1 /*
2 * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * A tagging interface that all TLS communication parameters must implement.
26 */
27 public interface Parameter { }
28
29 /* The followings are TLS communication parameters. */
30
31 enum Protocol implements Parameter {
32
33 SSLV3_0(3, "SSLv3"),
34 TLSV1_0(4, "TLSv1"),
35 TLSV1_1(5, "TLSv1.1"),
36 TLSV1_2(6, "TLSv1.2");
37
38 public final int sequence;
39 public final String version;
40
41 private Protocol(int sequence, String version) {
42 this.sequence = sequence;
43 this.version = version;
44 }
45
46 static Protocol getProtocol(String version) {
47 for (Protocol protocol : values()) {
48 if (protocol.version.equals(version)) {
49 return protocol;
50 }
51 }
52
53 return null;
54 }
55
56 static Protocol[] getMandatoryValues() {
57 return new Protocol[] { TLSV1_0, TLSV1_1, TLSV1_2 };
58 }
59 }
60
61 enum CipherSuite implements Parameter {
62
63 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
64 Protocol.TLSV1_2, JdkRelease.JDK7),
65 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
66 Protocol.TLSV1_2, JdkRelease.JDK7),
67 TLS_RSA_WITH_AES_256_CBC_SHA256(
68 Protocol.TLSV1_2, JdkRelease.JDK7),
69 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
70 Protocol.TLSV1_2, JdkRelease.JDK7),
71 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
72 Protocol.TLSV1_2, JdkRelease.JDK7),
73 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
74 Protocol.TLSV1_2, JdkRelease.JDK7),
75 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
76 Protocol.TLSV1_2, JdkRelease.JDK7),
77 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(),
78 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(),
79 TLS_RSA_WITH_AES_256_CBC_SHA(),
80 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(),
81 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(),
82 TLS_DHE_RSA_WITH_AES_256_CBC_SHA(),
83 TLS_DHE_DSS_WITH_AES_256_CBC_SHA(),
84 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
85 Protocol.TLSV1_2, JdkRelease.JDK7),
86 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
87 Protocol.TLSV1_2, JdkRelease.JDK7),
88 TLS_RSA_WITH_AES_128_CBC_SHA256(
89 Protocol.TLSV1_2, JdkRelease.JDK7),
90 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
91 Protocol.TLSV1_2, JdkRelease.JDK7),
92 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
93 Protocol.TLSV1_2, JdkRelease.JDK7),
94 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
95 Protocol.TLSV1_2, JdkRelease.JDK7),
96 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
97 Protocol.TLSV1_2, JdkRelease.JDK7),
98 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(),
99 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(),
100 TLS_RSA_WITH_AES_128_CBC_SHA(),
101 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(),
102 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
103 Protocol.SSLV3_0, JdkRelease.JDK7),
104 TLS_DHE_RSA_WITH_AES_128_CBC_SHA(),
105 TLS_DHE_DSS_WITH_AES_128_CBC_SHA(),
106 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
107 Protocol.TLSV1_2, JdkRelease.JDK8),
108 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
109 Protocol.TLSV1_2, JdkRelease.JDK8),
110 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
111 Protocol.TLSV1_2, JdkRelease.JDK8),
112 TLS_RSA_WITH_AES_256_GCM_SHA384(
113 Protocol.TLSV1_2, JdkRelease.JDK8),
114 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
115 Protocol.TLSV1_2, JdkRelease.JDK8),
116 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
117 Protocol.TLSV1_2, JdkRelease.JDK8),
118 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
119 Protocol.TLSV1_2, JdkRelease.JDK8),
120 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
121 Protocol.TLSV1_2, JdkRelease.JDK8),
122 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
123 Protocol.TLSV1_2, JdkRelease.JDK8),
124 TLS_RSA_WITH_AES_128_GCM_SHA256(
125 Protocol.TLSV1_2, JdkRelease.JDK8),
126 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
127 Protocol.TLSV1_2, JdkRelease.JDK8),
128 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
129 Protocol.TLSV1_2, JdkRelease.JDK8),
130 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
131 Protocol.TLSV1_2, JdkRelease.JDK8),
132 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
133 Protocol.TLSV1_2, JdkRelease.JDK8),
134 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(),
135 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(),
136 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(),
137 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(),
138 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(),
139 TLS_ECDHE_RSA_WITH_RC4_128_SHA(),
140 TLS_ECDH_ECDSA_WITH_RC4_128_SHA(),
141 TLS_ECDH_RSA_WITH_RC4_128_SHA(),
142 SSL_RSA_WITH_RC4_128_SHA(),
143 SSL_RSA_WITH_3DES_EDE_CBC_SHA(),
144 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
145 Protocol.SSLV3_0, JdkRelease.JDK7),
146 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
147 Protocol.SSLV3_0, JdkRelease.JDK7),
148 SSL_RSA_WITH_RC4_128_MD5(
149 Protocol.SSLV3_0, JdkRelease.JDK7);
150
151 private static final boolean FULL_CIPHER_SUITES
152 = Utils.getBoolProperty("fullCipherSuites");
153
154 final Protocol startProtocol;
155 final Protocol endProtocol;
156
157 final JdkRelease startJdk;
158 final JdkRelease endJdk;
159
160 private CipherSuite(
161 Protocol startProtocol, Protocol endProtocol,
162 JdkRelease startJdk, JdkRelease endJdk) {
163 this.startProtocol = startProtocol;
164 this.endProtocol = endProtocol;
165
166 this.startJdk = startJdk;
167 this.endJdk = endJdk;
168 }
169
170 private CipherSuite(Protocol startProtocol, JdkRelease startJdk) {
171 this(startProtocol, null, startJdk, null);
172 }
173
174 private CipherSuite() {
175 this(Protocol.TLSV1_0, null, JdkRelease.JDK7, null);
176 }
177
178 boolean supportedByProtocol(Protocol protocol) {
179 return startProtocol.sequence <= protocol.sequence
180 && (endProtocol == null || endProtocol.sequence >= protocol.sequence);
181 }
182
183 static CipherSuite[] getMandatoryValues() {
184 return FULL_CIPHER_SUITES
185 ? values()
186 : new CipherSuite[] {
187 TLS_RSA_WITH_AES_128_CBC_SHA,
188 TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
189 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
190 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
191 TLS_RSA_WITH_AES_256_CBC_SHA256,
192 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
193 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
194 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 };
195 }
196
197 static CipherSuite getCipherSuite(String name) {
198 for (CipherSuite cipherSuite : values()) {
199 if (cipherSuite.name().equals(name)) {
200 return cipherSuite;
201 }
202 }
203
204 return null;
205 }
206 }
207
208 enum ClientAuth implements Parameter {
209
210 FALSE,
211 TRUE;
212
213 static ClientAuth[] getMandatoryValues() {
214 return new ClientAuth[] { TRUE };
215 }
216 }
217
218 enum ServerName implements Parameter {
219
220 NONE(null),
221 EXAMPLE("www.example.com");
222
223 final String name;
224
225 private ServerName(String name) {
226 this.name = name;
227 }
228
229 static ServerName[] getMandatoryValues() {
230 return new ServerName[] { EXAMPLE };
231 }
232 }
233
234 enum AppProtocol implements Parameter {
235
236 NONE(null, null),
237 EXAMPLE(new String[] { Utils.HTTP_2, Utils.HTTP_1_1 }, Utils.HTTP_2);
238
239 final String[] appProtocols;
240
241 // Expected negotiated application protocol
242 final String negoAppProtocol;
243
244 private AppProtocol(String[] appProtocols, String negoAppProtocol) {
245 this.appProtocols = appProtocols;
246 this.negoAppProtocol = negoAppProtocol;
247 }
248
249 static AppProtocol[] getMandatoryValues() {
250 return new AppProtocol[] { EXAMPLE };
251 }
252 }