1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package libcore.java.security; 18 19 import java.security.Security; 20 import java.security.spec.DSAPrivateKeySpec; 21 import java.security.spec.DSAPublicKeySpec; 22 import java.security.spec.ECPrivateKeySpec; 23 import java.security.spec.ECPublicKeySpec; 24 import java.security.spec.KeySpec; 25 import java.security.spec.RSAPrivateCrtKeySpec; 26 import java.security.spec.RSAPublicKeySpec; 27 import java.util.ArrayList; 28 import java.util.Arrays; 29 import java.util.Collections; 30 import java.util.HashMap; 31 import java.util.HashSet; 32 import java.util.LinkedHashSet; 33 import java.util.List; 34 import java.util.Locale; 35 import java.util.Map; 36 import java.util.Set; 37 import javax.crypto.spec.DHPrivateKeySpec; 38 import javax.crypto.spec.DHPublicKeySpec; 39 import junit.framework.Assert; 40 41 /** 42 * This class defines expected string names for protocols, key types, 43 * client and server auth types, cipher suites. 44 * 45 * Initially based on "Appendix A: Standard Names" of 46 * <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA"> 47 * Java ™ Secure Socket Extension (JSSE) Reference Guide 48 * for the Java ™ 2 Platform Standard Edition 5 49 * </a>. 50 * 51 * Updated based on the 52 * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/SunProviders.html"> 53 * Java ™ Cryptography Architecture Oracle Providers Documentation 54 * for Java ™ Platform Standard Edition 7 55 * </a>. 56 * See also the 57 * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/StandardNames.html"> 58 * Java ™ Cryptography Architecture Standard Algorithm Name Documentation 59 * </a>. 60 * 61 * Further updates based on the 62 * <a href=http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html"> 63 * Java ™ PKCS#11 Reference Guide 64 * </a>. 65 */ 66 public final class StandardNames extends Assert { 67 68 public static final boolean IS_RI 69 = !"Dalvik Core Library".equals(System.getProperty("java.specification.name")); 70 public static final String JSSE_PROVIDER_NAME = (IS_RI) ? "SunJSSE" : "AndroidOpenSSL"; 71 public static final String SECURITY_PROVIDER_NAME = (IS_RI) ? "SUN" : "BC"; 72 73 public static final String KEY_MANAGER_FACTORY_DEFAULT = (IS_RI) ? "SunX509" : "PKIX"; 74 public static final String TRUST_MANAGER_FACTORY_DEFAULT = "PKIX"; 75 76 public static final String KEY_STORE_ALGORITHM = (IS_RI) ? "JKS" : "BKS"; 77 78 /** 79 * RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 80 */ 81 public static final String CIPHER_SUITE_SECURE_RENEGOTIATION 82 = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 83 84 /** 85 * From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 it is a 86 * signaling cipher suite value (SCSV) to indicate that this request is a 87 * protocol fallback (e.g., TLS 1.0 -> SSL 3.0) because the server didn't respond 88 * to the first request. 89 */ 90 public static final String CIPHER_SUITE_FALLBACK = "TLS_FALLBACK_SCSV"; 91 92 /** 93 * A map from algorithm type (e.g. Cipher) to a set of algorithms (e.g. AES, DES, ...) 94 */ 95 public static final Map<String,Set<String>> PROVIDER_ALGORITHMS 96 = new HashMap<String,Set<String>>(); 97 98 public static final Map<String,Set<String>> CIPHER_MODES 99 = new HashMap<String,Set<String>>(); 100 101 public static final Map<String,Set<String>> CIPHER_PADDINGS 102 = new HashMap<String,Set<String>>(); 103 provide(String type, String algorithm)104 private static void provide(String type, String algorithm) { 105 Set<String> algorithms = PROVIDER_ALGORITHMS.get(type); 106 if (algorithms == null) { 107 algorithms = new HashSet(); 108 PROVIDER_ALGORITHMS.put(type, algorithms); 109 } 110 assertTrue("Duplicate " + type + " " + algorithm, 111 algorithms.add(algorithm.toUpperCase(Locale.ROOT))); 112 } unprovide(String type, String algorithm)113 private static void unprovide(String type, String algorithm) { 114 Set<String> algorithms = PROVIDER_ALGORITHMS.get(type); 115 assertNotNull(algorithms); 116 assertTrue(algorithm, algorithms.remove(algorithm.toUpperCase(Locale.ROOT))); 117 if (algorithms.isEmpty()) { 118 assertNotNull(PROVIDER_ALGORITHMS.remove(type)); 119 } 120 } provideCipherModes(String algorithm, String newModes[])121 private static void provideCipherModes(String algorithm, String newModes[]) { 122 Set<String> modes = CIPHER_MODES.get(algorithm); 123 if (modes == null) { 124 modes = new HashSet<String>(); 125 CIPHER_MODES.put(algorithm, modes); 126 } 127 modes.addAll(Arrays.asList(newModes)); 128 } provideCipherPaddings(String algorithm, String newPaddings[])129 private static void provideCipherPaddings(String algorithm, String newPaddings[]) { 130 Set<String> paddings = CIPHER_PADDINGS.get(algorithm); 131 if (paddings == null) { 132 paddings = new HashSet<String>(); 133 CIPHER_PADDINGS.put(algorithm, paddings); 134 } 135 paddings.addAll(Arrays.asList(newPaddings)); 136 } 137 static { 138 provide("AlgorithmParameterGenerator", "DSA"); 139 provide("AlgorithmParameterGenerator", "DiffieHellman"); 140 provide("AlgorithmParameters", "AES"); 141 provide("AlgorithmParameters", "Blowfish"); 142 provide("AlgorithmParameters", "DES"); 143 provide("AlgorithmParameters", "DESede"); 144 provide("AlgorithmParameters", "DSA"); 145 provide("AlgorithmParameters", "DiffieHellman"); 146 provide("AlgorithmParameters", "GCM"); 147 provide("AlgorithmParameters", "OAEP"); 148 provide("AlgorithmParameters", "PBEWithMD5AndDES"); 149 provide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 150 provide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 151 provide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 152 provide("AlgorithmParameters", "RC2"); 153 provide("CertPathBuilder", "PKIX"); 154 provide("CertPathValidator", "PKIX"); 155 provide("CertStore", "Collection"); 156 provide("CertStore", "LDAP"); 157 provide("CertificateFactory", "X.509"); 158 // TODO: provideCipherModes and provideCipherPaddings for other Ciphers 159 provide("Cipher", "AES"); 160 provideCipherModes("AES", new String[] { "CBC", "CFB", "CTR", "CTS", "ECB", "OFB" }); 161 provideCipherPaddings("AES", new String[] { "NoPadding", "PKCS5Padding" }); 162 provide("Cipher", "AESWrap"); 163 provide("Cipher", "ARCFOUR"); 164 provide("Cipher", "Blowfish"); 165 provide("Cipher", "DES"); 166 provide("Cipher", "DESede"); 167 provide("Cipher", "DESedeWrap"); 168 provide("Cipher", "GCM"); 169 provide("Cipher", "PBEWithMD5AndDES"); 170 provide("Cipher", "PBEWithMD5AndTripleDES"); 171 provide("Cipher", "PBEWithSHA1AndDESede"); 172 provide("Cipher", "PBEWithSHA1AndRC2_40"); 173 provide("Cipher", "RC2"); 174 provide("Cipher", "RSA"); 175 // TODO: None? 176 provideCipherModes("RSA", new String[] { "ECB" }); 177 // TODO: OAEPPadding 178 provideCipherPaddings("RSA", new String[] { "NoPadding", "PKCS1Padding" }); 179 provide("Configuration", "JavaLoginConfig"); 180 provide("KeyAgreement", "DiffieHellman"); 181 provide("KeyFactory", "DSA"); 182 provide("KeyFactory", "DiffieHellman"); 183 provide("KeyFactory", "RSA"); 184 provide("KeyGenerator", "AES"); 185 provide("KeyGenerator", "ARCFOUR"); 186 provide("KeyGenerator", "Blowfish"); 187 provide("KeyGenerator", "DES"); 188 provide("KeyGenerator", "DESede"); 189 provide("KeyGenerator", "HmacMD5"); 190 provide("KeyGenerator", "HmacSHA1"); 191 provide("KeyGenerator", "HmacSHA224"); 192 provide("KeyGenerator", "HmacSHA256"); 193 provide("KeyGenerator", "HmacSHA384"); 194 provide("KeyGenerator", "HmacSHA512"); 195 provide("KeyGenerator", "RC2"); 196 provide("KeyInfoFactory", "DOM"); 197 provide("KeyManagerFactory", "PKIX"); 198 provide("KeyPairGenerator", "DSA"); 199 provide("KeyPairGenerator", "DiffieHellman"); 200 provide("KeyPairGenerator", "RSA"); 201 provide("KeyStore", "JCEKS"); 202 provide("KeyStore", "JKS"); 203 provide("KeyStore", "PKCS12"); 204 provide("Mac", "HmacMD5"); 205 provide("Mac", "HmacSHA1"); 206 provide("Mac", "HmacSHA224"); 207 provide("Mac", "HmacSHA256"); 208 provide("Mac", "HmacSHA384"); 209 provide("Mac", "HmacSHA512"); 210 // If adding a new MessageDigest, consider adding it to JarVerifier 211 provide("MessageDigest", "MD2"); 212 provide("MessageDigest", "MD5"); 213 provide("MessageDigest", "SHA-224"); 214 provide("MessageDigest", "SHA-256"); 215 provide("MessageDigest", "SHA-384"); 216 provide("MessageDigest", "SHA-512"); 217 provide("Policy", "JavaPolicy"); 218 provide("SSLContext", "SSLv3"); 219 provide("SSLContext", "TLSv1"); 220 provide("SSLContext", "TLSv1.1"); 221 provide("SSLContext", "TLSv1.2"); 222 provide("SecretKeyFactory", "DES"); 223 provide("SecretKeyFactory", "DESede"); 224 provide("SecretKeyFactory", "PBEWithMD5AndDES"); 225 provide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 226 provide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 227 provide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 228 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1"); 229 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1And8bit"); 230 provide("SecureRandom", "SHA1PRNG"); 231 provide("Signature", "MD2withRSA"); 232 provide("Signature", "MD5withRSA"); 233 provide("Signature", "NONEwithDSA"); 234 provide("Signature", "SHA1withDSA"); 235 provide("Signature", "SHA224withDSA"); 236 provide("Signature", "SHA256withDSA"); 237 provide("Signature", "SHA1withRSA"); 238 provide("Signature", "SHA224withRSA"); 239 provide("Signature", "SHA256withRSA"); 240 provide("Signature", "SHA384withRSA"); 241 provide("Signature", "SHA512withRSA"); 242 provide("TerminalFactory", "PC/SC"); 243 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#base64"); 244 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#enveloped-signature"); 245 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#"); 246 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"); 247 provide("TransformService", "http://www.w3.org/2002/06/xmldsig-filter2"); 248 provide("TransformService", "http://www.w3.org/TR/1999/REC-xpath-19991116"); 249 provide("TransformService", "http://www.w3.org/TR/1999/REC-xslt-19991116"); 250 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); 251 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); 252 provide("TrustManagerFactory", "PKIX"); 253 provide("XMLSignatureFactory", "DOM"); 254 255 // Not clearly documented by RI 256 provide("GssApiMechanism", "1.2.840.113554.1.2.2"); 257 provide("GssApiMechanism", "1.3.6.1.5.5.2"); 258 259 // Not correctly documented by RI which left off the Factory suffix 260 provide("SaslClientFactory", "CRAM-MD5"); 261 provide("SaslClientFactory", "DIGEST-MD5"); 262 provide("SaslClientFactory", "EXTERNAL"); 263 provide("SaslClientFactory", "GSSAPI"); 264 provide("SaslClientFactory", "PLAIN"); 265 provide("SaslServerFactory", "CRAM-MD5"); 266 provide("SaslServerFactory", "DIGEST-MD5"); 267 provide("SaslServerFactory", "GSSAPI"); 268 269 // Documentation seems to list alias instead of actual name 270 // provide("MessageDigest", "SHA-1"); 271 provide("MessageDigest", "SHA"); 272 273 // Mentioned in javadoc, not documentation 274 provide("SSLContext", "Default"); 275 276 // Not documented as in RI 6 but mentioned in Standard Names 277 provide("AlgorithmParameters", "PBE"); 278 provide("SSLContext", "SSL"); 279 provide("SSLContext", "TLS"); 280 281 // Not documented as in RI 6 but that exist in RI 6 282 if (IS_RI) { 283 provide("CertStore", "com.sun.security.IndexedCollection"); 284 provide("KeyGenerator", "SunTlsKeyMaterial"); 285 provide("KeyGenerator", "SunTlsMasterSecret"); 286 provide("KeyGenerator", "SunTlsPrf"); 287 provide("KeyGenerator", "SunTlsRsaPremasterSecret"); 288 provide("KeyStore", "CaseExactJKS"); 289 provide("Mac", "HmacPBESHA1"); 290 provide("Mac", "SslMacMD5"); 291 provide("Mac", "SslMacSHA1"); 292 provide("SecureRandom", "NativePRNG"); 293 provide("Signature", "MD5andSHA1withRSA"); 294 provide("TrustManagerFactory", "SunX509"); 295 } 296 297 // Only available with the SunPKCS11-NSS provider, 298 // which seems to be enabled in OpenJDK 6 but not Oracle Java 6 299 if (Security.getProvider("SunPKCS11-NSS") != null) { 300 provide("AlgorithmParameters", "EC"); 301 provide("Cipher", "AES/CBC/NOPADDING"); 302 provide("Cipher", "DES/CBC/NOPADDING"); 303 provide("Cipher", "DESEDE/CBC/NOPADDING"); 304 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 305 provide("KeyAgreement", "DH"); 306 provide("KeyAgreement", "ECDH"); 307 provide("KeyFactory", "DH"); 308 provide("KeyFactory", "EC"); 309 provide("KeyPairGenerator", "DH"); 310 provide("KeyPairGenerator", "EC"); 311 provide("KeyStore", "PKCS11"); 312 provide("MessageDigest", "SHA1"); 313 provide("SecretKeyFactory", "AES"); 314 provide("SecretKeyFactory", "ARCFOUR"); 315 provide("SecureRandom", "PKCS11"); 316 provide("Signature", "DSA"); 317 provide("Signature", "NONEWITHECDSA"); 318 provide("Signature", "RAWDSA"); 319 provide("Signature", "SHA1WITHECDSA"); 320 provide("Signature", "SHA224WITHECDSA"); 321 provide("Signature", "SHA256WITHECDSA"); 322 provide("Signature", "SHA384WITHECDSA"); 323 provide("Signature", "SHA512WITHECDSA"); 324 } 325 326 // Documented as Standard Names, but do not exit in RI 6 327 if (IS_RI) { 328 unprovide("SSLContext", "TLSv1.1"); 329 unprovide("SSLContext", "TLSv1.2"); 330 } 331 332 // Fixups for the RI 333 if (IS_RI) { 334 // different names: Standard Names says PKIX, JSSE Reference Guide says SunX509 or NewSunX509 335 unprovide("KeyManagerFactory", "PKIX"); 336 provide("KeyManagerFactory", "SunX509"); 337 provide("KeyManagerFactory", "NewSunX509"); 338 } 339 340 // Fixups for dalvik 341 if (!IS_RI) { 342 343 // whole types that we do not provide 344 PROVIDER_ALGORITHMS.remove("Configuration"); 345 PROVIDER_ALGORITHMS.remove("GssApiMechanism"); 346 PROVIDER_ALGORITHMS.remove("KeyInfoFactory"); 347 PROVIDER_ALGORITHMS.remove("Policy"); 348 PROVIDER_ALGORITHMS.remove("SaslClientFactory"); 349 PROVIDER_ALGORITHMS.remove("SaslServerFactory"); 350 PROVIDER_ALGORITHMS.remove("TerminalFactory"); 351 PROVIDER_ALGORITHMS.remove("TransformService"); 352 PROVIDER_ALGORITHMS.remove("XMLSignatureFactory"); 353 354 // different names Diffie-Hellman vs DH 355 unprovide("AlgorithmParameterGenerator", "DiffieHellman"); 356 provide("AlgorithmParameterGenerator", "DH"); 357 unprovide("AlgorithmParameters", "DiffieHellman"); 358 provide("AlgorithmParameters", "DH"); 359 unprovide("KeyAgreement", "DiffieHellman"); 360 provide("KeyAgreement", "DH"); 361 unprovide("KeyFactory", "DiffieHellman"); 362 provide("KeyFactory", "DH"); 363 unprovide("KeyPairGenerator", "DiffieHellman"); 364 provide("KeyPairGenerator", "DH"); 365 366 // different names PBEWithSHA1AndDESede vs PBEWithSHAAnd3-KEYTripleDES-CBC 367 unprovide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 368 unprovide("Cipher", "PBEWithSHA1AndDESede"); 369 unprovide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 370 provide("AlgorithmParameters", "PKCS12PBE"); 371 provide("Cipher", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 372 provide("SecretKeyFactory", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 373 374 // different names: BouncyCastle actually uses the Standard name of SHA-1 vs SHA 375 unprovide("MessageDigest", "SHA"); 376 provide("MessageDigest", "SHA-1"); 377 378 // Added to support Android KeyStore operations 379 provide("Signature", "NONEwithRSA"); 380 provide("Cipher", "RSA/ECB/NOPADDING"); 381 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 382 383 // different names: ARCFOUR vs ARC4 384 unprovide("Cipher", "ARCFOUR"); 385 provide("Cipher", "ARC4"); 386 unprovide("KeyGenerator", "ARCFOUR"); 387 provide("KeyGenerator", "ARC4"); 388 389 // different case names: Blowfish vs BLOWFISH 390 unprovide("AlgorithmParameters", "Blowfish"); 391 provide("AlgorithmParameters", "BLOWFISH"); 392 unprovide("Cipher", "Blowfish"); 393 provide("Cipher", "BLOWFISH"); 394 unprovide("KeyGenerator", "Blowfish"); 395 provide("KeyGenerator", "BLOWFISH"); 396 397 // Harmony has X.509, BouncyCastle X509 398 // TODO remove one, probably Harmony's 399 provide("CertificateFactory", "X509"); 400 401 // not just different names, but different binary formats 402 unprovide("KeyStore", "JKS"); 403 provide("KeyStore", "BKS"); 404 unprovide("KeyStore", "JCEKS"); 405 provide("KeyStore", "BouncyCastle"); 406 407 // Noise to support KeyStore.PKCS12 408 provide("Cipher", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 409 provide("Cipher", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 410 provide("Cipher", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 411 provide("Cipher", "PBEWITHMD5ANDRC2"); 412 provide("Cipher", "PBEWITHSHA1ANDDES"); 413 provide("Cipher", "PBEWITHSHA1ANDRC2"); 414 provide("Cipher", "PBEWITHSHA256AND128BITAES-CBC-BC"); 415 provide("Cipher", "PBEWITHSHA256AND192BITAES-CBC-BC"); 416 provide("Cipher", "PBEWITHSHA256AND256BITAES-CBC-BC"); 417 provide("Cipher", "PBEWITHSHAAND128BITAES-CBC-BC"); 418 provide("Cipher", "PBEWITHSHAAND128BITRC2-CBC"); 419 provide("Cipher", "PBEWITHSHAAND128BITRC4"); 420 provide("Cipher", "PBEWITHSHAAND192BITAES-CBC-BC"); 421 provide("Cipher", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 422 provide("Cipher", "PBEWITHSHAAND256BITAES-CBC-BC"); 423 provide("Cipher", "PBEWITHSHAAND40BITRC2-CBC"); 424 provide("Cipher", "PBEWITHSHAAND40BITRC4"); 425 provide("Cipher", "PBEWITHSHAANDTWOFISH-CBC"); 426 provide("Mac", "PBEWITHHMACSHA"); 427 provide("Mac", "PBEWITHHMACSHA1"); 428 provide("SecretKeyFactory", "PBEWITHHMACSHA1"); 429 provide("SecretKeyFactory", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 430 provide("SecretKeyFactory", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 431 provide("SecretKeyFactory", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 432 provide("SecretKeyFactory", "PBEWITHMD5ANDRC2"); 433 provide("SecretKeyFactory", "PBEWITHSHA1ANDDES"); 434 provide("SecretKeyFactory", "PBEWITHSHA1ANDRC2"); 435 provide("SecretKeyFactory", "PBEWITHSHA256AND128BITAES-CBC-BC"); 436 provide("SecretKeyFactory", "PBEWITHSHA256AND192BITAES-CBC-BC"); 437 provide("SecretKeyFactory", "PBEWITHSHA256AND256BITAES-CBC-BC"); 438 provide("SecretKeyFactory", "PBEWITHSHAAND128BITAES-CBC-BC"); 439 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC2-CBC"); 440 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC4"); 441 provide("SecretKeyFactory", "PBEWITHSHAAND192BITAES-CBC-BC"); 442 provide("SecretKeyFactory", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 443 provide("SecretKeyFactory", "PBEWITHSHAAND256BITAES-CBC-BC"); 444 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC2-CBC"); 445 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC4"); 446 provide("SecretKeyFactory", "PBEWITHSHAANDTWOFISH-CBC"); 447 448 // Needed by our OpenSSL provider 449 provide("Cipher", "AES/CBC/NOPADDING"); 450 provide("Cipher", "AES/CBC/PKCS5PADDING"); 451 provide("Cipher", "AES/CBC/PKCS7PADDING"); 452 provide("Cipher", "AES/CFB/NOPADDING"); 453 provide("Cipher", "AES/CFB/PKCS5PADDING"); 454 provide("Cipher", "AES/CFB/PKCS7PADDING"); 455 provide("Cipher", "AES/CTR/NOPADDING"); 456 provide("Cipher", "AES/CTR/PKCS5PADDING"); 457 provide("Cipher", "AES/CTR/PKCS7PADDING"); 458 provide("Cipher", "AES/ECB/NOPADDING"); 459 provide("Cipher", "AES/ECB/PKCS5PADDING"); 460 provide("Cipher", "AES/ECB/PKCS7PADDING"); 461 provide("Cipher", "AES/OFB/NOPADDING"); 462 provide("Cipher", "AES/OFB/PKCS5PADDING"); 463 provide("Cipher", "AES/OFB/PKCS7PADDING"); 464 provide("Cipher", "DESEDE/CBC/NOPADDING"); 465 provide("Cipher", "DESEDE/CBC/PKCS5PADDING"); 466 provide("Cipher", "DESEDE/CBC/PKCS7PADDING"); 467 provide("Cipher", "DESEDE/CFB/NOPADDING"); 468 provide("Cipher", "DESEDE/CFB/PKCS5PADDING"); 469 provide("Cipher", "DESEDE/CFB/PKCS7PADDING"); 470 provide("Cipher", "DESEDE/ECB/NOPADDING"); 471 provide("Cipher", "DESEDE/ECB/PKCS5PADDING"); 472 provide("Cipher", "DESEDE/ECB/PKCS7PADDING"); 473 provide("Cipher", "DESEDE/OFB/NOPADDING"); 474 provide("Cipher", "DESEDE/OFB/PKCS5PADDING"); 475 provide("Cipher", "DESEDE/OFB/PKCS7PADDING"); 476 477 // Provided by our OpenSSL provider 478 provideCipherPaddings("AES", new String[] { "PKCS7Padding" }); 479 480 // removed LDAP 481 unprovide("CertStore", "LDAP"); 482 483 // removed MD2 484 unprovide("MessageDigest", "MD2"); 485 unprovide("Signature", "MD2withRSA"); 486 487 // removed RC2 488 // NOTE the implementation remains to support PKCS12 keystores 489 unprovide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 490 unprovide("AlgorithmParameters", "RC2"); 491 unprovide("Cipher", "PBEWithSHA1AndRC2_40"); 492 unprovide("Cipher", "RC2"); 493 unprovide("KeyGenerator", "RC2"); 494 unprovide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 495 496 // PBEWithMD5AndTripleDES is Sun proprietary 497 unprovide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 498 unprovide("Cipher", "PBEWithMD5AndTripleDES"); 499 unprovide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 500 501 // missing from Bouncy Castle 502 // Standard Names document says to use specific PBEWith*And* 503 unprovide("AlgorithmParameters", "PBE"); 504 505 // missing from Bouncy Castle 506 // TODO add to JDKAlgorithmParameters perhaps as wrapper on PBES2Parameters 507 // For now, can use AlgorithmParametersSpec javax.crypto.spec.PBEParameterSpec instead 508 unprovide("AlgorithmParameters", "PBEWithMD5AndDES"); // 1.2.840.113549.1.5.3 509 510 // EC support 511 // provide("AlgorithmParameters", "EC"); 512 provide("KeyAgreement", "ECDH"); 513 provide("KeyFactory", "EC"); 514 provide("KeyPairGenerator", "EC"); 515 provide("Signature", "NONEWITHECDSA"); 516 provide("Signature", "ECDSA"); // as opposed to SHA1WITHECDSA 517 provide("Signature", "SHA224WITHECDSA"); 518 provide("Signature", "SHA256WITHECDSA"); 519 provide("Signature", "SHA384WITHECDSA"); 520 provide("Signature", "SHA512WITHECDSA"); 521 522 // Android's CA store 523 provide("KeyStore", "AndroidCAStore"); 524 525 // Android's KeyStore provider 526 if (Security.getProvider("AndroidKeyStore") != null) { 527 provide("KeyStore", "AndroidKeyStore"); 528 } 529 530 // TimaKeyStore provider 531 if (Security.getProvider("TimaKeyStore") != null) { 532 provide("KeyStore", "TimaKeyStore"); 533 } 534 535 } 536 } 537 538 public static final String SSL_CONTEXT_PROTOCOLS_DEFAULT = "Default"; 539 public static final Set<String> SSL_CONTEXT_PROTOCOLS = new HashSet<String>(Arrays.asList( 540 SSL_CONTEXT_PROTOCOLS_DEFAULT, 541 "SSL", 542 // "SSLv2", 543 "SSLv3", 544 "TLS", 545 "TLSv1", 546 "TLSv1.1", 547 "TLSv1.2")); 548 public static final String SSL_CONTEXT_PROTOCOL_DEFAULT = "TLS"; 549 550 public static final Set<String> KEY_TYPES = new HashSet<String>(Arrays.asList( 551 "RSA", 552 "DSA", 553 "DH_RSA", 554 "DH_DSA", 555 "EC", 556 "EC_EC", 557 "EC_RSA")); 558 static { 559 if (IS_RI) { 560 // DH_* are specified by standard names, but do not seem to be supported by RI 561 KEY_TYPES.remove("DH_RSA"); 562 KEY_TYPES.remove("DH_DSA"); 563 } 564 } 565 566 public static final Set<String> SSL_SOCKET_PROTOCOLS = new HashSet<String>(Arrays.asList( 567 // "SSLv2", 568 "SSLv3", 569 "TLSv1", 570 "TLSv1.1", 571 "TLSv1.2")); 572 public static final Set<String> SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT = 573 new HashSet<String>(Arrays.asList( 574 "SSLv3", 575 "TLSv1", 576 "TLSv1.1", 577 "TLSv1.2")); 578 public static final Set<String> SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT = 579 new HashSet<String>(Arrays.asList( 580 "SSLv3", 581 "TLSv1", 582 "TLSv1.1", 583 "TLSv1.2")); 584 static { 585 if (IS_RI) { 586 /* Even though we use OpenSSL's SSLv23_method which 587 * supports sending SSLv2 client hello messages, the 588 * OpenSSL implementation in s23_client_hello disables 589 * this if SSL_OP_NO_SSLv2 is specified, which we always 590 * do to disable general use of SSLv2. 591 */ 592 SSL_SOCKET_PROTOCOLS.add("SSLv2Hello"); 593 } 594 } 595 596 /** 597 * Valid values for X509TrustManager.checkClientTrusted authType, 598 * either the algorithm of the public key or UNKNOWN. 599 */ 600 public static final Set<String> CLIENT_AUTH_TYPES = new HashSet<String>(Arrays.asList( 601 "RSA", 602 "DSA", 603 "EC", 604 "UNKNOWN")); 605 606 /** 607 * Valid values for X509TrustManager.checkServerTrusted authType, 608 * either key exchange algorithm part of the cipher suite 609 * or UNKNOWN. 610 */ 611 public static final Set<String> SERVER_AUTH_TYPES = new HashSet<String>(Arrays.asList( 612 "DHE_DSS", 613 "DHE_DSS_EXPORT", 614 "DHE_RSA", 615 "DHE_RSA_EXPORT", 616 "DH_DSS_EXPORT", 617 "DH_RSA_EXPORT", 618 "DH_anon", 619 "DH_anon_EXPORT", 620 "KRB5", 621 "KRB5_EXPORT", 622 "RSA", 623 "RSA_EXPORT", 624 "RSA_EXPORT1024", 625 "ECDH_ECDSA", 626 "ECDH_RSA", 627 "ECDHE_ECDSA", 628 "ECDHE_RSA", 629 "UNKNOWN")); 630 631 public static final String CIPHER_SUITE_INVALID = "SSL_NULL_WITH_NULL_NULL"; 632 633 public static final Set<String> CIPHER_SUITES_NEITHER = new HashSet<String>(); 634 635 public static final Set<String> CIPHER_SUITES_RI = new LinkedHashSet<String>(); 636 public static final Set<String> CIPHER_SUITES_OPENSSL = new LinkedHashSet<String>(); 637 638 public static final Set<String> CIPHER_SUITES; 639 addRi(String cipherSuite)640 private static final void addRi(String cipherSuite) { 641 CIPHER_SUITES_RI.add(cipherSuite); 642 } 643 addOpenSsl(String cipherSuite)644 private static final void addOpenSsl(String cipherSuite) { 645 CIPHER_SUITES_OPENSSL.add(cipherSuite); 646 } 647 addBoth(String cipherSuite)648 private static final void addBoth(String cipherSuite) { 649 addRi(cipherSuite); 650 addOpenSsl(cipherSuite); 651 } 652 addNeither(String cipherSuite)653 private static final void addNeither(String cipherSuite) { 654 CIPHER_SUITES_NEITHER.add(cipherSuite); 655 } 656 657 static { 658 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 659 // javax.net.ssl.SSLEngine. 660 addBoth( "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"); 661 addBoth( "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); 662 addBoth( "TLS_RSA_WITH_AES_256_CBC_SHA"); 663 addBoth( "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); 664 addBoth( "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"); 665 addBoth( "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"); 666 addBoth( "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"); 667 addBoth( "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"); 668 addBoth( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); 669 addBoth( "TLS_RSA_WITH_AES_128_CBC_SHA"); 670 addBoth( "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); 671 addBoth( "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"); 672 addBoth( "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"); 673 addBoth( "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); 674 addBoth( "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"); 675 addBoth( "TLS_ECDHE_RSA_WITH_RC4_128_SHA"); 676 addBoth( "SSL_RSA_WITH_RC4_128_SHA"); 677 addBoth( "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"); 678 addBoth( "TLS_ECDH_RSA_WITH_RC4_128_SHA"); 679 addBoth( "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"); 680 addBoth( "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"); 681 addBoth( "SSL_RSA_WITH_3DES_EDE_CBC_SHA"); 682 addBoth( "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); 683 addBoth( "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"); 684 addBoth( "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"); 685 addBoth( "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"); 686 addBoth( "SSL_RSA_WITH_RC4_128_MD5"); 687 688 // TLSv1.2 cipher suites 689 addBoth( "TLS_RSA_WITH_NULL_SHA256"); 690 addBoth( "TLS_RSA_WITH_AES_128_CBC_SHA256"); 691 addBoth( "TLS_RSA_WITH_AES_256_CBC_SHA256"); 692 addOpenSsl("TLS_RSA_WITH_AES_128_GCM_SHA256"); 693 addOpenSsl("TLS_RSA_WITH_AES_256_GCM_SHA384"); 694 addBoth( "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"); 695 addBoth( "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"); 696 addOpenSsl("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"); 697 addOpenSsl("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"); 698 addBoth( "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"); 699 addBoth( "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"); 700 addOpenSsl("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"); 701 addOpenSsl("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"); 702 addBoth( "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); 703 addBoth( "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"); 704 addOpenSsl("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"); 705 addOpenSsl("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"); 706 addBoth( "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); 707 addBoth( "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"); 708 addOpenSsl("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); 709 addOpenSsl("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"); 710 addBoth( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); 711 addBoth( "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); 712 addOpenSsl("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); 713 addOpenSsl("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); 714 addBoth( "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); 715 addBoth( "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); 716 addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); 717 addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); 718 addBoth( "TLS_DH_anon_WITH_AES_128_CBC_SHA256"); 719 addBoth( "TLS_DH_anon_WITH_AES_256_CBC_SHA256"); 720 addOpenSsl("TLS_DH_anon_WITH_AES_128_GCM_SHA256"); 721 addOpenSsl("TLS_DH_anon_WITH_AES_256_GCM_SHA384"); 722 723 // Pre-Shared Key (PSK) cipher suites 724 addOpenSsl("TLS_PSK_WITH_RC4_128_SHA"); 725 addOpenSsl("TLS_PSK_WITH_3DES_EDE_CBC_SHA"); 726 addOpenSsl("TLS_PSK_WITH_AES_128_CBC_SHA"); 727 addOpenSsl("TLS_PSK_WITH_AES_256_CBC_SHA"); 728 addOpenSsl("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"); 729 addOpenSsl("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"); 730 731 // RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 732 addBoth(CIPHER_SUITE_SECURE_RENEGOTIATION); 733 734 // From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 to indicate 735 // TLS fallback request 736 addOpenSsl(CIPHER_SUITE_FALLBACK); 737 738 // non-defaultCipherSuites 739 addBoth( "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"); 740 addBoth( "TLS_DH_anon_WITH_AES_256_CBC_SHA"); 741 addBoth( "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"); 742 addBoth( "TLS_DH_anon_WITH_AES_128_CBC_SHA"); 743 addBoth( "TLS_ECDH_anon_WITH_RC4_128_SHA"); 744 addBoth( "SSL_DH_anon_WITH_RC4_128_MD5"); 745 addBoth( "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"); 746 addBoth( "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); 747 addBoth( "TLS_ECDHE_ECDSA_WITH_NULL_SHA"); 748 addBoth( "TLS_ECDHE_RSA_WITH_NULL_SHA"); 749 addBoth( "SSL_RSA_WITH_NULL_SHA"); 750 addBoth( "TLS_ECDH_ECDSA_WITH_NULL_SHA"); 751 addBoth( "TLS_ECDH_RSA_WITH_NULL_SHA"); 752 addBoth( "TLS_ECDH_anon_WITH_NULL_SHA"); 753 addBoth( "SSL_RSA_WITH_NULL_MD5"); 754 addBoth( "SSL_RSA_WITH_DES_CBC_SHA"); 755 addBoth( "SSL_DHE_RSA_WITH_DES_CBC_SHA"); 756 addBoth( "SSL_DHE_DSS_WITH_DES_CBC_SHA"); 757 addBoth( "SSL_DH_anon_WITH_DES_CBC_SHA"); 758 addBoth( "SSL_RSA_EXPORT_WITH_RC4_40_MD5"); 759 addBoth( "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"); 760 addBoth( "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"); 761 addBoth( "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"); 762 addBoth( "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); 763 addBoth( "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 764 765 // Android does not have Keberos support 766 addRi( "TLS_KRB5_WITH_RC4_128_SHA"); 767 addRi( "TLS_KRB5_WITH_RC4_128_MD5"); 768 addRi( "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"); 769 addRi( "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"); 770 addRi( "TLS_KRB5_WITH_DES_CBC_SHA"); 771 addRi( "TLS_KRB5_WITH_DES_CBC_MD5"); 772 addRi( "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"); 773 addRi( "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"); 774 addRi( "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"); 775 addRi( "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"); 776 777 // Dropped 778 addNeither("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"); 779 addNeither("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"); 780 781 // Old non standard exportable encryption 782 addNeither("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA"); 783 addNeither("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA"); 784 785 // No RC2 786 addNeither("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"); 787 addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"); 788 addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"); 789 790 CIPHER_SUITES = (IS_RI) ? CIPHER_SUITES_RI : CIPHER_SUITES_OPENSSL; 791 } 792 793 /** 794 * Cipher suites that are not negotiated when TLSv1.2 is selected on the RI. 795 */ 796 public static final List<String> CIPHER_SUITES_OBSOLETE_TLS12 = 797 Arrays.asList( 798 "SSL_RSA_WITH_DES_CBC_SHA", 799 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 800 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 801 "SSL_DH_anon_WITH_DES_CBC_SHA", 802 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 803 "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 804 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 805 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 806 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 807 "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA" 808 ); 809 810 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 811 // javax.net.ssl.SSLEngine. 812 public static final List<String> CIPHER_SUITES_DEFAULT = (IS_RI) 813 ? Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 814 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 815 "TLS_RSA_WITH_AES_256_CBC_SHA256", 816 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 817 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 818 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 819 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 820 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 821 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 822 "TLS_RSA_WITH_AES_256_CBC_SHA", 823 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 824 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 825 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 826 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 827 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 828 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 829 "TLS_RSA_WITH_AES_128_CBC_SHA256", 830 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 831 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 832 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 833 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 834 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 835 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 836 "TLS_RSA_WITH_AES_128_CBC_SHA", 837 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 838 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 839 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 840 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 841 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 842 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 843 "SSL_RSA_WITH_RC4_128_SHA", 844 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 845 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 846 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 847 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 848 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 849 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 850 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 851 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 852 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 853 "SSL_RSA_WITH_RC4_128_MD5", 854 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV") 855 : Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 856 "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 857 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 858 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 859 "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 860 "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 861 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 862 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 863 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 864 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 865 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 866 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 867 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 868 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 869 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 870 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 871 "TLS_RSA_WITH_AES_128_GCM_SHA256", 872 "TLS_RSA_WITH_AES_256_GCM_SHA384", 873 "TLS_RSA_WITH_AES_128_CBC_SHA", 874 "TLS_RSA_WITH_AES_256_CBC_SHA", 875 "SSL_RSA_WITH_RC4_128_SHA", 876 CIPHER_SUITE_SECURE_RENEGOTIATION); 877 878 // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 879 // javax.net.ssl.SSLEngine. 880 public static final List<String> CIPHER_SUITES_DEFAULT_PSK = Arrays.asList( 881 "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 882 "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 883 "TLS_PSK_WITH_AES_128_CBC_SHA", 884 "TLS_PSK_WITH_AES_256_CBC_SHA" 885 ); 886 887 private static final Set<String> PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS = 888 new HashSet<String>(Arrays.asList("RSA", 889 "DHE_RSA", 890 "DHE_DSS", 891 "ECDHE_RSA", 892 "ECDHE_ECDSA")); 893 894 private static final Set<String> PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS = 895 new HashSet<String>(Arrays.asList("RC4_128", 896 "AES_128_CBC", 897 "AES_256_CBC", 898 "AES_128_GCM", 899 "AES_256_GCM")); 900 901 private static final Set<String> PERMITTED_DEFAULT_MACS = 902 new HashSet<String>(Arrays.asList("SHA", 903 "SHA256", 904 "SHA384")); 905 906 public static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES; 907 public static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES; 908 public static final Map<String, Integer> MINIMUM_KEY_SIZE; 909 static { 910 PRIVATE_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 911 PUBLIC_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 912 MINIMUM_KEY_SIZE = new HashMap<String, Integer>(); 913 PRIVATE_KEY_SPEC_CLASSES.put("RSA", RSAPrivateCrtKeySpec.class); 914 PUBLIC_KEY_SPEC_CLASSES.put("RSA", RSAPublicKeySpec.class); 915 MINIMUM_KEY_SIZE.put("RSA", 512); 916 PRIVATE_KEY_SPEC_CLASSES.put("DSA", DSAPrivateKeySpec.class); 917 PUBLIC_KEY_SPEC_CLASSES.put("DSA", DSAPublicKeySpec.class); 918 MINIMUM_KEY_SIZE.put("DSA", 512); 919 PRIVATE_KEY_SPEC_CLASSES.put("DH", DHPrivateKeySpec.class); 920 PUBLIC_KEY_SPEC_CLASSES.put("DH", DHPublicKeySpec.class); 921 MINIMUM_KEY_SIZE.put("DH", 256); 922 PRIVATE_KEY_SPEC_CLASSES.put("EC", ECPrivateKeySpec.class); 923 PUBLIC_KEY_SPEC_CLASSES.put("EC", ECPublicKeySpec.class); 924 MINIMUM_KEY_SIZE.put("EC", 256); 925 } 926 getPrivateKeySpecClass(String algName)927 public static Class<? extends KeySpec> getPrivateKeySpecClass(String algName) { 928 return PRIVATE_KEY_SPEC_CLASSES.get(algName); 929 } 930 getPublicKeySpecClass(String algName)931 public static Class<? extends KeySpec> getPublicKeySpecClass(String algName) { 932 return PUBLIC_KEY_SPEC_CLASSES.get(algName); 933 } 934 getMinimumKeySize(String algName)935 public static int getMinimumKeySize(String algName) { 936 return MINIMUM_KEY_SIZE.get(algName); 937 } 938 939 /** 940 * Asserts that the cipher suites array is non-null and that it 941 * all of its contents are cipher suites known to this 942 * implementation. As a convenience, returns any unenabled cipher 943 * suites in a test for those that want to verify separately that 944 * all cipher suites were included. 945 */ assertValidCipherSuites(Set<String> expected, String[] cipherSuites)946 public static Set<String> assertValidCipherSuites(Set<String> expected, String[] cipherSuites) { 947 assertNotNull(cipherSuites); 948 assertTrue(cipherSuites.length != 0); 949 950 // Make sure all cipherSuites names are expected 951 Set remainingCipherSuites = new HashSet<String>(expected); 952 Set unknownCipherSuites = new HashSet<String>(); 953 for (String cipherSuite : cipherSuites) { 954 boolean removed = remainingCipherSuites.remove(cipherSuite); 955 if (!removed) { 956 unknownCipherSuites.add(cipherSuite); 957 } 958 } 959 assertEquals("Unknown cipher suites", Collections.EMPTY_SET, unknownCipherSuites); 960 return remainingCipherSuites; 961 } 962 963 /** 964 * After using assertValidCipherSuites on cipherSuites, 965 * assertSupportedCipherSuites additionally verifies that all 966 * supported cipher suites where in the input array. 967 */ assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites)968 public static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) { 969 Set<String> remainingCipherSuites = assertValidCipherSuites(expected, cipherSuites); 970 assertEquals("Missing cipher suites", Collections.EMPTY_SET, remainingCipherSuites); 971 assertEquals(expected.size(), cipherSuites.length); 972 } 973 974 /** 975 * Asserts that the protocols array is non-null and that it all of 976 * its contents are protocols known to this implementation. As a 977 * convenience, returns any unenabled protocols in a test for 978 * those that want to verify separately that all protocols were 979 * included. 980 */ assertValidProtocols(Set<String> expected, String[] protocols)981 public static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) { 982 assertNotNull(protocols); 983 assertTrue(protocols.length != 0); 984 985 // Make sure all protocols names are expected 986 Set remainingProtocols = new HashSet<String>(expected); 987 Set unknownProtocols = new HashSet<String>(); 988 for (String protocol : protocols) { 989 if (!remainingProtocols.remove(protocol)) { 990 unknownProtocols.add(protocol); 991 } 992 } 993 assertEquals("Unknown protocols", Collections.EMPTY_SET, unknownProtocols); 994 return remainingProtocols; 995 } 996 997 /** 998 * After using assertValidProtocols on protocols, 999 * assertSupportedProtocols additionally verifies that all 1000 * supported protocols where in the input array. 1001 */ assertSupportedProtocols(Set<String> expected, String[] protocols)1002 public static void assertSupportedProtocols(Set<String> expected, String[] protocols) { 1003 Set<String> remainingProtocols = assertValidProtocols(expected, protocols); 1004 assertEquals("Missing protocols", Collections.EMPTY_SET, remainingProtocols); 1005 assertEquals(expected.size(), protocols.length); 1006 } 1007 1008 /** 1009 * Asserts that the protocols array is non-null and that all of its contents are supported 1010 * protocols. 1011 */ assertValidProtocols(String[] protocols)1012 public static void assertValidProtocols(String[] protocols) { 1013 assertValidProtocols(SSL_SOCKET_PROTOCOLS, protocols); 1014 } 1015 1016 /** 1017 * Asserts that the provided list of protocols matches the supported list of protocols. 1018 */ assertSupportedProtocols(String[] protocols)1019 public static void assertSupportedProtocols(String[] protocols) { 1020 assertSupportedProtocols(SSL_SOCKET_PROTOCOLS, protocols); 1021 } 1022 1023 /** 1024 * Asserts that the protocols array contains all the protocols enabled by default for client use 1025 * and no other ones. 1026 */ assertDefaultProtocolsClient(String[] protocols)1027 public static void assertDefaultProtocolsClient(String[] protocols) { 1028 assertValidProtocols(protocols); 1029 assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT, protocols); 1030 } 1031 1032 /** 1033 * Asserts that the protocols array contains all the protocols enabled by default for server use 1034 * and no other ones. 1035 */ assertDefaultProtocolsServer(String[] protocols)1036 public static void assertDefaultProtocolsServer(String[] protocols) { 1037 assertValidProtocols(protocols); 1038 assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT, protocols); 1039 } 1040 1041 /** 1042 * Asserts that the protocols array contains all the protocols enabled by default for 1043 * {@link javax.net.ssl.SSLEngine} and no other ones. 1044 */ assertSSLEngineDefaultProtocols(String[] protocols)1045 public static void assertSSLEngineDefaultProtocols(String[] protocols) { 1046 assertValidProtocols(protocols); 1047 assertSupportedProtocols(SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT, protocols); 1048 } 1049 1050 /** 1051 * Assert that the provided list of cipher suites contains only the supported cipher suites. 1052 */ assertValidCipherSuites(String[] cipherSuites)1053 public static void assertValidCipherSuites(String[] cipherSuites) { 1054 assertValidCipherSuites(CIPHER_SUITES, cipherSuites); 1055 } 1056 1057 /** 1058 * Assert that the provided list of cipher suites matches the supported list. 1059 */ assertSupportedCipherSuites(String[] cipherSuites)1060 public static void assertSupportedCipherSuites(String[] cipherSuites) { 1061 assertSupportedCipherSuites(CIPHER_SUITES, cipherSuites); 1062 } 1063 1064 /** 1065 * Assert cipher suites match the default list in content and priority order and contain 1066 * only cipher suites permitted by default. 1067 */ assertDefaultCipherSuites(String[] cipherSuites)1068 public static void assertDefaultCipherSuites(String[] cipherSuites) { 1069 assertValidCipherSuites(cipherSuites); 1070 assertEquals(CIPHER_SUITES_DEFAULT, Arrays.asList(cipherSuites)); 1071 1072 // Assert that all the cipher suites are permitted to be in the default list. 1073 // This assertion is a backup for the stricter assertion above. 1074 // 1075 // There is no point in asserting this for the RI as it's outside of our control. 1076 if (!IS_RI) { 1077 List<String> disallowedDefaultCipherSuites = new ArrayList<String>(); 1078 for (String cipherSuite : cipherSuites) { 1079 if (!isPermittedDefaultCipherSuite(cipherSuite)) { 1080 disallowedDefaultCipherSuites.add(cipherSuite); 1081 } 1082 } 1083 assertEquals(Collections.EMPTY_LIST, disallowedDefaultCipherSuites); 1084 } 1085 } 1086 isPermittedDefaultCipherSuite(String cipherSuite)1087 private static boolean isPermittedDefaultCipherSuite(String cipherSuite) { 1088 assertNotNull(cipherSuite); 1089 if (CIPHER_SUITE_SECURE_RENEGOTIATION.equals(cipherSuite)) { 1090 return true; 1091 } 1092 assertTrue(cipherSuite, cipherSuite.startsWith("TLS_") || cipherSuite.startsWith("SSL_")); 1093 1094 // Example: RSA_WITH_AES_128_CBC_SHA 1095 String remainder = cipherSuite.substring("TLS_".length()); 1096 int macDelimiterIndex = remainder.lastIndexOf('_'); 1097 assertTrue(cipherSuite, macDelimiterIndex != -1); 1098 // Example: SHA 1099 String mac = remainder.substring(macDelimiterIndex + 1); 1100 1101 // Example: RSA_WITH_AES_128_CBC 1102 remainder = remainder.substring(0, macDelimiterIndex); 1103 int withDelimiterIndex = remainder.indexOf("_WITH_"); 1104 assertTrue(cipherSuite, withDelimiterIndex != -1); 1105 1106 // Example: RSA 1107 String keyExchange = remainder.substring(0, withDelimiterIndex); 1108 // Example: AES_128_CBC 1109 String bulkEncryptionCipher = remainder.substring(withDelimiterIndex + "_WITH_".length()); 1110 1111 if (!PERMITTED_DEFAULT_MACS.contains(mac)) { 1112 return false; 1113 } 1114 if (!PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS.contains(keyExchange)) { 1115 return false; 1116 } 1117 if (!PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS.contains(bulkEncryptionCipher)) { 1118 return false; 1119 } 1120 1121 return true; 1122 } 1123 1124 /** 1125 * Get all supported mode names for the given cipher. 1126 */ getModesForCipher(String cipher)1127 public static Set<String> getModesForCipher(String cipher) { 1128 return CIPHER_MODES.get(cipher); 1129 } 1130 1131 /** 1132 * Get all supported padding names for the given cipher. 1133 */ getPaddingsForCipher(String cipher)1134 public static Set<String> getPaddingsForCipher(String cipher) { 1135 return CIPHER_PADDINGS.get(cipher); 1136 } 1137 } 1138