1 /*
   2  * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.util;
  27 
  28 import java.security.AccessController;
  29 import java.security.AlgorithmConstraints;
  30 import java.security.PrivilegedAction;
  31 import java.security.Security;
  32 import java.util.Set;
  33 
  34 /**
  35  * The class contains common functionality for algorithm constraints classes.
  36  */
  37 public abstract class AbstractAlgorithmConstraints
  38         implements AlgorithmConstraints {
  39 
  40     protected final AlgorithmDecomposer decomposer;
  41 
  42     protected AbstractAlgorithmConstraints(AlgorithmDecomposer decomposer) {
  43         this.decomposer = decomposer;
  44     }
  45 
  46     // Get algorithm constraints from the specified security property.
  47     static String[] getAlgorithms(String propertyName) {
  48         String property = AccessController.doPrivileged(
  49                 new PrivilegedAction<String>() {
  50                     @Override
  51                     public String run() {
  52                         return Security.getProperty(propertyName);
  53                     }
  54                 });
  55 
  56         String[] algorithmsInProperty = null;
  57         if (property != null && !property.isEmpty()) {
  58             // remove double quote marks from beginning/end of the property
  59             if (property.length() >= 2 && property.charAt(0) == '"' &&
  60                     property.charAt(property.length() - 1) == '"') {
  61                 property = property.substring(1, property.length() - 1);
  62             }
  63             algorithmsInProperty = property.split(",");
  64             for (int i = 0; i < algorithmsInProperty.length; i++) {
  65                 algorithmsInProperty[i] = algorithmsInProperty[i].trim();
  66             }
  67         }
  68 
  69         // map the disabled algorithms
  70         if (algorithmsInProperty == null) {
  71             algorithmsInProperty = new String[0];
  72         }
  73         return algorithmsInProperty;
  74     }
  75 
  76     static boolean checkAlgorithm(String[] algorithms, String algorithm,
  77             AlgorithmDecomposer decomposer) {
  78         if (algorithm == null || algorithm.length() == 0) {
  79             throw new IllegalArgumentException("No algorithm name specified");
  80         }
  81 
  82         Set<String> elements = null;
  83         for (String item : algorithms) {
  84             if (item == null || item.isEmpty()) {
  85                 continue;
  86             }
  87 
  88             // check the full name
  89             if (item.equalsIgnoreCase(algorithm)) {
  90                 return false;
  91             }
  92 
  93             // decompose the algorithm into sub-elements
  94             if (elements == null) {
  95                 elements = decomposer.decompose(algorithm);
  96             }
  97 
  98             // check the items of the algorithm
  99             for (String element : elements) {
 100                 if (item.equalsIgnoreCase(element)) {
 101                     return false;
 102                 }
 103             }
 104         }
 105 
 106         return true;
 107     }
 108 
 109 }