001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.corba.security.config.ssl;
018
019 import java.util.ArrayList;
020 import java.util.HashMap;
021 import java.util.Map;
022
023 import org.omg.CSIIOP.Confidentiality;
024 import org.omg.CSIIOP.EstablishTrustInTarget;
025 import org.omg.CSIIOP.NoProtection;
026
027
028 /**
029 * @version $Revision: 452600 $ $Date: 2006-10-03 12:29:42 -0700 (Tue, 03 Oct 2006) $
030 */
031 public final class SSLCipherSuiteDatabase {
032
033 /**
034 * A map for stroing all the cipher suites.
035 */
036 private static final Map SUITES = new HashMap();
037
038 static {
039 // No protection
040 Integer noProt = new Integer(NoProtection.value);
041 SUITES.put("SSL_NULL_WITH_NULL_NULL", noProt);
042 SUITES.put("TLS_NULL_WITH_NULL_NULL", noProt);
043
044 // No authentication
045 Integer noAuth = new Integer(Confidentiality.value);
046 SUITES.put("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", noAuth);
047 SUITES.put("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", noAuth);
048 SUITES.put("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", noAuth);
049 SUITES.put("SSL_DH_anon_WITH_RC4_128_MD5", noAuth);
050 SUITES.put("SSL_DH_anon_WITH_DES_CBC_SHA", noAuth);
051
052 SUITES.put("TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", noAuth);
053 SUITES.put("TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", noAuth);
054 SUITES.put("TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", noAuth);
055 SUITES.put("TLS_DH_anon_WITH_RC4_128_MD5", noAuth);
056 SUITES.put("TLS_DH_anon_WITH_DES_CBC_SHA", noAuth);
057
058 // No encryption
059 Integer noEnc = new Integer(EstablishTrustInTarget.value);
060 SUITES.put("SSL_RSA_WITH_NULL_MD5", noEnc);
061 SUITES.put("SSL_RSA_WITH_NULL_SHA", noEnc);
062
063 SUITES.put("TLS_RSA_WITH_NULL_MD5", noEnc);
064 SUITES.put("TLS_RSA_WITH_NULL_SHA", noEnc);
065
066 // Auth and encrypt
067 Integer authEnc = new Integer(EstablishTrustInTarget.value | Confidentiality.value);
068 SUITES.put("SSL_DHE_DSS_WITH_DES_CBC_SHA", authEnc);
069 SUITES.put("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
070 SUITES.put("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
071 SUITES.put("SSL_RSA_WITH_RC4_128_MD5", authEnc);
072 SUITES.put("SSL_RSA_WITH_RC4_128_SHA", authEnc);
073 SUITES.put("SSL_RSA_WITH_DES_CBC_SHA", authEnc);
074 SUITES.put("SSL_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
075 SUITES.put("SSL_RSA_EXPORT_WITH_RC4_40_MD5", authEnc);
076
077 SUITES.put("TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
078 SUITES.put("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
079 SUITES.put("TLS_DHE_DSS_WITH_DES_CBC_SHA", authEnc);
080 SUITES.put("TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
081 SUITES.put("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
082 SUITES.put("TLS_DHE_RSA_WITH_DES_CBC_SHA", authEnc);
083 SUITES.put("TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", authEnc);
084 SUITES.put("TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", authEnc);
085 SUITES.put("TLS_DH_DSS_WITH_DES_CBC_SHA", authEnc);
086 SUITES.put("TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
087 SUITES.put("TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
088 SUITES.put("TLS_DH_RSA_WITH_DES_CBC_SHA", authEnc);
089 SUITES.put("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", authEnc);
090 SUITES.put("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", authEnc);
091 SUITES.put("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", authEnc);
092 SUITES.put("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", authEnc);
093 SUITES.put("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", authEnc);
094 SUITES.put("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", authEnc);
095 SUITES.put("TLS_KRB5_WITH_3DES_EDE_CBC_MD5", authEnc);
096 SUITES.put("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", authEnc);
097 SUITES.put("TLS_KRB5_WITH_DES_CBC_MD5", authEnc);
098 SUITES.put("TLS_KRB5_WITH_DES_CBC_SHA", authEnc);
099 SUITES.put("TLS_KRB5_WITH_RC4_128_MD5", authEnc);
100 SUITES.put("TLS_KRB5_WITH_RC4_128_SHA", authEnc);
101 SUITES.put("TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", authEnc);
102 SUITES.put("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", authEnc);
103 SUITES.put("TLS_RSA_EXPORT_WITH_RC4_40_MD5", authEnc);
104 SUITES.put("TLS_RSA_WITH_3DES_EDE_CBC_SHA", authEnc);
105 SUITES.put("TLS_RSA_WITH_DES_CBC_SHA", authEnc);
106 SUITES.put("TLS_RSA_WITH_RC4_128_MD5", authEnc);
107 SUITES.put("TLS_RSA_WITH_RC4_128_SHA", authEnc);
108
109 // RSA supported cipher suite names differ from Sun's
110 SUITES.put("RSA_Export_With_RC2_40_CBC_MD5", authEnc);
111 SUITES.put("RSA_With_DES_CBC_SHA", authEnc);
112 SUITES.put("RSA_Export_With_RC4_40_MD5", authEnc);
113 SUITES.put("RSA_With_RC4_SHA", authEnc);
114 SUITES.put("RSA_With_3DES_EDE_CBC_SHA", authEnc);
115 SUITES.put("RSA_Export_With_DES_40_CBC_SHA", authEnc);
116 SUITES.put("RSA_With_RC4_MD5", authEnc);
117 }
118
119 /**
120 * Do not allow instances of this class.
121 */
122 private SSLCipherSuiteDatabase() {
123 }
124
125 /**
126 * Return an array of cipher suites that match the assocRequires and
127 * assocSupports options.
128 *
129 * @param assocRequires The required associations.
130 * @param assocSupports The supported associations.
131 * @param supportedCipherSuites The overall supported cipher suites.
132 * @return The cipher suites that matches the two options.
133 */
134 public static String[] getCipherSuites(int assocRequires, int assocSupports, String[] supportedCipherSuites) {
135
136 assocRequires = assocRequires & (EstablishTrustInTarget.value | Confidentiality.value | NoProtection.value);
137 assocSupports = assocSupports & (EstablishTrustInTarget.value | Confidentiality.value | NoProtection.value);
138
139 ArrayList col = new ArrayList();
140 for (int i = 0; i < supportedCipherSuites.length; ++i) {
141 Integer val = (Integer) SUITES.get(supportedCipherSuites[i]);
142
143 if (val != null && ((assocRequires & ~val.intValue()) == 0 && (val.intValue() & ~assocSupports) == 0)) {
144 col.add(supportedCipherSuites[i]);
145 }
146 }
147
148 String[] ret = new String[col.size()];
149 col.toArray(ret);
150
151 return ret;
152 }
153
154 /**
155 * Return the options values for a cipher suite.
156 *
157 * @param cypherSuite The cipher suite to get the options value for.
158 * @return The int value for the cipher suite.
159 */
160 public static int getAssociaionOptions(String cypherSuite) {
161 return ((Integer) SUITES.get(cypherSuite)).intValue();
162 }
163 }
164