54 private final AlgorithmConstraints peerSpecifiedConstraints;
55
56 private final boolean enabledX509DisabledAlgConstraints;
57
58 // the default algorithm constraints
59 static final AlgorithmConstraints DEFAULT =
60 new SSLAlgorithmConstraints(null);
61
62 // the default SSL only algorithm constraints
63 static final AlgorithmConstraints DEFAULT_SSL_ONLY =
64 new SSLAlgorithmConstraints((SSLSocket)null, false);
65
66 SSLAlgorithmConstraints(AlgorithmConstraints userSpecifiedConstraints) {
67 this.userSpecifiedConstraints = userSpecifiedConstraints;
68 this.peerSpecifiedConstraints = null;
69 this.enabledX509DisabledAlgConstraints = true;
70 }
71
72 SSLAlgorithmConstraints(SSLSocket socket,
73 boolean withDefaultCertPathConstraints) {
74 this.userSpecifiedConstraints = getConstraints(socket);
75 this.peerSpecifiedConstraints = null;
76 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
77 }
78
79 SSLAlgorithmConstraints(SSLEngine engine,
80 boolean withDefaultCertPathConstraints) {
81 this.userSpecifiedConstraints = getConstraints(engine);
82 this.peerSpecifiedConstraints = null;
83 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
84 }
85
86 SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
87 boolean withDefaultCertPathConstraints) {
88 this.userSpecifiedConstraints = getConstraints(socket);
89 this.peerSpecifiedConstraints =
90 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
91 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
92 }
93
94 SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
95 boolean withDefaultCertPathConstraints) {
96 this.userSpecifiedConstraints = getConstraints(engine);
97 this.peerSpecifiedConstraints =
98 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
99 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
100 }
101
102 private static AlgorithmConstraints getConstraints(SSLEngine engine) {
103 if (engine != null) {
104 // Note that the KeyManager or TrustManager implementation may be
105 // not implemented in the same provider as SSLSocket/SSLEngine.
106 // Please check the instance before casting to use SSLEngineImpl.
107 if (engine instanceof SSLEngineImpl) {
108 HandshakeContext hc =
109 ((SSLEngineImpl)engine).conContext.handshakeContext;
110 if (hc != null) {
111 return hc.sslConfig.algorithmConstraints;
112 }
113 } else {
114 return engine.getSSLParameters().getAlgorithmConstraints();
115 }
116 }
117
118 return null;
119 }
120
121 private static AlgorithmConstraints getConstraints(SSLSocket socket) {
122 if (socket != null) {
123 // Note that the KeyManager or TrustManager implementation may be
124 // not implemented in the same provider as SSLSocket/SSLEngine.
125 // Please check the instance before casting to use SSLSocketImpl.
126 if (socket instanceof SSLSocketImpl) {
127 HandshakeContext hc =
128 ((SSLSocketImpl)socket).conContext.handshakeContext;
129 if (hc != null) {
130 return hc.sslConfig.algorithmConstraints;
131 }
132 } else {
133 return socket.getSSLParameters().getAlgorithmConstraints();
134 }
135 }
136
137 return null;
138 }
139
140 @Override
141 public boolean permits(Set<CryptoPrimitive> primitives,
142 String algorithm, AlgorithmParameters parameters) {
143
144 boolean permitted = true;
145
146 if (peerSpecifiedConstraints != null) {
147 permitted = peerSpecifiedConstraints.permits(
148 primitives, algorithm, parameters);
149 }
150
151 if (permitted && userSpecifiedConstraints != null) {
152 permitted = userSpecifiedConstraints.permits(
153 primitives, algorithm, parameters);
154 }
|
54 private final AlgorithmConstraints peerSpecifiedConstraints;
55
56 private final boolean enabledX509DisabledAlgConstraints;
57
58 // the default algorithm constraints
59 static final AlgorithmConstraints DEFAULT =
60 new SSLAlgorithmConstraints(null);
61
62 // the default SSL only algorithm constraints
63 static final AlgorithmConstraints DEFAULT_SSL_ONLY =
64 new SSLAlgorithmConstraints((SSLSocket)null, false);
65
66 SSLAlgorithmConstraints(AlgorithmConstraints userSpecifiedConstraints) {
67 this.userSpecifiedConstraints = userSpecifiedConstraints;
68 this.peerSpecifiedConstraints = null;
69 this.enabledX509DisabledAlgConstraints = true;
70 }
71
72 SSLAlgorithmConstraints(SSLSocket socket,
73 boolean withDefaultCertPathConstraints) {
74 this.userSpecifiedConstraints = getUserSpecifiedConstraints(socket);
75 this.peerSpecifiedConstraints = null;
76 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
77 }
78
79 SSLAlgorithmConstraints(SSLEngine engine,
80 boolean withDefaultCertPathConstraints) {
81 this.userSpecifiedConstraints = getUserSpecifiedConstraints(engine);
82 this.peerSpecifiedConstraints = null;
83 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
84 }
85
86 SSLAlgorithmConstraints(SSLSocket socket, String[] supportedAlgorithms,
87 boolean withDefaultCertPathConstraints) {
88 this.userSpecifiedConstraints = getUserSpecifiedConstraints(socket);
89 this.peerSpecifiedConstraints =
90 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
91 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
92 }
93
94 SSLAlgorithmConstraints(SSLEngine engine, String[] supportedAlgorithms,
95 boolean withDefaultCertPathConstraints) {
96 this.userSpecifiedConstraints = getUserSpecifiedConstraints(engine);
97 this.peerSpecifiedConstraints =
98 new SupportedSignatureAlgorithmConstraints(supportedAlgorithms);
99 this.enabledX509DisabledAlgConstraints = withDefaultCertPathConstraints;
100 }
101
102 private static AlgorithmConstraints getUserSpecifiedConstraints(
103 SSLEngine engine) {
104 if (engine != null) {
105 // Note that the KeyManager or TrustManager implementation may be
106 // not implemented in the same provider as SSLSocket/SSLEngine.
107 // Please check the instance before casting to use SSLEngineImpl.
108 if (engine instanceof SSLEngineImpl) {
109 HandshakeContext hc =
110 ((SSLEngineImpl)engine).conContext.handshakeContext;
111 if (hc != null) {
112 return hc.sslConfig.userSpecifiedAlgorithmConstraints;
113 }
114 }
115
116 return engine.getSSLParameters().getAlgorithmConstraints();
117 }
118
119 return null;
120 }
121
122 private static AlgorithmConstraints getUserSpecifiedConstraints(
123 SSLSocket socket) {
124 if (socket != null) {
125 // Note that the KeyManager or TrustManager implementation may be
126 // not implemented in the same provider as SSLSocket/SSLEngine.
127 // Please check the instance before casting to use SSLSocketImpl.
128 if (socket instanceof SSLSocketImpl) {
129 HandshakeContext hc =
130 ((SSLSocketImpl)socket).conContext.handshakeContext;
131 if (hc != null) {
132 return hc.sslConfig.userSpecifiedAlgorithmConstraints;
133 }
134 }
135
136 return socket.getSSLParameters().getAlgorithmConstraints();
137 }
138
139 return null;
140 }
141
142 @Override
143 public boolean permits(Set<CryptoPrimitive> primitives,
144 String algorithm, AlgorithmParameters parameters) {
145
146 boolean permitted = true;
147
148 if (peerSpecifiedConstraints != null) {
149 permitted = peerSpecifiedConstraints.permits(
150 primitives, algorithm, parameters);
151 }
152
153 if (permitted && userSpecifiedConstraints != null) {
154 permitted = userSpecifiedConstraints.permits(
155 primitives, algorithm, parameters);
156 }
|