001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.corba.security.config.ssl; 018 019 import java.util.ArrayList; 020 import java.util.HashMap; 021 import java.util.Map; 022 023 import org.omg.CSIIOP.Confidentiality; 024 import org.omg.CSIIOP.EstablishTrustInTarget; 025 import org.omg.CSIIOP.NoProtection; 026 027 028 /** 029 * @version $Revision: 452600 $ $Date: 2006-10-03 12:29:42 -0700 (Tue, 03 Oct 2006) $ 030 */ 031 public final class SSLCipherSuiteDatabase { 032 033 /** 034 * A map for stroing all the cipher suites. 035 */ 036 private static final Map SUITES = new HashMap(); 037 038 static { 039 // No protection 040 Integer noProt = new Integer(NoProtection.value); 041 SUITES.put("SSL_NULL_WITH_NULL_NULL", noProt); 042 SUITES.put("TLS_NULL_WITH_NULL_NULL", noProt); 043 044 // No authentication 045 Integer noAuth = new Integer(Confidentiality.value); 046 SUITES.put("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", noAuth); 047 SUITES.put("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", noAuth); 048 SUITES.put("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", noAuth); 049 SUITES.put("SSL_DH_anon_WITH_RC4_128_MD5", noAuth); 050 SUITES.put("SSL_DH_anon_WITH_DES_CBC_SHA", noAuth); 051 052 SUITES.put("TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", noAuth); 053 SUITES.put("TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", noAuth); 054 SUITES.put("TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", noAuth); 055 SUITES.put("TLS_DH_anon_WITH_RC4_128_MD5", noAuth); 056 SUITES.put("TLS_DH_anon_WITH_DES_CBC_SHA", noAuth); 057 058 // No encryption 059 Integer noEnc = new Integer(EstablishTrustInTarget.value); 060 SUITES.put("SSL_RSA_WITH_NULL_MD5", noEnc); 061 SUITES.put("SSL_RSA_WITH_NULL_SHA", noEnc); 062 063 SUITES.put("TLS_RSA_WITH_NULL_MD5", noEnc); 064 SUITES.put("TLS_RSA_WITH_NULL_SHA", noEnc); 065 066 // Auth and encrypt 067 Integer authEnc = new Integer(EstablishTrustInTarget.value | Confidentiality.value); 068 SUITES.put("SSL_DHE_DSS_WITH_DES_CBC_SHA", authEnc); 069 SUITES.put("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", authEnc); 070 SUITES.put("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc); 071 SUITES.put("SSL_RSA_WITH_RC4_128_MD5", authEnc); 072 SUITES.put("SSL_RSA_WITH_RC4_128_SHA", authEnc); 073 SUITES.put("SSL_RSA_WITH_DES_CBC_SHA", authEnc); 074 SUITES.put("SSL_RSA_WITH_3DES_EDE_CBC_SHA", authEnc); 075 SUITES.put("SSL_RSA_EXPORT_WITH_RC4_40_MD5", authEnc); 076 077 SUITES.put("TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc); 078 SUITES.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", authEnc); 079 SUITES.put("TLS_DHE_DSS_WITH_DES_CBC_SHA", authEnc); 080 SUITES.put("TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc); 081 SUITES.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", authEnc); 082 SUITES.put("TLS_DHE_RSA_WITH_DES_CBC_SHA", authEnc); 083 SUITES.put("TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc); 084 SUITES.put("TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", authEnc); 085 SUITES.put("TLS_DH_DSS_WITH_DES_CBC_SHA", authEnc); 086 SUITES.put("TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc); 087 SUITES.put("TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", authEnc); 088 SUITES.put("TLS_DH_RSA_WITH_DES_CBC_SHA", authEnc); 089 SUITES.put("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", authEnc); 090 SUITES.put("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", authEnc); 091 SUITES.put("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", authEnc); 092 SUITES.put("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", authEnc); 093 SUITES.put("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", authEnc); 094 SUITES.put("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", authEnc); 095 SUITES.put("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", authEnc); 096 SUITES.put("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", authEnc); 097 SUITES.put("TLS_KRB5_WITH_DES_CBC_MD5", authEnc); 098 SUITES.put("TLS_KRB5_WITH_DES_CBC_SHA", authEnc); 099 SUITES.put("TLS_KRB5_WITH_RC4_128_MD5", authEnc); 100 SUITES.put("TLS_KRB5_WITH_RC4_128_SHA", authEnc); 101 SUITES.put("TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc); 102 SUITES.put("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", authEnc); 103 SUITES.put("TLS_RSA_EXPORT_WITH_RC4_40_MD5", authEnc); 104 SUITES.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA", authEnc); 105 SUITES.put("TLS_RSA_WITH_DES_CBC_SHA", authEnc); 106 SUITES.put("TLS_RSA_WITH_RC4_128_MD5", authEnc); 107 SUITES.put("TLS_RSA_WITH_RC4_128_SHA", authEnc); 108 109 // RSA supported cipher suite names differ from Sun's 110 SUITES.put("RSA_Export_With_RC2_40_CBC_MD5", authEnc); 111 SUITES.put("RSA_With_DES_CBC_SHA", authEnc); 112 SUITES.put("RSA_Export_With_RC4_40_MD5", authEnc); 113 SUITES.put("RSA_With_RC4_SHA", authEnc); 114 SUITES.put("RSA_With_3DES_EDE_CBC_SHA", authEnc); 115 SUITES.put("RSA_Export_With_DES_40_CBC_SHA", authEnc); 116 SUITES.put("RSA_With_RC4_MD5", authEnc); 117 } 118 119 /** 120 * Do not allow instances of this class. 121 */ 122 private SSLCipherSuiteDatabase() { 123 } 124 125 /** 126 * Return an array of cipher suites that match the assocRequires and 127 * assocSupports options. 128 * 129 * @param assocRequires The required associations. 130 * @param assocSupports The supported associations. 131 * @param supportedCipherSuites The overall supported cipher suites. 132 * @return The cipher suites that matches the two options. 133 */ 134 public static String[] getCipherSuites(int assocRequires, int assocSupports, String[] supportedCipherSuites) { 135 136 assocRequires = assocRequires & (EstablishTrustInTarget.value | Confidentiality.value | NoProtection.value); 137 assocSupports = assocSupports & (EstablishTrustInTarget.value | Confidentiality.value | NoProtection.value); 138 139 ArrayList col = new ArrayList(); 140 for (int i = 0; i < supportedCipherSuites.length; ++i) { 141 Integer val = (Integer) SUITES.get(supportedCipherSuites[i]); 142 143 if (val != null && ((assocRequires & ~val.intValue()) == 0 && (val.intValue() & ~assocSupports) == 0)) { 144 col.add(supportedCipherSuites[i]); 145 } 146 } 147 148 String[] ret = new String[col.size()]; 149 col.toArray(ret); 150 151 return ret; 152 } 153 154 /** 155 * Return the options values for a cipher suite. 156 * 157 * @param cypherSuite The cipher suite to get the options value for. 158 * @return The int value for the cipher suite. 159 */ 160 public static int getAssociaionOptions(String cypherSuite) { 161 return ((Integer) SUITES.get(cypherSuite)).intValue(); 162 } 163 } 164