Categories:
Audio (13)
Biotech (29)
Bytecode (36)
Database (77)
Framework (7)
Game (7)
General (507)
Graphics (53)
I/O (35)
IDE (2)
JAR Tools (101)
JavaBeans (21)
JDBC (121)
JDK (426)
JSP (20)
Logging (108)
Mail (58)
Messaging (8)
Network (84)
PDF (97)
Report (7)
Scripting (84)
Security (32)
Server (121)
Servlet (26)
SOAP (24)
Testing (54)
Web (15)
XML (309)
Collections:
Other Resources:
jsse.jar Source Code Files - OpenJDK 7u Release
Where Can I get source code files of jsse.jar?
✍: FYIcenter
You can get source code files of jsse.jar (JSSE) from OpenJDK GitHub Website in the src/share/classes/sun/security/ssl/ directory.
You can also browse JSSE Source Code files below:
⏎ sun/security/ssl/X509TrustManagerImpl.java
/* * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.ssl; import java.net.Socket; import javax.net.ssl.SSLSession; import java.util.*; import java.security.*; import java.security.cert.*; import javax.net.ssl.*; import sun.security.validator.*; import sun.security.util.HostnameChecker; /** * This class implements the SunJSSE X.509 trust manager using the internal * validator API in J2SE core. The logic in this class is minimal.<p> * <p> * This class supports both the Simple validation algorithm from previous * JSSE versions and PKIX validation. Currently, it is not possible for the * application to specify PKIX parameters other than trust anchors. This will * be fixed in a future release using new APIs. When that happens, it may also * make sense to separate the Simple and PKIX trust managers into separate * classes. * * @author Andreas Sterbenz */ final class X509TrustManagerImpl extends X509ExtendedTrustManager implements X509TrustManager { private final String validatorType; /** * The Set of trusted X509Certificates. */ private final Collection<X509Certificate> trustedCerts; private final PKIXBuilderParameters pkixParams; // note that we need separate validator for client and server due to // the different extension checks. They are initialized lazily on demand. private volatile Validator clientValidator, serverValidator; private static final Debug debug = Debug.getInstance("ssl"); X509TrustManagerImpl(String validatorType, KeyStore ks) throws KeyStoreException { this.validatorType = validatorType; this.pkixParams = null; if (ks == null) { trustedCerts = Collections.<X509Certificate>emptySet(); } else { trustedCerts = KeyStores.getTrustedCerts(ks); } showTrustedCerts(); } X509TrustManagerImpl(String validatorType, PKIXBuilderParameters params) { this.validatorType = validatorType; this.pkixParams = params; // create server validator eagerly so that we can conveniently // get the trusted certificates // clients need it anyway eventually, and servers will not mind // the little extra footprint Validator v = getValidator(Validator.VAR_TLS_SERVER); trustedCerts = v.getTrustedCertificates(); serverValidator = v; showTrustedCerts(); } @Override public void checkClientTrusted(X509Certificate chain[], String authType) throws CertificateException { checkTrusted(chain, authType, (Socket)null, true); } @Override public void checkServerTrusted(X509Certificate chain[], String authType) throws CertificateException { checkTrusted(chain, authType, (Socket)null, false); } @Override public X509Certificate[] getAcceptedIssuers() { X509Certificate[] certsArray = new X509Certificate[trustedCerts.size()]; trustedCerts.toArray(certsArray); return certsArray; } @Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { checkTrusted(chain, authType, socket, true); } @Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { checkTrusted(chain, authType, socket, false); } @Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { checkTrusted(chain, authType, engine, true); } @Override public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException { checkTrusted(chain, authType, engine, false); } private Validator checkTrustedInit(X509Certificate[] chain, String authType, boolean isClient) { if (chain == null || chain.length == 0) { throw new IllegalArgumentException( "null or zero-length certificate chain"); } if (authType == null || authType.length() == 0) { throw new IllegalArgumentException( "null or zero-length authentication type"); } Validator v = null; if (isClient) { v = clientValidator; if (v == null) { synchronized (this) { v = clientValidator; if (v == null) { v = getValidator(Validator.VAR_TLS_CLIENT); clientValidator = v; } } } } else { // assume double checked locking with a volatile flag works // (guaranteed under the new Tiger memory model) v = serverValidator; if (v == null) { synchronized (this) { v = serverValidator; if (v == null) { v = getValidator(Validator.VAR_TLS_SERVER); serverValidator = v; } } } } return v; } private void checkTrusted(X509Certificate[] chain, String authType, Socket socket, boolean isClient) throws CertificateException { Validator v = checkTrustedInit(chain, authType, isClient); AlgorithmConstraints constraints = null; if ((socket != null) && socket.isConnected() && (socket instanceof SSLSocket)) { SSLSocket sslSocket = (SSLSocket)socket; SSLSession session = sslSocket.getHandshakeSession(); if (session == null) { throw new CertificateException("No handshake session"); } // check endpoint identity String identityAlg = sslSocket.getSSLParameters(). getEndpointIdentificationAlgorithm(); if (identityAlg != null && identityAlg.length() != 0) { String hostname = session.getPeerHost(); checkIdentity(hostname, chain[0], identityAlg); } // create the algorithm constraints ProtocolVersion protocolVersion = ProtocolVersion.valueOf(session.getProtocol()); if (protocolVersion.v >= ProtocolVersion.TLS12.v) { if (session instanceof ExtendedSSLSession) { ExtendedSSLSession extSession = (ExtendedSSLSession)session; String[] localSupportedSignAlgs = extSession.getLocalSupportedSignatureAlgorithms(); constraints = new SSLAlgorithmConstraints( sslSocket, localSupportedSignAlgs, false); } else { constraints = new SSLAlgorithmConstraints(sslSocket, false); } } else { constraints = new SSLAlgorithmConstraints(sslSocket, false); } } X509Certificate[] trustedChain = null; if (isClient) { trustedChain = validate(v, chain, constraints, null); } else { trustedChain = validate(v, chain, constraints, authType); } if (debug != null && Debug.isOn("trustmanager")) { System.out.println("Found trusted certificate:"); System.out.println(trustedChain[trustedChain.length - 1]); } } private void checkTrusted(X509Certificate[] chain, String authType, SSLEngine engine, boolean isClient) throws CertificateException { Validator v = checkTrustedInit(chain, authType, isClient); AlgorithmConstraints constraints = null; if (engine != null) { SSLSession session = engine.getHandshakeSession(); if (session == null) { throw new CertificateException("No handshake session"); } // check endpoint identity String identityAlg = engine.getSSLParameters(). getEndpointIdentificationAlgorithm(); if (identityAlg != null && identityAlg.length() != 0) { String hostname = session.getPeerHost(); checkIdentity(hostname, chain[0], identityAlg); } // create the algorithm constraints ProtocolVersion protocolVersion = ProtocolVersion.valueOf(session.getProtocol()); if (protocolVersion.v >= ProtocolVersion.TLS12.v) { if (session instanceof ExtendedSSLSession) { ExtendedSSLSession extSession = (ExtendedSSLSession)session; String[] localSupportedSignAlgs = extSession.getLocalSupportedSignatureAlgorithms(); constraints = new SSLAlgorithmConstraints( engine, localSupportedSignAlgs, false); } else { constraints = new SSLAlgorithmConstraints(engine, false); } } else { constraints = new SSLAlgorithmConstraints(engine, false); } } X509Certificate[] trustedChain = null; if (isClient) { trustedChain = validate(v, chain, constraints, null); } else { trustedChain = validate(v, chain, constraints, authType); } if (debug != null && Debug.isOn("trustmanager")) { System.out.println("Found trusted certificate:"); System.out.println(trustedChain[trustedChain.length - 1]); } } private void showTrustedCerts() { if (debug != null && Debug.isOn("trustmanager")) { for (X509Certificate cert : trustedCerts) { System.out.println("adding as trusted cert:"); System.out.println(" Subject: " + cert.getSubjectX500Principal()); System.out.println(" Issuer: " + cert.getIssuerX500Principal()); System.out.println(" Algorithm: " + cert.getPublicKey().getAlgorithm() + "; Serial number: 0x" + cert.getSerialNumber().toString(16)); System.out.println(" Valid from " + cert.getNotBefore() + " until " + cert.getNotAfter()); System.out.println(); } } } private Validator getValidator(String variant) { Validator v; if (pkixParams == null) { v = Validator.getInstance(validatorType, variant, trustedCerts); } else { v = Validator.getInstance(validatorType, variant, pkixParams); } return v; } private static X509Certificate[] validate(Validator v, X509Certificate[] chain, AlgorithmConstraints constraints, String authType) throws CertificateException { Object o = JsseJce.beginFipsProvider(); try { return v.validate(chain, null, constraints, authType); } finally { JsseJce.endFipsProvider(o); } } /* * Identify the peer by its certificate and hostname. * * Lifted from sun.net.www.protocol.https.HttpsClient. */ static void checkIdentity(String hostname, X509Certificate cert, String algorithm) throws CertificateException { if (algorithm != null && algorithm.length() != 0) { // if IPv6 strip off the "[]" if ((hostname != null) && hostname.startsWith("[") && hostname.endsWith("]")) { hostname = hostname.substring(1, hostname.length() - 1); } if (algorithm.equalsIgnoreCase("HTTPS")) { HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match( hostname, cert); } else if (algorithm.equalsIgnoreCase("LDAP") || algorithm.equalsIgnoreCase("LDAPS")) { HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match( hostname, cert); } else { throw new CertificateException( "Unknown identification algorithm: " + algorithm); } } } }
⏎ sun/security/ssl/X509TrustManagerImpl.java
Or download all of them as a single archive file:
File name: sun-security-ssl-openjdk7u-fyi.zip File size: 277845 bytes Release date: 2012-05-03 Download
⇒ What Is jsse.jar (JDK 6) Java Secure Socket Extension
⇐ Downloading jsse.jar (JDK 7) Java Secure Socket Extension
2018-02-01, 9138👍, 0💬
Popular Posts:
JDK 7 tools.jar is the JAR file for JDK 7 tools. It contains Java classes to support different JDK t...
What Is jtds-1.2.2.jar? jtds-1.2.2.jar is the JAR files of jTDS Java library 1.2.2, which is a JDBC ...
Jackson is "the Java JSON library" or "the best JSON parser for Java". Or simply as "JSON for Java"....
Apache Commons Lang 3 is the 3rd version of Apache Commons Lang, which provides a host of helper uti...
How to download and install Apache XMLBeans-2.6.0.zip? If you want to try the XMLBeans Java library,...