53 |
48 |
54 private static final AlgorithmConstraints x509DisabledAlgConstraints = |
49 private static final AlgorithmConstraints x509DisabledAlgConstraints = |
55 new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS, |
50 new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS, |
56 new SSLAlgorithmDecomposer(true)); |
51 new SSLAlgorithmDecomposer(true)); |
57 |
52 |
58 private AlgorithmConstraints userAlgConstraints = null; |
53 private final AlgorithmConstraints userSpecifiedConstraints; |
59 private AlgorithmConstraints peerAlgConstraints = null; |
54 private final AlgorithmConstraints peerSpecifiedConstraints; |
60 |
55 |
61 private boolean enabledX509DisabledAlgConstraints = true; |
56 private final boolean enabledX509DisabledAlgConstraints; |
62 |
57 |
63 // the default algorithm constraints |
58 // the default algorithm constraints |
64 static final AlgorithmConstraints DEFAULT = |
59 static final AlgorithmConstraints DEFAULT = |
65 new SSLAlgorithmConstraints(null); |
60 new SSLAlgorithmConstraints(null); |
66 |
61 |
67 // the default SSL only algorithm constraints |
62 // the default SSL only algorithm constraints |
68 static final AlgorithmConstraints DEFAULT_SSL_ONLY = |
63 static final AlgorithmConstraints DEFAULT_SSL_ONLY = |
69 new SSLAlgorithmConstraints((SSLSocket)null, false); |
64 new SSLAlgorithmConstraints((SSLSocket)null, false); |
70 |
65 |
71 SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) { |
66 SSLAlgorithmConstraints(AlgorithmConstraints userSpecifiedConstraints) { |
72 userAlgConstraints = algorithmConstraints; |
67 this.userSpecifiedConstraints = userSpecifiedConstraints; |
|
68 this.peerSpecifiedConstraints = null; |
|
69 this.enabledX509DisabledAlgConstraints = true; |
73 } |
70 } |
74 |
71 |
75 SSLAlgorithmConstraints(SSLSocket socket, |
72 SSLAlgorithmConstraints(SSLSocket socket, |
76 boolean withDefaultCertPathConstraints) { |
73 boolean withDefaultCertPathConstraints) { |
|
74 AlgorithmConstraints configuredConstraints = null; |
77 if (socket != null) { |
75 if (socket != null) { |
78 userAlgConstraints = |
76 HandshakeContext hc = |
79 socket.getSSLParameters().getAlgorithmConstraints(); |
77 ((SSLSocketImpl)socket).conContext.handshakeContext; |
80 } |
78 if (hc != null) { |
81 |
79 configuredConstraints = hc.sslConfig.algorithmConstraints; |
82 if (!withDefaultCertPathConstraints) { |
80 } else { |
83 enabledX509DisabledAlgConstraints = false; |
81 configuredConstraints = null; |
84 } |
82 } |
|
83 } |
|
84 this.userSpecifiedConstraints = configuredConstraints; |
|
85 this.peerSpecifiedConstraints = null; |
|
86 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints; |
85 } |
87 } |
86 |
88 |
87 SSLAlgorithmConstraints(SSLEngine engine, |
89 SSLAlgorithmConstraints(SSLEngine engine, |
88 boolean withDefaultCertPathConstraints) { |
90 boolean withDefaultCertPathConstraints) { |
|
91 AlgorithmConstraints configuredConstraints = null; |
89 if (engine != null) { |
92 if (engine != null) { |
90 userAlgConstraints = |
93 HandshakeContext hc = |
91 engine.getSSLParameters().getAlgorithmConstraints(); |
94 ((SSLEngineImpl)engine).conContext.handshakeContext; |
92 } |
95 if (hc != null) { |
93 |
96 configuredConstraints = hc.sslConfig.algorithmConstraints; |
94 if (!withDefaultCertPathConstraints) { |
97 } else { |
95 enabledX509DisabledAlgConstraints = false; |
98 configuredConstraints = null; |
96 } |
99 } |
|
100 } |
|
101 this.userSpecifiedConstraints = configuredConstraints; |
|
102 this.peerSpecifiedConstraints = null; |
|
103 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints; |
97 } |
104 } |
98 |
105 |
99 SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms, |
106 SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms, |
100 boolean withDefaultCertPathConstraints) { |
107 boolean withDefaultCertPathConstraints) { |
|
108 AlgorithmConstraints configuredConstraints = null; |
|
109 AlgorithmConstraints negotiatedConstraints = null; |
101 if (socket != null) { |
110 if (socket != null) { |
102 userAlgConstraints = |
111 HandshakeContext hc = |
103 socket.getSSLParameters().getAlgorithmConstraints(); |
112 ((SSLSocketImpl)socket).conContext.handshakeContext; |
104 peerAlgConstraints = |
113 if (hc != null) { |
|
114 configuredConstraints = hc.sslConfig.algorithmConstraints; |
|
115 } else { |
|
116 configuredConstraints = null; |
|
117 } |
|
118 |
|
119 negotiatedConstraints = |
105 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms); |
120 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms); |
106 } |
121 } |
107 |
122 this.userSpecifiedConstraints = configuredConstraints; |
108 if (!withDefaultCertPathConstraints) { |
123 this.peerSpecifiedConstraints = negotiatedConstraints; |
109 enabledX509DisabledAlgConstraints = false; |
124 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints; |
110 } |
|
111 } |
125 } |
112 |
126 |
113 SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms, |
127 SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms, |
114 boolean withDefaultCertPathConstraints) { |
128 boolean withDefaultCertPathConstraints) { |
|
129 AlgorithmConstraints configuredConstraints = null; |
|
130 AlgorithmConstraints negotiatedConstraints = null; |
115 if (engine != null) { |
131 if (engine != null) { |
116 userAlgConstraints = |
132 HandshakeContext hc = |
117 engine.getSSLParameters().getAlgorithmConstraints(); |
133 ((SSLEngineImpl)engine).conContext.handshakeContext; |
118 peerAlgConstraints = |
134 if (hc != null) { |
|
135 configuredConstraints = hc.sslConfig.algorithmConstraints; |
|
136 } else { |
|
137 configuredConstraints = null; |
|
138 } |
|
139 |
|
140 negotiatedConstraints = |
119 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms); |
141 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms); |
120 } |
142 } |
121 |
143 this.userSpecifiedConstraints = configuredConstraints; |
122 if (!withDefaultCertPathConstraints) { |
144 this.peerSpecifiedConstraints = negotiatedConstraints; |
123 enabledX509DisabledAlgConstraints = false; |
145 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints; |
124 } |
|
125 } |
146 } |
126 |
147 |
127 @Override |
148 @Override |
128 public boolean permits(Set<CryptoPrimitive> primitives, |
149 public boolean permits(Set<CryptoPrimitive> primitives, |
129 String algorithm, AlgorithmParameters parameters) { |
150 String algorithm, AlgorithmParameters parameters) { |
130 |
151 |
131 boolean permitted = true; |
152 boolean permitted = true; |
132 |
153 |
133 if (peerAlgConstraints != null) { |
154 if (peerSpecifiedConstraints != null) { |
134 permitted = peerAlgConstraints.permits( |
155 permitted = peerSpecifiedConstraints.permits( |
135 primitives, algorithm, parameters); |
156 primitives, algorithm, parameters); |
136 } |
157 } |
137 |
158 |
138 if (permitted && userAlgConstraints != null) { |
159 if (permitted && userSpecifiedConstraints != null) { |
139 permitted = userAlgConstraints.permits( |
160 permitted = userSpecifiedConstraints.permits( |
140 primitives, algorithm, parameters); |
161 primitives, algorithm, parameters); |
141 } |
162 } |
142 |
163 |
143 if (permitted) { |
164 if (permitted) { |
144 permitted = tlsDisabledAlgConstraints.permits( |
165 permitted = tlsDisabledAlgConstraints.permits( |
181 public boolean permits(Set<CryptoPrimitive> primitives, |
202 public boolean permits(Set<CryptoPrimitive> primitives, |
182 String algorithm, Key key, AlgorithmParameters parameters) { |
203 String algorithm, Key key, AlgorithmParameters parameters) { |
183 |
204 |
184 boolean permitted = true; |
205 boolean permitted = true; |
185 |
206 |
186 if (peerAlgConstraints != null) { |
207 if (peerSpecifiedConstraints != null) { |
187 permitted = peerAlgConstraints.permits( |
208 permitted = peerSpecifiedConstraints.permits( |
188 primitives, algorithm, key, parameters); |
209 primitives, algorithm, key, parameters); |
189 } |
210 } |
190 |
211 |
191 if (permitted && userAlgConstraints != null) { |
212 if (permitted && userSpecifiedConstraints != null) { |
192 permitted = userAlgConstraints.permits( |
213 permitted = userSpecifiedConstraints.permits( |
193 primitives, algorithm, key, parameters); |
214 primitives, algorithm, key, parameters); |
194 } |
215 } |
195 |
216 |
196 if (permitted) { |
217 if (permitted) { |
197 permitted = tlsDisabledAlgConstraints.permits( |
218 permitted = tlsDisabledAlgConstraints.permits( |