< prev index next >
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
Print this page
*** 1,7 ****
/*
! * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
--- 1,7 ----
/*
! * Copyright (c) 2010, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
*** 24,45 ****
*/
package sun.security.ssl;
import java.security.AlgorithmConstraints;
- import java.security.CryptoPrimitive;
import java.security.AlgorithmParameters;
!
! import javax.net.ssl.*;
!
import java.security.Key;
-
import java.util.Set;
!
import sun.security.util.DisabledAlgorithmConstraints;
import static sun.security.util.DisabledAlgorithmConstraints.*;
- import sun.security.ssl.CipherSuite.*;
/**
* Algorithm constraints for disabled algorithms property
*
* See the "jdk.certpath.disabledAlgorithms" specification in java.security
--- 24,40 ----
*/
package sun.security.ssl;
import java.security.AlgorithmConstraints;
import java.security.AlgorithmParameters;
! import java.security.CryptoPrimitive;
import java.security.Key;
import java.util.Set;
! import javax.net.ssl.*;
import sun.security.util.DisabledAlgorithmConstraints;
import static sun.security.util.DisabledAlgorithmConstraints.*;
/**
* Algorithm constraints for disabled algorithms property
*
* See the "jdk.certpath.disabledAlgorithms" specification in java.security
*** 53,144 ****
private static final AlgorithmConstraints x509DisabledAlgConstraints =
new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS,
new SSLAlgorithmDecomposer(true));
! private AlgorithmConstraints userAlgConstraints = null;
! private AlgorithmConstraints peerAlgConstraints = null;
! private boolean enabledX509DisabledAlgConstraints = true;
// the default algorithm constraints
static final AlgorithmConstraints DEFAULT =
new SSLAlgorithmConstraints(null);
// the default SSL only algorithm constraints
static final AlgorithmConstraints DEFAULT_SSL_ONLY =
new SSLAlgorithmConstraints((SSLSocket)null, false);
! SSLAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
! userAlgConstraints = algorithmConstraints;
}
SSLAlgorithmConstraints(SSLSocket socket,
boolean withDefaultCertPathConstraints) {
if (socket != null) {
! userAlgConstraints =
! socket.getSSLParameters().getAlgorithmConstraints();
}
-
- if (!withDefaultCertPathConstraints) {
- enabledX509DisabledAlgConstraints = false;
}
}
SSLAlgorithmConstraints(SSLEngine engine,
boolean withDefaultCertPathConstraints) {
if (engine != null) {
! userAlgConstraints =
! engine.getSSLParameters().getAlgorithmConstraints();
}
-
- if (!withDefaultCertPathConstraints) {
- enabledX509DisabledAlgConstraints = false;
}
}
SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
if (socket != null) {
! userAlgConstraints =
! socket.getSSLParameters().getAlgorithmConstraints();
! peerAlgConstraints =
! new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
}
! if (!withDefaultCertPathConstraints) {
! enabledX509DisabledAlgConstraints = false;
}
}
SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
if (engine != null) {
! userAlgConstraints =
! engine.getSSLParameters().getAlgorithmConstraints();
! peerAlgConstraints =
! new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
}
! if (!withDefaultCertPathConstraints) {
! enabledX509DisabledAlgConstraints = false;
}
}
@Override
public boolean permits(Set<CryptoPrimitive> primitives,
String algorithm, AlgorithmParameters parameters) {
boolean permitted = true;
! if (peerAlgConstraints != null) {
! permitted = peerAlgConstraints.permits(
primitives, algorithm, parameters);
}
! if (permitted && userAlgConstraints != null) {
! permitted = userAlgConstraints.permits(
primitives, algorithm, parameters);
}
if (permitted) {
permitted = tlsDisabledAlgConstraints.permits(
--- 48,165 ----
private static final AlgorithmConstraints x509DisabledAlgConstraints =
new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS,
new SSLAlgorithmDecomposer(true));
! private final AlgorithmConstraints userSpecifiedConstraints;
! private final AlgorithmConstraints peerSpecifiedConstraints;
! private final boolean enabledX509DisabledAlgConstraints;
// the default algorithm constraints
static final AlgorithmConstraints DEFAULT =
new SSLAlgorithmConstraints(null);
// the default SSL only algorithm constraints
static final AlgorithmConstraints DEFAULT_SSL_ONLY =
new SSLAlgorithmConstraints((SSLSocket)null, false);
! SSLAlgorithmConstraints(AlgorithmConstraints userSpecifiedConstraints) {
! this.userSpecifiedConstraints = userSpecifiedConstraints;
! this.peerSpecifiedConstraints = null;
! this.enabledX509DisabledAlgConstraints = true;
}
SSLAlgorithmConstraints(SSLSocket socket,
boolean withDefaultCertPathConstraints) {
+ AlgorithmConstraints configuredConstraints = null;
if (socket != null) {
! HandshakeContext hc =
! ((SSLSocketImpl)socket).conContext.handshakeContext;
! if (hc != null) {
! configuredConstraints = hc.sslConfig.algorithmConstraints;
! } else {
! configuredConstraints = null;
}
}
+ this.userSpecifiedConstraints = configuredConstraints;
+ this.peerSpecifiedConstraints = null;
+ this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLEngine engine,
boolean withDefaultCertPathConstraints) {
+ AlgorithmConstraints configuredConstraints = null;
if (engine != null) {
! HandshakeContext hc =
! ((SSLEngineImpl)engine).conContext.handshakeContext;
! if (hc != null) {
! configuredConstraints = hc.sslConfig.algorithmConstraints;
! } else {
! configuredConstraints = null;
}
}
+ this.userSpecifiedConstraints = configuredConstraints;
+ this.peerSpecifiedConstraints = null;
+ this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
+ AlgorithmConstraints configuredConstraints = null;
+ AlgorithmConstraints negotiatedConstraints = null;
if (socket != null) {
! HandshakeContext hc =
! ((SSLSocketImpl)socket).conContext.handshakeContext;
! if (hc != null) {
! configuredConstraints = hc.sslConfig.algorithmConstraints;
! } else {
! configuredConstraints = null;
}
! negotiatedConstraints =
! new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
}
+ this.userSpecifiedConstraints = configuredConstraints;
+ this.peerSpecifiedConstraints = negotiatedConstraints;
+ this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
boolean withDefaultCertPathConstraints) {
+ AlgorithmConstraints configuredConstraints = null;
+ AlgorithmConstraints negotiatedConstraints = null;
if (engine != null) {
! HandshakeContext hc =
! ((SSLEngineImpl)engine).conContext.handshakeContext;
! if (hc != null) {
! configuredConstraints = hc.sslConfig.algorithmConstraints;
! } else {
! configuredConstraints = null;
}
! negotiatedConstraints =
! new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
}
+ this.userSpecifiedConstraints = configuredConstraints;
+ this.peerSpecifiedConstraints = negotiatedConstraints;
+ this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
}
@Override
public boolean permits(Set<CryptoPrimitive> primitives,
String algorithm, AlgorithmParameters parameters) {
boolean permitted = true;
! if (peerSpecifiedConstraints != null) {
! permitted = peerSpecifiedConstraints.permits(
primitives, algorithm, parameters);
}
! if (permitted && userSpecifiedConstraints != null) {
! permitted = userSpecifiedConstraints.permits(
primitives, algorithm, parameters);
}
if (permitted) {
permitted = tlsDisabledAlgConstraints.permits(
*** 156,171 ****
@Override
public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
boolean permitted = true;
! if (peerAlgConstraints != null) {
! permitted = peerAlgConstraints.permits(primitives, key);
}
! if (permitted && userAlgConstraints != null) {
! permitted = userAlgConstraints.permits(primitives, key);
}
if (permitted) {
permitted = tlsDisabledAlgConstraints.permits(primitives, key);
}
--- 177,192 ----
@Override
public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
boolean permitted = true;
! if (peerSpecifiedConstraints != null) {
! permitted = peerSpecifiedConstraints.permits(primitives, key);
}
! if (permitted && userSpecifiedConstraints != null) {
! permitted = userSpecifiedConstraints.permits(primitives, key);
}
if (permitted) {
permitted = tlsDisabledAlgConstraints.permits(primitives, key);
}
*** 181,197 ****
public boolean permits(Set<CryptoPrimitive> primitives,
String algorithm, Key key, AlgorithmParameters parameters) {
boolean permitted = true;
! if (peerAlgConstraints != null) {
! permitted = peerAlgConstraints.permits(
primitives, algorithm, key, parameters);
}
! if (permitted && userAlgConstraints != null) {
! permitted = userAlgConstraints.permits(
primitives, algorithm, key, parameters);
}
if (permitted) {
permitted = tlsDisabledAlgConstraints.permits(
--- 202,218 ----
public boolean permits(Set<CryptoPrimitive> primitives,
String algorithm, Key key, AlgorithmParameters parameters) {
boolean permitted = true;
! if (peerSpecifiedConstraints != null) {
! permitted = peerSpecifiedConstraints.permits(
primitives, algorithm, key, parameters);
}
! if (permitted && userSpecifiedConstraints != null) {
! permitted = userSpecifiedConstraints.permits(
primitives, algorithm, key, parameters);
}
if (permitted) {
permitted = tlsDisabledAlgConstraints.permits(
< prev index next >