JDK/JRE source code with matching JSSE (SSL) source code and matching runnable JDK / JRE?

Question

I have seen Where to find Java 6 JSSE/JCE Source Code? and asked the question myself How to get JRE/JDK with matching source? but I don't either of these was specific enough to get the answer I was really after, so I'm going to try a way more specific version of the question.

Basically the problem that I am trying to solve is that I would like to be able to use my Eclipse debugger on Windows and step into the Java SSL classes (JSSE) to help me debug SSL issues as well as to just understand the SSL process better. BTW I am familiar with (and use) the javax.net.debug=ssl|all system property to get SSL tracing and, while this is very helpful, I'd still like to be able to step through that pesky code.

So what I think I specifically need is:

1. An executable JRE / JDK implementation (not wanting to build one)...
2. That runs on my Windows platform (XP)...
3. That includes source...
4. And that source includes the SSL "bits" (JSSE, etc.)...
5. And ideally the SSL implementation is Sun's or the OpenJDK version.

I think the closest thing (as noted in PW's answer StackOverflow: 87106) is the OpenJDK source openjdk-6-src-b12-28_aug_2008.tar.gz found at OpenJDK 6 Source Release, but I'm not sure there's a matching executable JDK / JRE for that that would run on Windows.

Answer 1

You can get the source code of JSSE lib (Open JDK implementation) here - http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/file/4d6c03fb1039/src/share/classes/sun/security/ssl

Steps to create a source jar file for attaching to an IDE for debugging.

1. Go a little above in the directory structure i.e. to http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/file/4d6c03fb1039/src/share/classes/ repo.
2. Download the source package by clicking on the "zip" or "gz" links that you see at the left pane.
3. But this package is huge and contains thousands of *.java files. You do not normally want all of these to just debug jsse.jar code.
4. So better copy only the sun.security.rsa , sun.security.ssl , sun.security.provider & com.sun.net.ssl packages to a new folder (lets say jsse-code) on your computer.
5. Go to that folder from command line & create the source jar on your own.
   e.g. jar -cvf jsse-src.jar *
6. You are done. You now have your jsse source lib that you can attach to your preferred IDE (e.g. - Eclipse) to debug the JSSE code.

Thanks
Ayas

Answer 2

I used the OpenJDK download for Java 6:

http://download.java.net/openjdk/jdk6/

To debug the JSSE/SSL code, I used the classes found in the sun.security.ssl and sun.security.ec packages and created a new library. Unfortunately, just having a library with all the source wasn't enough for me. I couldn't figure out how to get my IDE (Netbeans) to step into the JSSE code. Instead, it was calling the JSSE bundled with my JDK.

As a workaround, I ended up refactoring the ssl and ec packages into a new "Provider". Here's what I did:

1. Renamed the SunJSSE class to SSLProvider and replaced all references to "SunJSSE" in the code.
2. Refactored sun.security.ssl and sun.security.ec into 2 new packages: javaxt.ssl and javaxt.ec
3. Find/Replace all references to the original package names in the code. For example, in the SSLProvider.java class, replace "sun.security.ssl.SSLContextImpl" with "javaxt.ssl.SSLContextImpl".

Once I had a new security provider, I could reference it explicitly in my code. Example:

  java.security.Provider provider = new javaxt.ssl.SSLProvider();
  java.security.Security.addProvider(provider);
  SSLContext sslc = SSLContext.getInstance("TLS", "SSLProvider");

By explicitly setting the security provider, I can now drop breakpoints and throw out print statements to my heart's content :-)

If anyone is interested, I have posted a zip archive of the "SSLProvider" source here:

http://www.javaxt.com/download/?/jsse/SSLProvider.zip