2017-11-28 22:19:34 -08:00
|
|
|
/*
|
2018-01-09 18:36:31 -08:00
|
|
|
* Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
|
2017-11-28 22:19:34 -08:00
|
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
|
*
|
|
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
|
* accompanied this code).
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License version
|
|
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
*
|
|
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
|
|
* questions.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* A tagging interface that all TLS communication parameters must implement.
|
|
|
|
*/
|
|
|
|
public interface Parameter { }
|
|
|
|
|
|
|
|
/* The followings are TLS communication parameters. */
|
|
|
|
|
|
|
|
enum Protocol implements Parameter {
|
|
|
|
|
|
|
|
SSLV3_0(3, "SSLv3"),
|
|
|
|
TLSV1_0(4, "TLSv1"),
|
|
|
|
TLSV1_1(5, "TLSv1.1"),
|
|
|
|
TLSV1_2(6, "TLSv1.2");
|
|
|
|
|
|
|
|
public final int sequence;
|
|
|
|
public final String version;
|
|
|
|
|
|
|
|
private Protocol(int sequence, String version) {
|
|
|
|
this.sequence = sequence;
|
|
|
|
this.version = version;
|
|
|
|
}
|
|
|
|
|
|
|
|
static Protocol getProtocol(String version) {
|
|
|
|
for (Protocol protocol : values()) {
|
|
|
|
if (protocol.version.equals(version)) {
|
|
|
|
return protocol;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
static Protocol[] getMandatoryValues() {
|
|
|
|
return new Protocol[] { TLSV1_0, TLSV1_1, TLSV1_2 };
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
enum CipherSuite implements Parameter {
|
|
|
|
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
|
|
|
TLS_RSA_WITH_AES_256_CBC_SHA256(
|
2018-07-14 07:31:26 +08:00
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
2017-11-28 22:19:34 -08:00
|
|
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
|
|
|
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
|
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(
|
2018-07-14 07:31:26 +08:00
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
2017-11-28 22:19:34 -08:00
|
|
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(
|
2018-07-14 07:31:26 +08:00
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
2017-11-28 22:19:34 -08:00
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(),
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(),
|
|
|
|
TLS_RSA_WITH_AES_256_CBC_SHA(),
|
|
|
|
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(),
|
|
|
|
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(),
|
|
|
|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA(),
|
|
|
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA(),
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
|
|
|
TLS_RSA_WITH_AES_128_CBC_SHA256(
|
2018-07-14 07:31:26 +08:00
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
2017-11-28 22:19:34 -08:00
|
|
|
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
|
|
|
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
|
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(
|
2018-07-14 07:31:26 +08:00
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
2017-11-28 22:19:34 -08:00
|
|
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(
|
2018-07-14 07:31:26 +08:00
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK7),
|
2017-11-28 22:19:34 -08:00
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(),
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(),
|
|
|
|
TLS_RSA_WITH_AES_128_CBC_SHA(),
|
|
|
|
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(),
|
|
|
|
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(
|
|
|
|
Protocol.SSLV3_0, JdkRelease.JDK7),
|
|
|
|
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(),
|
|
|
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(),
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_RSA_WITH_AES_256_GCM_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_RSA_WITH_AES_128_GCM_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(
|
|
|
|
Protocol.TLSV1_2, JdkRelease.JDK8),
|
|
|
|
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(),
|
|
|
|
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(),
|
|
|
|
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(),
|
|
|
|
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(),
|
|
|
|
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(),
|
|
|
|
TLS_ECDHE_RSA_WITH_RC4_128_SHA(),
|
|
|
|
TLS_ECDH_ECDSA_WITH_RC4_128_SHA(),
|
|
|
|
TLS_ECDH_RSA_WITH_RC4_128_SHA(),
|
|
|
|
SSL_RSA_WITH_RC4_128_SHA(),
|
|
|
|
SSL_RSA_WITH_3DES_EDE_CBC_SHA(),
|
|
|
|
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(
|
2018-07-14 07:31:26 +08:00
|
|
|
Protocol.SSLV3_0, JdkRelease.JDK7),
|
2017-11-28 22:19:34 -08:00
|
|
|
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(
|
2018-07-14 07:31:26 +08:00
|
|
|
Protocol.SSLV3_0, JdkRelease.JDK7),
|
2017-11-28 22:19:34 -08:00
|
|
|
SSL_RSA_WITH_RC4_128_MD5(
|
2018-07-14 07:31:26 +08:00
|
|
|
Protocol.SSLV3_0, JdkRelease.JDK7);
|
2017-11-28 22:19:34 -08:00
|
|
|
|
|
|
|
private static final boolean FULL_CIPHER_SUITES
|
|
|
|
= Utils.getBoolProperty("fullCipherSuites");
|
|
|
|
|
|
|
|
final Protocol startProtocol;
|
|
|
|
final Protocol endProtocol;
|
|
|
|
|
|
|
|
final JdkRelease startJdk;
|
|
|
|
final JdkRelease endJdk;
|
|
|
|
|
|
|
|
private CipherSuite(
|
|
|
|
Protocol startProtocol, Protocol endProtocol,
|
|
|
|
JdkRelease startJdk, JdkRelease endJdk) {
|
|
|
|
this.startProtocol = startProtocol;
|
|
|
|
this.endProtocol = endProtocol;
|
|
|
|
|
|
|
|
this.startJdk = startJdk;
|
|
|
|
this.endJdk = endJdk;
|
|
|
|
}
|
|
|
|
|
|
|
|
private CipherSuite(Protocol startProtocol, JdkRelease startJdk) {
|
|
|
|
this(startProtocol, null, startJdk, null);
|
|
|
|
}
|
|
|
|
|
|
|
|
private CipherSuite() {
|
2018-07-14 07:31:26 +08:00
|
|
|
this(Protocol.TLSV1_0, null, JdkRelease.JDK7, null);
|
2017-11-28 22:19:34 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
boolean supportedByProtocol(Protocol protocol) {
|
|
|
|
return startProtocol.sequence <= protocol.sequence
|
|
|
|
&& (endProtocol == null || endProtocol.sequence >= protocol.sequence);
|
|
|
|
}
|
|
|
|
|
|
|
|
static CipherSuite[] getMandatoryValues() {
|
|
|
|
return FULL_CIPHER_SUITES
|
|
|
|
? values()
|
|
|
|
: new CipherSuite[] {
|
|
|
|
TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
|
|
|
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 };
|
|
|
|
}
|
|
|
|
|
|
|
|
static CipherSuite getCipherSuite(String name) {
|
|
|
|
for (CipherSuite cipherSuite : values()) {
|
|
|
|
if (cipherSuite.name().equals(name)) {
|
|
|
|
return cipherSuite;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
enum ClientAuth implements Parameter {
|
|
|
|
|
|
|
|
FALSE,
|
|
|
|
TRUE;
|
|
|
|
|
|
|
|
static ClientAuth[] getMandatoryValues() {
|
|
|
|
return new ClientAuth[] { TRUE };
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
enum ServerName implements Parameter {
|
|
|
|
|
|
|
|
NONE(null),
|
|
|
|
EXAMPLE("www.example.com");
|
|
|
|
|
|
|
|
final String name;
|
|
|
|
|
|
|
|
private ServerName(String name) {
|
|
|
|
this.name = name;
|
|
|
|
}
|
|
|
|
|
|
|
|
static ServerName[] getMandatoryValues() {
|
|
|
|
return new ServerName[] { EXAMPLE };
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
enum AppProtocol implements Parameter {
|
|
|
|
|
|
|
|
NONE(null, null),
|
|
|
|
EXAMPLE(new String[] { Utils.HTTP_2, Utils.HTTP_1_1 }, Utils.HTTP_2);
|
|
|
|
|
|
|
|
final String[] appProtocols;
|
|
|
|
|
|
|
|
// Expected negotiated application protocol
|
|
|
|
final String negoAppProtocol;
|
|
|
|
|
|
|
|
private AppProtocol(String[] appProtocols, String negoAppProtocol) {
|
|
|
|
this.appProtocols = appProtocols;
|
|
|
|
this.negoAppProtocol = negoAppProtocol;
|
|
|
|
}
|
|
|
|
|
|
|
|
static AppProtocol[] getMandatoryValues() {
|
|
|
|
return new AppProtocol[] { EXAMPLE };
|
|
|
|
}
|
|
|
|
}
|