11864f965419c5b14ac9317c576c8a0f7169c067enmittler/* 21864f965419c5b14ac9317c576c8a0f7169c067enmittler * Copyright (C) 2010 The Android Open Source Project 31864f965419c5b14ac9317c576c8a0f7169c067enmittler * 41864f965419c5b14ac9317c576c8a0f7169c067enmittler * Licensed under the Apache License, Version 2.0 (the "License"); 51864f965419c5b14ac9317c576c8a0f7169c067enmittler * you may not use this file except in compliance with the License. 61864f965419c5b14ac9317c576c8a0f7169c067enmittler * You may obtain a copy of the License at 71864f965419c5b14ac9317c576c8a0f7169c067enmittler * 81864f965419c5b14ac9317c576c8a0f7169c067enmittler * http://www.apache.org/licenses/LICENSE-2.0 91864f965419c5b14ac9317c576c8a0f7169c067enmittler * 101864f965419c5b14ac9317c576c8a0f7169c067enmittler * Unless required by applicable law or agreed to in writing, software 111864f965419c5b14ac9317c576c8a0f7169c067enmittler * distributed under the License is distributed on an "AS IS" BASIS, 121864f965419c5b14ac9317c576c8a0f7169c067enmittler * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 131864f965419c5b14ac9317c576c8a0f7169c067enmittler * See the License for the specific language governing permissions and 141864f965419c5b14ac9317c576c8a0f7169c067enmittler * limitations under the License. 151864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 161864f965419c5b14ac9317c576c8a0f7169c067enmittler 171864f965419c5b14ac9317c576c8a0f7169c067enmittlerpackage libcore.java.security; 181864f965419c5b14ac9317c576c8a0f7169c067enmittler 19f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Rootimport static org.junit.Assert.assertEquals; 20f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Rootimport static org.junit.Assert.assertNotNull; 21f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Rootimport static org.junit.Assert.assertTrue; 22f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root 231864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.security.Security; 241864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.security.spec.DSAPrivateKeySpec; 251864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.security.spec.DSAPublicKeySpec; 261864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.security.spec.ECPrivateKeySpec; 271864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.security.spec.ECPublicKeySpec; 281864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.security.spec.KeySpec; 291864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.security.spec.RSAPrivateCrtKeySpec; 301864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.security.spec.RSAPublicKeySpec; 311864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.util.Arrays; 321864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.util.Collections; 331864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.util.HashMap; 341864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.util.HashSet; 351864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.util.LinkedHashSet; 361864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.util.List; 371864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.util.Locale; 381864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.util.Map; 391864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport java.util.Set; 40074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittlerimport java.util.TreeSet; 411864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport javax.crypto.spec.DHPrivateKeySpec; 421864f965419c5b14ac9317c576c8a0f7169c067enmittlerimport javax.crypto.spec.DHPublicKeySpec; 431864f965419c5b14ac9317c576c8a0f7169c067enmittler 441864f965419c5b14ac9317c576c8a0f7169c067enmittler/** 451864f965419c5b14ac9317c576c8a0f7169c067enmittler * This class defines expected string names for protocols, key types, 461864f965419c5b14ac9317c576c8a0f7169c067enmittler * client and server auth types, cipher suites. 471864f965419c5b14ac9317c576c8a0f7169c067enmittler * 481864f965419c5b14ac9317c576c8a0f7169c067enmittler * Initially based on "Appendix A: Standard Names" of 491864f965419c5b14ac9317c576c8a0f7169c067enmittler * <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA"> 501864f965419c5b14ac9317c576c8a0f7169c067enmittler * Java ™ Secure Socket Extension (JSSE) Reference Guide 511864f965419c5b14ac9317c576c8a0f7169c067enmittler * for the Java ™ 2 Platform Standard Edition 5 521864f965419c5b14ac9317c576c8a0f7169c067enmittler * </a>. 531864f965419c5b14ac9317c576c8a0f7169c067enmittler * 541864f965419c5b14ac9317c576c8a0f7169c067enmittler * Updated based on the 551864f965419c5b14ac9317c576c8a0f7169c067enmittler * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/SunProviders.html"> 561864f965419c5b14ac9317c576c8a0f7169c067enmittler * Java ™ Cryptography Architecture Oracle Providers Documentation 571864f965419c5b14ac9317c576c8a0f7169c067enmittler * for Java ™ Platform Standard Edition 7 581864f965419c5b14ac9317c576c8a0f7169c067enmittler * </a>. 591864f965419c5b14ac9317c576c8a0f7169c067enmittler * See also the 601864f965419c5b14ac9317c576c8a0f7169c067enmittler * <a href="http://download.java.net/jdk8/docs/technotes/guides/security/StandardNames.html"> 611864f965419c5b14ac9317c576c8a0f7169c067enmittler * Java ™ Cryptography Architecture Standard Algorithm Name Documentation 621864f965419c5b14ac9317c576c8a0f7169c067enmittler * </a>. 631864f965419c5b14ac9317c576c8a0f7169c067enmittler * 641864f965419c5b14ac9317c576c8a0f7169c067enmittler * Further updates based on the 651864f965419c5b14ac9317c576c8a0f7169c067enmittler * <a href=http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html"> 661864f965419c5b14ac9317c576c8a0f7169c067enmittler * Java ™ PKCS#11 Reference Guide 671864f965419c5b14ac9317c576c8a0f7169c067enmittler * </a>. 681864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 69f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Rootpublic final class StandardNames { 701864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final boolean IS_RI = 711864f965419c5b14ac9317c576c8a0f7169c067enmittler !"Dalvik Core Library".equals(System.getProperty("java.specification.name")); 72be2b3bd94189cd33a40e8c39268bcf38d755edaeNathan Mittler public static final String JSSE_PROVIDER_NAME = (IS_RI) ? "Conscrypt" : "AndroidOpenSSL"; 731864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final String SECURITY_PROVIDER_NAME = (IS_RI) ? "SUN" : "BC"; 741864f965419c5b14ac9317c576c8a0f7169c067enmittler 751864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final String KEY_MANAGER_FACTORY_DEFAULT = (IS_RI) ? "SunX509" : "PKIX"; 761864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final String TRUST_MANAGER_FACTORY_DEFAULT = "PKIX"; 771864f965419c5b14ac9317c576c8a0f7169c067enmittler 781864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final String KEY_STORE_ALGORITHM = (IS_RI) ? "JKS" : "BKS"; 791864f965419c5b14ac9317c576c8a0f7169c067enmittler 801864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 811864f965419c5b14ac9317c576c8a0f7169c067enmittler * RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 821864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 831864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final String CIPHER_SUITE_SECURE_RENEGOTIATION = 841864f965419c5b14ac9317c576c8a0f7169c067enmittler "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 851864f965419c5b14ac9317c576c8a0f7169c067enmittler 861864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 871864f965419c5b14ac9317c576c8a0f7169c067enmittler * From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 it is a 881864f965419c5b14ac9317c576c8a0f7169c067enmittler * signaling cipher suite value (SCSV) to indicate that this request is a 891864f965419c5b14ac9317c576c8a0f7169c067enmittler * protocol fallback (e.g., TLS 1.0 -> SSL 3.0) because the server didn't respond 901864f965419c5b14ac9317c576c8a0f7169c067enmittler * to the first request. 911864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 921864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final String CIPHER_SUITE_FALLBACK = "TLS_FALLBACK_SCSV"; 931864f965419c5b14ac9317c576c8a0f7169c067enmittler 941864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 951864f965419c5b14ac9317c576c8a0f7169c067enmittler * A map from algorithm type (e.g. Cipher) to a set of algorithms (e.g. AES, DES, ...) 961864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 97f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root public static final HashMap<String, HashSet<String>> PROVIDER_ALGORITHMS = 98f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root new HashMap<String, HashSet<String>>(); 991864f965419c5b14ac9317c576c8a0f7169c067enmittler 100f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root public static final HashMap<String, HashSet<String>> CIPHER_MODES = 101f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root new HashMap<String, HashSet<String>>(); 1021864f965419c5b14ac9317c576c8a0f7169c067enmittler 103f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root public static final HashMap<String, HashSet<String>> CIPHER_PADDINGS = 104f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root new HashMap<String, HashSet<String>>(); 1051864f965419c5b14ac9317c576c8a0f7169c067enmittler 106f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root private static final HashMap<String, String[]> SSL_CONTEXT_PROTOCOLS_ENABLED = 1071864f965419c5b14ac9317c576c8a0f7169c067enmittler new HashMap<String, String[]>(); 1081864f965419c5b14ac9317c576c8a0f7169c067enmittler 1091864f965419c5b14ac9317c576c8a0f7169c067enmittler private static void provide(String type, String algorithm) { 110f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root HashSet<String> algorithms = PROVIDER_ALGORITHMS.get(type); 1111864f965419c5b14ac9317c576c8a0f7169c067enmittler if (algorithms == null) { 112f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root algorithms = new HashSet<String>(); 1131864f965419c5b14ac9317c576c8a0f7169c067enmittler PROVIDER_ALGORITHMS.put(type, algorithms); 1141864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1151864f965419c5b14ac9317c576c8a0f7169c067enmittler assertTrue("Duplicate " + type + " " + algorithm, 1161864f965419c5b14ac9317c576c8a0f7169c067enmittler algorithms.add(algorithm.toUpperCase(Locale.ROOT))); 1171864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1181864f965419c5b14ac9317c576c8a0f7169c067enmittler private static void unprovide(String type, String algorithm) { 119f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root HashSet<String> algorithms = PROVIDER_ALGORITHMS.get(type); 1201864f965419c5b14ac9317c576c8a0f7169c067enmittler assertNotNull(algorithms); 1211864f965419c5b14ac9317c576c8a0f7169c067enmittler assertTrue(algorithm, algorithms.remove(algorithm.toUpperCase(Locale.ROOT))); 1221864f965419c5b14ac9317c576c8a0f7169c067enmittler if (algorithms.isEmpty()) { 1231864f965419c5b14ac9317c576c8a0f7169c067enmittler assertNotNull(PROVIDER_ALGORITHMS.remove(type)); 1241864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1251864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1261864f965419c5b14ac9317c576c8a0f7169c067enmittler private static void provideCipherModes(String algorithm, String newModes[]) { 127f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root HashSet<String> modes = CIPHER_MODES.get(algorithm); 1281864f965419c5b14ac9317c576c8a0f7169c067enmittler if (modes == null) { 1291864f965419c5b14ac9317c576c8a0f7169c067enmittler modes = new HashSet<String>(); 1301864f965419c5b14ac9317c576c8a0f7169c067enmittler CIPHER_MODES.put(algorithm, modes); 1311864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1321864f965419c5b14ac9317c576c8a0f7169c067enmittler modes.addAll(Arrays.asList(newModes)); 1331864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1341864f965419c5b14ac9317c576c8a0f7169c067enmittler private static void provideCipherPaddings(String algorithm, String newPaddings[]) { 135f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root HashSet<String> paddings = CIPHER_PADDINGS.get(algorithm); 1361864f965419c5b14ac9317c576c8a0f7169c067enmittler if (paddings == null) { 1371864f965419c5b14ac9317c576c8a0f7169c067enmittler paddings = new HashSet<String>(); 1381864f965419c5b14ac9317c576c8a0f7169c067enmittler CIPHER_PADDINGS.put(algorithm, paddings); 1391864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1401864f965419c5b14ac9317c576c8a0f7169c067enmittler paddings.addAll(Arrays.asList(newPaddings)); 1411864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1421864f965419c5b14ac9317c576c8a0f7169c067enmittler private static void provideSslContextEnabledProtocols( 1431864f965419c5b14ac9317c576c8a0f7169c067enmittler String algorithm, TLSVersion minimum, TLSVersion maximum) { 1441864f965419c5b14ac9317c576c8a0f7169c067enmittler if (minimum.ordinal() > maximum.ordinal()) { 1451864f965419c5b14ac9317c576c8a0f7169c067enmittler throw new RuntimeException("TLS version: minimum > maximum"); 1461864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1471864f965419c5b14ac9317c576c8a0f7169c067enmittler int versionsLength = maximum.ordinal() - minimum.ordinal() + 1; 1481864f965419c5b14ac9317c576c8a0f7169c067enmittler String[] versionNames = new String[versionsLength]; 1491864f965419c5b14ac9317c576c8a0f7169c067enmittler for (int i = 0; i < versionsLength; i++) { 1501864f965419c5b14ac9317c576c8a0f7169c067enmittler versionNames[i] = TLSVersion.values()[i + minimum.ordinal()].name; 1511864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1521864f965419c5b14ac9317c576c8a0f7169c067enmittler SSL_CONTEXT_PROTOCOLS_ENABLED.put(algorithm, versionNames); 1531864f965419c5b14ac9317c576c8a0f7169c067enmittler } 1541864f965419c5b14ac9317c576c8a0f7169c067enmittler static { 1551864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameterGenerator", "DSA"); 1561864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameterGenerator", "DiffieHellman"); 1571864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "AES"); 1581864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "Blowfish"); 1591864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "DES"); 1601864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "DESede"); 1611864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "DSA"); 1621864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "DiffieHellman"); 1631864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "GCM"); 1641864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "OAEP"); 1651864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "PBEWithMD5AndDES"); 1661864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 1671864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 1681864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 1691864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "PSS"); 1701864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "RC2"); 1711864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("CertPathBuilder", "PKIX"); 1721864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("CertPathValidator", "PKIX"); 1731864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("CertStore", "Collection"); 1741864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("CertStore", "LDAP"); 1751864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("CertificateFactory", "X.509"); 1761864f965419c5b14ac9317c576c8a0f7169c067enmittler // TODO: provideCipherModes and provideCipherPaddings for other Ciphers 1771864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES"); 1781864f965419c5b14ac9317c576c8a0f7169c067enmittler provideCipherModes("AES", new String[] {"CBC", "CFB", "CTR", "CTS", "ECB", "OFB"}); 1791864f965419c5b14ac9317c576c8a0f7169c067enmittler provideCipherPaddings("AES", new String[] {"NoPadding", "PKCS5Padding"}); 1801864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AESWrap"); 1811864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "ARCFOUR"); 1821864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "Blowfish"); 1831864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DES"); 1841864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESede"); 1851864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESedeWrap"); 1861864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWithMD5AndDES"); 1871864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWithMD5AndTripleDES"); 1881864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWithSHA1AndDESede"); 1891864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWithSHA1AndRC2_40"); 1901864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RC2"); 1911864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RSA"); 1921864f965419c5b14ac9317c576c8a0f7169c067enmittler // TODO: None? 1931864f965419c5b14ac9317c576c8a0f7169c067enmittler provideCipherModes("RSA", new String[] {"ECB"}); 1941864f965419c5b14ac9317c576c8a0f7169c067enmittler // TODO: OAEPPadding 1951864f965419c5b14ac9317c576c8a0f7169c067enmittler provideCipherPaddings("RSA", new String[] {"NoPadding", "PKCS1Padding"}); 1961864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Configuration", "JavaLoginConfig"); 1971864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyAgreement", "DiffieHellman"); 1981864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyFactory", "DSA"); 1991864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyFactory", "DiffieHellman"); 2001864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyFactory", "RSA"); 2011864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "AES"); 2021864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "ARCFOUR"); 2031864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "Blowfish"); 2041864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "DES"); 2051864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "DESede"); 2061864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "HmacMD5"); 2071864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "HmacSHA1"); 2081864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "HmacSHA224"); 2091864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "HmacSHA256"); 2101864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "HmacSHA384"); 2111864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "HmacSHA512"); 2121864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "RC2"); 2131864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyInfoFactory", "DOM"); 2141864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyManagerFactory", "PKIX"); 2151864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyPairGenerator", "DSA"); 2161864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyPairGenerator", "DiffieHellman"); 2171864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyPairGenerator", "RSA"); 2181864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyStore", "JCEKS"); 2191864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyStore", "JKS"); 2201864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyStore", "PKCS12"); 2211864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "HmacMD5"); 2221864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "HmacSHA1"); 2231864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "HmacSHA224"); 2241864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "HmacSHA256"); 2251864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "HmacSHA384"); 2261864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "HmacSHA512"); 2271864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "PBEWITHHMACSHA224"); 2281864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "PBEWITHHMACSHA256"); 2291864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "PBEWITHHMACSHA384"); 2301864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "PBEWITHHMACSHA512"); 2311864f965419c5b14ac9317c576c8a0f7169c067enmittler // If adding a new MessageDigest, consider adding it to JarVerifier 2321864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("MessageDigest", "MD2"); 2331864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("MessageDigest", "MD5"); 2341864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("MessageDigest", "SHA-224"); 2351864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("MessageDigest", "SHA-256"); 2361864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("MessageDigest", "SHA-384"); 2371864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("MessageDigest", "SHA-512"); 2381864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Policy", "JavaPolicy"); 2391864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SSLContext", "TLSv1"); 2401864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SSLContext", "TLSv1.1"); 2411864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SSLContext", "TLSv1.2"); 2421864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "DES"); 2431864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "DESede"); 2441864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWithMD5AndDES"); 2451864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 2461864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 2471864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 2481864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBKDF2WithHmacSHA1"); 2491864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBKDF2WithHmacSHA224"); 2501864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBKDF2WithHmacSHA256"); 2511864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBKDF2WithHmacSHA384"); 2521864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBKDF2WithHmacSHA512"); 2531864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBKDF2WithHmacSHA1And8bit"); 2541864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecureRandom", "SHA1PRNG"); 2551864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "MD2withRSA"); 2561864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "MD5withRSA"); 2571864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "NONEwithDSA"); 2581864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA1withDSA"); 2591864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA224withDSA"); 2601864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA256withDSA"); 2611864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA1withRSA"); 2621864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA224withRSA"); 2631864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA256withRSA"); 2641864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA384withRSA"); 2651864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA512withRSA"); 2661864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TerminalFactory", "PC/SC"); 2671864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TransformService", "http://www.w3.org/2000/09/xmldsig#base64"); 2681864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TransformService", "http://www.w3.org/2000/09/xmldsig#enveloped-signature"); 2691864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#"); 2701864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"); 2711864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TransformService", "http://www.w3.org/2002/06/xmldsig-filter2"); 2721864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TransformService", "http://www.w3.org/TR/1999/REC-xpath-19991116"); 2731864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TransformService", "http://www.w3.org/TR/1999/REC-xslt-19991116"); 2741864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); 2751864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); 2761864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TrustManagerFactory", "PKIX"); 2771864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("XMLSignatureFactory", "DOM"); 2781864f965419c5b14ac9317c576c8a0f7169c067enmittler 2791864f965419c5b14ac9317c576c8a0f7169c067enmittler // Not clearly documented by RI 2801864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("GssApiMechanism", "1.2.840.113554.1.2.2"); 2811864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("GssApiMechanism", "1.3.6.1.5.5.2"); 2821864f965419c5b14ac9317c576c8a0f7169c067enmittler 2831864f965419c5b14ac9317c576c8a0f7169c067enmittler // Not correctly documented by RI which left off the Factory suffix 2841864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SaslClientFactory", "CRAM-MD5"); 2851864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SaslClientFactory", "DIGEST-MD5"); 2861864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SaslClientFactory", "EXTERNAL"); 2871864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SaslClientFactory", "GSSAPI"); 2881864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SaslClientFactory", "PLAIN"); 2891864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SaslServerFactory", "CRAM-MD5"); 2901864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SaslServerFactory", "DIGEST-MD5"); 2911864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SaslServerFactory", "GSSAPI"); 2921864f965419c5b14ac9317c576c8a0f7169c067enmittler 2931864f965419c5b14ac9317c576c8a0f7169c067enmittler // Documentation seems to list alias instead of actual name 2941864f965419c5b14ac9317c576c8a0f7169c067enmittler // provide("MessageDigest", "SHA-1"); 2951864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("MessageDigest", "SHA"); 2961864f965419c5b14ac9317c576c8a0f7169c067enmittler 2971864f965419c5b14ac9317c576c8a0f7169c067enmittler // Mentioned in javadoc, not documentation 2981864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SSLContext", "Default"); 2991864f965419c5b14ac9317c576c8a0f7169c067enmittler 3001864f965419c5b14ac9317c576c8a0f7169c067enmittler // Not documented as in RI 6 but mentioned in Standard Names 3011864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "PBE"); 3021864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SSLContext", "TLS"); 3031864f965419c5b14ac9317c576c8a0f7169c067enmittler 3041864f965419c5b14ac9317c576c8a0f7169c067enmittler // Not documented as in RI 6 but that exist in RI 6 3051864f965419c5b14ac9317c576c8a0f7169c067enmittler if (IS_RI) { 3061864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("CertStore", "com.sun.security.IndexedCollection"); 3071864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "SunTlsKeyMaterial"); 3081864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "SunTlsMasterSecret"); 3091864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "SunTlsPrf"); 3101864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "SunTlsRsaPremasterSecret"); 3111864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyStore", "CaseExactJKS"); 3121864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "HmacPBESHA1"); 3131864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "SslMacMD5"); 3141864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "SslMacSHA1"); 3151864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecureRandom", "NativePRNG"); 3161864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "MD5andSHA1withRSA"); 3171864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("TrustManagerFactory", "SunX509"); 3181864f965419c5b14ac9317c576c8a0f7169c067enmittler } 3191864f965419c5b14ac9317c576c8a0f7169c067enmittler 3201864f965419c5b14ac9317c576c8a0f7169c067enmittler // Only available with the SunPKCS11-NSS provider, 3211864f965419c5b14ac9317c576c8a0f7169c067enmittler // which seems to be enabled in OpenJDK 6 but not Oracle Java 6 3221864f965419c5b14ac9317c576c8a0f7169c067enmittler if (Security.getProvider("SunPKCS11-NSS") != null) { 3231864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/CBC/NOPADDING"); 3241864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DES/CBC/NOPADDING"); 3251864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/CBC/NOPADDING"); 3261864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RSA/ECB/PKCS1PADDING"); 3271864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyAgreement", "DH"); 3281864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyFactory", "DH"); 3291864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyPairGenerator", "DH"); 3301864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyStore", "PKCS11"); 3311864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("MessageDigest", "SHA1"); 3321864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "AES"); 3331864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "ARCFOUR"); 3341864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecureRandom", "PKCS11"); 3351864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "DSA"); 3361864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "RAWDSA"); 3371864f965419c5b14ac9317c576c8a0f7169c067enmittler } 3381864f965419c5b14ac9317c576c8a0f7169c067enmittler 3391864f965419c5b14ac9317c576c8a0f7169c067enmittler if (Security.getProvider("SunPKCS11-NSS") != null 3401864f965419c5b14ac9317c576c8a0f7169c067enmittler || Security.getProvider("SunEC") != null) { 3411864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "EC"); 3421864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyAgreement", "ECDH"); 3431864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyFactory", "EC"); 3441864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyPairGenerator", "EC"); 3451864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "NONEWITHECDSA"); 3461864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA1WITHECDSA"); 3471864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA224WITHECDSA"); 3481864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA256WITHECDSA"); 3491864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA384WITHECDSA"); 3501864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA512WITHECDSA"); 3511864f965419c5b14ac9317c576c8a0f7169c067enmittler } 3521864f965419c5b14ac9317c576c8a0f7169c067enmittler 3531864f965419c5b14ac9317c576c8a0f7169c067enmittler // Documented as Standard Names, but do not exit in RI 6 3541864f965419c5b14ac9317c576c8a0f7169c067enmittler if (IS_RI) { 3551864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("SSLContext", "TLSv1.1"); 3561864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("SSLContext", "TLSv1.2"); 3571864f965419c5b14ac9317c576c8a0f7169c067enmittler } 3581864f965419c5b14ac9317c576c8a0f7169c067enmittler 3591864f965419c5b14ac9317c576c8a0f7169c067enmittler // Fixups for the RI 3601864f965419c5b14ac9317c576c8a0f7169c067enmittler if (IS_RI) { 3611864f965419c5b14ac9317c576c8a0f7169c067enmittler // different names: Standard Names says PKIX, JSSE Reference Guide says SunX509 or 3621864f965419c5b14ac9317c576c8a0f7169c067enmittler // NewSunX509 3631864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("KeyManagerFactory", "PKIX"); 3641864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyManagerFactory", "SunX509"); 3651864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyManagerFactory", "NewSunX509"); 3661864f965419c5b14ac9317c576c8a0f7169c067enmittler } 3671864f965419c5b14ac9317c576c8a0f7169c067enmittler 3681864f965419c5b14ac9317c576c8a0f7169c067enmittler // Fixups for dalvik 3691864f965419c5b14ac9317c576c8a0f7169c067enmittler if (!IS_RI) { 3701864f965419c5b14ac9317c576c8a0f7169c067enmittler // whole types that we do not provide 3711864f965419c5b14ac9317c576c8a0f7169c067enmittler PROVIDER_ALGORITHMS.remove("Configuration"); 3721864f965419c5b14ac9317c576c8a0f7169c067enmittler PROVIDER_ALGORITHMS.remove("GssApiMechanism"); 3731864f965419c5b14ac9317c576c8a0f7169c067enmittler PROVIDER_ALGORITHMS.remove("KeyInfoFactory"); 3741864f965419c5b14ac9317c576c8a0f7169c067enmittler PROVIDER_ALGORITHMS.remove("Policy"); 3751864f965419c5b14ac9317c576c8a0f7169c067enmittler PROVIDER_ALGORITHMS.remove("SaslClientFactory"); 3761864f965419c5b14ac9317c576c8a0f7169c067enmittler PROVIDER_ALGORITHMS.remove("SaslServerFactory"); 3771864f965419c5b14ac9317c576c8a0f7169c067enmittler PROVIDER_ALGORITHMS.remove("TerminalFactory"); 3781864f965419c5b14ac9317c576c8a0f7169c067enmittler PROVIDER_ALGORITHMS.remove("TransformService"); 3791864f965419c5b14ac9317c576c8a0f7169c067enmittler PROVIDER_ALGORITHMS.remove("XMLSignatureFactory"); 3801864f965419c5b14ac9317c576c8a0f7169c067enmittler 3811864f965419c5b14ac9317c576c8a0f7169c067enmittler // different names Diffie-Hellman vs DH 3821864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("AlgorithmParameterGenerator", "DiffieHellman"); 3831864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameterGenerator", "DH"); 3841864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("AlgorithmParameters", "DiffieHellman"); 3851864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "DH"); 3861864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("KeyAgreement", "DiffieHellman"); 3871864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyAgreement", "DH"); 3881864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("KeyFactory", "DiffieHellman"); 3891864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyFactory", "DH"); 3901864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("KeyPairGenerator", "DiffieHellman"); 3911864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyPairGenerator", "DH"); 3921864f965419c5b14ac9317c576c8a0f7169c067enmittler 3931864f965419c5b14ac9317c576c8a0f7169c067enmittler // different names PBEWithSHA1AndDESede vs PBEWithSHAAnd3-KEYTripleDES-CBC 3941864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 3951864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("Cipher", "PBEWithSHA1AndDESede"); 3961864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 3971864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "PKCS12PBE"); 3981864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 3991864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 4001864f965419c5b14ac9317c576c8a0f7169c067enmittler 4011864f965419c5b14ac9317c576c8a0f7169c067enmittler // different names: BouncyCastle actually uses the Standard name of SHA-1 vs SHA 4021864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("MessageDigest", "SHA"); 4031864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("MessageDigest", "SHA-1"); 4041864f965419c5b14ac9317c576c8a0f7169c067enmittler 4051864f965419c5b14ac9317c576c8a0f7169c067enmittler // Added to support Android KeyStore operations 4061864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "NONEwithRSA"); 4071864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RSA/ECB/NOPADDING"); 4081864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RSA/ECB/PKCS1PADDING"); 4091864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RSA/ECB/OAEPPadding"); 4101864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); 4111864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RSA/ECB/OAEPWithSHA-224AndMGF1Padding"); 4121864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); 4131864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RSA/ECB/OAEPWithSHA-384AndMGF1Padding"); 4141864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "RSA/ECB/OAEPWithSHA-512AndMGF1Padding"); 4151864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "AES"); 4161864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "HmacSHA1"); 4171864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "HmacSHA224"); 4181864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "HmacSHA256"); 4191864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "HmacSHA384"); 4201864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "HmacSHA512"); 4211864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA1withRSA/PSS"); 4221864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA224withRSA/PSS"); 4231864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA256withRSA/PSS"); 4241864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA384withRSA/PSS"); 4251864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA512withRSA/PSS"); 4261864f965419c5b14ac9317c576c8a0f7169c067enmittler 4271864f965419c5b14ac9317c576c8a0f7169c067enmittler // different names: ARCFOUR vs ARC4 4281864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("Cipher", "ARCFOUR"); 4291864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "ARC4"); 4301864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("KeyGenerator", "ARCFOUR"); 4311864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "ARC4"); 4321864f965419c5b14ac9317c576c8a0f7169c067enmittler 4331864f965419c5b14ac9317c576c8a0f7169c067enmittler // different case names: Blowfish vs BLOWFISH 4341864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("AlgorithmParameters", "Blowfish"); 4351864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("AlgorithmParameters", "BLOWFISH"); 4361864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("Cipher", "Blowfish"); 4371864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "BLOWFISH"); 4381864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("KeyGenerator", "Blowfish"); 4391864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyGenerator", "BLOWFISH"); 4401864f965419c5b14ac9317c576c8a0f7169c067enmittler 4411864f965419c5b14ac9317c576c8a0f7169c067enmittler // Harmony has X.509, BouncyCastle X509 4421864f965419c5b14ac9317c576c8a0f7169c067enmittler // TODO remove one, probably Harmony's 4431864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("CertificateFactory", "X509"); 4441864f965419c5b14ac9317c576c8a0f7169c067enmittler 4451864f965419c5b14ac9317c576c8a0f7169c067enmittler // not just different names, but different binary formats 4461864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("KeyStore", "JKS"); 4471864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyStore", "BKS"); 4481864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("KeyStore", "JCEKS"); 4491864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyStore", "BouncyCastle"); 4501864f965419c5b14ac9317c576c8a0f7169c067enmittler 4511864f965419c5b14ac9317c576c8a0f7169c067enmittler // Noise to support KeyStore.PKCS12 4521864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 4531864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 4541864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 4551864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHMD5ANDRC2"); 4561864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHA1ANDDES"); 4571864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHA1ANDRC2"); 4581864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHA256AND128BITAES-CBC-BC"); 4591864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHA256AND192BITAES-CBC-BC"); 4601864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHA256AND256BITAES-CBC-BC"); 4611864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHAAND128BITAES-CBC-BC"); 4621864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHAAND128BITRC2-CBC"); 4631864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHAAND128BITRC4"); 4641864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHAAND192BITAES-CBC-BC"); 4651864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 4661864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHAAND256BITAES-CBC-BC"); 4671864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHAAND40BITRC2-CBC"); 4681864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHAAND40BITRC4"); 4691864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "PBEWITHSHAANDTWOFISH-CBC"); 4701864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "PBEWITHHMACSHA"); 4711864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Mac", "PBEWITHHMACSHA1"); 4721864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHHMACSHA1"); 4731864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 4741864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 4751864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 4761864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHMD5ANDRC2"); 4771864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHA1ANDDES"); 4781864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHA1ANDRC2"); 4791864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHA256AND128BITAES-CBC-BC"); 4801864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHA256AND192BITAES-CBC-BC"); 4811864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHA256AND256BITAES-CBC-BC"); 4821864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHAAND128BITAES-CBC-BC"); 4831864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC2-CBC"); 4841864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC4"); 4851864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHAAND192BITAES-CBC-BC"); 4861864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 4871864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHAAND256BITAES-CBC-BC"); 4881864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC2-CBC"); 4891864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC4"); 4901864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("SecretKeyFactory", "PBEWITHSHAANDTWOFISH-CBC"); 4911864f965419c5b14ac9317c576c8a0f7169c067enmittler 4921864f965419c5b14ac9317c576c8a0f7169c067enmittler // Needed by our OpenSSL provider 4931864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/CBC/NOPADDING"); 4941864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/CBC/PKCS5PADDING"); 4951864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/CBC/PKCS7PADDING"); 4961864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/CFB/NOPADDING"); 4971864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/CFB/PKCS5PADDING"); 4981864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/CFB/PKCS7PADDING"); 4991864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/CTR/NOPADDING"); 5001864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/CTR/PKCS5PADDING"); 5011864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/CTR/PKCS7PADDING"); 5021864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/ECB/NOPADDING"); 5031864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/ECB/PKCS5PADDING"); 5041864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/ECB/PKCS7PADDING"); 5051864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/GCM/NOPADDING"); 5061864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/OFB/NOPADDING"); 5071864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/OFB/PKCS5PADDING"); 5081864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "AES/OFB/PKCS7PADDING"); 5091864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/CBC/NOPADDING"); 5101864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/CBC/PKCS5PADDING"); 5111864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/CBC/PKCS7PADDING"); 5121864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/CFB/NOPADDING"); 5131864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/CFB/PKCS5PADDING"); 5141864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/CFB/PKCS7PADDING"); 5151864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/ECB/NOPADDING"); 5161864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/ECB/PKCS5PADDING"); 5171864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/ECB/PKCS7PADDING"); 5181864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/OFB/NOPADDING"); 5191864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/OFB/PKCS5PADDING"); 5201864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Cipher", "DESEDE/OFB/PKCS7PADDING"); 5211864f965419c5b14ac9317c576c8a0f7169c067enmittler 5221864f965419c5b14ac9317c576c8a0f7169c067enmittler // Provided by our OpenSSL provider 523f1abfb434c03fb4784f1f2f4025e115d6dedcb23Adam Vartanian provide("AlgorithmParameters", "ChaCha20"); 524f1abfb434c03fb4784f1f2f4025e115d6dedcb23Adam Vartanian provide("Cipher", "ChaCha20"); 525f1abfb434c03fb4784f1f2f4025e115d6dedcb23Adam Vartanian provide("Cipher", "ChaCha20/Poly1305/NoPadding"); 526f1abfb434c03fb4784f1f2f4025e115d6dedcb23Adam Vartanian provide("KeyGenerator", "ChaCha20"); 5271864f965419c5b14ac9317c576c8a0f7169c067enmittler provideCipherPaddings("AES", new String[] {"PKCS7Padding"}); 5281864f965419c5b14ac9317c576c8a0f7169c067enmittler 5291864f965419c5b14ac9317c576c8a0f7169c067enmittler // removed LDAP 5301864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("CertStore", "LDAP"); 5311864f965419c5b14ac9317c576c8a0f7169c067enmittler 5321864f965419c5b14ac9317c576c8a0f7169c067enmittler // removed MD2 5331864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("MessageDigest", "MD2"); 5341864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("Signature", "MD2withRSA"); 5351864f965419c5b14ac9317c576c8a0f7169c067enmittler 5361864f965419c5b14ac9317c576c8a0f7169c067enmittler // removed RC2 5371864f965419c5b14ac9317c576c8a0f7169c067enmittler // NOTE the implementation remains to support PKCS12 keystores 5381864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 5391864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("AlgorithmParameters", "RC2"); 5401864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("Cipher", "PBEWithSHA1AndRC2_40"); 5411864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("Cipher", "RC2"); 5421864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("KeyGenerator", "RC2"); 5431864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 5441864f965419c5b14ac9317c576c8a0f7169c067enmittler 5451864f965419c5b14ac9317c576c8a0f7169c067enmittler // PBEWithMD5AndTripleDES is Sun proprietary 5461864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 5471864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("Cipher", "PBEWithMD5AndTripleDES"); 5481864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 5491864f965419c5b14ac9317c576c8a0f7169c067enmittler 5501864f965419c5b14ac9317c576c8a0f7169c067enmittler // missing from Bouncy Castle 5511864f965419c5b14ac9317c576c8a0f7169c067enmittler // Standard Names document says to use specific PBEWith*And* 5521864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("AlgorithmParameters", "PBE"); 5531864f965419c5b14ac9317c576c8a0f7169c067enmittler 5541864f965419c5b14ac9317c576c8a0f7169c067enmittler // missing from Bouncy Castle 5551864f965419c5b14ac9317c576c8a0f7169c067enmittler // TODO add to JDKAlgorithmParameters perhaps as wrapper on PBES2Parameters 5561864f965419c5b14ac9317c576c8a0f7169c067enmittler // For now, can use AlgorithmParametersSpec javax.crypto.spec.PBEParameterSpec instead 5571864f965419c5b14ac9317c576c8a0f7169c067enmittler unprovide("AlgorithmParameters", "PBEWithMD5AndDES"); // 1.2.840.113549.1.5.3 5581864f965419c5b14ac9317c576c8a0f7169c067enmittler 5591864f965419c5b14ac9317c576c8a0f7169c067enmittler // EC support 560f1abfb434c03fb4784f1f2f4025e115d6dedcb23Adam Vartanian provide("AlgorithmParameters", "EC"); 5611864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyAgreement", "ECDH"); 5621864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyFactory", "EC"); 5631864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyPairGenerator", "EC"); 5641864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "NONEWITHECDSA"); 5651864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA1WITHECDSA"); 5661864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA224WITHECDSA"); 5671864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA256WITHECDSA"); 5681864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA384WITHECDSA"); 5691864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("Signature", "SHA512WITHECDSA"); 5701864f965419c5b14ac9317c576c8a0f7169c067enmittler 5711864f965419c5b14ac9317c576c8a0f7169c067enmittler // Android's CA store 5721864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyStore", "AndroidCAStore"); 5731864f965419c5b14ac9317c576c8a0f7169c067enmittler 5741864f965419c5b14ac9317c576c8a0f7169c067enmittler // Android's KeyStore provider 5751864f965419c5b14ac9317c576c8a0f7169c067enmittler if (Security.getProvider("AndroidKeyStore") != null) { 5761864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyStore", "AndroidKeyStore"); 5771864f965419c5b14ac9317c576c8a0f7169c067enmittler } 5781864f965419c5b14ac9317c576c8a0f7169c067enmittler 5791864f965419c5b14ac9317c576c8a0f7169c067enmittler // TimaKeyStore provider 5801864f965419c5b14ac9317c576c8a0f7169c067enmittler if (Security.getProvider("TimaKeyStore") != null) { 5811864f965419c5b14ac9317c576c8a0f7169c067enmittler provide("KeyStore", "TimaKeyStore"); 5821864f965419c5b14ac9317c576c8a0f7169c067enmittler } 583f1abfb434c03fb4784f1f2f4025e115d6dedcb23Adam Vartanian // KnoxAndroidKeyStore provider 584f1abfb434c03fb4784f1f2f4025e115d6dedcb23Adam Vartanian if (Security.getProvider("KnoxAndroidKeyStore") != null) { 585f1abfb434c03fb4784f1f2f4025e115d6dedcb23Adam Vartanian provide("KeyStore", "KnoxAndroidKeyStore"); 586f1abfb434c03fb4784f1f2f4025e115d6dedcb23Adam Vartanian } 5871864f965419c5b14ac9317c576c8a0f7169c067enmittler } 5881864f965419c5b14ac9317c576c8a0f7169c067enmittler 589d4d974d98b4f232abf0a03b631a69ebc4df0b50dNathan Mittler provideSslContextEnabledProtocols("TLS", TLSVersion.TLSv1, TLSVersion.TLSv12); 590d4d974d98b4f232abf0a03b631a69ebc4df0b50dNathan Mittler provideSslContextEnabledProtocols("TLSv1", TLSVersion.TLSv1, TLSVersion.TLSv12); 591d4d974d98b4f232abf0a03b631a69ebc4df0b50dNathan Mittler provideSslContextEnabledProtocols("TLSv1.1", TLSVersion.TLSv1, TLSVersion.TLSv12); 592d4d974d98b4f232abf0a03b631a69ebc4df0b50dNathan Mittler provideSslContextEnabledProtocols("TLSv1.2", TLSVersion.TLSv1, TLSVersion.TLSv12); 593d4d974d98b4f232abf0a03b631a69ebc4df0b50dNathan Mittler provideSslContextEnabledProtocols("Default", TLSVersion.TLSv1, TLSVersion.TLSv12); 5941864f965419c5b14ac9317c576c8a0f7169c067enmittler } 5951864f965419c5b14ac9317c576c8a0f7169c067enmittler 5961864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final String SSL_CONTEXT_PROTOCOLS_DEFAULT = "Default"; 5971864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> SSL_CONTEXT_PROTOCOLS = new HashSet<String>( 5981864f965419c5b14ac9317c576c8a0f7169c067enmittler Arrays.asList(SSL_CONTEXT_PROTOCOLS_DEFAULT, "TLS", "TLSv1", "TLSv1.1", "TLSv1.2")); 5991864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final String SSL_CONTEXT_PROTOCOL_DEFAULT = "TLS"; 6001864f965419c5b14ac9317c576c8a0f7169c067enmittler 6011864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> KEY_TYPES = new HashSet<String>( 6021864f965419c5b14ac9317c576c8a0f7169c067enmittler Arrays.asList("RSA", "DSA", "DH_RSA", "DH_DSA", "EC", "EC_EC", "EC_RSA")); 6031864f965419c5b14ac9317c576c8a0f7169c067enmittler static { 6041864f965419c5b14ac9317c576c8a0f7169c067enmittler if (IS_RI) { 6051864f965419c5b14ac9317c576c8a0f7169c067enmittler // DH_* are specified by standard names, but do not seem to be supported by RI 6061864f965419c5b14ac9317c576c8a0f7169c067enmittler KEY_TYPES.remove("DH_RSA"); 6071864f965419c5b14ac9317c576c8a0f7169c067enmittler KEY_TYPES.remove("DH_DSA"); 6081864f965419c5b14ac9317c576c8a0f7169c067enmittler } 6091864f965419c5b14ac9317c576c8a0f7169c067enmittler } 6101864f965419c5b14ac9317c576c8a0f7169c067enmittler 6111864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> SSL_SOCKET_PROTOCOLS = 6121864f965419c5b14ac9317c576c8a0f7169c067enmittler new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2")); 6131864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> SSL_SOCKET_PROTOCOLS_CLIENT_DEFAULT = 6141864f965419c5b14ac9317c576c8a0f7169c067enmittler new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2")); 6151864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> SSL_SOCKET_PROTOCOLS_SERVER_DEFAULT = 6161864f965419c5b14ac9317c576c8a0f7169c067enmittler new HashSet<String>(Arrays.asList("TLSv1", "TLSv1.1", "TLSv1.2")); 6171864f965419c5b14ac9317c576c8a0f7169c067enmittler 618d4d974d98b4f232abf0a03b631a69ebc4df0b50dNathan Mittler private enum TLSVersion { 6191864f965419c5b14ac9317c576c8a0f7169c067enmittler SSLv3("SSLv3"), 6201864f965419c5b14ac9317c576c8a0f7169c067enmittler TLSv1("TLSv1"), 6211864f965419c5b14ac9317c576c8a0f7169c067enmittler TLSv11("TLSv1.1"), 6221864f965419c5b14ac9317c576c8a0f7169c067enmittler TLSv12("TLSv1.2"); 6231864f965419c5b14ac9317c576c8a0f7169c067enmittler 6241864f965419c5b14ac9317c576c8a0f7169c067enmittler private final String name; 6251864f965419c5b14ac9317c576c8a0f7169c067enmittler 6261864f965419c5b14ac9317c576c8a0f7169c067enmittler TLSVersion(String name) { 6271864f965419c5b14ac9317c576c8a0f7169c067enmittler this.name = name; 6281864f965419c5b14ac9317c576c8a0f7169c067enmittler } 6291864f965419c5b14ac9317c576c8a0f7169c067enmittler } 6301864f965419c5b14ac9317c576c8a0f7169c067enmittler 6311864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 6321864f965419c5b14ac9317c576c8a0f7169c067enmittler * Valid values for X509TrustManager.checkClientTrusted authType, 6331864f965419c5b14ac9317c576c8a0f7169c067enmittler * either the algorithm of the public key or UNKNOWN. 6341864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 6351864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> CLIENT_AUTH_TYPES = 6361864f965419c5b14ac9317c576c8a0f7169c067enmittler new HashSet<String>(Arrays.asList("RSA", "DSA", "EC", "UNKNOWN")); 6371864f965419c5b14ac9317c576c8a0f7169c067enmittler 6381864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 6391864f965419c5b14ac9317c576c8a0f7169c067enmittler * Valid values for X509TrustManager.checkServerTrusted authType, 6401864f965419c5b14ac9317c576c8a0f7169c067enmittler * either key exchange algorithm part of the cipher suite 6411864f965419c5b14ac9317c576c8a0f7169c067enmittler * or UNKNOWN. 6421864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 6431864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> SERVER_AUTH_TYPES = new HashSet<String>(Arrays.asList("DHE_DSS", 6441864f965419c5b14ac9317c576c8a0f7169c067enmittler "DHE_DSS_EXPORT", "DHE_RSA", "DHE_RSA_EXPORT", "DH_DSS_EXPORT", "DH_RSA_EXPORT", 6451864f965419c5b14ac9317c576c8a0f7169c067enmittler "DH_anon", "DH_anon_EXPORT", "KRB5", "KRB5_EXPORT", "RSA", "RSA_EXPORT", 6461864f965419c5b14ac9317c576c8a0f7169c067enmittler "RSA_EXPORT1024", "ECDH_ECDSA", "ECDH_RSA", "ECDHE_ECDSA", "ECDHE_RSA", "UNKNOWN")); 6471864f965419c5b14ac9317c576c8a0f7169c067enmittler 6481864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final String CIPHER_SUITE_INVALID = "SSL_NULL_WITH_NULL_NULL"; 6491864f965419c5b14ac9317c576c8a0f7169c067enmittler 6501864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> CIPHER_SUITES_NEITHER = new HashSet<String>(); 6511864f965419c5b14ac9317c576c8a0f7169c067enmittler 6521864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> CIPHER_SUITES_RI = new LinkedHashSet<String>(); 6531864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> CIPHER_SUITES_OPENSSL = new LinkedHashSet<String>(); 6541864f965419c5b14ac9317c576c8a0f7169c067enmittler 6551864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Set<String> CIPHER_SUITES; 6561864f965419c5b14ac9317c576c8a0f7169c067enmittler 6571864f965419c5b14ac9317c576c8a0f7169c067enmittler private static final void addRi(String cipherSuite) { 6581864f965419c5b14ac9317c576c8a0f7169c067enmittler CIPHER_SUITES_RI.add(cipherSuite); 6591864f965419c5b14ac9317c576c8a0f7169c067enmittler } 6601864f965419c5b14ac9317c576c8a0f7169c067enmittler 6611864f965419c5b14ac9317c576c8a0f7169c067enmittler private static final void addOpenSsl(String cipherSuite) { 6621864f965419c5b14ac9317c576c8a0f7169c067enmittler CIPHER_SUITES_OPENSSL.add(cipherSuite); 6631864f965419c5b14ac9317c576c8a0f7169c067enmittler } 6641864f965419c5b14ac9317c576c8a0f7169c067enmittler 6651864f965419c5b14ac9317c576c8a0f7169c067enmittler private static final void addBoth(String cipherSuite) { 6661864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi(cipherSuite); 6671864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl(cipherSuite); 6681864f965419c5b14ac9317c576c8a0f7169c067enmittler } 6691864f965419c5b14ac9317c576c8a0f7169c067enmittler 6701864f965419c5b14ac9317c576c8a0f7169c067enmittler private static final void addNeither(String cipherSuite) { 6711864f965419c5b14ac9317c576c8a0f7169c067enmittler CIPHER_SUITES_NEITHER.add(cipherSuite); 6721864f965419c5b14ac9317c576c8a0f7169c067enmittler } 6731864f965419c5b14ac9317c576c8a0f7169c067enmittler 6741864f965419c5b14ac9317c576c8a0f7169c067enmittler static { 6751864f965419c5b14ac9317c576c8a0f7169c067enmittler // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 6761864f965419c5b14ac9317c576c8a0f7169c067enmittler // javax.net.ssl.SSLEngine. 6771864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"); 6781864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); 6791864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_RSA_WITH_AES_256_CBC_SHA"); 6801864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"); 6811864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); 6821864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_RSA_WITH_AES_128_CBC_SHA"); 6831864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("SSL_RSA_WITH_3DES_EDE_CBC_SHA"); 6841864f965419c5b14ac9317c576c8a0f7169c067enmittler 6851864f965419c5b14ac9317c576c8a0f7169c067enmittler // TLSv1.2 cipher suites 6861864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_RSA_WITH_AES_128_CBC_SHA256"); 6871864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_RSA_WITH_AES_256_CBC_SHA256"); 6881864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_RSA_WITH_AES_128_GCM_SHA256"); 6891864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_RSA_WITH_AES_256_GCM_SHA384"); 6901864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); 6911864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); 6921864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); 6931864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); 6941864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); 6951864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); 6961864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"); 6971864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"); 6981864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"); 6991864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"); 7001864f965419c5b14ac9317c576c8a0f7169c067enmittler 7011864f965419c5b14ac9317c576c8a0f7169c067enmittler // Pre-Shared Key (PSK) cipher suites 7021864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_PSK_WITH_AES_128_CBC_SHA"); 7031864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_PSK_WITH_AES_256_CBC_SHA"); 7041864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"); 7051864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"); 7061864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl("TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"); 7071864f965419c5b14ac9317c576c8a0f7169c067enmittler 7081864f965419c5b14ac9317c576c8a0f7169c067enmittler // RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 7091864f965419c5b14ac9317c576c8a0f7169c067enmittler addBoth(CIPHER_SUITE_SECURE_RENEGOTIATION); 7101864f965419c5b14ac9317c576c8a0f7169c067enmittler 7111864f965419c5b14ac9317c576c8a0f7169c067enmittler // From https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 to indicate 7121864f965419c5b14ac9317c576c8a0f7169c067enmittler // TLS fallback request 7131864f965419c5b14ac9317c576c8a0f7169c067enmittler addOpenSsl(CIPHER_SUITE_FALLBACK); 7141864f965419c5b14ac9317c576c8a0f7169c067enmittler 7151864f965419c5b14ac9317c576c8a0f7169c067enmittler // non-defaultCipherSuites 7161864f965419c5b14ac9317c576c8a0f7169c067enmittler 7171864f965419c5b14ac9317c576c8a0f7169c067enmittler // Android does not have Kerberos support 7181864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_KRB5_WITH_RC4_128_SHA"); 7191864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_KRB5_WITH_RC4_128_MD5"); 7201864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_KRB5_WITH_3DES_EDE_CBC_SHA"); 7211864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_KRB5_WITH_3DES_EDE_CBC_MD5"); 7221864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_KRB5_WITH_DES_CBC_SHA"); 7231864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_KRB5_WITH_DES_CBC_MD5"); 7241864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_KRB5_EXPORT_WITH_RC4_40_SHA"); 7251864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_KRB5_EXPORT_WITH_RC4_40_MD5"); 7261864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"); 7271864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"); 7281864f965419c5b14ac9317c576c8a0f7169c067enmittler 7291864f965419c5b14ac9317c576c8a0f7169c067enmittler // Android does not have DSS support 7301864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); 7311864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"); 7321864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_DHE_DSS_WITH_DES_CBC_SHA"); 7331864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); 7341864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"); 7351864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"); 7361864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_DHE_DSS_WITH_AES_256_CBC_SHA"); 7371864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"); 7381864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"); 7391864f965419c5b14ac9317c576c8a0f7169c067enmittler 7401864f965419c5b14ac9317c576c8a0f7169c067enmittler // Android does not have RC4 support 7411864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"); 7421864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDHE_RSA_WITH_RC4_128_SHA"); 7431864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_RSA_WITH_RC4_128_SHA"); 7441864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_RSA_WITH_RC4_128_MD5"); 7451864f965419c5b14ac9317c576c8a0f7169c067enmittler 7461864f965419c5b14ac9317c576c8a0f7169c067enmittler // Dropped 7471864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"); 7481864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"); 7491864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 7501864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"); 7511864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); 7521864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_DH_anon_WITH_DES_CBC_SHA"); 7531864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_DH_anon_WITH_RC4_128_MD5"); 7541864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"); 7551864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_RSA_EXPORT_WITH_RC4_40_MD5"); 7561864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_RSA_WITH_DES_CBC_SHA"); 7571864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_RSA_WITH_NULL_MD5"); 7581864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("SSL_RSA_WITH_NULL_SHA"); 7591864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_DH_anon_WITH_AES_128_CBC_SHA"); 7601864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_DH_anon_WITH_AES_128_CBC_SHA256"); 7611864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_DH_anon_WITH_AES_128_GCM_SHA256"); 7621864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_DH_anon_WITH_AES_256_CBC_SHA"); 7631864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_DH_anon_WITH_AES_256_CBC_SHA256"); 7641864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_DH_anon_WITH_AES_256_GCM_SHA384"); 7651864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"); 7661864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDHE_ECDSA_WITH_NULL_SHA"); 7671864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"); 7681864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDHE_RSA_WITH_NULL_SHA"); 7691864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); 7701864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); 7711864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); 7721864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"); 7731864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); 7741864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"); 7751864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"); 7761864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_ECDSA_WITH_NULL_SHA"); 7771864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_ECDSA_WITH_RC4_128_SHA"); 7781864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"); 7791864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"); 7801864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); 7811864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"); 7821864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"); 7831864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"); 7841864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"); 7851864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_RSA_WITH_NULL_SHA"); 7861864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_RSA_WITH_RC4_128_SHA"); 7871864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"); 7881864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_anon_WITH_AES_128_CBC_SHA"); 7891864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_anon_WITH_AES_256_CBC_SHA"); 7901864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_anon_WITH_NULL_SHA"); 7911864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_ECDH_anon_WITH_RC4_128_SHA"); 7921864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_PSK_WITH_3DES_EDE_CBC_SHA"); 7931864f965419c5b14ac9317c576c8a0f7169c067enmittler addRi("TLS_RSA_WITH_NULL_SHA256"); 7941864f965419c5b14ac9317c576c8a0f7169c067enmittler 7951864f965419c5b14ac9317c576c8a0f7169c067enmittler // Old non standard exportable encryption 7961864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA"); 7971864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA"); 7981864f965419c5b14ac9317c576c8a0f7169c067enmittler 7991864f965419c5b14ac9317c576c8a0f7169c067enmittler // No RC2 8001864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"); 8011864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"); 8021864f965419c5b14ac9317c576c8a0f7169c067enmittler addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"); 8031864f965419c5b14ac9317c576c8a0f7169c067enmittler 804074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler CIPHER_SUITES = CIPHER_SUITES_OPENSSL; 8051864f965419c5b14ac9317c576c8a0f7169c067enmittler } 8061864f965419c5b14ac9317c576c8a0f7169c067enmittler 80716e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler /** 80816e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler * Cipher suites that are not negotiated when TLSv1.2 is selected on the RI. 80916e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler */ 81016e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler public static final List<String> CIPHER_SUITES_OBSOLETE_TLS12 = Arrays.asList( 81116e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler "SSL_RSA_WITH_DES_CBC_SHA", 81216e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler "SSL_DHE_RSA_WITH_DES_CBC_SHA", 81316e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler "SSL_DHE_DSS_WITH_DES_CBC_SHA", 81416e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler "SSL_DH_anon_WITH_DES_CBC_SHA", 81516e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 81616e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 81716e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 81816e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 81916e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 82016e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 82116e2ac2e7668b73232d0d4f4888fd8f75064e902Nathan Mittler 8221864f965419c5b14ac9317c576c8a0f7169c067enmittler // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 8231864f965419c5b14ac9317c576c8a0f7169c067enmittler // javax.net.ssl.SSLEngine. 824074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler private static final List<String> CIPHER_SUITES_AES_HARDWARE = Arrays.asList( 825074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 826074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 8271864f965419c5b14ac9317c576c8a0f7169c067enmittler "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 828074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 829074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 830074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 831074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 832074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 833074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 834074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 835074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_RSA_WITH_AES_128_GCM_SHA256", 836074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_RSA_WITH_AES_256_GCM_SHA384", 837074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_RSA_WITH_AES_128_CBC_SHA", 838074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_RSA_WITH_AES_256_CBC_SHA", 839074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler CIPHER_SUITE_SECURE_RENEGOTIATION); 8401864f965419c5b14ac9317c576c8a0f7169c067enmittler 8411864f965419c5b14ac9317c576c8a0f7169c067enmittler // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 8421864f965419c5b14ac9317c576c8a0f7169c067enmittler // javax.net.ssl.SSLEngine. 843074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler private static final List<String> CIPHER_SUITES_SOFTWARE = Arrays.asList( 8441864f965419c5b14ac9317c576c8a0f7169c067enmittler "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", 845074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 846074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 847074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", 848074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 849074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 850074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 851074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 852074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 853074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 854074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_RSA_WITH_AES_128_GCM_SHA256", 855074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_RSA_WITH_AES_256_GCM_SHA384", 856074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_RSA_WITH_AES_128_CBC_SHA", 857074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_RSA_WITH_AES_256_CBC_SHA", 858074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler CIPHER_SUITE_SECURE_RENEGOTIATION); 8591864f965419c5b14ac9317c576c8a0f7169c067enmittler 8601864f965419c5b14ac9317c576c8a0f7169c067enmittler // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 8611864f965419c5b14ac9317c576c8a0f7169c067enmittler // javax.net.ssl.SSLEngine. 862074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler public static final List<String> CIPHER_SUITES_DEFAULT = CpuFeatures.isAESHardwareAccelerated() 863074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler ? CIPHER_SUITES_AES_HARDWARE 864074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler : CIPHER_SUITES_SOFTWARE; 8651864f965419c5b14ac9317c576c8a0f7169c067enmittler 8661864f965419c5b14ac9317c576c8a0f7169c067enmittler // NOTE: This list needs to be kept in sync with Javadoc of javax.net.ssl.SSLSocket and 8671864f965419c5b14ac9317c576c8a0f7169c067enmittler // javax.net.ssl.SSLEngine. 868074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler public static final List<String> CIPHER_SUITES_DEFAULT_PSK = Arrays.asList( 869074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", 870074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 871074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 872074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_PSK_WITH_AES_128_CBC_SHA", 873074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "TLS_PSK_WITH_AES_256_CBC_SHA"); 8741864f965419c5b14ac9317c576c8a0f7169c067enmittler 8751864f965419c5b14ac9317c576c8a0f7169c067enmittler // Should be updated to match BoringSSL's defaults when they change. 8767d1d6d29bb315a686f4b029905c9a764787ab075Nathan Mittler // https://boringssl.googlesource.com/boringssl/+/master/ssl/t1_lib.c#306 8771864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final List<String> ELLIPTIC_CURVES_DEFAULT = 8787d1d6d29bb315a686f4b029905c9a764787ab075Nathan Mittler Arrays.asList("x25519 (29)", "secp256r1 (23)", "secp384r1 (24)"); 8791864f965419c5b14ac9317c576c8a0f7169c067enmittler 8801864f965419c5b14ac9317c576c8a0f7169c067enmittler private static final Set<String> PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS = new HashSet<String>( 8811864f965419c5b14ac9317c576c8a0f7169c067enmittler Arrays.asList("RSA", "DHE_RSA", "DHE_DSS", "ECDHE_RSA", "ECDHE_ECDSA")); 8821864f965419c5b14ac9317c576c8a0f7169c067enmittler 8831864f965419c5b14ac9317c576c8a0f7169c067enmittler private static final Set<String> PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS = 884074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler new HashSet<String>(Arrays.asList( 885074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "AES_128_CBC", 886074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "AES_256_CBC", 887074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "AES_128_GCM", 888074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "AES_256_GCM", 889074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler "CHACHA20_POLY1305")); 8901864f965419c5b14ac9317c576c8a0f7169c067enmittler 8911864f965419c5b14ac9317c576c8a0f7169c067enmittler private static final Set<String> PERMITTED_DEFAULT_MACS = 8921864f965419c5b14ac9317c576c8a0f7169c067enmittler new HashSet<String>(Arrays.asList("SHA", "SHA256", "SHA384")); 8931864f965419c5b14ac9317c576c8a0f7169c067enmittler 8941864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES; 8951864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES; 8961864f965419c5b14ac9317c576c8a0f7169c067enmittler public static final Map<String, Integer> MINIMUM_KEY_SIZE; 8971864f965419c5b14ac9317c576c8a0f7169c067enmittler static { 8981864f965419c5b14ac9317c576c8a0f7169c067enmittler PRIVATE_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 8991864f965419c5b14ac9317c576c8a0f7169c067enmittler PUBLIC_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 9001864f965419c5b14ac9317c576c8a0f7169c067enmittler MINIMUM_KEY_SIZE = new HashMap<String, Integer>(); 9011864f965419c5b14ac9317c576c8a0f7169c067enmittler PRIVATE_KEY_SPEC_CLASSES.put("RSA", RSAPrivateCrtKeySpec.class); 9021864f965419c5b14ac9317c576c8a0f7169c067enmittler PUBLIC_KEY_SPEC_CLASSES.put("RSA", RSAPublicKeySpec.class); 9031864f965419c5b14ac9317c576c8a0f7169c067enmittler MINIMUM_KEY_SIZE.put("RSA", 512); 9041864f965419c5b14ac9317c576c8a0f7169c067enmittler PRIVATE_KEY_SPEC_CLASSES.put("DSA", DSAPrivateKeySpec.class); 9051864f965419c5b14ac9317c576c8a0f7169c067enmittler PUBLIC_KEY_SPEC_CLASSES.put("DSA", DSAPublicKeySpec.class); 9061864f965419c5b14ac9317c576c8a0f7169c067enmittler MINIMUM_KEY_SIZE.put("DSA", 512); 9071864f965419c5b14ac9317c576c8a0f7169c067enmittler PRIVATE_KEY_SPEC_CLASSES.put("DH", DHPrivateKeySpec.class); 9081864f965419c5b14ac9317c576c8a0f7169c067enmittler PUBLIC_KEY_SPEC_CLASSES.put("DH", DHPublicKeySpec.class); 9091864f965419c5b14ac9317c576c8a0f7169c067enmittler MINIMUM_KEY_SIZE.put("DH", 256); 9101864f965419c5b14ac9317c576c8a0f7169c067enmittler PRIVATE_KEY_SPEC_CLASSES.put("EC", ECPrivateKeySpec.class); 9111864f965419c5b14ac9317c576c8a0f7169c067enmittler PUBLIC_KEY_SPEC_CLASSES.put("EC", ECPublicKeySpec.class); 9121864f965419c5b14ac9317c576c8a0f7169c067enmittler MINIMUM_KEY_SIZE.put("EC", 256); 9131864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9141864f965419c5b14ac9317c576c8a0f7169c067enmittler 9151864f965419c5b14ac9317c576c8a0f7169c067enmittler public static Class<? extends KeySpec> getPrivateKeySpecClass(String algName) { 9161864f965419c5b14ac9317c576c8a0f7169c067enmittler return PRIVATE_KEY_SPEC_CLASSES.get(algName); 9171864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9181864f965419c5b14ac9317c576c8a0f7169c067enmittler 9191864f965419c5b14ac9317c576c8a0f7169c067enmittler public static Class<? extends KeySpec> getPublicKeySpecClass(String algName) { 9201864f965419c5b14ac9317c576c8a0f7169c067enmittler return PUBLIC_KEY_SPEC_CLASSES.get(algName); 9211864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9221864f965419c5b14ac9317c576c8a0f7169c067enmittler 9231864f965419c5b14ac9317c576c8a0f7169c067enmittler public static int getMinimumKeySize(String algName) { 9241864f965419c5b14ac9317c576c8a0f7169c067enmittler return MINIMUM_KEY_SIZE.get(algName); 9251864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9261864f965419c5b14ac9317c576c8a0f7169c067enmittler 9271864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 9281864f965419c5b14ac9317c576c8a0f7169c067enmittler * Asserts that the cipher suites array is non-null and that it 9291864f965419c5b14ac9317c576c8a0f7169c067enmittler * all of its contents are cipher suites known to this 9301864f965419c5b14ac9317c576c8a0f7169c067enmittler * implementation. As a convenience, returns any unenabled cipher 9311864f965419c5b14ac9317c576c8a0f7169c067enmittler * suites in a test for those that want to verify separately that 9321864f965419c5b14ac9317c576c8a0f7169c067enmittler * all cipher suites were included. 9331864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 9341864f965419c5b14ac9317c576c8a0f7169c067enmittler private static Set<String> assertValidCipherSuites( 9351864f965419c5b14ac9317c576c8a0f7169c067enmittler Set<String> expected, String[] cipherSuites) { 9361864f965419c5b14ac9317c576c8a0f7169c067enmittler assertNotNull(cipherSuites); 9371864f965419c5b14ac9317c576c8a0f7169c067enmittler assertTrue(cipherSuites.length != 0); 9381864f965419c5b14ac9317c576c8a0f7169c067enmittler 9391864f965419c5b14ac9317c576c8a0f7169c067enmittler // Make sure all cipherSuites names are expected 940f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root HashSet<String> remainingCipherSuites = new HashSet<String>(expected); 941f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root HashSet<String> unknownCipherSuites = new HashSet<String>(); 9421864f965419c5b14ac9317c576c8a0f7169c067enmittler for (String cipherSuite : cipherSuites) { 9431864f965419c5b14ac9317c576c8a0f7169c067enmittler boolean removed = remainingCipherSuites.remove(cipherSuite); 9441864f965419c5b14ac9317c576c8a0f7169c067enmittler if (!removed) { 9451864f965419c5b14ac9317c576c8a0f7169c067enmittler unknownCipherSuites.add(cipherSuite); 9461864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9471864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9481864f965419c5b14ac9317c576c8a0f7169c067enmittler assertEquals("Unknown cipher suites", Collections.EMPTY_SET, unknownCipherSuites); 9491864f965419c5b14ac9317c576c8a0f7169c067enmittler return remainingCipherSuites; 9501864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9511864f965419c5b14ac9317c576c8a0f7169c067enmittler 9521864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 9531864f965419c5b14ac9317c576c8a0f7169c067enmittler * After using assertValidCipherSuites on cipherSuites, 9541864f965419c5b14ac9317c576c8a0f7169c067enmittler * assertSupportedCipherSuites additionally verifies that all 9551864f965419c5b14ac9317c576c8a0f7169c067enmittler * supported cipher suites where in the input array. 9561864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 9571864f965419c5b14ac9317c576c8a0f7169c067enmittler private static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) { 9581864f965419c5b14ac9317c576c8a0f7169c067enmittler Set<String> remainingCipherSuites = assertValidCipherSuites(expected, cipherSuites); 9591864f965419c5b14ac9317c576c8a0f7169c067enmittler assertEquals("Missing cipher suites", Collections.EMPTY_SET, remainingCipherSuites); 9601864f965419c5b14ac9317c576c8a0f7169c067enmittler assertEquals(expected.size(), cipherSuites.length); 9611864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9621864f965419c5b14ac9317c576c8a0f7169c067enmittler 9631864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 9641864f965419c5b14ac9317c576c8a0f7169c067enmittler * Asserts that the protocols array is non-null and that it all of 9651864f965419c5b14ac9317c576c8a0f7169c067enmittler * its contents are protocols known to this implementation. As a 9661864f965419c5b14ac9317c576c8a0f7169c067enmittler * convenience, returns any unenabled protocols in a test for 9671864f965419c5b14ac9317c576c8a0f7169c067enmittler * those that want to verify separately that all protocols were 9681864f965419c5b14ac9317c576c8a0f7169c067enmittler * included. 9691864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 9701864f965419c5b14ac9317c576c8a0f7169c067enmittler private static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) { 9711864f965419c5b14ac9317c576c8a0f7169c067enmittler assertNotNull(protocols); 9721864f965419c5b14ac9317c576c8a0f7169c067enmittler assertTrue(protocols.length != 0); 9731864f965419c5b14ac9317c576c8a0f7169c067enmittler 9741864f965419c5b14ac9317c576c8a0f7169c067enmittler // Make sure all protocols names are expected 975f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root HashSet<String> remainingProtocols = new HashSet<String>(expected); 976f65a3de1e35d7f734ae4bb2ca33ecfd776a92c4dKenny Root HashSet<String> unknownProtocols = new HashSet<String>(); 9771864f965419c5b14ac9317c576c8a0f7169c067enmittler for (String protocol : protocols) { 9781864f965419c5b14ac9317c576c8a0f7169c067enmittler if (!remainingProtocols.remove(protocol)) { 9791864f965419c5b14ac9317c576c8a0f7169c067enmittler unknownProtocols.add(protocol); 9801864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9811864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9821864f965419c5b14ac9317c576c8a0f7169c067enmittler assertEquals("Unknown protocols", Collections.EMPTY_SET, unknownProtocols); 9831864f965419c5b14ac9317c576c8a0f7169c067enmittler return remainingProtocols; 9841864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9851864f965419c5b14ac9317c576c8a0f7169c067enmittler 9861864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 9871864f965419c5b14ac9317c576c8a0f7169c067enmittler * After using assertValidProtocols on protocols, 9881864f965419c5b14ac9317c576c8a0f7169c067enmittler * assertSupportedProtocols additionally verifies that all 9891864f965419c5b14ac9317c576c8a0f7169c067enmittler * supported protocols where in the input array. 9901864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 9911864f965419c5b14ac9317c576c8a0f7169c067enmittler private static void assertSupportedProtocols(Set<String> expected, String[] protocols) { 9921864f965419c5b14ac9317c576c8a0f7169c067enmittler Set<String> remainingProtocols = assertValidProtocols(expected, protocols); 9931864f965419c5b14ac9317c576c8a0f7169c067enmittler assertEquals("Missing protocols", Collections.EMPTY_SET, remainingProtocols); 9941864f965419c5b14ac9317c576c8a0f7169c067enmittler assertEquals(expected.size(), protocols.length); 9951864f965419c5b14ac9317c576c8a0f7169c067enmittler } 9961864f965419c5b14ac9317c576c8a0f7169c067enmittler 9971864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 9981864f965419c5b14ac9317c576c8a0f7169c067enmittler * Asserts that the provided list of protocols matches the supported list of protocols. 9991864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 10001864f965419c5b14ac9317c576c8a0f7169c067enmittler public static void assertSupportedProtocols(String[] protocols) { 10011864f965419c5b14ac9317c576c8a0f7169c067enmittler assertSupportedProtocols(SSL_SOCKET_PROTOCOLS, protocols); 10021864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10031864f965419c5b14ac9317c576c8a0f7169c067enmittler 10041864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 10051864f965419c5b14ac9317c576c8a0f7169c067enmittler * Assert that the provided list of cipher suites contains only the supported cipher suites. 10061864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 10071864f965419c5b14ac9317c576c8a0f7169c067enmittler public static void assertValidCipherSuites(String[] cipherSuites) { 10081864f965419c5b14ac9317c576c8a0f7169c067enmittler assertValidCipherSuites(CIPHER_SUITES, cipherSuites); 10091864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10101864f965419c5b14ac9317c576c8a0f7169c067enmittler 10111864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 10121864f965419c5b14ac9317c576c8a0f7169c067enmittler * Assert that the provided list of cipher suites matches the supported list. 10131864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 10141864f965419c5b14ac9317c576c8a0f7169c067enmittler public static void assertSupportedCipherSuites(String[] cipherSuites) { 10151864f965419c5b14ac9317c576c8a0f7169c067enmittler assertSupportedCipherSuites(CIPHER_SUITES, cipherSuites); 10161864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10171864f965419c5b14ac9317c576c8a0f7169c067enmittler 10181864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 10191864f965419c5b14ac9317c576c8a0f7169c067enmittler * Assert cipher suites match the default list in content and priority order and contain 10201864f965419c5b14ac9317c576c8a0f7169c067enmittler * only cipher suites permitted by default. 10211864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 10221864f965419c5b14ac9317c576c8a0f7169c067enmittler public static void assertDefaultCipherSuites(String[] cipherSuites) { 10231864f965419c5b14ac9317c576c8a0f7169c067enmittler assertValidCipherSuites(cipherSuites); 10241864f965419c5b14ac9317c576c8a0f7169c067enmittler 1025401f1c4645f5ec715516ee9674c662448d115e66Nathan Mittler Set<String> expected = new TreeSet<String>(CIPHER_SUITES_DEFAULT); 1026401f1c4645f5ec715516ee9674c662448d115e66Nathan Mittler Set<String> actual = new TreeSet<String>(Arrays.asList(cipherSuites)); 1027074a48ce6f3202f0a5c96e1fd52eecf6490b0901Nathan Mittler assertEquals(expected, actual); 10281864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10291864f965419c5b14ac9317c576c8a0f7169c067enmittler 10301864f965419c5b14ac9317c576c8a0f7169c067enmittler public static void assertDefaultEllipticCurves(String[] curves) { 10311864f965419c5b14ac9317c576c8a0f7169c067enmittler assertEquals(ELLIPTIC_CURVES_DEFAULT, Arrays.asList(curves)); 10321864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10331864f965419c5b14ac9317c576c8a0f7169c067enmittler 10341864f965419c5b14ac9317c576c8a0f7169c067enmittler public static void assertSSLContextEnabledProtocols(String version, String[] protocols) { 10351864f965419c5b14ac9317c576c8a0f7169c067enmittler assertEquals("For protocol \"" + version + "\"", 10361864f965419c5b14ac9317c576c8a0f7169c067enmittler Arrays.toString(SSL_CONTEXT_PROTOCOLS_ENABLED.get(version)), 10371864f965419c5b14ac9317c576c8a0f7169c067enmittler Arrays.toString(protocols)); 10381864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10391864f965419c5b14ac9317c576c8a0f7169c067enmittler 10401864f965419c5b14ac9317c576c8a0f7169c067enmittler private static boolean isPermittedDefaultCipherSuite(String cipherSuite) { 10411864f965419c5b14ac9317c576c8a0f7169c067enmittler assertNotNull(cipherSuite); 10421864f965419c5b14ac9317c576c8a0f7169c067enmittler if (CIPHER_SUITE_SECURE_RENEGOTIATION.equals(cipherSuite)) { 10431864f965419c5b14ac9317c576c8a0f7169c067enmittler return true; 10441864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10451864f965419c5b14ac9317c576c8a0f7169c067enmittler assertTrue(cipherSuite, cipherSuite.startsWith("TLS_") || cipherSuite.startsWith("SSL_")); 10461864f965419c5b14ac9317c576c8a0f7169c067enmittler 10471864f965419c5b14ac9317c576c8a0f7169c067enmittler // Example: RSA_WITH_AES_128_CBC_SHA 10481864f965419c5b14ac9317c576c8a0f7169c067enmittler String remainder = cipherSuite.substring("TLS_".length()); 10491864f965419c5b14ac9317c576c8a0f7169c067enmittler int macDelimiterIndex = remainder.lastIndexOf('_'); 10501864f965419c5b14ac9317c576c8a0f7169c067enmittler assertTrue(cipherSuite, macDelimiterIndex != -1); 10511864f965419c5b14ac9317c576c8a0f7169c067enmittler // Example: SHA 10521864f965419c5b14ac9317c576c8a0f7169c067enmittler String mac = remainder.substring(macDelimiterIndex + 1); 10531864f965419c5b14ac9317c576c8a0f7169c067enmittler 10541864f965419c5b14ac9317c576c8a0f7169c067enmittler // Example: RSA_WITH_AES_128_CBC 10551864f965419c5b14ac9317c576c8a0f7169c067enmittler remainder = remainder.substring(0, macDelimiterIndex); 10561864f965419c5b14ac9317c576c8a0f7169c067enmittler int withDelimiterIndex = remainder.indexOf("_WITH_"); 10571864f965419c5b14ac9317c576c8a0f7169c067enmittler assertTrue(cipherSuite, withDelimiterIndex != -1); 10581864f965419c5b14ac9317c576c8a0f7169c067enmittler 10591864f965419c5b14ac9317c576c8a0f7169c067enmittler // Example: RSA 10601864f965419c5b14ac9317c576c8a0f7169c067enmittler String keyExchange = remainder.substring(0, withDelimiterIndex); 10611864f965419c5b14ac9317c576c8a0f7169c067enmittler // Example: AES_128_CBC 10621864f965419c5b14ac9317c576c8a0f7169c067enmittler String bulkEncryptionCipher = remainder.substring(withDelimiterIndex + "_WITH_".length()); 10631864f965419c5b14ac9317c576c8a0f7169c067enmittler 10641864f965419c5b14ac9317c576c8a0f7169c067enmittler if (!PERMITTED_DEFAULT_MACS.contains(mac)) { 10651864f965419c5b14ac9317c576c8a0f7169c067enmittler return false; 10661864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10671864f965419c5b14ac9317c576c8a0f7169c067enmittler if (!PERMITTED_DEFAULT_KEY_EXCHANGE_ALGS.contains(keyExchange)) { 10681864f965419c5b14ac9317c576c8a0f7169c067enmittler return false; 10691864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10701864f965419c5b14ac9317c576c8a0f7169c067enmittler if (!PERMITTED_DEFAULT_BULK_ENCRYPTION_CIPHERS.contains(bulkEncryptionCipher)) { 10711864f965419c5b14ac9317c576c8a0f7169c067enmittler return false; 10721864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10731864f965419c5b14ac9317c576c8a0f7169c067enmittler 10741864f965419c5b14ac9317c576c8a0f7169c067enmittler return true; 10751864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10761864f965419c5b14ac9317c576c8a0f7169c067enmittler 10771864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 10781864f965419c5b14ac9317c576c8a0f7169c067enmittler * Get all supported mode names for the given cipher. 10791864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 10801864f965419c5b14ac9317c576c8a0f7169c067enmittler public static Set<String> getModesForCipher(String cipher) { 10811864f965419c5b14ac9317c576c8a0f7169c067enmittler return CIPHER_MODES.get(cipher); 10821864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10831864f965419c5b14ac9317c576c8a0f7169c067enmittler 10841864f965419c5b14ac9317c576c8a0f7169c067enmittler /** 10851864f965419c5b14ac9317c576c8a0f7169c067enmittler * Get all supported padding names for the given cipher. 10861864f965419c5b14ac9317c576c8a0f7169c067enmittler */ 10871864f965419c5b14ac9317c576c8a0f7169c067enmittler public static Set<String> getPaddingsForCipher(String cipher) { 10881864f965419c5b14ac9317c576c8a0f7169c067enmittler return CIPHER_PADDINGS.get(cipher); 10891864f965419c5b14ac9317c576c8a0f7169c067enmittler } 10901864f965419c5b14ac9317c576c8a0f7169c067enmittler} 1091