jdk-sandbox: jdk/src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java@b9b80421cfa7 (annotated)

7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	1	/*
23010 6dadb192ad81 8029235: Update copyright year to match last edit in jdk8 jdk repository for 2013 lana parents: 14664 diff changeset	2	* Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	4	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	10	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	15	* accompanied this code).
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	16	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	20	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	23	* questions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	24	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	25
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	26	package sun.security.ssl;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	27
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	28	import java.security.AlgorithmConstraints;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	29	import java.security.CryptoPrimitive;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	30	import java.security.AlgorithmParameters;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	31
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	32	import javax.net.ssl.*;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	33
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	34	import java.security.Key;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	35
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	36	import java.util.Set;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	37	import java.util.HashSet;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	38
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	39	import sun.security.util.DisabledAlgorithmConstraints;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	40	import sun.security.ssl.CipherSuite.*;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	41
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	42	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	43	* Algorithm constraints for disabled algorithms property
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	44	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	45	* See the "jdk.certpath.disabledAlgorithms" specification in java.security
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	46	* for the syntax of the disabled algorithm string.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	47	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	48	final class SSLAlgorithmConstraints implements AlgorithmConstraints {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	49	private final static AlgorithmConstraints tlsDisabledAlgConstraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	50	new TLSDisabledAlgConstraints();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	51	private final static AlgorithmConstraints x509DisabledAlgConstraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	52	new X509DisabledAlgConstraints();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	53	private AlgorithmConstraints userAlgConstraints = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	54	private AlgorithmConstraints peerAlgConstraints = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	55
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	56	private boolean enabledX509DisabledAlgConstraints = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	57
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	58	SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	59	userAlgConstraints = algorithmConstraints;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	60	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	61
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	62	SSLAlgorithmConstraints(SSLSocket socket,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	63	boolean withDefaultCertPathConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	64	if (socket != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	65	userAlgConstraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	66	socket.getSSLParameters().getAlgorithmConstraints();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	67	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	68
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	69	if (!withDefaultCertPathConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	70	enabledX509DisabledAlgConstraints = false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	71	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	72	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	73
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	74	SSLAlgorithmConstraints(SSLEngine engine,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	75	boolean withDefaultCertPathConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	76	if (engine != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	77	userAlgConstraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	78	engine.getSSLParameters().getAlgorithmConstraints();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	79	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	80
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	81	if (!withDefaultCertPathConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	82	enabledX509DisabledAlgConstraints = false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	83	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	84	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	85
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	86	SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	87	boolean withDefaultCertPathConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	88	if (socket != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	89	userAlgConstraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	90	socket.getSSLParameters().getAlgorithmConstraints();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	91	peerAlgConstraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	92	new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	93	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	94
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	95	if (!withDefaultCertPathConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	96	enabledX509DisabledAlgConstraints = false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	97	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	98	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	99
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	100	SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	101	boolean withDefaultCertPathConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	102	if (engine != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	103	userAlgConstraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	104	engine.getSSLParameters().getAlgorithmConstraints();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	105	peerAlgConstraints =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	106	new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	107	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	108
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	109	if (!withDefaultCertPathConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	110	enabledX509DisabledAlgConstraints = false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	111	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	112	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	113
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	114	@Override
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	115	public boolean permits(Set<CryptoPrimitive> primitives,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	116	String algorithm, AlgorithmParameters parameters) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	117
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	118	boolean permitted = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	119
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	120	if (peerAlgConstraints != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	121	permitted = peerAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	122	primitives, algorithm, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	123	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	124
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	125	if (permitted && userAlgConstraints != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	126	permitted = userAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	127	primitives, algorithm, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	128	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	129
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	130	if (permitted) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	131	permitted = tlsDisabledAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	132	primitives, algorithm, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	133	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	134
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	135	if (permitted && enabledX509DisabledAlgConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	136	permitted = x509DisabledAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	137	primitives, algorithm, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	138	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	139
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	140	return permitted;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	141	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	142
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	143	@Override
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	144	public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	145
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	146	boolean permitted = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	147
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	148	if (peerAlgConstraints != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	149	permitted = peerAlgConstraints.permits(primitives, key);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	150	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	151
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	152	if (permitted && userAlgConstraints != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	153	permitted = userAlgConstraints.permits(primitives, key);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	154	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	155
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	156	if (permitted) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	157	permitted = tlsDisabledAlgConstraints.permits(primitives, key);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	158	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	159
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	160	if (permitted && enabledX509DisabledAlgConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	161	permitted = x509DisabledAlgConstraints.permits(primitives, key);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	162	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	163
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	164	return permitted;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	165	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	166
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	167	@Override
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	168	public boolean permits(Set<CryptoPrimitive> primitives,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	169	String algorithm, Key key, AlgorithmParameters parameters) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	170
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	171	boolean permitted = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	172
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	173	if (peerAlgConstraints != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	174	permitted = peerAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	175	primitives, algorithm, key, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	176	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	177
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	178	if (permitted && userAlgConstraints != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	179	permitted = userAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	180	primitives, algorithm, key, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	181	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	182
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	183	if (permitted) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	184	permitted = tlsDisabledAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	185	primitives, algorithm, key, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	186	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	187
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	188	if (permitted && enabledX509DisabledAlgConstraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	189	permitted = x509DisabledAlgConstraints.permits(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	190	primitives, algorithm, key, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	191	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	192
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	193	return permitted;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	194	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	195
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	196
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	197	static private class SupportedSignatureAlgorithmConstraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	198	implements AlgorithmConstraints {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	199	// supported signature algorithms
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	200	private String[] supportedAlgorithms;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	201
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	202	SupportedSignatureAlgorithmConstraints(String[] supportedAlgorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	203	if (supportedAlgorithms != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	204	this.supportedAlgorithms = supportedAlgorithms.clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	205	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	206	this.supportedAlgorithms = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	207	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	208	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	209
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	210	@Override
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	211	public boolean permits(Set<CryptoPrimitive> primitives,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	212	String algorithm, AlgorithmParameters parameters) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	213
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	214	if (algorithm == null \|\| algorithm.length() == 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	215	throw new IllegalArgumentException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	216	"No algorithm name specified");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	217	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	218
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	219	if (primitives == null \|\| primitives.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	220	throw new IllegalArgumentException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	221	"No cryptographic primitive specified");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	222	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	223
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	224	if (supportedAlgorithms == null \|\|
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	225	supportedAlgorithms.length == 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	226	return false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	227	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	228
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	229	// trim the MGF part: <digest>with<encryption>and<mgf>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	230	int position = algorithm.indexOf("and");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	231	if (position > 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	232	algorithm = algorithm.substring(0, position);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	233	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	234
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	235	for (String supportedAlgorithm : supportedAlgorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	236	if (algorithm.equalsIgnoreCase(supportedAlgorithm)) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	237	return true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	238	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	239	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	240
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	241	return false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	242	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	243
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	244	@Override
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	245	final public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	246	return true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	247	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	248
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 9035 diff changeset	249	@Override
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	250	final public boolean permits(Set<CryptoPrimitive> primitives,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	251	String algorithm, Key key, AlgorithmParameters parameters) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	252
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	253	if (algorithm == null \|\| algorithm.length() == 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	254	throw new IllegalArgumentException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	255	"No algorithm name specified");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	256	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	257
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	258	return permits(primitives, algorithm, parameters);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	259	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	260	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	261
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	262	static private class BasicDisabledAlgConstraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	263	extends DisabledAlgorithmConstraints {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	264	BasicDisabledAlgConstraints(String propertyName) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	265	super(propertyName);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	266	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	267
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	268	protected Set<String> decomposes(KeyExchange keyExchange,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	269	boolean forCertPathOnly) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	270	Set<String> components = new HashSet<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	271	switch (keyExchange) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	272	case K_NULL:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	273	if (!forCertPathOnly) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	274	components.add("NULL");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	275	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	276	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	277	case K_RSA:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	278	components.add("RSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	279	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	280	case K_RSA_EXPORT:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	281	components.add("RSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	282	components.add("RSA_EXPORT");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	283	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	284	case K_DH_RSA:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	285	components.add("RSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	286	components.add("DH");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	287	components.add("DiffieHellman");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	288	components.add("DH_RSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	289	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	290	case K_DH_DSS:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	291	components.add("DSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	292	components.add("DSS");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	293	components.add("DH");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	294	components.add("DiffieHellman");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	295	components.add("DH_DSS");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	296	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	297	case K_DHE_DSS:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	298	components.add("DSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	299	components.add("DSS");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	300	components.add("DH");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	301	components.add("DHE");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	302	components.add("DiffieHellman");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	303	components.add("DHE_DSS");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	304	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	305	case K_DHE_RSA:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	306	components.add("RSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	307	components.add("DH");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	308	components.add("DHE");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	309	components.add("DiffieHellman");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	310	components.add("DHE_RSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	311	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	312	case K_DH_ANON:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	313	if (!forCertPathOnly) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	314	components.add("ANON");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	315	components.add("DH");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	316	components.add("DiffieHellman");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	317	components.add("DH_ANON");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	318	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	319	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	320	case K_ECDH_ECDSA:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	321	components.add("ECDH");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	322	components.add("ECDSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	323	components.add("ECDH_ECDSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	324	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	325	case K_ECDH_RSA:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	326	components.add("ECDH");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	327	components.add("RSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	328	components.add("ECDH_RSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	329	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	330	case K_ECDHE_ECDSA:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	331	components.add("ECDHE");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	332	components.add("ECDSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	333	components.add("ECDHE_ECDSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	334	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	335	case K_ECDHE_RSA:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	336	components.add("ECDHE");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	337	components.add("RSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	338	components.add("ECDHE_RSA");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	339	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	340	case K_ECDH_ANON:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	341	if (!forCertPathOnly) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	342	components.add("ECDH");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	343	components.add("ANON");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	344	components.add("ECDH_ANON");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	345	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	346	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	347	case K_KRB5:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	348	if (!forCertPathOnly) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	349	components.add("KRB5");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	350	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	351	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	352	case K_KRB5_EXPORT:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	353	if (!forCertPathOnly) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	354	components.add("KRB5_EXPORT");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	355	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	356	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	357	default:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	358	// ignore
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	359	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	360
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	361	return components;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	362	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	363
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	364	protected Set<String> decomposes(BulkCipher bulkCipher) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	365	Set<String> components = new HashSet<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	366
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	367	if (bulkCipher.transformation != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	368	components.addAll(super.decomposes(bulkCipher.transformation));
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	369	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	370
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	371	return components;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	372	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	373
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	374	protected Set<String> decomposes(MacAlg macAlg) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	375	Set<String> components = new HashSet<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	376
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	377	if (macAlg == CipherSuite.M_MD5) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	378	components.add("MD5");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	379	components.add("HmacMD5");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	380	} else if (macAlg == CipherSuite.M_SHA) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	381	components.add("SHA1");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	382	components.add("SHA-1");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	383	components.add("HmacSHA1");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	384	} else if (macAlg == CipherSuite.M_SHA256) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	385	components.add("SHA256");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	386	components.add("SHA-256");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	387	components.add("HmacSHA256");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	388	} else if (macAlg == CipherSuite.M_SHA384) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	389	components.add("SHA384");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	390	components.add("SHA-384");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	391	components.add("HmacSHA384");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	392	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	393
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	394	return components;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	395	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	396	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	397
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	398	static private class TLSDisabledAlgConstraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	399	extends BasicDisabledAlgConstraints {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	400
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	401	TLSDisabledAlgConstraints() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	402	super(DisabledAlgorithmConstraints.PROPERTY_TLS_DISABLED_ALGS);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	403	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	404
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	405	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	406	protected Set<String> decomposes(String algorithm) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	407	if (algorithm.startsWith("SSL_") \|\| algorithm.startsWith("TLS_")) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	408	CipherSuite cipherSuite = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	409	try {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	410	cipherSuite = CipherSuite.valueOf(algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	411	} catch (IllegalArgumentException iae) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	412	// ignore: unknown or unsupported ciphersuite
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	413	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	414
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	415	if (cipherSuite != null) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	416	Set<String> components = new HashSet<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	417
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	418	if(cipherSuite.keyExchange != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	419	components.addAll(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	420	decomposes(cipherSuite.keyExchange, false));
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	421	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	422
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	423	if (cipherSuite.cipher != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	424	components.addAll(decomposes(cipherSuite.cipher));
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	425	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	426
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	427	if (cipherSuite.macAlg != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	428	components.addAll(decomposes(cipherSuite.macAlg));
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	429	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	430
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	431	return components;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	432	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	433	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	434
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	435	return super.decomposes(algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	436	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	437	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	438
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	439	static private class X509DisabledAlgConstraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	440	extends BasicDisabledAlgConstraints {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	441
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	442	X509DisabledAlgConstraints() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	443	super(DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	444	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	445
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	446	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	447	protected Set<String> decomposes(String algorithm) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	448	if (algorithm.startsWith("SSL_") \|\| algorithm.startsWith("TLS_")) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	449	CipherSuite cipherSuite = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	450	try {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	451	cipherSuite = CipherSuite.valueOf(algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	452	} catch (IllegalArgumentException iae) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	453	// ignore: unknown or unsupported ciphersuite
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	454	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	455
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	456	if (cipherSuite != null) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	457	Set<String> components = new HashSet<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	458
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	459	if(cipherSuite.keyExchange != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	460	components.addAll(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	461	decomposes(cipherSuite.keyExchange, true));
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	462	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	463
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	464	// Certification path algorithm constraints do not apply
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	465	// to cipherSuite.cipher and cipherSuite.macAlg.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	466
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	467	return components;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	468	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	469	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	470
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	471	return super.decomposes(algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	472	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	473	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	474	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	475

author	xuelei
	Wed, 09 Apr 2014 12:49:51 +0000
changeset 23733	b9b80421cfa7
parent 23010	6dadb192ad81
permissions	-rw-r--r--