changeset 51927:d31dcfaa96f3

8208166: Still unable to use custom SSLEngine with default TrustManagerFactory after JDK-8207029 Reviewed-by: ascarpino
author xuelei
date Wed, 25 Jul 2018 17:21:04 -0700
parents 9e04723f53c7
children f095e3bc2d41
files src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
diffstat 1 files changed, 51 insertions(+), 75 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java	Wed Jul 25 17:22:25 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java	Wed Jul 25 17:21:04 2018 -0700
@@ -71,7 +71,54 @@
 
     SSLAlgorithmConstraints(SSLSocket socket,
             boolean withDefaultCertPathConstraints) {
-        AlgorithmConstraints configuredConstraints = null;
+        this.userSpecifiedConstraints = getConstraints(socket);
+        this.peerSpecifiedConstraints = null;
+        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
+    }
+
+    SSLAlgorithmConstraints(SSLEngine engine,
+            boolean withDefaultCertPathConstraints) {
+        this.userSpecifiedConstraints = getConstraints(engine);
+        this.peerSpecifiedConstraints = null;
+        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
+    }
+
+    SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
+            boolean withDefaultCertPathConstraints) {
+        this.userSpecifiedConstraints = getConstraints(socket);
+        this.peerSpecifiedConstraints =
+                new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
+        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
+    }
+
+    SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
+            boolean withDefaultCertPathConstraints) {
+        this.userSpecifiedConstraints = getConstraints(engine);
+        this.peerSpecifiedConstraints =
+                new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
+        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
+    }
+
+    private static AlgorithmConstraints getConstraints(SSLEngine engine) {
+        if (engine != null) {
+            // Note that the KeyManager or TrustManager implementation may be
+            // not implemented in the same provider as SSLSocket/SSLEngine.
+            // Please check the instance before casting to use SSLEngineImpl.
+            if (engine instanceof SSLEngineImpl) {
+                HandshakeContext hc =
+                        ((SSLEngineImpl)engine).conContext.handshakeContext;
+                if (hc != null) {
+                    return hc.sslConfig.algorithmConstraints;
+                }
+            } else {
+                return engine.getSSLParameters().getAlgorithmConstraints();
+            }
+        }
+
+        return null;
+    }
+
+    private static AlgorithmConstraints getConstraints(SSLSocket socket) {
         if (socket != null) {
             // Note that the KeyManager or TrustManager implementation may be
             // not implemented in the same provider as SSLSocket/SSLEngine.
@@ -80,85 +127,14 @@
                 HandshakeContext hc =
                         ((SSLSocketImpl)socket).conContext.handshakeContext;
                 if (hc != null) {
-                    configuredConstraints = hc.sslConfig.algorithmConstraints;
-                } else {
-                    configuredConstraints = null;
+                    return hc.sslConfig.algorithmConstraints;
                 }
             } else {
-                configuredConstraints =
-                        socket.getSSLParameters().getAlgorithmConstraints();
+                return socket.getSSLParameters().getAlgorithmConstraints();
             }
         }
-        this.userSpecifiedConstraints = configuredConstraints;
-        this.peerSpecifiedConstraints = null;
-        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
-    }
 
-    SSLAlgorithmConstraints(SSLEngine engine,
-            boolean withDefaultCertPathConstraints) {
-        AlgorithmConstraints configuredConstraints = null;
-        if (engine != null) {
-            // Note that the KeyManager or TrustManager implementation may be
-            // not implemented in the same provider as SSLSocket/SSLEngine.
-            // Please check the instance before casting to use SSLEngineImpl.
-            if (engine instanceof SSLEngineImpl) {
-                HandshakeContext hc =
-                        ((SSLEngineImpl)engine).conContext.handshakeContext;
-                if (hc != null) {
-                    configuredConstraints = hc.sslConfig.algorithmConstraints;
-                } else {
-                    configuredConstraints = null;
-                }
-            } else {
-                configuredConstraints =
-                        engine.getSSLParameters().getAlgorithmConstraints();
-            }
-        }
-        this.userSpecifiedConstraints = configuredConstraints;
-        this.peerSpecifiedConstraints = null;
-        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
-    }
-
-    SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
-            boolean withDefaultCertPathConstraints) {
-        AlgorithmConstraints configuredConstraints = null;
-        AlgorithmConstraints negotiatedConstraints = null;
-        if (socket != null) {
-            HandshakeContext hc =
-                    ((SSLSocketImpl)socket).conContext.handshakeContext;
-            if (hc != null) {
-                configuredConstraints = hc.sslConfig.algorithmConstraints;
-            } else {
-                configuredConstraints = null;
-            }
-
-            negotiatedConstraints =
-                new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
-        }
-        this.userSpecifiedConstraints = configuredConstraints;
-        this.peerSpecifiedConstraints = negotiatedConstraints;
-        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
-    }
-
-    SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
-            boolean withDefaultCertPathConstraints) {
-        AlgorithmConstraints configuredConstraints = null;
-        AlgorithmConstraints negotiatedConstraints = null;
-        if (engine != null) {
-            HandshakeContext hc =
-                    ((SSLEngineImpl)engine).conContext.handshakeContext;
-            if (hc != null) {
-                configuredConstraints = hc.sslConfig.algorithmConstraints;
-            } else {
-                configuredConstraints = null;
-            }
-
-            negotiatedConstraints =
-                new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
-        }
-        this.userSpecifiedConstraints = configuredConstraints;
-        this.peerSpecifiedConstraints = negotiatedConstraints;
-        this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
+        return null;
     }
 
     @Override