From a97645c1d7077697a2b8a1e2b3155df357091a6d Mon Sep 17 00:00:00 2001 From: John Jiang Date: Fri, 5 Jan 2024 11:03:50 +0800 Subject: [PATCH] TKSS-627: Add aliases for trust manager and key manager --- .../com/tencent/kona/ssl/KonaSSLProvider.java | 3 ++- .../sun/security/ssl/TLCPAuthenticator.java | 20 +++---------------- .../sun/security/ssl/TLCPContextImpl.java | 2 +- .../tencent/kona/ssl/tlcp/SSLSocketTest.java | 2 +- .../kona/ssl/tls/SSLSocketOnTLS13Test.java | 2 +- 5 files changed, 8 insertions(+), 21 deletions(-) diff --git a/kona-ssl/src/main/java/com/tencent/kona/ssl/KonaSSLProvider.java b/kona-ssl/src/main/java/com/tencent/kona/ssl/KonaSSLProvider.java index eaa91edc..88be72d5 100644 --- a/kona-ssl/src/main/java/com/tencent/kona/ssl/KonaSSLProvider.java +++ b/kona-ssl/src/main/java/com/tencent/kona/ssl/KonaSSLProvider.java @@ -54,12 +54,13 @@ private static void putEntries(Provider provider) { "com.tencent.kona.sun.security.ssl.KeyManagerFactoryImpl$SunX509"); provider.put("KeyManagerFactory.NewSunX509", "com.tencent.kona.sun.security.ssl.KeyManagerFactoryImpl$X509"); + provider.put("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509"); provider.put("TrustManagerFactory.SunX509", "com.tencent.kona.sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory"); provider.put("TrustManagerFactory.PKIX", "com.tencent.kona.sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory"); - provider.put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX"); + provider.put("Alg.Alias.TrustManagerFactory.TencentPKIX", "PKIX"); provider.put("Alg.Alias.TrustManagerFactory.X509", "PKIX"); provider.put("Alg.Alias.TrustManagerFactory.X.509", "PKIX"); diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPAuthenticator.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPAuthenticator.java index 5ca09348..6fafeb6a 100644 --- a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPAuthenticator.java +++ b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPAuthenticator.java @@ -32,6 +32,7 @@ import com.tencent.kona.sun.security.ssl.Authenticator.SSLAuthenticator; import com.tencent.kona.sun.security.ssl.Authenticator.MAC; +import com.tencent.kona.sun.security.ssl.CipherSuite.MacAlg; final class TLCPAuthenticator { @@ -76,14 +77,14 @@ static final class TLCP11Mac extends TLCP11Authenticator implements MAC { private final MacImpl macImpl; TLCP11Mac(ProtocolVersion protocolVersion, - CipherSuite.MacAlg macAlg, SecretKey key) throws NoSuchAlgorithmException, + MacAlg macAlg, SecretKey key) throws NoSuchAlgorithmException, InvalidKeyException { super(protocolVersion); this.macImpl = new MacImpl(protocolVersion, macAlg, key); } @Override - public CipherSuite.MacAlg macAlg() { + public MacAlg macAlg() { return macImpl.macAlg; } @@ -93,19 +94,4 @@ public byte[] compute(byte type, ByteBuffer bb, return macImpl.compute(type, bb, sequence, isSimulated); } } - - static final long toLong(byte[] recordEnS) { - if (recordEnS != null && recordEnS.length == 8) { - return ((recordEnS[0] & 0xFFL) << 56) | - ((recordEnS[1] & 0xFFL) << 48) | - ((recordEnS[2] & 0xFFL) << 40) | - ((recordEnS[3] & 0xFFL) << 32) | - ((recordEnS[4] & 0xFFL) << 24) | - ((recordEnS[5] & 0xFFL) << 16) | - ((recordEnS[6] & 0xFFL) << 8) | - (recordEnS[7] & 0xFFL); - } - - return -1L; - } } diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPContextImpl.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPContextImpl.java index e04c5965..6c73197f 100644 --- a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPContextImpl.java +++ b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPContextImpl.java @@ -53,7 +53,7 @@ public static final class TLCP11Context }); serverDefaultCipherSuites = getApplicableEnabledCipherSuites( - clientDefaultProtocols, true); + serverDefaultProtocols, false); clientDefaultCipherSuites = getApplicableEnabledCipherSuites( clientDefaultProtocols, true); } diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLSocketTest.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLSocketTest.java index af637c57..b84c762f 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLSocketTest.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLSocketTest.java @@ -176,7 +176,7 @@ protected static final class ContextParameters { * Get the client side parameters of SSLContext. */ protected ContextParameters getClientContextParameters() { - return new ContextParameters("TLCP", "PKIX", "NewSunX509"); + return new ContextParameters("TLCP", "TencentPKIX", "PKIX"); } /* diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS13Test.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS13Test.java index edc9578e..41739472 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS13Test.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS13Test.java @@ -179,7 +179,7 @@ protected static final class ContextParameters { * Get the client side parameters of SSLContext. */ protected ContextParameters getClientContextParameters() { - return new ContextParameters("TLS", "PKIX", "NewSunX509"); + return new ContextParameters("TLS", "TencentPKIX", "PKIX"); } /*