1 package org.bouncycastle.jsse.provider; 2 3 import java.security.AlgorithmConstraints; 4 import java.util.Collection; 5 import java.util.List; 6 7 import javax.net.ssl.SNIMatcher; 8 import javax.net.ssl.SNIServerName; 9 import javax.net.ssl.SSLParameters; 10 11 import org.bouncycastle.jsse.BCSNIMatcher; 12 import org.bouncycastle.jsse.BCSNIServerName; 13 import org.bouncycastle.jsse.BCSSLParameters; 14 import org.bouncycastle.jsse.java.security.BCAlgorithmConstraints; 15 16 abstract class SSLParametersUtil 17 { getParameters(ProvSSLParameters prov)18 static BCSSLParameters getParameters(ProvSSLParameters prov) 19 { 20 BCSSLParameters ssl = new BCSSLParameters(prov.getCipherSuites(), prov.getProtocols()); 21 22 // NOTE: The client-auth setters each clear the other client-auth property, so only one can be set 23 if (prov.getNeedClientAuth()) 24 { 25 ssl.setNeedClientAuth(true); 26 } 27 else if (prov.getWantClientAuth()) 28 { 29 ssl.setWantClientAuth(true); 30 } 31 else 32 { 33 ssl.setWantClientAuth(false); 34 } 35 36 ssl.setAlgorithmConstraints(prov.getAlgorithmConstraints()); 37 ssl.setEndpointIdentificationAlgorithm(prov.getEndpointIdentificationAlgorithm()); 38 ssl.setUseCipherSuitesOrder(prov.getUseCipherSuitesOrder()); 39 ssl.setServerNames(prov.getServerNames()); 40 ssl.setSNIMatchers(prov.getSNIMatchers()); 41 ssl.setApplicationProtocols(prov.getApplicationProtocols()); 42 43 return ssl; 44 } 45 getSSLParameters(ProvSSLParameters prov)46 static SSLParameters getSSLParameters(ProvSSLParameters prov) 47 { 48 SSLParameters ssl = new SSLParameters(prov.getCipherSuites(), prov.getProtocols()); 49 50 // NOTE: The client-auth setters each clear the other client-auth property, so only one can be set 51 if (prov.getNeedClientAuth()) 52 { 53 ssl.setNeedClientAuth(true); 54 } 55 else if (prov.getWantClientAuth()) 56 { 57 ssl.setWantClientAuth(true); 58 } 59 else 60 { 61 ssl.setWantClientAuth(false); 62 } 63 64 // From JDK 1.7 65 66 ssl.setAlgorithmConstraints(JsseUtils_7.exportAlgorithmConstraints(prov.getAlgorithmConstraints())); 67 68 ssl.setEndpointIdentificationAlgorithm(prov.getEndpointIdentificationAlgorithm()); 69 70 // From JDK 1.8 71 72 ssl.setUseCipherSuitesOrder(prov.getUseCipherSuitesOrder()); 73 74 { 75 List<BCSNIServerName> serverNames = prov.getServerNames(); 76 if (null != serverNames) 77 { 78 ssl.setServerNames(JsseUtils_8.exportSNIServerNames(serverNames)); 79 } 80 } 81 82 { 83 Collection<BCSNIMatcher> matchers = prov.getSNIMatchers(); 84 if (null != matchers) 85 { 86 ssl.setSNIMatchers(JsseUtils_8.exportSNIMatchers(matchers)); 87 } 88 } 89 90 // From JDK 9 originally, then added to 8u251 91 92 { 93 String[] applicationProtocols = prov.getApplicationProtocols(); 94 if (null != applicationProtocols) 95 { 96 ssl.setApplicationProtocols(applicationProtocols); 97 } 98 } 99 100 return ssl; 101 } 102 importSSLParameters(SSLParameters ssl)103 static BCSSLParameters importSSLParameters(SSLParameters ssl) 104 { 105 BCSSLParameters bc = new BCSSLParameters(ssl.getCipherSuites(), ssl.getProtocols()); 106 107 // NOTE: The client-auth setters each clear the other client-auth property, so only one can be set 108 if (ssl.getNeedClientAuth()) 109 { 110 bc.setNeedClientAuth(true); 111 } 112 else if (ssl.getWantClientAuth()) 113 { 114 bc.setWantClientAuth(true); 115 } 116 else 117 { 118 bc.setWantClientAuth(false); 119 } 120 121 // From JDK 1.7 122 123 { 124 AlgorithmConstraints constraints = ssl.getAlgorithmConstraints(); 125 if (null != constraints) 126 { 127 bc.setAlgorithmConstraints(JsseUtils_7.importAlgorithmConstraints(constraints)); 128 } 129 } 130 131 { 132 String endpointIdentificationAlgorithm = ssl.getEndpointIdentificationAlgorithm(); 133 if (null != endpointIdentificationAlgorithm) 134 { 135 bc.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm); 136 } 137 } 138 139 // From JDK 1.8 140 141 bc.setUseCipherSuitesOrder(ssl.getUseCipherSuitesOrder()); 142 143 { 144 List<SNIServerName> serverNames = ssl.getServerNames(); 145 if (null != serverNames) 146 { 147 bc.setServerNames(JsseUtils_8.importSNIServerNames(serverNames)); 148 } 149 } 150 151 { 152 Collection<SNIMatcher> matchers = ssl.getSNIMatchers(); 153 if (null != matchers) 154 { 155 bc.setSNIMatchers(JsseUtils_8.importSNIMatchers(matchers)); 156 } 157 } 158 159 // From JDK 9 originally, then added to 8u251 160 161 { 162 String[] applicationProtocols = ssl.getApplicationProtocols(); 163 if (null != applicationProtocols) 164 { 165 bc.setApplicationProtocols(applicationProtocols); 166 } 167 } 168 169 return bc; 170 } 171 setParameters(ProvSSLParameters prov, BCSSLParameters ssl)172 static void setParameters(ProvSSLParameters prov, BCSSLParameters ssl) 173 { 174 String[] cipherSuites = ssl.getCipherSuites(); 175 if (null != cipherSuites) 176 { 177 prov.setCipherSuites(cipherSuites); 178 } 179 180 String[] protocols = ssl.getProtocols(); 181 if (null != protocols) 182 { 183 prov.setProtocols(protocols); 184 } 185 186 // NOTE: The client-auth setters each clear the other client-auth property, so only one can be set 187 if (ssl.getNeedClientAuth()) 188 { 189 prov.setNeedClientAuth(true); 190 } 191 else if (ssl.getWantClientAuth()) 192 { 193 prov.setWantClientAuth(true); 194 } 195 else 196 { 197 prov.setWantClientAuth(false); 198 } 199 200 BCAlgorithmConstraints algorithmConstraints = ssl.getAlgorithmConstraints(); 201 if (null != algorithmConstraints) 202 { 203 prov.setAlgorithmConstraints(algorithmConstraints); 204 } 205 206 String endpointIdentificationAlgorithm = ssl.getEndpointIdentificationAlgorithm(); 207 if (null != endpointIdentificationAlgorithm) 208 { 209 prov.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm); 210 } 211 212 prov.setUseCipherSuitesOrder(ssl.getUseCipherSuitesOrder()); 213 214 List<BCSNIServerName> serverNames = ssl.getServerNames(); 215 if (null != serverNames) 216 { 217 prov.setServerNames(serverNames); 218 } 219 220 Collection<BCSNIMatcher> sniMatchers = ssl.getSNIMatchers(); 221 if (null != sniMatchers) 222 { 223 prov.setSNIMatchers(sniMatchers); 224 } 225 226 String[] applicationProtocols = ssl.getApplicationProtocols(); 227 if (null != applicationProtocols) 228 { 229 prov.setApplicationProtocols(applicationProtocols); 230 } 231 } 232 setSSLParameters(ProvSSLParameters prov, SSLParameters ssl)233 static void setSSLParameters(ProvSSLParameters prov, SSLParameters ssl) 234 { 235 String[] cipherSuites = ssl.getCipherSuites(); 236 if (null != cipherSuites) 237 { 238 prov.setCipherSuites(cipherSuites); 239 } 240 241 String[] protocols = ssl.getProtocols(); 242 if (null != protocols) 243 { 244 prov.setProtocols(protocols); 245 } 246 247 // NOTE: The client-auth setters each clear the other client-auth property, so only one can be set 248 if (ssl.getNeedClientAuth()) 249 { 250 prov.setNeedClientAuth(true); 251 } 252 else if (ssl.getWantClientAuth()) 253 { 254 prov.setWantClientAuth(true); 255 } 256 else 257 { 258 prov.setWantClientAuth(false); 259 } 260 261 // From JDK 1.7 262 263 { 264 AlgorithmConstraints constraints = ssl.getAlgorithmConstraints(); 265 if (null != constraints) 266 { 267 prov.setAlgorithmConstraints(JsseUtils_7.importAlgorithmConstraints(constraints)); 268 } 269 } 270 271 { 272 String endpointIdentificationAlgorithm = ssl.getEndpointIdentificationAlgorithm(); 273 if (null != endpointIdentificationAlgorithm) 274 { 275 prov.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm); 276 } 277 } 278 279 // From JDK 1.8 280 281 prov.setUseCipherSuitesOrder(ssl.getUseCipherSuitesOrder()); 282 283 { 284 List<SNIServerName> serverNames = ssl.getServerNames(); 285 if (null != serverNames) 286 { 287 prov.setServerNames(JsseUtils_8.importSNIServerNames(serverNames)); 288 } 289 } 290 291 { 292 Collection<SNIMatcher> matchers = ssl.getSNIMatchers(); 293 if (null != matchers) 294 { 295 prov.setSNIMatchers(JsseUtils_8.importSNIMatchers(matchers)); 296 } 297 } 298 299 // From JDK 9 originally, then added to 8u251 300 301 { 302 String[] applicationProtocols = ssl.getApplicationProtocols(); 303 if (null != applicationProtocols) 304 { 305 prov.setApplicationProtocols(applicationProtocols); 306 } 307 } 308 } 309 } 310