infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-04-07 13:38:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

prep for isOn() merge

Browse Source
This commit is contained in:
Seán Coffey 2025-12-17 20:27:54 +00:00
parent 72a5a167e2
commit d6384f5060
79 changed files with 632 additions and 629 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/java.base/share/classes/sun/security/ssl/Alert.java
View File

@ -238,7 +238,7 @@ public enum Alert {
TransportContext tc = (TransportContext)context;
AlertMessage am = new AlertMessage(tc, m);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("Received alert message", am);
}

18
src/java.base/share/classes/sun/security/ssl/AlpnExtension.java
View File

@ -157,7 +157,7 @@ final class AlpnExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SSLExtension.CH_ALPN)) {
if (SSLLogger.logging
if (SSLLogger.isOn()
&& SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.info(
"Ignore client unavailable extension: " +
@ -171,7 +171,7 @@ final class AlpnExtension {
String[] laps = chc.sslConfig.applicationProtocols;
if ((laps == null) || (laps.length == 0)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.info(
"No available application protocols");
@ -185,7 +185,7 @@ final class AlpnExtension {
int length = ap.getBytes(alpnCharset).length;
if (length == 0) {
// log the configuration problem
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.severe(
"Application protocol name cannot be empty");
@ -200,7 +200,7 @@ final class AlpnExtension {
listLength += (length + 1);
} else {
// log the configuration problem
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.severe(
"Application protocol name (" + ap +
@ -216,7 +216,7 @@ final class AlpnExtension {
if (listLength > MAX_AP_LIST_LENGTH) {
// log the configuration problem
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.severe(
"The configured application protocols (" +
@ -271,7 +271,7 @@ final class AlpnExtension {
if (!shc.sslConfig.isAvailable(SSLExtension.CH_ALPN)) {
shc.applicationProtocol = "";
shc.conContext.applicationProtocol = "";
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.info(
"Ignore server unavailable extension: " +
@ -294,7 +294,7 @@ final class AlpnExtension {
if (noAPSelector && noAlpnProtocols) {
shc.applicationProtocol = "";
shc.conContext.applicationProtocol = "";
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore server unenabled extension: " +
@ -385,7 +385,7 @@ final class AlpnExtension {
(AlpnSpec)shc.handshakeExtensions.get(SSLExtension.CH_ALPN);
if (requestedAlps == null) {
// Ignore, this extension was not requested and accepted.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " +
@ -431,7 +431,7 @@ final class AlpnExtension {
// Ignore, no negotiated application layer protocol.
shc.applicationProtocol = "";
shc.conContext.applicationProtocol = "";
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore, no negotiated application layer protocol");

8
src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java
View File

@ -94,7 +94,7 @@ final class CertSignAlgsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable " +
@ -145,7 +145,7 @@ final class CertSignAlgsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable " +
@ -237,7 +237,7 @@ final class CertSignAlgsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable " +
@ -286,7 +286,7 @@ final class CertSignAlgsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable " +

32
src/java.base/share/classes/sun/security/ssl/CertStatusExtension.java
View File

@ -144,7 +144,7 @@ final class CertStatusExtension {
if (statusType == CertStatusRequestType.OCSP.id) {
this.statusRequest = new OCSPStatusRequest(statusType, encoded);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.info(
"Unknown certificate status request " +
@ -197,7 +197,7 @@ final class CertStatusExtension {
if (type == CertStatusRequestType.OCSP.id) {
this.statusResponse = new OCSPStatusResponse(type, respData);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.info(
"Unknown certificate status response " +
@ -559,7 +559,7 @@ final class CertStatusExtension {
}
if (!chc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " +
@ -601,7 +601,7 @@ final class CertStatusExtension {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
if (!shc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Ignore unavailable extension: " +
SSLExtension.CH_STATUS_REQUEST.name);
@ -660,7 +660,7 @@ final class CertStatusExtension {
shc.handshakeExtensions.get(SSLExtension.CH_STATUS_REQUEST);
if (spec == null) {
// Ignore, no status_request extension requested.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("Ignore unavailable extension: " +
SSLExtension.CH_STATUS_REQUEST.name);
@ -671,7 +671,7 @@ final class CertStatusExtension {
// Is it a session resuming?
if (shc.isResumption) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"No status_request response for session resuming");
@ -845,7 +845,7 @@ final class CertStatusExtension {
statusRequests.add(
new OCSPStatusRequest(statusType, encoded));
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.info(
"Unknown certificate status request " +
@ -922,7 +922,7 @@ final class CertStatusExtension {
}
if (!chc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST_V2)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Ignore unavailable status_request_v2 extension");
@ -965,7 +965,7 @@ final class CertStatusExtension {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
if (!shc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST_V2)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Ignore unavailable status_request_v2 extension");
@ -1026,7 +1026,7 @@ final class CertStatusExtension {
shc.handshakeExtensions.get(SSLExtension.CH_STATUS_REQUEST_V2);
if (spec == null) {
// Ignore, no status_request_v2 extension requested.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Ignore unavailable status_request_v2 extension");
@ -1037,7 +1037,7 @@ final class CertStatusExtension {
// Is it a session resuming?
if (shc.isResumption) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"No status_request_v2 response for session resumption");
@ -1123,7 +1123,7 @@ final class CertStatusExtension {
// Stapling needs to be active and have valid data to proceed
if (shc.stapleParams == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Stapling is disabled for this connection");
@ -1133,7 +1133,7 @@ final class CertStatusExtension {
// There needs to be a non-null CertificateEntry to proceed
if (shc.currentCertEntry == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("Found null CertificateEntry in context");
}
@ -1152,7 +1152,7 @@ final class CertStatusExtension {
byte[] respBytes = shc.stapleParams.responseMap.get(x509Cert);
if (respBytes == null) {
// We're done with this entry. Clear it from the context
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest("No status response found for " +
x509Cert.getSubjectX500Principal());
@ -1162,7 +1162,7 @@ final class CertStatusExtension {
}
// Build a proper response buffer from the stapling information
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest("Found status response for " +
x509Cert.getSubjectX500Principal() +
@ -1222,7 +1222,7 @@ final class CertStatusExtension {
respList.add(spec.statusResponse.encodedResponse);
chc.handshakeSession.setStatusResponses(respList);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Ignoring stapled data on resumed session");

16
src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java
View File

@ -192,7 +192,7 @@ final class CertificateAuthoritiesExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.CH_CERTIFICATE_AUTHORITIES)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable " +
@ -206,7 +206,7 @@ final class CertificateAuthoritiesExtension {
X509Certificate[] caCerts =
chc.sslContext.getX509TrustManager().getAcceptedIssuers();
if (caCerts.length == 0) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No available certificate authorities");
@ -218,7 +218,7 @@ final class CertificateAuthoritiesExtension {
List<byte[]> encodedCAs =
CertificateAuthoritiesSpec.getEncodedAuthorities(caCerts);
if (encodedCAs.isEmpty()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"The number of CAs exceeds the maximum size " +
@ -273,7 +273,7 @@ final class CertificateAuthoritiesExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.CH_CERTIFICATE_AUTHORITIES)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable " +
@ -323,7 +323,7 @@ final class CertificateAuthoritiesExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.CR_CERTIFICATE_AUTHORITIES)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable " +
@ -337,7 +337,7 @@ final class CertificateAuthoritiesExtension {
X509Certificate[] caCerts =
shc.sslContext.getX509TrustManager().getAcceptedIssuers();
if (caCerts.length == 0) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No available certificate authorities");
@ -349,7 +349,7 @@ final class CertificateAuthoritiesExtension {
List<byte[]> encodedCAs =
CertificateAuthoritiesSpec.getEncodedAuthorities(caCerts);
if (encodedCAs.isEmpty()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Too many certificate authorities to use " +
@ -404,7 +404,7 @@ final class CertificateAuthoritiesExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.CR_CERTIFICATE_AUTHORITIES)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable " +

32
src/java.base/share/classes/sun/security/ssl/CertificateMessage.java
View File

@ -265,7 +265,7 @@ final class CertificateMessage {
shc.handshakeSession.setLocalCertificates(x509Possession.popCerts);
T12CertificateMessage cm =
new T12CertificateMessage(shc, x509Possession.popCerts);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced server Certificate handshake message", cm);
@ -294,7 +294,7 @@ final class CertificateMessage {
// an empty cert chain instead.
if (x509Possession == null) {
if (chc.negotiatedProtocol.useTLS10PlusSpec()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No X.509 certificate for client authentication, " +
@ -304,7 +304,7 @@ final class CertificateMessage {
x509Possession =
new X509Possession(null, new X509Certificate[0]);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No X.509 certificate for client authentication, " +
@ -327,7 +327,7 @@ final class CertificateMessage {
}
T12CertificateMessage cm =
new T12CertificateMessage(chc, x509Possession.popCerts);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced client Certificate handshake message", cm);
@ -364,14 +364,14 @@ final class CertificateMessage {
T12CertificateMessage cm = new T12CertificateMessage(hc, message);
if (hc.sslConfig.isClientMode) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming server Certificate handshake message", cm);
}
onCertificate((ClientHandshakeContext)context, cm);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming client Certificate handshake message", cm);
@ -507,7 +507,7 @@ final class CertificateMessage {
try {
thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Attempt to obtain subjectAltNames extension failed!");
@ -518,7 +518,7 @@ final class CertificateMessage {
try {
prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Attempt to obtain subjectAltNames extension failed!");
@ -988,7 +988,7 @@ final class CertificateMessage {
certEnt.extensions.produce(shc, enabledCTExts);
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced server Certificate message", cm);
}
@ -1006,7 +1006,7 @@ final class CertificateMessage {
ClientHelloMessage clientHello) {
if (hc.peerRequestedCertSignSchemes == null ||
hc.peerRequestedCertSignSchemes.isEmpty()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"No signature_algorithms(_cert) in ClientHello");
@ -1032,7 +1032,7 @@ final class CertificateMessage {
SSLPossession pos = X509Authentication
.createPossession(hc, supportedKeyTypes);
if (pos == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("No available authentication scheme");
}
@ -1046,7 +1046,7 @@ final class CertificateMessage {
SSLPossession pos = choosePossession(chc, clientHello);
X509Certificate[] localCerts;
if (pos == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("No available client authentication scheme");
}
@ -1054,7 +1054,7 @@ final class CertificateMessage {
} else {
chc.handshakePossessions.add(pos);
if (!(pos instanceof X509Possession x509Possession)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No X.509 certificate for client authentication");
@ -1081,7 +1081,7 @@ final class CertificateMessage {
throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"Failed to produce client Certificate message", ce);
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced client Certificate message", cm);
}
@ -1123,14 +1123,14 @@ final class CertificateMessage {
T13CertificateMessage cm = new T13CertificateMessage(hc, message);
if (hc.sslConfig.isClientMode) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming server Certificate handshake message", cm);
}
onConsumeCertificate((ClientHandshakeContext)context, cm);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming client Certificate handshake message", cm);

22
src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
View File

@ -297,7 +297,7 @@ final class CertificateRequest {
shc.sslContext.getX509TrustManager().getAcceptedIssuers();
T10CertificateRequestMessage crm = new T10CertificateRequestMessage(
shc, caCerts, shc.negotiatedCipherSuite.keyExchange);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced CertificateRequest handshake message", crm);
}
@ -360,7 +360,7 @@ final class CertificateRequest {
T10CertificateRequestMessage crm =
new T10CertificateRequestMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming CertificateRequest handshake message", crm);
}
@ -400,7 +400,7 @@ final class CertificateRequest {
}
if (clientAlias == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("No available client authentication");
}
@ -409,7 +409,7 @@ final class CertificateRequest {
PrivateKey clientPrivateKey = km.getPrivateKey(clientAlias);
if (clientPrivateKey == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("No available client private key");
}
@ -418,7 +418,7 @@ final class CertificateRequest {
X509Certificate[] clientCerts = km.getCertificateChain(clientAlias);
if ((clientCerts == null) || (clientCerts.length == 0)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("No available client certificate");
}
@ -658,7 +658,7 @@ final class CertificateRequest {
T12CertificateRequestMessage crm = new T12CertificateRequestMessage(
shc, caCerts, shc.negotiatedCipherSuite.keyExchange,
certReqSignAlgs);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced CertificateRequest handshake message", crm);
}
@ -720,7 +720,7 @@ final class CertificateRequest {
T12CertificateRequestMessage crm =
new T12CertificateRequestMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming CertificateRequest handshake message", crm);
}
@ -787,7 +787,7 @@ final class CertificateRequest {
T12CertificateRequestMessage crm) {
if (hc.peerRequestedCertSignSchemes == null ||
hc.peerRequestedCertSignSchemes.isEmpty()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("No signature and hash algorithms " +
"in CertificateRequest");
@ -832,7 +832,7 @@ final class CertificateRequest {
SSLPossession pos = X509Authentication
.createPossession(hc, supportedKeyTypes);
if (pos == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("No available authentication scheme");
}
@ -943,7 +943,7 @@ final class CertificateRequest {
SSLExtension[] extTypes = shc.sslConfig.getEnabledExtensions(
SSLHandshake.CERTIFICATE_REQUEST, shc.negotiatedProtocol);
crm.extensions.produce(shc, extTypes);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced CertificateRequest message", crm);
}
@ -996,7 +996,7 @@ final class CertificateRequest {
T13CertificateRequestMessage crm =
new T13CertificateRequestMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming CertificateRequest handshake message", crm);
}

6
src/java.base/share/classes/sun/security/ssl/CertificateStatus.java
View File

@ -281,7 +281,7 @@ final class CertificateStatus {
new CertificateStatusMessage(chc, message);
// Log the message
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming server CertificateStatus handshake message",
cst);
@ -325,7 +325,7 @@ final class CertificateStatus {
// Create the CertificateStatus message from info in the
CertificateStatusMessage csm = new CertificateStatusMessage(shc);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced server CertificateStatus handshake message", csm);
}
@ -358,7 +358,7 @@ final class CertificateStatus {
// status_request[_v2] extension. 2) The CertificateStatus
// message was not sent. This means that cert path checking
// was deferred, but must happen immediately.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Server did not send CertificateStatus, " +
"checking cert chain without status info.");

26
src/java.base/share/classes/sun/security/ssl/CertificateVerify.java
View File

@ -248,7 +248,7 @@ final class CertificateVerify {
if (x509Possession == null ||
x509Possession.popPrivateKey == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No X.509 credentials negotiated for CertificateVerify");
@ -259,7 +259,7 @@ final class CertificateVerify {
S30CertificateVerifyMessage cvm =
new S30CertificateVerifyMessage(chc, x509Possession);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced CertificateVerify handshake message", cvm);
}
@ -301,7 +301,7 @@ final class CertificateVerify {
S30CertificateVerifyMessage cvm =
new S30CertificateVerifyMessage(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming CertificateVerify handshake message", cvm);
}
@ -504,7 +504,7 @@ final class CertificateVerify {
if (x509Possession == null ||
x509Possession.popPrivateKey == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No X.509 credentials negotiated for CertificateVerify");
@ -515,7 +515,7 @@ final class CertificateVerify {
T10CertificateVerifyMessage cvm =
new T10CertificateVerifyMessage(chc, x509Possession);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced CertificateVerify handshake message", cvm);
}
@ -557,7 +557,7 @@ final class CertificateVerify {
T10CertificateVerifyMessage cvm =
new T10CertificateVerifyMessage(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming CertificateVerify handshake message", cvm);
}
@ -756,7 +756,7 @@ final class CertificateVerify {
if (x509Possession == null ||
x509Possession.popPrivateKey == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No X.509 credentials negotiated for CertificateVerify");
@ -767,7 +767,7 @@ final class CertificateVerify {
T12CertificateVerifyMessage cvm =
new T12CertificateVerifyMessage(chc, x509Possession);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced CertificateVerify handshake message", cvm);
}
@ -809,7 +809,7 @@ final class CertificateVerify {
T12CertificateVerifyMessage cvm =
new T12CertificateVerifyMessage(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming CertificateVerify handshake message", cvm);
}
@ -1095,7 +1095,7 @@ final class CertificateVerify {
if (x509Possession == null ||
x509Possession.popPrivateKey == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No X.509 credentials negotiated for CertificateVerify");
@ -1117,7 +1117,7 @@ final class CertificateVerify {
X509Possession x509Possession) throws IOException {
T13CertificateVerifyMessage cvm =
new T13CertificateVerifyMessage(shc, x509Possession);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced server CertificateVerify handshake message", cvm);
}
@ -1134,7 +1134,7 @@ final class CertificateVerify {
X509Possession x509Possession) throws IOException {
T13CertificateVerifyMessage cvm =
new T13CertificateVerifyMessage(chc, x509Possession);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced client CertificateVerify handshake message", cvm);
}
@ -1177,7 +1177,7 @@ final class CertificateVerify {
T13CertificateVerifyMessage cvm =
new T13CertificateVerifyMessage(hc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming CertificateVerify handshake message", cvm);
}

6
src/java.base/share/classes/sun/security/ssl/ChangeCipherSpec.java
View File

@ -108,7 +108,7 @@ final class ChangeCipherSpec {
") and protocol version (" + hc.negotiatedProtocol + ")");
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced ChangeCipherSpec message");
}
@ -142,7 +142,7 @@ final class ChangeCipherSpec {
throw tc.fatal(Alert.UNEXPECTED_MESSAGE,
"Malformed or unexpected ChangeCipherSpec message");
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Consuming ChangeCipherSpec message");
}
@ -237,7 +237,7 @@ final class ChangeCipherSpec {
throw tc.fatal(Alert.UNEXPECTED_MESSAGE,
"Malformed or unexpected ChangeCipherSpec message");
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Consuming ChangeCipherSpec message");
}

42
src/java.base/share/classes/sun/security/ssl/ClientHello.java
View File

@ -430,7 +430,7 @@ final class ClientHello {
if (!session.isRejoinable()) {
session = null;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, the session is not rejoinable");
@ -443,7 +443,7 @@ final class ClientHello {
sessionSuite = session.getSuite();
if (!chc.isNegotiable(sessionSuite)) {
session = null;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, unavailable session cipher suite");
@ -456,7 +456,7 @@ final class ClientHello {
sessionVersion = session.getProtocolVersion();
if (!chc.isNegotiable(sessionVersion)) {
session = null;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, unavailable protocol version");
@ -513,7 +513,7 @@ final class ClientHello {
String sessionIdentityAlg =
session.getIdentificationProtocol();
if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest("Can't resume, endpoint id" +
" algorithm does not match, requested: " +
@ -524,7 +524,7 @@ final class ClientHello {
}
if (session != null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest("Try resuming session", session);
}
@ -548,7 +548,7 @@ final class ClientHello {
cipherSuites = List.of(sessionSuite);
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"No new session is allowed, so try to resume " +
@ -635,7 +635,7 @@ final class ClientHello {
SSLHandshake.CLIENT_HELLO, chc.activeProtocols);
chm.extensions.produce(chc, extTypes);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced ClientHello handshake message", chm);
}
@ -702,7 +702,7 @@ final class ClientHello {
//
// The HelloVerifyRequest consumer should have updated the
// ClientHello handshake message with cookie.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced ClientHello(cookie) handshake message",
@ -737,7 +737,7 @@ final class ClientHello {
// TLS 1.3
// The HelloRetryRequest consumer should have updated the
// ClientHello handshake message with cookie.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced ClientHello(HRR) handshake message",
@ -794,7 +794,7 @@ final class ClientHello {
ClientHelloMessage chm =
new ClientHelloMessage(shc, message, enabledExtensions);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Consuming ClientHello handshake message", chm);
}
@ -824,7 +824,7 @@ final class ClientHello {
negotiateProtocol(context, clientHello.clientVersion);
}
context.negotiatedProtocol = negotiatedProtocol;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Negotiated protocol version: " + negotiatedProtocol.name);
}
@ -984,7 +984,7 @@ final class ClientHello {
boolean resumingSession =
(previous != null) && previous.isRejoinable();
if (!resumingSession) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, " +
@ -997,7 +997,7 @@ final class ClientHello {
previous.getProtocolVersion();
if (sessionProtocol != shc.negotiatedProtocol) {
resumingSession = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, not the same protocol version");
@ -1012,7 +1012,7 @@ final class ClientHello {
previous.getPeerPrincipal();
} catch (SSLPeerUnverifiedException e) {
resumingSession = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, " +
@ -1027,7 +1027,7 @@ final class ClientHello {
if ((!shc.isNegotiable(suite)) ||
(!clientHello.cipherSuites.contains(suite))) {
resumingSession = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, " +
@ -1043,7 +1043,7 @@ final class ClientHello {
String sessionIdentityAlg =
previous.getIdentificationProtocol();
if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest("Can't resume, endpoint id" +
" algorithm does not match, requested: " +
@ -1058,7 +1058,7 @@ final class ClientHello {
shc.isResumption = resumingSession;
shc.resumingSession = resumingSession ? previous : null;
if (!resumingSession && SSLLogger.logging &&
if (!resumingSession && SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Session not resumed.");
}
@ -1325,7 +1325,7 @@ final class ClientHello {
boolean resumingSession =
(previous != null) && previous.isRejoinable();
if (!resumingSession) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, " +
@ -1338,7 +1338,7 @@ final class ClientHello {
previous.getProtocolVersion();
if (sessionProtocol != shc.negotiatedProtocol) {
resumingSession = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, not the same protocol version");
@ -1354,7 +1354,7 @@ final class ClientHello {
previous.getPeerPrincipal();
} catch (SSLPeerUnverifiedException e) {
resumingSession = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, " +
@ -1369,7 +1369,7 @@ final class ClientHello {
if ((!shc.isNegotiable(suite)) ||
(!clientHello.cipherSuites.contains(suite))) {
resumingSession = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, " +

10
src/java.base/share/classes/sun/security/ssl/CookieExtension.java
View File

@ -117,7 +117,7 @@ public class CookieExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable cookie extension");
@ -155,7 +155,7 @@ public class CookieExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable cookie extension");
@ -220,7 +220,7 @@ public class CookieExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable cookie extension");
@ -256,7 +256,7 @@ public class CookieExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable cookie extension");
@ -284,7 +284,7 @@ public class CookieExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable cookie extension");

4
src/java.base/share/classes/sun/security/ssl/DHClientKeyExchange.java
View File

@ -187,7 +187,7 @@ final class DHClientKeyExchange {
chc.handshakePossessions.add(dhePossession);
DHClientKeyExchangeMessage ckem =
new DHClientKeyExchangeMessage(chc);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced DH ClientKeyExchange handshake message", ckem);
}
@ -268,7 +268,7 @@ final class DHClientKeyExchange {
DHClientKeyExchangeMessage ckem =
new DHClientKeyExchangeMessage(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming DH ClientKeyExchange handshake message", ckem);
}

4
src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java
View File

@ -481,7 +481,7 @@ final class DHServerKeyExchange {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
DHServerKeyExchangeMessage skem =
new DHServerKeyExchangeMessage(shc);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced DH ServerKeyExchange handshake message", skem);
}
@ -512,7 +512,7 @@ final class DHServerKeyExchange {
DHServerKeyExchangeMessage skem =
new DHServerKeyExchangeMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming DH ServerKeyExchange handshake message", skem);
}

76
src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java
View File

@ -125,7 +125,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
return null;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine("Raw read", packet);
}
@ -150,7 +150,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
int contentLen = ((packet.get() & 0xFF) << 8) |
(packet.get() & 0xFF); // pos: 11, 12
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine("READ: " +
ProtocolVersion.nameOf(majorVersion, minorVersion) +
" " + ContentType.nameOf(contentType) + ", length = " +
@ -162,7 +162,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (this.readEpoch > recordEpoch) {
// Reset the position of the packet buffer.
packet.position(recLim);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine("READ: discard this old record", recordEnS);
}
return null;
@ -181,7 +181,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
packet.position(recLim);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("Premature record (epoch), discard it.");
}
@ -224,7 +224,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
plaintextFragment = plaintext.fragment;
contentType = plaintext.contentType;
} catch (GeneralSecurityException gse) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("Discard invalid record: " + gse);
}
@ -242,7 +242,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Cleanup the handshake reassembler if necessary.
if ((reassembler != null) &&
(reassembler.handshakeEpoch < recordEpoch)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("Cleanup the handshake reassembler");
}
@ -275,7 +275,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (hsFrag == null) {
// invalid, discard this record
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Invalid handshake message, discard it.");
@ -299,7 +299,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
return pt == null ? null : new Plaintext[] { pt };
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("The reassembler is not initialized yet.");
}
@ -360,7 +360,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
int remaining = plaintextFragment.remaining();
if (remaining < handshakeHeaderSize) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("Discard invalid record: " +
"too small record to hold a handshake fragment");
}
@ -372,7 +372,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Fail fast for unknown handshake message.
byte handshakeType = plaintextFragment.get(); // pos: 0
if (!SSLHandshake.isKnown(handshakeType)) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("Discard invalid record: " +
"unknown handshake type size, Handshake.msg_type = " +
(handshakeType & 0xFF));
@ -408,7 +408,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
((plaintextFragment.get() & 0xFF) << 8) |
(plaintextFragment.get() & 0xFF); // pos: 9-11
if ((remaining - handshakeHeaderSize) < fragmentLength) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("Discard invalid record: " +
"not a complete handshake fragment in the record");
}
@ -752,7 +752,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// It's OK to discard retransmission as the handshake hash
// is computed as if each handshake message had been sent
// as a single fragment.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("Have got the full message, discard it.");
}
@ -774,7 +774,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// The ranges SHOULD NOT overlap.
if (hole.offset > hsf.fragmentOffset || hole.limit < fragmentLimit) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("Discard invalid record: " +
"handshake fragment ranges are overlapping");
@ -843,7 +843,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
}
// Read the random (32 bytes)
if (fragmentData.remaining() < 32) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine("Rejected client hello fragment (bad random len) " +
"fo=" + hsf.fragmentOffset + " fl=" + hsf.fragmentLength);
@ -868,7 +868,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Cookie
byte[] cookie = Record.getBytes8(fragmentData);
if (firstHello && cookie.length != 0) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine("Rejected initial client hello fragment (bad cookie len) " +
"fo=" + hsf.fragmentOffset + " fl=" + hsf.fragmentLength);
@ -905,7 +905,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
}
}
} catch (IOException ioe) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine("Rejected client hello fragment " +
"fo=" + hsf.fragmentOffset + " fl=" + hsf.fragmentLength);
}
@ -1037,7 +1037,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
int previousEpoch = nextRecordEpoch - 1;
if (rf.recordEpoch < previousEpoch) {
// Too old to use, discard this record.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Too old epoch to use this record, discard it.");
@ -1084,7 +1084,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (!isDesired) {
// Too old to use, discard this retransmitted record
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Too old retransmission to use, discard it.");
@ -1098,7 +1098,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Previously disordered record for the current epoch.
//
// Should have been retransmitted. Discard this record.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Lagging behind record (sequence), discard it.");
@ -1137,7 +1137,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
Plaintext acquirePlaintext() throws SSLProtocolException {
if (bufferedFragments.isEmpty()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("No received handshake messages");
}
@ -1159,7 +1159,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Reset the next handshake flight.
resetHandshakeFlight(precedingFlight);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("Received a retransmission flight.");
}
@ -1172,7 +1172,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
}
if (!flightIsReady) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"The handshake flight is not ready to use: " +
@ -1258,7 +1258,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (readEpoch != rFrag.recordEpoch) {
if (readEpoch > rFrag.recordEpoch) {
// discard old records
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Discard old buffered ciphertext fragments.");
@ -1271,7 +1271,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
flightIsReady = false;
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Not yet ready to decrypt the cached fragments.");
@ -1289,7 +1289,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
plaintextFragment = plaintext.fragment;
rFrag.contentType = plaintext.contentType;
} catch (GeneralSecurityException gse) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("Discard invalid record: ", gse);
}
@ -1312,7 +1312,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (hsFrag == null) {
// invalid, discard this record
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Invalid handshake fragment, discard it",
@ -1464,7 +1464,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (expectCCSFlight) {
// Have the ChangeCipherSpec/Finished flight been received?
boolean isReady = hasFinishedMessage();
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Has the final flight been received? " + isReady);
@ -1473,7 +1473,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
return isReady;
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("No flight is received yet.");
}
@ -1487,7 +1487,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// single handshake message flight
boolean isReady = hasCompleted(flightType);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Is the handshake message completed? " + isReady);
@ -1502,7 +1502,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (flightType == SSLHandshake.SERVER_HELLO.id) {
// Firstly, check the first flight handshake message.
if (!hasCompleted(flightType)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"The ServerHello message is not completed yet.");
@ -1515,7 +1515,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// an abbreviated handshake
//
if (hasFinishedMessage()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("It's an abbreviated handshake.");
}
@ -1530,7 +1530,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
SSLHandshake.SERVER_HELLO_DONE.id);
if ((holes == null) || !holes.isEmpty()) {
// Not yet got the final message of the flight.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Not yet got the ServerHelloDone message");
@ -1543,7 +1543,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
boolean isReady = hasCompleted(bufferedFragments,
handshakeFlight.minMessageSeq,
handshakeFlight.maxMessageSeq);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Is the ServerHello flight (message " +
@ -1567,7 +1567,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
// Firstly, check the first flight handshake message.
if (!hasCompleted(flightType)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"The ClientKeyExchange or client Certificate " +
@ -1582,7 +1582,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (needClientVerify(bufferedFragments) &&
!hasCompleted(SSLHandshake.CERTIFICATE_VERIFY.id)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Not yet have the CertificateVerify message");
@ -1594,7 +1594,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
if (!hasFinishedMessage()) {
// not yet have the ChangeCipherSpec/Finished messages
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Not yet have the ChangeCipherSpec and " +
@ -1608,7 +1608,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
boolean isReady = hasCompleted(bufferedFragments,
handshakeFlight.minMessageSeq,
handshakeFlight.maxMessageSeq);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Is the ClientKeyExchange flight (message " +
@ -1623,7 +1623,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
//
// Otherwise, need to receive more handshake messages.
//
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("Need to receive more handshake messages");
}

22
src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java
View File

@ -92,7 +92,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
void changeWriteCiphers(SSLWriteCipher writeCipher,
boolean useChangeCipherSpec) {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"change_cipher_spec message");
}
@ -120,7 +120,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
@Override
void encodeAlert(byte level, byte description) {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"alert message: " + Alert.nameOf(description));
}
@ -137,7 +137,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
@Override
void encodeChangeCipherSpec() {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"change_cipher_spec message");
}
@ -154,7 +154,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
void encodeHandshake(byte[] source,
int offset, int length) {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"handshake message",
ByteBuffer.wrap(source, offset, length));
@ -179,14 +179,14 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws IOException {
if (isClosed) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"application data or cached messages");
}
return null;
} else if (isCloseWaiting) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"application data");
}
@ -201,7 +201,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
ByteBuffer destination) throws IOException {
if (writeCipher.authenticator.seqNumOverflow()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine(
"sequence number extremely close to overflow " +
"(2^64-1 packets). Closing connection.");
@ -269,7 +269,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
destination.limit(destination.position());
destination.position(dstContent);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name + " " +
ContentType.APPLICATION_DATA.name +
@ -282,7 +282,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
dstPos, dstLim, headerSize,
protocolVersion);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
ByteBuffer temporary = destination.duplicate();
temporary.limit(temporary.position());
temporary.position(dstPos);
@ -497,7 +497,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
dstBuf.limit(dstBuf.position());
dstBuf.position(dstContent);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name + " " +
ContentType.nameOf(memo.contentType) +
@ -511,7 +511,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord {
ProtocolVersion.valueOf(memo.majorVersion,
memo.minorVersion));
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
ByteBuffer temporary = dstBuf.duplicate();
temporary.limit(temporary.position());
temporary.position(dstPos);

8
src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java
View File

@ -199,7 +199,7 @@ final class ECDHClientKeyExchange {
ECDHClientKeyExchangeMessage cke =
new ECDHClientKeyExchangeMessage(
chc, sslPossession.encode());
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced ECDH ClientKeyExchange handshake message", cke);
}
@ -308,7 +308,7 @@ final class ECDHClientKeyExchange {
// parse either handshake message containing either EC/XEC.
ECDHClientKeyExchangeMessage cke =
new ECDHClientKeyExchangeMessage(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming ECDH ClientKeyExchange handshake message", cke);
}
@ -397,7 +397,7 @@ final class ECDHClientKeyExchange {
new ECDHClientKeyExchangeMessage(
chc, sslPossession.encode());
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced ECDHE ClientKeyExchange handshake message", cke);
}
@ -490,7 +490,7 @@ final class ECDHClientKeyExchange {
// parse the EC/XEC handshake message
ECDHClientKeyExchangeMessage cke =
new ECDHClientKeyExchangeMessage(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming ECDHE ClientKeyExchange handshake message", cke);
}

4
src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java
View File

@ -489,7 +489,7 @@ final class ECDHServerKeyExchange {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
ECDHServerKeyExchangeMessage skem =
new ECDHServerKeyExchangeMessage(shc);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced ECDH ServerKeyExchange handshake message", skem);
}
@ -522,7 +522,7 @@ final class ECDHServerKeyExchange {
// AlgorithmConstraints are checked during decoding
ECDHServerKeyExchangeMessage skem =
new ECDHServerKeyExchangeMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming ECDH ServerKeyExchange handshake message", skem);
}

6
src/java.base/share/classes/sun/security/ssl/ECPointFormatsExtension.java
View File

@ -171,7 +171,7 @@ final class ECPointFormatsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_EC_POINT_FORMATS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable ec_point_formats extension");
@ -194,7 +194,7 @@ final class ECPointFormatsExtension {
return extData;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Need no ec_point_formats extension");
}
@ -222,7 +222,7 @@ final class ECPointFormatsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_EC_POINT_FORMATS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable ec_point_formats extension");

4
src/java.base/share/classes/sun/security/ssl/EncryptedExtensions.java
View File

@ -134,7 +134,7 @@ final class EncryptedExtensions {
SSLHandshake.ENCRYPTED_EXTENSIONS,
shc.negotiatedProtocol);
eem.extensions.produce(shc, extTypes);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced EncryptedExtensions message", eem);
}
@ -168,7 +168,7 @@ final class EncryptedExtensions {
EncryptedExtensionsMessage eem =
new EncryptedExtensionsMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming EncryptedExtensions handshake message", eem);
}

10
src/java.base/share/classes/sun/security/ssl/ExtendedMasterSecretExtension.java
View File

@ -119,7 +119,7 @@ final class ExtendedMasterSecretExtension {
if (!chc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) ||
!SSLConfiguration.useExtendedMasterSecret ||
!chc.conContext.protocolVersion.useTLS10PlusSpec()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extended_master_secret extension");
@ -163,7 +163,7 @@ final class ExtendedMasterSecretExtension {
if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) ||
!SSLConfiguration.useExtendedMasterSecret ||
!shc.negotiatedProtocol.useTLS10PlusSpec()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Ignore unavailable extension: " +
CH_EXTENDED_MASTER_SECRET.name);
@ -184,7 +184,7 @@ final class ExtendedMasterSecretExtension {
// with a full handshake.
shc.isResumption = false;
shc.resumingSession = null;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"abort session resumption which did not use " +
@ -216,7 +216,7 @@ final class ExtendedMasterSecretExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) ||
!SSLConfiguration.useExtendedMasterSecret) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Ignore unavailable extension: " +
CH_EXTENDED_MASTER_SECRET.name);
@ -256,7 +256,7 @@ final class ExtendedMasterSecretExtension {
} else { // Otherwise, continue with a full handshake.
shc.isResumption = false;
shc.resumingSession = null;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"abort session resumption, " +

16
src/java.base/share/classes/sun/security/ssl/Finished.java
View File

@ -390,7 +390,7 @@ final class Finished {
// Change write cipher and delivery ChangeCipherSpec message.
ChangeCipherSpec.t10Producer.produce(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced client Finished handshake message", fm);
}
@ -453,7 +453,7 @@ final class Finished {
// Change write cipher and delivery ChangeCipherSpec message.
ChangeCipherSpec.t10Producer.produce(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced server Finished handshake message", fm);
}
@ -542,7 +542,7 @@ final class Finished {
private void onConsumeFinished(ClientHandshakeContext chc,
ByteBuffer message) throws IOException {
FinishedMessage fm = new FinishedMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming server Finished handshake message", fm);
}
@ -602,7 +602,7 @@ final class Finished {
}
FinishedMessage fm = new FinishedMessage(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming client Finished handshake message", fm);
}
@ -681,7 +681,7 @@ final class Finished {
chc.handshakeHash.update();
FinishedMessage fm = new FinishedMessage(chc);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced client Finished handshake message", fm);
}
@ -778,7 +778,7 @@ final class Finished {
shc.handshakeHash.update();
FinishedMessage fm = new FinishedMessage(shc);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced server Finished handshake message", fm);
}
@ -930,7 +930,7 @@ final class Finished {
}
FinishedMessage fm = new FinishedMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming server Finished handshake message", fm);
}
@ -1073,7 +1073,7 @@ final class Finished {
}
FinishedMessage fm = new FinishedMessage(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming client Finished handshake message", fm);
}

12
src/java.base/share/classes/sun/security/ssl/HandshakeContext.java
View File

@ -284,7 +284,7 @@ abstract class HandshakeContext implements ConnectionContext {
found = true;
break;
}
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"Ignore unsupported cipher suite: " + suite +
@ -292,7 +292,7 @@ abstract class HandshakeContext implements ConnectionContext {
}
}
if (!found && (SSLLogger.logging) &&
if (!found && (SSLLogger.isOn()) &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No available cipher suite for " + protocol.name);
@ -337,7 +337,7 @@ abstract class HandshakeContext implements ConnectionContext {
}
if (!isSupported &&
SSLLogger.logging &&
SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Ignore unsupported cipher suite: " + suite);
@ -559,7 +559,7 @@ abstract class HandshakeContext implements ConnectionContext {
cachedStatus.put(groupType, groupAvailable);
if (!groupAvailable &&
SSLLogger.logging &&
SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine(
"No activated named group in " + groupType);
@ -574,14 +574,14 @@ abstract class HandshakeContext implements ConnectionContext {
}
}
if (!retval && SSLLogger.logging &&
if (!retval && SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("No active named group(s), ignore " + suite);
}
return retval;
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("Ignore disabled cipher suite: " + suite);
}

2
src/java.base/share/classes/sun/security/ssl/HandshakeOutStream.java
View File

@ -61,7 +61,7 @@ public class HandshakeOutStream extends ByteArrayOutputStream {
if (!outputRecord.isClosed()) {
outputRecord.encodeHandshake(buf, 0, count);
} else {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"handshake messages", ByteBuffer.wrap(buf, 0, count));
}

10
src/java.base/share/classes/sun/security/ssl/HelloRequest.java
View File

@ -101,7 +101,7 @@ final class HelloRequest {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
HelloRequestMessage hrm = new HelloRequestMessage(shc);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced HelloRequest handshake message", hrm);
}
@ -137,7 +137,7 @@ final class HelloRequest {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
HelloRequestMessage hrm = new HelloRequestMessage(shc);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced HelloRequest handshake message", hrm);
}
@ -177,7 +177,7 @@ final class HelloRequest {
// be sent by the server at any time. Please don't clean up this
// handshake consumer.
HelloRequestMessage hrm = new HelloRequestMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming HelloRequest handshake message", hrm);
}
@ -190,7 +190,7 @@ final class HelloRequest {
}
if (!chc.conContext.secureRenegotiation) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Continue with insecure renegotiation");
@ -207,7 +207,7 @@ final class HelloRequest {
//
SSLHandshake.CLIENT_HELLO.produce(context, hrm);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore HelloRequest, handshaking is in progress");

4
src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java
View File

@ -140,7 +140,7 @@ final class HelloVerifyRequest {
HelloVerifyRequestMessage hvrm =
new HelloVerifyRequestMessage(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced HelloVerifyRequest handshake message", hvrm);
}
@ -197,7 +197,7 @@ final class HelloVerifyRequest {
HelloVerifyRequestMessage hvrm =
new HelloVerifyRequestMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming HelloVerifyRequest handshake message", hvrm);
}

32
src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java
View File

@ -90,7 +90,7 @@ final class KeyShareExtension {
Record.putInt16(m, namedGroupId);
Record.putBytes16(m, keyExchange);
} catch (IOException ioe) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Unlikely IOException", ioe);
@ -223,7 +223,7 @@ final class KeyShareExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable key_share extension");
@ -239,7 +239,7 @@ final class KeyShareExtension {
namedGroups = chc.clientRequestedNamedGroups;
if (namedGroups == null || namedGroups.isEmpty()) {
// No supported groups.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore key_share extension, no supported groups");
@ -290,7 +290,7 @@ final class KeyShareExtension {
NamedGroup ng) {
SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
if (ke == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"No key exchange for named group " + ng.name);
@ -327,7 +327,7 @@ final class KeyShareExtension {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
if (shc.handshakeExtensions.containsKey(SSLExtension.CH_KEY_SHARE)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"The key_share extension has been loaded");
@ -337,7 +337,7 @@ final class KeyShareExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable key_share extension");
@ -352,7 +352,7 @@ final class KeyShareExtension {
NamedGroup ng = NamedGroup.valueOf(entry.namedGroupId);
if (ng == null || !NamedGroup.isActivatable(shc.sslConfig,
shc.algorithmConstraints, ng)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unsupported named group: " +
@ -370,7 +370,7 @@ final class KeyShareExtension {
if (!shc.algorithmConstraints.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
namedGroupCredentials.getPublicKey())) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"key share entry of " + ng + " does not " +
@ -385,7 +385,7 @@ final class KeyShareExtension {
credentials.add(kaCred);
}
} catch (GeneralSecurityException ex) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Cannot decode named group: " +
@ -529,7 +529,7 @@ final class KeyShareExtension {
SSLExtension.CH_KEY_SHARE);
if (kss == null) {
// Unlikely, no key_share extension requested.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore, no client key_share extension");
@ -539,7 +539,7 @@ final class KeyShareExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.SH_KEY_SHARE)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore, no available server key_share extension");
@ -551,7 +551,7 @@ final class KeyShareExtension {
if ((shc.handshakeCredentials == null) ||
shc.handshakeCredentials.isEmpty()) {
// Unlikely, HelloRetryRequest should be used earlier.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"No available client key share entries");
@ -572,7 +572,7 @@ final class KeyShareExtension {
SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
if (ke == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"No key exchange for named group " + ng.name);
@ -608,7 +608,7 @@ final class KeyShareExtension {
if (keyShare == null) {
// Unlikely, HelloRetryRequest should be used instead earlier.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"No available server key_share extension");
@ -720,7 +720,7 @@ final class KeyShareExtension {
ClientHandshakeContext chc = (ClientHandshakeContext)context;
// Cannot use the previous requested key shares anymore.
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No key_share extension in ServerHello, " +
"cleanup the key shares if necessary");
@ -813,7 +813,7 @@ final class KeyShareExtension {
for (NamedGroup ng : shc.clientRequestedNamedGroups) {
if (NamedGroup.isActivatable(shc.sslConfig,
shc.algorithmConstraints, ng)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"HelloRetryRequest selected named group: " +

8
src/java.base/share/classes/sun/security/ssl/KeyUpdate.java
View File

@ -191,7 +191,7 @@ final class KeyUpdate {
// The consuming happens in client side only.
PostHandshakeContext hc = (PostHandshakeContext)context;
KeyUpdateMessage km = new KeyUpdateMessage(hc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming KeyUpdate post-handshake message", km);
}
@ -235,7 +235,7 @@ final class KeyUpdate {
rc.baseSecret = nplus1;
hc.conContext.inputRecord.changeReadCiphers(rc);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("KeyUpdate: read key updated");
}
} catch (GeneralSecurityException gse) {
@ -276,7 +276,7 @@ final class KeyUpdate {
return null;
}
KeyUpdateMessage km = (KeyUpdateMessage)message;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced KeyUpdate post-handshake message", km);
}
@ -328,7 +328,7 @@ final class KeyUpdate {
// changeWriteCiphers() implementation.
wc.baseSecret = nplus1;
hc.conContext.outputRecord.changeWriteCiphers(wc, km.status.id);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("KeyUpdate: write key updated");
}

18
src/java.base/share/classes/sun/security/ssl/MaxFragExtension.java
View File

@ -176,7 +176,7 @@ final class MaxFragExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_MAX_FRAGMENT_LENGTH)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable max_fragment_length extension");
@ -214,7 +214,7 @@ final class MaxFragExtension {
} else {
// log and ignore, no MFL extension.
chc.maxFragmentLength = -1;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No available max_fragment_length extension can " +
@ -245,7 +245,7 @@ final class MaxFragExtension {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
if (!shc.sslConfig.isAvailable(CH_MAX_FRAGMENT_LENGTH)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable max_fragment_length extension");
@ -291,7 +291,7 @@ final class MaxFragExtension {
MaxFragLenSpec spec = (MaxFragLenSpec)
shc.handshakeExtensions.get(CH_MAX_FRAGMENT_LENGTH);
if (spec == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Ignore unavailable max_fragment_length extension");
@ -309,7 +309,7 @@ final class MaxFragExtension {
// For better interoperability, abort the maximum
// fragment length negotiation, rather than terminate
// the connection with a fatal alert.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Abort the maximum fragment length negotiation, " +
@ -418,7 +418,7 @@ final class MaxFragExtension {
// For better interoperability, abort the maximum
// fragment length negotiation, rather than terminate
// the connection with a fatal alert.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Abort the maximum fragment length negotiation, " +
@ -461,7 +461,7 @@ final class MaxFragExtension {
MaxFragLenSpec spec = (MaxFragLenSpec)
shc.handshakeExtensions.get(CH_MAX_FRAGMENT_LENGTH);
if (spec == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Ignore unavailable max_fragment_length extension");
@ -479,7 +479,7 @@ final class MaxFragExtension {
// For better interoperability, abort the maximum
// fragment length negotiation, rather than terminate
// the connection with a fatal alert.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Abort the maximum fragment length negotiation, " +
@ -586,7 +586,7 @@ final class MaxFragExtension {
// For better interoperability, abort the maximum
// fragment length negotiation, rather than terminate
// the connection with a fatal alert.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Abort the maximum fragment length negotiation, " +

8
src/java.base/share/classes/sun/security/ssl/NamedGroup.java
View File

@ -273,7 +273,7 @@ enum NamedGroup {
| NoSuchAlgorithmException exp) {
if (namedGroupSpec != NamedGroupSpec.NAMED_GROUP_XDH) {
mediator = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"No AlgorithmParameters for " + name, exp);
@ -295,7 +295,7 @@ enum NamedGroup {
// AlgorithmParameters.getInstance(name);
} catch (NoSuchAlgorithmException nsae) {
mediator = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"No AlgorithmParameters for " + name, nsae);
@ -384,7 +384,7 @@ enum NamedGroup {
for (String ss : namedGroups) {
NamedGroup ng = NamedGroup.nameOf(ss);
if (ng == null || !ng.isAvailable) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Ignore the named group (" + ss
@ -813,7 +813,7 @@ enum NamedGroup {
}
if (groupList.isEmpty() &&
SSLLogger.logging &&
SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("No default named groups");
}

38
src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java
View File

@ -202,7 +202,7 @@ final class NewSessionTicket {
this.ticket = Record.getBytes16(m);
if (ticket.length == 0) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"No ticket in the NewSessionTicket handshake message");
@ -330,7 +330,7 @@ final class NewSessionTicket {
if (hc instanceof ServerHandshakeContext) {
// Is this session resumable?
if (!hc.handshakeSession.isRejoinable()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("No session ticket produced: " +
"session is not resumable");
@ -349,7 +349,7 @@ final class NewSessionTicket {
SSLExtension.PSK_KEY_EXCHANGE_MODES);
if (pkemSpec == null ||
!pkemSpec.contains(PskKeyExchangeMode.PSK_DHE_KE)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("No session ticket produced: " +
"client does not support psk_dhe_ke");
@ -361,7 +361,7 @@ final class NewSessionTicket {
// Check if we have sent a PSK already, then we know it is
// using an allowable PSK exchange key mode.
if (!hc.handshakeSession.isPSKable()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("No session ticket produced: " +
"No session ticket allowed in this session");
@ -376,7 +376,7 @@ final class NewSessionTicket {
hc.sslContext.engineGetServerSessionContext();
int sessionTimeoutSeconds = sessionCache.getSessionTimeout();
if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("No session ticket produced: " +
"session timeout is too long");
@ -464,7 +464,7 @@ final class NewSessionTicket {
if (!nstm.isValid()) {
hc.statelessResumption = false;
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced NewSessionTicket stateless " +
"post-handshake message", nstm);
@ -480,7 +480,7 @@ final class NewSessionTicket {
sessionCache.getSessionTimeout(),
hc.sslContext.getSecureRandom(), nonce,
newId.getId());
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced NewSessionTicket " +
"post-handshake message", nstm);
@ -495,7 +495,7 @@ final class NewSessionTicket {
return nstm;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("No NewSessionTicket created");
}
@ -533,7 +533,7 @@ final class NewSessionTicket {
shc.sslContext.engineGetServerSessionContext();
int sessionTimeoutSeconds = sessionCache.getSessionTimeout();
if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Session timeout is too long. No ticket sent.");
@ -548,7 +548,7 @@ final class NewSessionTicket {
NewSessionTicketMessage nstm = new T12NewSessionTicketMessage(shc,
sessionTimeoutSeconds,
new SessionTicketSpec().encrypt(shc, sessionCopy));
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced NewSessionTicket stateless handshake message",
nstm);
@ -587,7 +587,7 @@ final class NewSessionTicket {
HandshakeContext hc = (HandshakeContext)context;
NewSessionTicketMessage nstm =
new T13NewSessionTicketMessage(hc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming NewSessionTicket message", nstm);
}
@ -598,7 +598,7 @@ final class NewSessionTicket {
// discard tickets with timeout 0
if (nstm.ticketLifetime <= 0 ||
nstm.ticketLifetime > MAX_TICKET_LIFETIME) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Discarding NewSessionTicket with lifetime " +
@ -608,7 +608,7 @@ final class NewSessionTicket {
}
if (sessionCache.getSessionTimeout() > MAX_TICKET_LIFETIME) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Session cache lifetime is too long. " +
@ -621,7 +621,7 @@ final class NewSessionTicket {
SecretKey resumptionMasterSecret =
sessionToSave.getResumptionMasterSecret();
if (resumptionMasterSecret == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Session has no resumption master secret. " +
@ -648,7 +648,7 @@ final class NewSessionTicket {
sessionCopy.setPskIdentity(nstm.ticket);
sessionCache.put(sessionCopy, sessionCopy.isPSK());
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("MultiNST PSK (Server): " +
Utilities.toHexString(Arrays.copyOf(nstm.ticket, 16)));
}
@ -676,7 +676,7 @@ final class NewSessionTicket {
NewSessionTicketMessage nstm = new T12NewSessionTicketMessage(hc,
message);
if (nstm.ticket.length == 0) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("NewSessionTicket ticket was empty");
}
@ -686,7 +686,7 @@ final class NewSessionTicket {
// discard tickets with timeout 0
if (nstm.ticketLifetime <= 0 ||
nstm.ticketLifetime > MAX_TICKET_LIFETIME) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Discarding NewSessionTicket with lifetime " +
@ -699,7 +699,7 @@ final class NewSessionTicket {
hc.sslContext.engineGetClientSessionContext();
if (sessionCache.getSessionTimeout() > MAX_TICKET_LIFETIME) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Session cache lifetime is too long. " +
@ -709,7 +709,7 @@ final class NewSessionTicket {
}
hc.handshakeSession.setPskIdentity(nstm.ticket);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Consuming NewSessionTicket\n" + nstm);
}
}

4
src/java.base/share/classes/sun/security/ssl/OutputRecord.java
View File

@ -188,7 +188,7 @@ abstract class OutputRecord
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"change_cipher_spec message");
}
@ -222,7 +222,7 @@ abstract class OutputRecord
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"key_update handshake message");
}

34
src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java
View File

@ -341,7 +341,7 @@ final class PreSharedKeyExtension {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SSLExtension.CH_PRE_SHARED_KEY)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable pre_shared_key extension");
@ -394,7 +394,7 @@ final class PreSharedKeyExtension {
}
}
if (b == null || s == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Stateless session ticket invalid");
@ -403,7 +403,7 @@ final class PreSharedKeyExtension {
}
if (s != null && canRejoin(clientHello, shc, s)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Resuming session: ", s);
}
@ -437,7 +437,7 @@ final class PreSharedKeyExtension {
// Check protocol version
if (result && s.getProtocolVersion() != shc.negotiatedProtocol) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest("Can't resume, incorrect protocol version");
@ -451,7 +451,7 @@ final class PreSharedKeyExtension {
try {
s.getPeerPrincipal();
} catch (SSLPeerUnverifiedException e) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, " +
@ -468,7 +468,7 @@ final class PreSharedKeyExtension {
if (result &&
!shc.localSupportedCertSignAlgs.containsAll(sessionSigAlgs)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Can't resume. Session uses different " +
"signature algorithms");
@ -483,7 +483,7 @@ final class PreSharedKeyExtension {
if (result && identityAlg != null) {
String sessionIdentityAlg = s.getIdentificationProtocol();
if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest("Can't resume, endpoint id" +
@ -497,7 +497,7 @@ final class PreSharedKeyExtension {
// Ensure cipher suite can be negotiated
if (result && (!shc.isNegotiable(s.getSuite()) ||
!clientHello.cipherSuites.contains(s.getSuite()))) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Can't resume, unavailable session cipher suite");
@ -656,7 +656,7 @@ final class PreSharedKeyExtension {
// The producing happens in client side only.
ClientHandshakeContext chc = (ClientHandshakeContext)context;
if (!chc.isResumption || chc.resumingSession == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("No session to resume.");
}
@ -667,7 +667,7 @@ final class PreSharedKeyExtension {
Collection<SignatureScheme> sessionSigAlgs =
chc.resumingSession.getLocalSupportedSignatureSchemes();
if (!chc.localSupportedCertSignAlgs.containsAll(sessionSigAlgs)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Existing session uses different " +
"signature algorithms");
@ -678,7 +678,7 @@ final class PreSharedKeyExtension {
// The session must have a pre-shared key
SecretKey psk = chc.resumingSession.getPreSharedKey();
if (psk == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Existing session has no PSK.");
}
@ -693,7 +693,7 @@ final class PreSharedKeyExtension {
}
if (chc.pskIdentity == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"PSK has no identity, or identity was already used");
@ -706,7 +706,7 @@ final class PreSharedKeyExtension {
chc.sslContext.engineGetClientSessionContext();
sessionCache.remove(chc.resumingSession.getSessionId(), true);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Found resumable session. Preparing PSK message.");
SSLLogger.fine(
@ -843,7 +843,7 @@ final class PreSharedKeyExtension {
public void absent(ConnectionContext context,
HandshakeMessage message) throws IOException {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Handling pre_shared_key absence.");
}
@ -908,7 +908,7 @@ final class PreSharedKeyExtension {
}
SHPreSharedKeySpec shPsk = new SHPreSharedKeySpec(chc, buffer);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Received pre_shared_key extension: ", shPsk);
}
@ -918,7 +918,7 @@ final class PreSharedKeyExtension {
"Selected identity index is not in correct range.");
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Resuming session: ", chc.resumingSession);
}
@ -932,7 +932,7 @@ final class PreSharedKeyExtension {
HandshakeMessage message) throws IOException {
ClientHandshakeContext chc = (ClientHandshakeContext)context;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Handling pre_shared_key absence.");
}

6
src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java
View File

@ -246,7 +246,7 @@ final class PredefinedDHParameterSpecs {
Matcher spacesMatcher = spacesPattern.matcher(property);
property = spacesMatcher.replaceAll("");
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
SSLLogger.fine(
"The Security Property " +
PROPERTY_NAME + ": " + property);
@ -262,7 +262,7 @@ final class PredefinedDHParameterSpecs {
String primeModulus = paramsFinder.group(1);
BigInteger p = new BigInteger(primeModulus, 16);
if (!p.isProbablePrime(PRIME_CERTAINTY)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
SSLLogger.fine(
"Prime modulus p in Security Property, " +
@ -280,7 +280,7 @@ final class PredefinedDHParameterSpecs {
DHParameterSpec spec = new DHParameterSpec(p, g);
defaultParams.put(primeLen, spec);
}
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
SSLLogger.fine("Invalid Security Property, " +
PROPERTY_NAME + ", definition");

8
src/java.base/share/classes/sun/security/ssl/PskKeyExchangeModesExtension.java
View File

@ -184,7 +184,7 @@ final class PskKeyExchangeModesExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.PSK_KEY_EXCHANGE_MODES)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable psk_key_exchange_modes extension");
@ -217,7 +217,7 @@ final class PskKeyExchangeModesExtension {
if (!spec.contains(PskKeyExchangeMode.PSK_DHE_KE)) {
shc.isResumption = false;
shc.resumingSession = null;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"abort session resumption, " +
@ -249,7 +249,7 @@ final class PskKeyExchangeModesExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.PSK_KEY_EXCHANGE_MODES)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore unavailable psk_key_exchange_modes extension");
@ -290,7 +290,7 @@ final class PskKeyExchangeModesExtension {
if (shc.isResumption) { // resumingSession may not be set
shc.isResumption = false;
shc.resumingSession = null;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"abort session resumption, " +

8
src/java.base/share/classes/sun/security/ssl/QuicEngineOutputRecord.java
View File

@ -75,14 +75,14 @@ final class QuicEngineOutputRecord extends OutputRecord implements SSLRecord {
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"alert message: " + Alert.nameOf(description));
}
return;
}
if (level == Alert.Level.WARNING.level) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("Suppressing warning-level " +
"alert message: " + Alert.nameOf(description));
}
@ -90,7 +90,7 @@ final class QuicEngineOutputRecord extends OutputRecord implements SSLRecord {
}
if (alert != null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("Suppressing subsequent alert: " +
description + ", original: " + alert.id);
}
@ -109,7 +109,7 @@ final class QuicEngineOutputRecord extends OutputRecord implements SSLRecord {
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"handshake message",
ByteBuffer.wrap(source, offset, length));

26
src/java.base/share/classes/sun/security/ssl/QuicKeyManager.java
View File

@ -244,7 +244,7 @@ sealed abstract class QuicKeyManager
if (toDiscard == null) {
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("discarding keys (keyphase="
+ toDiscard.writeCipher.getKeyPhase()
+ ") of " + this.keySpace + " key space");
@ -389,7 +389,7 @@ sealed abstract class QuicKeyManager
if (toDiscard == null) {
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("discarding keys (keyphase="
+ toDiscard.writeCipher.getKeyPhase()
+ ") of " + this.keySpace + " key space");
@ -570,7 +570,7 @@ sealed abstract class QuicKeyManager
if (series == null) {
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("discarding key (series) of " +
this.keySpace + " key space");
}
@ -611,7 +611,7 @@ sealed abstract class QuicKeyManager
if (series.canUseOldDecryptKey(packetNumber)) {
final QuicReadCipher oldReadCipher = series.old;
assert oldReadCipher != null : "old key is unexpectedly null";
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("using old read key to decrypt packet: " +
packetNumber + ", with incoming key phase: " +
keyPhase + ", current key phase: " +
@ -633,7 +633,7 @@ sealed abstract class QuicKeyManager
// KEY_UPDATE_ERROR. This indicates that a peer has
// received and acknowledged a packet that initiates a key
// update, but has not updated keys in response.
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("peer used incorrect key, was" +
" expected to use updated key of" +
" key phase: " + currentKeyPhase +
@ -646,7 +646,7 @@ sealed abstract class QuicKeyManager
}
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("detected ONE_RTT key update, current key " +
"phase: " + currentKeyPhase
+ ", incoming key phase: " + keyPhase
@ -717,7 +717,7 @@ sealed abstract class QuicKeyManager
}
final long numEncrypted = cipher.getNumEncrypted();
if (numEncrypted >= 0.8 * confidentialityLimit) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("about to reach confidentiality limit, " +
"attempting to initiate a 1-RTT key update," +
" packet number: " +
@ -732,7 +732,7 @@ sealed abstract class QuicKeyManager
: "key phase of updated key unexpectedly matches " +
"the key phase "
+ cipher.getKeyPhase() + " of current keys";
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest(
"1-RTT key update initiated, new key phase: "
+ newKeyPhase);
@ -755,7 +755,7 @@ sealed abstract class QuicKeyManager
// current key phase. This ensures that keys are
// available to both peers before
// another key update can be initiated.
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest(
"skipping key update initiation because peer " +
"hasn't yet sent us a packet encrypted with " +
@ -803,7 +803,7 @@ sealed abstract class QuicKeyManager
// (we avoid timing attacks by not generating
// keys during decryption, our key generation
// only happens during encryption)
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("next keys unavailable," +
" won't decrypt a packet which appears to be" +
" a key update");
@ -815,7 +815,7 @@ sealed abstract class QuicKeyManager
// use the next keys to attempt decrypting
currentKeySeries.next.readCipher.decryptPacket(packetNumber, packet,
headerLength, output);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest(
"decrypted using next keys for peer-initiated" +
" key update; will now switch to new key phase: " +
@ -1025,14 +1025,14 @@ sealed abstract class QuicKeyManager
// update the key series
this.keySeries = newSeries;
if (oldReadCipher != null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest(
"discarding old read key of key phase: " +
oldReadCipher.getKeyPhase());
}
oldReadCipher.discard(false);
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("discarding write key of key phase: " +
writeCipherToDiscard.getKeyPhase());
}

6
src/java.base/share/classes/sun/security/ssl/QuicTLSEngineImpl.java
View File

@ -560,7 +560,7 @@ public final class QuicTLSEngineImpl implements QuicTLSEngine, SSLTransport {
// incoming crypto buffer is null. Validate message type,
// check if size is available
byte messageType = payload.get(payload.position());
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("Received message of type 0x" +
Integer.toHexString(messageType & 0xFF));
}
@ -835,7 +835,7 @@ public final class QuicTLSEngineImpl implements QuicTLSEngine, SSLTransport {
final boolean confirmed = HANDSHAKE_STATE_HANDLE.compareAndSet(this,
NEED_SEND_HANDSHAKE_DONE, HANDSHAKE_CONFIRMED);
if (confirmed) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("QuicTLSEngine (server) marked handshake " +
"state as HANDSHAKE_CONFIRMED");
}
@ -853,7 +853,7 @@ public final class QuicTLSEngineImpl implements QuicTLSEngine, SSLTransport {
final boolean confirmed = HANDSHAKE_STATE_HANDLE.compareAndSet(this,
NEED_RECV_HANDSHAKE_DONE, HANDSHAKE_CONFIRMED);
if (confirmed) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine(
"QuicTLSEngine (client) received HANDSHAKE_DONE," +
" marking state as HANDSHAKE_DONE");

4
src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java
View File

@ -190,7 +190,7 @@ final class RSAClientKeyExchange {
throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
"Cannot generate RSA premaster secret", gse);
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced RSA ClientKeyExchange handshake message", ckem);
}
@ -270,7 +270,7 @@ final class RSAClientKeyExchange {
RSAClientKeyExchangeMessage ckem =
new RSAClientKeyExchangeMessage(shc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming RSA ClientKeyExchange handshake message", ckem);
}

11
src/java.base/share/classes/sun/security/ssl/RSAKeyExchange.java
View File

@ -35,7 +35,6 @@ import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
@ -150,7 +149,7 @@ final class RSAKeyExchange {
needFailover = !KeyUtil.isOracleJCEProvider(
cipher.getProvider().getName());
} catch (InvalidKeyException | UnsupportedOperationException iue) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("The Cipher provider "
+ safeProviderName(cipher)
@ -198,7 +197,7 @@ final class RSAKeyExchange {
try {
return cipher.getProvider().toString();
} catch (Exception e) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Retrieving The Cipher provider name" +
" caused exception ", e);
@ -207,7 +206,7 @@ final class RSAKeyExchange {
try {
return cipher.toString() + " (provider name not available)";
} catch (Exception e) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Retrieving The Cipher name" +
" caused exception ", e);
@ -223,7 +222,7 @@ final class RSAKeyExchange {
int clientVersion, int serverVersion, byte[] encodedSecret,
SecureRandom generator) throws GeneralSecurityException {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Generating a premaster secret");
}
@ -238,7 +237,7 @@ final class RSAKeyExchange {
} catch (InvalidAlgorithmParameterException |
NoSuchAlgorithmException iae) {
// unlikely to happen, otherwise, must be a provider exception
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("RSA premaster secret generation error", iae);
}

4
src/java.base/share/classes/sun/security/ssl/RSAServerKeyExchange.java
View File

@ -264,7 +264,7 @@ final class RSAServerKeyExchange {
RSAServerKeyExchangeMessage skem =
new RSAServerKeyExchangeMessage(
shc, x509Possession, rsaPossession);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced RSA ServerKeyExchange handshake message", skem);
}
@ -296,7 +296,7 @@ final class RSAServerKeyExchange {
RSAServerKeyExchangeMessage skem =
new RSAServerKeyExchangeMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming RSA ServerKeyExchange handshake message", skem);
}

24
src/java.base/share/classes/sun/security/ssl/RenegoInfoExtension.java
View File

@ -138,7 +138,7 @@ final class RenegoInfoExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_RENEGOTIATION_INFO)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable renegotiation_info extension");
@ -183,7 +183,7 @@ final class RenegoInfoExtension {
return extData;
} else { // not secure renegotiation
if (HandshakeContext.allowUnsafeRenegotiation) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("Using insecure renegotiation");
}
@ -218,7 +218,7 @@ final class RenegoInfoExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_RENEGOTIATION_INFO)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Ignore unavailable extension: " +
CH_RENEGOTIATION_INFO.name);
@ -283,7 +283,7 @@ final class RenegoInfoExtension {
for (int id : clientHello.cipherSuiteIds) {
if (id ==
CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV.id) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Safe renegotiation, using the SCSV signaling");
@ -298,7 +298,7 @@ final class RenegoInfoExtension {
"Failed to negotiate the use of secure renegotiation");
} // otherwise, allow legacy hello message
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("Warning: No renegotiation " +
"indication in ClientHello, allow legacy ClientHello");
@ -311,14 +311,14 @@ final class RenegoInfoExtension {
"Inconsistent secure renegotiation indication");
} else { // renegotiation, not secure
if (HandshakeContext.allowUnsafeRenegotiation) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("Using insecure renegotiation");
}
} else {
// Unsafe renegotiation should have been aborted in
// earlier processes.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Terminate insecure renegotiation");
}
@ -352,7 +352,7 @@ final class RenegoInfoExtension {
if (requestedSpec == null && !shc.conContext.secureRenegotiation) {
// Ignore, no renegotiation_info extension or SCSV signaling
// requested.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Ignore unavailable renegotiation_info extension");
@ -362,7 +362,7 @@ final class RenegoInfoExtension {
if (!shc.conContext.secureRenegotiation) {
// Ignore, no secure renegotiation is negotiated.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"No secure renegotiation has been negotiated");
@ -524,7 +524,7 @@ final class RenegoInfoExtension {
"Failed to negotiate the use of secure renegotiation");
} // otherwise, allow legacy hello message
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("Warning: No renegotiation " +
"indication in ServerHello, allow legacy ServerHello");
@ -537,14 +537,14 @@ final class RenegoInfoExtension {
"Inconsistent secure renegotiation indication");
} else { // renegotiation, not secure
if (HandshakeContext.allowUnsafeRenegotiation) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("Using insecure renegotiation");
}
} else {
// Unsafe renegotiation should have been aborted in
// earlier processes.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Terminate insecure renegotiation");
}

2
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
View File

@ -454,7 +454,7 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints {
.equalsIgnoreCase(paramDigestAlg));
} catch (InvalidParameterSpecException e) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("Invalid AlgorithmParameters: "
+ parameters + "; Error: " + e.getMessage());
}

44
src/java.base/share/classes/sun/security/ssl/SSLCipher.java
View File

@ -392,7 +392,7 @@ enum SSLCipher {
if (values[1].contains(tag[0])) {
index = 0;
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("jdk.tls.keyLimits: Unknown action: " +
entry);
@ -414,14 +414,14 @@ enum SSLCipher {
"Length exceeded limits");
}
} catch (NumberFormatException e) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("jdk.tls.keyLimits: " + e.getMessage() +
": " + entry);
}
continue;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("jdk.tls.keyLimits: entry = " + entry +
". " + values[0] + ":" + tag[index] + " = " + size);
}
@ -470,7 +470,7 @@ enum SSLCipher {
Cipher.getInstance(transformation);
return true;
} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("Transformation " + transformation + " is" +
" not available.");
}
@ -862,7 +862,7 @@ enum SSLCipher {
"JCE provider " + cipher.getProvider().getName(), sbe);
}
pt.position(pos);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Plaintext after DECRYPTION", pt.duplicate());
@ -933,7 +933,7 @@ enum SSLCipher {
authenticator.increaseSequenceNumber();
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.finest(
"Padded plaintext before ENCRYPTION", bb.duplicate());
@ -1054,7 +1054,7 @@ enum SSLCipher {
"JCE provider " + cipher.getProvider().getName(), sbe);
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Padded plaintext after DECRYPTION",
@ -1187,7 +1187,7 @@ enum SSLCipher {
int len = addPadding(bb, blockSize);
bb.position(pos);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Padded plaintext before ENCRYPTION",
bb.duplicate());
@ -1331,7 +1331,7 @@ enum SSLCipher {
"JCE provider " + cipher.getProvider().getName(), sbe);
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine("Padded plaintext after DECRYPTION",
pt.duplicate().position(pos));
@ -1484,7 +1484,7 @@ enum SSLCipher {
int len = addPadding(bb, blockSize);
bb.position(pos);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Padded plaintext before ENCRYPTION",
@ -1657,7 +1657,7 @@ enum SSLCipher {
pt.position(pos);
pt.limit(pos + len);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Plaintext after DECRYPTION", pt.duplicate());
@ -1745,7 +1745,7 @@ enum SSLCipher {
// DON'T encrypt the nonce for AEAD mode.
int len, pos = bb.position();
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Plaintext before ENCRYPTION",
@ -1832,7 +1832,7 @@ enum SSLCipher {
keyLimitCountdown = cipherLimits.getOrDefault(
algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("KeyLimit read side: algorithm = " +
algorithm + ":" + tag[0] +
"\ncountdown value = " + keyLimitCountdown);
@ -1941,7 +1941,7 @@ enum SSLCipher {
contentType = pt.get(i);
pt.limit(i);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Plaintext after DECRYPTION", pt.duplicate());
@ -1994,7 +1994,7 @@ enum SSLCipher {
keyLimitCountdown = cipherLimits.getOrDefault(
algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("KeyLimit write side: algorithm = "
+ algorithm + ":" + tag[0] +
"\ncountdown value = " + keyLimitCountdown);
@ -2036,7 +2036,7 @@ enum SSLCipher {
cipher.updateAAD(aad);
int len, pos = bb.position();
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Plaintext before ENCRYPTION",
@ -2193,7 +2193,7 @@ enum SSLCipher {
pt.position(pos);
pt.limit(pos + len);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Plaintext after DECRYPTION", pt.duplicate());
@ -2243,7 +2243,7 @@ enum SSLCipher {
keyLimitCountdown = cipherLimits.getOrDefault(
algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("algorithm = " + algorithm +
":" + tag[0] + "\ncountdown value = " +
keyLimitCountdown);
@ -2285,7 +2285,7 @@ enum SSLCipher {
// DON'T encrypt the nonce for AEAD mode.
int pos = bb.position();
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Plaintext before ENCRYPTION",
@ -2463,7 +2463,7 @@ enum SSLCipher {
contentType = pt.get(i);
pt.limit(i);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Plaintext after DECRYPTION", pt.duplicate());
@ -2513,7 +2513,7 @@ enum SSLCipher {
keyLimitCountdown = cipherLimits.getOrDefault(
algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("algorithm = " + algorithm +
":" + tag[0] + "\ncountdown value = " +
keyLimitCountdown);
@ -2555,7 +2555,7 @@ enum SSLCipher {
cipher.updateAAD(aad);
int pos = bb.position();
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) {
SSLLogger.fine(
"Plaintext before ENCRYPTION",

8
src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java
View File

@ -204,7 +204,7 @@ final class SSLConfiguration implements Cloneable {
if (nstServerCount == null || nstServerCount < 0 ||
nstServerCount > 10) {
serverNewSessionTicketCount = SERVER_NST_DEFAULT;
if (nstServerCount != null && SSLLogger.logging &&
if (nstServerCount != null && SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"jdk.tls.server.newSessionTicketCount defaults to " +
@ -213,7 +213,7 @@ final class SSLConfiguration implements Cloneable {
}
} else {
serverNewSessionTicketCount = nstServerCount;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"jdk.tls.server.newSessionTicketCount set to " +
serverNewSessionTicketCount);
@ -586,7 +586,7 @@ final class SSLConfiguration implements Cloneable {
String property = System.getProperty(propertyName);
// this method is called from class initializer; logging here
// will occasionally pin threads and deadlock if called from a virtual thread
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)
&& !Thread.currentThread().isVirtual()) {
SSLLogger.fine(
"System property " + propertyName + " is set to '" +
@ -615,7 +615,7 @@ final class SSLConfiguration implements Cloneable {
if (scheme != null && scheme.isAvailable) {
signatureSchemes.add(schemeName);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSLCTX)
&& !Thread.currentThread().isVirtual()) {
SSLLogger.fine(

32
src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
View File

@ -104,11 +104,11 @@ public abstract class SSLContextImpl extends SSLContextSpi {
* first connection to time out and fail. Make sure it is
* primed and ready by getting some initial output from it.
*/
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
SSLLogger.finest("trigger seeding of SecureRandom");
}
secureRandom.nextInt();
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
SSLLogger.finest("done seeding of SecureRandom");
}
@ -143,7 +143,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
return (X509ExtendedKeyManager)km;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
SSLLogger.warning(
"X509KeyManager passed to SSLContext.init(): need an " +
"X509ExtendedKeyManager for SSLEngine use");
@ -246,7 +246,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
contextLock.lock();
try {
if (statusResponseManager == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
SSLLogger.finest(
"Initializing StatusResponseManager");
@ -384,7 +384,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
suite.name, null)) {
suites.add(suite);
isSupported = true;
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore disabled cipher suite: " + suite.name);
@ -393,7 +393,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
break;
}
if (!isSupported && SSLLogger.logging &&
if (!isSupported && SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Ignore unsupported cipher suite: " + suite);
@ -411,7 +411,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
String propertyName) {
String property = System.getProperty(propertyName);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
SSLLogger.fine(
"System property " + propertyName + " is set to '" +
property + "'");
@ -438,7 +438,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
try {
suite = CipherSuite.nameOf(cipherSuiteNames[i]);
} catch (IllegalArgumentException iae) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
SSLLogger.fine(
"Unknown or unsupported cipher suite name: " +
@ -451,7 +451,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
if (suite != null && suite.isAvailable()) {
cipherSuites.add(suite);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) {
SSLLogger.fine(
"The current installed providers do not " +
@ -910,7 +910,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
tmMediator = getTrustManagers();
} catch (Exception e) {
reserved = e;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) {
SSLLogger.warning(
"Failed to load default trust managers", e);
@ -923,7 +923,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
kmMediator = getKeyManagers();
} catch (Exception e) {
reserved = e;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) {
SSLLogger.warning(
"Failed to load default key managers", e);
@ -982,7 +982,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
String defaultKeyStore = props.get("keyStore");
String defaultKeyStoreType = props.get("keyStoreType");
String defaultKeyStoreProvider = props.get("keyStoreProvider");
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) {
SSLLogger.fine("keyStore is : " + defaultKeyStore);
SSLLogger.fine("keyStore type is : " +
defaultKeyStoreType);
@ -1012,7 +1012,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
// Try to initialize key store.
if ((defaultKeyStoreType.length()) != 0) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) {
SSLLogger.finest("init keystore");
}
@ -1036,7 +1036,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
/*
* Try to initialize key manager.
*/
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) {
SSLLogger.fine("init keymanager of type " +
KeyManagerFactory.getDefaultAlgorithm());
}
@ -1074,7 +1074,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
// exception object, which may be not garbage collection
// friendly as 'reservedException' is a static filed.
reserved = new KeyManagementException(e.getMessage());
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) {
SSLLogger.warning(
"Failed to load default SSLContext", e);
@ -1104,7 +1104,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
super.engineInit(DefaultManagersHolder.keyManagers,
DefaultManagersHolder.trustManagers, null);
} catch (Exception e) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) {
SSLLogger.fine("default context init failed: ", e);
}

12
src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java
View File

@ -330,7 +330,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
// application data may be discarded accordingly. As could
// be an issue for some applications. This impact can be
// mitigated by sending the last flight twice.
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.finest("retransmit the last flight messages");
}
@ -397,7 +397,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
if ((conContext.handshakeContext == null) &&
!conContext.isOutboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("trigger key update");
}
beginHandshake();
@ -419,7 +419,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
!conContext.isOutboundClosed() &&
!conContext.isInboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("trigger NST");
}
conContext.conSession.updateNST = false;
@ -612,7 +612,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
} catch (SSLException ssle) {
// Need to discard invalid records for DTLS protocols.
if (sslContext.isDTLS()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.finest("Discard invalid DTLS records", ssle);
}
@ -780,7 +780,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("Closing inbound of SSLEngine");
}
@ -819,7 +819,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("Closing outbound of SSLEngine");
}

8
src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java
View File

@ -172,7 +172,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
return null;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine("Raw read", packet);
}
@ -209,7 +209,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
byte minorVersion = packet.get(); // pos: 2
int contentLen = Record.getInt16(packet); // pos: 3, 4
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"READ: " +
ProtocolVersion.nameOf(majorVersion, minorVersion) +
@ -388,7 +388,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
* error message, one that's treated as fatal by
* clients (Otherwise we'll hang.)
*/
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"Requested to negotiate unsupported SSLv2!");
}
@ -410,7 +410,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
ByteBuffer converted = convertToClientHello(packet);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine(
"[Converted] ClientHello", converted);

24
src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java
View File

@ -73,7 +73,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
@Override
void encodeAlert(byte level, byte description) {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"alert message: " + Alert.nameOf(description));
}
@ -91,7 +91,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
void encodeHandshake(byte[] source,
int offset, int length) {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"handshake message",
ByteBuffer.wrap(source, offset, length));
@ -138,7 +138,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
@Override
void encodeChangeCipherSpec() {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"change_cipher_spec message");
}
@ -171,14 +171,14 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws IOException {
if (isClosed) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"application data or cached messages");
}
return null;
} else if (isCloseWaiting) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"application data");
}
@ -193,7 +193,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
ByteBuffer destination) throws IOException {
if (writeCipher.authenticator.seqNumOverflow()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine(
"sequence number extremely close to overflow " +
"(2^64-1 packets). Closing connection.");
@ -275,7 +275,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
destination.limit(destination.position());
destination.position(dstContent);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name + " " +
ContentType.APPLICATION_DATA.name +
@ -288,7 +288,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
dstPos, dstLim, headerSize,
protocolVersion);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
ByteBuffer temporary = destination.duplicate();
temporary.limit(temporary.position());
@ -318,7 +318,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
//
// Please don't change the limit of the destination buffer.
destination.put(SSLRecord.v2NoCipher);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine("Raw write", SSLRecord.v2NoCipher);
}
@ -333,7 +333,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
// deliver the SSLv2 format ClientHello message
//
// Please don't change the limit of the destination buffer.
if (SSLLogger.logging) {
if (SSLLogger.isOn()) {
if (SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(Thread.currentThread().getName() +
", WRITE: SSLv2 ClientHello message" +
@ -527,7 +527,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
dstBuf.limit(dstBuf.position());
dstBuf.position(dstContent);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name + " " +
ContentType.nameOf(memo.contentType) +
@ -545,7 +545,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
memo.encodeCipher.dispose();
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
ByteBuffer temporary = dstBuf.duplicate();
temporary.limit(temporary.position());

2
src/java.base/share/classes/sun/security/ssl/SSLExtension.java
View File

@ -844,7 +844,7 @@ enum SSLExtension implements SSLStringizer {
String property = System.getProperty(propertyName);
// this method is called from class initializer; logging here
// will occasionally pin threads and deadlock if called from a virtual thread
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)
&& !Thread.currentThread().isVirtual()) {
SSLLogger.fine(
"System property " + propertyName + " is set to '" +

30
src/java.base/share/classes/sun/security/ssl/SSLExtensions.java
View File

@ -43,7 +43,7 @@ final class SSLExtensions {
// Extension map for debug logging
private final Map<Integer, byte[]> logMap =
SSLLogger.logging ? new LinkedHashMap<>() : null;
SSLLogger.isOn() ? new LinkedHashMap<>() : null;
SSLExtensions(HandshakeMessage handshakeMessage) {
this.handshakeMessage = handshakeMessage;
@ -93,7 +93,7 @@ final class SSLExtensions {
// However, the implementation of the limit is complicated
// and inefficient, and may not worthy the maintenance.
isSupported = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Received buggy supported_groups extension " +
@ -144,7 +144,7 @@ final class SSLExtensions {
m.get(extData);
logMap.put(extId, extData);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unknown or unsupported extension",
@ -173,7 +173,7 @@ final class SSLExtensions {
for (SSLExtension extension : extensions) {
if (context.negotiatedProtocol != null &&
!extension.isAvailable(context.negotiatedProtocol)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unsupported extension: " + extension.name);
@ -184,7 +184,7 @@ final class SSLExtensions {
if (!extMap.containsKey(extension)) {
if (extension.onLoadAbsence != null) {
extension.absentOnLoad(context, handshakeMessage);
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " + extension.name);
@ -194,7 +194,7 @@ final class SSLExtensions {
if (extension.onLoadConsumer == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore unsupported extension: " + extension.name);
@ -205,7 +205,7 @@ final class SSLExtensions {
ByteBuffer m = ByteBuffer.wrap(extMap.get(extension));
extension.consumeOnLoad(context, handshakeMessage, m);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Consumed extension: " + extension.name);
}
}
@ -220,7 +220,7 @@ final class SSLExtensions {
if (!extMap.containsKey(extension)) {
if (extension.onTradeAbsence != null) {
extension.absentOnTrade(context, handshakeMessage);
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " + extension.name);
@ -229,7 +229,7 @@ final class SSLExtensions {
}
if (extension.onTradeConsumer == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore impact of unsupported extension: " +
@ -239,7 +239,7 @@ final class SSLExtensions {
}
extension.consumeOnTrade(context, handshakeMessage);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Populated with extension: " + extension.name);
}
}
@ -252,7 +252,7 @@ final class SSLExtensions {
SSLExtension[] extensions) throws IOException {
for (SSLExtension extension : extensions) {
if (extMap.containsKey(extension)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore, duplicated extension: " +
@ -262,7 +262,7 @@ final class SSLExtensions {
}
if (extension.networkProducer == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore, no extension producer defined: " +
@ -276,7 +276,7 @@ final class SSLExtensions {
extMap.put(extension, encoded);
encodedLength += encoded.length + 4; // extension_type (2)
// extension_data length(2)
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
// The extension is not available in the context.
SSLLogger.fine(
@ -294,7 +294,7 @@ final class SSLExtensions {
SSLExtension[] extensions) throws IOException {
for (SSLExtension extension : extensions) {
if (extension.networkProducer == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore, no extension producer defined: " +
@ -316,7 +316,7 @@ final class SSLExtensions {
encodedLength += encoded.length + 4;
// extension_type (2)
// extension_data length(2)
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
// The extension is not available in the context.
SSLLogger.fine(

10
src/java.base/share/classes/sun/security/ssl/SSLLogger.java
View File

@ -41,6 +41,7 @@ import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.*;
import jdk.internal.vm.annotation.ForceInline;
import sun.security.util.HexDumpEncoder;
import sun.security.util.Debug;
import sun.security.x509.*;
@ -63,7 +64,7 @@ public final class SSLLogger {
// high level boolean to track whether "all" or "ssl" option
// is specified. Further checks may be necessary to determine
// if data is logged
public static final boolean logging;
private static final boolean logging;
static {
String p = System.getProperty("javax.net.debug");
@ -199,7 +200,7 @@ public final class SSLLogger {
// Logs a warning message and always returns false. This method
// can be used as an OR Predicate to add a log in a stream filter.
public static boolean logWarning(Opt option, String s) {
if (SSLLogger.logging && option.on) {
if (SSLLogger.isOn() && option.on) {
SSLLogger.warning(s);
}
return false;
@ -245,6 +246,11 @@ public final class SSLLogger {
System.exit(0);
}
@ForceInline
public static boolean isOn() {
return logging;
}
/**
* Enum representing possible debug options for JSSE debugging.
*

3
src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java
View File

@ -29,7 +29,6 @@ import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import sun.security.internal.spec.TlsMasterSecretParameterSpec;
@ -152,7 +151,7 @@ enum SSLMasterKeyDerivation implements SSLKeyDerivationGenerator {
//
// For RSA premaster secrets, do not signal a protocol error
// due to the Bleichenbacher attack. See comments further down.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("RSA master secret generation error.", iae);
}

8
src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java
View File

@ -339,7 +339,7 @@ final class SSLSessionContextImpl implements SSLSessionContext {
if (t < 0 ||
t > NewSessionTicket.MAX_TICKET_LIFETIME) {
timeout = DEFAULT_SESSION_TIMEOUT;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("Invalid timeout given " +
"jdk.tls.server.sessionTicketTimeout: " + t +
@ -350,7 +350,7 @@ final class SSLSessionContextImpl implements SSLSessionContext {
}
} catch (NumberFormatException e) {
setSessionTimeout(DEFAULT_SESSION_TIMEOUT);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("Invalid timeout for " +
"jdk.tls.server.sessionTicketTimeout: " + s +
@ -365,7 +365,7 @@ final class SSLSessionContextImpl implements SSLSessionContext {
if (defaultCacheLimit >= 0) {
return defaultCacheLimit;
} else if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
} else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(
"invalid System Property javax.net.ssl.sessionCacheSize, " +
"use the default session cache size (" +
@ -373,7 +373,7 @@ final class SSLSessionContextImpl implements SSLSessionContext {
}
} catch (Exception e) {
// unlikely, log it for safe
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(
"the System Property javax.net.ssl.sessionCacheSize is " +
"not available, use the default value (" +

16
src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java
View File

@ -223,7 +223,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
this.identificationProtocol = hc.sslConfig.identificationProtocol;
this.boundValues = new ConcurrentHashMap<>();
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
SSLLogger.finest("Session initialized: " + this);
}
}
@ -256,7 +256,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
this.maximumPacketSize = baseSession.maximumPacketSize;
this.boundValues = baseSession.boundValues;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
SSLLogger.finest("Session initialized: " + this);
}
}
@ -455,7 +455,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
if (same) {
this.localCerts = ((X509Possession) pos).popCerts;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
SSLLogger.fine("Restored " + len
+ " local certificates from session ticket"
+ " for algorithms " + Arrays.toString(certAlgs));
@ -463,7 +463,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
} else {
this.localCerts = null;
this.invalidated = true;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
SSLLogger.warning("Local certificates can not be restored "
+ "from session ticket "
+ "for algorithms " + Arrays.toString(certAlgs));
@ -482,7 +482,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
// If there is no getMasterSecret with TLS1.2 or under, do not resume.
if (!protocolVersion.useTLS13PlusSpec() &&
getMasterSecret().getEncoded() == null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("No MasterSecret, cannot make stateless" +
" ticket");
}
@ -490,7 +490,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
}
if (boundValues != null && boundValues.size() > 0) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("There are boundValues, cannot make" +
" stateless ticket");
}
@ -862,7 +862,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
void setSuite(CipherSuite suite) {
cipherSuite = suite;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
SSLLogger.finest("Negotiating session: " + this);
}
}
@ -1132,7 +1132,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
return;
}
invalidated = true;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) {
SSLLogger.finest("Invalidated session: " + this);
}
for (SSLSessionImpl child : childSessions) {

44
src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java
View File

@ -370,7 +370,7 @@ public final class SSLSocketImpl
// start handshaking, if failed, the connection will be closed.
ensureNegotiated(false);
} catch (IOException ioe) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.severe("handshake failed", ioe);
}
@ -573,7 +573,7 @@ public final class SSLSocketImpl
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("duplex close of SSLSocket");
}
@ -591,7 +591,7 @@ public final class SSLSocketImpl
}
} catch (IOException ioe) {
// ignore the exception
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("SSLSocket duplex close failed. Debug info only. Exception details:", ioe);
}
} finally {
@ -601,7 +601,7 @@ public final class SSLSocketImpl
closeSocket(false);
} catch (IOException ioe) {
// ignore the exception
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("SSLSocket close failed. Debug info only. Exception details:", ioe);
}
} finally {
@ -696,7 +696,7 @@ public final class SSLSocketImpl
"close_notify message cannot be sent.");
} else {
super.shutdownOutput();
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(
"SSLSocket output duplex close failed: " +
@ -718,7 +718,7 @@ public final class SSLSocketImpl
// failed to send the close_notify message.
//
conContext.conSession.invalidate();
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(
"Invalidate the session: SO_LINGER timeout, " +
@ -834,7 +834,7 @@ public final class SSLSocketImpl
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("close inbound of SSLSocket");
}
@ -870,7 +870,7 @@ public final class SSLSocketImpl
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("close outbound of SSLSocket");
}
conContext.closeOutbound();
@ -1029,7 +1029,7 @@ public final class SSLSocketImpl
// filed is checked here, in case the closing process is
// still in progress.
if (hasDepleted) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("The input stream has been depleted");
}
@ -1050,7 +1050,7 @@ public final class SSLSocketImpl
// Double check if the input stream has been depleted.
if (hasDepleted) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("The input stream is closing");
}
@ -1137,7 +1137,7 @@ public final class SSLSocketImpl
@Override
public void close() throws IOException {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("Closing input stream");
}
@ -1145,7 +1145,7 @@ public final class SSLSocketImpl
SSLSocketImpl.this.close();
} catch (IOException ioe) {
// ignore the exception
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("input stream close failed. Debug info only. Exception details:", ioe);
}
}
@ -1221,7 +1221,7 @@ public final class SSLSocketImpl
socketInputRecord.deplete(
conContext.isNegotiated && (getSoTimeout() > 0));
} catch (Exception ex) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(
"input stream close depletion failed", ex);
}
@ -1330,7 +1330,7 @@ public final class SSLSocketImpl
@Override
public void close() throws IOException {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("Closing output stream");
}
@ -1338,7 +1338,7 @@ public final class SSLSocketImpl
SSLSocketImpl.this.close();
} catch (IOException ioe) {
// ignore the exception
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("output stream close failed. Debug info only. Exception details:", ioe);
}
}
@ -1546,7 +1546,7 @@ public final class SSLSocketImpl
if ((conContext.handshakeContext == null) &&
!conContext.isOutboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("trigger key update");
}
startHandshake();
@ -1565,7 +1565,7 @@ public final class SSLSocketImpl
!conContext.isOutboundClosed() &&
!conContext.isInboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("trigger new session ticket");
}
conContext.conSession.updateNST = false;
@ -1673,7 +1673,7 @@ public final class SSLSocketImpl
* This method never returns normally, it always throws an IOException.
*/
private void handleException(Exception cause) throws IOException {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("handling exception", cause);
}
@ -1750,7 +1750,7 @@ public final class SSLSocketImpl
@Override
public void shutdown() throws IOException {
if (!isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("close the underlying socket");
}
@ -1776,7 +1776,7 @@ public final class SSLSocketImpl
}
private void closeSocket(boolean selfInitiated) throws IOException {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("close the SSL connection " +
(selfInitiated ? "(initiative)" : "(passive)"));
}
@ -1831,7 +1831,7 @@ public final class SSLSocketImpl
* transport without waiting for the responding close_notify.
*/
private void waitForClose() throws IOException {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("wait for close_notify or alert");
}
@ -1841,7 +1841,7 @@ public final class SSLSocketImpl
try {
Plaintext plainText = decode(null);
// discard and continue
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest(
"discard plaintext while waiting for close",

12
src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java
View File

@ -210,7 +210,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
int contentLen = ((header[3] & 0xFF) << 8) +
(header[4] & 0xFF); // pos: 3, 4
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"READ: " +
ProtocolVersion.nameOf(majorVersion, minorVersion) +
@ -243,7 +243,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
readFully(contentLen);
recordBody.flip();
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"READ: " +
ProtocolVersion.nameOf(majorVersion, minorVersion) +
@ -406,7 +406,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
*/
os.write(SSLRecord.v2NoCipher); // SSLv2Hello
if (SSLLogger.logging) {
if (SSLLogger.isOn()) {
if (SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"Requested to negotiate unsupported SSLv2!");
@ -445,7 +445,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
ByteBuffer converted = convertToClientHello(recordBody);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine(
"[Converted] ClientHello", converted);
@ -489,14 +489,14 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
private static int read(InputStream is, byte[] buf, int off, int len) throws IOException {
int readLen = is.read(buf, off, len);
if (readLen < 0) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine("Raw read: EOF");
}
throw new EOFException("SSL peer shut down incorrectly");
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
ByteBuffer bb = ByteBuffer.wrap(buf, off, readLen);
SSLLogger.fine("Raw read", bb);
}

30
src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java
View File

@ -55,7 +55,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"alert message: " + Alert.nameOf(description));
}
@ -67,7 +67,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
write(level);
write(description);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine("WRITE: " + protocolVersion.name +
" " + ContentType.ALERT.name +
"(" + Alert.nameOf(description) + ")" +
@ -81,7 +81,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(buf, 0, count); // may throw IOException
deliverStream.flush(); // may throw IOException
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(buf, 0, count)));
@ -100,7 +100,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"handshake message",
ByteBuffer.wrap(source, offset, length));
@ -128,7 +128,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
int limit = v2ClientHello.limit();
handshakeHash.deliver(record, 2, (limit - 2));
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"WRITE: SSLv2 ClientHello message" +
@ -143,7 +143,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(record, 0, limit);
deliverStream.flush();
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(record, 0, limit)));
@ -180,7 +180,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name +
" " + ContentType.HANDSHAKE.name +
@ -194,7 +194,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(buf, 0, count); // may throw IOException
deliverStream.flush(); // may throw IOException
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(buf, 0, count)));
@ -216,7 +216,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
recordLock.lock();
try {
if (isClosed()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound has closed, ignore outbound " +
"change_cipher_spec message");
}
@ -235,7 +235,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(buf, 0, count); // may throw IOException
// deliverStream.flush(); // flush in Finished
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(buf, 0, count)));
@ -262,7 +262,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
return;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name +
" " + ContentType.HANDSHAKE.name +
@ -276,7 +276,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(buf, 0, count); // may throw IOException
deliverStream.flush(); // may throw IOException
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(buf, 0, count)));
@ -299,7 +299,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
}
if (writeCipher.authenticator.seqNumOverflow()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine(
"sequence number extremely close to overflow " +
"(2^64-1 packets). Closing connection.");
@ -336,7 +336,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
count = position;
write(source, offset, fragLen);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) {
SSLLogger.fine(
"WRITE: " + protocolVersion.name +
" " + ContentType.APPLICATION_DATA.name +
@ -351,7 +351,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
deliverStream.write(buf, 0, count); // may throw IOException
deliverStream.flush(); // may throw IOException
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) {
SSLLogger.fine("Raw write",
(new ByteArrayInputStream(buf, 0, count)));

6
src/java.base/share/classes/sun/security/ssl/SSLTransport.java
View File

@ -113,7 +113,7 @@ interface SSLTransport {
// Code to deliver SSLv2 error message for SSL/TLS connections.
if (!context.sslContext.isDTLS()) {
context.outputRecord.encodeV2NoCipher();
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("may be talking to SSLv2");
}
}
@ -161,7 +161,7 @@ interface SSLTransport {
if (context.handshakeContext != null &&
context.handshakeContext.sslConfig.enableRetransmissions &&
context.sslContext.isDTLS()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("retransmitted handshake flight");
}
@ -182,7 +182,7 @@ interface SSLTransport {
// Note that JDK does not support 0-RTT yet. Otherwise, it is
// needed to check early_data.
if (!context.isNegotiated) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("unexpected application data " +
"before handshake completion");

26
src/java.base/share/classes/sun/security/ssl/ServerHello.java
View File

@ -365,7 +365,7 @@ final class ServerHello {
shc.sslConfig.getEnabledExtensions(
SSLHandshake.SERVER_HELLO, shc.negotiatedProtocol);
shm.extensions.produce(shc, serverHelloExtensions);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced ServerHello handshake message", shm);
}
@ -440,7 +440,7 @@ final class ServerHello {
}
// The cipher suite has been negotiated.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("use cipher suite " + cs.name);
}
@ -454,7 +454,7 @@ final class ServerHello {
if (ke != null) {
SSLPossession[] hcds = ke.createPossessions(shc);
if ((hcds != null) && (hcds.length != 0)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"use legacy cipher suite " + cs.name);
@ -572,7 +572,7 @@ final class ServerHello {
shc.sslConfig.getEnabledExtensions(
SSLHandshake.SERVER_HELLO, shc.negotiatedProtocol);
shm.extensions.produce(shc, serverHelloExtensions);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Produced ServerHello handshake message", shm);
}
@ -725,7 +725,7 @@ final class ServerHello {
}
// The cipher suite has been negotiated.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("use cipher suite " + cs.name);
}
@ -733,7 +733,7 @@ final class ServerHello {
}
if (legacySuite != null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"use legacy cipher suite " + legacySuite.name);
@ -787,7 +787,7 @@ final class ServerHello {
shc.sslConfig.getEnabledExtensions(
SSLHandshake.HELLO_RETRY_REQUEST, shc.negotiatedProtocol);
hhrm.extensions.produce(shc, serverHelloExtensions);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced HelloRetryRequest handshake message", hhrm);
}
@ -849,7 +849,7 @@ final class ServerHello {
shc.sslConfig.getEnabledExtensions(
SSLHandshake.MESSAGE_HASH, shc.negotiatedProtocol);
hhrm.extensions.produce(shc, serverHelloExtensions);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Reproduced HelloRetryRequest handshake message", hhrm);
}
@ -890,7 +890,7 @@ final class ServerHello {
}
ServerHelloMessage shm = new ServerHelloMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Consuming ServerHello handshake message", shm);
}
@ -935,7 +935,7 @@ final class ServerHello {
}
chc.negotiatedProtocol = serverVersion;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Negotiated protocol version: " + serverVersion.name);
}
@ -990,7 +990,7 @@ final class ServerHello {
chc.conContext.protocolVersion = chc.negotiatedProtocol;
chc.conContext.outputRecord.setVersion(chc.negotiatedProtocol);
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Negotiated protocol version: " + serverVersion.name);
}
@ -1136,7 +1136,7 @@ final class ServerHello {
chc.handshakeSession = new SSLSessionImpl(chc,
chc.negotiatedCipherSuite, newId);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Locally assigned Session Id: " +
newId.toString());
@ -1209,7 +1209,7 @@ final class ServerHello {
private static void setUpPskKD(HandshakeContext hc,
SecretKey psk) throws SSLHandshakeException {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Using PSK to derive early secret");
}

4
src/java.base/share/classes/sun/security/ssl/ServerHelloDone.java
View File

@ -93,7 +93,7 @@ final class ServerHelloDone {
ServerHandshakeContext shc = (ServerHandshakeContext)context;
ServerHelloDoneMessage shdm = new ServerHelloDoneMessage(shc);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Produced ServerHelloDone handshake message", shdm);
}
@ -147,7 +147,7 @@ final class ServerHelloDone {
ServerHelloDoneMessage shdm =
new ServerHelloDoneMessage(chc, message);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Consuming ServerHelloDone handshake message", shdm);
}

20
src/java.base/share/classes/sun/security/ssl/ServerNameExtension.java
View File

@ -216,7 +216,7 @@ final class ServerNameExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_SERVER_NAME)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore unavailable server_name extension");
@ -262,7 +262,7 @@ final class ServerNameExtension {
return extData;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("Unable to indicate server name");
}
return null;
@ -288,7 +288,7 @@ final class ServerNameExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_SERVER_NAME)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " + CH_SERVER_NAME.name);
@ -307,7 +307,7 @@ final class ServerNameExtension {
if (!shc.sslConfig.sniMatchers.isEmpty()) {
sni = chooseSni(shc.sslConfig.sniMatchers, spec.serverNames);
if (sni != null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"server name indication (" +
@ -325,7 +325,7 @@ final class ServerNameExtension {
// connection with a "missing_extension" alert.
//
// We do not reject client without SNI extension currently.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"no server name matchers, " +
@ -351,7 +351,7 @@ final class ServerNameExtension {
// so don't include the pre-shared key in the
// ServerHello handshake message
shc.handshakeExtensions.remove(SH_PRE_SHARED_KEY);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"abort session resumption, " +
@ -446,7 +446,7 @@ final class ServerNameExtension {
CHServerNamesSpec spec = (CHServerNamesSpec)
shc.handshakeExtensions.get(CH_SERVER_NAME);
if (spec == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Ignore unavailable extension: " + SH_SERVER_NAME.name);
@ -457,7 +457,7 @@ final class ServerNameExtension {
// When resuming a session, the server MUST NOT include a
// server_name extension in the server hello.
if (shc.isResumption || shc.negotiatedServerName == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"No expected server name indication response");
@ -535,7 +535,7 @@ final class ServerNameExtension {
CHServerNamesSpec spec = (CHServerNamesSpec)
shc.handshakeExtensions.get(CH_SERVER_NAME);
if (spec == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"Ignore unavailable extension: " + EE_SERVER_NAME.name);
@ -546,7 +546,7 @@ final class ServerNameExtension {
// When resuming a session, the server MUST NOT include a
// server_name extension in the server hello.
if (shc.isResumption || shc.negotiatedServerName == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest(
"No expected server name indication response");

24
src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java
View File

@ -93,7 +93,7 @@ final class SessionTicketExtension {
kt = Integer.parseInt(s) * 1000; // change to ms
if (kt < 0 ||
kt > NewSessionTicket.MAX_TICKET_LIFETIME) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("Invalid timeout for " +
"jdk.tls.server.statelessKeyTimeout: " +
@ -104,7 +104,7 @@ final class SessionTicketExtension {
}
} catch (NumberFormatException e) {
kt = TIMEOUT_DEFAULT;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("Invalid timeout for " +
"jdk.tls.server.statelessKeyTimeout: " + s +
". Set to default value " + TIMEOUT_DEFAULT +
@ -253,7 +253,7 @@ final class SessionTicketExtension {
Integer.BYTES + iv.length + 1, encrypted.length);
return result;
} catch (Exception e) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Encryption failed." + e);
}
@ -296,7 +296,7 @@ final class SessionTicketExtension {
return out;
} catch (Exception e) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Decryption failed." + e);
}
@ -312,7 +312,7 @@ final class SessionTicketExtension {
gos.write(input, 0, decompressedLen);
gos.finish();
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("decompressed bytes: " + decompressedLen
+ "; compressed bytes: " + baos.size());
}
@ -331,7 +331,7 @@ final class SessionTicketExtension {
new ByteArrayInputStream(bytes))) {
byte[] out = gis.readAllBytes();
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("compressed bytes: " + compressedLen
+ "; decompressed bytes: " + out.length);
}
@ -397,7 +397,7 @@ final class SessionTicketExtension {
// If the context does not allow stateless tickets, exit
if (!((SSLSessionContextImpl)chc.sslContext.
engineGetClientSessionContext()).statelessEnabled()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Stateless resumption not supported");
}
@ -410,7 +410,7 @@ final class SessionTicketExtension {
if (!chc.isResumption || chc.resumingSession == null
|| chc.resumingSession.getPskIdentity() == null
|| chc.resumingSession.getProtocolVersion().useTLS13PlusSpec()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Stateless resumption supported");
}
@ -455,7 +455,7 @@ final class SessionTicketExtension {
shc.statelessResumption = true;
if (buffer.remaining() == 0) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Client accepts session tickets.");
}
@ -468,12 +468,12 @@ final class SessionTicketExtension {
if (b != null) {
shc.resumingSession = new SSLSessionImpl(shc, b);
shc.isResumption = true;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Valid stateless session ticket found");
}
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Invalid stateless session ticket found");
}
@ -554,7 +554,7 @@ final class SessionTicketExtension {
// Disable stateless resumption if server doesn't send the extension.
if (chc.statelessResumption) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.info(
"Server doesn't support stateless resumption");
}

4
src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java
View File

@ -182,7 +182,7 @@ final class SignatureAlgorithmsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable signature_algorithms extension");
@ -219,7 +219,7 @@ final class SignatureAlgorithmsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(
SSLExtension.CH_SIGNATURE_ALGORITHMS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable signature_algorithms extension");

21
src/java.base/share/classes/sun/security/ssl/SignatureScheme.java
View File

@ -34,7 +34,6 @@ import java.util.AbstractMap.SimpleImmutableEntry;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@ -205,7 +204,7 @@ enum SignatureScheme {
NoSuchAlgorithmException | RuntimeException exp) {
// Signature.getParameters() may throw RuntimeException.
mediator = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"RSASSA-PSS signature with " + hash +
@ -299,7 +298,7 @@ enum SignatureScheme {
Signature.getInstance(algorithm);
} catch (Exception e) {
mediator = false;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Signature algorithm, " + algorithm +
@ -435,7 +434,7 @@ enum SignatureScheme {
for (SignatureScheme ss: schemesToCheck) {
if (!ss.isAvailable) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Ignore unsupported signature scheme: " + ss.name);
@ -454,12 +453,12 @@ enum SignatureScheme {
if (isMatch) {
if (ss.isPermitted(constraints, scopes)) {
supported.add(ss);
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Ignore disabled signature scheme: " + ss.name);
}
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Ignore inactive signature scheme: " + ss.name);
@ -479,7 +478,7 @@ enum SignatureScheme {
for (int ssid : algorithmIds) {
SignatureScheme ss = SignatureScheme.valueOf(ssid);
if (ss == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Unsupported signature scheme: " +
@ -490,7 +489,7 @@ enum SignatureScheme {
&& ss.isAllowed(constraints, protocolVersion, scopes)) {
supported.add(ss);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Unsupported signature scheme: " + ss.name);
@ -550,7 +549,7 @@ enum SignatureScheme {
}
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Ignore the signature algorithm (" + ss +
@ -579,7 +578,7 @@ enum SignatureScheme {
}
}
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Ignore the legacy signature algorithm (" + ss +
@ -665,7 +664,7 @@ enum SignatureScheme {
return signer;
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.finest(
"Ignore unsupported signature algorithm (" +

62
src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java
View File

@ -119,13 +119,13 @@ final class StatusResponseManager {
if (cert.getExtensionValue(
PKIXExtensions.OCSPNoCheck_Id.toString()) != null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"OCSP NoCheck extension found. OCSP will be skipped");
}
return null;
} else if (defaultResponder != null && respOverride) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Responder override: URI is " + defaultResponder);
}
@ -165,7 +165,7 @@ final class StatusResponseManager {
Map<X509Certificate, byte[]> responseMap = new HashMap<>();
List<OCSPFetchCall> requestList = new ArrayList<>();
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Beginning check: Type = " + type + ", Chain length = " +
chain.length);
@ -192,7 +192,7 @@ final class StatusResponseManager {
requestList.add(new OCSPFetchCall(sInfo, ocspReq));
}
} catch (IOException exc) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Exception during CertId creation: ", exc);
@ -220,7 +220,7 @@ final class StatusResponseManager {
requestList.add(new OCSPFetchCall(sInfo, ocspReq));
}
} catch (IOException exc) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Exception during CertId creation: ", exc);
@ -228,7 +228,7 @@ final class StatusResponseManager {
}
}
} else {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine("Unsupported status request type: " + type);
}
}
@ -259,7 +259,7 @@ final class StatusResponseManager {
// that, otherwise just log the ExecutionException
Throwable cause = Optional.ofNullable(
exc.getCause()).orElse(exc);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine("Exception during OCSP fetch: " +
cause);
@ -269,13 +269,13 @@ final class StatusResponseManager {
if (info != null && info.responseData != null) {
responseMap.put(info.cert,
info.responseData.ocspBytes);
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Completed task had no response data");
}
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine("Found cancelled task");
}
@ -284,7 +284,7 @@ final class StatusResponseManager {
} catch (InterruptedException intex) {
// Log and reset the interrupted state
Thread.currentThread().interrupt();
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine("Interrupt occurred while fetching: " +
intex);
@ -313,7 +313,7 @@ final class StatusResponseManager {
for (Extension ext : ocspRequest.extensions) {
if (ext.getId().equals(
PKIXExtensions.OCSPNonce_Id.toString())) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Nonce extension found, skipping cache check");
@ -329,14 +329,14 @@ final class StatusResponseManager {
// and do not return it as a cache hit.
if (respEntry != null && respEntry.nextUpdate != null &&
respEntry.nextUpdate.before(new Date())) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"nextUpdate threshold exceeded, purging from cache");
}
respEntry = null;
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Check cache for SN" + Debug.toString(cid.getSerialNumber())
+ ": " + (respEntry != null ? "HIT" : "MISS"));
@ -499,7 +499,7 @@ final class StatusResponseManager {
*/
@Override
public StatusInfo call() {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Starting fetch for SN " +
Debug.toString(statInfo.cid.getSerialNumber()));
@ -511,14 +511,14 @@ final class StatusResponseManager {
if (statInfo.responder == null) {
// If we have no URI then there's nothing to do
// but return.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Null URI detected, OCSP fetch aborted");
}
return statInfo;
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Attempting fetch from " + statInfo.responder);
@ -549,7 +549,7 @@ final class StatusResponseManager {
statInfo.cid);
// Get the response status and act on it appropriately
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine("OCSP Status: " + cacheEntry.status +
" (" + respBytes.length + " bytes)");
@ -563,7 +563,7 @@ final class StatusResponseManager {
addToCache(statInfo.cid, cacheEntry);
}
} catch (IOException ioe) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine("Caught exception: ", ioe);
}
@ -583,13 +583,13 @@ final class StatusResponseManager {
// If no cache lifetime has been set on entries then
// don't cache this response if there is no nextUpdate field
if (entry.nextUpdate == null && cacheLifetime == 0) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine("Not caching this OCSP response");
}
} else {
responseCache.put(certId, entry);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) {
SSLLogger.fine(
"Added response for SN " +
@ -612,7 +612,7 @@ final class StatusResponseManager {
// is necessary. Also, we will only staple if we're doing a full
// handshake.
if (!shc.sslContext.isStaplingEnabled(false) || shc.isResumption) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("Staping disabled or is a resumed session");
}
return null;
@ -635,7 +635,7 @@ final class StatusResponseManager {
// selection yet, only accept a request if the ResponderId field
// is empty. Finally, we'll only do this in (D)TLS 1.2 or earlier.
if (statReqV2 != null && !shc.negotiatedProtocol.useTLS13PlusSpec()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("SH Processing status_request_v2 extension");
}
@ -673,7 +673,7 @@ final class StatusResponseManager {
req = reqItems[ocspIdx];
type = CertStatusRequestType.valueOf(req.statusType);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("Warning: No suitable request " +
"found in the status_request_v2 extension.");
@ -691,7 +691,7 @@ final class StatusResponseManager {
// we will try processing an asserted status_request.
if ((statReq != null) &&
(ext == null || type == null || req == null)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) {
SSLLogger.fine("SH Processing status_request extension");
}
@ -706,7 +706,7 @@ final class StatusResponseManager {
if (ocspReq.responderIds.isEmpty()) {
req = ocspReq;
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("Warning: No suitable request " +
"found in the status_request extension.");
@ -719,7 +719,7 @@ final class StatusResponseManager {
// find a suitable StatusRequest, then stapling is disabled.
// The ext, type and req variables must have been set to continue.
if (type == null || req == null || ext == null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine("No suitable status_request or " +
"status_request_v2, stapling is disabled");
}
@ -736,7 +736,7 @@ final class StatusResponseManager {
}
if (x509Possession == null) { // unlikely
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("Warning: no X.509 certificates found. " +
"Stapling is disabled.");
}
@ -758,7 +758,7 @@ final class StatusResponseManager {
responses = statRespMgr.get(fetchType, req, certs,
shc.statusRespTimeout, TimeUnit.MILLISECONDS);
if (!responses.isEmpty()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("Response manager returned " +
responses.size() + " entries.");
@ -768,7 +768,7 @@ final class StatusResponseManager {
if (type == CertStatusRequestType.OCSP) {
byte[] respDER = responses.get(certs[0]);
if (respDER == null || respDER.length == 0) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("Warning: Null or zero-length " +
"response found for leaf certificate. " +
@ -779,7 +779,7 @@ final class StatusResponseManager {
}
params = new StaplingParameters(ext, type, req, responses);
} else {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("Warning: no OCSP responses obtained. " +
"Stapling is disabled.");
@ -788,7 +788,7 @@ final class StatusResponseManager {
} else {
// This should not happen, but if lazy initialization of the
// StatusResponseManager doesn't occur we should turn off stapling.
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.finest("Warning: lazy initialization " +
"of the StatusResponseManager failed. " +
"Stapling is disabled.");

4
src/java.base/share/classes/sun/security/ssl/SunX509KeyManagerImpl.java
View File

@ -129,7 +129,7 @@ final class SunX509KeyManagerImpl extends X509KeyManagerCertChecking {
X509Credentials cred = new X509Credentials((PrivateKey) key,
(X509Certificate[]) certs);
credentialsMap.put(alias, cred);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine("found key for : " + alias, (Object[])certs);
}
}
@ -315,7 +315,7 @@ final class SunX509KeyManagerImpl extends X509KeyManagerCertChecking {
}
if (results == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine("KeyMgr: no matching key found");
}

20
src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
View File

@ -164,7 +164,7 @@ final class SupportedGroupsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_SUPPORTED_GROUPS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable supported_groups extension");
@ -178,7 +178,7 @@ final class SupportedGroupsExtension {
for (String name : chc.sslConfig.namedGroups) {
NamedGroup ng = NamedGroup.nameOf(name);
if (ng == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unspecified named group: " + name);
@ -195,7 +195,7 @@ final class SupportedGroupsExtension {
ng.isSupported(chc.activeCipherSuites) &&
ng.isPermitted(chc.algorithmConstraints)) {
namedGroups.add(ng);
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore inactive or disabled named group: " + ng.name);
@ -203,7 +203,7 @@ final class SupportedGroupsExtension {
}
if (namedGroups.isEmpty()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("no available named group");
}
@ -248,7 +248,7 @@ final class SupportedGroupsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_SUPPORTED_GROUPS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable supported_groups extension");
@ -324,7 +324,7 @@ final class SupportedGroupsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(EE_SUPPORTED_GROUPS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable supported_groups extension");
@ -341,7 +341,7 @@ final class SupportedGroupsExtension {
for (String name : shc.sslConfig.namedGroups) {
NamedGroup ng = NamedGroup.nameOf(name);
if (ng == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unspecified named group: " + name);
@ -358,7 +358,7 @@ final class SupportedGroupsExtension {
ng.isSupported(shc.activeCipherSuites) &&
ng.isPermitted(shc.algorithmConstraints)) {
namedGroups.add(ng);
} else if (SSLLogger.logging &&
} else if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore inactive or disabled named group: " + ng.name);
@ -366,7 +366,7 @@ final class SupportedGroupsExtension {
}
if (namedGroups.isEmpty()) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning("no available named group");
}
@ -407,7 +407,7 @@ final class SupportedGroupsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(EE_SUPPORTED_GROUPS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable supported_groups extension");

16
src/java.base/share/classes/sun/security/ssl/SupportedVersionsExtension.java
View File

@ -168,7 +168,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " +
@ -217,7 +217,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " +
@ -310,7 +310,7 @@ final class SupportedVersionsExtension {
shc.handshakeExtensions.get(CH_SUPPORTED_VERSIONS);
if (svs == null) {
// Unlikely, no key_share extension requested.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.warning(
"Ignore unavailable supported_versions extension");
@ -320,7 +320,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " +
@ -360,7 +360,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " +
@ -404,7 +404,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " +
@ -447,7 +447,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"Ignore unavailable extension: " +
@ -490,7 +490,7 @@ final class SupportedVersionsExtension {
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) {
SSLLogger.fine(
"[Reproduce] Ignore unavailable extension: " +

20
src/java.base/share/classes/sun/security/ssl/TransportContext.java
View File

@ -270,7 +270,7 @@ final class TransportContext implements ConnectionContext {
try {
outputRecord.encodeAlert(Alert.Level.WARNING.level, alert.id);
} catch (IOException ioe) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(
"Warning: failed to send warning alert " + alert, ioe);
}
@ -330,7 +330,7 @@ final class TransportContext implements ConnectionContext {
// so we'll do it here.
if (closeReason != null) {
if (cause == null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(
"Closed transport, general or untracked problem");
}
@ -341,7 +341,7 @@ final class TransportContext implements ConnectionContext {
if (cause instanceof SSLException) {
throw (SSLException)cause;
} else { // unlikely, but just in case.
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(
"Closed transport, unexpected rethrowing", cause);
}
@ -364,7 +364,7 @@ final class TransportContext implements ConnectionContext {
}
// shutdown the transport
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.severe("Fatal (" + alert + "): " + diagnostic, cause);
}
@ -380,7 +380,7 @@ final class TransportContext implements ConnectionContext {
try {
inputRecord.close();
} catch (IOException ioe) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("Fatal: input record closure failed", ioe);
}
@ -411,7 +411,7 @@ final class TransportContext implements ConnectionContext {
try {
outputRecord.encodeAlert(Alert.Level.FATAL.level, alert.id);
} catch (IOException ioe) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(
"Fatal: failed to send fatal alert " + alert, ioe);
}
@ -424,7 +424,7 @@ final class TransportContext implements ConnectionContext {
try {
outputRecord.close();
} catch (IOException ioe) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("Fatal: output record closure failed", ioe);
}
@ -440,7 +440,7 @@ final class TransportContext implements ConnectionContext {
try {
transport.shutdown();
} catch (IOException ioe) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("Fatal: transport closure failed", ioe);
}
@ -526,7 +526,7 @@ final class TransportContext implements ConnectionContext {
passiveInboundClose();
}
} catch (IOException ioe) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("inbound closure failed", ioe);
}
}
@ -583,7 +583,7 @@ final class TransportContext implements ConnectionContext {
try {
initiateOutboundClose();
} catch (IOException ioe) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning("outbound closure failed", ioe);
}
}

8
src/java.base/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java
View File

@ -48,27 +48,27 @@ abstract class TrustManagerFactoryImpl extends TrustManagerFactorySpi {
trustManager = getInstance(TrustStoreManager.getTrustedCerts());
} catch (SecurityException se) {
// eat security exceptions but report other throwables
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine(
"SunX509: skip default keystore", se);
}
} catch (Error err) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine(
"SunX509: skip default keystore", err);
}
throw err;
} catch (RuntimeException re) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine(
"SunX509: skip default keystore", re);
}
throw re;
} catch (Exception e) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine(
"SunX509: skip default keystore", e);

16
src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java
View File

@ -108,7 +108,7 @@ final class TrustStoreManager {
this.storeFile = storeFile;
this.lastModified = lastModified;
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine(
"trustStore is: " + storeName + "\n" +
@ -152,7 +152,7 @@ final class TrustStoreManager {
}
// Not break, the file is inaccessible.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine(
"Inaccessible trust store: " +
@ -268,7 +268,7 @@ final class TrustStoreManager {
}
// Reload a new key store.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("Reload the trust store");
}
@ -323,7 +323,7 @@ final class TrustStoreManager {
// Reload the trust store if needed.
if (ks == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("Reload the trust store");
}
@ -332,13 +332,13 @@ final class TrustStoreManager {
}
// Reload trust certs from the key store.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("Reload trust certs");
}
certs = loadTrustedCerts(ks);
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("Reloaded " + certs.size() + " trust certs");
}
@ -360,7 +360,7 @@ final class TrustStoreManager {
descriptor.storeFile == null) {
// No file available, no KeyStore available.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("No available key store");
}
@ -388,7 +388,7 @@ final class TrustStoreManager {
ks.load(bis, password);
} catch (FileNotFoundException fnfe) {
// No file available, no KeyStore available.
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine(
"Not available key store: " + descriptor.storeName);

4
src/java.base/share/classes/sun/security/ssl/Utilities.java
View File

@ -70,7 +70,7 @@ final class Utilities {
SNIServerName serverName = sniList.get(i);
if (serverName.getType() == StandardConstants.SNI_HOST_NAME) {
sniList.set(i, sniHostName);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine(
"the previous server name in SNI (" + serverName +
") was replaced with (" + sniHostName + ")");
@ -116,7 +116,7 @@ final class Utilities {
return new SNIHostName(hostname);
} catch (IllegalArgumentException iae) {
// don't bother to handle illegal host_name
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine(hostname + "\" " +
"is not a legal HostName for server name indication");
}

26
src/java.base/share/classes/sun/security/ssl/X509Authentication.java
View File

@ -201,7 +201,7 @@ enum X509Authentication implements SSLAuthentication {
private static SSLPossession createClientPossession(
ClientHandshakeContext chc, String[] keyTypes) {
X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager();
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("X509KeyManager class: " +
km.getClass().getName());
}
@ -243,7 +243,7 @@ enum X509Authentication implements SSLAuthentication {
}
if (clientAlias == null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("No X.509 cert selected for "
+ Arrays.toString(keyTypes));
}
@ -252,7 +252,7 @@ enum X509Authentication implements SSLAuthentication {
PrivateKey clientPrivateKey = km.getPrivateKey(clientAlias);
if (clientPrivateKey == null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest(
clientAlias + " is not a private key entry");
}
@ -261,7 +261,7 @@ enum X509Authentication implements SSLAuthentication {
X509Certificate[] clientCerts = km.getCertificateChain(clientAlias);
if ((clientCerts == null) || (clientCerts.length == 0)) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest(clientAlias +
" is a private key entry with no cert chain stored");
}
@ -270,7 +270,7 @@ enum X509Authentication implements SSLAuthentication {
String privateKeyAlgorithm = clientPrivateKey.getAlgorithm();
if (!Arrays.asList(keyTypes).contains(privateKeyAlgorithm)) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine(
clientAlias + " private key algorithm " +
privateKeyAlgorithm + " not in request list");
@ -280,7 +280,7 @@ enum X509Authentication implements SSLAuthentication {
String publicKeyAlgorithm = clientCerts[0].getPublicKey().getAlgorithm();
if (!privateKeyAlgorithm.equals(publicKeyAlgorithm)) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine(
clientAlias + " private or public key is not of " +
"same algorithm: " +
@ -296,7 +296,7 @@ enum X509Authentication implements SSLAuthentication {
private static SSLPossession createServerPossession(
ServerHandshakeContext shc, String[] keyTypes) {
X509ExtendedKeyManager km = shc.sslContext.getX509KeyManager();
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("X509KeyManager class: " +
km.getClass().getName());
}
@ -337,7 +337,7 @@ enum X509Authentication implements SSLAuthentication {
}
if (serverAlias == null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest("No X.509 cert selected for " + keyType);
}
continue;
@ -345,7 +345,7 @@ enum X509Authentication implements SSLAuthentication {
PrivateKey serverPrivateKey = km.getPrivateKey(serverAlias);
if (serverPrivateKey == null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest(
serverAlias + " is not a private key entry");
}
@ -354,7 +354,7 @@ enum X509Authentication implements SSLAuthentication {
X509Certificate[] serverCerts = km.getCertificateChain(serverAlias);
if ((serverCerts == null) || (serverCerts.length == 0)) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.finest(
serverAlias + " is not a certificate entry");
}
@ -364,7 +364,7 @@ enum X509Authentication implements SSLAuthentication {
PublicKey serverPublicKey = serverCerts[0].getPublicKey();
if ((!serverPrivateKey.getAlgorithm().equals(keyType))
|| (!serverPublicKey.getAlgorithm().equals(keyType))) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine(
serverAlias + " private or public key is not of " +
keyType + " algorithm");
@ -379,7 +379,7 @@ enum X509Authentication implements SSLAuthentication {
if (!shc.negotiatedProtocol.useTLS13PlusSpec() &&
keyType.equals("EC")) {
if (!(serverPublicKey instanceof ECPublicKey)) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(serverAlias +
" public key is not an instance of ECPublicKey");
}
@ -398,7 +398,7 @@ enum X509Authentication implements SSLAuthentication {
((shc.clientRequestedNamedGroups != null) &&
!shc.clientRequestedNamedGroups.contains(namedGroup))) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.warning(
"Unsupported named group (" + namedGroup +

14
src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java
View File

@ -116,7 +116,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager {
}
if (keyIndex == -1) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine("Ignore alias " + alias
+ ": key algorithm does not match");
}
@ -134,7 +134,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager {
}
}
if (!found) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine(
"Ignore alias " + alias
@ -151,7 +151,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager {
!conformsToAlgorithmConstraints(constraints, chain,
checkType.getValidator())) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine("Ignore alias " + alias +
": certificate chain does not conform to " +
"algorithm constraints");
@ -220,7 +220,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager {
checker.init(false);
} catch (CertPathValidatorException cpve) {
// unlikely to happen
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine(
"Cannot initialize algorithm constraints checker",
cpve);
@ -236,7 +236,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager {
// We don't care about the unresolved critical extensions.
checker.check(cert, Collections.emptySet());
} catch (CertPathValidatorException cpve) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine("Certificate does not conform to " +
"algorithm constraints", cert, cpve);
@ -394,7 +394,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager {
serverName.getEncoded());
} catch (IllegalArgumentException iae) {
// unlikely to happen, just in case ...
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine("Illegal server name: "
+ serverName);
@ -410,7 +410,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager {
X509TrustManagerImpl.checkIdentity(hostname,
cert, idAlgorithm);
} catch (CertificateException e) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine(
"Certificate identity does not match "

14
src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java
View File

@ -228,7 +228,7 @@ final class X509KeyManagerImpl extends X509KeyManagerCertChecking {
|| (secondDot - firstDot < 2)
|| (alias.length() - secondDot < 2)) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.warning("Invalid alias format: " + alias);
}
return null;
@ -255,7 +255,7 @@ final class X509KeyManagerImpl extends X509KeyManagerCertChecking {
NoSuchAlgorithmException |
IndexOutOfBoundsException e) {
// ignore and only log exception
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.warning("Exception thrown while getting an alias " +
alias + ": " + e);
}
@ -295,7 +295,7 @@ final class X509KeyManagerImpl extends X509KeyManagerCertChecking {
if (results != null) {
for (EntryStatus status : results) {
if (status.checkResult == CheckResult.OK) {
if (SSLLogger.logging
if (SSLLogger.isOn()
&& SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine("Choosing key: " + status);
}
@ -312,13 +312,13 @@ final class X509KeyManagerImpl extends X509KeyManagerCertChecking {
}
}
if (allResults == null) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine("No matching key found");
}
return null;
}
Collections.sort(allResults);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine(
"No good matching key found, "
+ "returning best match out of", allResults);
@ -358,13 +358,13 @@ final class X509KeyManagerImpl extends X509KeyManagerCertChecking {
}
}
if (allResults == null || allResults.isEmpty()) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine("No matching alias found");
}
return null;
}
Collections.sort(allResults);
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) {
SSLLogger.fine("Getting aliases", allResults);
}
return toAliases(allResults);

12
src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java
View File

@ -81,7 +81,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
this.trustedCerts = trustedCerts;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("adding as trusted certificates",
(Object[])trustedCerts.toArray(new X509Certificate[0]));
}
@ -98,7 +98,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
trustedCerts = v.getTrustedCertificates();
serverValidator = v;
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("adding as trusted certificates",
(Object[])trustedCerts.toArray(new X509Certificate[0]));
}
@ -242,7 +242,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
null, checkClientTrusted ? null : authType);
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("Found trusted certificate",
trustedChain[trustedChain.length - 1]);
}
@ -288,7 +288,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
null, checkClientTrusted ? null : authType);
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("Found trusted certificate",
trustedChain[trustedChain.length - 1]);
}
@ -331,7 +331,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
null, checkClientTrusted ? null : authType);
}
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("Found trusted certificate",
trustedChain[trustedChain.length - 1]);
}
@ -365,7 +365,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager
hostname = new SNIHostName(sniName.getEncoded());
} catch (IllegalArgumentException iae) {
// unlikely to happen, just in case ...
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine("Illegal server name: " + sniName);
}

6
src/java.base/share/classes/sun/security/util/DomainName.java
View File

@ -192,7 +192,7 @@ class DomainName {
}
return getRules(tld, new ZipInputStream(pubSuffixStream));
} catch (IOException e) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine(
"cannot parse public suffix data for " + tld +
": " + e.getMessage());
@ -209,7 +209,7 @@ class DomainName {
is = new FileInputStream(f);
} catch (FileNotFoundException e) { }
if (is == null) {
if (SSLLogger.logging &&
if (SSLLogger.isOn() &&
SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) {
SSLLogger.fine(
"lib/security/public_suffix_list.dat not found");
@ -230,7 +230,7 @@ class DomainName {
}
}
if (!found) {
if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) {
SSLLogger.fine("Domain " + tld + " not found");
}
return null;

8
src/java.base/share/classes/sun/security/util/HostnameChecker.java
View File

@ -271,7 +271,7 @@ public class HostnameChecker {
name = IDN.toUnicode(IDN.toASCII(name));
template = IDN.toUnicode(IDN.toASCII(template));
} catch (RuntimeException re) {
if (SSLLogger.logging) {
if (SSLLogger.isOn()) {
SSLLogger.fine("Failed to normalize to Unicode: " + re);
}
@ -308,7 +308,7 @@ public class HostnameChecker {
String template, boolean chainsToPublicCA) {
// not ok if it is a single wildcard character or "*."
if (template.equals("*") || template.equals("*.")) {
if (SSLLogger.logging) {
if (SSLLogger.isOn()) {
SSLLogger.fine(
"Certificate domain name has illegal single " +
"wildcard character: " + template);
@ -328,7 +328,7 @@ public class HostnameChecker {
// not ok if there is no dot after wildcard (ex: "*com")
if (firstDotIndex == -1) {
if (SSLLogger.logging) {
if (SSLLogger.isOn()) {
SSLLogger.fine(
"Certificate domain name has illegal wildcard, " +
"no dot after wildcard character: " + template);
@ -353,7 +353,7 @@ public class HostnameChecker {
// Is it a top-level domain?
if (wildcardedDomain.equalsIgnoreCase(templateDomainSuffix)) {
if (SSLLogger.logging) {
if (SSLLogger.isOn()) {
SSLLogger.fine(
"Certificate domain name has illegal " +
"wildcard for top-level public suffix: " + template);