1 /* 2 * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 27 package sun.security.ssl; 28 29 import java.io.*; 30 import java.util.*; 31 32 import javax.net.ssl.SSLException; 33 34 /** 35 * A list of CipherSuites. Also maintains the lists of supported and 36 * default ciphersuites and supports I/O from handshake streams. 37 * 38 * Instances of this class are immutable. 39 * 40 */ 41 final class CipherSuiteList { 42 43 // lists of supported and default enabled ciphersuites 44 // created on demand 45 private static CipherSuiteList supportedSuites, defaultSuites; 46 47 private final Collection<CipherSuite> cipherSuites; 48 private String[] suiteNames; 49 50 // flag indicating whether this list contains any ECC ciphersuites. 51 // null if not yet checked. 52 private volatile Boolean containsEC; 53 54 // for use by buildAvailableCache() and 55 // Handshaker.getKickstartMessage() only 56 CipherSuiteList(Collection<CipherSuite> cipherSuites) { 57 this.cipherSuites = cipherSuites; 58 } 59 60 /** 61 * Create a CipherSuiteList with a single element. 62 */ 63 CipherSuiteList(CipherSuite suite) { 64 cipherSuites = new ArrayList<CipherSuite>(1); 65 cipherSuites.add(suite); 66 } 67 68 /** 69 * Construct a CipherSuiteList from a array of names. We don't bother 70 * to eliminate duplicates. 71 * 72 * @exception IllegalArgumentException if the array or any of its elements 73 * is null or if the ciphersuite name is unrecognized or unsupported 74 * using currently installed providers. 75 */ 76 CipherSuiteList(String[] names) { 77 if (names == null) { 78 throw new IllegalArgumentException("CipherSuites may not be null"); 79 } 80 cipherSuites = new ArrayList<CipherSuite>(names.length); 81 // refresh available cache once if a CipherSuite is not available 82 // (maybe new JCE providers have been installed) 83 boolean refreshed = false; 84 for (int i = 0; i < names.length; i++) { 85 String suiteName = names[i]; 86 CipherSuite suite = CipherSuite.valueOf(suiteName); 87 if (suite.isAvailable() == false) { 88 if (refreshed == false) { 89 // clear the cache so that the isAvailable() call below 90 // does a full check 91 clearAvailableCache(); 92 refreshed = true; 93 } 94 // still missing? 95 if (suite.isAvailable() == false) { 96 throw new IllegalArgumentException("Cannot support " 97 + suiteName + " with currently installed providers"); 98 } 99 } 100 cipherSuites.add(suite); 101 } 102 } 103 104 /** 105 * Read a CipherSuiteList from a HandshakeInStream in V3 ClientHello 106 * format. Does not check if the listed ciphersuites are known or 107 * supported. 108 */ 109 CipherSuiteList(HandshakeInStream in) throws IOException { 110 byte[] bytes = in.getBytes16(); 111 if ((bytes.length & 1) != 0) { 112 throw new SSLException("Invalid ClientHello message"); 113 } 114 cipherSuites = new ArrayList<CipherSuite>(bytes.length >> 1); 115 for (int i = 0; i < bytes.length; i += 2) { 116 cipherSuites.add(CipherSuite.valueOf(bytes[i], bytes[i+1])); 117 } 118 } 119 120 /** 121 * Return whether this list contains the given CipherSuite. 122 */ 123 boolean contains(CipherSuite suite) { 124 return cipherSuites.contains(suite); 125 } 126 127 // Return whether this list contains any ECC ciphersuites 128 boolean containsEC() { 129 if (containsEC == null) { 130 for (CipherSuite c : cipherSuites) { 131 switch (c.keyExchange) { 132 case K_ECDH_ECDSA: 133 case K_ECDH_RSA: 134 case K_ECDHE_ECDSA: 135 case K_ECDHE_RSA: 136 case K_ECDH_ANON: 137 containsEC = true; 138 return true; 139 default: 140 break; 141 } 142 } 143 containsEC = false; 144 } 145 return containsEC; 146 } 147 148 /** 149 * Return an Iterator for the CipherSuites in this list. 150 */ 151 Iterator<CipherSuite> iterator() { 152 return cipherSuites.iterator(); 153 } 154 155 /** 156 * Return a reference to the internal Collection of CipherSuites. 157 * The Collection MUST NOT be modified. 158 */ 159 Collection<CipherSuite> collection() { 160 return cipherSuites; 161 } 162 163 /** 164 * Return the number of CipherSuites in this list. 165 */ 166 int size() { 167 return cipherSuites.size(); 168 } 169 170 /** 171 * Return an array with the names of the CipherSuites in this list. 172 */ 173 synchronized String[] toStringArray() { 174 if (suiteNames == null) { 175 suiteNames = new String[cipherSuites.size()]; 176 int i = 0; 177 for (CipherSuite c : cipherSuites) { 178 suiteNames[i++] = c.name; 179 } 180 } 181 return suiteNames.clone(); 182 } 183 184 public String toString() { 185 return cipherSuites.toString(); 186 } 187 188 /** 189 * Write this list to an HandshakeOutStream in V3 ClientHello format. 190 */ 191 void send(HandshakeOutStream s) throws IOException { 192 byte[] suiteBytes = new byte[cipherSuites.size() * 2]; 193 int i = 0; 194 for (CipherSuite c : cipherSuites) { 195 suiteBytes[i] = (byte)(c.id >> 8); 196 suiteBytes[i+1] = (byte)c.id; 197 i += 2; 198 } 199 s.putBytes16(suiteBytes); 200 } 201 202 /** 203 * Clear cache of available ciphersuites. If we support all ciphers 204 * internally, there is no need to clear the cache and calling this 205 * method has no effect. 206 */ 207 static synchronized void clearAvailableCache() { 208 if (CipherSuite.DYNAMIC_AVAILABILITY) { 209 supportedSuites = null; 210 defaultSuites = null; 211 CipherSuite.BulkCipher.clearAvailableCache(); 212 JsseJce.clearEcAvailable(); 213 } 214 } 215 216 /** 217 * Return the list of all available CipherSuites with a priority of 218 * minPriority or above. 219 * Should be called with the Class lock held. 220 */ 221 private static CipherSuiteList buildAvailableCache(int minPriority) { 222 // SortedSet automatically arranges ciphersuites in default 223 // preference order 224 Set<CipherSuite> cipherSuites = new TreeSet<>(); 225 Collection<CipherSuite> allowedCipherSuites = 226 CipherSuite.allowedCipherSuites(); 227 for (CipherSuite c : allowedCipherSuites) { 228 if ((c.allowed == false) || (c.priority < minPriority)) { 229 continue; 230 } 231 232 if (c.isAvailable()) { 233 cipherSuites.add(c); 234 } 235 } 236 237 return new CipherSuiteList(cipherSuites); 238 } 239 240 /** 241 * Return supported CipherSuites in preference order. 242 */ 243 static synchronized CipherSuiteList getSupported() { 244 if (supportedSuites == null) { 245 supportedSuites = 246 buildAvailableCache(CipherSuite.SUPPORTED_SUITES_PRIORITY); 247 } 248 return supportedSuites; 249 } 250 251 /** 252 * Return default enabled CipherSuites in preference order. 253 */ 254 static synchronized CipherSuiteList getDefault() { 255 if (defaultSuites == null) { 256 defaultSuites = 257 buildAvailableCache(CipherSuite.DEFAULT_SUITES_PRIORITY); 258 } 259 return defaultSuites; 260 } 261 262 }