author | avstepan |
Wed, 06 May 2015 21:15:07 +0400 | |
changeset 30374 | 2abaf49910ea |
parent 28555 | c7bf34f7b215 |
child 30904 | ec0224270f90 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
24263
f95477ce56e4
8042449: Issue for negative byte major record version
xuelei
parents:
22068
diff
changeset
|
2 |
* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.ssl; |
|
27 |
||
28555 | 28 |
import java.util.*; |
29 |
import java.security.CryptoPrimitive; |
|
30 |
||
2 | 31 |
/** |
32 |
* Type safe enum for an SSL/TLS protocol version. Instances are obtained |
|
33 |
* using the static factory methods or by referencing the static members |
|
34 |
* in this class. Member variables are final and can be accessed without |
|
35 |
* accessor methods. |
|
36 |
* |
|
37 |
* There is only ever one instance per supported protocol version, this |
|
38 |
* means == can be used for comparision instead of equals() if desired. |
|
39 |
* |
|
40 |
* Checks for a particular version number should generally take this form: |
|
41 |
* |
|
30374 | 42 |
* <pre>{@code |
2 | 43 |
* if (protocolVersion.v >= ProtocolVersion.TLS10) { |
44 |
* // TLS 1.0 code goes here |
|
45 |
* } else { |
|
46 |
* // SSL 3.0 code here |
|
47 |
* } |
|
30374 | 48 |
* }</pre> |
2 | 49 |
* |
50 |
* @author Andreas Sterbenz |
|
51 |
* @since 1.4.1 |
|
52 |
*/ |
|
7039 | 53 |
public final class ProtocolVersion implements Comparable<ProtocolVersion> { |
2 | 54 |
|
7039 | 55 |
// The limit of maximum protocol version |
56 |
final static int LIMIT_MAX_VALUE = 0xFFFF; |
|
57 |
||
7043 | 58 |
// The limit of minimum protocol version |
59 |
final static int LIMIT_MIN_VALUE = 0x0000; |
|
60 |
||
7039 | 61 |
// Dummy protocol version value for invalid SSLSession |
2 | 62 |
final static ProtocolVersion NONE = new ProtocolVersion(-1, "NONE"); |
63 |
||
64 |
// If enabled, send/ accept SSLv2 hello messages |
|
65 |
final static ProtocolVersion SSL20Hello = new ProtocolVersion(0x0002, |
|
66 |
"SSLv2Hello"); |
|
67 |
||
68 |
// SSL 3.0 |
|
69 |
final static ProtocolVersion SSL30 = new ProtocolVersion(0x0300, "SSLv3"); |
|
70 |
||
71 |
// TLS 1.0 |
|
72 |
final static ProtocolVersion TLS10 = new ProtocolVersion(0x0301, "TLSv1"); |
|
73 |
||
74 |
// TLS 1.1 |
|
75 |
final static ProtocolVersion TLS11 = new ProtocolVersion(0x0302, "TLSv1.1"); |
|
76 |
||
7039 | 77 |
// TLS 1.2 |
78 |
final static ProtocolVersion TLS12 = new ProtocolVersion(0x0303, "TLSv1.2"); |
|
79 |
||
2 | 80 |
private static final boolean FIPS = SunJSSE.isFIPS(); |
81 |
||
82 |
// minimum version we implement (SSL 3.0) |
|
83 |
final static ProtocolVersion MIN = FIPS ? TLS10 : SSL30; |
|
84 |
||
7043 | 85 |
// maximum version we implement (TLS 1.2) |
86 |
final static ProtocolVersion MAX = TLS12; |
|
2 | 87 |
|
22068 | 88 |
// ProtocolVersion to use by default (TLS 1.2) |
89 |
final static ProtocolVersion DEFAULT = TLS12; |
|
2 | 90 |
|
91 |
// Default version for hello messages (SSLv2Hello) |
|
7039 | 92 |
final static ProtocolVersion DEFAULT_HELLO = FIPS ? TLS10 : SSL30; |
2 | 93 |
|
28555 | 94 |
// Available protocols |
95 |
// |
|
96 |
// Including all supported protocols except the disabled ones. |
|
97 |
final static Set<ProtocolVersion> availableProtocols; |
|
98 |
||
2 | 99 |
// version in 16 bit MSB format as it appears in records and |
100 |
// messages, i.e. 0x0301 for TLS 1.0 |
|
4236 | 101 |
public final int v; |
2 | 102 |
|
103 |
// major and minor version |
|
4236 | 104 |
public final byte major, minor; |
2 | 105 |
|
106 |
// name used in JSSE (e.g. TLSv1 for TLS 1.0) |
|
107 |
final String name; |
|
108 |
||
28555 | 109 |
// Initialize the available protocols. |
110 |
static { |
|
111 |
Set<ProtocolVersion> protocols = new HashSet<>(5); |
|
112 |
||
113 |
ProtocolVersion[] pvs = new ProtocolVersion[] { |
|
114 |
SSL20Hello, SSL30, TLS10, TLS11, TLS12}; |
|
115 |
EnumSet<CryptoPrimitive> cryptoPrimitives = |
|
116 |
EnumSet.<CryptoPrimitive>of(CryptoPrimitive.KEY_AGREEMENT); |
|
117 |
for (ProtocolVersion p : pvs) { |
|
118 |
if (SSLAlgorithmConstraints.DEFAULT_SSL_ONLY.permits( |
|
119 |
cryptoPrimitives, p.name, null)) { |
|
120 |
protocols.add(p); |
|
121 |
} |
|
122 |
} |
|
123 |
||
124 |
availableProtocols = |
|
125 |
Collections.<ProtocolVersion>unmodifiableSet(protocols); |
|
126 |
} |
|
127 |
||
2 | 128 |
// private |
129 |
private ProtocolVersion(int v, String name) { |
|
130 |
this.v = v; |
|
131 |
this.name = name; |
|
132 |
major = (byte)(v >>> 8); |
|
24263
f95477ce56e4
8042449: Issue for negative byte major record version
xuelei
parents:
22068
diff
changeset
|
133 |
minor = (byte)(v & 0xFF); |
2 | 134 |
} |
135 |
||
136 |
// private |
|
137 |
private static ProtocolVersion valueOf(int v) { |
|
138 |
if (v == SSL30.v) { |
|
139 |
return SSL30; |
|
140 |
} else if (v == TLS10.v) { |
|
141 |
return TLS10; |
|
142 |
} else if (v == TLS11.v) { |
|
143 |
return TLS11; |
|
7039 | 144 |
} else if (v == TLS12.v) { |
145 |
return TLS12; |
|
2 | 146 |
} else if (v == SSL20Hello.v) { |
147 |
return SSL20Hello; |
|
148 |
} else { |
|
24263
f95477ce56e4
8042449: Issue for negative byte major record version
xuelei
parents:
22068
diff
changeset
|
149 |
int major = (v >>> 8) & 0xFF; |
f95477ce56e4
8042449: Issue for negative byte major record version
xuelei
parents:
22068
diff
changeset
|
150 |
int minor = v & 0xFF; |
2 | 151 |
return new ProtocolVersion(v, "Unknown-" + major + "." + minor); |
152 |
} |
|
153 |
} |
|
154 |
||
155 |
/** |
|
156 |
* Return a ProtocolVersion with the specified major and minor version |
|
157 |
* numbers. Never throws exceptions. |
|
158 |
*/ |
|
4236 | 159 |
public static ProtocolVersion valueOf(int major, int minor) { |
24263
f95477ce56e4
8042449: Issue for negative byte major record version
xuelei
parents:
22068
diff
changeset
|
160 |
return valueOf(((major & 0xFF) << 8) | (minor & 0xFF)); |
2 | 161 |
} |
162 |
||
163 |
/** |
|
164 |
* Return a ProtocolVersion for the given name. |
|
165 |
* |
|
166 |
* @exception IllegalArgumentException if name is null or does not |
|
167 |
* identify a supported protocol |
|
168 |
*/ |
|
169 |
static ProtocolVersion valueOf(String name) { |
|
170 |
if (name == null) { |
|
171 |
throw new IllegalArgumentException("Protocol cannot be null"); |
|
172 |
} |
|
7039 | 173 |
|
174 |
if (FIPS && (name.equals(SSL30.name) || name.equals(SSL20Hello.name))) { |
|
175 |
throw new IllegalArgumentException |
|
176 |
("Only TLS 1.0 or later allowed in FIPS mode"); |
|
2 | 177 |
} |
7039 | 178 |
|
2 | 179 |
if (name.equals(SSL30.name)) { |
180 |
return SSL30; |
|
181 |
} else if (name.equals(TLS10.name)) { |
|
182 |
return TLS10; |
|
7039 | 183 |
} else if (name.equals(TLS11.name)) { |
184 |
return TLS11; |
|
185 |
} else if (name.equals(TLS12.name)) { |
|
186 |
return TLS12; |
|
2 | 187 |
} else if (name.equals(SSL20Hello.name)) { |
188 |
return SSL20Hello; |
|
189 |
} else { |
|
190 |
throw new IllegalArgumentException(name); |
|
191 |
} |
|
192 |
} |
|
193 |
||
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
7043
diff
changeset
|
194 |
@Override |
2 | 195 |
public String toString() { |
196 |
return name; |
|
197 |
} |
|
198 |
||
7039 | 199 |
/** |
200 |
* Compares this object with the specified object for order. |
|
201 |
*/ |
|
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
7043
diff
changeset
|
202 |
@Override |
7039 | 203 |
public int compareTo(ProtocolVersion protocolVersion) { |
204 |
return this.v - protocolVersion.v; |
|
205 |
} |
|
2 | 206 |
} |