1 /* 2 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.util; 27 28 import java.security.AccessController; 29 import java.security.AlgorithmConstraints; 30 import java.security.PrivilegedAction; 31 import java.security.Security; 32 import java.util.Map; 33 import java.util.Set; 34 35 /** 36 * The class contains common functionality for algorithm constraints classes. 37 */ 38 public abstract class AbstractAlgorithmConstraints 39 implements AlgorithmConstraints { 40 41 protected final AlgorithmDecomposer decomposer; 42 43 protected AbstractAlgorithmConstraints(AlgorithmDecomposer decomposer) { 44 this.decomposer = decomposer; 45 } 46 47 // Get algorithm constraints from the specified security property. 48 private static void loadAlgorithmsMap(Map<String, String[]> algorithmsMap, 49 String propertyName) { 50 String property = AccessController.doPrivileged( 51 (PrivilegedAction<String>) () -> Security.getProperty( 52 propertyName)); 53 54 String[] algorithmsInProperty = null; 55 if (property != null && !property.isEmpty()) { 56 // remove double quote marks from beginning/end of the property 57 if (property.length() >= 2 && property.charAt(0) == '"' && 58 property.charAt(property.length() - 1) == '"') { 59 property = property.substring(1, property.length() - 1); 60 } 61 algorithmsInProperty = property.split(","); 62 for (int i = 0; i < algorithmsInProperty.length; i++) { 63 algorithmsInProperty[i] = algorithmsInProperty[i].trim(); 64 } 65 } 66 67 // map the disabled algorithms 68 if (algorithmsInProperty == null) { 69 algorithmsInProperty = new String[0]; 70 } 71 algorithmsMap.put(propertyName, algorithmsInProperty); 72 } 73 74 static String[] getAlgorithms(Map<String, String[]> algorithmsMap, 75 String propertyName) { 76 synchronized (algorithmsMap) { 77 if (!algorithmsMap.containsKey(propertyName)) { 78 loadAlgorithmsMap(algorithmsMap, propertyName); 79 } 80 81 return algorithmsMap.get(propertyName); 82 } 83 } 84 85 static boolean checkAlgorithm(String[] algorithms, String algorithm, 86 AlgorithmDecomposer decomposer) { 87 if (algorithm == null || algorithm.length() == 0) { 88 throw new IllegalArgumentException("No algorithm name specified"); 89 } 90 91 Set<String> elements = null; 92 for (String item : algorithms) { 93 if (item == null || item.isEmpty()) { 94 continue; 95 } 96 97 // check the full name 98 if (item.equalsIgnoreCase(algorithm)) { 99 return false; 100 } 101 102 // decompose the algorithm into sub-elements | 1 /* 2 * Copyright (c) 2015, 2016 Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.util; 27 28 import java.security.AccessController; 29 import java.security.AlgorithmConstraints; 30 import java.security.PrivilegedAction; 31 import java.security.Security; 32 import java.util.Set; 33 34 /** 35 * The class contains common functionality for algorithm constraints classes. 36 */ 37 public abstract class AbstractAlgorithmConstraints 38 implements AlgorithmConstraints { 39 40 protected final AlgorithmDecomposer decomposer; 41 42 protected AbstractAlgorithmConstraints(AlgorithmDecomposer decomposer) { 43 this.decomposer = decomposer; 44 } 45 46 // Get algorithm constraints from the specified security property. 47 static String[] getAlgorithms(String propertyName) { 48 String property = AccessController.doPrivileged( 49 (PrivilegedAction<String>) () -> Security.getProperty( 50 propertyName)); 51 52 String[] algorithmsInProperty = null; 53 if (property != null && !property.isEmpty()) { 54 // remove double quote marks from beginning/end of the property 55 if (property.length() >= 2 && property.charAt(0) == '"' && 56 property.charAt(property.length() - 1) == '"') { 57 property = property.substring(1, property.length() - 1); 58 } 59 algorithmsInProperty = property.split(","); 60 for (int i = 0; i < algorithmsInProperty.length; i++) { 61 algorithmsInProperty[i] = algorithmsInProperty[i].trim(); 62 } 63 } 64 65 // map the disabled algorithms 66 if (algorithmsInProperty == null) { 67 algorithmsInProperty = new String[0]; 68 } 69 return algorithmsInProperty; 70 } 71 72 static boolean checkAlgorithm(String[] algorithms, String algorithm, 73 AlgorithmDecomposer decomposer) { 74 if (algorithm == null || algorithm.length() == 0) { 75 throw new IllegalArgumentException("No algorithm name specified"); 76 } 77 78 Set<String> elements = null; 79 for (String item : algorithms) { 80 if (item == null || item.isEmpty()) { 81 continue; 82 } 83 84 // check the full name 85 if (item.equalsIgnoreCase(algorithm)) { 86 return false; 87 } 88 89 // decompose the algorithm into sub-elements |