diff options
author | igerasim <none@none> | 2017-05-26 07:21:06 +0300 |
---|---|---|
committer | Alexey Ushakov <Alexey.Ushakov@jetbrains.com> | 2018-11-28 14:58:48 +0300 |
commit | a2f8d1233167518bd7c79b1277211f9c4c98aac3 (patch) | |
tree | 92788816f4a31e40a501adffb09f8ab5d250a550 /src | |
parent | 0ecdbd53ebbb1e3ac24b17d582a7e743f013bf16 (diff) | |
download | jdk8u_jdk-a2f8d1233167518bd7c79b1277211f9c4c98aac3.tar.gz |
8156502: Use short name of SupportedEllipticCurvesExtension.java
Reviewed-by: vinnie
Diffstat (limited to 'src')
-rw-r--r-- | src/share/classes/sun/security/ssl/EllipticPointFormatsExtension.java (renamed from src/share/classes/sun/security/ssl/SupportedEllipticPointFormatsExtension.java) | 10 | ||||
-rw-r--r-- | src/share/classes/sun/security/ssl/HelloExtensions.java | 3 | ||||
-rw-r--r-- | src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java | 397 |
3 files changed, 6 insertions, 404 deletions
diff --git a/src/share/classes/sun/security/ssl/SupportedEllipticPointFormatsExtension.java b/src/share/classes/sun/security/ssl/EllipticPointFormatsExtension.java index 14b8468962..6b0e2bc12b 100644 --- a/src/share/classes/sun/security/ssl/SupportedEllipticPointFormatsExtension.java +++ b/src/share/classes/sun/security/ssl/EllipticPointFormatsExtension.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -31,24 +31,24 @@ import java.util.List; import javax.net.ssl.SSLProtocolException; -final class SupportedEllipticPointFormatsExtension extends HelloExtension { +final class EllipticPointFormatsExtension extends HelloExtension { final static int FMT_UNCOMPRESSED = 0; final static int FMT_ANSIX962_COMPRESSED_PRIME = 1; final static int FMT_ANSIX962_COMPRESSED_CHAR2 = 2; static final HelloExtension DEFAULT = - new SupportedEllipticPointFormatsExtension( + new EllipticPointFormatsExtension( new byte[] {FMT_UNCOMPRESSED}); private final byte[] formats; - private SupportedEllipticPointFormatsExtension(byte[] formats) { + private EllipticPointFormatsExtension(byte[] formats) { super(ExtensionType.EXT_EC_POINT_FORMATS); this.formats = formats; } - SupportedEllipticPointFormatsExtension(HandshakeInStream s, int len) + EllipticPointFormatsExtension(HandshakeInStream s, int len) throws IOException { super(ExtensionType.EXT_EC_POINT_FORMATS); formats = s.getBytes8(); diff --git a/src/share/classes/sun/security/ssl/HelloExtensions.java b/src/share/classes/sun/security/ssl/HelloExtensions.java index 285fa024f5..4fd03aaf08 100644 --- a/src/share/classes/sun/security/ssl/HelloExtensions.java +++ b/src/share/classes/sun/security/ssl/HelloExtensions.java @@ -81,8 +81,7 @@ final class HelloExtensions { } else if (extType == ExtensionType.EXT_ELLIPTIC_CURVES) { extension = new EllipticCurvesExtension(s, extlen); } else if (extType == ExtensionType.EXT_EC_POINT_FORMATS) { - extension = - new SupportedEllipticPointFormatsExtension(s, extlen); + extension = new EllipticPointFormatsExtension(s, extlen); } else if (extType == ExtensionType.EXT_RENEGOTIATION_INFO) { extension = new RenegotiationInfoExtension(s, extlen); } else if (extType == ExtensionType.EXT_EXTENDED_MASTER_SECRET) { diff --git a/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java b/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java deleted file mode 100644 index 59f4b74d76..0000000000 --- a/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java +++ /dev/null @@ -1,397 +0,0 @@ -/* - * Copyright (c) 2006, 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package sun.security.ssl; - -import java.io.IOException; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.InvalidParameterSpecException; -import java.security.AlgorithmParameters; -import java.security.AlgorithmConstraints; -import java.security.CryptoPrimitive; -import java.security.AccessController; -import java.util.EnumSet; -import java.util.HashMap; -import java.util.Map; -import java.util.ArrayList; -import javax.net.ssl.SSLProtocolException; - -import sun.security.action.GetPropertyAction; - -final class SupportedEllipticCurvesExtension extends HelloExtension { - - /* Class and subclass dynamic debugging support */ - private static final Debug debug = Debug.getInstance("ssl"); - - private static final int ARBITRARY_PRIME = 0xff01; - private static final int ARBITRARY_CHAR2 = 0xff02; - - // speed up the searching - private static final Map<String, Integer> oidToIdMap = new HashMap<>(); - private static final Map<Integer, String> idToOidMap = new HashMap<>(); - - // speed up the parameters construction - private static final Map<Integer, - AlgorithmParameters> idToParams = new HashMap<>(); - - // the supported elliptic curves - private static final int[] supportedCurveIds; - - // the curves of the extension - private final int[] curveIds; - - // See sun.security.util.CurveDB for the OIDs - private static enum NamedEllipticCurve { - T163_K1(1, "sect163k1", "1.3.132.0.1", true), // NIST K-163 - T163_R1(2, "sect163r1", "1.3.132.0.2", false), - T163_R2(3, "sect163r2", "1.3.132.0.15", true), // NIST B-163 - T193_R1(4, "sect193r1", "1.3.132.0.24", false), - T193_R2(5, "sect193r2", "1.3.132.0.25", false), - T233_K1(6, "sect233k1", "1.3.132.0.26", true), // NIST K-233 - T233_R1(7, "sect233r1", "1.3.132.0.27", true), // NIST B-233 - T239_K1(8, "sect239k1", "1.3.132.0.3", false), - T283_K1(9, "sect283k1", "1.3.132.0.16", true), // NIST K-283 - T283_R1(10, "sect283r1", "1.3.132.0.17", true), // NIST B-283 - T409_K1(11, "sect409k1", "1.3.132.0.36", true), // NIST K-409 - T409_R1(12, "sect409r1", "1.3.132.0.37", true), // NIST B-409 - T571_K1(13, "sect571k1", "1.3.132.0.38", true), // NIST K-571 - T571_R1(14, "sect571r1", "1.3.132.0.39", true), // NIST B-571 - - P160_K1(15, "secp160k1", "1.3.132.0.9", false), - P160_R1(16, "secp160r1", "1.3.132.0.8", false), - P160_R2(17, "secp160r2", "1.3.132.0.30", false), - P192_K1(18, "secp192k1", "1.3.132.0.31", false), - P192_R1(19, "secp192r1", "1.2.840.10045.3.1.1", true), // NIST P-192 - P224_K1(20, "secp224k1", "1.3.132.0.32", false), - P224_R1(21, "secp224r1", "1.3.132.0.33", true), // NIST P-224 - P256_K1(22, "secp256k1", "1.3.132.0.10", false), - P256_R1(23, "secp256r1", "1.2.840.10045.3.1.7", true), // NIST P-256 - P384_R1(24, "secp384r1", "1.3.132.0.34", true), // NIST P-384 - P521_R1(25, "secp521r1", "1.3.132.0.35", true); // NIST P-521 - - int id; - String name; - String oid; - boolean isFips; - - NamedEllipticCurve(int id, String name, String oid, boolean isFips) { - this.id = id; - this.name = name; - this.oid = oid; - this.isFips = isFips; - - if (oidToIdMap.put(oid, id) != null || - idToOidMap.put(id, oid) != null) { - - throw new RuntimeException( - "Duplicate named elliptic curve definition: " + name); - } - } - - static NamedEllipticCurve getCurve(String name, boolean requireFips) { - for (NamedEllipticCurve curve : NamedEllipticCurve.values()) { - if (curve.name.equals(name) && (!requireFips || curve.isFips)) { - return curve; - } - } - - return null; - } - } - - static { - boolean requireFips = SunJSSE.isFIPS(); - - // hack code to initialize NamedEllipticCurve - NamedEllipticCurve nec = - NamedEllipticCurve.getCurve("secp256r1", false); - - // The value of the System Property defines a list of enabled named - // curves in preference order, separated with comma. For example: - // - // jdk.tls.namedGroups="secp521r1, secp256r1, secp384r1" - // - // If the System Property is not defined or the value is empty, the - // default curves and preferences will be used. - String property = AccessController.doPrivileged( - new GetPropertyAction("jdk.tls.namedGroups")); - if (property != null && property.length() != 0) { - // remove double quote marks from beginning/end of the property - if (property.length() > 1 && property.charAt(0) == '"' && - property.charAt(property.length() - 1) == '"') { - property = property.substring(1, property.length() - 1); - } - } - - ArrayList<Integer> idList; - if (property != null && property.length() != 0) { // customized curves - String[] curves = property.split(","); - idList = new ArrayList<>(curves.length); - for (String curve : curves) { - curve = curve.trim(); - if (!curve.isEmpty()) { - NamedEllipticCurve namedCurve = - NamedEllipticCurve.getCurve(curve, requireFips); - if (namedCurve != null) { - if (isAvailableCurve(namedCurve.id)) { - idList.add(namedCurve.id); - } - } // ignore unknown curves - } - } - if (idList.isEmpty() && JsseJce.isEcAvailable()) { - throw new IllegalArgumentException( - "System property jdk.tls.namedGroups(" + property + ") " + - "contains no supported elliptic curves"); - } - } else { // default curves - int[] ids; - if (requireFips) { - ids = new int[] { - // only NIST curves in FIPS mode - 23, 24, 25, 9, 10, 11, 12, 13, 14, - }; - } else { - ids = new int[] { - // NIST curves first - 23, 24, 25, 9, 10, 11, 12, 13, 14, - // non-NIST curves - 22, - }; - } - - idList = new ArrayList<>(ids.length); - for (int curveId : ids) { - if (isAvailableCurve(curveId)) { - idList.add(curveId); - } - } - } - - if (debug != null && idList.isEmpty()) { - debug.println( - "Initialized [jdk.tls.namedGroups|default] list contains " + - "no available elliptic curves. " + - (property != null ? "(" + property + ")" : "[Default]")); - } - - supportedCurveIds = new int[idList.size()]; - int i = 0; - for (Integer id : idList) { - supportedCurveIds[i++] = id; - } - } - - // check whether the curve is supported by the underlying providers - private static boolean isAvailableCurve(int curveId) { - String oid = idToOidMap.get(curveId); - if (oid != null) { - AlgorithmParameters params = null; - try { - params = JsseJce.getAlgorithmParameters("EC"); - params.init(new ECGenParameterSpec(oid)); - } catch (Exception e) { - return false; - } - - // cache the parameters - idToParams.put(curveId, params); - - return true; - } - - return false; - } - - private SupportedEllipticCurvesExtension(int[] curveIds) { - super(ExtensionType.EXT_ELLIPTIC_CURVES); - this.curveIds = curveIds; - } - - SupportedEllipticCurvesExtension(HandshakeInStream s, int len) - throws IOException { - super(ExtensionType.EXT_ELLIPTIC_CURVES); - int k = s.getInt16(); - if (((len & 1) != 0) || (k + 2 != len)) { - throw new SSLProtocolException("Invalid " + type + " extension"); - } - - // Note: unknown curves will be ignored later. - curveIds = new int[k >> 1]; - for (int i = 0; i < curveIds.length; i++) { - curveIds[i] = s.getInt16(); - } - } - - // get the preferred active curve - static int getActiveCurves(AlgorithmConstraints constraints) { - return getPreferredCurve(supportedCurveIds, constraints); - } - - static boolean hasActiveCurves(AlgorithmConstraints constraints) { - return getActiveCurves(constraints) >= 0; - } - - static SupportedEllipticCurvesExtension createExtension( - AlgorithmConstraints constraints) { - - ArrayList<Integer> idList = new ArrayList<>(supportedCurveIds.length); - for (int curveId : supportedCurveIds) { - if (constraints.permits( - EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), - "EC", idToParams.get(curveId))) { - idList.add(curveId); - } - } - - if (!idList.isEmpty()) { - int[] ids = new int[idList.size()]; - int i = 0; - for (Integer id : idList) { - ids[i++] = id; - } - - return new SupportedEllipticCurvesExtension(ids); - } - - return null; - } - - // get the preferred activated curve - int getPreferredCurve(AlgorithmConstraints constraints) { - return getPreferredCurve(curveIds, constraints); - } - - // get a preferred activated curve - private static int getPreferredCurve(int[] curves, - AlgorithmConstraints constraints) { - for (int curveId : curves) { - if (isSupported(curveId) && constraints.permits( - EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), - "EC", idToParams.get(curveId))) { - return curveId; - } - } - - return -1; - } - - boolean contains(int index) { - for (int curveId : curveIds) { - if (index == curveId) { - return true; - } - } - return false; - } - - @Override - int length() { - return 6 + (curveIds.length << 1); - } - - @Override - void send(HandshakeOutStream s) throws IOException { - s.putInt16(type.id); - int k = curveIds.length << 1; - s.putInt16(k + 2); - s.putInt16(k); - for (int curveId : curveIds) { - s.putInt16(curveId); - } - } - - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("Extension " + type + ", curve names: {"); - boolean first = true; - for (int curveId : curveIds) { - if (first) { - first = false; - } else { - sb.append(", "); - } - String curveName = getCurveName(curveId); - if (curveName != null) { - sb.append(curveName); - } else if (curveId == ARBITRARY_PRIME) { - sb.append("arbitrary_explicit_prime_curves"); - } else if (curveId == ARBITRARY_CHAR2) { - sb.append("arbitrary_explicit_char2_curves"); - } else { - sb.append("unknown curve " + curveId); - } - } - sb.append("}"); - return sb.toString(); - } - - // Test whether the given curve is supported. - static boolean isSupported(int index) { - for (int curveId : supportedCurveIds) { - if (index == curveId) { - return true; - } - } - - return false; - } - - static int getCurveIndex(ECParameterSpec params) { - String oid = JsseJce.getNamedCurveOid(params); - if (oid == null) { - return -1; - } - Integer n = oidToIdMap.get(oid); - return (n == null) ? -1 : n; - } - - static String getCurveOid(int index) { - return idToOidMap.get(index); - } - - static ECGenParameterSpec getECGenParamSpec(int index) { - AlgorithmParameters params = idToParams.get(index); - try { - return params.getParameterSpec(ECGenParameterSpec.class); - } catch (InvalidParameterSpecException ipse) { - // should be unlikely - String curveOid = getCurveOid(index); - return new ECGenParameterSpec(curveOid); - } - } - - private static String getCurveName(int index) { - for (NamedEllipticCurve namedCurve : NamedEllipticCurve.values()) { - if (namedCurve.id == index) { - return namedCurve.name; - } - } - - return null; - } -} |