1 /*
   2  * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 
  27 package sun.security.ssl;
  28 
  29 import java.io.*;
  30 import java.util.*;
  31 
  32 import javax.net.ssl.SSLException;
  33 
  34 /**
  35  * A list of CipherSuites. Also maintains the lists of supported and
  36  * default ciphersuites and supports I/O from handshake streams.
  37  *
  38  * Instances of this class are immutable.
  39  *
  40  */
  41 final class CipherSuiteList {
  42 
  43     private final Collection<CipherSuite> cipherSuites;
  44     private String[] suiteNames;
  45 
  46     // flag indicating whether this list contains any ECC ciphersuites.
  47     // null if not yet checked.
  48     private volatile Boolean containsEC;
  49 
  50     // for use by buildAvailableCache() and
  51     // Handshaker.getKickstartMessage() only
  52     CipherSuiteList(Collection<CipherSuite> cipherSuites) {
  53         this.cipherSuites = cipherSuites;
  54     }
  55 
  56     /**
  57      * Create a CipherSuiteList with a single element.
  58      */
  59     CipherSuiteList(CipherSuite suite) {
  60         cipherSuites = new ArrayList<CipherSuite>(1);
  61         cipherSuites.add(suite);
  62     }
  63 
  64     /**
  65      * Construct a CipherSuiteList from a array of names. We don't bother
  66      * to eliminate duplicates.
  67      *
  68      * @exception IllegalArgumentException if the array or any of its elements
  69      * is null or if the ciphersuite name is unrecognized or unsupported
  70      * using currently installed providers.
  71      */
  72     CipherSuiteList(String[] names) {
  73         if (names == null) {
  74             throw new IllegalArgumentException("CipherSuites may not be null");
  75         }
  76         cipherSuites = new ArrayList<CipherSuite>(names.length);
  77         // refresh available cache once if a CipherSuite is not available
  78         // (maybe new JCE providers have been installed)
  79         boolean refreshed = false;
  80         for (int i = 0; i < names.length; i++) {
  81             String suiteName = names[i];
  82             CipherSuite suite = CipherSuite.valueOf(suiteName);
  83             if (suite.isAvailable() == false) {
  84                 if (refreshed == false) {
  85                     // clear the cache so that the isAvailable() call below
  86                     // does a full check
  87                     clearAvailableCache();
  88                     refreshed = true;
  89                 }
  90                 // still missing?
  91                 if (suite.isAvailable() == false) {
  92                     throw new IllegalArgumentException("Cannot support "
  93                         + suiteName + " with currently installed providers");
  94                 }
  95             }
  96             cipherSuites.add(suite);
  97         }
  98     }
  99 
 100     /**
 101      * Read a CipherSuiteList from a HandshakeInStream in V3 ClientHello
 102      * format. Does not check if the listed ciphersuites are known or
 103      * supported.
 104      */
 105     CipherSuiteList(HandshakeInStream in) throws IOException {
 106         byte[] bytes = in.getBytes16();
 107         if ((bytes.length & 1) != 0) {
 108             throw new SSLException("Invalid ClientHello message");
 109         }
 110         cipherSuites = new ArrayList<CipherSuite>(bytes.length >> 1);
 111         for (int i = 0; i < bytes.length; i += 2) {
 112             cipherSuites.add(CipherSuite.valueOf(bytes[i], bytes[i+1]));
 113         }
 114     }
 115 
 116     /**
 117      * Return whether this list contains the given CipherSuite.
 118      */
 119     boolean contains(CipherSuite suite) {
 120         return cipherSuites.contains(suite);
 121     }
 122 
 123     // Return whether this list contains any ECC ciphersuites
 124     boolean containsEC() {
 125         if (containsEC == null) {
 126             for (CipherSuite c : cipherSuites) {
 127                 switch (c.keyExchange) {
 128                 case K_ECDH_ECDSA:
 129                 case K_ECDH_RSA:
 130                 case K_ECDHE_ECDSA:
 131                 case K_ECDHE_RSA:
 132                 case K_ECDH_ANON:
 133                     containsEC = true;
 134                     return true;
 135                 default:
 136                     break;
 137                 }
 138             }
 139             containsEC = false;
 140         }
 141         return containsEC;
 142     }
 143 
 144     /**
 145      * Return an Iterator for the CipherSuites in this list.
 146      */
 147     Iterator<CipherSuite> iterator() {
 148         return cipherSuites.iterator();
 149     }
 150 
 151     /**
 152      * Return a reference to the internal Collection of CipherSuites.
 153      * The Collection MUST NOT be modified.
 154      */
 155     Collection<CipherSuite> collection() {
 156         return cipherSuites;
 157     }
 158 
 159     /**
 160      * Return the number of CipherSuites in this list.
 161      */
 162     int size() {
 163         return cipherSuites.size();
 164     }
 165 
 166     /**
 167      * Return an array with the names of the CipherSuites in this list.
 168      */
 169     synchronized String[] toStringArray() {
 170         if (suiteNames == null) {
 171             suiteNames = new String[cipherSuites.size()];
 172             int i = 0;
 173             for (CipherSuite c : cipherSuites) {
 174                 suiteNames[i++] = c.name;
 175             }
 176         }
 177         return suiteNames.clone();
 178     }
 179 
 180     @Override
 181     public String toString() {
 182         return cipherSuites.toString();
 183     }
 184 
 185     /**
 186      * Write this list to an HandshakeOutStream in V3 ClientHello format.
 187      */
 188     void send(HandshakeOutStream s) throws IOException {
 189         byte[] suiteBytes = new byte[cipherSuites.size() * 2];
 190         int i = 0;
 191         for (CipherSuite c : cipherSuites) {
 192             suiteBytes[i] = (byte)(c.id >> 8);
 193             suiteBytes[i+1] = (byte)c.id;
 194             i += 2;
 195         }
 196         s.putBytes16(suiteBytes);
 197     }
 198 
 199     /**
 200      * Clear cache of available ciphersuites. If we support all ciphers
 201      * internally, there is no need to clear the cache and calling this
 202      * method has no effect.
 203      */
 204     static synchronized void clearAvailableCache() {
 205         if (CipherSuite.DYNAMIC_AVAILABILITY) {
 206             CipherSuite.BulkCipher.clearAvailableCache();
 207             JsseJce.clearEcAvailable();
 208         }
 209     }
 210 }