23 * questions. |
23 * questions. |
24 */ |
24 */ |
25 |
25 |
26 package sun.security.ssl; |
26 package sun.security.ssl; |
27 |
27 |
28 import java.util.*; |
|
29 import java.math.BigInteger; |
28 import java.math.BigInteger; |
30 |
|
31 import java.security.*; |
29 import java.security.*; |
32 import java.security.interfaces.RSAPublicKey; |
30 import java.security.interfaces.RSAPublicKey; |
33 import java.security.spec.*; |
31 import java.security.spec.*; |
34 |
32 import java.util.*; |
35 import javax.crypto.*; |
33 import javax.crypto.*; |
36 |
34 import sun.security.jca.ProviderList; |
37 // explicit import to override the Provider class in this package |
|
38 import java.security.Provider; |
|
39 |
|
40 // need internal Sun classes for FIPS tricks |
|
41 import sun.security.jca.Providers; |
35 import sun.security.jca.Providers; |
42 import sun.security.jca.ProviderList; |
36 import static sun.security.ssl.SunJSSE.cryptoProvider; |
43 |
|
44 import sun.security.util.ECUtil; |
37 import sun.security.util.ECUtil; |
45 |
|
46 import static sun.security.ssl.SunJSSE.cryptoProvider; |
|
47 import static sun.security.util.SecurityConstants.PROVIDER_VER; |
38 import static sun.security.util.SecurityConstants.PROVIDER_VER; |
48 |
39 |
49 /** |
40 /** |
50 * This class contains a few static methods for interaction with the JCA/JCE |
41 * This class contains a few static methods for interaction with the JCA/JCE |
51 * to obtain implementations, etc. |
42 * to obtain implementations, etc. |
52 * |
43 * |
53 * @author Andreas Sterbenz |
44 * @author Andreas Sterbenz |
54 */ |
45 */ |
55 final class JsseJce { |
46 final class JsseJce { |
|
47 static final boolean ALLOW_ECC = |
|
48 Utilities.getBooleanProperty("com.sun.net.ssl.enableECC", true); |
56 |
49 |
57 private static final ProviderList fipsProviderList; |
50 private static final ProviderList fipsProviderList; |
58 |
|
59 // Flag indicating whether Kerberos crypto is available. |
|
60 // If true, then all the Kerberos-based crypto we need is available. |
|
61 private static final boolean kerberosAvailable; |
|
62 static { |
|
63 ClientKeyExchangeService p = |
|
64 ClientKeyExchangeService.find("KRB5"); |
|
65 kerberosAvailable = (p != null); |
|
66 } |
|
67 |
51 |
68 static { |
52 static { |
69 // force FIPS flag initialization |
53 // force FIPS flag initialization |
70 // Because isFIPS() is synchronized and cryptoProvider is not modified |
54 // Because isFIPS() is synchronized and cryptoProvider is not modified |
71 // after it completes, this also eliminates the need for any further |
55 // after it completes, this also eliminates the need for any further |
114 /** |
98 /** |
115 * JCE transformation string for RSA with PKCS#1 v1.5 padding. |
99 * JCE transformation string for RSA with PKCS#1 v1.5 padding. |
116 * Can be used for encryption, decryption, signing, verifying. |
100 * Can be used for encryption, decryption, signing, verifying. |
117 */ |
101 */ |
118 static final String CIPHER_RSA_PKCS1 = "RSA/ECB/PKCS1Padding"; |
102 static final String CIPHER_RSA_PKCS1 = "RSA/ECB/PKCS1Padding"; |
|
103 |
119 /** |
104 /** |
120 * JCE transformation string for the stream cipher RC4. |
105 * JCE transformation string for the stream cipher RC4. |
121 */ |
106 */ |
122 static final String CIPHER_RC4 = "RC4"; |
107 static final String CIPHER_RC4 = "RC4"; |
|
108 |
123 /** |
109 /** |
124 * JCE transformation string for DES in CBC mode without padding. |
110 * JCE transformation string for DES in CBC mode without padding. |
125 */ |
111 */ |
126 static final String CIPHER_DES = "DES/CBC/NoPadding"; |
112 static final String CIPHER_DES = "DES/CBC/NoPadding"; |
|
113 |
127 /** |
114 /** |
128 * JCE transformation string for (3-key) Triple DES in CBC mode |
115 * JCE transformation string for (3-key) Triple DES in CBC mode |
129 * without padding. |
116 * without padding. |
130 */ |
117 */ |
131 static final String CIPHER_3DES = "DESede/CBC/NoPadding"; |
118 static final String CIPHER_3DES = "DESede/CBC/NoPadding"; |
|
119 |
132 /** |
120 /** |
133 * JCE transformation string for AES in CBC mode |
121 * JCE transformation string for AES in CBC mode |
134 * without padding. |
122 * without padding. |
135 */ |
123 */ |
136 static final String CIPHER_AES = "AES/CBC/NoPadding"; |
124 static final String CIPHER_AES = "AES/CBC/NoPadding"; |
|
125 |
137 /** |
126 /** |
138 * JCE transformation string for AES in GCM mode |
127 * JCE transformation string for AES in GCM mode |
139 * without padding. |
128 * without padding. |
140 */ |
129 */ |
141 static final String CIPHER_AES_GCM = "AES/GCM/NoPadding"; |
130 static final String CIPHER_AES_GCM = "AES/GCM/NoPadding"; |
|
131 |
142 /** |
132 /** |
143 * JCA identifier string for DSA, i.e. a DSA with SHA-1. |
133 * JCA identifier string for DSA, i.e. a DSA with SHA-1. |
144 */ |
134 */ |
145 static final String SIGNATURE_DSA = "DSA"; |
135 static final String SIGNATURE_DSA = "DSA"; |
|
136 |
146 /** |
137 /** |
147 * JCA identifier string for ECDSA, i.e. a ECDSA with SHA-1. |
138 * JCA identifier string for ECDSA, i.e. a ECDSA with SHA-1. |
148 */ |
139 */ |
149 static final String SIGNATURE_ECDSA = "SHA1withECDSA"; |
140 static final String SIGNATURE_ECDSA = "SHA1withECDSA"; |
|
141 |
150 /** |
142 /** |
151 * JCA identifier string for Raw DSA, i.e. a DSA signature without |
143 * JCA identifier string for Raw DSA, i.e. a DSA signature without |
152 * hashing where the application provides the SHA-1 hash of the data. |
144 * hashing where the application provides the SHA-1 hash of the data. |
153 * Note that the standard name is "NONEwithDSA" but we use "RawDSA" |
145 * Note that the standard name is "NONEwithDSA" but we use "RawDSA" |
154 * for compatibility. |
146 * for compatibility. |
155 */ |
147 */ |
156 static final String SIGNATURE_RAWDSA = "RawDSA"; |
148 static final String SIGNATURE_RAWDSA = "RawDSA"; |
|
149 |
157 /** |
150 /** |
158 * JCA identifier string for Raw ECDSA, i.e. a DSA signature without |
151 * JCA identifier string for Raw ECDSA, i.e. a DSA signature without |
159 * hashing where the application provides the SHA-1 hash of the data. |
152 * hashing where the application provides the SHA-1 hash of the data. |
160 */ |
153 */ |
161 static final String SIGNATURE_RAWECDSA = "NONEwithECDSA"; |
154 static final String SIGNATURE_RAWECDSA = "NONEwithECDSA"; |
|
155 |
162 /** |
156 /** |
163 * JCA identifier string for Raw RSA, i.e. a RSA PKCS#1 v1.5 signature |
157 * JCA identifier string for Raw RSA, i.e. a RSA PKCS#1 v1.5 signature |
164 * without hashing where the application provides the hash of the data. |
158 * without hashing where the application provides the hash of the data. |
165 * Used for RSA client authentication with a 36 byte hash. |
159 * Used for RSA client authentication with a 36 byte hash. |
166 */ |
160 */ |
167 static final String SIGNATURE_RAWRSA = "NONEwithRSA"; |
161 static final String SIGNATURE_RAWRSA = "NONEwithRSA"; |
|
162 |
168 /** |
163 /** |
169 * JCA identifier string for the SSL/TLS style RSA Signature. I.e. |
164 * JCA identifier string for the SSL/TLS style RSA Signature. I.e. |
170 * an signature using RSA with PKCS#1 v1.5 padding signing a |
165 * an signature using RSA with PKCS#1 v1.5 padding signing a |
171 * concatenation of an MD5 and SHA-1 digest. |
166 * concatenation of an MD5 and SHA-1 digest. |
172 */ |
167 */ |