1 /* 2 * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * A tagging interface that all TLS communication parameters must implement. 26 */ 27 public interface Parameter { } 28 29 /* The followings are TLS communication parameters. */ 30 31 enum Protocol implements Parameter { 32 33 SSLV3_0(3, "SSLv3"), 34 TLSV1_0(4, "TLSv1"), 35 TLSV1_1(5, "TLSv1.1"), 36 TLSV1_2(6, "TLSv1.2"); 37 38 public final int sequence; 39 public final String version; 40 41 private Protocol(int sequence, String version) { 42 this.sequence = sequence; 43 this.version = version; 44 } 45 46 static Protocol getProtocol(String version) { 47 for (Protocol protocol : values()) { 48 if (protocol.version.equals(version)) { 49 return protocol; 50 } 51 } 52 53 return null; 54 } 55 56 static Protocol[] getMandatoryValues() { 57 return new Protocol[] { TLSV1_0, TLSV1_1, TLSV1_2 }; 58 } 59 } 60 61 enum CipherSuite implements Parameter { 62 63 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384( 64 Protocol.TLSV1_2, JdkRelease.JDK7), 65 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384( 66 Protocol.TLSV1_2, JdkRelease.JDK7), 67 TLS_RSA_WITH_AES_256_CBC_SHA256( 68 Protocol.TLSV1_2, JdkRelease.JDK7), 69 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384( 70 Protocol.TLSV1_2, JdkRelease.JDK7), 71 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384( 72 Protocol.TLSV1_2, JdkRelease.JDK7), 73 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256( 74 Protocol.TLSV1_2, JdkRelease.JDK7), 75 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256( 76 Protocol.TLSV1_2, JdkRelease.JDK7), 77 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(), 78 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(), 79 TLS_RSA_WITH_AES_256_CBC_SHA(), 80 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(), 81 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(), 82 TLS_DHE_RSA_WITH_AES_256_CBC_SHA(), 83 TLS_DHE_DSS_WITH_AES_256_CBC_SHA(), 84 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256( 85 Protocol.TLSV1_2, JdkRelease.JDK7), 86 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256( 87 Protocol.TLSV1_2, JdkRelease.JDK7), 88 TLS_RSA_WITH_AES_128_CBC_SHA256( 89 Protocol.TLSV1_2, JdkRelease.JDK7), 90 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256( 91 Protocol.TLSV1_2, JdkRelease.JDK7), 92 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256( 93 Protocol.TLSV1_2, JdkRelease.JDK7), 94 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256( 95 Protocol.TLSV1_2, JdkRelease.JDK7), 96 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256( 97 Protocol.TLSV1_2, JdkRelease.JDK7), 98 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(), 99 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(), 100 TLS_RSA_WITH_AES_128_CBC_SHA(), 101 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(), 102 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA( 103 Protocol.SSLV3_0, JdkRelease.JDK7), 104 TLS_DHE_RSA_WITH_AES_128_CBC_SHA(), 105 TLS_DHE_DSS_WITH_AES_128_CBC_SHA(), 106 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384( 107 Protocol.TLSV1_2, JdkRelease.JDK8), 108 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256( 109 Protocol.TLSV1_2, JdkRelease.JDK8), 110 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384( 111 Protocol.TLSV1_2, JdkRelease.JDK8), 112 TLS_RSA_WITH_AES_256_GCM_SHA384( 113 Protocol.TLSV1_2, JdkRelease.JDK8), 114 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384( 115 Protocol.TLSV1_2, JdkRelease.JDK8), 116 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384( 117 Protocol.TLSV1_2, JdkRelease.JDK8), 118 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384( 119 Protocol.TLSV1_2, JdkRelease.JDK8), 120 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384( 121 Protocol.TLSV1_2, JdkRelease.JDK8), 122 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256( 123 Protocol.TLSV1_2, JdkRelease.JDK8), 124 TLS_RSA_WITH_AES_128_GCM_SHA256( 125 Protocol.TLSV1_2, JdkRelease.JDK8), 126 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256( 127 Protocol.TLSV1_2, JdkRelease.JDK8), 128 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256( 129 Protocol.TLSV1_2, JdkRelease.JDK8), 130 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256( 131 Protocol.TLSV1_2, JdkRelease.JDK8), 132 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256( 133 Protocol.TLSV1_2, JdkRelease.JDK8), 134 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(), 135 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(), 136 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(), 137 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(), 138 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(), 139 TLS_ECDHE_RSA_WITH_RC4_128_SHA(), 140 TLS_ECDH_ECDSA_WITH_RC4_128_SHA(), 141 TLS_ECDH_RSA_WITH_RC4_128_SHA(), 142 SSL_RSA_WITH_RC4_128_SHA(), 143 SSL_RSA_WITH_3DES_EDE_CBC_SHA(), 144 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA( 145 Protocol.SSLV3_0, JdkRelease.JDK7), 146 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA( 147 Protocol.SSLV3_0, JdkRelease.JDK7), 148 SSL_RSA_WITH_RC4_128_MD5( 149 Protocol.SSLV3_0, JdkRelease.JDK7); 150 151 private static final boolean FULL_CIPHER_SUITES 152 = Utils.getBoolProperty("fullCipherSuites"); 153 154 final Protocol startProtocol; 155 final Protocol endProtocol; 156 157 final JdkRelease startJdk; 158 final JdkRelease endJdk; 159 160 private CipherSuite( 161 Protocol startProtocol, Protocol endProtocol, 162 JdkRelease startJdk, JdkRelease endJdk) { 163 this.startProtocol = startProtocol; 164 this.endProtocol = endProtocol; 165 166 this.startJdk = startJdk; 167 this.endJdk = endJdk; 168 } 169 170 private CipherSuite(Protocol startProtocol, JdkRelease startJdk) { 171 this(startProtocol, null, startJdk, null); 172 } 173 174 private CipherSuite() { 175 this(Protocol.TLSV1_0, null, JdkRelease.JDK7, null); 176 } 177 178 boolean supportedByProtocol(Protocol protocol) { 179 return startProtocol.sequence <= protocol.sequence 180 && (endProtocol == null || endProtocol.sequence >= protocol.sequence); 181 } 182 183 static CipherSuite[] getMandatoryValues() { 184 return FULL_CIPHER_SUITES 185 ? values() 186 : new CipherSuite[] { 187 TLS_RSA_WITH_AES_128_CBC_SHA, 188 TLS_DHE_DSS_WITH_AES_128_CBC_SHA, 189 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 190 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 191 TLS_RSA_WITH_AES_256_CBC_SHA256, 192 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, 193 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 194 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 }; 195 } 196 197 static CipherSuite getCipherSuite(String name) { 198 for (CipherSuite cipherSuite : values()) { 199 if (cipherSuite.name().equals(name)) { 200 return cipherSuite; 201 } 202 } 203 204 return null; 205 } 206 } 207 208 enum ClientAuth implements Parameter { 209 210 FALSE, 211 TRUE; 212 213 static ClientAuth[] getMandatoryValues() { 214 return new ClientAuth[] { TRUE }; 215 } 216 } 217 218 enum ServerName implements Parameter { 219 220 NONE(null), 221 EXAMPLE("www.example.com"); 222 223 final String name; 224 225 private ServerName(String name) { 226 this.name = name; 227 } 228 229 static ServerName[] getMandatoryValues() { 230 return new ServerName[] { EXAMPLE }; 231 } 232 } 233 234 enum AppProtocol implements Parameter { 235 236 NONE(null, null), 237 EXAMPLE(new String[] { Utils.HTTP_2, Utils.HTTP_1_1 }, Utils.HTTP_2); 238 239 final String[] appProtocols; 240 241 // Expected negotiated application protocol 242 final String negoAppProtocol; 243 244 private AppProtocol(String[] appProtocols, String negoAppProtocol) { 245 this.appProtocols = appProtocols; 246 this.negoAppProtocol = negoAppProtocol; 247 } 248 249 static AppProtocol[] getMandatoryValues() { 250 return new AppProtocol[] { EXAMPLE }; 251 } 252 }