Home » geronimo-2.2-source-release » org.apache.geronimo.corba.security.config.ssl » [javadoc | source]

    1   /**
    2     * Licensed to the Apache Software Foundation (ASF) under one or more
    3     * contributor license agreements.  See the NOTICE file distributed with
    4     * this work for additional information regarding copyright ownership.
    5     * The ASF licenses this file to You under the Apache License, Version 2.0
    6     * (the "License"); you may not use this file except in compliance with
    7     * the License.  You may obtain a copy of the License at
    8     *
    9     *     http://www.apache.org/licenses/LICENSE-2.0
   10     *
   11     * Unless required by applicable law or agreed to in writing, software
   12     * distributed under the License is distributed on an "AS IS" BASIS,
   13     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14     * See the License for the specific language governing permissions and
   15     * limitations under the License.
   16     */
   17   package org.apache.geronimo.corba.security.config.ssl;
   18   
   19   import java.util.ArrayList;
   20   import java.util.HashMap;
   21   import java.util.Map;
   22   
   23   import org.omg.CSIIOP.Confidentiality;
   24   import org.omg.CSIIOP.EstablishTrustInTarget;
   25   import org.omg.CSIIOP.NoProtection;
   26   
   27   
   28   /**
   29    * @version $Revision: 452600 $ $Date: 2006-10-03 12:29:42 -0700 (Tue, 03 Oct 2006) $
   30    */
   31   public final class SSLCipherSuiteDatabase {
   32   
   33       /**
   34        * A map for stroing all the cipher suites.
   35        */
   36       private static final Map SUITES = new HashMap();
   37   
   38       static {
   39           // No protection
   40           Integer noProt = new Integer(NoProtection.value);
   41           SUITES.put("SSL_NULL_WITH_NULL_NULL", noProt);
   42           SUITES.put("TLS_NULL_WITH_NULL_NULL", noProt);
   43   
   44           // No authentication
   45           Integer noAuth = new Integer(Confidentiality.value);
   46           SUITES.put("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", noAuth);
   47           SUITES.put("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", noAuth);
   48           SUITES.put("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", noAuth);
   49           SUITES.put("SSL_DH_anon_WITH_RC4_128_MD5", noAuth);
   50           SUITES.put("SSL_DH_anon_WITH_DES_CBC_SHA", noAuth);
   51   
   52           SUITES.put("TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", noAuth);
   53           SUITES.put("TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", noAuth);
   54           SUITES.put("TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", noAuth);
   55           SUITES.put("TLS_DH_anon_WITH_RC4_128_MD5", noAuth);
   56           SUITES.put("TLS_DH_anon_WITH_DES_CBC_SHA", noAuth);
   57   
   58           // No encryption
   59           Integer noEnc = new Integer(EstablishTrustInTarget.value);
   60           SUITES.put("SSL_RSA_WITH_NULL_MD5", noEnc);
   61           SUITES.put("SSL_RSA_WITH_NULL_SHA", noEnc);
   62   
   63           SUITES.put("TLS_RSA_WITH_NULL_MD5", noEnc);
   64           SUITES.put("TLS_RSA_WITH_NULL_SHA", noEnc);
   65   
   66           // Auth and encrypt
   67           Integer authEnc = new Integer(EstablishTrustInTarget.value | Confidentiality.value);
   68           SUITES.put("SSL_DHE_DSS_WITH_DES_CBC_SHA", authEnc);
   69           SUITES.put("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
   70           SUITES.put("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
   71           SUITES.put("SSL_RSA_WITH_RC4_128_MD5", authEnc);
   72           SUITES.put("SSL_RSA_WITH_RC4_128_SHA", authEnc);
   73           SUITES.put("SSL_RSA_WITH_DES_CBC_SHA", authEnc);
   74           SUITES.put("SSL_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
   75           SUITES.put("SSL_RSA_EXPORT_WITH_RC4_40_MD5", authEnc);
   76   
   77           SUITES.put("TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
   78           SUITES.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
   79           SUITES.put("TLS_DHE_DSS_WITH_DES_CBC_SHA", authEnc);
   80           SUITES.put("TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
   81           SUITES.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
   82           SUITES.put("TLS_DHE_RSA_WITH_DES_CBC_SHA", authEnc);
   83           SUITES.put("TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
   84           SUITES.put("TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
   85           SUITES.put("TLS_DH_DSS_WITH_DES_CBC_SHA", authEnc);
   86           SUITES.put("TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
   87           SUITES.put("TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
   88           SUITES.put("TLS_DH_RSA_WITH_DES_CBC_SHA", authEnc);
   89           SUITES.put("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", authEnc);
   90           SUITES.put("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", authEnc);
   91           SUITES.put("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", authEnc);
   92           SUITES.put("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", authEnc);
   93           SUITES.put("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", authEnc);
   94           SUITES.put("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", authEnc);
   95           SUITES.put("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", authEnc);
   96           SUITES.put("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", authEnc);
   97           SUITES.put("TLS_KRB5_WITH_DES_CBC_MD5", authEnc);
   98           SUITES.put("TLS_KRB5_WITH_DES_CBC_SHA", authEnc);
   99           SUITES.put("TLS_KRB5_WITH_RC4_128_MD5", authEnc);
  100           SUITES.put("TLS_KRB5_WITH_RC4_128_SHA", authEnc);
  101           SUITES.put("TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
  102           SUITES.put("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", authEnc);
  103           SUITES.put("TLS_RSA_EXPORT_WITH_RC4_40_MD5", authEnc);
  104           SUITES.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
  105           SUITES.put("TLS_RSA_WITH_DES_CBC_SHA", authEnc);
  106           SUITES.put("TLS_RSA_WITH_RC4_128_MD5", authEnc);
  107           SUITES.put("TLS_RSA_WITH_RC4_128_SHA", authEnc);
  108   
  109           // RSA supported cipher suite names differ from Sun's
  110           SUITES.put("RSA_Export_With_RC2_40_CBC_MD5", authEnc);
  111           SUITES.put("RSA_With_DES_CBC_SHA", authEnc);
  112           SUITES.put("RSA_Export_With_RC4_40_MD5", authEnc);
  113           SUITES.put("RSA_With_RC4_SHA", authEnc);
  114           SUITES.put("RSA_With_3DES_EDE_CBC_SHA", authEnc);
  115           SUITES.put("RSA_Export_With_DES_40_CBC_SHA", authEnc);
  116           SUITES.put("RSA_With_RC4_MD5", authEnc);
  117       }
  118   
  119       /**
  120        * Do not allow instances of this class.
  121        */
  122       private SSLCipherSuiteDatabase() {
  123       }
  124   
  125       /**
  126        * Return an array of cipher suites that match the assocRequires and
  127        * assocSupports options.
  128        *
  129        * @param assocRequires         The required associations.
  130        * @param assocSupports         The supported associations.
  131        * @param supportedCipherSuites The overall supported cipher suites.
  132        * @return The cipher suites that matches the two options.
  133        */
  134       public static String[] getCipherSuites(int assocRequires, int assocSupports, String[] supportedCipherSuites) {
  135   
  136           assocRequires = assocRequires & (EstablishTrustInTarget.value | Confidentiality.value | NoProtection.value);
  137           assocSupports = assocSupports & (EstablishTrustInTarget.value | Confidentiality.value | NoProtection.value);
  138   
  139           ArrayList col = new ArrayList();
  140           for (int i = 0; i < supportedCipherSuites.length; ++i) {
  141               Integer val = (Integer) SUITES.get(supportedCipherSuites[i]);
  142   
  143               if (val != null && ((assocRequires & ~val.intValue()) == 0 && (val.intValue() & ~assocSupports) == 0)) {
  144                   col.add(supportedCipherSuites[i]);
  145               }
  146           }
  147   
  148           String[] ret = new String[col.size()];
  149           col.toArray(ret);
  150   
  151           return ret;
  152       }
  153   
  154       /**
  155        * Return the options values for a cipher suite.
  156        *
  157        * @param cypherSuite The cipher suite to get the options value for.
  158        * @return The int value for the cipher suite.
  159        */
  160       public static int getAssociaionOptions(String cypherSuite) {
  161           return ((Integer) SUITES.get(cypherSuite)).intValue();
  162       }
  163   }
  164   

Home » geronimo-2.2-source-release » org.apache.geronimo.corba.security.config.ssl » [javadoc | source]