1 /*
2 * Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26
27 package sun.security.ssl;
28
29 import java.io.*;
30 import java.util.*;
31
32 import javax.net.ssl.SSLException;
33
34 /**
35 * A list of CipherSuites. Also maintains the lists of supported and
36 * default ciphersuites and supports I/O from handshake streams.
37 *
38 * Instances of this class are immutable.
39 *
40 */
41 final class CipherSuiteList {
42
43 // lists of supported and default enabled ciphersuites
44 // created on demand
45 private static CipherSuiteList supportedSuites, defaultSuites;
46
47 private final Collection<CipherSuite> cipherSuites;
48 private String[] suiteNames;
49
50 // flag indicating whether this list contains any ECC ciphersuites.
51 // null if not yet checked.
52 private volatile Boolean containsEC;
53
54 // for use by buildAvailableCache() and
55 // Handshaker.getKickstartMessage() only
56 CipherSuiteList(Collection<CipherSuite> cipherSuites) {
57 this.cipherSuites = cipherSuites;
58 }
59
60 /**
61 * Create a CipherSuiteList with a single element.
62 */
63 CipherSuiteList(CipherSuite suite) {
64 cipherSuites = new ArrayList<CipherSuite>(1);
65 cipherSuites.add(suite);
66 }
67
68 /**
69 * Construct a CipherSuiteList from a array of names. We don't bother
70 * to eliminate duplicates.
71 *
72 * @exception IllegalArgumentException if the array or any of its elements
73 * is null or if the ciphersuite name is unrecognized or unsupported
74 * using currently installed providers.
75 */
76 CipherSuiteList(String[] names) {
77 if (names == null) {
78 throw new IllegalArgumentException("CipherSuites may not be null");
79 }
80 cipherSuites = new ArrayList<CipherSuite>(names.length);
81 // refresh available cache once if a CipherSuite is not available
82 // (maybe new JCE providers have been installed)
83 boolean refreshed = false;
84 for (int i = 0; i < names.length; i++) {
85 String suiteName = names[i];
86 CipherSuite suite = CipherSuite.valueOf(suiteName);
87 if (suite.isAvailable() == false) {
88 if (refreshed == false) {
89 // clear the cache so that the isAvailable() call below
90 // does a full check
91 clearAvailableCache();
92 refreshed = true;
93 }
94 // still missing?
95 if (suite.isAvailable() == false) {
96 throw new IllegalArgumentException("Cannot support "
97 + suiteName + " with currently installed providers");
98 }
99 }
100 cipherSuites.add(suite);
101 }
102 }
103
104 /**
105 * Read a CipherSuiteList from a HandshakeInStream in V3 ClientHello
106 * format. Does not check if the listed ciphersuites are known or
107 * supported.
108 */
109 CipherSuiteList(HandshakeInStream in) throws IOException {
110 byte[] bytes = in.getBytes16();
111 if ((bytes.length & 1) != 0) {
112 throw new SSLException("Invalid ClientHello message");
113 }
114 cipherSuites = new ArrayList<CipherSuite>(bytes.length >> 1);
115 for (int i = 0; i < bytes.length; i += 2) {
116 cipherSuites.add(CipherSuite.valueOf(bytes[i], bytes[i+1]));
117 }
118 }
119
120 /**
121 * Return whether this list contains the given CipherSuite.
122 */
123 boolean contains(CipherSuite suite) {
124 return cipherSuites.contains(suite);
125 }
126
127 // Return whether this list contains any ECC ciphersuites
128 boolean containsEC() {
129 if (containsEC == null) {
130 for (CipherSuite c : cipherSuites) {
131 switch (c.keyExchange) {
132 case K_ECDH_ECDSA:
133 case K_ECDH_RSA:
134 case K_ECDHE_ECDSA:
135 case K_ECDHE_RSA:
136 case K_ECDH_ANON:
137 containsEC = true;
138 return true;
139 default:
140 break;
141 }
142 }
143 containsEC = false;
144 }
145 return containsEC;
146 }
147
148 /**
149 * Return an Iterator for the CipherSuites in this list.
150 */
151 Iterator<CipherSuite> iterator() {
152 return cipherSuites.iterator();
153 }
154
155 /**
156 * Return a reference to the internal Collection of CipherSuites.
157 * The Collection MUST NOT be modified.
158 */
159 Collection<CipherSuite> collection() {
160 return cipherSuites;
161 }
162
163 /**
164 * Return the number of CipherSuites in this list.
165 */
166 int size() {
167 return cipherSuites.size();
168 }
169
170 /**
171 * Return an array with the names of the CipherSuites in this list.
172 */
173 synchronized String[] toStringArray() {
174 if (suiteNames == null) {
175 suiteNames = new String[cipherSuites.size()];
176 int i = 0;
177 for (CipherSuite c : cipherSuites) {
178 suiteNames[i++] = c.name;
179 }
180 }
181 return suiteNames.clone();
182 }
183
184 public String toString() {
185 return cipherSuites.toString();
186 }
187
188 /**
189 * Write this list to an HandshakeOutStream in V3 ClientHello format.
190 */
191 void send(HandshakeOutStream s) throws IOException {
192 byte[] suiteBytes = new byte[cipherSuites.size() * 2];
193 int i = 0;
194 for (CipherSuite c : cipherSuites) {
195 suiteBytes[i] = (byte)(c.id >> 8);
196 suiteBytes[i+1] = (byte)c.id;
197 i += 2;
198 }
199 s.putBytes16(suiteBytes);
200 }
201
202 /**
203 * Clear cache of available ciphersuites. If we support all ciphers
204 * internally, there is no need to clear the cache and calling this
205 * method has no effect.
206 */
207 static synchronized void clearAvailableCache() {
208 if (CipherSuite.DYNAMIC_AVAILABILITY) {
209 supportedSuites = null;
210 defaultSuites = null;
211 CipherSuite.BulkCipher.clearAvailableCache();
212 JsseJce.clearEcAvailable();
213 }
214 }
215
216 /**
217 * Return the list of all available CipherSuites with a priority of
218 * minPriority or above.
219 * Should be called with the Class lock held.
220 */
221 private static CipherSuiteList buildAvailableCache(int minPriority) {
222 // SortedSet automatically arranges ciphersuites in default
223 // preference order
224 Set<CipherSuite> cipherSuites = new TreeSet<>();
225 Collection<CipherSuite> allowedCipherSuites =
226 CipherSuite.allowedCipherSuites();
227 for (CipherSuite c : allowedCipherSuites) {
228 if ((c.allowed == false) || (c.priority < minPriority)) {
229 continue;
230 }
231
232 if (c.isAvailable()) {
233 cipherSuites.add(c);
234 }
235 }
236
237 return new CipherSuiteList(cipherSuites);
238 }
239
240 /**
241 * Return supported CipherSuites in preference order.
242 */
243 static synchronized CipherSuiteList getSupported() {
244 if (supportedSuites == null) {
245 supportedSuites =
246 buildAvailableCache(CipherSuite.SUPPORTED_SUITES_PRIORITY);
247 }
248 return supportedSuites;
249 }
250
251 /**
252 * Return default enabled CipherSuites in preference order.
253 */
254 static synchronized CipherSuiteList getDefault() {
255 if (defaultSuites == null) {
256 defaultSuites =
257 buildAvailableCache(CipherSuite.DEFAULT_SUITES_PRIORITY);
258 }
259 return defaultSuites;
260 }
261
262 }