45 * See the "jdk.certpath.disabledAlgorithms" specification in java.security |
45 * See the "jdk.certpath.disabledAlgorithms" specification in java.security |
46 * for the syntax of the disabled algorithm string. |
46 * for the syntax of the disabled algorithm string. |
47 */ |
47 */ |
48 final class SSLAlgorithmConstraints implements AlgorithmConstraints { |
48 final class SSLAlgorithmConstraints implements AlgorithmConstraints { |
49 |
49 |
50 private final static AlgorithmConstraints tlsDisabledAlgConstraints = |
50 private static final AlgorithmConstraints tlsDisabledAlgConstraints = |
51 new DisabledAlgorithmConstraints(PROPERTY_TLS_DISABLED_ALGS, |
51 new DisabledAlgorithmConstraints(PROPERTY_TLS_DISABLED_ALGS, |
52 new SSLAlgorithmDecomposer()); |
52 new SSLAlgorithmDecomposer()); |
53 |
53 |
54 private final static AlgorithmConstraints x509DisabledAlgConstraints = |
54 private static final AlgorithmConstraints x509DisabledAlgConstraints = |
55 new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS, |
55 new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS, |
56 new SSLAlgorithmDecomposer(true)); |
56 new SSLAlgorithmDecomposer(true)); |
57 |
57 |
58 private AlgorithmConstraints userAlgConstraints = null; |
58 private AlgorithmConstraints userAlgConstraints = null; |
59 private AlgorithmConstraints peerAlgConstraints = null; |
59 private AlgorithmConstraints peerAlgConstraints = null; |
60 |
60 |
61 private boolean enabledX509DisabledAlgConstraints = true; |
61 private boolean enabledX509DisabledAlgConstraints = true; |
62 |
62 |
63 // the default algorithm constraints |
63 // the default algorithm constraints |
64 final static AlgorithmConstraints DEFAULT = |
64 static final AlgorithmConstraints DEFAULT = |
65 new SSLAlgorithmConstraints(null); |
65 new SSLAlgorithmConstraints(null); |
66 |
66 |
67 // the default SSL only algorithm constraints |
67 // the default SSL only algorithm constraints |
68 final static AlgorithmConstraints DEFAULT_SSL_ONLY = |
68 static final AlgorithmConstraints DEFAULT_SSL_ONLY = |
69 new SSLAlgorithmConstraints((SSLSocket)null, false); |
69 new SSLAlgorithmConstraints((SSLSocket)null, false); |
70 |
70 |
71 SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) { |
71 SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) { |
72 userAlgConstraints = algorithmConstraints; |
72 userAlgConstraints = algorithmConstraints; |
73 } |
73 } |
205 |
205 |
206 return permitted; |
206 return permitted; |
207 } |
207 } |
208 |
208 |
209 |
209 |
210 static private class SupportedSignatureAlgorithmConstraints |
210 private static class SupportedSignatureAlgorithmConstraints |
211 implements AlgorithmConstraints { |
211 implements AlgorithmConstraints { |
212 // supported signature algorithms |
212 // supported signature algorithms |
213 private String[] supportedAlgorithms; |
213 private String[] supportedAlgorithms; |
214 |
214 |
215 SupportedSignatureAlgorithmConstraints(String[] supportedAlgorithms) { |
215 SupportedSignatureAlgorithmConstraints(String[] supportedAlgorithms) { |
253 |
253 |
254 return false; |
254 return false; |
255 } |
255 } |
256 |
256 |
257 @Override |
257 @Override |
258 final public boolean permits(Set<CryptoPrimitive> primitives, Key key) { |
258 public final boolean permits(Set<CryptoPrimitive> primitives, Key key) { |
259 return true; |
259 return true; |
260 } |
260 } |
261 |
261 |
262 @Override |
262 @Override |
263 final public boolean permits(Set<CryptoPrimitive> primitives, |
263 public final boolean permits(Set<CryptoPrimitive> primitives, |
264 String algorithm, Key key, AlgorithmParameters parameters) { |
264 String algorithm, Key key, AlgorithmParameters parameters) { |
265 |
265 |
266 if (algorithm == null || algorithm.length() == 0) { |
266 if (algorithm == null || algorithm.length() == 0) { |
267 throw new IllegalArgumentException( |
267 throw new IllegalArgumentException( |
268 "No algorithm name specified"); |
268 "No algorithm name specified"); |