BCJSSE: earlyNamedGroups => earlyKeyShares

peterdettman · peterdettman · commit aa9221459207 · 2025-12-16T20:14:05.000+07:00
- BCSSLParameters.earlyKeyShares property - "org.bouncycastle.jsse.client.earlyKeyShares" system property - see #2095
diff --git a/tls/src/main/java/org/bouncycastle/jsse/BCSSLParameters.java b/tls/src/main/java/org/bouncycastle/jsse/BCSSLParameters.java
@@ -44,7 +44,7 @@ private static <T> List<T> copyList(Collection<T> list)
     private String[] signatureSchemes = null;
     private String[] signatureSchemesCert = null;
     private String[] namedGroups = null;
-    private String[] earlyNamedGroups = null;
+    private String[] earlyKeyShares = null;
 
     public BCSSLParameters()
     {
@@ -328,33 +328,33 @@ public void setNamedGroups(String[] namedGroups)
         this.namedGroups = check;
     }
 
-    public String[] getEarlyNamedGroups()
+    public String[] getEarlyKeyShares()
     {
-        return TlsUtils.clone(earlyNamedGroups);
+        return TlsUtils.clone(earlyKeyShares);
     }
 
-    public void setEarlyNamedGroups(String[] earlyNamedGroups)
+    public void setEarlyKeyShares(String[] earlyKeyShares)
     {
         String[] check = null;
 
-        if (earlyNamedGroups != null)
+        if (earlyKeyShares != null)
         {
-            check = TlsUtils.clone(earlyNamedGroups);
+            check = TlsUtils.clone(earlyKeyShares);
             HashSet<String> seenEntries = new HashSet<String>();
             for (String entry : check)
             {
                 if (TlsUtils.isNullOrEmpty(entry))
                 {
-                    throw new IllegalArgumentException("'earlyNamedGroups' entries cannot be null or empty strings");
+                    throw new IllegalArgumentException("'earlyKeyShares' entries cannot be null or empty strings");
                 }
 
                 if (!seenEntries.add(entry))
                 {
-                    throw new IllegalArgumentException("'earlyNamedGroups' contains duplicate entry: " + entry);
+                    throw new IllegalArgumentException("'earlyKeyShares' contains duplicate entry: " + entry);
                 }
             }
         }
 
-        this.earlyNamedGroups = check;
+        this.earlyKeyShares = check;
     }
 }
diff --git a/tls/src/main/java/org/bouncycastle/jsse/provider/NamedGroupInfo.java b/tls/src/main/java/org/bouncycastle/jsse/provider/NamedGroupInfo.java
@@ -29,7 +29,7 @@ class NamedGroupInfo
 
     private static final String PROPERTY_NAMED_GROUPS = "jdk.tls.namedGroups";
 
-    private static final String PROPERTY_BC_EARLY_NAMED_GROUPS = "org.bouncycastle.jsse.client.earlyNamedGroups";
+    private static final String PROPERTY_BC_EARLY_KEY_SHARES = "org.bouncycastle.jsse.client.earlyKeyShares";
 
     // NOTE: Not all of these are necessarily enabled/supported; it will be checked at runtime
     private enum All
@@ -289,17 +289,17 @@ private static PerConnection createPerConnection(PerContext perContext, ProvSSLP
 
         Vector localEarly = null;
         {
-            String[] earlyNamedGroups = sslParameters.getEarlyNamedGroups();
+            String[] earlyKeyShares = sslParameters.getEarlyKeyShares();
 
             int[] earlyCandidates;
-            if (earlyNamedGroups == null)
+            if (earlyKeyShares == null)
             {
                 earlyCandidates = perContext.earlyCandidates;
             }
             else
             {
-                earlyCandidates = createEarlyCandidates(perContext.index, earlyNamedGroups,
-                    "BCSSLParameters.earlyNamedGroups");
+                earlyCandidates = createEarlyCandidates(perContext.index, earlyKeyShares,
+                    "BCSSLParameters.earlyKeyShares");
             }
 
             if (earlyCandidates != null)
@@ -313,7 +313,7 @@ private static PerConnection createPerConnection(PerContext perContext, ProvSSLP
                     NamedGroupInfo earlyNamedGroupInfo = local.get(earlyCandidate);
                     if (earlyNamedGroupInfo == null || !earlyNamedGroupInfo.isEnabled())
                     {
-                        LOG.warning("Candidate early named group not an enabled named group: "
+                        LOG.warning("Candidate early key share not an enabled named group: "
                             + NamedGroup.getName(earlyCandidates[i]));
                         continue;
                     }
@@ -330,7 +330,7 @@ static PerContext createPerContext(boolean isFipsContext, JcaTlsCrypto crypto)
     {
         Map<Integer, NamedGroupInfo> index = createIndex(isFipsContext, crypto);
         int[] candidates = createCandidatesFromProperty(index, PROPERTY_NAMED_GROUPS);
-        int[] earlyCandidates = createEarlyCandidatesFromProperty(index, PROPERTY_BC_EARLY_NAMED_GROUPS);
+        int[] earlyCandidates = createEarlyCandidatesFromProperty(index, PROPERTY_BC_EARLY_KEY_SHARES);
 
         return new PerContext(index, candidates, earlyCandidates);
     }
diff --git a/tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLParameters.java b/tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLParameters.java
@@ -47,7 +47,7 @@ private static <T> List<T> copyList(Collection<T> list)
     private String[] signatureSchemes = null;
     private String[] signatureSchemesCert = null;
     private String[] namedGroups = null;
-    private String[] earlyNamedGroups = null;
+    private String[] earlyKeyShares = null;
 
     private BCApplicationProtocolSelector<SSLEngine> engineAPSelector;
     private BCApplicationProtocolSelector<SSLSocket> socketAPSelector;
@@ -78,7 +78,7 @@ ProvSSLParameters copy()
         p.signatureSchemes = signatureSchemes;
         p.signatureSchemesCert = signatureSchemesCert;
         p.namedGroups = namedGroups;
-        p.earlyNamedGroups = earlyNamedGroups;
+        p.earlyKeyShares = earlyKeyShares;
         p.engineAPSelector = engineAPSelector;
         p.socketAPSelector = socketAPSelector;
         p.sessionToResume = sessionToResume;
@@ -293,14 +293,14 @@ public void setNamedGroups(String[] namedGroups)
         this.namedGroups = TlsUtils.clone(namedGroups);
     }
 
-    public String[] getEarlyNamedGroups()
+    public String[] getEarlyKeyShares()
     {
-        return TlsUtils.clone(earlyNamedGroups);
+        return TlsUtils.clone(earlyKeyShares);
     }
 
-    public void setEarlyNamedGroups(String[] earlyNamedGroups)
+    public void setEarlyKeyShares(String[] earlyKeyShares)
     {
-        this.earlyNamedGroups = TlsUtils.clone(earlyNamedGroups);
+        this.earlyKeyShares = TlsUtils.clone(earlyKeyShares);
     }
 
     public BCApplicationProtocolSelector<SSLEngine> getEngineAPSelector()
diff --git a/tls/src/main/jdk1.5/org/bouncycastle/jsse/provider/SSLParametersUtil.java b/tls/src/main/jdk1.5/org/bouncycastle/jsse/provider/SSLParametersUtil.java
@@ -86,7 +86,7 @@ static BCSSLParameters getParameters(ProvSSLParameters prov)
         ssl.setSignatureSchemes(prov.getSignatureSchemes());
         ssl.setSignatureSchemesCert(prov.getSignatureSchemesCert());
         ssl.setNamedGroups(prov.getNamedGroups());
-        ssl.setEarlyNamedGroups(prov.getEarlyNamedGroups());
+        ssl.setEarlyKeyShares(prov.getEarlyKeyShares());
 
         return ssl;
     }
@@ -182,9 +182,9 @@ static SSLParameters getSSLParameters(ProvSSLParameters prov)
 
         // Unsupported as of JDK 21
 
-//        if (null != setEarlyNamedGroups)
+//        if (null != setEarlyKeyShares)
 //        {
-//            set(ssl, setEarlyNamedGroups, prov.getEarlyNamedGroups());
+//            set(ssl, setEarlyKeyShares, prov.getEarlyKeyShares());
 //        }
 
 //        if (null != setUseNamedGroupsOrder)
@@ -298,9 +298,9 @@ static BCSSLParameters importSSLParameters(SSLParameters ssl)
 
         // Unsupported as of JDK 21
 
-//        if (null != getEarlyNamedGroups)
+//        if (null != getEarlyKeyShares)
 //        {
-//            bc.setEarlyNamedGroups((String[])get(ssl, getEarlyNamedGroups));
+//            bc.setEarlyKeyShares((String[])get(ssl, getEarlyKeyShares));
 //        }
 
 //        if (null != getUseNamedGroupsOrder)
@@ -382,7 +382,7 @@ static void setParameters(ProvSSLParameters prov, BCSSLParameters ssl)
 
         prov.setNamedGroups(ssl.getNamedGroups());
 
-        prov.setEarlyNamedGroups(ssl.getEarlyNamedGroups());
+        prov.setEarlyKeyShares(ssl.getEarlyKeyShares());
 
         prov.setSignatureSchemesCert(ssl.getSignatureSchemesCert());
     }
@@ -495,9 +495,9 @@ static void setSSLParameters(ProvSSLParameters prov, SSLParameters ssl)
 
         // Unsupported as of JDK 21
 
-//        if (null != getEarlyNamedGroups)
+//        if (null != getEarlyKeyShares)
 //        {
-//            prov.setEarlyNamedGroups((String[])get(ssl, getEarlyNamedGroups));
+//            prov.setEarlyKeyShares((String[])get(ssl, getEarlyKeyShares));
 //        }
 
 //        if (null != getUseNamedGroupsOrder)
diff --git a/tls/src/main/jdk1.9/org/bouncycastle/jsse/provider/SSLParametersUtil.java b/tls/src/main/jdk1.9/org/bouncycastle/jsse/provider/SSLParametersUtil.java
@@ -57,7 +57,7 @@ static BCSSLParameters getParameters(ProvSSLParameters prov)
         ssl.setSignatureSchemes(prov.getSignatureSchemes());
         ssl.setSignatureSchemesCert(prov.getSignatureSchemesCert());
         ssl.setNamedGroups(prov.getNamedGroups());
-        ssl.setEarlyNamedGroups(prov.getEarlyNamedGroups());
+        ssl.setEarlyKeyShares(prov.getEarlyKeyShares());
 
         return ssl;
     }
@@ -134,9 +134,9 @@ static SSLParameters getSSLParameters(ProvSSLParameters prov)
 
         // Unsupported as of JDK 21
 
-//        if (null != setEarlyNamedGroups)
+//        if (null != setEarlyKeyShares)
 //        {
-//            set(ssl, setEarlyNamedGroups, prov.getEarlyNamedGroups());
+//            set(ssl, setEarlyKeyShares, prov.getEarlyKeyShares());
 //        }
 
 //        if (null != setUseNamedGroupsOrder)
@@ -236,9 +236,9 @@ static BCSSLParameters importSSLParameters(SSLParameters ssl)
 
         // Unsupported as of JDK 21
 
-//        if (null != getEarlyNamedGroups)
+//        if (null != getEarlyKeyShares)
 //        {
-//            bc.setEarlyNamedGroups((String[])get(ssl, getEarlyNamedGroups));
+//            bc.setEarlyKeyShares((String[])get(ssl, getEarlyKeyShares));
 //        }
 
 //        if (null != getUseNamedGroupsOrder)
@@ -320,7 +320,7 @@ static void setParameters(ProvSSLParameters prov, BCSSLParameters ssl)
 
         prov.setNamedGroups(ssl.getNamedGroups());
 
-        prov.setEarlyNamedGroups(ssl.getEarlyNamedGroups());
+        prov.setEarlyKeyShares(ssl.getEarlyKeyShares());
 
         prov.setSignatureSchemesCert(ssl.getSignatureSchemesCert());
     }
@@ -419,9 +419,9 @@ static void setSSLParameters(ProvSSLParameters prov, SSLParameters ssl)
 
         // Unsupported as of JDK 21
 
-//        if (null != getEarlyNamedGroups)
+//        if (null != getEarlyKeyShares)
 //        {
-//            prov.setEarlyNamedGroups((String[])get(ssl, getEarlyNamedGroups));
+//            prov.setEarlyKeyShares((String[])get(ssl, getEarlyKeyShares));
 //        }
 
 //        if (null != getUseNamedGroupsOrder)

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ private static <T> List<T> copyList(Collection<T> list)`
`44`	`44`	`private String[] signatureSchemes = null;`
`45`	`45`	`private String[] signatureSchemesCert = null;`
`46`	`46`	`private String[] namedGroups = null;`
`47`		`- private String[] earlyNamedGroups = null;`
	`47`	`+ private String[] earlyKeyShares = null;`
`48`	`48`
`49`	`49`	`public BCSSLParameters()`
`50`	`50`	`{`
`@@ -328,33 +328,33 @@ public void setNamedGroups(String[] namedGroups)`
`328`	`328`	`this.namedGroups = check;`
`329`	`329`	`}`
`330`	`330`
`331`		`- public String[] getEarlyNamedGroups()`
	`331`	`+ public String[] getEarlyKeyShares()`
`332`	`332`	`{`
`333`		`- return TlsUtils.clone(earlyNamedGroups);`
	`333`	`+ return TlsUtils.clone(earlyKeyShares);`
`334`	`334`	`}`
`335`	`335`
`336`		`- public void setEarlyNamedGroups(String[] earlyNamedGroups)`
	`336`	`+ public void setEarlyKeyShares(String[] earlyKeyShares)`
`337`	`337`	`{`
`338`	`338`	`String[] check = null;`
`339`	`339`
`340`		`- if (earlyNamedGroups != null)`
	`340`	`+ if (earlyKeyShares != null)`
`341`	`341`	`{`
`342`		`- check = TlsUtils.clone(earlyNamedGroups);`
	`342`	`+ check = TlsUtils.clone(earlyKeyShares);`
`343`	`343`	`HashSet<String> seenEntries = new HashSet<String>();`
`344`	`344`	`for (String entry : check)`
`345`	`345`	`{`
`346`	`346`	`if (TlsUtils.isNullOrEmpty(entry))`
`347`	`347`	`{`
`348`		`- throw new IllegalArgumentException("'earlyNamedGroups' entries cannot be null or empty strings");`
	`348`	`+ throw new IllegalArgumentException("'earlyKeyShares' entries cannot be null or empty strings");`
`349`	`349`	`}`
`350`	`350`
`351`	`351`	`if (!seenEntries.add(entry))`
`352`	`352`	`{`
`353`		`- throw new IllegalArgumentException("'earlyNamedGroups' contains duplicate entry: " + entry);`
	`353`	`+ throw new IllegalArgumentException("'earlyKeyShares' contains duplicate entry: " + entry);`
`354`	`354`	`}`
`355`	`355`	`}`
`356`	`356`	`}`
`357`	`357`
`358`		`- this.earlyNamedGroups = check;`
	`358`	`+ this.earlyKeyShares = check;`
`359`	`359`	`}`
`360`	`360`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ class NamedGroupInfo`
`29`	`29`
`30`	`30`	`private static final String PROPERTY_NAMED_GROUPS = "jdk.tls.namedGroups";`
`31`	`31`
`32`		`- private static final String PROPERTY_BC_EARLY_NAMED_GROUPS = "org.bouncycastle.jsse.client.earlyNamedGroups";`
	`32`	`+ private static final String PROPERTY_BC_EARLY_KEY_SHARES = "org.bouncycastle.jsse.client.earlyKeyShares";`
`33`	`33`
`34`	`34`	`// NOTE: Not all of these are necessarily enabled/supported; it will be checked at runtime`
`35`	`35`	`private enum All`
`@@ -289,17 +289,17 @@ private static PerConnection createPerConnection(PerContext perContext, ProvSSLP`
`289`	`289`
`290`	`290`	`Vector localEarly = null;`
`291`	`291`	`{`
`292`		`- String[] earlyNamedGroups = sslParameters.getEarlyNamedGroups();`
	`292`	`+ String[] earlyKeyShares = sslParameters.getEarlyKeyShares();`
`293`	`293`
`294`	`294`	`int[] earlyCandidates;`
`295`		`- if (earlyNamedGroups == null)`
	`295`	`+ if (earlyKeyShares == null)`
`296`	`296`	`{`
`297`	`297`	`earlyCandidates = perContext.earlyCandidates;`
`298`	`298`	`}`
`299`	`299`	`else`
`300`	`300`	`{`
`301`		`- earlyCandidates = createEarlyCandidates(perContext.index, earlyNamedGroups,`
`302`		`- "BCSSLParameters.earlyNamedGroups");`
	`301`	`+ earlyCandidates = createEarlyCandidates(perContext.index, earlyKeyShares,`
	`302`	`+ "BCSSLParameters.earlyKeyShares");`
`303`	`303`	`}`
`304`	`304`
`305`	`305`	`if (earlyCandidates != null)`
`@@ -313,7 +313,7 @@ private static PerConnection createPerConnection(PerContext perContext, ProvSSLP`
`313`	`313`	`NamedGroupInfo earlyNamedGroupInfo = local.get(earlyCandidate);`
`314`	`314`	`if (earlyNamedGroupInfo == null \|\| !earlyNamedGroupInfo.isEnabled())`
`315`	`315`	`{`
`316`		`- LOG.warning("Candidate early named group not an enabled named group: "`
	`316`	`+ LOG.warning("Candidate early key share not an enabled named group: "`
`317`	`317`	`+ NamedGroup.getName(earlyCandidates[i]));`
`318`	`318`	`continue;`
`319`	`319`	`}`
`@@ -330,7 +330,7 @@ static PerContext createPerContext(boolean isFipsContext, JcaTlsCrypto crypto)`
`330`	`330`	`{`
`331`	`331`	`Map<Integer, NamedGroupInfo> index = createIndex(isFipsContext, crypto);`
`332`	`332`	`int[] candidates = createCandidatesFromProperty(index, PROPERTY_NAMED_GROUPS);`
`333`		`- int[] earlyCandidates = createEarlyCandidatesFromProperty(index, PROPERTY_BC_EARLY_NAMED_GROUPS);`
	`333`	`+ int[] earlyCandidates = createEarlyCandidatesFromProperty(index, PROPERTY_BC_EARLY_KEY_SHARES);`
`334`	`334`
`335`	`335`	`return new PerContext(index, candidates, earlyCandidates);`
`336`	`336`	`}`