< prev index next >

src/java.base/share/classes/sun/security/util/CurveDB.java

Print this page 
rev 54061 : 8226374: Restrict TLS signature schemes and named groups
Reviewed-by: mullan


  45     private static final int PD = 5; // prime curve, mark as default
  46     private static final int BD = 6; // binary curve, mark as default
  47 
  48     private static final Map<String,NamedCurve> oidMap =
  49         new LinkedHashMap<String,NamedCurve>();
  50     private static final Map<String,NamedCurve> nameMap =
  51         new HashMap<String,NamedCurve>();
  52     private static final Map<Integer,NamedCurve> lengthMap =
  53         new HashMap<Integer,NamedCurve>();
  54 
  55     private static Collection<? extends NamedCurve> specCollection;
  56 
  57     public static final String SPLIT_PATTERN = ",|\\[|\\]";
  58 
  59     // Used by SunECEntries
  60     public static Collection<? extends NamedCurve>getSupportedCurves() {
  61         return specCollection;
  62     }
  63 
  64     // Return a NamedCurve for the specified OID/name or null if unknown.
  65     static NamedCurve lookup(String name) {
  66         NamedCurve spec = oidMap.get(name);
  67         if (spec != null) {
  68             return spec;
  69         }
  70 
  71         return nameMap.get(name);
  72     }
  73 
  74     // Return EC parameters for the specified field size. If there are known
  75     // NIST recommended parameters for the given length, they are returned.
  76     // Otherwise, if there are multiple matches for the given size, an
  77     // arbitrary one is returns.
  78     // If no parameters are known, the method returns null.
  79     // NOTE that this method returns both prime and binary curves.
  80     static NamedCurve lookup(int length) {
  81         return lengthMap.get(length);
  82     }
  83 
  84     // Convert the given ECParameterSpec object to a NamedCurve object.
  85     // If params does not represent a known named curve, return null.
  86     static NamedCurve lookup(ECParameterSpec params) {
  87         if ((params instanceof NamedCurve) || (params == null)) {
  88             return (NamedCurve)params;
  89         }
  90 
  91         // This is a hack to allow SunJSSE to work with 3rd party crypto
  92         // providers for ECC and not just SunPKCS11.
  93         // This can go away once we decide how to expose curve names in the
  94         // public API.
  95         // Note that it assumes that the 3rd party provider encodes named
  96         // curves using the short form, not explicitly. If it did that, then
  97         // the SunJSSE TLS ECC extensions are wrong, which could lead to
  98         // interoperability problems.
  99         int fieldSize = params.getCurve().getField().getFieldSize();
 100         for (NamedCurve namedCurve : specCollection) {
 101             // ECParameterSpec does not define equals, so check all the
 102             // components ourselves.
 103             // Quick field size check first
 104             if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) {
 105                 continue;
 106             }




  45     private static final int PD = 5; // prime curve, mark as default
  46     private static final int BD = 6; // binary curve, mark as default
  47 
  48     private static final Map<String,NamedCurve> oidMap =
  49         new LinkedHashMap<String,NamedCurve>();
  50     private static final Map<String,NamedCurve> nameMap =
  51         new HashMap<String,NamedCurve>();
  52     private static final Map<Integer,NamedCurve> lengthMap =
  53         new HashMap<Integer,NamedCurve>();
  54 
  55     private static Collection<? extends NamedCurve> specCollection;
  56 
  57     public static final String SPLIT_PATTERN = ",|\\[|\\]";
  58 
  59     // Used by SunECEntries
  60     public static Collection<? extends NamedCurve>getSupportedCurves() {
  61         return specCollection;
  62     }
  63 
  64     // Return a NamedCurve for the specified OID/name or null if unknown.
  65     public static NamedCurve lookup(String name) {
  66         NamedCurve spec = oidMap.get(name);
  67         if (spec != null) {
  68             return spec;
  69         }
  70 
  71         return nameMap.get(name);
  72     }
  73 
  74     // Return EC parameters for the specified field size. If there are known
  75     // NIST recommended parameters for the given length, they are returned.
  76     // Otherwise, if there are multiple matches for the given size, an
  77     // arbitrary one is returns.
  78     // If no parameters are known, the method returns null.
  79     // NOTE that this method returns both prime and binary curves.
  80     static NamedCurve lookup(int length) {
  81         return lengthMap.get(length);
  82     }
  83 
  84     // Convert the given ECParameterSpec object to a NamedCurve object.
  85     // If params does not represent a known named curve, return null.
  86     public static NamedCurve lookup(ECParameterSpec params) {
  87         if ((params instanceof NamedCurve) || (params == null)) {
  88             return (NamedCurve)params;
  89         }
  90 
  91         // This is a hack to allow SunJSSE to work with 3rd party crypto
  92         // providers for ECC and not just SunPKCS11.
  93         // This can go away once we decide how to expose curve names in the
  94         // public API.
  95         // Note that it assumes that the 3rd party provider encodes named
  96         // curves using the short form, not explicitly. If it did that, then
  97         // the SunJSSE TLS ECC extensions are wrong, which could lead to
  98         // interoperability problems.
  99         int fieldSize = params.getCurve().getField().getFieldSize();
 100         for (NamedCurve namedCurve : specCollection) {
 101             // ECParameterSpec does not define equals, so check all the
 102             // components ourselves.
 103             // Quick field size check first
 104             if (namedCurve.getCurve().getField().getFieldSize() != fieldSize) {
 105                 continue;
 106             }
< prev index next >