1 /*
   2  * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.util;
  27 
  28 import java.security.AccessController;
  29 import java.security.PrivilegedAction;
  30 import java.security.Security;
  31 import java.util.Map;
  32 import java.util.Set;
  33 
  34 /**
  35  * The class contains common functionality for algorithm constraints classes.
  36  */
  37 public abstract class AbstractAlgorithmConstraints
  38         implements AlgorithmConstraints {
  39 
  40     protected final AlgorithmDecomposer decomposer;
  41 
  42     protected AbstractAlgorithmConstraints(AlgorithmDecomposer decomposer) {
  43         this.decomposer = decomposer;
  44     }
  45 
  46     // Get algorithm constraints from the specified security property.
  47     private static void loadAlgorithmsMap(Map<String, String[]> algorithmsMap,
  48             final String propertyName) {
  49         String property = AccessController.doPrivileged(
  50             new PrivilegedAction<String>() {
  51                 public String run() {
  52                     return Security.getProperty(propertyName);
  53                 }
  54             });
  55         String[] algorithmsInProperty = null;
  56         if (property != null && !property.isEmpty()) {
  57             // remove double quote marks from beginning/end of the property
  58             if (property.length() >= 2 && property.charAt(0) == '"' &&
  59                     property.charAt(property.length() - 1) == '"') {
  60                 property = property.substring(1, property.length() - 1);
  61             }
  62             algorithmsInProperty = property.split(",");
  63             for (int i = 0; i < algorithmsInProperty.length; i++) {
  64                 algorithmsInProperty[i] = algorithmsInProperty[i].trim();
  65             }
  66         }
  67 
  68         // map the disabled algorithms
  69         if (algorithmsInProperty == null) {
  70             algorithmsInProperty = new String[0];
  71         }
  72         algorithmsMap.put(propertyName, algorithmsInProperty);
  73     }
  74 
  75     static String[] getAlgorithms(Map<String, String[]> algorithmsMap,
  76             String propertyName) {
  77         synchronized (algorithmsMap) {
  78             if (!algorithmsMap.containsKey(propertyName)) {
  79                 loadAlgorithmsMap(algorithmsMap, propertyName);
  80             }
  81 
  82             return algorithmsMap.get(propertyName);
  83         }
  84     }
  85 
  86     static boolean checkAlgorithm(String[] algorithms, String algorithm,
  87             AlgorithmDecomposer decomposer) {
  88         if (algorithm == null || algorithm.length() == 0) {
  89             throw new IllegalArgumentException("No algorithm name specified");
  90         }
  91 
  92         Set<String> elements = null;
  93         for (String item : algorithms) {
  94             if (item == null || item.isEmpty()) {
  95                 continue;
  96             }
  97 
  98             // check the full name
  99             if (item.equalsIgnoreCase(algorithm)) {
 100                 return false;
 101             }
 102 
 103             // decompose the algorithm into sub-elements
 104             if (elements == null) {
 105                 elements = decomposer.decompose(algorithm);
 106             }
 107 
 108             // check the items of the algorithm
 109             for (String element : elements) {
 110                 if (item.equalsIgnoreCase(element)) {
 111                     return false;
 112                 }
 113             }
 114         }
 115 
 116         return true;
 117     }
 118 
 119 }