Mercurial Mercurial > jdk-sandbox / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
branchJDK-8145252-TLS13-branch
changeset 56542 56aaa6cb3693
parent 47216 71c04702a3d5
child 51084 2282560a3d29
equal deleted inserted replaced
56541:92cbbfc996f3 56542:56aaa6cb3693 
     1 /*
 
     1 /*
 
     2  * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
 
     2  * Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
 
     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
     4  *
 
     4  *
 
     5  * This code is free software; you can redistribute it and/or modify it
 
     5  * This code is free software; you can redistribute it and/or modify it
 
     6  * under the terms of the GNU General Public License version 2 only, as
 
     6  * under the terms of the GNU General Public License version 2 only, as
 
     7  * published by the Free Software Foundation.  Oracle designates this
 
     7  * published by the Free Software Foundation.  Oracle designates this
 
    24  */
 
    24  */
 
    25 
    25 
    26 package sun.security.ssl;
 
    26 package sun.security.ssl;
 
    27 
    27 
    28 import java.security.AlgorithmConstraints;
 
    28 import java.security.AlgorithmConstraints;
 
       
    29 import java.security.AlgorithmParameters;
 
    29 import java.security.CryptoPrimitive;
 
    30 import java.security.CryptoPrimitive;
 
    30 import java.security.AlgorithmParameters;
 
    31 import java.security.Key;
 
    31 
    32 import java.util.Set;
 
    32 import javax.net.ssl.*;
 
    33 import javax.net.ssl.*;
 
    33 
       
    34 import java.security.Key;
 
       
    35 
       
    36 import java.util.Set;
 
       
    37 
       
    38 import sun.security.util.DisabledAlgorithmConstraints;
 
    34 import sun.security.util.DisabledAlgorithmConstraints;
 
    39 import static sun.security.util.DisabledAlgorithmConstraints.*;
 
    35 import static sun.security.util.DisabledAlgorithmConstraints.*;
 
    40 import sun.security.ssl.CipherSuite.*;
 
       
    41 
    36 
    42 /**
 
    37 /**
 
    43  * Algorithm constraints for disabled algorithms property
 
    38  * Algorithm constraints for disabled algorithms property
 
    44  *
 
    39  *
 
    45  * See the "jdk.certpath.disabledAlgorithms" specification in java.security
 
    40  * See the "jdk.certpath.disabledAlgorithms" specification in java.security
 
    53 
    48 
    54     private static final AlgorithmConstraints x509DisabledAlgConstraints =
 
    49     private static final AlgorithmConstraints x509DisabledAlgConstraints =
 
    55             new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS,
 
    50             new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS,
 
    56                     new SSLAlgorithmDecomposer(true));
 
    51                     new SSLAlgorithmDecomposer(true));
 
    57 
    52 
    58     private AlgorithmConstraints userAlgConstraints = null;
 
    53     private final AlgorithmConstraints userSpecifiedConstraints;
 
    59     private AlgorithmConstraints peerAlgConstraints = null;
 
    54     private final AlgorithmConstraints peerSpecifiedConstraints;
 
    60 
    55 
    61     private boolean enabledX509DisabledAlgConstraints = true;
 
    56     private final boolean enabledX509DisabledAlgConstraints;
 
    62 
    57 
    63     // the default algorithm constraints
 
    58     // the default algorithm constraints
 
    64     static final AlgorithmConstraints DEFAULT =
 
    59     static final AlgorithmConstraints DEFAULT =
 
    65                         new SSLAlgorithmConstraints(null);
 
    60                         new SSLAlgorithmConstraints(null);
 
    66 
    61 
    67     // the default SSL only algorithm constraints
 
    62     // the default SSL only algorithm constraints
 
    68     static final AlgorithmConstraints DEFAULT_SSL_ONLY =
 
    63     static final AlgorithmConstraints DEFAULT_SSL_ONLY =
 
    69                         new SSLAlgorithmConstraints((SSLSocket)null, false);
 
    64                         new SSLAlgorithmConstraints((SSLSocket)null, false);
 
    70 
    65 
    71     SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
 
    66     SSLAlgorithmConstraints(AlgorithmConstraints userSpecifiedConstraints) {
 
    72         userAlgConstraints = algorithmConstraints;
 
    67         this.userSpecifiedConstraints = userSpecifiedConstraints;
 
       
    68         this.peerSpecifiedConstraints = null;
 
       
    69         this.enabledX509DisabledAlgConstraints = true;
 
    73     }
 
    70     }
 
    74 
    71 
    75     SSLAlgorithmConstraints(SSLSocket socket,
 
    72     SSLAlgorithmConstraints(SSLSocket socket,
 
    76             boolean withDefaultCertPathConstraints) {
 
    73             boolean withDefaultCertPathConstraints) {
 
       
    74         AlgorithmConstraints configuredConstraints = null;
 
    77         if (socket != null) {
 
    75         if (socket != null) {
 
    78             userAlgConstraints =
 
    76             HandshakeContext hc =
 
    79                 socket.getSSLParameters().getAlgorithmConstraints();
 
    77                     ((SSLSocketImpl)socket).conContext.handshakeContext;
 
    80         }
 
    78             if (hc != null) {
 
    81 
    79                 configuredConstraints = hc.sslConfig.algorithmConstraints;
 
    82         if (!withDefaultCertPathConstraints) {
 
    80             } else {
 
    83             enabledX509DisabledAlgConstraints = false;
 
    81                 configuredConstraints = null;
 
    84         }
 
    82             }
 
       
    83         }
 
       
    84         this.userSpecifiedConstraints = configuredConstraints;
 
       
    85         this.peerSpecifiedConstraints = null;
 
       
    86         this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
 
    85     }
 
    87     }
 
    86 
    88 
    87     SSLAlgorithmConstraints(SSLEngine engine,
 
    89     SSLAlgorithmConstraints(SSLEngine engine,
 
    88             boolean withDefaultCertPathConstraints) {
 
    90             boolean withDefaultCertPathConstraints) {
 
       
    91         AlgorithmConstraints configuredConstraints = null;
 
    89         if (engine != null) {
 
    92         if (engine != null) {
 
    90             userAlgConstraints =
 
    93             HandshakeContext hc =
 
    91                 engine.getSSLParameters().getAlgorithmConstraints();
 
    94                     ((SSLEngineImpl)engine).conContext.handshakeContext;
 
    92         }
 
    95             if (hc != null) {
 
    93 
    96                 configuredConstraints = hc.sslConfig.algorithmConstraints;
 
    94         if (!withDefaultCertPathConstraints) {
 
    97             } else {
 
    95             enabledX509DisabledAlgConstraints = false;
 
    98                 configuredConstraints = null;
 
    96         }
 
    99             }
 
       
   100         }
 
       
   101         this.userSpecifiedConstraints = configuredConstraints;
 
       
   102         this.peerSpecifiedConstraints = null;
 
       
   103         this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
 
    97     }
 
   104     }
 
    98 
   105 
    99     SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
 
   106     SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
 
   100             boolean withDefaultCertPathConstraints) {
 
   107             boolean withDefaultCertPathConstraints) {
 
       
   108         AlgorithmConstraints configuredConstraints = null;
 
       
   109         AlgorithmConstraints negotiatedConstraints = null;
 
   101         if (socket != null) {
 
   110         if (socket != null) {
 
   102             userAlgConstraints =
 
   111             HandshakeContext hc =
 
   103                 socket.getSSLParameters().getAlgorithmConstraints();
 
   112                     ((SSLSocketImpl)socket).conContext.handshakeContext;
 
   104             peerAlgConstraints =
 
   113             if (hc != null) {
 
       
   114                 configuredConstraints = hc.sslConfig.algorithmConstraints;
 
       
   115             } else {
 
       
   116                 configuredConstraints = null;
 
       
   117             }
 
       
   118 
       
   119             negotiatedConstraints =
 
   105                 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
 
   120                 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
 
   106         }
 
   121         }
 
   107 
   122         this.userSpecifiedConstraints = configuredConstraints;
 
   108         if (!withDefaultCertPathConstraints) {
 
   123         this.peerSpecifiedConstraints = negotiatedConstraints;
 
   109             enabledX509DisabledAlgConstraints = false;
 
   124         this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
 
   110         }
 
       
   111     }
 
   125     }
 
   112 
   126 
   113     SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
 
   127     SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
 
   114             boolean withDefaultCertPathConstraints) {
 
   128             boolean withDefaultCertPathConstraints) {
 
       
   129         AlgorithmConstraints configuredConstraints = null;
 
       
   130         AlgorithmConstraints negotiatedConstraints = null;
 
   115         if (engine != null) {
 
   131         if (engine != null) {
 
   116             userAlgConstraints =
 
   132             HandshakeContext hc =
 
   117                 engine.getSSLParameters().getAlgorithmConstraints();
 
   133                     ((SSLEngineImpl)engine).conContext.handshakeContext;
 
   118             peerAlgConstraints =
 
   134             if (hc != null) {
 
       
   135                 configuredConstraints = hc.sslConfig.algorithmConstraints;
 
       
   136             } else {
 
       
   137                 configuredConstraints = null;
 
       
   138             }
 
       
   139 
       
   140             negotiatedConstraints =
 
   119                 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
 
   141                 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
 
   120         }
 
   142         }
 
   121 
   143         this.userSpecifiedConstraints = configuredConstraints;
 
   122         if (!withDefaultCertPathConstraints) {
 
   144         this.peerSpecifiedConstraints = negotiatedConstraints;
 
   123             enabledX509DisabledAlgConstraints = false;
 
   145         this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
 
   124         }
 
       
   125     }
 
   146     }
 
   126 
   147 
   127     @Override
 
   148     @Override
 
   128     public boolean permits(Set<CryptoPrimitive> primitives,
 
   149     public boolean permits(Set<CryptoPrimitive> primitives,
 
   129             String algorithm, AlgorithmParameters parameters) {
 
   150             String algorithm, AlgorithmParameters parameters) {
 
   130 
   151 
   131         boolean permitted = true;
 
   152         boolean permitted = true;
 
   132 
   153 
   133         if (peerAlgConstraints != null) {
 
   154         if (peerSpecifiedConstraints != null) {
 
   134             permitted = peerAlgConstraints.permits(
 
   155             permitted = peerSpecifiedConstraints.permits(
 
   135                                     primitives, algorithm, parameters);
 
   156                                     primitives, algorithm, parameters);
 
   136         }
 
   157         }
 
   137 
   158 
   138         if (permitted && userAlgConstraints != null) {
 
   159         if (permitted && userSpecifiedConstraints != null) {
 
   139             permitted = userAlgConstraints.permits(
 
   160             permitted = userSpecifiedConstraints.permits(
 
   140                                     primitives, algorithm, parameters);
 
   161                                     primitives, algorithm, parameters);
 
   141         }
 
   162         }
 
   142 
   163 
   143         if (permitted) {
 
   164         if (permitted) {
 
   144             permitted = tlsDisabledAlgConstraints.permits(
 
   165             permitted = tlsDisabledAlgConstraints.permits(
 
   156     @Override
 
   177     @Override
 
   157     public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
 
   178     public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
 
   158 
   179 
   159         boolean permitted = true;
 
   180         boolean permitted = true;
 
   160 
   181 
   161         if (peerAlgConstraints != null) {
 
   182         if (peerSpecifiedConstraints != null) {
 
   162             permitted = peerAlgConstraints.permits(primitives, key);
 
   183             permitted = peerSpecifiedConstraints.permits(primitives, key);
 
   163         }
 
   184         }
 
   164 
   185 
   165         if (permitted && userAlgConstraints != null) {
 
   186         if (permitted && userSpecifiedConstraints != null) {
 
   166             permitted = userAlgConstraints.permits(primitives, key);
 
   187             permitted = userSpecifiedConstraints.permits(primitives, key);
 
   167         }
 
   188         }
 
   168 
   189 
   169         if (permitted) {
 
   190         if (permitted) {
 
   170             permitted = tlsDisabledAlgConstraints.permits(primitives, key);
 
   191             permitted = tlsDisabledAlgConstraints.permits(primitives, key);
 
   171         }
 
   192         }
 
   181     public boolean permits(Set<CryptoPrimitive> primitives,
 
   202     public boolean permits(Set<CryptoPrimitive> primitives,
 
   182             String algorithm, Key key, AlgorithmParameters parameters) {
 
   203             String algorithm, Key key, AlgorithmParameters parameters) {
 
   183 
   204 
   184         boolean permitted = true;
 
   205         boolean permitted = true;
 
   185 
   206 
   186         if (peerAlgConstraints != null) {
 
   207         if (peerSpecifiedConstraints != null) {
 
   187             permitted = peerAlgConstraints.permits(
 
   208             permitted = peerSpecifiedConstraints.permits(
 
   188                                     primitives, algorithm, key, parameters);
 
   209                                     primitives, algorithm, key, parameters);
 
   189         }
 
   210         }
 
   190 
   211 
   191         if (permitted && userAlgConstraints != null) {
 
   212         if (permitted && userSpecifiedConstraints != null) {
 
   192             permitted = userAlgConstraints.permits(
 
   213             permitted = userSpecifiedConstraints.permits(
 
   193                                     primitives, algorithm, key, parameters);
 
   214                                     primitives, algorithm, key, parameters);
 
   194         }
 
   215         }
 
   195 
   216 
   196         if (permitted) {
 
   217         if (permitted) {
 
   197             permitted = tlsDisabledAlgConstraints.permits(
 
   218             permitted = tlsDisabledAlgConstraints.permits(
jdk-sandbox