echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

propagate from branch 'i2p.i2p.zzz.test2' (head 9dca19f228a66b5ac646c3d97d4f018c733081de)

Browse Source 
to branch 'i2p.i2p' (head e7f2b0990f1ff9ab0e0d8633ac2faf35a993b917)
This commit is contained in:
zzz
2014-11-06 17:53:02 +00:00
parent 23f24c7d39 5ae267a8a2
commit a0b457b9a1
115 changed files with 56462 additions and 45656 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/java/src/freenet/support/CPUInformation/CPUID.java
View File

@ -143,7 +143,7 @@ public class CPUID {
}
/**
* Only valid if family == 15.
* Only valid if family == 15, or, for Intel only, family == 6.
* Left shift by 4 and then add model to get full model.
* @return 0-15
*/

2
core/java/src/net/i2p/CoreVersion.java
View File

@ -16,7 +16,7 @@ package net.i2p;
public class CoreVersion {
/** deprecated */
public final static String ID = "Monotone";
public final static String VERSION = "0.9.15";
public final static String VERSION = "0.9.16";
public static void main(String args[]) {
System.out.println("I2P Core version: " + VERSION);

2
core/java/src/net/i2p/crypto/eddsa/Utils.java
View File

@ -31,7 +31,7 @@ public class Utils {
for (int i = 0; i < 32; i++) {
result |= b[i] ^ c[i];
}
return ~equal(result, 0) & 0x01;
return equal(result, 0);
}
/**

220
core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java
View File

@ -26,7 +26,7 @@ public class Ed25519FieldElement extends FieldElement {
public boolean isNonZero() {
byte[] s = toByteArray();
return Utils.equal(s, ZERO) == 1;
return Utils.equal(s, ZERO) == 0;
}
/**
@ -116,139 +116,119 @@ public class Ed25519FieldElement extends FieldElement {
*/
public FieldElement multiply(FieldElement val) {
int[] g = ((Ed25519FieldElement)val).t;
int f0 = t[0];
int f1 = t[1];
int f2 = t[2];
int f3 = t[3];
int f4 = t[4];
int f5 = t[5];
int f6 = t[6];
int f7 = t[7];
int f8 = t[8];
int f9 = t[9];
int g0 = g[0];
int g1 = g[1];
int g2 = g[2];
int g3 = g[3];
int g4 = g[4];
int g5 = g[5];
int g6 = g[6];
int g7 = g[7];
int g8 = g[8];
int g9 = g[9];
int g1_19 = 19 * g1; /* 1.959375*2^29 */
int g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
int g3_19 = 19 * g3;
int g4_19 = 19 * g4;
int g5_19 = 19 * g5;
int g6_19 = 19 * g6;
int g7_19 = 19 * g7;
int g8_19 = 19 * g8;
int g9_19 = 19 * g9;
int f1_2 = 2 * f1;
int f3_2 = 2 * f3;
int f5_2 = 2 * f5;
int f7_2 = 2 * f7;
int f9_2 = 2 * f9;
long f0g0 = f0 * (long) g0;
long f0g1 = f0 * (long) g1;
long f0g2 = f0 * (long) g2;
long f0g3 = f0 * (long) g3;
long f0g4 = f0 * (long) g4;
long f0g5 = f0 * (long) g5;
long f0g6 = f0 * (long) g6;
long f0g7 = f0 * (long) g7;
long f0g8 = f0 * (long) g8;
long f0g9 = f0 * (long) g9;
long f1g0 = f1 * (long) g0;
long f1g1_2 = f1_2 * (long) g1;
long f1g2 = f1 * (long) g2;
long f1g3_2 = f1_2 * (long) g3;
long f1g4 = f1 * (long) g4;
long f1g5_2 = f1_2 * (long) g5;
long f1g6 = f1 * (long) g6;
long f1g7_2 = f1_2 * (long) g7;
long f1g8 = f1 * (long) g8;
int g1_19 = 19 * g[1]; /* 1.959375*2^29 */
int g2_19 = 19 * g[2]; /* 1.959375*2^30; still ok */
int g3_19 = 19 * g[3];
int g4_19 = 19 * g[4];
int g5_19 = 19 * g[5];
int g6_19 = 19 * g[6];
int g7_19 = 19 * g[7];
int g8_19 = 19 * g[8];
int g9_19 = 19 * g[9];
int f1_2 = 2 * t[1];
int f3_2 = 2 * t[3];
int f5_2 = 2 * t[5];
int f7_2 = 2 * t[7];
int f9_2 = 2 * t[9];
long f0g0 = t[0] * (long) g[0];
long f0g1 = t[0] * (long) g[1];
long f0g2 = t[0] * (long) g[2];
long f0g3 = t[0] * (long) g[3];
long f0g4 = t[0] * (long) g[4];
long f0g5 = t[0] * (long) g[5];
long f0g6 = t[0] * (long) g[6];
long f0g7 = t[0] * (long) g[7];
long f0g8 = t[0] * (long) g[8];
long f0g9 = t[0] * (long) g[9];
long f1g0 = t[1] * (long) g[0];
long f1g1_2 = f1_2 * (long) g[1];
long f1g2 = t[1] * (long) g[2];
long f1g3_2 = f1_2 * (long) g[3];
long f1g4 = t[1] * (long) g[4];
long f1g5_2 = f1_2 * (long) g[5];
long f1g6 = t[1] * (long) g[6];
long f1g7_2 = f1_2 * (long) g[7];
long f1g8 = t[1] * (long) g[8];
long f1g9_38 = f1_2 * (long) g9_19;
long f2g0 = f2 * (long) g0;
long f2g1 = f2 * (long) g1;
long f2g2 = f2 * (long) g2;
long f2g3 = f2 * (long) g3;
long f2g4 = f2 * (long) g4;
long f2g5 = f2 * (long) g5;
long f2g6 = f2 * (long) g6;
long f2g7 = f2 * (long) g7;
long f2g8_19 = f2 * (long) g8_19;
long f2g9_19 = f2 * (long) g9_19;
long f3g0 = f3 * (long) g0;
long f3g1_2 = f3_2 * (long) g1;
long f3g2 = f3 * (long) g2;
long f3g3_2 = f3_2 * (long) g3;
long f3g4 = f3 * (long) g4;
long f3g5_2 = f3_2 * (long) g5;
long f3g6 = f3 * (long) g6;
long f2g0 = t[2] * (long) g[0];
long f2g1 = t[2] * (long) g[1];
long f2g2 = t[2] * (long) g[2];
long f2g3 = t[2] * (long) g[3];
long f2g4 = t[2] * (long) g[4];
long f2g5 = t[2] * (long) g[5];
long f2g6 = t[2] * (long) g[6];
long f2g7 = t[2] * (long) g[7];
long f2g8_19 = t[2] * (long) g8_19;
long f2g9_19 = t[2] * (long) g9_19;
long f3g0 = t[3] * (long) g[0];
long f3g1_2 = f3_2 * (long) g[1];
long f3g2 = t[3] * (long) g[2];
long f3g3_2 = f3_2 * (long) g[3];
long f3g4 = t[3] * (long) g[4];
long f3g5_2 = f3_2 * (long) g[5];
long f3g6 = t[3] * (long) g[6];
long f3g7_38 = f3_2 * (long) g7_19;
long f3g8_19 = f3 * (long) g8_19;
long f3g8_19 = t[3] * (long) g8_19;
long f3g9_38 = f3_2 * (long) g9_19;
long f4g0 = f4 * (long) g0;
long f4g1 = f4 * (long) g1;
long f4g2 = f4 * (long) g2;
long f4g3 = f4 * (long) g3;
long f4g4 = f4 * (long) g4;
long f4g5 = f4 * (long) g5;
long f4g6_19 = f4 * (long) g6_19;
long f4g7_19 = f4 * (long) g7_19;
long f4g8_19 = f4 * (long) g8_19;
long f4g9_19 = f4 * (long) g9_19;
long f5g0 = f5 * (long) g0;
long f5g1_2 = f5_2 * (long) g1;
long f5g2 = f5 * (long) g2;
long f5g3_2 = f5_2 * (long) g3;
long f5g4 = f5 * (long) g4;
long f4g0 = t[4] * (long) g[0];
long f4g1 = t[4] * (long) g[1];
long f4g2 = t[4] * (long) g[2];
long f4g3 = t[4] * (long) g[3];
long f4g4 = t[4] * (long) g[4];
long f4g5 = t[4] * (long) g[5];
long f4g6_19 = t[4] * (long) g6_19;
long f4g7_19 = t[4] * (long) g7_19;
long f4g8_19 = t[4] * (long) g8_19;
long f4g9_19 = t[4] * (long) g9_19;
long f5g0 = t[5] * (long) g[0];
long f5g1_2 = f5_2 * (long) g[1];
long f5g2 = t[5] * (long) g[2];
long f5g3_2 = f5_2 * (long) g[3];
long f5g4 = t[5] * (long) g[4];
long f5g5_38 = f5_2 * (long) g5_19;
long f5g6_19 = f5 * (long) g6_19;
long f5g6_19 = t[5] * (long) g6_19;
long f5g7_38 = f5_2 * (long) g7_19;
long f5g8_19 = f5 * (long) g8_19;
long f5g8_19 = t[5] * (long) g8_19;
long f5g9_38 = f5_2 * (long) g9_19;
long f6g0 = f6 * (long) g0;
long f6g1 = f6 * (long) g1;
long f6g2 = f6 * (long) g2;
long f6g3 = f6 * (long) g3;
long f6g4_19 = f6 * (long) g4_19;
long f6g5_19 = f6 * (long) g5_19;
long f6g6_19 = f6 * (long) g6_19;
long f6g7_19 = f6 * (long) g7_19;
long f6g8_19 = f6 * (long) g8_19;
long f6g9_19 = f6 * (long) g9_19;
long f7g0 = f7 * (long) g0;
long f7g1_2 = f7_2 * (long) g1;
long f7g2 = f7 * (long) g2;
long f6g0 = t[6] * (long) g[0];
long f6g1 = t[6] * (long) g[1];
long f6g2 = t[6] * (long) g[2];
long f6g3 = t[6] * (long) g[3];
long f6g4_19 = t[6] * (long) g4_19;
long f6g5_19 = t[6] * (long) g5_19;
long f6g6_19 = t[6] * (long) g6_19;
long f6g7_19 = t[6] * (long) g7_19;
long f6g8_19 = t[6] * (long) g8_19;
long f6g9_19 = t[6] * (long) g9_19;
long f7g0 = t[7] * (long) g[0];
long f7g1_2 = f7_2 * (long) g[1];
long f7g2 = t[7] * (long) g[2];
long f7g3_38 = f7_2 * (long) g3_19;
long f7g4_19 = f7 * (long) g4_19;
long f7g4_19 = t[7] * (long) g4_19;
long f7g5_38 = f7_2 * (long) g5_19;
long f7g6_19 = f7 * (long) g6_19;
long f7g6_19 = t[7] * (long) g6_19;
long f7g7_38 = f7_2 * (long) g7_19;
long f7g8_19 = f7 * (long) g8_19;
long f7g8_19 = t[7] * (long) g8_19;
long f7g9_38 = f7_2 * (long) g9_19;
long f8g0 = f8 * (long) g0;
long f8g1 = f8 * (long) g1;
long f8g2_19 = f8 * (long) g2_19;
long f8g3_19 = f8 * (long) g3_19;
long f8g4_19 = f8 * (long) g4_19;
long f8g5_19 = f8 * (long) g5_19;
long f8g6_19 = f8 * (long) g6_19;
long f8g7_19 = f8 * (long) g7_19;
long f8g8_19 = f8 * (long) g8_19;
long f8g9_19 = f8 * (long) g9_19;
long f9g0 = f9 * (long) g0;
long f8g0 = t[8] * (long) g[0];
long f8g1 = t[8] * (long) g[1];
long f8g2_19 = t[8] * (long) g2_19;
long f8g3_19 = t[8] * (long) g3_19;
long f8g4_19 = t[8] * (long) g4_19;
long f8g5_19 = t[8] * (long) g5_19;
long f8g6_19 = t[8] * (long) g6_19;
long f8g7_19 = t[8] * (long) g7_19;
long f8g8_19 = t[8] * (long) g8_19;
long f8g9_19 = t[8] * (long) g9_19;
long f9g0 = t[9] * (long) g[0];
long f9g1_38 = f9_2 * (long) g1_19;
long f9g2_19 = f9 * (long) g2_19;
long f9g2_19 = t[9] * (long) g2_19;
long f9g3_38 = f9_2 * (long) g3_19;
long f9g4_19 = f9 * (long) g4_19;
long f9g4_19 = t[9] * (long) g4_19;
long f9g5_38 = f9_2 * (long) g5_19;
long f9g6_19 = f9 * (long) g6_19;
long f9g6_19 = t[9] * (long) g6_19;
long f9g7_38 = f9_2 * (long) g7_19;
long f9g8_19 = f9 * (long) g8_19;
long f9g8_19 = t[9] * (long) g8_19;
long f9g9_38 = f9_2 * (long) g9_19;
long h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
long h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;

243
core/java/src/net/i2p/util/I2PSSLSocketFactory.java
View File

@ -1,13 +1,42 @@
package net.i2p.util;
/*
* Contains code adapted from:
* Jetty SslContextFactory.java
*
* =======================================================================
* Copyright (c) 1995-2012 Mort Bay Consulting Pty. Ltd.
* ------------------------------------------------------------------------
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* and Apache License v2.0 which accompanies this distribution.
*
* The Eclipse Public License is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* The Apache License v2.0 is available at
* http://www.opensource.org/licenses/apache2.0.php
*
* You may elect to redistribute this code under either of these licenses.
* ========================================================================
*/
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyStore;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
@ -22,6 +51,103 @@ import net.i2p.crypto.KeyStoreUtil;
*/
public class I2PSSLSocketFactory {
/**
* Unmodifiable.
* Public for RouterConsoleRunner.
* @since 0.9.16
*/
public static final List<String> EXCLUDE_PROTOCOLS = Collections.unmodifiableList(Arrays.asList(new String[] {
"SSLv2Hello", "SSLv3"
}));
/**
* Java 7 does not enable 1.1 or 1.2 by default on the client side.
* Java 8 does enable 1.1 and 1.2 by default on the client side.
* ref: http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
* Unmodifiable.
* Public for RouterConsoleRunner.
* @since 0.9.16
*/
public static final List<String> INCLUDE_PROTOCOLS = Collections.unmodifiableList(Arrays.asList(new String[] {
"TLSv1", "TLSv1.1", "TLSv1.2"
}));
/**
* We exclude everything that Java 8 disables by default, plus some others.
* ref: http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
* Unmodifiable.
* Public for RouterConsoleRunner.
* @since 0.9.16
*/
public static final List<String> EXCLUDE_CIPHERS = Collections.unmodifiableList(Arrays.asList(new String[] {
// following are disabled by default in Java 8
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
"SSL_DH_anon_WITH_DES_CBC_SHA",
"SSL_DH_anon_WITH_RC4_128_MD5",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_RSA_WITH_NULL_MD5",
"SSL_RSA_WITH_NULL_SHA",
"TLS_DH_anon_WITH_AES_128_CBC_SHA",
"TLS_DH_anon_WITH_AES_128_CBC_SHA256",
"TLS_DH_anon_WITH_AES_128_GCM_SHA256",
"TLS_DH_anon_WITH_AES_256_CBC_SHA",
"TLS_DH_anon_WITH_AES_256_CBC_SHA256",
"TLS_DH_anon_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
"TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
"TLS_ECDH_anon_WITH_NULL_SHA",
"TLS_ECDH_anon_WITH_RC4_128_SHA",
"TLS_ECDH_ECDSA_WITH_NULL_SHA",
"TLS_ECDHE_ECDSA_WITH_NULL_SHA",
"TLS_ECDHE_RSA_WITH_NULL_SHA",
"TLS_ECDH_RSA_WITH_NULL_SHA",
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
"TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
"TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
"TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
"TLS_KRB5_WITH_DES_CBC_MD5",
"TLS_KRB5_WITH_DES_CBC_SHA",
"TLS_KRB5_WITH_RC4_128_MD5",
"TLS_KRB5_WITH_RC4_128_SHA",
"TLS_RSA_WITH_NULL_SHA256",
// following are disabled because they are SSLv3
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_RSA_WITH_RC4_128_MD5",
"SSL_RSA_WITH_RC4_128_SHA",
// following are disabled because they are RC4
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDH_RSA_WITH_RC4_128_SHA",
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
// following are disabled because they are 3DES
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
}));
/**
* Nothing for now.
* There's nothing disabled by default we would want to enable.
* Unmodifiable.
* Public for RouterConsoleRunner.
* @since 0.9.16
*/
public static final List<String> INCLUDE_CIPHERS = Collections.emptyList();
private final SSLSocketFactory _factory;
/**
@ -37,7 +163,9 @@ public class I2PSSLSocketFactory {
* Returns a socket to the host.
*/
public Socket createSocket(String host, int port) throws IOException {
return _factory.createSocket(host, port);
SSLSocket rv = (SSLSocket) _factory.createSocket(host, port);
setProtocolsAndCiphers(rv);
return rv;
}
/**
@ -45,7 +173,9 @@ public class I2PSSLSocketFactory {
* @since 0.9.9
*/
public Socket createSocket(InetAddress host, int port) throws IOException {
return _factory.createSocket(host, port);
SSLSocket rv = (SSLSocket) _factory.createSocket(host, port);
setProtocolsAndCiphers(rv);
return rv;
}
/**
@ -104,4 +234,113 @@ public class I2PSSLSocketFactory {
sslc.init(null, tmf.getTrustManagers(), context.random());
return sslc.getSocketFactory();
}
/**
* Select protocols and cipher suites to be used
* based on configured inclusion and exclusion lists
* as well as enabled and supported protocols and cipher suites.
*
* Adapted from Jetty SslContextFactory.java
*
* @since 0.9.16
*/
public static void setProtocolsAndCiphers(SSLSocket socket) {
socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),
socket.getSupportedProtocols()));
socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
}
/**
* Select protocols and cipher suites to be used
* based on configured inclusion and exclusion lists
* as well as enabled and supported protocols and cipher suites.
*
* Adapted from Jetty SslContextFactory.java
*
* @since 0.9.16
*/
public static void setProtocolsAndCiphers(SSLServerSocket socket) {
String[] p = selectProtocols(socket.getEnabledProtocols(),
socket.getSupportedProtocols());
for (int i = 0; i < p.length; i++) {
// if we left SSLv3 in there, we don't support TLS,
// so we should't remove the SSL ciphers
if (p.equals("SSLv3"))
return;
}
socket.setEnabledProtocols(p);
socket.setEnabledCipherSuites(selectCipherSuites(socket.getEnabledCipherSuites(),
socket.getSupportedCipherSuites()));
}
/**
* Select protocols to be used
* based on configured inclusion and exclusion lists
* as well as enabled and supported protocols.
*
* Adapted from Jetty SslContextFactory.java
*
* @param enabledProtocols Array of enabled protocols
* @param supportedProtocols Array of supported protocols
* @return Array of protocols to enable
* @since 0.9.16
*/
private static String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols) {
return select(enabledProtocols, supportedProtocols, INCLUDE_PROTOCOLS, EXCLUDE_PROTOCOLS);
}
/**
* Select cipher suites to be used
* based on configured inclusion and exclusion lists
* as well as enabled and supported cipher suite lists.
*
* Adapted from Jetty SslContextFactory.java
*
* @param enabledCipherSuites Array of enabled cipher suites
* @param supportedCipherSuites Array of supported cipher suites
* @return Array of cipher suites to enable
* @since 0.9.16
*/
private static String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites) {
return select(enabledCipherSuites, supportedCipherSuites, INCLUDE_CIPHERS, EXCLUDE_CIPHERS);
}
/**
* Adapted from Jetty SslContextFactory.java
*
* @param toEnable Add all these to what is enabled, if supported
* @param toExclude Remove all these from what is enabled
* @since 0.9.16
*/
private static String[] select(String[] enabledArr, String[] supportedArr,
List<String> toEnable, List<String> toExclude) {
Log log = I2PAppContext.getGlobalContext().logManager().getLog(I2PSSLSocketFactory.class);
Set<String> selected = new HashSet<String>(enabledArr.length);
selected.addAll(Arrays.asList(enabledArr));
selected.removeAll(toExclude);
Set<String> supported = new HashSet<String>(supportedArr.length);
supported.addAll(Arrays.asList(supportedArr));
for (String s : toEnable) {
if (supported.contains(s)) {
if (selected.add(s)) {
if (log.shouldLog(Log.INFO))
log.info("Added, previously disabled: " + s);
}
} else if (log.shouldLog(Log.INFO)) {
log.info("Not supported in this JVM: " + s);
}
}
if (selected.isEmpty()) {
// shouldn't happen, Java 6 supports TLSv1
log.logAlways(Log.WARN, "No TLS support for SSLEepGet, falling back");
return enabledArr;
}
if (log.shouldLog(Log.DEBUG)) {
List<String> foo = new ArrayList(selected);
Collections.sort(foo);
log.debug("Selected: " + foo);
}
return selected.toArray(new String[selected.size()]);
}
}

50
core/java/src/net/i2p/util/SSLEepGet.java
View File

@ -50,9 +50,13 @@ import java.security.KeyStore;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Locale;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@ -254,6 +258,50 @@ public class SSLEepGet extends EepGet {
X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
_stm = new SavingTrustManager(defaultTrustManager);
sslc.init(null, new TrustManager[] {_stm}, null);
if (_log.shouldLog(Log.DEBUG)) {
SSLEngine eng = sslc.createSSLEngine();
SSLParameters params = sslc.getDefaultSSLParameters();
String[] s = eng.getSupportedProtocols();
Arrays.sort(s);
_log.debug("Supported protocols: " + s.length);
for (int i = 0; i < s.length; i++) {
_log.debug(s[i]);
}
s = eng.getEnabledProtocols();
Arrays.sort(s);
_log.debug("Enabled protocols: " + s.length);
for (int i = 0; i < s.length; i++) {
_log.debug(s[i]);
}
s = params.getProtocols();
if (s == null)
s = new String[0];
_log.debug("Default protocols: " + s.length);
Arrays.sort(s);
for (int i = 0; i < s.length; i++) {
_log.debug(s[i]);
}
s = eng.getSupportedCipherSuites();
Arrays.sort(s);
_log.debug("Supported ciphers: " + s.length);
for (int i = 0; i < s.length; i++) {
_log.debug(s[i]);
}
s = eng.getEnabledCipherSuites();
Arrays.sort(s);
_log.debug("Enabled ciphers: " + s.length);
for (int i = 0; i < s.length; i++) {
_log.debug(s[i]);
}
s = params.getCipherSuites();
if (s == null)
s = new String[0];
_log.debug("Default ciphers: " + s.length);
Arrays.sort(s);
for (int i = 0; i < s.length; i++) {
_log.debug(s[i]);
}
}
return sslc;
} catch (GeneralSecurityException gse) {
_log.error("Key Store update error", gse);
@ -505,6 +553,8 @@ public class SSLEepGet extends EepGet {
_proxy = _sslContext.getSocketFactory().createSocket(host, port);
else
_proxy = SSLSocketFactory.getDefault().createSocket(host, port);
SSLSocket socket = (SSLSocket) _proxy;
I2PSSLSocketFactory.setProtocolsAndCiphers(socket);
} else {
throw new MalformedURLException("Only https supported: " + _actualURL);
}