown the transport
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.severe("Fatal (" + alert + "): " + diagnostic, cause);
}
@ -380,7 +380,7 @@ final class TransportContext implements ConnectionContext {
try {
inputRecord.close();
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("Fatal: input record closure failed", ioe);
}
@ -411,7 +411,7 @@ final class TransportContext implements ConnectionContext {
try {
outputRecord.encodeAlert(Alert.Level.FATAL.level, alert.id);
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"Fatal: failed to send fatal alert " + alert, ioe);
}
@ -424,7 +424,7 @@ final class TransportContext implements ConnectionContext {
try {
outputRecord.close();
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("Fatal: output record closure failed", ioe);
}
@ -440,7 +440,7 @@ final class TransportContext implements ConnectionContext {
try {
transport.shutdown();
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("Fatal: transport closure failed", ioe);
}
@ -522,7 +522,7 @@ final class TransportContext implements ConnectionContext {
passiveInboundClose();
}
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("inbound closure failed", ioe);
}
}
@ -579,7 +579,7 @@ final class TransportContext implements ConnectionContext {
try {
initiateOutboundClose();
} catch (IOException ioe) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning("outbound closure failed", ioe);
}
}

8
src/java.base/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
View File

@ -48,24 +48,24 @@ abstract class TrustManagerFactoryImpl extends TrustManagerFactorySpi {
trustManager = getInstance(TrustStoreManager.getTrustedCerts());
} catch (SecurityException se) {
// eat security exceptions but report other throwables
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine(
"SunX509: skip default keystore", se);
}
} catch (Error err) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine(
"SunX509: skip default keystore", err);
}
throw err;
} catch (RuntimeException re) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine(
"SunX509: skip default keystore", re);
}
throw re;
} catch (Exception e) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine(
"SunX509: skip default keystore", e);
}

16
src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java
View File

@ -108,7 +108,7 @@ final class TrustStoreManager {
this.storeFile = storeFile;
this.lastModified = lastModified;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine(
"trustStore is: " + storeName + "\n" +
"trustStore type is: " + storeType + "\n" +
@ -151,7 +151,7 @@ final class TrustStoreManager {
}
// Not break, the file is inaccessible.
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine(
"Inaccessible trust store: " +
@ -267,7 +267,7 @@ final class TrustStoreManager {
}
// Reload a new key store.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine("Reload the trust store");
}
@ -321,7 +321,7 @@ final class TrustStoreManager {
// Reload the trust store if needed.
if (ks == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine("Reload the trust store");
}
ks = loadKeyStore(descriptor);
@ -329,12 +329,12 @@ final class TrustStoreManager {
}
// Reload trust certs from the key store.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine("Reload trust certs");
}
certs = loadTrustedCerts(ks);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine("Reloaded " + certs.size() + " trust certs");
}
@ -355,7 +355,7 @@ final class TrustStoreManager {
descriptor.storeFile == null) {
// No file available, no KeyStore available.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine("No available key store");
}
@ -381,7 +381,7 @@ final class TrustStoreManager {
ks.load(fis, password);
} catch (FileNotFoundException fnfe) {
// No file available, no KeyStore available.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine(
"Not available key store: " + descriptor.storeName);
}

4
src/java.base/share/classes/sun/security/ssl/Utilities.java
View File

@ -69,7 +69,7 @@ final class Utilities {
SNIServerName serverName = sniList.get(i);
if (serverName.getType() == StandardConstants.SNI_HOST_NAME) {
sniList.set(i, sniHostName);
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine(
"the previous server name in SNI (" + serverName +
") was replaced with (" + sniHostName + ")");
@ -115,7 +115,7 @@ final class Utilities {
return new SNIHostName(hostname);
} catch (IllegalArgumentException iae) {
// don't bother to handle illegal host_name
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine(hostname + "\" " +
"is not a legal HostName for server name indication");
}

26
src/java.base/share/classes/sun/security/ssl/X509Authentication.java
View File

@ -201,7 +201,7 @@ enum X509Authentication implements SSLAuthentication {
private static SSLPossession createClientPossession(
ClientHandshakeContext chc, String[] keyTypes) {
X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager();
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("X509KeyManager class: " +
km.getClass().getName());
}
@ -221,7 +221,7 @@ enum X509Authentication implements SSLAuthentication {
}
if (clientAlias == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("No X.509 cert selected for "
+ Arrays.toString(keyTypes));
}
@ -230,7 +230,7 @@ enum X509Authentication implements SSLAuthentication {
PrivateKey clientPrivateKey = km.getPrivateKey(clientAlias);
if (clientPrivateKey == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest(
clientAlias + " is not a private key entry");
}
@ -239,7 +239,7 @@ enum X509Authentication implements SSLAuthentication {
X509Certificate[] clientCerts = km.getCertificateChain(clientAlias);
if ((clientCerts == null) || (clientCerts.length == 0)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest(clientAlias +
" is a private key entry with no cert chain stored");
}
@ -248,7 +248,7 @@ enum X509Authentication implements SSLAuthentication {
String privateKeyAlgorithm = clientPrivateKey.getAlgorithm();
if (!Arrays.asList(keyTypes).contains(privateKeyAlgorithm)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine(
clientAlias + " private key algorithm " +
privateKeyAlgorithm + " not in request list");
@ -258,7 +258,7 @@ enum X509Authentication implements SSLAuthentication {
String publicKeyAlgorithm = clientCerts[0].getPublicKey().getAlgorithm();
if (!privateKeyAlgorithm.equals(publicKeyAlgorithm)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine(
clientAlias + " private or public key is not of " +
"same algorithm: " +
@ -274,7 +274,7 @@ enum X509Authentication implements SSLAuthentication {
private static SSLPossession createServerPossession(
ServerHandshakeContext shc, String[] keyTypes) {
X509ExtendedKeyManager km = shc.sslContext.getX509KeyManager();
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("X509KeyManager class: " +
km.getClass().getName());
}
@ -293,7 +293,7 @@ enum X509Authentication implements SSLAuthentication {
}
if (serverAlias == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest("No X.509 cert selected for " + keyType);
}
continue;
@ -301,7 +301,7 @@ enum X509Authentication implements SSLAuthentication {
PrivateKey serverPrivateKey = km.getPrivateKey(serverAlias);
if (serverPrivateKey == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest(
serverAlias + " is not a private key entry");
}
@ -310,7 +310,7 @@ enum X509Authentication implements SSLAuthentication {
X509Certificate[] serverCerts = km.getCertificateChain(serverAlias);
if ((serverCerts == null) || (serverCerts.length == 0)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.finest(
serverAlias + " is not a certificate entry");
}
@ -320,7 +320,7 @@ enum X509Authentication implements SSLAuthentication {
PublicKey serverPublicKey = serverCerts[0].getPublicKey();
if ((!serverPrivateKey.getAlgorithm().equals(keyType))
|| (!serverPublicKey.getAlgorithm().equals(keyType))) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine(
serverAlias + " private or public key is not of " +
keyType + " algorithm");
@ -335,7 +335,7 @@ enum X509Authentication implements SSLAuthentication {
if (!shc.negotiatedProtocol.useTLS13PlusSpec() &&
keyType.equals("EC")) {
if (!(serverPublicKey instanceof ECPublicKey)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(serverAlias +
" public key is not an instance of ECPublicKey");
}
@ -354,7 +354,7 @@ enum X509Authentication implements SSLAuthentication {
((shc.clientRequestedNamedGroups != null) &&
!shc.clientRequestedNamedGroups.contains(namedGroup))) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.warning(
"Unsupported named group (" + namedGroup +
") used in the " + serverAlias + " certificate");

24
src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java
View File

@ -379,7 +379,7 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
if (results != null) {
for (EntryStatus status : results) {
if (status.checkResult == CheckResult.OK) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine("KeyMgr: choosing key: " + status);
}
@ -396,13 +396,13 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
}
}
if (allResults == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine("KeyMgr: no matching key found");
}
return null;
}
Collections.sort(allResults);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine(
"KeyMgr: no good matching key found, "
+ "returning best match out of", allResults);
@ -441,13 +441,13 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
}
}
if (allResults == null || allResults.isEmpty()) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine("KeyMgr: no matching alias found");
}
return null;
}
Collections.sort(allResults);
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine("KeyMgr: getting aliases", allResults);
}
return toAliases(allResults);
@ -635,7 +635,7 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
new SNIHostName(serverName.getEncoded());
} catch (IllegalArgumentException iae) {
// unlikely to happen, just in case ...
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine(
"Illegal server name: " + serverName);
@ -651,7 +651,7 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
X509TrustManagerImpl.checkIdentity(hostname,
cert, idAlgorithm);
} catch (CertificateException e) {
if (SSLLogger.isOn &&
if (SSLLogger.logging &&
SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine(
"Certificate identity does not match " +
@ -763,7 +763,7 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
j++;
}
if (keyIndex == -1) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine("Ignore alias " + alias
+ ": key algorithm does not match");
}
@ -780,7 +780,7 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
}
}
if (!found) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine(
"Ignore alias " + alias
+ ": issuers do not match");
@ -794,7 +794,7 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
!conformsToAlgorithmConstraints(constraints, chain,
checkType.getValidator())) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine("Ignore alias " + alias +
": certificate list does not conform to " +
"algorithm constraints");
@ -837,7 +837,7 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
checker.init(false);
} catch (CertPathValidatorException cpve) {
// unlikely to happen
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine(
"Cannot initialize algorithm constraints checker", cpve);
}
@ -852,7 +852,7 @@ final class X509KeyManagerImpl extends X509ExtendedKeyManager
// We don't care about the unresolved critical extensions.
checker.check(cert, Collections.emptySet());
} catch (CertPathValidatorException cpve) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,keymanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,keymanager")) {
SSLLogger.fine("Certificate does not conform to " +
"algorithm constraints", cert, cpve);
}

10
src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java
View File

@ -78,7 +78,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
this.trustedCerts = trustedCerts;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine("adding as trusted certificates",
(Object[])trustedCerts.toArray(new X509Certificate[0]));
}
@ -95,7 +95,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
trustedCerts = v.getTrustedCertificates();
serverValidator = v;
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine("adding as trusted certificates",
(Object[])trustedCerts.toArray(new X509Certificate[0]));
}
@ -242,7 +242,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
null, checkClientTrusted ? null : authType);
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine("Found trusted certificate",
trustedChain[trustedChain.length - 1]);
}
@ -296,7 +296,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
null, checkClientTrusted ? null : authType);
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine("Found trusted certificate",
trustedChain[trustedChain.length - 1]);
}
@ -330,7 +330,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
hostname = new SNIHostName(sniName.getEncoded());
} catch (IllegalArgumentException iae) {
// unlikely to happen, just in case ...
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine("Illegal server name: " + sniName);
}
}

7
src/java.base/share/classes/sun/security/util/DomainName.java
View File

@ -45,7 +45,6 @@ import java.util.zip.ZipInputStream;
import static java.nio.charset.StandardCharsets.UTF_8;
import jdk.internal.util.StaticProperty;
import sun.security.ssl.SSLLogger;
/**
@ -193,7 +192,7 @@ class DomainName {
}
return getRules(tld, new ZipInputStream(pubSuffixStream));
} catch (IOException e) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine(
"cannot parse public suffix data for " + tld +
": " + e.getMessage());
@ -210,7 +209,7 @@ class DomainName {
is = new FileInputStream(f);
} catch (FileNotFoundException e) { }
if (is == null) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,trustmanager")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl,trustmanager")) {
SSLLogger.fine(
"lib/security/public_suffix_list.dat not found");
}
@ -230,7 +229,7 @@ class DomainName {
}
}
if (!found) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
if (SSLLogger.logging && SSLLogger.isOn("ssl")) {
SSLLogger.fine("Domain " + tld + " not found");
}
return null;

8
src/java.base/share/classes/sun/security/util/HostnameChecker.java
View File

@ -271,7 +271,7 @@ public class HostnameChecker {
name = IDN.toUnicode(IDN.toASCII(name));
template = IDN.toUnicode(IDN.toASCII(template));
} catch (RuntimeException re) {
if (SSLLogger.isOn) {
if (SSLLogger.logging) {
SSLLogger.fine("Failed to normalize to Unicode: " + re);
}
@ -308,7 +308,7 @@ public class HostnameChecker {
String template, boolean chainsToPublicCA) {
// not ok if it is a single wildcard character or "*."
if (template.equals("*") || template.equals("*.")) {
if (SSLLogger.isOn) {
if (SSLLogger.logging) {
SSLLogger.fine(
"Certificate domain name has illegal single " +
"wildcard character: " + template);
@ -328,7 +328,7 @@ public class HostnameChecker {
// not ok if there is no dot after wildcard (ex: "*com")
if (firstDotIndex == -1) {
if (SSLLogger.isOn) {
if (SSLLogger.logging) {
SSLLogger.fine(
"Certificate domain name has illegal wildcard, " +
"no dot after wildcard character: " + template);
@ -353,7 +353,7 @@ public class HostnameChecker {
// Is it a top-level domain?
if (wildcardedDomain.equalsIgnoreCase(templateDomainSuffix)) {
if (SSLLogger.isOn) {
if (SSLLogger.logging) {
SSLLogger.fine(
"Certificate domain name has illegal " +
"wildcard for top-level public suffix: " + template);

12
test/jdk/javax/net/ssl/TLSv12/SignatureAlgorithms.java
View File

@ -31,18 +31,8 @@
* @bug 8049321
* @summary Support SHA256WithDSA in JSSE
* @library /javax/net/ssl/templates
* @run main/othervm SignatureAlgorithms PKIX "SHA-224,SHA-256"
* @run main/othervm -XX:StartFlightRecording=filename=/tmp/sha1-hs.jfr,settings=/tmp/securityEvents.jfc SignatureAlgorithms PKIX "SHA-224,SHA-256"
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* @run main/othervm SignatureAlgorithms PKIX "SHA-1,SHA-224"
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* @run main/othervm SignatureAlgorithms PKIX "SHA-1,SHA-256"
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* @run main/othervm SignatureAlgorithms PKIX "SHA-224,SHA-256"
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
* @run main/othervm SignatureAlgorithms PKIX "SHA-1,SHA-224"
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
* @run main/othervm SignatureAlgorithms PKIX "SHA-1,SHA-256"
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
*/
import java.util.*;

42
test/jdk/sun/security/ssl/SSLLogger/DebugPropertyValuesTest.java
View File

@ -56,23 +56,21 @@ public class DebugPropertyValuesTest extends SSLSocketTemplate {
debugMessages.put("handshake",
List.of("Produced ClientHello handshake message",
"supported_versions"));
debugMessages.put("handshake-expand",
List.of("\"message\".*: \"Produced ClientHello handshake message"));
debugMessages.put("keymanager", List.of("choosing key:"));
debugMessages.put("packet", List.of("Raw write"));
debugMessages.put("plaintext", List.of("Plaintext before ENCRYPTION"));
debugMessages.put("record", List.of("handshake, length =", "WRITE:"));
debugMessages.put("record-expand",
List.of("\"message\".*: \"READ: TLSv1.2 application_data"));
debugMessages.put("session", List.of("Session initialized:"));
debugMessages.put("sslctx", List.of("trigger seeding of SecureRandom"));
debugMessages.put("ssl", List.of("jdk.tls.keyLimits:"));
debugMessages.put("trustmanager", List.of("adding as trusted certificates"));
debugMessages.put("verbose", List.of("Ignore unsupported cipher suite:"));
debugMessages.put("handshake-expand",
List.of("\"logger\".*: \"javax.net.ssl\",",
"\"message\".*: \"Produced ClientHello handshake message"));
debugMessages.put("record-expand",
List.of("\"logger\".*: \"javax.net.ssl\",",
"\"message\".*: \"READ: TLSv1.2 application_data"));
debugMessages.put("help",
List.of("print the help messages",
List.of("print this help message and exit",
"debugging can be widened with:"));
debugMessages.put("javax.net.debug",
List.of("properties: Initial security property:",
@ -103,27 +101,21 @@ public class DebugPropertyValuesTest extends SSLSocketTemplate {
"sslctx", "trustmanager", "verbose")),
// allow expand option for more verbose output
Arguments.of(List.of("-Djavax.net.debug=ssl,handshake,expand"),
List.of("handshake", "handshake-expand", "keymanager",
"record", "session", "record-expand", "ssl",
"sslctx", "trustmanager", "verbose")),
List.of("handshake", "handshake-expand", "verbose")), // TODO -- why verbose ?
// filtering on record option, with expand
Arguments.of(List.of("-Djavax.net.debug=ssl:record,expand"),
List.of("handshake", "handshake-expand", "keymanager",
"record", "record-expand", "session", "ssl",
"sslctx", "trustmanager", "verbose")),
List.of("record", "record-expand")),
// this test is equivalent to ssl:record mode
Arguments.of(List.of("-Djavax.net.debug=ssl,record"),
List.of("handshake", "keymanager", "record",
"session", "ssl", "sslctx",
"trustmanager", "verbose")),
List.of("record")),
// example of test where no "ssl" value is passed
// handshake debugging with verbose mode
// only verbose gets printed. Needs fixing (JDK-8044609)
Arguments.of(List.of("-Djavax.net.debug=handshake:verbose"),
List.of("verbose")),
List.of()),
// another example of test where no "ssl" value is passed
Arguments.of(List.of("-Djavax.net.debug=record"),
List.of("record")),
List.of()),
// ignore bad sub-option. treat like "ssl"
Arguments.of(List.of("-Djavax.net.debug=ssl,typo"),
List.of("handshake", "keymanager",
@ -136,24 +128,18 @@ public class DebugPropertyValuesTest extends SSLSocketTemplate {
"sslctx", "trustmanager", "verbose")),
// plaintext is valid for record option
Arguments.of(List.of("-Djavax.net.debug=ssl:record:plaintext"),
List.of("handshake", "keymanager", "plaintext",
"record", "session", "ssl",
"sslctx", "trustmanager", "verbose")),
List.of("plaintext", "record")),
Arguments.of(List.of("-Djavax.net.debug=ssl:trustmanager"),
List.of("handshake", "keymanager", "record", "session",
"ssl", "sslctx", "trustmanager", "verbose")),
List.of("trustmanager")),
Arguments.of(List.of("-Djavax.net.debug=ssl:sslctx"),
List.of("handshake", "keymanager", "record", "session",
"ssl", "sslctx", "trustmanager", "verbose")),
List.of("sslctx")),
// help message test. Should exit without running test
Arguments.of(List.of("-Djavax.net.debug=help"),
List.of("help")),
// add in javax.net.debug sanity test
Arguments.of(List.of("-Djavax.net.debug=ssl:trustmanager",
"-Djava.security.debug=all"),
List.of("handshake", "javax.net.debug", "keymanager",
"record", "session", "ssl", "sslctx",
"trustmanager", "verbose")),
List.of("javax.net.debug", "trustmanager")),
// empty invokes System.Logger use
Arguments.of(List.of("-Djavax.net.debug",
"-Djava.util.logging.config.file=" + LOG_FILE),