jdk-sandbox: src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java@56aaa6cb3693 (annotated)

7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	1	/*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2	* Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	4	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	10	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	15	* accompanied this code).
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	16	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	20	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	23	* questions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	24	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	25
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	26	package sun.security.ssl;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	27
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	28	import java.security.AlgorithmConstraints;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	29	import java.security.AlgorithmParameters;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	30	import java.security.CryptoPrimitive;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	31	import java.security.Key;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	32	import java.util.Set;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	33	import javax.net.ssl.*;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	34	import sun.security.util.DisabledAlgorithmConstraints;
31689 1201792aa3a3 8043201: Deprecate RC4 in SunJSSE provider asmotrak parents: 30905 diff changeset	35	import static sun.security.util.DisabledAlgorithmConstraints.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	36
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	37	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	38	* Algorithm constraints for disabled algorithms property
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	39	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	40	* See the "jdk.certpath.disabledAlgorithms" specification in java.security
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	41	* for the syntax of the disabled algorithm string.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	42	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	43	final class SSLAlgorithmConstraints implements AlgorithmConstraints {
31689 1201792aa3a3 8043201: Deprecate RC4 in SunJSSE provider asmotrak parents: 30905 diff changeset	44
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31689 diff changeset	45	private static final AlgorithmConstraints tlsDisabledAlgConstraints =
31689 1201792aa3a3 8043201: Deprecate RC4 in SunJSSE provider asmotrak parents: 30905 diff changeset	46	new DisabledAlgorithmConstraints(PROPERTY_TLS_DISABLED_ALGS,
1201792aa3a3 8043201: Deprecate RC4 in SunJSSE provider asmotrak parents: 30905 diff changeset	47	new SSLAlgorithmDecomposer());
1201792aa3a3 8043201: Deprecate RC4 in SunJSSE provider asmotrak parents: 30905 diff changeset	48
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31689 diff changeset	49	private static final AlgorithmConstraints x509DisabledAlgConstraints =
31689 1201792aa3a3 8043201: Deprecate RC4 in SunJSSE provider asmotrak parents: 30905 diff changeset	50	new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS,
1201792aa3a3 8043201: Deprecate RC4 in SunJSSE provider asmotrak parents: 30905 diff changeset	51	new SSLAlgorithmDecomposer(true));
1201792aa3a3 8043201: Deprecate RC4 in SunJSSE provider asmotrak parents: 30905 diff changeset	52
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	53	private final AlgorithmConstraints userSpecifiedConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	54	private final AlgorithmConstraints peerSpecifiedConstraints;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	55
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	56	private final boolean enabledX509DisabledAlgConstraints;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	57
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	58	// the default algorithm constraints
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31689 diff changeset	59	static final AlgorithmConstraints DEFAULT =
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	60	new SSLAlgorithmConstraints(null);
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	61
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	62	// the default SSL only algorithm constraints
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31689 diff changeset	63	static final AlgorithmConstraints DEFAULT_SSL_ONLY =
28555 c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	64	new SSLAlgorithmConstraints((SSLSocket)null, false);
c7bf34f7b215 8061210: Issues in TLS xuelei parents: 25859 diff changeset	65
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	66	SSLAlgorithmConstraints(AlgorithmConstraints userSpecifiedConstraints) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	67	this.userSpecifiedConstraints = userSpecifiedConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	68	this.peerSpecifiedConstraints = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	69	this.enabledX509DisabledAlgConstraints = true;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	70	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	71
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	72	SSLAlgorithmConstraints(SSLSocket socket,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	73	boolean withDefaultCertPathConstraints) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	74	AlgorithmConstraints configuredConstraints = null;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	75	if (socket != null) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	76	HandshakeContext hc =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	77	((SSLSocketImpl)socket).conContext.handshakeContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	78	if (hc != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	79	configuredConstraints = hc.sslConfig.algorithmConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	80	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	81	configuredConstraints = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	82	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	83	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	84	this.userSpecifiedConstraints = configuredConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	85	this.peerSpecifiedConstraints = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	86	this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	87	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	88
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	89	SSLAlgorithmConstraints(SSLEngine engine,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	90	boolean withDefaultCertPathConstraints) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	91	AlgorithmConstraints configuredConstraints = null;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	92	if (engine != null) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	93	HandshakeContext hc =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	94	((SSLEngineImpl)engine).conContext.handshakeContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	95	if (hc != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	96	configuredConstraints = hc.sslConfig.algorithmConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	97	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	98	configuredConstraints = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	99	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	100	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	101	this.userSpecifiedConstraints = configuredConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	102	this.peerSpecifiedConstraints = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	103	this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	104	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	105
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	106	SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	107	boolean withDefaultCertPathConstraints) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	108	AlgorithmConstraints configuredConstraints = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	109	AlgorithmConstraints negotiatedConstraints = null;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	110	if (socket != null) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	111	HandshakeContext hc =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	112	((SSLSocketImpl)socket).conContext.handshakeContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	113	if (hc != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	114	configuredConstraints = hc.sslConfig.algorithmConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	115	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	116	configuredConstraints = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	117	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	118
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	119	negotiatedConstraints =
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	120	new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	121	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	122	this.userSpecifiedConstraints = configuredConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	123	this.peerSpecifiedConstraints = negotiatedConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	124	this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	125	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	126
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	127	SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	128	boolean withDefaultCertPathConstraints) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	129	AlgorithmConstraints configuredConstraints = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	130	AlgorithmConstraints negotiatedConstraints = null;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	131	if (engine != null) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	132	HandshakeContext hc =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	133	((SSLEngineImpl)engine).conContext.handshakeContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	134	if (hc != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	135	configuredConstraints = hc.sslConfig.algorithmConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	136	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	137	configuredConstraints = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	138	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	139
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	140	negotiatedConstraints =
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	141	new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	142	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	143	this.userSpecifiedConstraints = configuredConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	144	this.peerSpecifiedConstraints = negotiatedConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	145	this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	146	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	147
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	148	@Override
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	149	public boolean permits(Set<CryptoPrimitive> primitives,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	150	String algorithm, AlgorithmParameters parameters) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	151
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	152	boolean permitted = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	153
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	154	if (peerSpecifiedConstraints != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	155	permitted = peerSpecifiedConstraints.permits(
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	156	primitives, algorithm, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	157	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	158
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	159	if (permitted && userSpecifiedConstraints != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	160	permitted = userSpecifiedConstraints.permits(
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	161	primitives, algorithm, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	162	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	163
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	164	if (permitted) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	165	permitted = tlsDisabledAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	166	primitives, algorithm, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	167	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	168
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	169	if (permitted && enabledX509DisabledAlgConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	170	permitted = x509DisabledAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	171	primitives, algorithm, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	172	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	173
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	174	return permitted;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	175	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	176
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	177	@Override
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	178	public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	179
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	180	boolean permitted = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	181
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	182	if (peerSpecifiedConstraints != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	183	permitted = peerSpecifiedConstraints.permits(primitives, key);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	184	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	185
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	186	if (permitted && userSpecifiedConstraints != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	187	permitted = userSpecifiedConstraints.permits(primitives, key);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	188	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	189
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	190	if (permitted) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	191	permitted = tlsDisabledAlgConstraints.permits(primitives, key);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	192	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	193
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	194	if (permitted && enabledX509DisabledAlgConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	195	permitted = x509DisabledAlgConstraints.permits(primitives, key);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	196	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	197
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	198	return permitted;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	199	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	200
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	201	@Override
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	202	public boolean permits(Set<CryptoPrimitive> primitives,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	203	String algorithm, Key key, AlgorithmParameters parameters) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	204
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	205	boolean permitted = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	206
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	207	if (peerSpecifiedConstraints != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	208	permitted = peerSpecifiedConstraints.permits(
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	209	primitives, algorithm, key, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	210	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	211
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	212	if (permitted && userSpecifiedConstraints != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	213	permitted = userSpecifiedConstraints.permits(
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	214	primitives, algorithm, key, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	215	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	216
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	217	if (permitted) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	218	permitted = tlsDisabledAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	219	primitives, algorithm, key, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	220	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	221
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	222	if (permitted && enabledX509DisabledAlgConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	223	permitted = x509DisabledAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	224	primitives, algorithm, key, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	225	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	226
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	227	return permitted;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	228	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	229
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	230
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31689 diff changeset	231	private static class SupportedSignatureAlgorithmConstraints
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	232	implements AlgorithmConstraints {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	233	// supported signature algorithms
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	234	private String[] supportedAlgorithms;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	235
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	236	SupportedSignatureAlgorithmConstraints(String[] supportedAlgorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	237	if (supportedAlgorithms != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	238	this.supportedAlgorithms = supportedAlgorithms.clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	239	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	240	this.supportedAlgorithms = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	241	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	242	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	243
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	244	@Override
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	245	public boolean permits(Set<CryptoPrimitive> primitives,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	246	String algorithm, AlgorithmParameters parameters) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	247
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	248	if (algorithm == null \|\| algorithm.length() == 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	249	throw new IllegalArgumentException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	250	"No algorithm name specified");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	251	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	252
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	253	if (primitives == null \|\| primitives.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	254	throw new IllegalArgumentException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	255	"No cryptographic primitive specified");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	256	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	257
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	258	if (supportedAlgorithms == null \|\|
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	259	supportedAlgorithms.length == 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	260	return false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	261	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	262
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	263	// trim the MGF part: <digest>with<encryption>and<mgf>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	264	int position = algorithm.indexOf("and");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	265	if (position > 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	266	algorithm = algorithm.substring(0, position);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	267	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	268
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	269	for (String supportedAlgorithm : supportedAlgorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	270	if (algorithm.equalsIgnoreCase(supportedAlgorithm)) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	271	return true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	272	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	273	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	274
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	275	return false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	276	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	277
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	278	@Override
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31689 diff changeset	279	public final boolean permits(Set<CryptoPrimitive> primitives, Key key) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	280	return true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	281	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	282
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	283	@Override
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31689 diff changeset	284	public final boolean permits(Set<CryptoPrimitive> primitives,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	285	String algorithm, Key key, AlgorithmParameters parameters) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	286
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	287	if (algorithm == null \|\| algorithm.length() == 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	288	throw new IllegalArgumentException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	289	"No algorithm name specified");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	290	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	291
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	292	return permits(primitives, algorithm, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	293	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	294	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	295	}

author	wetmore
	Fri, 11 May 2018 15:53:12 -0700
branch	JDK-8145252-TLS13-branch
changeset 56542	56aaa6cb3693
parent 47216	71c04702a3d5
child 51084	2282560a3d29
permissions	-rw-r--r--