author | ohair |
Wed, 06 Apr 2011 22:06:11 -0700 | |
changeset 9035 | 1255eb81cc2f |
parent 7990 | 57019dc81b66 |
child 9275 | 1df1f7dfab7f |
permissions | -rw-r--r-- |
2 | 1 |
/* |
9035
1255eb81cc2f
7033660: Update copyright year to 2011 on any files changed in 2011
ohair
parents:
7990
diff
changeset
|
2 |
* Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.ssl; |
|
27 |
||
28 |
import java.util.*; |
|
29 |
||
30 |
/** |
|
31 |
* A list of ProtocolVersions. Also maintains the list of supported protocols. |
|
32 |
* Instances of this class are immutable. Some member variables are final |
|
33 |
* and can be accessed directly without method accessors. |
|
34 |
* |
|
35 |
* @author Andreas Sterbenz |
|
36 |
* @since 1.4.1 |
|
37 |
*/ |
|
38 |
final class ProtocolList { |
|
39 |
||
40 |
private static final ProtocolList SUPPORTED; |
|
7039 | 41 |
private static final ProtocolList CLIENT_DEFAULT; |
42 |
private static final ProtocolList SERVER_DEFAULT; |
|
2 | 43 |
|
7039 | 44 |
// the sorted protocol version list |
45 |
private final ArrayList<ProtocolVersion> protocols; |
|
46 |
||
2 | 47 |
private String[] protocolNames; |
48 |
||
49 |
// the minimum and maximum ProtocolVersions in this list |
|
50 |
final ProtocolVersion min, max; |
|
51 |
||
52 |
// the format for the hello version to use |
|
53 |
final ProtocolVersion helloVersion; |
|
54 |
||
55 |
ProtocolList(String[] names) { |
|
7039 | 56 |
this(convert(names)); |
57 |
} |
|
58 |
||
59 |
ProtocolList(ArrayList<ProtocolVersion> versions) { |
|
60 |
this.protocols = versions; |
|
61 |
||
62 |
if ((protocols.size() == 1) && |
|
63 |
protocols.contains(ProtocolVersion.SSL20Hello)) { |
|
64 |
throw new IllegalArgumentException("SSLv2Hello cannot be " + |
|
65 |
"enabled unless at least one other supported version " + |
|
66 |
"is also enabled."); |
|
67 |
} |
|
68 |
||
69 |
if (protocols.size() != 0) { |
|
70 |
Collections.sort(protocols); |
|
71 |
min = protocols.get(0); |
|
72 |
max = protocols.get(protocols.size() - 1); |
|
73 |
helloVersion = protocols.get(0); |
|
74 |
} else { |
|
75 |
min = ProtocolVersion.NONE; |
|
76 |
max = ProtocolVersion.NONE; |
|
77 |
helloVersion = ProtocolVersion.NONE; |
|
78 |
} |
|
79 |
} |
|
80 |
||
81 |
private static ArrayList<ProtocolVersion> convert(String[] names) { |
|
2 | 82 |
if (names == null) { |
83 |
throw new IllegalArgumentException("Protocols may not be null"); |
|
84 |
} |
|
7039 | 85 |
|
7990 | 86 |
ArrayList<ProtocolVersion> versions = new ArrayList<>(3); |
2 | 87 |
for (int i = 0; i < names.length; i++ ) { |
88 |
ProtocolVersion version = ProtocolVersion.valueOf(names[i]); |
|
7039 | 89 |
if (versions.contains(version) == false) { |
90 |
versions.add(version); |
|
2 | 91 |
} |
92 |
} |
|
7039 | 93 |
|
94 |
return versions; |
|
2 | 95 |
} |
96 |
||
97 |
/** |
|
98 |
* Return whether this list contains the specified protocol version. |
|
99 |
* SSLv2Hello is not a real protocol version we support, we always |
|
100 |
* return false for it. |
|
101 |
*/ |
|
102 |
boolean contains(ProtocolVersion protocolVersion) { |
|
103 |
if (protocolVersion == ProtocolVersion.SSL20Hello) { |
|
104 |
return false; |
|
105 |
} |
|
106 |
return protocols.contains(protocolVersion); |
|
107 |
} |
|
108 |
||
109 |
/** |
|
7039 | 110 |
* Return a reference to the internal Collection of CipherSuites. |
111 |
* The Collection MUST NOT be modified. |
|
112 |
*/ |
|
113 |
Collection<ProtocolVersion> collection() { |
|
114 |
return protocols; |
|
115 |
} |
|
116 |
||
117 |
/** |
|
118 |
* Select a protocol version from the list. |
|
119 |
* |
|
120 |
* Return the lower of the protocol version of that suggested by |
|
121 |
* the <code>protocolVersion</code> and the highest version of this |
|
122 |
* protocol list, or null if no protocol version is available. |
|
123 |
* |
|
124 |
* The method is used by TLS server to negotiated the protocol |
|
125 |
* version between client suggested protocol version in the |
|
126 |
* client hello and protocol versions supported by the server. |
|
127 |
*/ |
|
128 |
ProtocolVersion selectProtocolVersion(ProtocolVersion protocolVersion) { |
|
129 |
ProtocolVersion selectedVersion = null; |
|
130 |
for (ProtocolVersion pv : protocols) { |
|
131 |
if (pv.v > protocolVersion.v) { |
|
132 |
break; // Safe to break here as this.protocols is sorted |
|
133 |
} |
|
134 |
selectedVersion = pv; |
|
135 |
} |
|
136 |
||
137 |
return selectedVersion; |
|
138 |
} |
|
139 |
||
140 |
/** |
|
2 | 141 |
* Return an array with the names of the ProtocolVersions in this list. |
142 |
*/ |
|
143 |
synchronized String[] toStringArray() { |
|
144 |
if (protocolNames == null) { |
|
145 |
protocolNames = new String[protocols.size()]; |
|
146 |
int i = 0; |
|
147 |
for (ProtocolVersion version : protocols) { |
|
148 |
protocolNames[i++] = version.name; |
|
149 |
} |
|
150 |
} |
|
51 | 151 |
return protocolNames.clone(); |
2 | 152 |
} |
153 |
||
154 |
public String toString() { |
|
155 |
return protocols.toString(); |
|
156 |
} |
|
157 |
||
158 |
/** |
|
7039 | 159 |
* Return the list of default enabled protocols. |
2 | 160 |
*/ |
7039 | 161 |
static ProtocolList getDefault(boolean isServer) { |
162 |
return isServer ? SERVER_DEFAULT : CLIENT_DEFAULT; |
|
163 |
} |
|
164 |
||
165 |
/** |
|
166 |
* Return whether a protocol list is the original default enabled |
|
167 |
* protocols. See: SSLSocket/SSLEngine.setEnabledProtocols() |
|
168 |
*/ |
|
169 |
static boolean isDefaultProtocolList(ProtocolList protocols) { |
|
170 |
return protocols == CLIENT_DEFAULT || protocols == SERVER_DEFAULT; |
|
2 | 171 |
} |
172 |
||
173 |
/** |
|
174 |
* Return the list of supported protocols. |
|
175 |
*/ |
|
176 |
static ProtocolList getSupported() { |
|
177 |
return SUPPORTED; |
|
178 |
} |
|
179 |
||
180 |
static { |
|
181 |
if (SunJSSE.isFIPS()) { |
|
182 |
SUPPORTED = new ProtocolList(new String[] { |
|
7039 | 183 |
ProtocolVersion.TLS10.name, |
7043 | 184 |
ProtocolVersion.TLS11.name, |
185 |
ProtocolVersion.TLS12.name |
|
7039 | 186 |
}); |
187 |
||
188 |
SERVER_DEFAULT = SUPPORTED; |
|
189 |
CLIENT_DEFAULT = new ProtocolList(new String[] { |
|
2 | 190 |
ProtocolVersion.TLS10.name |
191 |
}); |
|
192 |
} else { |
|
193 |
SUPPORTED = new ProtocolList(new String[] { |
|
194 |
ProtocolVersion.SSL20Hello.name, |
|
195 |
ProtocolVersion.SSL30.name, |
|
196 |
ProtocolVersion.TLS10.name, |
|
7043 | 197 |
ProtocolVersion.TLS11.name, |
198 |
ProtocolVersion.TLS12.name |
|
7039 | 199 |
}); |
200 |
||
201 |
SERVER_DEFAULT = SUPPORTED; |
|
7043 | 202 |
|
203 |
/* |
|
204 |
* RFC 5246 says that sending SSLv2 backward-compatible |
|
205 |
* hello SHOULD NOT be done any longer. |
|
206 |
* |
|
207 |
* We are not enabling TLS 1.1/1.2 by default yet on clients |
|
208 |
* out of concern for interop with existing |
|
209 |
* SSLv3/TLS1.0-only servers. When these versions of TLS |
|
210 |
* gain more traction, we'll enable them. |
|
211 |
*/ |
|
7039 | 212 |
CLIENT_DEFAULT = new ProtocolList(new String[] { |
213 |
ProtocolVersion.SSL30.name, |
|
214 |
ProtocolVersion.TLS10.name |
|
2 | 215 |
}); |
216 |
} |
|
217 |
} |
|
218 |
||
219 |
} |