From d6384f50600ef86b896577dd38e7db69072eece7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Se=C3=A1n=20Coffey?= Date: Wed, 17 Dec 2025 20:27:54 +0000 Subject: [PATCH] prep for isOn() merge --- .../share/classes/sun/security/ssl/Alert.java | 2 +- .../sun/security/ssl/AlpnExtension.java | 18 ++--- .../security/ssl/CertSignAlgsExtension.java | 8 +- .../sun/security/ssl/CertStatusExtension.java | 32 ++++---- .../ssl/CertificateAuthoritiesExtension.java | 16 ++-- .../sun/security/ssl/CertificateMessage.java | 32 ++++---- .../sun/security/ssl/CertificateRequest.java | 22 +++--- .../sun/security/ssl/CertificateStatus.java | 6 +- .../sun/security/ssl/CertificateVerify.java | 26 +++---- .../sun/security/ssl/ChangeCipherSpec.java | 6 +- .../classes/sun/security/ssl/ClientHello.java | 42 +++++----- .../sun/security/ssl/CookieExtension.java | 10 +-- .../sun/security/ssl/DHClientKeyExchange.java | 4 +- .../sun/security/ssl/DHServerKeyExchange.java | 4 +- .../sun/security/ssl/DTLSInputRecord.java | 76 +++++++++---------- .../sun/security/ssl/DTLSOutputRecord.java | 22 +++--- .../security/ssl/ECDHClientKeyExchange.java | 8 +- .../security/ssl/ECDHServerKeyExchange.java | 4 +- .../security/ssl/ECPointFormatsExtension.java | 6 +- .../sun/security/ssl/EncryptedExtensions.java | 4 +- .../ssl/ExtendedMasterSecretExtension.java | 10 +-- .../classes/sun/security/ssl/Finished.java | 16 ++-- .../sun/security/ssl/HandshakeContext.java | 12 +-- .../sun/security/ssl/HandshakeOutStream.java | 2 +- .../sun/security/ssl/HelloRequest.java | 10 +-- .../sun/security/ssl/HelloVerifyRequest.java | 4 +- .../sun/security/ssl/KeyShareExtension.java | 32 ++++---- .../classes/sun/security/ssl/KeyUpdate.java | 8 +- .../sun/security/ssl/MaxFragExtension.java | 18 ++--- .../classes/sun/security/ssl/NamedGroup.java | 8 +- .../sun/security/ssl/NewSessionTicket.java | 38 +++++----- .../sun/security/ssl/OutputRecord.java | 4 +- .../security/ssl/PreSharedKeyExtension.java | 34 ++++----- .../ssl/PredefinedDHParameterSpecs.java | 6 +- .../ssl/PskKeyExchangeModesExtension.java | 8 +- .../security/ssl/QuicEngineOutputRecord.java | 8 +- .../sun/security/ssl/QuicKeyManager.java | 26 +++---- .../sun/security/ssl/QuicTLSEngineImpl.java | 6 +- .../security/ssl/RSAClientKeyExchange.java | 4 +- .../sun/security/ssl/RSAKeyExchange.java | 11 ++- .../security/ssl/RSAServerKeyExchange.java | 4 +- .../sun/security/ssl/RenegoInfoExtension.java | 24 +++--- .../security/ssl/SSLAlgorithmConstraints.java | 2 +- .../classes/sun/security/ssl/SSLCipher.java | 44 +++++------ .../sun/security/ssl/SSLConfiguration.java | 8 +- .../sun/security/ssl/SSLContextImpl.java | 32 ++++---- .../sun/security/ssl/SSLEngineImpl.java | 12 +-- .../security/ssl/SSLEngineInputRecord.java | 8 +- .../security/ssl/SSLEngineOutputRecord.java | 24 +++--- .../sun/security/ssl/SSLExtension.java | 2 +- .../sun/security/ssl/SSLExtensions.java | 30 ++++---- .../classes/sun/security/ssl/SSLLogger.java | 10 ++- .../security/ssl/SSLMasterKeyDerivation.java | 3 +- .../security/ssl/SSLSessionContextImpl.java | 8 +- .../sun/security/ssl/SSLSessionImpl.java | 16 ++-- .../sun/security/ssl/SSLSocketImpl.java | 44 +++++------ .../security/ssl/SSLSocketInputRecord.java | 12 +-- .../security/ssl/SSLSocketOutputRecord.java | 30 ++++---- .../sun/security/ssl/SSLTransport.java | 6 +- .../classes/sun/security/ssl/ServerHello.java | 26 +++---- .../sun/security/ssl/ServerHelloDone.java | 4 +- .../sun/security/ssl/ServerNameExtension.java | 20 ++--- .../security/ssl/SessionTicketExtension.java | 24 +++--- .../ssl/SignatureAlgorithmsExtension.java | 4 +- .../sun/security/ssl/SignatureScheme.java | 21 +++-- .../security/ssl/StatusResponseManager.java | 62 +++++++-------- .../security/ssl/SunX509KeyManagerImpl.java | 4 +- .../ssl/SupportedGroupsExtension.java | 20 ++--- .../ssl/SupportedVersionsExtension.java | 16 ++-- .../sun/security/ssl/TransportContext.java | 20 ++--- .../security/ssl/TrustManagerFactoryImpl.java | 8 +- .../sun/security/ssl/TrustStoreManager.java | 16 ++-- .../classes/sun/security/ssl/Utilities.java | 4 +- .../sun/security/ssl/X509Authentication.java | 26 +++---- .../ssl/X509KeyManagerCertChecking.java | 14 ++-- .../sun/security/ssl/X509KeyManagerImpl.java | 14 ++-- .../security/ssl/X509TrustManagerImpl.java | 12 +-- .../classes/sun/security/util/DomainName.java | 6 +- .../sun/security/util/HostnameChecker.java | 8 +- 79 files changed, 632 insertions(+), 629 deletions(-) diff --git a/src/java.base/share/classes/sun/security/ssl/Alert.java b/src/java.base/share/classes/sun/security/ssl/Alert.java index 27de71bf4db..fb06b02a5d4 100644 --- a/src/java.base/share/classes/sun/security/ssl/Alert.java +++ b/src/java.base/share/classes/sun/security/ssl/Alert.java @@ -238,7 +238,7 @@ public enum Alert { TransportContext tc = (TransportContext)context; AlertMessage am = new AlertMessage(tc, m); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("Received alert message", am); } diff --git a/src/java.base/share/classes/sun/security/ssl/AlpnExtension.java b/src/java.base/share/classes/sun/security/ssl/AlpnExtension.java index 80cb6984786..f56b6f39a44 100644 --- a/src/java.base/share/classes/sun/security/ssl/AlpnExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/AlpnExtension.java @@ -157,7 +157,7 @@ final class AlpnExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(SSLExtension.CH_ALPN)) { - if (SSLLogger.logging + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.info( "Ignore client unavailable extension: " + @@ -171,7 +171,7 @@ final class AlpnExtension { String[] laps = chc.sslConfig.applicationProtocols; if ((laps == null) || (laps.length == 0)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.info( "No available application protocols"); @@ -185,7 +185,7 @@ final class AlpnExtension { int length = ap.getBytes(alpnCharset).length; if (length == 0) { // log the configuration problem - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.severe( "Application protocol name cannot be empty"); @@ -200,7 +200,7 @@ final class AlpnExtension { listLength += (length + 1); } else { // log the configuration problem - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.severe( "Application protocol name (" + ap + @@ -216,7 +216,7 @@ final class AlpnExtension { if (listLength > MAX_AP_LIST_LENGTH) { // log the configuration problem - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.severe( "The configured application protocols (" + @@ -271,7 +271,7 @@ final class AlpnExtension { if (!shc.sslConfig.isAvailable(SSLExtension.CH_ALPN)) { shc.applicationProtocol = ""; shc.conContext.applicationProtocol = ""; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.info( "Ignore server unavailable extension: " + @@ -294,7 +294,7 @@ final class AlpnExtension { if (noAPSelector && noAlpnProtocols) { shc.applicationProtocol = ""; shc.conContext.applicationProtocol = ""; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore server unenabled extension: " + @@ -385,7 +385,7 @@ final class AlpnExtension { (AlpnSpec)shc.handshakeExtensions.get(SSLExtension.CH_ALPN); if (requestedAlps == null) { // Ignore, this extension was not requested and accepted. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + @@ -431,7 +431,7 @@ final class AlpnExtension { // Ignore, no negotiated application layer protocol. shc.applicationProtocol = ""; shc.conContext.applicationProtocol = ""; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore, no negotiated application layer protocol"); diff --git a/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java b/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java index 5e9528bb62e..1444a77aa90 100644 --- a/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java @@ -94,7 +94,7 @@ final class CertSignAlgsExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable( SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable " + @@ -145,7 +145,7 @@ final class CertSignAlgsExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable( SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable " + @@ -237,7 +237,7 @@ final class CertSignAlgsExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable( SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable " + @@ -286,7 +286,7 @@ final class CertSignAlgsExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable( SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable " + diff --git a/src/java.base/share/classes/sun/security/ssl/CertStatusExtension.java b/src/java.base/share/classes/sun/security/ssl/CertStatusExtension.java index bc8aa9985e6..898c8b3d408 100644 --- a/src/java.base/share/classes/sun/security/ssl/CertStatusExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/CertStatusExtension.java @@ -144,7 +144,7 @@ final class CertStatusExtension { if (statusType == CertStatusRequestType.OCSP.id) { this.statusRequest = new OCSPStatusRequest(statusType, encoded); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.info( "Unknown certificate status request " + @@ -197,7 +197,7 @@ final class CertStatusExtension { if (type == CertStatusRequestType.OCSP.id) { this.statusResponse = new OCSPStatusResponse(type, respData); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.info( "Unknown certificate status response " + @@ -559,7 +559,7 @@ final class CertStatusExtension { } if (!chc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + @@ -601,7 +601,7 @@ final class CertStatusExtension { ServerHandshakeContext shc = (ServerHandshakeContext)context; if (!shc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Ignore unavailable extension: " + SSLExtension.CH_STATUS_REQUEST.name); @@ -660,7 +660,7 @@ final class CertStatusExtension { shc.handshakeExtensions.get(SSLExtension.CH_STATUS_REQUEST); if (spec == null) { // Ignore, no status_request extension requested. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("Ignore unavailable extension: " + SSLExtension.CH_STATUS_REQUEST.name); @@ -671,7 +671,7 @@ final class CertStatusExtension { // Is it a session resuming? if (shc.isResumption) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "No status_request response for session resuming"); @@ -845,7 +845,7 @@ final class CertStatusExtension { statusRequests.add( new OCSPStatusRequest(statusType, encoded)); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.info( "Unknown certificate status request " + @@ -922,7 +922,7 @@ final class CertStatusExtension { } if (!chc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST_V2)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Ignore unavailable status_request_v2 extension"); @@ -965,7 +965,7 @@ final class CertStatusExtension { ServerHandshakeContext shc = (ServerHandshakeContext)context; if (!shc.sslConfig.isAvailable(SSLExtension.CH_STATUS_REQUEST_V2)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Ignore unavailable status_request_v2 extension"); @@ -1026,7 +1026,7 @@ final class CertStatusExtension { shc.handshakeExtensions.get(SSLExtension.CH_STATUS_REQUEST_V2); if (spec == null) { // Ignore, no status_request_v2 extension requested. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Ignore unavailable status_request_v2 extension"); @@ -1037,7 +1037,7 @@ final class CertStatusExtension { // Is it a session resuming? if (shc.isResumption) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "No status_request_v2 response for session resumption"); @@ -1123,7 +1123,7 @@ final class CertStatusExtension { // Stapling needs to be active and have valid data to proceed if (shc.stapleParams == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Stapling is disabled for this connection"); @@ -1133,7 +1133,7 @@ final class CertStatusExtension { // There needs to be a non-null CertificateEntry to proceed if (shc.currentCertEntry == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("Found null CertificateEntry in context"); } @@ -1152,7 +1152,7 @@ final class CertStatusExtension { byte[] respBytes = shc.stapleParams.responseMap.get(x509Cert); if (respBytes == null) { // We're done with this entry. Clear it from the context - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest("No status response found for " + x509Cert.getSubjectX500Principal()); @@ -1162,7 +1162,7 @@ final class CertStatusExtension { } // Build a proper response buffer from the stapling information - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest("Found status response for " + x509Cert.getSubjectX500Principal() + @@ -1222,7 +1222,7 @@ final class CertStatusExtension { respList.add(spec.statusResponse.encodedResponse); chc.handshakeSession.setStatusResponses(respList); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Ignoring stapled data on resumed session"); diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java b/src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java index 81d9543b00c..60f13e9ddad 100644 --- a/src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java @@ -192,7 +192,7 @@ final class CertificateAuthoritiesExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable( SSLExtension.CH_CERTIFICATE_AUTHORITIES)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable " + @@ -206,7 +206,7 @@ final class CertificateAuthoritiesExtension { X509Certificate[] caCerts = chc.sslContext.getX509TrustManager().getAcceptedIssuers(); if (caCerts.length == 0) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No available certificate authorities"); @@ -218,7 +218,7 @@ final class CertificateAuthoritiesExtension { List encodedCAs = CertificateAuthoritiesSpec.getEncodedAuthorities(caCerts); if (encodedCAs.isEmpty()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "The number of CAs exceeds the maximum size " + @@ -273,7 +273,7 @@ final class CertificateAuthoritiesExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable( SSLExtension.CH_CERTIFICATE_AUTHORITIES)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable " + @@ -323,7 +323,7 @@ final class CertificateAuthoritiesExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable( SSLExtension.CR_CERTIFICATE_AUTHORITIES)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable " + @@ -337,7 +337,7 @@ final class CertificateAuthoritiesExtension { X509Certificate[] caCerts = shc.sslContext.getX509TrustManager().getAcceptedIssuers(); if (caCerts.length == 0) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No available certificate authorities"); @@ -349,7 +349,7 @@ final class CertificateAuthoritiesExtension { List encodedCAs = CertificateAuthoritiesSpec.getEncodedAuthorities(caCerts); if (encodedCAs.isEmpty()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Too many certificate authorities to use " + @@ -404,7 +404,7 @@ final class CertificateAuthoritiesExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable( SSLExtension.CR_CERTIFICATE_AUTHORITIES)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable " + diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java index 3ee945fc73a..62366ae0fbf 100644 --- a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java +++ b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java @@ -265,7 +265,7 @@ final class CertificateMessage { shc.handshakeSession.setLocalCertificates(x509Possession.popCerts); T12CertificateMessage cm = new T12CertificateMessage(shc, x509Possession.popCerts); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced server Certificate handshake message", cm); @@ -294,7 +294,7 @@ final class CertificateMessage { // an empty cert chain instead. if (x509Possession == null) { if (chc.negotiatedProtocol.useTLS10PlusSpec()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No X.509 certificate for client authentication, " + @@ -304,7 +304,7 @@ final class CertificateMessage { x509Possession = new X509Possession(null, new X509Certificate[0]); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No X.509 certificate for client authentication, " + @@ -327,7 +327,7 @@ final class CertificateMessage { } T12CertificateMessage cm = new T12CertificateMessage(chc, x509Possession.popCerts); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced client Certificate handshake message", cm); @@ -364,14 +364,14 @@ final class CertificateMessage { T12CertificateMessage cm = new T12CertificateMessage(hc, message); if (hc.sslConfig.isClientMode) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming server Certificate handshake message", cm); } onCertificate((ClientHandshakeContext)context, cm); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming client Certificate handshake message", cm); @@ -507,7 +507,7 @@ final class CertificateMessage { try { thisSubjectAltNames = thisCert.getSubjectAlternativeNames(); } catch (CertificateParsingException cpe) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Attempt to obtain subjectAltNames extension failed!"); @@ -518,7 +518,7 @@ final class CertificateMessage { try { prevSubjectAltNames = prevCert.getSubjectAlternativeNames(); } catch (CertificateParsingException cpe) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Attempt to obtain subjectAltNames extension failed!"); @@ -988,7 +988,7 @@ final class CertificateMessage { certEnt.extensions.produce(shc, enabledCTExts); } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced server Certificate message", cm); } @@ -1006,7 +1006,7 @@ final class CertificateMessage { ClientHelloMessage clientHello) { if (hc.peerRequestedCertSignSchemes == null || hc.peerRequestedCertSignSchemes.isEmpty()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "No signature_algorithms(_cert) in ClientHello"); @@ -1032,7 +1032,7 @@ final class CertificateMessage { SSLPossession pos = X509Authentication .createPossession(hc, supportedKeyTypes); if (pos == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("No available authentication scheme"); } @@ -1046,7 +1046,7 @@ final class CertificateMessage { SSLPossession pos = choosePossession(chc, clientHello); X509Certificate[] localCerts; if (pos == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("No available client authentication scheme"); } @@ -1054,7 +1054,7 @@ final class CertificateMessage { } else { chc.handshakePossessions.add(pos); if (!(pos instanceof X509Possession x509Possession)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No X.509 certificate for client authentication"); @@ -1081,7 +1081,7 @@ final class CertificateMessage { throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Failed to produce client Certificate message", ce); } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced client Certificate message", cm); } @@ -1123,14 +1123,14 @@ final class CertificateMessage { T13CertificateMessage cm = new T13CertificateMessage(hc, message); if (hc.sslConfig.isClientMode) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming server Certificate handshake message", cm); } onConsumeCertificate((ClientHandshakeContext)context, cm); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming client Certificate handshake message", cm); diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java index 285189d9e43..039399560cd 100644 --- a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java +++ b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java @@ -297,7 +297,7 @@ final class CertificateRequest { shc.sslContext.getX509TrustManager().getAcceptedIssuers(); T10CertificateRequestMessage crm = new T10CertificateRequestMessage( shc, caCerts, shc.negotiatedCipherSuite.keyExchange); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced CertificateRequest handshake message", crm); } @@ -360,7 +360,7 @@ final class CertificateRequest { T10CertificateRequestMessage crm = new T10CertificateRequestMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming CertificateRequest handshake message", crm); } @@ -400,7 +400,7 @@ final class CertificateRequest { } if (clientAlias == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("No available client authentication"); } @@ -409,7 +409,7 @@ final class CertificateRequest { PrivateKey clientPrivateKey = km.getPrivateKey(clientAlias); if (clientPrivateKey == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("No available client private key"); } @@ -418,7 +418,7 @@ final class CertificateRequest { X509Certificate[] clientCerts = km.getCertificateChain(clientAlias); if ((clientCerts == null) || (clientCerts.length == 0)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("No available client certificate"); } @@ -658,7 +658,7 @@ final class CertificateRequest { T12CertificateRequestMessage crm = new T12CertificateRequestMessage( shc, caCerts, shc.negotiatedCipherSuite.keyExchange, certReqSignAlgs); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced CertificateRequest handshake message", crm); } @@ -720,7 +720,7 @@ final class CertificateRequest { T12CertificateRequestMessage crm = new T12CertificateRequestMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming CertificateRequest handshake message", crm); } @@ -787,7 +787,7 @@ final class CertificateRequest { T12CertificateRequestMessage crm) { if (hc.peerRequestedCertSignSchemes == null || hc.peerRequestedCertSignSchemes.isEmpty()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("No signature and hash algorithms " + "in CertificateRequest"); @@ -832,7 +832,7 @@ final class CertificateRequest { SSLPossession pos = X509Authentication .createPossession(hc, supportedKeyTypes); if (pos == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("No available authentication scheme"); } @@ -943,7 +943,7 @@ final class CertificateRequest { SSLExtension[] extTypes = shc.sslConfig.getEnabledExtensions( SSLHandshake.CERTIFICATE_REQUEST, shc.negotiatedProtocol); crm.extensions.produce(shc, extTypes); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced CertificateRequest message", crm); } @@ -996,7 +996,7 @@ final class CertificateRequest { T13CertificateRequestMessage crm = new T13CertificateRequestMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming CertificateRequest handshake message", crm); } diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateStatus.java b/src/java.base/share/classes/sun/security/ssl/CertificateStatus.java index f56b77a39a8..af1e50d3087 100644 --- a/src/java.base/share/classes/sun/security/ssl/CertificateStatus.java +++ b/src/java.base/share/classes/sun/security/ssl/CertificateStatus.java @@ -281,7 +281,7 @@ final class CertificateStatus { new CertificateStatusMessage(chc, message); // Log the message - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming server CertificateStatus handshake message", cst); @@ -325,7 +325,7 @@ final class CertificateStatus { // Create the CertificateStatus message from info in the CertificateStatusMessage csm = new CertificateStatusMessage(shc); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced server CertificateStatus handshake message", csm); } @@ -358,7 +358,7 @@ final class CertificateStatus { // status_request[_v2] extension. 2) The CertificateStatus // message was not sent. This means that cert path checking // was deferred, but must happen immediately. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Server did not send CertificateStatus, " + "checking cert chain without status info."); diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateVerify.java b/src/java.base/share/classes/sun/security/ssl/CertificateVerify.java index e3b014a3dcc..47fdef0136d 100644 --- a/src/java.base/share/classes/sun/security/ssl/CertificateVerify.java +++ b/src/java.base/share/classes/sun/security/ssl/CertificateVerify.java @@ -248,7 +248,7 @@ final class CertificateVerify { if (x509Possession == null || x509Possession.popPrivateKey == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No X.509 credentials negotiated for CertificateVerify"); @@ -259,7 +259,7 @@ final class CertificateVerify { S30CertificateVerifyMessage cvm = new S30CertificateVerifyMessage(chc, x509Possession); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced CertificateVerify handshake message", cvm); } @@ -301,7 +301,7 @@ final class CertificateVerify { S30CertificateVerifyMessage cvm = new S30CertificateVerifyMessage(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming CertificateVerify handshake message", cvm); } @@ -504,7 +504,7 @@ final class CertificateVerify { if (x509Possession == null || x509Possession.popPrivateKey == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No X.509 credentials negotiated for CertificateVerify"); @@ -515,7 +515,7 @@ final class CertificateVerify { T10CertificateVerifyMessage cvm = new T10CertificateVerifyMessage(chc, x509Possession); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced CertificateVerify handshake message", cvm); } @@ -557,7 +557,7 @@ final class CertificateVerify { T10CertificateVerifyMessage cvm = new T10CertificateVerifyMessage(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming CertificateVerify handshake message", cvm); } @@ -756,7 +756,7 @@ final class CertificateVerify { if (x509Possession == null || x509Possession.popPrivateKey == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No X.509 credentials negotiated for CertificateVerify"); @@ -767,7 +767,7 @@ final class CertificateVerify { T12CertificateVerifyMessage cvm = new T12CertificateVerifyMessage(chc, x509Possession); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced CertificateVerify handshake message", cvm); } @@ -809,7 +809,7 @@ final class CertificateVerify { T12CertificateVerifyMessage cvm = new T12CertificateVerifyMessage(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming CertificateVerify handshake message", cvm); } @@ -1095,7 +1095,7 @@ final class CertificateVerify { if (x509Possession == null || x509Possession.popPrivateKey == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No X.509 credentials negotiated for CertificateVerify"); @@ -1117,7 +1117,7 @@ final class CertificateVerify { X509Possession x509Possession) throws IOException { T13CertificateVerifyMessage cvm = new T13CertificateVerifyMessage(shc, x509Possession); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced server CertificateVerify handshake message", cvm); } @@ -1134,7 +1134,7 @@ final class CertificateVerify { X509Possession x509Possession) throws IOException { T13CertificateVerifyMessage cvm = new T13CertificateVerifyMessage(chc, x509Possession); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced client CertificateVerify handshake message", cvm); } @@ -1177,7 +1177,7 @@ final class CertificateVerify { T13CertificateVerifyMessage cvm = new T13CertificateVerifyMessage(hc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming CertificateVerify handshake message", cvm); } diff --git a/src/java.base/share/classes/sun/security/ssl/ChangeCipherSpec.java b/src/java.base/share/classes/sun/security/ssl/ChangeCipherSpec.java index 85fbf23ee60..2907fc4d7b9 100644 --- a/src/java.base/share/classes/sun/security/ssl/ChangeCipherSpec.java +++ b/src/java.base/share/classes/sun/security/ssl/ChangeCipherSpec.java @@ -108,7 +108,7 @@ final class ChangeCipherSpec { ") and protocol version (" + hc.negotiatedProtocol + ")"); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced ChangeCipherSpec message"); } @@ -142,7 +142,7 @@ final class ChangeCipherSpec { throw tc.fatal(Alert.UNEXPECTED_MESSAGE, "Malformed or unexpected ChangeCipherSpec message"); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Consuming ChangeCipherSpec message"); } @@ -237,7 +237,7 @@ final class ChangeCipherSpec { throw tc.fatal(Alert.UNEXPECTED_MESSAGE, "Malformed or unexpected ChangeCipherSpec message"); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Consuming ChangeCipherSpec message"); } diff --git a/src/java.base/share/classes/sun/security/ssl/ClientHello.java b/src/java.base/share/classes/sun/security/ssl/ClientHello.java index 737f0be2232..2bb1233b4c8 100644 --- a/src/java.base/share/classes/sun/security/ssl/ClientHello.java +++ b/src/java.base/share/classes/sun/security/ssl/ClientHello.java @@ -430,7 +430,7 @@ final class ClientHello { if (!session.isRejoinable()) { session = null; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, the session is not rejoinable"); @@ -443,7 +443,7 @@ final class ClientHello { sessionSuite = session.getSuite(); if (!chc.isNegotiable(sessionSuite)) { session = null; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, unavailable session cipher suite"); @@ -456,7 +456,7 @@ final class ClientHello { sessionVersion = session.getProtocolVersion(); if (!chc.isNegotiable(sessionVersion)) { session = null; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, unavailable protocol version"); @@ -513,7 +513,7 @@ final class ClientHello { String sessionIdentityAlg = session.getIdentificationProtocol(); if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest("Can't resume, endpoint id" + " algorithm does not match, requested: " + @@ -524,7 +524,7 @@ final class ClientHello { } if (session != null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest("Try resuming session", session); } @@ -548,7 +548,7 @@ final class ClientHello { cipherSuites = List.of(sessionSuite); } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "No new session is allowed, so try to resume " + @@ -635,7 +635,7 @@ final class ClientHello { SSLHandshake.CLIENT_HELLO, chc.activeProtocols); chm.extensions.produce(chc, extTypes); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced ClientHello handshake message", chm); } @@ -702,7 +702,7 @@ final class ClientHello { // // The HelloVerifyRequest consumer should have updated the // ClientHello handshake message with cookie. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced ClientHello(cookie) handshake message", @@ -737,7 +737,7 @@ final class ClientHello { // TLS 1.3 // The HelloRetryRequest consumer should have updated the // ClientHello handshake message with cookie. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced ClientHello(HRR) handshake message", @@ -794,7 +794,7 @@ final class ClientHello { ClientHelloMessage chm = new ClientHelloMessage(shc, message, enabledExtensions); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Consuming ClientHello handshake message", chm); } @@ -824,7 +824,7 @@ final class ClientHello { negotiateProtocol(context, clientHello.clientVersion); } context.negotiatedProtocol = negotiatedProtocol; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Negotiated protocol version: " + negotiatedProtocol.name); } @@ -984,7 +984,7 @@ final class ClientHello { boolean resumingSession = (previous != null) && previous.isRejoinable(); if (!resumingSession) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, " + @@ -997,7 +997,7 @@ final class ClientHello { previous.getProtocolVersion(); if (sessionProtocol != shc.negotiatedProtocol) { resumingSession = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, not the same protocol version"); @@ -1012,7 +1012,7 @@ final class ClientHello { previous.getPeerPrincipal(); } catch (SSLPeerUnverifiedException e) { resumingSession = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, " + @@ -1027,7 +1027,7 @@ final class ClientHello { if ((!shc.isNegotiable(suite)) || (!clientHello.cipherSuites.contains(suite))) { resumingSession = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, " + @@ -1043,7 +1043,7 @@ final class ClientHello { String sessionIdentityAlg = previous.getIdentificationProtocol(); if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest("Can't resume, endpoint id" + " algorithm does not match, requested: " + @@ -1058,7 +1058,7 @@ final class ClientHello { shc.isResumption = resumingSession; shc.resumingSession = resumingSession ? previous : null; - if (!resumingSession && SSLLogger.logging && + if (!resumingSession && SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Session not resumed."); } @@ -1325,7 +1325,7 @@ final class ClientHello { boolean resumingSession = (previous != null) && previous.isRejoinable(); if (!resumingSession) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, " + @@ -1338,7 +1338,7 @@ final class ClientHello { previous.getProtocolVersion(); if (sessionProtocol != shc.negotiatedProtocol) { resumingSession = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, not the same protocol version"); @@ -1354,7 +1354,7 @@ final class ClientHello { previous.getPeerPrincipal(); } catch (SSLPeerUnverifiedException e) { resumingSession = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, " + @@ -1369,7 +1369,7 @@ final class ClientHello { if ((!shc.isNegotiable(suite)) || (!clientHello.cipherSuites.contains(suite))) { resumingSession = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, " + diff --git a/src/java.base/share/classes/sun/security/ssl/CookieExtension.java b/src/java.base/share/classes/sun/security/ssl/CookieExtension.java index 61040145126..e5cb3371d75 100644 --- a/src/java.base/share/classes/sun/security/ssl/CookieExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/CookieExtension.java @@ -117,7 +117,7 @@ public class CookieExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable cookie extension"); @@ -155,7 +155,7 @@ public class CookieExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable cookie extension"); @@ -220,7 +220,7 @@ public class CookieExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable cookie extension"); @@ -256,7 +256,7 @@ public class CookieExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable cookie extension"); @@ -284,7 +284,7 @@ public class CookieExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable cookie extension"); diff --git a/src/java.base/share/classes/sun/security/ssl/DHClientKeyExchange.java b/src/java.base/share/classes/sun/security/ssl/DHClientKeyExchange.java index 423a124e057..63031e2b0db 100644 --- a/src/java.base/share/classes/sun/security/ssl/DHClientKeyExchange.java +++ b/src/java.base/share/classes/sun/security/ssl/DHClientKeyExchange.java @@ -187,7 +187,7 @@ final class DHClientKeyExchange { chc.handshakePossessions.add(dhePossession); DHClientKeyExchangeMessage ckem = new DHClientKeyExchangeMessage(chc); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced DH ClientKeyExchange handshake message", ckem); } @@ -268,7 +268,7 @@ final class DHClientKeyExchange { DHClientKeyExchangeMessage ckem = new DHClientKeyExchangeMessage(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming DH ClientKeyExchange handshake message", ckem); } diff --git a/src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java b/src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java index fd0632692fc..afef70a29d5 100644 --- a/src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java +++ b/src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java @@ -481,7 +481,7 @@ final class DHServerKeyExchange { ServerHandshakeContext shc = (ServerHandshakeContext)context; DHServerKeyExchangeMessage skem = new DHServerKeyExchangeMessage(shc); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced DH ServerKeyExchange handshake message", skem); } @@ -512,7 +512,7 @@ final class DHServerKeyExchange { DHServerKeyExchangeMessage skem = new DHServerKeyExchangeMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming DH ServerKeyExchange handshake message", skem); } diff --git a/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java b/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java index 83557b859f9..8fc63b16fc3 100644 --- a/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java +++ b/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java @@ -125,7 +125,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { return null; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine("Raw read", packet); } @@ -150,7 +150,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { int contentLen = ((packet.get() & 0xFF) << 8) | (packet.get() & 0xFF); // pos: 11, 12 - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine("READ: " + ProtocolVersion.nameOf(majorVersion, minorVersion) + " " + ContentType.nameOf(contentType) + ", length = " + @@ -162,7 +162,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { if (this.readEpoch > recordEpoch) { // Reset the position of the packet buffer. packet.position(recLim); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine("READ: discard this old record", recordEnS); } return null; @@ -181,7 +181,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { packet.position(recLim); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("Premature record (epoch), discard it."); } @@ -224,7 +224,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { plaintextFragment = plaintext.fragment; contentType = plaintext.contentType; } catch (GeneralSecurityException gse) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("Discard invalid record: " + gse); } @@ -242,7 +242,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // Cleanup the handshake reassembler if necessary. if ((reassembler != null) && (reassembler.handshakeEpoch < recordEpoch)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("Cleanup the handshake reassembler"); } @@ -275,7 +275,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { if (hsFrag == null) { // invalid, discard this record - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Invalid handshake message, discard it."); @@ -299,7 +299,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { return pt == null ? null : new Plaintext[] { pt }; } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("The reassembler is not initialized yet."); } @@ -360,7 +360,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { int remaining = plaintextFragment.remaining(); if (remaining < handshakeHeaderSize) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("Discard invalid record: " + "too small record to hold a handshake fragment"); } @@ -372,7 +372,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // Fail fast for unknown handshake message. byte handshakeType = plaintextFragment.get(); // pos: 0 if (!SSLHandshake.isKnown(handshakeType)) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("Discard invalid record: " + "unknown handshake type size, Handshake.msg_type = " + (handshakeType & 0xFF)); @@ -408,7 +408,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { ((plaintextFragment.get() & 0xFF) << 8) | (plaintextFragment.get() & 0xFF); // pos: 9-11 if ((remaining - handshakeHeaderSize) < fragmentLength) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("Discard invalid record: " + "not a complete handshake fragment in the record"); } @@ -752,7 +752,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // It's OK to discard retransmission as the handshake hash // is computed as if each handshake message had been sent // as a single fragment. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("Have got the full message, discard it."); } @@ -774,7 +774,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // The ranges SHOULD NOT overlap. if (hole.offset > hsf.fragmentOffset || hole.limit < fragmentLimit) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("Discard invalid record: " + "handshake fragment ranges are overlapping"); @@ -843,7 +843,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { } // Read the random (32 bytes) if (fragmentData.remaining() < 32) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine("Rejected client hello fragment (bad random len) " + "fo=" + hsf.fragmentOffset + " fl=" + hsf.fragmentLength); @@ -868,7 +868,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // Cookie byte[] cookie = Record.getBytes8(fragmentData); if (firstHello && cookie.length != 0) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine("Rejected initial client hello fragment (bad cookie len) " + "fo=" + hsf.fragmentOffset + " fl=" + hsf.fragmentLength); @@ -905,7 +905,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { } } } catch (IOException ioe) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine("Rejected client hello fragment " + "fo=" + hsf.fragmentOffset + " fl=" + hsf.fragmentLength); } @@ -1037,7 +1037,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { int previousEpoch = nextRecordEpoch - 1; if (rf.recordEpoch < previousEpoch) { // Too old to use, discard this record. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Too old epoch to use this record, discard it."); @@ -1084,7 +1084,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { if (!isDesired) { // Too old to use, discard this retransmitted record - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Too old retransmission to use, discard it."); @@ -1098,7 +1098,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // Previously disordered record for the current epoch. // // Should have been retransmitted. Discard this record. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Lagging behind record (sequence), discard it."); @@ -1137,7 +1137,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { Plaintext acquirePlaintext() throws SSLProtocolException { if (bufferedFragments.isEmpty()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("No received handshake messages"); } @@ -1159,7 +1159,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // Reset the next handshake flight. resetHandshakeFlight(precedingFlight); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("Received a retransmission flight."); } @@ -1172,7 +1172,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { } if (!flightIsReady) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "The handshake flight is not ready to use: " + @@ -1258,7 +1258,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { if (readEpoch != rFrag.recordEpoch) { if (readEpoch > rFrag.recordEpoch) { // discard old records - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Discard old buffered ciphertext fragments."); @@ -1271,7 +1271,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { flightIsReady = false; } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Not yet ready to decrypt the cached fragments."); @@ -1289,7 +1289,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { plaintextFragment = plaintext.fragment; rFrag.contentType = plaintext.contentType; } catch (GeneralSecurityException gse) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("Discard invalid record: ", gse); } @@ -1312,7 +1312,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { if (hsFrag == null) { // invalid, discard this record - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Invalid handshake fragment, discard it", @@ -1464,7 +1464,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { if (expectCCSFlight) { // Have the ChangeCipherSpec/Finished flight been received? boolean isReady = hasFinishedMessage(); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Has the final flight been received? " + isReady); @@ -1473,7 +1473,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { return isReady; } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("No flight is received yet."); } @@ -1487,7 +1487,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // single handshake message flight boolean isReady = hasCompleted(flightType); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Is the handshake message completed? " + isReady); @@ -1502,7 +1502,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { if (flightType == SSLHandshake.SERVER_HELLO.id) { // Firstly, check the first flight handshake message. if (!hasCompleted(flightType)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "The ServerHello message is not completed yet."); @@ -1515,7 +1515,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // an abbreviated handshake // if (hasFinishedMessage()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("It's an abbreviated handshake."); } @@ -1530,7 +1530,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { SSLHandshake.SERVER_HELLO_DONE.id); if ((holes == null) || !holes.isEmpty()) { // Not yet got the final message of the flight. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Not yet got the ServerHelloDone message"); @@ -1543,7 +1543,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { boolean isReady = hasCompleted(bufferedFragments, handshakeFlight.minMessageSeq, handshakeFlight.maxMessageSeq); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Is the ServerHello flight (message " + @@ -1567,7 +1567,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // Firstly, check the first flight handshake message. if (!hasCompleted(flightType)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "The ClientKeyExchange or client Certificate " + @@ -1582,7 +1582,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { if (needClientVerify(bufferedFragments) && !hasCompleted(SSLHandshake.CERTIFICATE_VERIFY.id)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Not yet have the CertificateVerify message"); @@ -1594,7 +1594,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { if (!hasFinishedMessage()) { // not yet have the ChangeCipherSpec/Finished messages - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Not yet have the ChangeCipherSpec and " + @@ -1608,7 +1608,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { boolean isReady = hasCompleted(bufferedFragments, handshakeFlight.minMessageSeq, handshakeFlight.maxMessageSeq); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Is the ClientKeyExchange flight (message " + @@ -1623,7 +1623,7 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord { // // Otherwise, need to receive more handshake messages. // - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("Need to receive more handshake messages"); } diff --git a/src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java b/src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java index 68a9c4567ee..c69f00afba1 100644 --- a/src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java +++ b/src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java @@ -92,7 +92,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { void changeWriteCiphers(SSLWriteCipher writeCipher, boolean useChangeCipherSpec) { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "change_cipher_spec message"); } @@ -120,7 +120,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { @Override void encodeAlert(byte level, byte description) { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "alert message: " + Alert.nameOf(description)); } @@ -137,7 +137,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { @Override void encodeChangeCipherSpec() { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "change_cipher_spec message"); } @@ -154,7 +154,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { void encodeHandshake(byte[] source, int offset, int length) { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "handshake message", ByteBuffer.wrap(source, offset, length)); @@ -179,14 +179,14 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws IOException { if (isClosed) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "application data or cached messages"); } return null; } else if (isCloseWaiting) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "application data"); } @@ -201,7 +201,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { ByteBuffer destination) throws IOException { if (writeCipher.authenticator.seqNumOverflow()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine( "sequence number extremely close to overflow " + "(2^64-1 packets). Closing connection."); @@ -269,7 +269,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { destination.limit(destination.position()); destination.position(dstContent); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "WRITE: " + protocolVersion.name + " " + ContentType.APPLICATION_DATA.name + @@ -282,7 +282,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { dstPos, dstLim, headerSize, protocolVersion); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { ByteBuffer temporary = destination.duplicate(); temporary.limit(temporary.position()); temporary.position(dstPos); @@ -497,7 +497,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { dstBuf.limit(dstBuf.position()); dstBuf.position(dstContent); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "WRITE: " + protocolVersion.name + " " + ContentType.nameOf(memo.contentType) + @@ -511,7 +511,7 @@ final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { ProtocolVersion.valueOf(memo.majorVersion, memo.minorVersion)); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { ByteBuffer temporary = dstBuf.duplicate(); temporary.limit(temporary.position()); temporary.position(dstPos); diff --git a/src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java b/src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java index 1e928f5fd42..00060963d08 100644 --- a/src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java +++ b/src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java @@ -199,7 +199,7 @@ final class ECDHClientKeyExchange { ECDHClientKeyExchangeMessage cke = new ECDHClientKeyExchangeMessage( chc, sslPossession.encode()); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced ECDH ClientKeyExchange handshake message", cke); } @@ -308,7 +308,7 @@ final class ECDHClientKeyExchange { // parse either handshake message containing either EC/XEC. ECDHClientKeyExchangeMessage cke = new ECDHClientKeyExchangeMessage(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming ECDH ClientKeyExchange handshake message", cke); } @@ -397,7 +397,7 @@ final class ECDHClientKeyExchange { new ECDHClientKeyExchangeMessage( chc, sslPossession.encode()); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced ECDHE ClientKeyExchange handshake message", cke); } @@ -490,7 +490,7 @@ final class ECDHClientKeyExchange { // parse the EC/XEC handshake message ECDHClientKeyExchangeMessage cke = new ECDHClientKeyExchangeMessage(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming ECDHE ClientKeyExchange handshake message", cke); } diff --git a/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java b/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java index 7bacbd6b3a5..9a2c21db05c 100644 --- a/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java +++ b/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java @@ -489,7 +489,7 @@ final class ECDHServerKeyExchange { ServerHandshakeContext shc = (ServerHandshakeContext)context; ECDHServerKeyExchangeMessage skem = new ECDHServerKeyExchangeMessage(shc); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced ECDH ServerKeyExchange handshake message", skem); } @@ -522,7 +522,7 @@ final class ECDHServerKeyExchange { // AlgorithmConstraints are checked during decoding ECDHServerKeyExchangeMessage skem = new ECDHServerKeyExchangeMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming ECDH ServerKeyExchange handshake message", skem); } diff --git a/src/java.base/share/classes/sun/security/ssl/ECPointFormatsExtension.java b/src/java.base/share/classes/sun/security/ssl/ECPointFormatsExtension.java index 5630b881db4..64d0aea80bb 100644 --- a/src/java.base/share/classes/sun/security/ssl/ECPointFormatsExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/ECPointFormatsExtension.java @@ -171,7 +171,7 @@ final class ECPointFormatsExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(CH_EC_POINT_FORMATS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable ec_point_formats extension"); @@ -194,7 +194,7 @@ final class ECPointFormatsExtension { return extData; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Need no ec_point_formats extension"); } @@ -222,7 +222,7 @@ final class ECPointFormatsExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(CH_EC_POINT_FORMATS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable ec_point_formats extension"); diff --git a/src/java.base/share/classes/sun/security/ssl/EncryptedExtensions.java b/src/java.base/share/classes/sun/security/ssl/EncryptedExtensions.java index 3ac4c2afa6c..8379d5f6cab 100644 --- a/src/java.base/share/classes/sun/security/ssl/EncryptedExtensions.java +++ b/src/java.base/share/classes/sun/security/ssl/EncryptedExtensions.java @@ -134,7 +134,7 @@ final class EncryptedExtensions { SSLHandshake.ENCRYPTED_EXTENSIONS, shc.negotiatedProtocol); eem.extensions.produce(shc, extTypes); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced EncryptedExtensions message", eem); } @@ -168,7 +168,7 @@ final class EncryptedExtensions { EncryptedExtensionsMessage eem = new EncryptedExtensionsMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming EncryptedExtensions handshake message", eem); } diff --git a/src/java.base/share/classes/sun/security/ssl/ExtendedMasterSecretExtension.java b/src/java.base/share/classes/sun/security/ssl/ExtendedMasterSecretExtension.java index 91787f2d8ad..91e5fa499db 100644 --- a/src/java.base/share/classes/sun/security/ssl/ExtendedMasterSecretExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/ExtendedMasterSecretExtension.java @@ -119,7 +119,7 @@ final class ExtendedMasterSecretExtension { if (!chc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) || !SSLConfiguration.useExtendedMasterSecret || !chc.conContext.protocolVersion.useTLS10PlusSpec()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extended_master_secret extension"); @@ -163,7 +163,7 @@ final class ExtendedMasterSecretExtension { if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) || !SSLConfiguration.useExtendedMasterSecret || !shc.negotiatedProtocol.useTLS10PlusSpec()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Ignore unavailable extension: " + CH_EXTENDED_MASTER_SECRET.name); @@ -184,7 +184,7 @@ final class ExtendedMasterSecretExtension { // with a full handshake. shc.isResumption = false; shc.resumingSession = null; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "abort session resumption which did not use " + @@ -216,7 +216,7 @@ final class ExtendedMasterSecretExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) || !SSLConfiguration.useExtendedMasterSecret) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Ignore unavailable extension: " + CH_EXTENDED_MASTER_SECRET.name); @@ -256,7 +256,7 @@ final class ExtendedMasterSecretExtension { } else { // Otherwise, continue with a full handshake. shc.isResumption = false; shc.resumingSession = null; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "abort session resumption, " + diff --git a/src/java.base/share/classes/sun/security/ssl/Finished.java b/src/java.base/share/classes/sun/security/ssl/Finished.java index 83da9a4339d..bf2d2230719 100644 --- a/src/java.base/share/classes/sun/security/ssl/Finished.java +++ b/src/java.base/share/classes/sun/security/ssl/Finished.java @@ -390,7 +390,7 @@ final class Finished { // Change write cipher and delivery ChangeCipherSpec message. ChangeCipherSpec.t10Producer.produce(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced client Finished handshake message", fm); } @@ -453,7 +453,7 @@ final class Finished { // Change write cipher and delivery ChangeCipherSpec message. ChangeCipherSpec.t10Producer.produce(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced server Finished handshake message", fm); } @@ -542,7 +542,7 @@ final class Finished { private void onConsumeFinished(ClientHandshakeContext chc, ByteBuffer message) throws IOException { FinishedMessage fm = new FinishedMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming server Finished handshake message", fm); } @@ -602,7 +602,7 @@ final class Finished { } FinishedMessage fm = new FinishedMessage(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming client Finished handshake message", fm); } @@ -681,7 +681,7 @@ final class Finished { chc.handshakeHash.update(); FinishedMessage fm = new FinishedMessage(chc); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced client Finished handshake message", fm); } @@ -778,7 +778,7 @@ final class Finished { shc.handshakeHash.update(); FinishedMessage fm = new FinishedMessage(shc); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced server Finished handshake message", fm); } @@ -930,7 +930,7 @@ final class Finished { } FinishedMessage fm = new FinishedMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming server Finished handshake message", fm); } @@ -1073,7 +1073,7 @@ final class Finished { } FinishedMessage fm = new FinishedMessage(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming client Finished handshake message", fm); } diff --git a/src/java.base/share/classes/sun/security/ssl/HandshakeContext.java b/src/java.base/share/classes/sun/security/ssl/HandshakeContext.java index 91b02741e65..54a2650c058 100644 --- a/src/java.base/share/classes/sun/security/ssl/HandshakeContext.java +++ b/src/java.base/share/classes/sun/security/ssl/HandshakeContext.java @@ -284,7 +284,7 @@ abstract class HandshakeContext implements ConnectionContext { found = true; break; } - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "Ignore unsupported cipher suite: " + suite + @@ -292,7 +292,7 @@ abstract class HandshakeContext implements ConnectionContext { } } - if (!found && (SSLLogger.logging) && + if (!found && (SSLLogger.isOn()) && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No available cipher suite for " + protocol.name); @@ -337,7 +337,7 @@ abstract class HandshakeContext implements ConnectionContext { } if (!isSupported && - SSLLogger.logging && + SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Ignore unsupported cipher suite: " + suite); @@ -559,7 +559,7 @@ abstract class HandshakeContext implements ConnectionContext { cachedStatus.put(groupType, groupAvailable); if (!groupAvailable && - SSLLogger.logging && + SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine( "No activated named group in " + groupType); @@ -574,14 +574,14 @@ abstract class HandshakeContext implements ConnectionContext { } } - if (!retval && SSLLogger.logging && + if (!retval && SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("No active named group(s), ignore " + suite); } return retval; - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("Ignore disabled cipher suite: " + suite); } diff --git a/src/java.base/share/classes/sun/security/ssl/HandshakeOutStream.java b/src/java.base/share/classes/sun/security/ssl/HandshakeOutStream.java index 475630d9636..b46de0514f8 100644 --- a/src/java.base/share/classes/sun/security/ssl/HandshakeOutStream.java +++ b/src/java.base/share/classes/sun/security/ssl/HandshakeOutStream.java @@ -61,7 +61,7 @@ public class HandshakeOutStream extends ByteArrayOutputStream { if (!outputRecord.isClosed()) { outputRecord.encodeHandshake(buf, 0, count); } else { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "handshake messages", ByteBuffer.wrap(buf, 0, count)); } diff --git a/src/java.base/share/classes/sun/security/ssl/HelloRequest.java b/src/java.base/share/classes/sun/security/ssl/HelloRequest.java index 6a70c51c438..d2d3b033e80 100644 --- a/src/java.base/share/classes/sun/security/ssl/HelloRequest.java +++ b/src/java.base/share/classes/sun/security/ssl/HelloRequest.java @@ -101,7 +101,7 @@ final class HelloRequest { ServerHandshakeContext shc = (ServerHandshakeContext)context; HelloRequestMessage hrm = new HelloRequestMessage(shc); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced HelloRequest handshake message", hrm); } @@ -137,7 +137,7 @@ final class HelloRequest { ServerHandshakeContext shc = (ServerHandshakeContext)context; HelloRequestMessage hrm = new HelloRequestMessage(shc); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced HelloRequest handshake message", hrm); } @@ -177,7 +177,7 @@ final class HelloRequest { // be sent by the server at any time. Please don't clean up this // handshake consumer. HelloRequestMessage hrm = new HelloRequestMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming HelloRequest handshake message", hrm); } @@ -190,7 +190,7 @@ final class HelloRequest { } if (!chc.conContext.secureRenegotiation) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Continue with insecure renegotiation"); @@ -207,7 +207,7 @@ final class HelloRequest { // SSLHandshake.CLIENT_HELLO.produce(context, hrm); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore HelloRequest, handshaking is in progress"); diff --git a/src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java b/src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java index 627f97662ca..5c0833eef5c 100644 --- a/src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java +++ b/src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java @@ -140,7 +140,7 @@ final class HelloVerifyRequest { HelloVerifyRequestMessage hvrm = new HelloVerifyRequestMessage(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced HelloVerifyRequest handshake message", hvrm); } @@ -197,7 +197,7 @@ final class HelloVerifyRequest { HelloVerifyRequestMessage hvrm = new HelloVerifyRequestMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming HelloVerifyRequest handshake message", hvrm); } diff --git a/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java b/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java index 098ce032a08..83251dc736a 100644 --- a/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java @@ -90,7 +90,7 @@ final class KeyShareExtension { Record.putInt16(m, namedGroupId); Record.putBytes16(m, keyExchange); } catch (IOException ioe) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Unlikely IOException", ioe); @@ -223,7 +223,7 @@ final class KeyShareExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable key_share extension"); @@ -239,7 +239,7 @@ final class KeyShareExtension { namedGroups = chc.clientRequestedNamedGroups; if (namedGroups == null || namedGroups.isEmpty()) { // No supported groups. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore key_share extension, no supported groups"); @@ -290,7 +290,7 @@ final class KeyShareExtension { NamedGroup ng) { SSLKeyExchange ke = SSLKeyExchange.valueOf(ng); if (ke == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "No key exchange for named group " + ng.name); @@ -327,7 +327,7 @@ final class KeyShareExtension { ServerHandshakeContext shc = (ServerHandshakeContext)context; if (shc.handshakeExtensions.containsKey(SSLExtension.CH_KEY_SHARE)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "The key_share extension has been loaded"); @@ -337,7 +337,7 @@ final class KeyShareExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable key_share extension"); @@ -352,7 +352,7 @@ final class KeyShareExtension { NamedGroup ng = NamedGroup.valueOf(entry.namedGroupId); if (ng == null || !NamedGroup.isActivatable(shc.sslConfig, shc.algorithmConstraints, ng)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unsupported named group: " + @@ -370,7 +370,7 @@ final class KeyShareExtension { if (!shc.algorithmConstraints.permits( EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), namedGroupCredentials.getPublicKey())) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "key share entry of " + ng + " does not " + @@ -385,7 +385,7 @@ final class KeyShareExtension { credentials.add(kaCred); } } catch (GeneralSecurityException ex) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Cannot decode named group: " + @@ -529,7 +529,7 @@ final class KeyShareExtension { SSLExtension.CH_KEY_SHARE); if (kss == null) { // Unlikely, no key_share extension requested. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore, no client key_share extension"); @@ -539,7 +539,7 @@ final class KeyShareExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(SSLExtension.SH_KEY_SHARE)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore, no available server key_share extension"); @@ -551,7 +551,7 @@ final class KeyShareExtension { if ((shc.handshakeCredentials == null) || shc.handshakeCredentials.isEmpty()) { // Unlikely, HelloRetryRequest should be used earlier. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "No available client key share entries"); @@ -572,7 +572,7 @@ final class KeyShareExtension { SSLKeyExchange ke = SSLKeyExchange.valueOf(ng); if (ke == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "No key exchange for named group " + ng.name); @@ -608,7 +608,7 @@ final class KeyShareExtension { if (keyShare == null) { // Unlikely, HelloRetryRequest should be used instead earlier. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "No available server key_share extension"); @@ -720,7 +720,7 @@ final class KeyShareExtension { ClientHandshakeContext chc = (ClientHandshakeContext)context; // Cannot use the previous requested key shares anymore. - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No key_share extension in ServerHello, " + "cleanup the key shares if necessary"); @@ -813,7 +813,7 @@ final class KeyShareExtension { for (NamedGroup ng : shc.clientRequestedNamedGroups) { if (NamedGroup.isActivatable(shc.sslConfig, shc.algorithmConstraints, ng)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "HelloRetryRequest selected named group: " + diff --git a/src/java.base/share/classes/sun/security/ssl/KeyUpdate.java b/src/java.base/share/classes/sun/security/ssl/KeyUpdate.java index 4f9e613c6c6..db7ea170a23 100644 --- a/src/java.base/share/classes/sun/security/ssl/KeyUpdate.java +++ b/src/java.base/share/classes/sun/security/ssl/KeyUpdate.java @@ -191,7 +191,7 @@ final class KeyUpdate { // The consuming happens in client side only. PostHandshakeContext hc = (PostHandshakeContext)context; KeyUpdateMessage km = new KeyUpdateMessage(hc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming KeyUpdate post-handshake message", km); } @@ -235,7 +235,7 @@ final class KeyUpdate { rc.baseSecret = nplus1; hc.conContext.inputRecord.changeReadCiphers(rc); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("KeyUpdate: read key updated"); } } catch (GeneralSecurityException gse) { @@ -276,7 +276,7 @@ final class KeyUpdate { return null; } KeyUpdateMessage km = (KeyUpdateMessage)message; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced KeyUpdate post-handshake message", km); } @@ -328,7 +328,7 @@ final class KeyUpdate { // changeWriteCiphers() implementation. wc.baseSecret = nplus1; hc.conContext.outputRecord.changeWriteCiphers(wc, km.status.id); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("KeyUpdate: write key updated"); } diff --git a/src/java.base/share/classes/sun/security/ssl/MaxFragExtension.java b/src/java.base/share/classes/sun/security/ssl/MaxFragExtension.java index d31f6f4e089..fc471f77fbc 100644 --- a/src/java.base/share/classes/sun/security/ssl/MaxFragExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/MaxFragExtension.java @@ -176,7 +176,7 @@ final class MaxFragExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(CH_MAX_FRAGMENT_LENGTH)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable max_fragment_length extension"); @@ -214,7 +214,7 @@ final class MaxFragExtension { } else { // log and ignore, no MFL extension. chc.maxFragmentLength = -1; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No available max_fragment_length extension can " + @@ -245,7 +245,7 @@ final class MaxFragExtension { ServerHandshakeContext shc = (ServerHandshakeContext)context; if (!shc.sslConfig.isAvailable(CH_MAX_FRAGMENT_LENGTH)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable max_fragment_length extension"); @@ -291,7 +291,7 @@ final class MaxFragExtension { MaxFragLenSpec spec = (MaxFragLenSpec) shc.handshakeExtensions.get(CH_MAX_FRAGMENT_LENGTH); if (spec == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Ignore unavailable max_fragment_length extension"); @@ -309,7 +309,7 @@ final class MaxFragExtension { // For better interoperability, abort the maximum // fragment length negotiation, rather than terminate // the connection with a fatal alert. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Abort the maximum fragment length negotiation, " + @@ -418,7 +418,7 @@ final class MaxFragExtension { // For better interoperability, abort the maximum // fragment length negotiation, rather than terminate // the connection with a fatal alert. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Abort the maximum fragment length negotiation, " + @@ -461,7 +461,7 @@ final class MaxFragExtension { MaxFragLenSpec spec = (MaxFragLenSpec) shc.handshakeExtensions.get(CH_MAX_FRAGMENT_LENGTH); if (spec == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Ignore unavailable max_fragment_length extension"); @@ -479,7 +479,7 @@ final class MaxFragExtension { // For better interoperability, abort the maximum // fragment length negotiation, rather than terminate // the connection with a fatal alert. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Abort the maximum fragment length negotiation, " + @@ -586,7 +586,7 @@ final class MaxFragExtension { // For better interoperability, abort the maximum // fragment length negotiation, rather than terminate // the connection with a fatal alert. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Abort the maximum fragment length negotiation, " + diff --git a/src/java.base/share/classes/sun/security/ssl/NamedGroup.java b/src/java.base/share/classes/sun/security/ssl/NamedGroup.java index c8a599cf19d..9b2833cc0fd 100644 --- a/src/java.base/share/classes/sun/security/ssl/NamedGroup.java +++ b/src/java.base/share/classes/sun/security/ssl/NamedGroup.java @@ -273,7 +273,7 @@ enum NamedGroup { | NoSuchAlgorithmException exp) { if (namedGroupSpec != NamedGroupSpec.NAMED_GROUP_XDH) { mediator = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "No AlgorithmParameters for " + name, exp); @@ -295,7 +295,7 @@ enum NamedGroup { // AlgorithmParameters.getInstance(name); } catch (NoSuchAlgorithmException nsae) { mediator = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "No AlgorithmParameters for " + name, nsae); @@ -384,7 +384,7 @@ enum NamedGroup { for (String ss : namedGroups) { NamedGroup ng = NamedGroup.nameOf(ss); if (ng == null || !ng.isAvailable) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Ignore the named group (" + ss @@ -813,7 +813,7 @@ enum NamedGroup { } if (groupList.isEmpty() && - SSLLogger.logging && + SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("No default named groups"); } diff --git a/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java b/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java index d2d53f79f0d..ae632334de2 100644 --- a/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java +++ b/src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java @@ -202,7 +202,7 @@ final class NewSessionTicket { this.ticket = Record.getBytes16(m); if (ticket.length == 0) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "No ticket in the NewSessionTicket handshake message"); @@ -330,7 +330,7 @@ final class NewSessionTicket { if (hc instanceof ServerHandshakeContext) { // Is this session resumable? if (!hc.handshakeSession.isRejoinable()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("No session ticket produced: " + "session is not resumable"); @@ -349,7 +349,7 @@ final class NewSessionTicket { SSLExtension.PSK_KEY_EXCHANGE_MODES); if (pkemSpec == null || !pkemSpec.contains(PskKeyExchangeMode.PSK_DHE_KE)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("No session ticket produced: " + "client does not support psk_dhe_ke"); @@ -361,7 +361,7 @@ final class NewSessionTicket { // Check if we have sent a PSK already, then we know it is // using an allowable PSK exchange key mode. if (!hc.handshakeSession.isPSKable()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("No session ticket produced: " + "No session ticket allowed in this session"); @@ -376,7 +376,7 @@ final class NewSessionTicket { hc.sslContext.engineGetServerSessionContext(); int sessionTimeoutSeconds = sessionCache.getSessionTimeout(); if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("No session ticket produced: " + "session timeout is too long"); @@ -464,7 +464,7 @@ final class NewSessionTicket { if (!nstm.isValid()) { hc.statelessResumption = false; } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced NewSessionTicket stateless " + "post-handshake message", nstm); @@ -480,7 +480,7 @@ final class NewSessionTicket { sessionCache.getSessionTimeout(), hc.sslContext.getSecureRandom(), nonce, newId.getId()); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced NewSessionTicket " + "post-handshake message", nstm); @@ -495,7 +495,7 @@ final class NewSessionTicket { return nstm; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("No NewSessionTicket created"); } @@ -533,7 +533,7 @@ final class NewSessionTicket { shc.sslContext.engineGetServerSessionContext(); int sessionTimeoutSeconds = sessionCache.getSessionTimeout(); if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Session timeout is too long. No ticket sent."); @@ -548,7 +548,7 @@ final class NewSessionTicket { NewSessionTicketMessage nstm = new T12NewSessionTicketMessage(shc, sessionTimeoutSeconds, new SessionTicketSpec().encrypt(shc, sessionCopy)); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced NewSessionTicket stateless handshake message", nstm); @@ -587,7 +587,7 @@ final class NewSessionTicket { HandshakeContext hc = (HandshakeContext)context; NewSessionTicketMessage nstm = new T13NewSessionTicketMessage(hc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming NewSessionTicket message", nstm); } @@ -598,7 +598,7 @@ final class NewSessionTicket { // discard tickets with timeout 0 if (nstm.ticketLifetime <= 0 || nstm.ticketLifetime > MAX_TICKET_LIFETIME) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Discarding NewSessionTicket with lifetime " + @@ -608,7 +608,7 @@ final class NewSessionTicket { } if (sessionCache.getSessionTimeout() > MAX_TICKET_LIFETIME) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Session cache lifetime is too long. " + @@ -621,7 +621,7 @@ final class NewSessionTicket { SecretKey resumptionMasterSecret = sessionToSave.getResumptionMasterSecret(); if (resumptionMasterSecret == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Session has no resumption master secret. " + @@ -648,7 +648,7 @@ final class NewSessionTicket { sessionCopy.setPskIdentity(nstm.ticket); sessionCache.put(sessionCopy, sessionCopy.isPSK()); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("MultiNST PSK (Server): " + Utilities.toHexString(Arrays.copyOf(nstm.ticket, 16))); } @@ -676,7 +676,7 @@ final class NewSessionTicket { NewSessionTicketMessage nstm = new T12NewSessionTicketMessage(hc, message); if (nstm.ticket.length == 0) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("NewSessionTicket ticket was empty"); } @@ -686,7 +686,7 @@ final class NewSessionTicket { // discard tickets with timeout 0 if (nstm.ticketLifetime <= 0 || nstm.ticketLifetime > MAX_TICKET_LIFETIME) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Discarding NewSessionTicket with lifetime " + @@ -699,7 +699,7 @@ final class NewSessionTicket { hc.sslContext.engineGetClientSessionContext(); if (sessionCache.getSessionTimeout() > MAX_TICKET_LIFETIME) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Session cache lifetime is too long. " + @@ -709,7 +709,7 @@ final class NewSessionTicket { } hc.handshakeSession.setPskIdentity(nstm.ticket); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Consuming NewSessionTicket\n" + nstm); } } diff --git a/src/java.base/share/classes/sun/security/ssl/OutputRecord.java b/src/java.base/share/classes/sun/security/ssl/OutputRecord.java index 530446a3180..7a188ccf476 100644 --- a/src/java.base/share/classes/sun/security/ssl/OutputRecord.java +++ b/src/java.base/share/classes/sun/security/ssl/OutputRecord.java @@ -188,7 +188,7 @@ abstract class OutputRecord recordLock.lock(); try { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "change_cipher_spec message"); } @@ -222,7 +222,7 @@ abstract class OutputRecord recordLock.lock(); try { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "key_update handshake message"); } diff --git a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java index 7514f74fefe..87d97580bcb 100644 --- a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java @@ -341,7 +341,7 @@ final class PreSharedKeyExtension { ServerHandshakeContext shc = (ServerHandshakeContext)context; // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(SSLExtension.CH_PRE_SHARED_KEY)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable pre_shared_key extension"); @@ -394,7 +394,7 @@ final class PreSharedKeyExtension { } } if (b == null || s == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Stateless session ticket invalid"); @@ -403,7 +403,7 @@ final class PreSharedKeyExtension { } if (s != null && canRejoin(clientHello, shc, s)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Resuming session: ", s); } @@ -437,7 +437,7 @@ final class PreSharedKeyExtension { // Check protocol version if (result && s.getProtocolVersion() != shc.negotiatedProtocol) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest("Can't resume, incorrect protocol version"); @@ -451,7 +451,7 @@ final class PreSharedKeyExtension { try { s.getPeerPrincipal(); } catch (SSLPeerUnverifiedException e) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, " + @@ -468,7 +468,7 @@ final class PreSharedKeyExtension { if (result && !shc.localSupportedCertSignAlgs.containsAll(sessionSigAlgs)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Can't resume. Session uses different " + "signature algorithms"); @@ -483,7 +483,7 @@ final class PreSharedKeyExtension { if (result && identityAlg != null) { String sessionIdentityAlg = s.getIdentificationProtocol(); if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest("Can't resume, endpoint id" + @@ -497,7 +497,7 @@ final class PreSharedKeyExtension { // Ensure cipher suite can be negotiated if (result && (!shc.isNegotiable(s.getSuite()) || !clientHello.cipherSuites.contains(s.getSuite()))) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Can't resume, unavailable session cipher suite"); @@ -656,7 +656,7 @@ final class PreSharedKeyExtension { // The producing happens in client side only. ClientHandshakeContext chc = (ClientHandshakeContext)context; if (!chc.isResumption || chc.resumingSession == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("No session to resume."); } @@ -667,7 +667,7 @@ final class PreSharedKeyExtension { Collection sessionSigAlgs = chc.resumingSession.getLocalSupportedSignatureSchemes(); if (!chc.localSupportedCertSignAlgs.containsAll(sessionSigAlgs)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Existing session uses different " + "signature algorithms"); @@ -678,7 +678,7 @@ final class PreSharedKeyExtension { // The session must have a pre-shared key SecretKey psk = chc.resumingSession.getPreSharedKey(); if (psk == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Existing session has no PSK."); } @@ -693,7 +693,7 @@ final class PreSharedKeyExtension { } if (chc.pskIdentity == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "PSK has no identity, or identity was already used"); @@ -706,7 +706,7 @@ final class PreSharedKeyExtension { chc.sslContext.engineGetClientSessionContext(); sessionCache.remove(chc.resumingSession.getSessionId(), true); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Found resumable session. Preparing PSK message."); SSLLogger.fine( @@ -843,7 +843,7 @@ final class PreSharedKeyExtension { public void absent(ConnectionContext context, HandshakeMessage message) throws IOException { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Handling pre_shared_key absence."); } @@ -908,7 +908,7 @@ final class PreSharedKeyExtension { } SHPreSharedKeySpec shPsk = new SHPreSharedKeySpec(chc, buffer); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Received pre_shared_key extension: ", shPsk); } @@ -918,7 +918,7 @@ final class PreSharedKeyExtension { "Selected identity index is not in correct range."); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Resuming session: ", chc.resumingSession); } @@ -932,7 +932,7 @@ final class PreSharedKeyExtension { HandshakeMessage message) throws IOException { ClientHandshakeContext chc = (ClientHandshakeContext)context; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Handling pre_shared_key absence."); } diff --git a/src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java b/src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java index 7df6d979258..42e914fcaf8 100644 --- a/src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java +++ b/src/java.base/share/classes/sun/security/ssl/PredefinedDHParameterSpecs.java @@ -246,7 +246,7 @@ final class PredefinedDHParameterSpecs { Matcher spacesMatcher = spacesPattern.matcher(property); property = spacesMatcher.replaceAll(""); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { SSLLogger.fine( "The Security Property " + PROPERTY_NAME + ": " + property); @@ -262,7 +262,7 @@ final class PredefinedDHParameterSpecs { String primeModulus = paramsFinder.group(1); BigInteger p = new BigInteger(primeModulus, 16); if (!p.isProbablePrime(PRIME_CERTAINTY)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { SSLLogger.fine( "Prime modulus p in Security Property, " + @@ -280,7 +280,7 @@ final class PredefinedDHParameterSpecs { DHParameterSpec spec = new DHParameterSpec(p, g); defaultParams.put(primeLen, spec); } - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { SSLLogger.fine("Invalid Security Property, " + PROPERTY_NAME + ", definition"); diff --git a/src/java.base/share/classes/sun/security/ssl/PskKeyExchangeModesExtension.java b/src/java.base/share/classes/sun/security/ssl/PskKeyExchangeModesExtension.java index 492aa5f4e7a..4b641e157a6 100644 --- a/src/java.base/share/classes/sun/security/ssl/PskKeyExchangeModesExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/PskKeyExchangeModesExtension.java @@ -184,7 +184,7 @@ final class PskKeyExchangeModesExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable( SSLExtension.PSK_KEY_EXCHANGE_MODES)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable psk_key_exchange_modes extension"); @@ -217,7 +217,7 @@ final class PskKeyExchangeModesExtension { if (!spec.contains(PskKeyExchangeMode.PSK_DHE_KE)) { shc.isResumption = false; shc.resumingSession = null; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "abort session resumption, " + @@ -249,7 +249,7 @@ final class PskKeyExchangeModesExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable( SSLExtension.PSK_KEY_EXCHANGE_MODES)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore unavailable psk_key_exchange_modes extension"); @@ -290,7 +290,7 @@ final class PskKeyExchangeModesExtension { if (shc.isResumption) { // resumingSession may not be set shc.isResumption = false; shc.resumingSession = null; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "abort session resumption, " + diff --git a/src/java.base/share/classes/sun/security/ssl/QuicEngineOutputRecord.java b/src/java.base/share/classes/sun/security/ssl/QuicEngineOutputRecord.java index 144c6422877..3a91906971f 100644 --- a/src/java.base/share/classes/sun/security/ssl/QuicEngineOutputRecord.java +++ b/src/java.base/share/classes/sun/security/ssl/QuicEngineOutputRecord.java @@ -75,14 +75,14 @@ final class QuicEngineOutputRecord extends OutputRecord implements SSLRecord { recordLock.lock(); try { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "alert message: " + Alert.nameOf(description)); } return; } if (level == Alert.Level.WARNING.level) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("Suppressing warning-level " + "alert message: " + Alert.nameOf(description)); } @@ -90,7 +90,7 @@ final class QuicEngineOutputRecord extends OutputRecord implements SSLRecord { } if (alert != null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("Suppressing subsequent alert: " + description + ", original: " + alert.id); } @@ -109,7 +109,7 @@ final class QuicEngineOutputRecord extends OutputRecord implements SSLRecord { recordLock.lock(); try { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "handshake message", ByteBuffer.wrap(source, offset, length)); diff --git a/src/java.base/share/classes/sun/security/ssl/QuicKeyManager.java b/src/java.base/share/classes/sun/security/ssl/QuicKeyManager.java index 8c4d6928a67..634396868df 100644 --- a/src/java.base/share/classes/sun/security/ssl/QuicKeyManager.java +++ b/src/java.base/share/classes/sun/security/ssl/QuicKeyManager.java @@ -244,7 +244,7 @@ sealed abstract class QuicKeyManager if (toDiscard == null) { return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("discarding keys (keyphase=" + toDiscard.writeCipher.getKeyPhase() + ") of " + this.keySpace + " key space"); @@ -389,7 +389,7 @@ sealed abstract class QuicKeyManager if (toDiscard == null) { return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("discarding keys (keyphase=" + toDiscard.writeCipher.getKeyPhase() + ") of " + this.keySpace + " key space"); @@ -570,7 +570,7 @@ sealed abstract class QuicKeyManager if (series == null) { return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("discarding key (series) of " + this.keySpace + " key space"); } @@ -611,7 +611,7 @@ sealed abstract class QuicKeyManager if (series.canUseOldDecryptKey(packetNumber)) { final QuicReadCipher oldReadCipher = series.old; assert oldReadCipher != null : "old key is unexpectedly null"; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("using old read key to decrypt packet: " + packetNumber + ", with incoming key phase: " + keyPhase + ", current key phase: " + @@ -633,7 +633,7 @@ sealed abstract class QuicKeyManager // KEY_UPDATE_ERROR. This indicates that a peer has // received and acknowledged a packet that initiates a key // update, but has not updated keys in response. - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("peer used incorrect key, was" + " expected to use updated key of" + " key phase: " + currentKeyPhase + @@ -646,7 +646,7 @@ sealed abstract class QuicKeyManager } return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("detected ONE_RTT key update, current key " + "phase: " + currentKeyPhase + ", incoming key phase: " + keyPhase @@ -717,7 +717,7 @@ sealed abstract class QuicKeyManager } final long numEncrypted = cipher.getNumEncrypted(); if (numEncrypted >= 0.8 * confidentialityLimit) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("about to reach confidentiality limit, " + "attempting to initiate a 1-RTT key update," + " packet number: " + @@ -732,7 +732,7 @@ sealed abstract class QuicKeyManager : "key phase of updated key unexpectedly matches " + "the key phase " + cipher.getKeyPhase() + " of current keys"; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest( "1-RTT key update initiated, new key phase: " + newKeyPhase); @@ -755,7 +755,7 @@ sealed abstract class QuicKeyManager // current key phase. This ensures that keys are // available to both peers before // another key update can be initiated. - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest( "skipping key update initiation because peer " + "hasn't yet sent us a packet encrypted with " + @@ -803,7 +803,7 @@ sealed abstract class QuicKeyManager // (we avoid timing attacks by not generating // keys during decryption, our key generation // only happens during encryption) - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("next keys unavailable," + " won't decrypt a packet which appears to be" + " a key update"); @@ -815,7 +815,7 @@ sealed abstract class QuicKeyManager // use the next keys to attempt decrypting currentKeySeries.next.readCipher.decryptPacket(packetNumber, packet, headerLength, output); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest( "decrypted using next keys for peer-initiated" + " key update; will now switch to new key phase: " + @@ -1025,14 +1025,14 @@ sealed abstract class QuicKeyManager // update the key series this.keySeries = newSeries; if (oldReadCipher != null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest( "discarding old read key of key phase: " + oldReadCipher.getKeyPhase()); } oldReadCipher.discard(false); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("discarding write key of key phase: " + writeCipherToDiscard.getKeyPhase()); } diff --git a/src/java.base/share/classes/sun/security/ssl/QuicTLSEngineImpl.java b/src/java.base/share/classes/sun/security/ssl/QuicTLSEngineImpl.java index 15ed550e15e..74975fc1e5b 100644 --- a/src/java.base/share/classes/sun/security/ssl/QuicTLSEngineImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/QuicTLSEngineImpl.java @@ -560,7 +560,7 @@ public final class QuicTLSEngineImpl implements QuicTLSEngine, SSLTransport { // incoming crypto buffer is null. Validate message type, // check if size is available byte messageType = payload.get(payload.position()); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("Received message of type 0x" + Integer.toHexString(messageType & 0xFF)); } @@ -835,7 +835,7 @@ public final class QuicTLSEngineImpl implements QuicTLSEngine, SSLTransport { final boolean confirmed = HANDSHAKE_STATE_HANDLE.compareAndSet(this, NEED_SEND_HANDSHAKE_DONE, HANDSHAKE_CONFIRMED); if (confirmed) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("QuicTLSEngine (server) marked handshake " + "state as HANDSHAKE_CONFIRMED"); } @@ -853,7 +853,7 @@ public final class QuicTLSEngineImpl implements QuicTLSEngine, SSLTransport { final boolean confirmed = HANDSHAKE_STATE_HANDLE.compareAndSet(this, NEED_RECV_HANDSHAKE_DONE, HANDSHAKE_CONFIRMED); if (confirmed) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine( "QuicTLSEngine (client) received HANDSHAKE_DONE," + " marking state as HANDSHAKE_DONE"); diff --git a/src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java b/src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java index d9580972eec..53d239c9318 100644 --- a/src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java +++ b/src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java @@ -190,7 +190,7 @@ final class RSAClientKeyExchange { throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Cannot generate RSA premaster secret", gse); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced RSA ClientKeyExchange handshake message", ckem); } @@ -270,7 +270,7 @@ final class RSAClientKeyExchange { RSAClientKeyExchangeMessage ckem = new RSAClientKeyExchangeMessage(shc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming RSA ClientKeyExchange handshake message", ckem); } diff --git a/src/java.base/share/classes/sun/security/ssl/RSAKeyExchange.java b/src/java.base/share/classes/sun/security/ssl/RSAKeyExchange.java index 82abf884a80..d204fddb13c 100644 --- a/src/java.base/share/classes/sun/security/ssl/RSAKeyExchange.java +++ b/src/java.base/share/classes/sun/security/ssl/RSAKeyExchange.java @@ -35,7 +35,6 @@ import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; @@ -150,7 +149,7 @@ final class RSAKeyExchange { needFailover = !KeyUtil.isOracleJCEProvider( cipher.getProvider().getName()); } catch (InvalidKeyException | UnsupportedOperationException iue) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("The Cipher provider " + safeProviderName(cipher) @@ -198,7 +197,7 @@ final class RSAKeyExchange { try { return cipher.getProvider().toString(); } catch (Exception e) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Retrieving The Cipher provider name" + " caused exception ", e); @@ -207,7 +206,7 @@ final class RSAKeyExchange { try { return cipher.toString() + " (provider name not available)"; } catch (Exception e) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Retrieving The Cipher name" + " caused exception ", e); @@ -223,7 +222,7 @@ final class RSAKeyExchange { int clientVersion, int serverVersion, byte[] encodedSecret, SecureRandom generator) throws GeneralSecurityException { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Generating a premaster secret"); } @@ -238,7 +237,7 @@ final class RSAKeyExchange { } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException iae) { // unlikely to happen, otherwise, must be a provider exception - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("RSA premaster secret generation error", iae); } diff --git a/src/java.base/share/classes/sun/security/ssl/RSAServerKeyExchange.java b/src/java.base/share/classes/sun/security/ssl/RSAServerKeyExchange.java index 65c4a86fd83..0c0fec10449 100644 --- a/src/java.base/share/classes/sun/security/ssl/RSAServerKeyExchange.java +++ b/src/java.base/share/classes/sun/security/ssl/RSAServerKeyExchange.java @@ -264,7 +264,7 @@ final class RSAServerKeyExchange { RSAServerKeyExchangeMessage skem = new RSAServerKeyExchangeMessage( shc, x509Possession, rsaPossession); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced RSA ServerKeyExchange handshake message", skem); } @@ -296,7 +296,7 @@ final class RSAServerKeyExchange { RSAServerKeyExchangeMessage skem = new RSAServerKeyExchangeMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming RSA ServerKeyExchange handshake message", skem); } diff --git a/src/java.base/share/classes/sun/security/ssl/RenegoInfoExtension.java b/src/java.base/share/classes/sun/security/ssl/RenegoInfoExtension.java index cdaffaf521e..0d3d8bd039c 100644 --- a/src/java.base/share/classes/sun/security/ssl/RenegoInfoExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/RenegoInfoExtension.java @@ -138,7 +138,7 @@ final class RenegoInfoExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(CH_RENEGOTIATION_INFO)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable renegotiation_info extension"); @@ -183,7 +183,7 @@ final class RenegoInfoExtension { return extData; } else { // not secure renegotiation if (HandshakeContext.allowUnsafeRenegotiation) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("Using insecure renegotiation"); } @@ -218,7 +218,7 @@ final class RenegoInfoExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(CH_RENEGOTIATION_INFO)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Ignore unavailable extension: " + CH_RENEGOTIATION_INFO.name); @@ -283,7 +283,7 @@ final class RenegoInfoExtension { for (int id : clientHello.cipherSuiteIds) { if (id == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV.id) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Safe renegotiation, using the SCSV signaling"); @@ -298,7 +298,7 @@ final class RenegoInfoExtension { "Failed to negotiate the use of secure renegotiation"); } // otherwise, allow legacy hello message - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("Warning: No renegotiation " + "indication in ClientHello, allow legacy ClientHello"); @@ -311,14 +311,14 @@ final class RenegoInfoExtension { "Inconsistent secure renegotiation indication"); } else { // renegotiation, not secure if (HandshakeContext.allowUnsafeRenegotiation) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("Using insecure renegotiation"); } } else { // Unsafe renegotiation should have been aborted in // earlier processes. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Terminate insecure renegotiation"); } @@ -352,7 +352,7 @@ final class RenegoInfoExtension { if (requestedSpec == null && !shc.conContext.secureRenegotiation) { // Ignore, no renegotiation_info extension or SCSV signaling // requested. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Ignore unavailable renegotiation_info extension"); @@ -362,7 +362,7 @@ final class RenegoInfoExtension { if (!shc.conContext.secureRenegotiation) { // Ignore, no secure renegotiation is negotiated. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "No secure renegotiation has been negotiated"); @@ -524,7 +524,7 @@ final class RenegoInfoExtension { "Failed to negotiate the use of secure renegotiation"); } // otherwise, allow legacy hello message - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("Warning: No renegotiation " + "indication in ServerHello, allow legacy ServerHello"); @@ -537,14 +537,14 @@ final class RenegoInfoExtension { "Inconsistent secure renegotiation indication"); } else { // renegotiation, not secure if (HandshakeContext.allowUnsafeRenegotiation) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("Using insecure renegotiation"); } } else { // Unsafe renegotiation should have been aborted in // earlier processes. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Terminate insecure renegotiation"); } diff --git a/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java index f0e66dbfc31..d3207a7aa63 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java @@ -454,7 +454,7 @@ final class SSLAlgorithmConstraints implements AlgorithmConstraints { .equalsIgnoreCase(paramDigestAlg)); } catch (InvalidParameterSpecException e) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("Invalid AlgorithmParameters: " + parameters + "; Error: " + e.getMessage()); } diff --git a/src/java.base/share/classes/sun/security/ssl/SSLCipher.java b/src/java.base/share/classes/sun/security/ssl/SSLCipher.java index 1d861dba148..9d1d6dabaec 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLCipher.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLCipher.java @@ -392,7 +392,7 @@ enum SSLCipher { if (values[1].contains(tag[0])) { index = 0; } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("jdk.tls.keyLimits: Unknown action: " + entry); @@ -414,14 +414,14 @@ enum SSLCipher { "Length exceeded limits"); } } catch (NumberFormatException e) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("jdk.tls.keyLimits: " + e.getMessage() + ": " + entry); } continue; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("jdk.tls.keyLimits: entry = " + entry + ". " + values[0] + ":" + tag[index] + " = " + size); } @@ -470,7 +470,7 @@ enum SSLCipher { Cipher.getInstance(transformation); return true; } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("Transformation " + transformation + " is" + " not available."); } @@ -862,7 +862,7 @@ enum SSLCipher { "JCE provider " + cipher.getProvider().getName(), sbe); } pt.position(pos); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Plaintext after DECRYPTION", pt.duplicate()); @@ -933,7 +933,7 @@ enum SSLCipher { authenticator.increaseSequenceNumber(); } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.finest( "Padded plaintext before ENCRYPTION", bb.duplicate()); @@ -1054,7 +1054,7 @@ enum SSLCipher { "JCE provider " + cipher.getProvider().getName(), sbe); } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Padded plaintext after DECRYPTION", @@ -1187,7 +1187,7 @@ enum SSLCipher { int len = addPadding(bb, blockSize); bb.position(pos); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Padded plaintext before ENCRYPTION", bb.duplicate()); @@ -1331,7 +1331,7 @@ enum SSLCipher { "JCE provider " + cipher.getProvider().getName(), sbe); } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine("Padded plaintext after DECRYPTION", pt.duplicate().position(pos)); @@ -1484,7 +1484,7 @@ enum SSLCipher { int len = addPadding(bb, blockSize); bb.position(pos); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Padded plaintext before ENCRYPTION", @@ -1657,7 +1657,7 @@ enum SSLCipher { pt.position(pos); pt.limit(pos + len); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Plaintext after DECRYPTION", pt.duplicate()); @@ -1745,7 +1745,7 @@ enum SSLCipher { // DON'T encrypt the nonce for AEAD mode. int len, pos = bb.position(); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Plaintext before ENCRYPTION", @@ -1832,7 +1832,7 @@ enum SSLCipher { keyLimitCountdown = cipherLimits.getOrDefault( algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("KeyLimit read side: algorithm = " + algorithm + ":" + tag[0] + "\ncountdown value = " + keyLimitCountdown); @@ -1941,7 +1941,7 @@ enum SSLCipher { contentType = pt.get(i); pt.limit(i); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Plaintext after DECRYPTION", pt.duplicate()); @@ -1994,7 +1994,7 @@ enum SSLCipher { keyLimitCountdown = cipherLimits.getOrDefault( algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("KeyLimit write side: algorithm = " + algorithm + ":" + tag[0] + "\ncountdown value = " + keyLimitCountdown); @@ -2036,7 +2036,7 @@ enum SSLCipher { cipher.updateAAD(aad); int len, pos = bb.position(); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Plaintext before ENCRYPTION", @@ -2193,7 +2193,7 @@ enum SSLCipher { pt.position(pos); pt.limit(pos + len); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Plaintext after DECRYPTION", pt.duplicate()); @@ -2243,7 +2243,7 @@ enum SSLCipher { keyLimitCountdown = cipherLimits.getOrDefault( algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("algorithm = " + algorithm + ":" + tag[0] + "\ncountdown value = " + keyLimitCountdown); @@ -2285,7 +2285,7 @@ enum SSLCipher { // DON'T encrypt the nonce for AEAD mode. int pos = bb.position(); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Plaintext before ENCRYPTION", @@ -2463,7 +2463,7 @@ enum SSLCipher { contentType = pt.get(i); pt.limit(i); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Plaintext after DECRYPTION", pt.duplicate()); @@ -2513,7 +2513,7 @@ enum SSLCipher { keyLimitCountdown = cipherLimits.getOrDefault( algorithm.toUpperCase(Locale.ENGLISH) + ":" + tag[0], 0L); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("algorithm = " + algorithm + ":" + tag[0] + "\ncountdown value = " + keyLimitCountdown); @@ -2555,7 +2555,7 @@ enum SSLCipher { cipher.updateAAD(aad); int pos = bb.position(); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PLAINTEXT)) { SSLLogger.fine( "Plaintext before ENCRYPTION", diff --git a/src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java b/src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java index 4cbad617021..9a735b7fa95 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java @@ -204,7 +204,7 @@ final class SSLConfiguration implements Cloneable { if (nstServerCount == null || nstServerCount < 0 || nstServerCount > 10) { serverNewSessionTicketCount = SERVER_NST_DEFAULT; - if (nstServerCount != null && SSLLogger.logging && + if (nstServerCount != null && SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "jdk.tls.server.newSessionTicketCount defaults to " + @@ -213,7 +213,7 @@ final class SSLConfiguration implements Cloneable { } } else { serverNewSessionTicketCount = nstServerCount; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "jdk.tls.server.newSessionTicketCount set to " + serverNewSessionTicketCount); @@ -586,7 +586,7 @@ final class SSLConfiguration implements Cloneable { String property = System.getProperty(propertyName); // this method is called from class initializer; logging here // will occasionally pin threads and deadlock if called from a virtual thread - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX) + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX) && !Thread.currentThread().isVirtual()) { SSLLogger.fine( "System property " + propertyName + " is set to '" + @@ -615,7 +615,7 @@ final class SSLConfiguration implements Cloneable { if (scheme != null && scheme.isAvailable) { signatureSchemes.add(schemeName); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX) && !Thread.currentThread().isVirtual()) { SSLLogger.fine( diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java index 1efa66cca10..8df72711dff 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java @@ -104,11 +104,11 @@ public abstract class SSLContextImpl extends SSLContextSpi { * first connection to time out and fail. Make sure it is * primed and ready by getting some initial output from it. */ - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { SSLLogger.finest("trigger seeding of SecureRandom"); } secureRandom.nextInt(); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { SSLLogger.finest("done seeding of SecureRandom"); } @@ -143,7 +143,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { return (X509ExtendedKeyManager)km; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { SSLLogger.warning( "X509KeyManager passed to SSLContext.init(): need an " + "X509ExtendedKeyManager for SSLEngine use"); @@ -246,7 +246,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { contextLock.lock(); try { if (statusResponseManager == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { SSLLogger.finest( "Initializing StatusResponseManager"); @@ -384,7 +384,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { suite.name, null)) { suites.add(suite); isSupported = true; - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore disabled cipher suite: " + suite.name); @@ -393,7 +393,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { break; } - if (!isSupported && SSLLogger.logging && + if (!isSupported && SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Ignore unsupported cipher suite: " + suite); @@ -411,7 +411,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { String propertyName) { String property = System.getProperty(propertyName); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { SSLLogger.fine( "System property " + propertyName + " is set to '" + property + "'"); @@ -438,7 +438,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { try { suite = CipherSuite.nameOf(cipherSuiteNames[i]); } catch (IllegalArgumentException iae) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { SSLLogger.fine( "Unknown or unsupported cipher suite name: " + @@ -451,7 +451,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { if (suite != null && suite.isAvailable()) { cipherSuites.add(suite); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX)) { SSLLogger.fine( "The current installed providers do not " + @@ -910,7 +910,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { tmMediator = getTrustManagers(); } catch (Exception e) { reserved = e; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) { SSLLogger.warning( "Failed to load default trust managers", e); @@ -923,7 +923,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { kmMediator = getKeyManagers(); } catch (Exception e) { reserved = e; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) { SSLLogger.warning( "Failed to load default key managers", e); @@ -982,7 +982,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { String defaultKeyStore = props.get("keyStore"); String defaultKeyStoreType = props.get("keyStoreType"); String defaultKeyStoreProvider = props.get("keyStoreProvider"); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) { SSLLogger.fine("keyStore is : " + defaultKeyStore); SSLLogger.fine("keyStore type is : " + defaultKeyStoreType); @@ -1012,7 +1012,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { // Try to initialize key store. if ((defaultKeyStoreType.length()) != 0) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) { SSLLogger.finest("init keystore"); } @@ -1036,7 +1036,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { /* * Try to initialize key manager. */ - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) { SSLLogger.fine("init keymanager of type " + KeyManagerFactory.getDefaultAlgorithm()); } @@ -1074,7 +1074,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { // exception object, which may be not garbage collection // friendly as 'reservedException' is a static filed. reserved = new KeyManagementException(e.getMessage()); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) { SSLLogger.warning( "Failed to load default SSLContext", e); @@ -1104,7 +1104,7 @@ public abstract class SSLContextImpl extends SSLContextSpi { super.engineInit(DefaultManagersHolder.keyManagers, DefaultManagersHolder.trustManagers, null); } catch (Exception e) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.DEFAULTCTX)) { SSLLogger.fine("default context init failed: ", e); } diff --git a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java index 1f3c5edca6b..5052f9bc9f4 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java @@ -330,7 +330,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport { // application data may be discarded accordingly. As could // be an issue for some applications. This impact can be // mitigated by sending the last flight twice. - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.finest("retransmit the last flight messages"); } @@ -397,7 +397,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport { if ((conContext.handshakeContext == null) && !conContext.isOutboundClosed() && !conContext.isBroken) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("trigger key update"); } beginHandshake(); @@ -419,7 +419,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport { !conContext.isOutboundClosed() && !conContext.isInboundClosed() && !conContext.isBroken) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("trigger NST"); } conContext.conSession.updateNST = false; @@ -612,7 +612,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport { } catch (SSLException ssle) { // Need to discard invalid records for DTLS protocols. if (sslContext.isDTLS()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.finest("Discard invalid DTLS records", ssle); } @@ -780,7 +780,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport { return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("Closing inbound of SSLEngine"); } @@ -819,7 +819,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport { return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("Closing outbound of SSLEngine"); } diff --git a/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java b/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java index 0cdee518216..00ca3b06369 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java @@ -172,7 +172,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord { return null; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine("Raw read", packet); } @@ -209,7 +209,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord { byte minorVersion = packet.get(); // pos: 2 int contentLen = Record.getInt16(packet); // pos: 3, 4 - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "READ: " + ProtocolVersion.nameOf(majorVersion, minorVersion) + @@ -388,7 +388,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord { * error message, one that's treated as fatal by * clients (Otherwise we'll hang.) */ - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "Requested to negotiate unsupported SSLv2!"); } @@ -410,7 +410,7 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord { ByteBuffer converted = convertToClientHello(packet); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine( "[Converted] ClientHello", converted); diff --git a/src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java b/src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java index ff12287291c..0ed3755afa4 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java @@ -73,7 +73,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { @Override void encodeAlert(byte level, byte description) { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "alert message: " + Alert.nameOf(description)); } @@ -91,7 +91,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { void encodeHandshake(byte[] source, int offset, int length) { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "handshake message", ByteBuffer.wrap(source, offset, length)); @@ -138,7 +138,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { @Override void encodeChangeCipherSpec() { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "change_cipher_spec message"); } @@ -171,14 +171,14 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws IOException { if (isClosed) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "application data or cached messages"); } return null; } else if (isCloseWaiting) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "application data"); } @@ -193,7 +193,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { ByteBuffer destination) throws IOException { if (writeCipher.authenticator.seqNumOverflow()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine( "sequence number extremely close to overflow " + "(2^64-1 packets). Closing connection."); @@ -275,7 +275,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { destination.limit(destination.position()); destination.position(dstContent); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "WRITE: " + protocolVersion.name + " " + ContentType.APPLICATION_DATA.name + @@ -288,7 +288,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { dstPos, dstLim, headerSize, protocolVersion); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { ByteBuffer temporary = destination.duplicate(); temporary.limit(temporary.position()); @@ -318,7 +318,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { // // Please don't change the limit of the destination buffer. destination.put(SSLRecord.v2NoCipher); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine("Raw write", SSLRecord.v2NoCipher); } @@ -333,7 +333,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { // deliver the SSLv2 format ClientHello message // // Please don't change the limit of the destination buffer. - if (SSLLogger.logging) { + if (SSLLogger.isOn()) { if (SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine(Thread.currentThread().getName() + ", WRITE: SSLv2 ClientHello message" + @@ -527,7 +527,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { dstBuf.limit(dstBuf.position()); dstBuf.position(dstContent); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "WRITE: " + protocolVersion.name + " " + ContentType.nameOf(memo.contentType) + @@ -545,7 +545,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord { memo.encodeCipher.dispose(); } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { ByteBuffer temporary = dstBuf.duplicate(); temporary.limit(temporary.position()); diff --git a/src/java.base/share/classes/sun/security/ssl/SSLExtension.java b/src/java.base/share/classes/sun/security/ssl/SSLExtension.java index 0394a06c5f4..aacb9420748 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLExtension.java @@ -844,7 +844,7 @@ enum SSLExtension implements SSLStringizer { String property = System.getProperty(propertyName); // this method is called from class initializer; logging here // will occasionally pin threads and deadlock if called from a virtual thread - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSLCTX) + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSLCTX) && !Thread.currentThread().isVirtual()) { SSLLogger.fine( "System property " + propertyName + " is set to '" + diff --git a/src/java.base/share/classes/sun/security/ssl/SSLExtensions.java b/src/java.base/share/classes/sun/security/ssl/SSLExtensions.java index 1868c551a4f..c325890a3b6 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLExtensions.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLExtensions.java @@ -43,7 +43,7 @@ final class SSLExtensions { // Extension map for debug logging private final Map logMap = - SSLLogger.logging ? new LinkedHashMap<>() : null; + SSLLogger.isOn() ? new LinkedHashMap<>() : null; SSLExtensions(HandshakeMessage handshakeMessage) { this.handshakeMessage = handshakeMessage; @@ -93,7 +93,7 @@ final class SSLExtensions { // However, the implementation of the limit is complicated // and inefficient, and may not worthy the maintenance. isSupported = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Received buggy supported_groups extension " + @@ -144,7 +144,7 @@ final class SSLExtensions { m.get(extData); logMap.put(extId, extData); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unknown or unsupported extension", @@ -173,7 +173,7 @@ final class SSLExtensions { for (SSLExtension extension : extensions) { if (context.negotiatedProtocol != null && !extension.isAvailable(context.negotiatedProtocol)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unsupported extension: " + extension.name); @@ -184,7 +184,7 @@ final class SSLExtensions { if (!extMap.containsKey(extension)) { if (extension.onLoadAbsence != null) { extension.absentOnLoad(context, handshakeMessage); - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + extension.name); @@ -194,7 +194,7 @@ final class SSLExtensions { if (extension.onLoadConsumer == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore unsupported extension: " + extension.name); @@ -205,7 +205,7 @@ final class SSLExtensions { ByteBuffer m = ByteBuffer.wrap(extMap.get(extension)); extension.consumeOnLoad(context, handshakeMessage, m); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Consumed extension: " + extension.name); } } @@ -220,7 +220,7 @@ final class SSLExtensions { if (!extMap.containsKey(extension)) { if (extension.onTradeAbsence != null) { extension.absentOnTrade(context, handshakeMessage); - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + extension.name); @@ -229,7 +229,7 @@ final class SSLExtensions { } if (extension.onTradeConsumer == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore impact of unsupported extension: " + @@ -239,7 +239,7 @@ final class SSLExtensions { } extension.consumeOnTrade(context, handshakeMessage); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Populated with extension: " + extension.name); } } @@ -252,7 +252,7 @@ final class SSLExtensions { SSLExtension[] extensions) throws IOException { for (SSLExtension extension : extensions) { if (extMap.containsKey(extension)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore, duplicated extension: " + @@ -262,7 +262,7 @@ final class SSLExtensions { } if (extension.networkProducer == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore, no extension producer defined: " + @@ -276,7 +276,7 @@ final class SSLExtensions { extMap.put(extension, encoded); encodedLength += encoded.length + 4; // extension_type (2) // extension_data length(2) - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { // The extension is not available in the context. SSLLogger.fine( @@ -294,7 +294,7 @@ final class SSLExtensions { SSLExtension[] extensions) throws IOException { for (SSLExtension extension : extensions) { if (extension.networkProducer == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore, no extension producer defined: " + @@ -316,7 +316,7 @@ final class SSLExtensions { encodedLength += encoded.length + 4; // extension_type (2) // extension_data length(2) - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { // The extension is not available in the context. SSLLogger.fine( diff --git a/src/java.base/share/classes/sun/security/ssl/SSLLogger.java b/src/java.base/share/classes/sun/security/ssl/SSLLogger.java index 8ee72710487..361985e5fa9 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLLogger.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLLogger.java @@ -41,6 +41,7 @@ import java.time.ZoneId; import java.time.format.DateTimeFormatter; import java.util.*; +import jdk.internal.vm.annotation.ForceInline; import sun.security.util.HexDumpEncoder; import sun.security.util.Debug; import sun.security.x509.*; @@ -63,7 +64,7 @@ public final class SSLLogger { // high level boolean to track whether "all" or "ssl" option // is specified. Further checks may be necessary to determine // if data is logged - public static final boolean logging; + private static final boolean logging; static { String p = System.getProperty("javax.net.debug"); @@ -199,7 +200,7 @@ public final class SSLLogger { // Logs a warning message and always returns false. This method // can be used as an OR Predicate to add a log in a stream filter. public static boolean logWarning(Opt option, String s) { - if (SSLLogger.logging && option.on) { + if (SSLLogger.isOn() && option.on) { SSLLogger.warning(s); } return false; @@ -245,6 +246,11 @@ public final class SSLLogger { System.exit(0); } + @ForceInline + public static boolean isOn() { + return logging; + } + /** * Enum representing possible debug options for JSSE debugging. * diff --git a/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java b/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java index fbdd36b535e..533b7f9a52d 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java @@ -29,7 +29,6 @@ import java.io.IOException; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.ProviderException; -import java.security.spec.AlgorithmParameterSpec; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import sun.security.internal.spec.TlsMasterSecretParameterSpec; @@ -152,7 +151,7 @@ enum SSLMasterKeyDerivation implements SSLKeyDerivationGenerator { // // For RSA premaster secrets, do not signal a protocol error // due to the Bleichenbacher attack. See comments further down. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("RSA master secret generation error.", iae); } diff --git a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java index e49f927abf5..9b35d5a1222 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionContextImpl.java @@ -339,7 +339,7 @@ final class SSLSessionContextImpl implements SSLSessionContext { if (t < 0 || t > NewSessionTicket.MAX_TICKET_LIFETIME) { timeout = DEFAULT_SESSION_TIMEOUT; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("Invalid timeout given " + "jdk.tls.server.sessionTicketTimeout: " + t + @@ -350,7 +350,7 @@ final class SSLSessionContextImpl implements SSLSessionContext { } } catch (NumberFormatException e) { setSessionTimeout(DEFAULT_SESSION_TIMEOUT); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("Invalid timeout for " + "jdk.tls.server.sessionTicketTimeout: " + s + @@ -365,7 +365,7 @@ final class SSLSessionContextImpl implements SSLSessionContext { if (defaultCacheLimit >= 0) { return defaultCacheLimit; - } else if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning( "invalid System Property javax.net.ssl.sessionCacheSize, " + "use the default session cache size (" + @@ -373,7 +373,7 @@ final class SSLSessionContextImpl implements SSLSessionContext { } } catch (Exception e) { // unlikely, log it for safe - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning( "the System Property javax.net.ssl.sessionCacheSize is " + "not available, use the default value (" + diff --git a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java index 9eec0714ed4..af0b8909d30 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java @@ -223,7 +223,7 @@ final class SSLSessionImpl extends ExtendedSSLSession { this.identificationProtocol = hc.sslConfig.identificationProtocol; this.boundValues = new ConcurrentHashMap<>(); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { SSLLogger.finest("Session initialized: " + this); } } @@ -256,7 +256,7 @@ final class SSLSessionImpl extends ExtendedSSLSession { this.maximumPacketSize = baseSession.maximumPacketSize; this.boundValues = baseSession.boundValues; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { SSLLogger.finest("Session initialized: " + this); } } @@ -455,7 +455,7 @@ final class SSLSessionImpl extends ExtendedSSLSession { if (same) { this.localCerts = ((X509Possession) pos).popCerts; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { SSLLogger.fine("Restored " + len + " local certificates from session ticket" + " for algorithms " + Arrays.toString(certAlgs)); @@ -463,7 +463,7 @@ final class SSLSessionImpl extends ExtendedSSLSession { } else { this.localCerts = null; this.invalidated = true; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { SSLLogger.warning("Local certificates can not be restored " + "from session ticket " + "for algorithms " + Arrays.toString(certAlgs)); @@ -482,7 +482,7 @@ final class SSLSessionImpl extends ExtendedSSLSession { // If there is no getMasterSecret with TLS1.2 or under, do not resume. if (!protocolVersion.useTLS13PlusSpec() && getMasterSecret().getEncoded() == null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("No MasterSecret, cannot make stateless" + " ticket"); } @@ -490,7 +490,7 @@ final class SSLSessionImpl extends ExtendedSSLSession { } if (boundValues != null && boundValues.size() > 0) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("There are boundValues, cannot make" + " stateless ticket"); } @@ -862,7 +862,7 @@ final class SSLSessionImpl extends ExtendedSSLSession { void setSuite(CipherSuite suite) { cipherSuite = suite; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { SSLLogger.finest("Negotiating session: " + this); } } @@ -1132,7 +1132,7 @@ final class SSLSessionImpl extends ExtendedSSLSession { return; } invalidated = true; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SESSION)) { SSLLogger.finest("Invalidated session: " + this); } for (SSLSessionImpl child : childSessions) { diff --git a/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java index 24ba49fdc1a..f603cc22949 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java @@ -370,7 +370,7 @@ public final class SSLSocketImpl // start handshaking, if failed, the connection will be closed. ensureNegotiated(false); } catch (IOException ioe) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.severe("handshake failed", ioe); } @@ -573,7 +573,7 @@ public final class SSLSocketImpl return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("duplex close of SSLSocket"); } @@ -591,7 +591,7 @@ public final class SSLSocketImpl } } catch (IOException ioe) { // ignore the exception - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("SSLSocket duplex close failed. Debug info only. Exception details:", ioe); } } finally { @@ -601,7 +601,7 @@ public final class SSLSocketImpl closeSocket(false); } catch (IOException ioe) { // ignore the exception - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("SSLSocket close failed. Debug info only. Exception details:", ioe); } } finally { @@ -696,7 +696,7 @@ public final class SSLSocketImpl "close_notify message cannot be sent."); } else { super.shutdownOutput(); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning( "SSLSocket output duplex close failed: " + @@ -718,7 +718,7 @@ public final class SSLSocketImpl // failed to send the close_notify message. // conContext.conSession.invalidate(); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning( "Invalidate the session: SO_LINGER timeout, " + @@ -834,7 +834,7 @@ public final class SSLSocketImpl return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("close inbound of SSLSocket"); } @@ -870,7 +870,7 @@ public final class SSLSocketImpl return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("close outbound of SSLSocket"); } conContext.closeOutbound(); @@ -1029,7 +1029,7 @@ public final class SSLSocketImpl // filed is checked here, in case the closing process is // still in progress. if (hasDepleted) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("The input stream has been depleted"); } @@ -1050,7 +1050,7 @@ public final class SSLSocketImpl // Double check if the input stream has been depleted. if (hasDepleted) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("The input stream is closing"); } @@ -1137,7 +1137,7 @@ public final class SSLSocketImpl @Override public void close() throws IOException { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("Closing input stream"); } @@ -1145,7 +1145,7 @@ public final class SSLSocketImpl SSLSocketImpl.this.close(); } catch (IOException ioe) { // ignore the exception - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("input stream close failed. Debug info only. Exception details:", ioe); } } @@ -1221,7 +1221,7 @@ public final class SSLSocketImpl socketInputRecord.deplete( conContext.isNegotiated && (getSoTimeout() > 0)); } catch (Exception ex) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning( "input stream close depletion failed", ex); } @@ -1330,7 +1330,7 @@ public final class SSLSocketImpl @Override public void close() throws IOException { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("Closing output stream"); } @@ -1338,7 +1338,7 @@ public final class SSLSocketImpl SSLSocketImpl.this.close(); } catch (IOException ioe) { // ignore the exception - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("output stream close failed. Debug info only. Exception details:", ioe); } } @@ -1546,7 +1546,7 @@ public final class SSLSocketImpl if ((conContext.handshakeContext == null) && !conContext.isOutboundClosed() && !conContext.isBroken) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("trigger key update"); } startHandshake(); @@ -1565,7 +1565,7 @@ public final class SSLSocketImpl !conContext.isOutboundClosed() && !conContext.isInboundClosed() && !conContext.isBroken) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("trigger new session ticket"); } conContext.conSession.updateNST = false; @@ -1673,7 +1673,7 @@ public final class SSLSocketImpl * This method never returns normally, it always throws an IOException. */ private void handleException(Exception cause) throws IOException { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("handling exception", cause); } @@ -1750,7 +1750,7 @@ public final class SSLSocketImpl @Override public void shutdown() throws IOException { if (!isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("close the underlying socket"); } @@ -1776,7 +1776,7 @@ public final class SSLSocketImpl } private void closeSocket(boolean selfInitiated) throws IOException { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("close the SSL connection " + (selfInitiated ? "(initiative)" : "(passive)")); } @@ -1831,7 +1831,7 @@ public final class SSLSocketImpl * transport without waiting for the responding close_notify. */ private void waitForClose() throws IOException { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("wait for close_notify or alert"); } @@ -1841,7 +1841,7 @@ public final class SSLSocketImpl try { Plaintext plainText = decode(null); // discard and continue - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest( "discard plaintext while waiting for close", diff --git a/src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java b/src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java index ad73b90c62d..fd9c4b171e7 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java @@ -210,7 +210,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord { int contentLen = ((header[3] & 0xFF) << 8) + (header[4] & 0xFF); // pos: 3, 4 - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "READ: " + ProtocolVersion.nameOf(majorVersion, minorVersion) + @@ -243,7 +243,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord { readFully(contentLen); recordBody.flip(); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "READ: " + ProtocolVersion.nameOf(majorVersion, minorVersion) + @@ -406,7 +406,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord { */ os.write(SSLRecord.v2NoCipher); // SSLv2Hello - if (SSLLogger.logging) { + if (SSLLogger.isOn()) { if (SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "Requested to negotiate unsupported SSLv2!"); @@ -445,7 +445,7 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord { ByteBuffer converted = convertToClientHello(recordBody); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine( "[Converted] ClientHello", converted); @@ -489,14 +489,14 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord { private static int read(InputStream is, byte[] buf, int off, int len) throws IOException { int readLen = is.read(buf, off, len); if (readLen < 0) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine("Raw read: EOF"); } throw new EOFException("SSL peer shut down incorrectly"); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { ByteBuffer bb = ByteBuffer.wrap(buf, off, readLen); SSLLogger.fine("Raw read", bb); } diff --git a/src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java b/src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java index 59bdda8766f..43f0580550a 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java @@ -55,7 +55,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { recordLock.lock(); try { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "alert message: " + Alert.nameOf(description)); } @@ -67,7 +67,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { write(level); write(description); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine("WRITE: " + protocolVersion.name + " " + ContentType.ALERT.name + "(" + Alert.nameOf(description) + ")" + @@ -81,7 +81,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { deliverStream.write(buf, 0, count); // may throw IOException deliverStream.flush(); // may throw IOException - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine("Raw write", (new ByteArrayInputStream(buf, 0, count))); @@ -100,7 +100,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { recordLock.lock(); try { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "handshake message", ByteBuffer.wrap(source, offset, length)); @@ -128,7 +128,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { int limit = v2ClientHello.limit(); handshakeHash.deliver(record, 2, (limit - 2)); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "WRITE: SSLv2 ClientHello message" + @@ -143,7 +143,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { deliverStream.write(record, 0, limit); deliverStream.flush(); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine("Raw write", (new ByteArrayInputStream(record, 0, limit))); @@ -180,7 +180,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "WRITE: " + protocolVersion.name + " " + ContentType.HANDSHAKE.name + @@ -194,7 +194,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { deliverStream.write(buf, 0, count); // may throw IOException deliverStream.flush(); // may throw IOException - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine("Raw write", (new ByteArrayInputStream(buf, 0, count))); @@ -216,7 +216,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { recordLock.lock(); try { if (isClosed()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound has closed, ignore outbound " + "change_cipher_spec message"); } @@ -235,7 +235,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { deliverStream.write(buf, 0, count); // may throw IOException // deliverStream.flush(); // flush in Finished - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine("Raw write", (new ByteArrayInputStream(buf, 0, count))); @@ -262,7 +262,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { return; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "WRITE: " + protocolVersion.name + " " + ContentType.HANDSHAKE.name + @@ -276,7 +276,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { deliverStream.write(buf, 0, count); // may throw IOException deliverStream.flush(); // may throw IOException - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine("Raw write", (new ByteArrayInputStream(buf, 0, count))); @@ -299,7 +299,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { } if (writeCipher.authenticator.seqNumOverflow()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine( "sequence number extremely close to overflow " + "(2^64-1 packets). Closing connection."); @@ -336,7 +336,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { count = position; write(source, offset, fragLen); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD)) { SSLLogger.fine( "WRITE: " + protocolVersion.name + " " + ContentType.APPLICATION_DATA.name + @@ -351,7 +351,7 @@ final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord { deliverStream.write(buf, 0, count); // may throw IOException deliverStream.flush(); // may throw IOException - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RECORD_PACKET)) { SSLLogger.fine("Raw write", (new ByteArrayInputStream(buf, 0, count))); diff --git a/src/java.base/share/classes/sun/security/ssl/SSLTransport.java b/src/java.base/share/classes/sun/security/ssl/SSLTransport.java index a4c82229890..50bff1e6d21 100644 --- a/src/java.base/share/classes/sun/security/ssl/SSLTransport.java +++ b/src/java.base/share/classes/sun/security/ssl/SSLTransport.java @@ -113,7 +113,7 @@ interface SSLTransport { // Code to deliver SSLv2 error message for SSL/TLS connections. if (!context.sslContext.isDTLS()) { context.outputRecord.encodeV2NoCipher(); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("may be talking to SSLv2"); } } @@ -161,7 +161,7 @@ interface SSLTransport { if (context.handshakeContext != null && context.handshakeContext.sslConfig.enableRetransmissions && context.sslContext.isDTLS()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("retransmitted handshake flight"); } @@ -182,7 +182,7 @@ interface SSLTransport { // Note that JDK does not support 0-RTT yet. Otherwise, it is // needed to check early_data. if (!context.isNegotiated) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("unexpected application data " + "before handshake completion"); diff --git a/src/java.base/share/classes/sun/security/ssl/ServerHello.java b/src/java.base/share/classes/sun/security/ssl/ServerHello.java index 67791e859f7..bf1e0d67a11 100644 --- a/src/java.base/share/classes/sun/security/ssl/ServerHello.java +++ b/src/java.base/share/classes/sun/security/ssl/ServerHello.java @@ -365,7 +365,7 @@ final class ServerHello { shc.sslConfig.getEnabledExtensions( SSLHandshake.SERVER_HELLO, shc.negotiatedProtocol); shm.extensions.produce(shc, serverHelloExtensions); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced ServerHello handshake message", shm); } @@ -440,7 +440,7 @@ final class ServerHello { } // The cipher suite has been negotiated. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("use cipher suite " + cs.name); } @@ -454,7 +454,7 @@ final class ServerHello { if (ke != null) { SSLPossession[] hcds = ke.createPossessions(shc); if ((hcds != null) && (hcds.length != 0)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "use legacy cipher suite " + cs.name); @@ -572,7 +572,7 @@ final class ServerHello { shc.sslConfig.getEnabledExtensions( SSLHandshake.SERVER_HELLO, shc.negotiatedProtocol); shm.extensions.produce(shc, serverHelloExtensions); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Produced ServerHello handshake message", shm); } @@ -725,7 +725,7 @@ final class ServerHello { } // The cipher suite has been negotiated. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("use cipher suite " + cs.name); } @@ -733,7 +733,7 @@ final class ServerHello { } if (legacySuite != null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "use legacy cipher suite " + legacySuite.name); @@ -787,7 +787,7 @@ final class ServerHello { shc.sslConfig.getEnabledExtensions( SSLHandshake.HELLO_RETRY_REQUEST, shc.negotiatedProtocol); hhrm.extensions.produce(shc, serverHelloExtensions); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced HelloRetryRequest handshake message", hhrm); } @@ -849,7 +849,7 @@ final class ServerHello { shc.sslConfig.getEnabledExtensions( SSLHandshake.MESSAGE_HASH, shc.negotiatedProtocol); hhrm.extensions.produce(shc, serverHelloExtensions); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Reproduced HelloRetryRequest handshake message", hhrm); } @@ -890,7 +890,7 @@ final class ServerHello { } ServerHelloMessage shm = new ServerHelloMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Consuming ServerHello handshake message", shm); } @@ -935,7 +935,7 @@ final class ServerHello { } chc.negotiatedProtocol = serverVersion; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Negotiated protocol version: " + serverVersion.name); } @@ -990,7 +990,7 @@ final class ServerHello { chc.conContext.protocolVersion = chc.negotiatedProtocol; chc.conContext.outputRecord.setVersion(chc.negotiatedProtocol); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Negotiated protocol version: " + serverVersion.name); } @@ -1136,7 +1136,7 @@ final class ServerHello { chc.handshakeSession = new SSLSessionImpl(chc, chc.negotiatedCipherSuite, newId); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Locally assigned Session Id: " + newId.toString()); @@ -1209,7 +1209,7 @@ final class ServerHello { private static void setUpPskKD(HandshakeContext hc, SecretKey psk) throws SSLHandshakeException { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Using PSK to derive early secret"); } diff --git a/src/java.base/share/classes/sun/security/ssl/ServerHelloDone.java b/src/java.base/share/classes/sun/security/ssl/ServerHelloDone.java index 66736102e7a..e188f698f4b 100644 --- a/src/java.base/share/classes/sun/security/ssl/ServerHelloDone.java +++ b/src/java.base/share/classes/sun/security/ssl/ServerHelloDone.java @@ -93,7 +93,7 @@ final class ServerHelloDone { ServerHandshakeContext shc = (ServerHandshakeContext)context; ServerHelloDoneMessage shdm = new ServerHelloDoneMessage(shc); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Produced ServerHelloDone handshake message", shdm); } @@ -147,7 +147,7 @@ final class ServerHelloDone { ServerHelloDoneMessage shdm = new ServerHelloDoneMessage(chc, message); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Consuming ServerHelloDone handshake message", shdm); } diff --git a/src/java.base/share/classes/sun/security/ssl/ServerNameExtension.java b/src/java.base/share/classes/sun/security/ssl/ServerNameExtension.java index 06f13c056bb..0e232b17dda 100644 --- a/src/java.base/share/classes/sun/security/ssl/ServerNameExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/ServerNameExtension.java @@ -216,7 +216,7 @@ final class ServerNameExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(CH_SERVER_NAME)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore unavailable server_name extension"); @@ -262,7 +262,7 @@ final class ServerNameExtension { return extData; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("Unable to indicate server name"); } return null; @@ -288,7 +288,7 @@ final class ServerNameExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(CH_SERVER_NAME)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + CH_SERVER_NAME.name); @@ -307,7 +307,7 @@ final class ServerNameExtension { if (!shc.sslConfig.sniMatchers.isEmpty()) { sni = chooseSni(shc.sslConfig.sniMatchers, spec.serverNames); if (sni != null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "server name indication (" + @@ -325,7 +325,7 @@ final class ServerNameExtension { // connection with a "missing_extension" alert. // // We do not reject client without SNI extension currently. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "no server name matchers, " + @@ -351,7 +351,7 @@ final class ServerNameExtension { // so don't include the pre-shared key in the // ServerHello handshake message shc.handshakeExtensions.remove(SH_PRE_SHARED_KEY); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "abort session resumption, " + @@ -446,7 +446,7 @@ final class ServerNameExtension { CHServerNamesSpec spec = (CHServerNamesSpec) shc.handshakeExtensions.get(CH_SERVER_NAME); if (spec == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Ignore unavailable extension: " + SH_SERVER_NAME.name); @@ -457,7 +457,7 @@ final class ServerNameExtension { // When resuming a session, the server MUST NOT include a // server_name extension in the server hello. if (shc.isResumption || shc.negotiatedServerName == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "No expected server name indication response"); @@ -535,7 +535,7 @@ final class ServerNameExtension { CHServerNamesSpec spec = (CHServerNamesSpec) shc.handshakeExtensions.get(CH_SERVER_NAME); if (spec == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "Ignore unavailable extension: " + EE_SERVER_NAME.name); @@ -546,7 +546,7 @@ final class ServerNameExtension { // When resuming a session, the server MUST NOT include a // server_name extension in the server hello. if (shc.isResumption || shc.negotiatedServerName == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest( "No expected server name indication response"); diff --git a/src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java b/src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java index ab887e08a97..84b74acf8aa 100644 --- a/src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java @@ -93,7 +93,7 @@ final class SessionTicketExtension { kt = Integer.parseInt(s) * 1000; // change to ms if (kt < 0 || kt > NewSessionTicket.MAX_TICKET_LIFETIME) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("Invalid timeout for " + "jdk.tls.server.statelessKeyTimeout: " + @@ -104,7 +104,7 @@ final class SessionTicketExtension { } } catch (NumberFormatException e) { kt = TIMEOUT_DEFAULT; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("Invalid timeout for " + "jdk.tls.server.statelessKeyTimeout: " + s + ". Set to default value " + TIMEOUT_DEFAULT + @@ -253,7 +253,7 @@ final class SessionTicketExtension { Integer.BYTES + iv.length + 1, encrypted.length); return result; } catch (Exception e) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Encryption failed." + e); } @@ -296,7 +296,7 @@ final class SessionTicketExtension { return out; } catch (Exception e) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Decryption failed." + e); } @@ -312,7 +312,7 @@ final class SessionTicketExtension { gos.write(input, 0, decompressedLen); gos.finish(); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("decompressed bytes: " + decompressedLen + "; compressed bytes: " + baos.size()); } @@ -331,7 +331,7 @@ final class SessionTicketExtension { new ByteArrayInputStream(bytes))) { byte[] out = gis.readAllBytes(); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("compressed bytes: " + compressedLen + "; decompressed bytes: " + out.length); } @@ -397,7 +397,7 @@ final class SessionTicketExtension { // If the context does not allow stateless tickets, exit if (!((SSLSessionContextImpl)chc.sslContext. engineGetClientSessionContext()).statelessEnabled()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Stateless resumption not supported"); } @@ -410,7 +410,7 @@ final class SessionTicketExtension { if (!chc.isResumption || chc.resumingSession == null || chc.resumingSession.getPskIdentity() == null || chc.resumingSession.getProtocolVersion().useTLS13PlusSpec()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Stateless resumption supported"); } @@ -455,7 +455,7 @@ final class SessionTicketExtension { shc.statelessResumption = true; if (buffer.remaining() == 0) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Client accepts session tickets."); } @@ -468,12 +468,12 @@ final class SessionTicketExtension { if (b != null) { shc.resumingSession = new SSLSessionImpl(shc, b); shc.isResumption = true; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Valid stateless session ticket found"); } } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Invalid stateless session ticket found"); } @@ -554,7 +554,7 @@ final class SessionTicketExtension { // Disable stateless resumption if server doesn't send the extension. if (chc.statelessResumption) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.info( "Server doesn't support stateless resumption"); } diff --git a/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java b/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java index 11476b47443..41ed1b9462b 100644 --- a/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java @@ -182,7 +182,7 @@ final class SignatureAlgorithmsExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable( SSLExtension.CH_SIGNATURE_ALGORITHMS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable signature_algorithms extension"); @@ -219,7 +219,7 @@ final class SignatureAlgorithmsExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable( SSLExtension.CH_SIGNATURE_ALGORITHMS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable signature_algorithms extension"); diff --git a/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java b/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java index 9cf81d48477..ba9a6f4fc4e 100644 --- a/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java +++ b/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java @@ -34,7 +34,6 @@ import java.util.AbstractMap.SimpleImmutableEntry; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; -import java.util.Collections; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -205,7 +204,7 @@ enum SignatureScheme { NoSuchAlgorithmException | RuntimeException exp) { // Signature.getParameters() may throw RuntimeException. mediator = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "RSASSA-PSS signature with " + hash + @@ -299,7 +298,7 @@ enum SignatureScheme { Signature.getInstance(algorithm); } catch (Exception e) { mediator = false; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Signature algorithm, " + algorithm + @@ -435,7 +434,7 @@ enum SignatureScheme { for (SignatureScheme ss: schemesToCheck) { if (!ss.isAvailable) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Ignore unsupported signature scheme: " + ss.name); @@ -454,12 +453,12 @@ enum SignatureScheme { if (isMatch) { if (ss.isPermitted(constraints, scopes)) { supported.add(ss); - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Ignore disabled signature scheme: " + ss.name); } - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Ignore inactive signature scheme: " + ss.name); @@ -479,7 +478,7 @@ enum SignatureScheme { for (int ssid : algorithmIds) { SignatureScheme ss = SignatureScheme.valueOf(ssid); if (ss == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Unsupported signature scheme: " + @@ -490,7 +489,7 @@ enum SignatureScheme { && ss.isAllowed(constraints, protocolVersion, scopes)) { supported.add(ss); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Unsupported signature scheme: " + ss.name); @@ -550,7 +549,7 @@ enum SignatureScheme { } } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Ignore the signature algorithm (" + ss + @@ -579,7 +578,7 @@ enum SignatureScheme { } } - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Ignore the legacy signature algorithm (" + ss + @@ -665,7 +664,7 @@ enum SignatureScheme { return signer; } catch (NoSuchAlgorithmException | InvalidKeyException | InvalidAlgorithmParameterException nsae) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.finest( "Ignore unsupported signature algorithm (" + diff --git a/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java b/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java index f690b36506a..2a4dc80eb42 100644 --- a/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java +++ b/src/java.base/share/classes/sun/security/ssl/StatusResponseManager.java @@ -119,13 +119,13 @@ final class StatusResponseManager { if (cert.getExtensionValue( PKIXExtensions.OCSPNoCheck_Id.toString()) != null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "OCSP NoCheck extension found. OCSP will be skipped"); } return null; } else if (defaultResponder != null && respOverride) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Responder override: URI is " + defaultResponder); } @@ -165,7 +165,7 @@ final class StatusResponseManager { Map responseMap = new HashMap<>(); List requestList = new ArrayList<>(); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Beginning check: Type = " + type + ", Chain length = " + chain.length); @@ -192,7 +192,7 @@ final class StatusResponseManager { requestList.add(new OCSPFetchCall(sInfo, ocspReq)); } } catch (IOException exc) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Exception during CertId creation: ", exc); @@ -220,7 +220,7 @@ final class StatusResponseManager { requestList.add(new OCSPFetchCall(sInfo, ocspReq)); } } catch (IOException exc) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Exception during CertId creation: ", exc); @@ -228,7 +228,7 @@ final class StatusResponseManager { } } } else { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine("Unsupported status request type: " + type); } } @@ -259,7 +259,7 @@ final class StatusResponseManager { // that, otherwise just log the ExecutionException Throwable cause = Optional.ofNullable( exc.getCause()).orElse(exc); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine("Exception during OCSP fetch: " + cause); @@ -269,13 +269,13 @@ final class StatusResponseManager { if (info != null && info.responseData != null) { responseMap.put(info.cert, info.responseData.ocspBytes); - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Completed task had no response data"); } } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine("Found cancelled task"); } @@ -284,7 +284,7 @@ final class StatusResponseManager { } catch (InterruptedException intex) { // Log and reset the interrupted state Thread.currentThread().interrupt(); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine("Interrupt occurred while fetching: " + intex); @@ -313,7 +313,7 @@ final class StatusResponseManager { for (Extension ext : ocspRequest.extensions) { if (ext.getId().equals( PKIXExtensions.OCSPNonce_Id.toString())) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Nonce extension found, skipping cache check"); @@ -329,14 +329,14 @@ final class StatusResponseManager { // and do not return it as a cache hit. if (respEntry != null && respEntry.nextUpdate != null && respEntry.nextUpdate.before(new Date())) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "nextUpdate threshold exceeded, purging from cache"); } respEntry = null; } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Check cache for SN" + Debug.toString(cid.getSerialNumber()) + ": " + (respEntry != null ? "HIT" : "MISS")); @@ -499,7 +499,7 @@ final class StatusResponseManager { */ @Override public StatusInfo call() { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Starting fetch for SN " + Debug.toString(statInfo.cid.getSerialNumber())); @@ -511,14 +511,14 @@ final class StatusResponseManager { if (statInfo.responder == null) { // If we have no URI then there's nothing to do // but return. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Null URI detected, OCSP fetch aborted"); } return statInfo; } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Attempting fetch from " + statInfo.responder); @@ -549,7 +549,7 @@ final class StatusResponseManager { statInfo.cid); // Get the response status and act on it appropriately - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine("OCSP Status: " + cacheEntry.status + " (" + respBytes.length + " bytes)"); @@ -563,7 +563,7 @@ final class StatusResponseManager { addToCache(statInfo.cid, cacheEntry); } } catch (IOException ioe) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine("Caught exception: ", ioe); } @@ -583,13 +583,13 @@ final class StatusResponseManager { // If no cache lifetime has been set on entries then // don't cache this response if there is no nextUpdate field if (entry.nextUpdate == null && cacheLifetime == 0) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine("Not caching this OCSP response"); } } else { responseCache.put(certId, entry); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.RESPMGR)) { SSLLogger.fine( "Added response for SN " + @@ -612,7 +612,7 @@ final class StatusResponseManager { // is necessary. Also, we will only staple if we're doing a full // handshake. if (!shc.sslContext.isStaplingEnabled(false) || shc.isResumption) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("Staping disabled or is a resumed session"); } return null; @@ -635,7 +635,7 @@ final class StatusResponseManager { // selection yet, only accept a request if the ResponderId field // is empty. Finally, we'll only do this in (D)TLS 1.2 or earlier. if (statReqV2 != null && !shc.negotiatedProtocol.useTLS13PlusSpec()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("SH Processing status_request_v2 extension"); } @@ -673,7 +673,7 @@ final class StatusResponseManager { req = reqItems[ocspIdx]; type = CertStatusRequestType.valueOf(req.statusType); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("Warning: No suitable request " + "found in the status_request_v2 extension."); @@ -691,7 +691,7 @@ final class StatusResponseManager { // we will try processing an asserted status_request. if ((statReq != null) && (ext == null || type == null || req == null)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE_VERBOSE)) { SSLLogger.fine("SH Processing status_request extension"); } @@ -706,7 +706,7 @@ final class StatusResponseManager { if (ocspReq.responderIds.isEmpty()) { req = ocspReq; } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("Warning: No suitable request " + "found in the status_request extension."); @@ -719,7 +719,7 @@ final class StatusResponseManager { // find a suitable StatusRequest, then stapling is disabled. // The ext, type and req variables must have been set to continue. if (type == null || req == null || ext == null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine("No suitable status_request or " + "status_request_v2, stapling is disabled"); } @@ -736,7 +736,7 @@ final class StatusResponseManager { } if (x509Possession == null) { // unlikely - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("Warning: no X.509 certificates found. " + "Stapling is disabled."); } @@ -758,7 +758,7 @@ final class StatusResponseManager { responses = statRespMgr.get(fetchType, req, certs, shc.statusRespTimeout, TimeUnit.MILLISECONDS); if (!responses.isEmpty()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("Response manager returned " + responses.size() + " entries."); @@ -768,7 +768,7 @@ final class StatusResponseManager { if (type == CertStatusRequestType.OCSP) { byte[] respDER = responses.get(certs[0]); if (respDER == null || respDER.length == 0) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("Warning: Null or zero-length " + "response found for leaf certificate. " + @@ -779,7 +779,7 @@ final class StatusResponseManager { } params = new StaplingParameters(ext, type, req, responses); } else { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("Warning: no OCSP responses obtained. " + "Stapling is disabled."); @@ -788,7 +788,7 @@ final class StatusResponseManager { } else { // This should not happen, but if lazy initialization of the // StatusResponseManager doesn't occur we should turn off stapling. - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.finest("Warning: lazy initialization " + "of the StatusResponseManager failed. " + "Stapling is disabled."); diff --git a/src/java.base/share/classes/sun/security/ssl/SunX509KeyManagerImpl.java b/src/java.base/share/classes/sun/security/ssl/SunX509KeyManagerImpl.java index 1898bd239f2..7775a2bca97 100644 --- a/src/java.base/share/classes/sun/security/ssl/SunX509KeyManagerImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/SunX509KeyManagerImpl.java @@ -129,7 +129,7 @@ final class SunX509KeyManagerImpl extends X509KeyManagerCertChecking { X509Credentials cred = new X509Credentials((PrivateKey) key, (X509Certificate[]) certs); credentialsMap.put(alias, cred); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine("found key for : " + alias, (Object[])certs); } } @@ -315,7 +315,7 @@ final class SunX509KeyManagerImpl extends X509KeyManagerCertChecking { } if (results == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine("KeyMgr: no matching key found"); } diff --git a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java index 06b32328a42..28e81e52866 100644 --- a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java @@ -164,7 +164,7 @@ final class SupportedGroupsExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(CH_SUPPORTED_GROUPS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable supported_groups extension"); @@ -178,7 +178,7 @@ final class SupportedGroupsExtension { for (String name : chc.sslConfig.namedGroups) { NamedGroup ng = NamedGroup.nameOf(name); if (ng == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unspecified named group: " + name); @@ -195,7 +195,7 @@ final class SupportedGroupsExtension { ng.isSupported(chc.activeCipherSuites) && ng.isPermitted(chc.algorithmConstraints)) { namedGroups.add(ng); - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore inactive or disabled named group: " + ng.name); @@ -203,7 +203,7 @@ final class SupportedGroupsExtension { } if (namedGroups.isEmpty()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("no available named group"); } @@ -248,7 +248,7 @@ final class SupportedGroupsExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(CH_SUPPORTED_GROUPS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable supported_groups extension"); @@ -324,7 +324,7 @@ final class SupportedGroupsExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(EE_SUPPORTED_GROUPS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable supported_groups extension"); @@ -341,7 +341,7 @@ final class SupportedGroupsExtension { for (String name : shc.sslConfig.namedGroups) { NamedGroup ng = NamedGroup.nameOf(name); if (ng == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unspecified named group: " + name); @@ -358,7 +358,7 @@ final class SupportedGroupsExtension { ng.isSupported(shc.activeCipherSuites) && ng.isPermitted(shc.algorithmConstraints)) { namedGroups.add(ng); - } else if (SSLLogger.logging && + } else if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore inactive or disabled named group: " + ng.name); @@ -366,7 +366,7 @@ final class SupportedGroupsExtension { } if (namedGroups.isEmpty()) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning("no available named group"); } @@ -407,7 +407,7 @@ final class SupportedGroupsExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(EE_SUPPORTED_GROUPS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable supported_groups extension"); diff --git a/src/java.base/share/classes/sun/security/ssl/SupportedVersionsExtension.java b/src/java.base/share/classes/sun/security/ssl/SupportedVersionsExtension.java index 595ae3fd1b1..90c315a57c5 100644 --- a/src/java.base/share/classes/sun/security/ssl/SupportedVersionsExtension.java +++ b/src/java.base/share/classes/sun/security/ssl/SupportedVersionsExtension.java @@ -168,7 +168,7 @@ final class SupportedVersionsExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + @@ -217,7 +217,7 @@ final class SupportedVersionsExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + @@ -310,7 +310,7 @@ final class SupportedVersionsExtension { shc.handshakeExtensions.get(CH_SUPPORTED_VERSIONS); if (svs == null) { // Unlikely, no key_share extension requested. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.warning( "Ignore unavailable supported_versions extension"); @@ -320,7 +320,7 @@ final class SupportedVersionsExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + @@ -360,7 +360,7 @@ final class SupportedVersionsExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + @@ -404,7 +404,7 @@ final class SupportedVersionsExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + @@ -447,7 +447,7 @@ final class SupportedVersionsExtension { // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "Ignore unavailable extension: " + @@ -490,7 +490,7 @@ final class SupportedVersionsExtension { // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.HANDSHAKE)) { SSLLogger.fine( "[Reproduce] Ignore unavailable extension: " + diff --git a/src/java.base/share/classes/sun/security/ssl/TransportContext.java b/src/java.base/share/classes/sun/security/ssl/TransportContext.java index 294444f0586..aecfc34a17e 100644 --- a/src/java.base/share/classes/sun/security/ssl/TransportContext.java +++ b/src/java.base/share/classes/sun/security/ssl/TransportContext.java @@ -270,7 +270,7 @@ final class TransportContext implements ConnectionContext { try { outputRecord.encodeAlert(Alert.Level.WARNING.level, alert.id); } catch (IOException ioe) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning( "Warning: failed to send warning alert " + alert, ioe); } @@ -330,7 +330,7 @@ final class TransportContext implements ConnectionContext { // so we'll do it here. if (closeReason != null) { if (cause == null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning( "Closed transport, general or untracked problem"); } @@ -341,7 +341,7 @@ final class TransportContext implements ConnectionContext { if (cause instanceof SSLException) { throw (SSLException)cause; } else { // unlikely, but just in case. - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning( "Closed transport, unexpected rethrowing", cause); } @@ -364,7 +364,7 @@ final class TransportContext implements ConnectionContext { } // shutdown the transport - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.severe("Fatal (" + alert + "): " + diagnostic, cause); } @@ -380,7 +380,7 @@ final class TransportContext implements ConnectionContext { try { inputRecord.close(); } catch (IOException ioe) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("Fatal: input record closure failed", ioe); } @@ -411,7 +411,7 @@ final class TransportContext implements ConnectionContext { try { outputRecord.encodeAlert(Alert.Level.FATAL.level, alert.id); } catch (IOException ioe) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning( "Fatal: failed to send fatal alert " + alert, ioe); } @@ -424,7 +424,7 @@ final class TransportContext implements ConnectionContext { try { outputRecord.close(); } catch (IOException ioe) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("Fatal: output record closure failed", ioe); } @@ -440,7 +440,7 @@ final class TransportContext implements ConnectionContext { try { transport.shutdown(); } catch (IOException ioe) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("Fatal: transport closure failed", ioe); } @@ -526,7 +526,7 @@ final class TransportContext implements ConnectionContext { passiveInboundClose(); } } catch (IOException ioe) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("inbound closure failed", ioe); } } @@ -583,7 +583,7 @@ final class TransportContext implements ConnectionContext { try { initiateOutboundClose(); } catch (IOException ioe) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning("outbound closure failed", ioe); } } diff --git a/src/java.base/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java b/src/java.base/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java index b63b0ad4b88..584a125710e 100644 --- a/src/java.base/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java @@ -48,27 +48,27 @@ abstract class TrustManagerFactoryImpl extends TrustManagerFactorySpi { trustManager = getInstance(TrustStoreManager.getTrustedCerts()); } catch (SecurityException se) { // eat security exceptions but report other throwables - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine( "SunX509: skip default keystore", se); } } catch (Error err) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine( "SunX509: skip default keystore", err); } throw err; } catch (RuntimeException re) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine( "SunX509: skip default keystore", re); } throw re; } catch (Exception e) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine( "SunX509: skip default keystore", e); diff --git a/src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java b/src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java index e24fb17a166..0f0bfa4bfa8 100644 --- a/src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java +++ b/src/java.base/share/classes/sun/security/ssl/TrustStoreManager.java @@ -108,7 +108,7 @@ final class TrustStoreManager { this.storeFile = storeFile; this.lastModified = lastModified; - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine( "trustStore is: " + storeName + "\n" + @@ -152,7 +152,7 @@ final class TrustStoreManager { } // Not break, the file is inaccessible. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine( "Inaccessible trust store: " + @@ -268,7 +268,7 @@ final class TrustStoreManager { } // Reload a new key store. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("Reload the trust store"); } @@ -323,7 +323,7 @@ final class TrustStoreManager { // Reload the trust store if needed. if (ks == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("Reload the trust store"); } @@ -332,13 +332,13 @@ final class TrustStoreManager { } // Reload trust certs from the key store. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("Reload trust certs"); } certs = loadTrustedCerts(ks); - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("Reloaded " + certs.size() + " trust certs"); } @@ -360,7 +360,7 @@ final class TrustStoreManager { descriptor.storeFile == null) { // No file available, no KeyStore available. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("No available key store"); } @@ -388,7 +388,7 @@ final class TrustStoreManager { ks.load(bis, password); } catch (FileNotFoundException fnfe) { // No file available, no KeyStore available. - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine( "Not available key store: " + descriptor.storeName); diff --git a/src/java.base/share/classes/sun/security/ssl/Utilities.java b/src/java.base/share/classes/sun/security/ssl/Utilities.java index 1fdbe1ae254..e289a9e1bd6 100644 --- a/src/java.base/share/classes/sun/security/ssl/Utilities.java +++ b/src/java.base/share/classes/sun/security/ssl/Utilities.java @@ -70,7 +70,7 @@ final class Utilities { SNIServerName serverName = sniList.get(i); if (serverName.getType() == StandardConstants.SNI_HOST_NAME) { sniList.set(i, sniHostName); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine( "the previous server name in SNI (" + serverName + ") was replaced with (" + sniHostName + ")"); @@ -116,7 +116,7 @@ final class Utilities { return new SNIHostName(hostname); } catch (IllegalArgumentException iae) { // don't bother to handle illegal host_name - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine(hostname + "\" " + "is not a legal HostName for server name indication"); } diff --git a/src/java.base/share/classes/sun/security/ssl/X509Authentication.java b/src/java.base/share/classes/sun/security/ssl/X509Authentication.java index c4570cde47b..bdb2dd7706f 100644 --- a/src/java.base/share/classes/sun/security/ssl/X509Authentication.java +++ b/src/java.base/share/classes/sun/security/ssl/X509Authentication.java @@ -201,7 +201,7 @@ enum X509Authentication implements SSLAuthentication { private static SSLPossession createClientPossession( ClientHandshakeContext chc, String[] keyTypes) { X509ExtendedKeyManager km = chc.sslContext.getX509KeyManager(); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("X509KeyManager class: " + km.getClass().getName()); } @@ -243,7 +243,7 @@ enum X509Authentication implements SSLAuthentication { } if (clientAlias == null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("No X.509 cert selected for " + Arrays.toString(keyTypes)); } @@ -252,7 +252,7 @@ enum X509Authentication implements SSLAuthentication { PrivateKey clientPrivateKey = km.getPrivateKey(clientAlias); if (clientPrivateKey == null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest( clientAlias + " is not a private key entry"); } @@ -261,7 +261,7 @@ enum X509Authentication implements SSLAuthentication { X509Certificate[] clientCerts = km.getCertificateChain(clientAlias); if ((clientCerts == null) || (clientCerts.length == 0)) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest(clientAlias + " is a private key entry with no cert chain stored"); } @@ -270,7 +270,7 @@ enum X509Authentication implements SSLAuthentication { String privateKeyAlgorithm = clientPrivateKey.getAlgorithm(); if (!Arrays.asList(keyTypes).contains(privateKeyAlgorithm)) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine( clientAlias + " private key algorithm " + privateKeyAlgorithm + " not in request list"); @@ -280,7 +280,7 @@ enum X509Authentication implements SSLAuthentication { String publicKeyAlgorithm = clientCerts[0].getPublicKey().getAlgorithm(); if (!privateKeyAlgorithm.equals(publicKeyAlgorithm)) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine( clientAlias + " private or public key is not of " + "same algorithm: " + @@ -296,7 +296,7 @@ enum X509Authentication implements SSLAuthentication { private static SSLPossession createServerPossession( ServerHandshakeContext shc, String[] keyTypes) { X509ExtendedKeyManager km = shc.sslContext.getX509KeyManager(); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("X509KeyManager class: " + km.getClass().getName()); } @@ -337,7 +337,7 @@ enum X509Authentication implements SSLAuthentication { } if (serverAlias == null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest("No X.509 cert selected for " + keyType); } continue; @@ -345,7 +345,7 @@ enum X509Authentication implements SSLAuthentication { PrivateKey serverPrivateKey = km.getPrivateKey(serverAlias); if (serverPrivateKey == null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest( serverAlias + " is not a private key entry"); } @@ -354,7 +354,7 @@ enum X509Authentication implements SSLAuthentication { X509Certificate[] serverCerts = km.getCertificateChain(serverAlias); if ((serverCerts == null) || (serverCerts.length == 0)) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.finest( serverAlias + " is not a certificate entry"); } @@ -364,7 +364,7 @@ enum X509Authentication implements SSLAuthentication { PublicKey serverPublicKey = serverCerts[0].getPublicKey(); if ((!serverPrivateKey.getAlgorithm().equals(keyType)) || (!serverPublicKey.getAlgorithm().equals(keyType))) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine( serverAlias + " private or public key is not of " + keyType + " algorithm"); @@ -379,7 +379,7 @@ enum X509Authentication implements SSLAuthentication { if (!shc.negotiatedProtocol.useTLS13PlusSpec() && keyType.equals("EC")) { if (!(serverPublicKey instanceof ECPublicKey)) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning(serverAlias + " public key is not an instance of ECPublicKey"); } @@ -398,7 +398,7 @@ enum X509Authentication implements SSLAuthentication { ((shc.clientRequestedNamedGroups != null) && !shc.clientRequestedNamedGroups.contains(namedGroup))) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.warning( "Unsupported named group (" + namedGroup + diff --git a/src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java b/src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java index e8237d2fc0e..6d26558847c 100644 --- a/src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java +++ b/src/java.base/share/classes/sun/security/ssl/X509KeyManagerCertChecking.java @@ -116,7 +116,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager { } if (keyIndex == -1) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine("Ignore alias " + alias + ": key algorithm does not match"); } @@ -134,7 +134,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager { } } if (!found) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine( "Ignore alias " + alias @@ -151,7 +151,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager { !conformsToAlgorithmConstraints(constraints, chain, checkType.getValidator())) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine("Ignore alias " + alias + ": certificate chain does not conform to " + "algorithm constraints"); @@ -220,7 +220,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager { checker.init(false); } catch (CertPathValidatorException cpve) { // unlikely to happen - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine( "Cannot initialize algorithm constraints checker", cpve); @@ -236,7 +236,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager { // We don't care about the unresolved critical extensions. checker.check(cert, Collections.emptySet()); } catch (CertPathValidatorException cpve) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine("Certificate does not conform to " + "algorithm constraints", cert, cpve); @@ -394,7 +394,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager { serverName.getEncoded()); } catch (IllegalArgumentException iae) { // unlikely to happen, just in case ... - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine("Illegal server name: " + serverName); @@ -410,7 +410,7 @@ abstract class X509KeyManagerCertChecking extends X509ExtendedKeyManager { X509TrustManagerImpl.checkIdentity(hostname, cert, idAlgorithm); } catch (CertificateException e) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine( "Certificate identity does not match " diff --git a/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java b/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java index 13ca32c77ec..be982bfd192 100644 --- a/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java @@ -228,7 +228,7 @@ final class X509KeyManagerImpl extends X509KeyManagerCertChecking { || (secondDot - firstDot < 2) || (alias.length() - secondDot < 2)) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.warning("Invalid alias format: " + alias); } return null; @@ -255,7 +255,7 @@ final class X509KeyManagerImpl extends X509KeyManagerCertChecking { NoSuchAlgorithmException | IndexOutOfBoundsException e) { // ignore and only log exception - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.warning("Exception thrown while getting an alias " + alias + ": " + e); } @@ -295,7 +295,7 @@ final class X509KeyManagerImpl extends X509KeyManagerCertChecking { if (results != null) { for (EntryStatus status : results) { if (status.checkResult == CheckResult.OK) { - if (SSLLogger.logging + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine("Choosing key: " + status); } @@ -312,13 +312,13 @@ final class X509KeyManagerImpl extends X509KeyManagerCertChecking { } } if (allResults == null) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine("No matching key found"); } return null; } Collections.sort(allResults); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine( "No good matching key found, " + "returning best match out of", allResults); @@ -358,13 +358,13 @@ final class X509KeyManagerImpl extends X509KeyManagerCertChecking { } } if (allResults == null || allResults.isEmpty()) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine("No matching alias found"); } return null; } Collections.sort(allResults); - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.KEYMANAGER)) { SSLLogger.fine("Getting aliases", allResults); } return toAliases(allResults); diff --git a/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java b/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java index 66d91741842..741043d6bb1 100644 --- a/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java +++ b/src/java.base/share/classes/sun/security/ssl/X509TrustManagerImpl.java @@ -81,7 +81,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager this.trustedCerts = trustedCerts; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("adding as trusted certificates", (Object[])trustedCerts.toArray(new X509Certificate[0])); } @@ -98,7 +98,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager trustedCerts = v.getTrustedCertificates(); serverValidator = v; - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("adding as trusted certificates", (Object[])trustedCerts.toArray(new X509Certificate[0])); } @@ -242,7 +242,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager null, checkClientTrusted ? null : authType); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("Found trusted certificate", trustedChain[trustedChain.length - 1]); } @@ -288,7 +288,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager null, checkClientTrusted ? null : authType); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("Found trusted certificate", trustedChain[trustedChain.length - 1]); } @@ -331,7 +331,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager null, checkClientTrusted ? null : authType); } - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("Found trusted certificate", trustedChain[trustedChain.length - 1]); } @@ -365,7 +365,7 @@ final class X509TrustManagerImpl extends X509ExtendedTrustManager hostname = new SNIHostName(sniName.getEncoded()); } catch (IllegalArgumentException iae) { // unlikely to happen, just in case ... - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine("Illegal server name: " + sniName); } diff --git a/src/java.base/share/classes/sun/security/util/DomainName.java b/src/java.base/share/classes/sun/security/util/DomainName.java index 550e49e5005..82a5179e9b5 100644 --- a/src/java.base/share/classes/sun/security/util/DomainName.java +++ b/src/java.base/share/classes/sun/security/util/DomainName.java @@ -192,7 +192,7 @@ class DomainName { } return getRules(tld, new ZipInputStream(pubSuffixStream)); } catch (IOException e) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine( "cannot parse public suffix data for " + tld + ": " + e.getMessage()); @@ -209,7 +209,7 @@ class DomainName { is = new FileInputStream(f); } catch (FileNotFoundException e) { } if (is == null) { - if (SSLLogger.logging && + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.TRUSTMANAGER)) { SSLLogger.fine( "lib/security/public_suffix_list.dat not found"); @@ -230,7 +230,7 @@ class DomainName { } } if (!found) { - if (SSLLogger.logging && SSLLogger.isOn(SSLLogger.Opt.SSL)) { + if (SSLLogger.isOn() && SSLLogger.isOn(SSLLogger.Opt.SSL)) { SSLLogger.fine("Domain " + tld + " not found"); } return null; diff --git a/src/java.base/share/classes/sun/security/util/HostnameChecker.java b/src/java.base/share/classes/sun/security/util/HostnameChecker.java index f4476f0f4ce..65115c9aeaf 100644 --- a/src/java.base/share/classes/sun/security/util/HostnameChecker.java +++ b/src/java.base/share/classes/sun/security/util/HostnameChecker.java @@ -271,7 +271,7 @@ public class HostnameChecker { name = IDN.toUnicode(IDN.toASCII(name)); template = IDN.toUnicode(IDN.toASCII(template)); } catch (RuntimeException re) { - if (SSLLogger.logging) { + if (SSLLogger.isOn()) { SSLLogger.fine("Failed to normalize to Unicode: " + re); } @@ -308,7 +308,7 @@ public class HostnameChecker { String template, boolean chainsToPublicCA) { // not ok if it is a single wildcard character or "*." if (template.equals("*") || template.equals("*.")) { - if (SSLLogger.logging) { + if (SSLLogger.isOn()) { SSLLogger.fine( "Certificate domain name has illegal single " + "wildcard character: " + template); @@ -328,7 +328,7 @@ public class HostnameChecker { // not ok if there is no dot after wildcard (ex: "*com") if (firstDotIndex == -1) { - if (SSLLogger.logging) { + if (SSLLogger.isOn()) { SSLLogger.fine( "Certificate domain name has illegal wildcard, " + "no dot after wildcard character: " + template); @@ -353,7 +353,7 @@ public class HostnameChecker { // Is it a top-level domain? if (wildcardedDomain.equalsIgnoreCase(templateDomainSuffix)) { - if (SSLLogger.logging) { + if (SSLLogger.isOn()) { SSLLogger.fine( "Certificate domain name has illegal " + "wildcard for top-level public suffix: " + template);