1 /* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package libcore.java.security; 18 19 import java.security.Security; 20 import java.security.spec.DSAPrivateKeySpec; 21 import java.security.spec.DSAPublicKeySpec; 22 import java.security.spec.ECPrivateKeySpec; 23 import java.security.spec.ECPublicKeySpec; 24 import java.security.spec.KeySpec; 25 import java.security.spec.RSAPrivateCrtKeySpec; 26 import java.security.spec.RSAPublicKeySpec; 27 import java.util.Arrays; 28 import java.util.Collections; 29 import java.util.HashMap; 30 import java.util.HashSet; 31 import java.util.Iterator; 32 import java.util.LinkedHashSet; 33 import java.util.List; 34 import java.util.Locale; 35 import java.util.Map; 36 import java.util.Set; 37 import javax.crypto.spec.DHPrivateKeySpec; 38 import javax.crypto.spec.DHPublicKeySpec; 39 import junit.framework.Assert; 40 41 /** 42 * This class defines expected string names for protocols, key types, 43 * client and server auth types, cipher suites. 44 * 45 * Initially based on "Appendix A: Standard Names" of 46 * <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA"> 47 * Java ™ Secure Socket Extension (JSSE) Reference Guide 48 * for the Java ™ 2 Platform Standard Edition 5 49 * </a>. 50 * 51 * Updated based on the 52 * <a href="http://download.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html"> 53 * Java ™ Cryptography Architecture Oracle Providers Documentation 54 * for Java ™ Platform Standard Edition 7 55 * </a>. 56 * See also the 57 * <a href="http://download.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html"> 58 * Java ™ Cryptography Architecture Standard Algorithm Name Documentation 59 * </a>. 60 * 61 * Further updates based on the 62 * <a href=http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html"> 63 * Java ™ PKCS#11 Reference Guide 64 * </a>. 65 */ 66 public final class StandardNames extends Assert { 67 68 public static final boolean IS_RI 69 = !"Dalvik Core Library".equals(System.getProperty("java.specification.name")); 70 public static final String JSSE_PROVIDER_NAME = (IS_RI) ? "SunJSSE" : "AndroidOpenSSL"; 71 public static final String SECURITY_PROVIDER_NAME = (IS_RI) ? "SUN" : "BC"; 72 73 public static final String KEY_MANAGER_FACTORY_DEFAULT = (IS_RI) ? "SunX509" : "PKIX"; 74 public static final String TRUST_MANAGER_FACTORY_DEFAULT = "PKIX"; 75 76 public static final String KEY_STORE_ALGORITHM = (IS_RI) ? "JKS" : "BKS"; 77 78 /** 79 * RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 80 */ 81 public static final String CIPHER_SUITE_SECURE_RENEGOTIATION 82 = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 83 84 /** 85 * A map from algorithm type (e.g. Cipher) to a set of algorithms (e.g. AES, DES, ...) 86 */ 87 public static final Map<String,Set<String>> PROVIDER_ALGORITHMS 88 = new HashMap<String,Set<String>>(); 89 90 public static final Map<String,Set<String>> CIPHER_MODES 91 = new HashMap<String,Set<String>>(); 92 93 public static final Map<String,Set<String>> CIPHER_PADDINGS 94 = new HashMap<String,Set<String>>(); 95 96 private static void provide(String type, String algorithm) { 97 Set<String> algorithms = PROVIDER_ALGORITHMS.get(type); 98 if (algorithms == null) { 99 algorithms = new HashSet(); 100 PROVIDER_ALGORITHMS.put(type, algorithms); 101 } 102 assertTrue("Duplicate " + type + " " + algorithm, 103 algorithms.add(algorithm.toUpperCase(Locale.ROOT))); 104 } 105 private static void unprovide(String type, String algorithm) { 106 Set<String> algorithms = PROVIDER_ALGORITHMS.get(type); 107 assertNotNull(algorithms); 108 assertTrue(algorithm, algorithms.remove(algorithm.toUpperCase(Locale.ROOT))); 109 if (algorithms.isEmpty()) { 110 assertNotNull(PROVIDER_ALGORITHMS.remove(type)); 111 } 112 } 113 private static void provideCipherModes(String algorithm, String newModes[]) { 114 Set<String> modes = CIPHER_MODES.get(algorithm); 115 if (modes == null) { 116 modes = new HashSet<String>(); 117 CIPHER_MODES.put(algorithm, modes); 118 } 119 modes.addAll(Arrays.asList(newModes)); 120 } 121 private static void provideCipherPaddings(String algorithm, String newPaddings[]) { 122 Set<String> paddings = CIPHER_PADDINGS.get(algorithm); 123 if (paddings == null) { 124 paddings = new HashSet<String>(); 125 CIPHER_PADDINGS.put(algorithm, paddings); 126 } 127 paddings.addAll(Arrays.asList(newPaddings)); 128 } 129 static { 130 provide("AlgorithmParameterGenerator", "DSA"); 131 provide("AlgorithmParameterGenerator", "DiffieHellman"); 132 provide("AlgorithmParameters", "AES"); 133 provide("AlgorithmParameters", "Blowfish"); 134 provide("AlgorithmParameters", "DES"); 135 provide("AlgorithmParameters", "DESede"); 136 provide("AlgorithmParameters", "DSA"); 137 provide("AlgorithmParameters", "DiffieHellman"); 138 provide("AlgorithmParameters", "OAEP"); 139 provide("AlgorithmParameters", "PBEWithMD5AndDES"); 140 provide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 141 provide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 142 provide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 143 provide("AlgorithmParameters", "RC2"); 144 provide("CertPathBuilder", "PKIX"); 145 provide("CertPathValidator", "PKIX"); 146 provide("CertStore", "Collection"); 147 provide("CertStore", "LDAP"); 148 provide("CertificateFactory", "X.509"); 149 // TODO: provideCipherModes and provideCipherPaddings for other Ciphers 150 provide("Cipher", "AES"); 151 provideCipherModes("AES", new String[] { "CBC", "CFB", "CTR", "CTS", "ECB", "OFB" }); 152 provideCipherPaddings("AES", new String[] { "NoPadding", "PKCS5Padding" }); 153 provide("Cipher", "AESWrap"); 154 provide("Cipher", "ARCFOUR"); 155 provide("Cipher", "Blowfish"); 156 provide("Cipher", "DES"); 157 provide("Cipher", "DESede"); 158 provide("Cipher", "DESedeWrap"); 159 provide("Cipher", "PBEWithMD5AndDES"); 160 provide("Cipher", "PBEWithMD5AndTripleDES"); 161 provide("Cipher", "PBEWithSHA1AndDESede"); 162 provide("Cipher", "PBEWithSHA1AndRC2_40"); 163 provide("Cipher", "RC2"); 164 provide("Cipher", "RSA"); 165 // TODO: None? 166 provideCipherModes("RSA", new String[] { "ECB" }); 167 // TODO: OAEPPadding 168 provideCipherPaddings("RSA", new String[] { "NoPadding", "PKCS1Padding" }); 169 provide("Configuration", "JavaLoginConfig"); 170 provide("KeyAgreement", "DiffieHellman"); 171 provide("KeyFactory", "DSA"); 172 provide("KeyFactory", "DiffieHellman"); 173 provide("KeyFactory", "RSA"); 174 provide("KeyGenerator", "AES"); 175 provide("KeyGenerator", "ARCFOUR"); 176 provide("KeyGenerator", "Blowfish"); 177 provide("KeyGenerator", "DES"); 178 provide("KeyGenerator", "DESede"); 179 provide("KeyGenerator", "HmacMD5"); 180 provide("KeyGenerator", "HmacSHA1"); 181 provide("KeyGenerator", "HmacSHA256"); 182 provide("KeyGenerator", "HmacSHA384"); 183 provide("KeyGenerator", "HmacSHA512"); 184 provide("KeyGenerator", "RC2"); 185 provide("KeyInfoFactory", "DOM"); 186 provide("KeyManagerFactory", "PKIX"); 187 provide("KeyPairGenerator", "DSA"); 188 provide("KeyPairGenerator", "DiffieHellman"); 189 provide("KeyPairGenerator", "RSA"); 190 provide("KeyStore", "JCEKS"); 191 provide("KeyStore", "JKS"); 192 provide("KeyStore", "PKCS12"); 193 provide("Mac", "HmacMD5"); 194 provide("Mac", "HmacSHA1"); 195 provide("Mac", "HmacSHA256"); 196 provide("Mac", "HmacSHA384"); 197 provide("Mac", "HmacSHA512"); 198 // If adding a new MessageDigest, consider adding it to JarVerifier 199 provide("MessageDigest", "MD2"); 200 provide("MessageDigest", "MD5"); 201 provide("MessageDigest", "SHA-256"); 202 provide("MessageDigest", "SHA-384"); 203 provide("MessageDigest", "SHA-512"); 204 provide("Policy", "JavaPolicy"); 205 provide("SSLContext", "SSLv3"); 206 provide("SSLContext", "TLSv1"); 207 provide("SSLContext", "TLSv1.1"); 208 provide("SSLContext", "TLSv1.2"); 209 provide("SecretKeyFactory", "DES"); 210 provide("SecretKeyFactory", "DESede"); 211 provide("SecretKeyFactory", "PBEWithMD5AndDES"); 212 provide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 213 provide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 214 provide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 215 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1"); 216 provide("SecretKeyFactory", "PBKDF2WithHmacSHA1And8bit"); 217 provide("SecureRandom", "SHA1PRNG"); 218 provide("Signature", "MD2withRSA"); 219 provide("Signature", "MD5withRSA"); 220 provide("Signature", "NONEwithDSA"); 221 provide("Signature", "SHA1withDSA"); 222 provide("Signature", "SHA1withRSA"); 223 provide("Signature", "SHA256withRSA"); 224 provide("Signature", "SHA384withRSA"); 225 provide("Signature", "SHA512withRSA"); 226 provide("TerminalFactory", "PC/SC"); 227 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#base64"); 228 provide("TransformService", "http://www.w3.org/2000/09/xmldsig#enveloped-signature"); 229 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#"); 230 provide("TransformService", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"); 231 provide("TransformService", "http://www.w3.org/2002/06/xmldsig-filter2"); 232 provide("TransformService", "http://www.w3.org/TR/1999/REC-xpath-19991116"); 233 provide("TransformService", "http://www.w3.org/TR/1999/REC-xslt-19991116"); 234 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); 235 provide("TransformService", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"); 236 provide("TrustManagerFactory", "PKIX"); 237 provide("XMLSignatureFactory", "DOM"); 238 239 // Not clearly documented by RI 240 provide("GssApiMechanism", "1.2.840.113554.1.2.2"); 241 provide("GssApiMechanism", "1.3.6.1.5.5.2"); 242 243 // Not correctly documented by RI which left off the Factory suffix 244 provide("SaslClientFactory", "CRAM-MD5"); 245 provide("SaslClientFactory", "DIGEST-MD5"); 246 provide("SaslClientFactory", "EXTERNAL"); 247 provide("SaslClientFactory", "GSSAPI"); 248 provide("SaslClientFactory", "PLAIN"); 249 provide("SaslServerFactory", "CRAM-MD5"); 250 provide("SaslServerFactory", "DIGEST-MD5"); 251 provide("SaslServerFactory", "GSSAPI"); 252 253 // Documentation seems to list alias instead of actual name 254 // provide("MessageDigest", "SHA-1"); 255 provide("MessageDigest", "SHA"); 256 257 // Mentioned in javadoc, not documentation 258 provide("SSLContext", "Default"); 259 260 // Not documented as in RI 6 but mentioned in Standard Names 261 provide("AlgorithmParameters", "PBE"); 262 provide("SSLContext", "SSL"); 263 provide("SSLContext", "TLS"); 264 265 // Not documented as in RI 6 but that exist in RI 6 266 if (IS_RI) { 267 provide("CertStore", "com.sun.security.IndexedCollection"); 268 provide("KeyGenerator", "SunTlsKeyMaterial"); 269 provide("KeyGenerator", "SunTlsMasterSecret"); 270 provide("KeyGenerator", "SunTlsPrf"); 271 provide("KeyGenerator", "SunTlsRsaPremasterSecret"); 272 provide("KeyStore", "CaseExactJKS"); 273 provide("Mac", "HmacPBESHA1"); 274 provide("Mac", "SslMacMD5"); 275 provide("Mac", "SslMacSHA1"); 276 provide("SecureRandom", "NativePRNG"); 277 provide("Signature", "MD5andSHA1withRSA"); 278 provide("TrustManagerFactory", "SunX509"); 279 } 280 281 // Only available with the SunPKCS11-NSS provider, 282 // which seems to be enabled in OpenJDK 6 but not Oracle Java 6 283 if (Security.getProvider("SunPKCS11-NSS") != null) { 284 provide("AlgorithmParameters", "EC"); 285 provide("Cipher", "AES/CBC/NOPADDING"); 286 provide("Cipher", "DES/CBC/NOPADDING"); 287 provide("Cipher", "DESEDE/CBC/NOPADDING"); 288 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 289 provide("KeyAgreement", "DH"); 290 provide("KeyAgreement", "ECDH"); 291 provide("KeyFactory", "DH"); 292 provide("KeyFactory", "EC"); 293 provide("KeyPairGenerator", "DH"); 294 provide("KeyPairGenerator", "EC"); 295 provide("KeyStore", "PKCS11"); 296 provide("MessageDigest", "SHA1"); 297 provide("SecretKeyFactory", "AES"); 298 provide("SecretKeyFactory", "ARCFOUR"); 299 provide("SecureRandom", "PKCS11"); 300 provide("Signature", "DSA"); 301 provide("Signature", "NONEWITHECDSA"); 302 provide("Signature", "RAWDSA"); 303 provide("Signature", "SHA1WITHECDSA"); 304 provide("Signature", "SHA256WITHECDSA"); 305 provide("Signature", "SHA384WITHECDSA"); 306 provide("Signature", "SHA512WITHECDSA"); 307 } 308 309 // Documented as Standard Names, but do not exit in RI 6 310 if (IS_RI) { 311 unprovide("SSLContext", "TLSv1.1"); 312 unprovide("SSLContext", "TLSv1.2"); 313 } 314 315 // Fixups for the RI 316 if (IS_RI) { 317 // different names: Standard Names says PKIX, JSSE Reference Guide says SunX509 or NewSunX509 318 unprovide("KeyManagerFactory", "PKIX"); 319 provide("KeyManagerFactory", "SunX509"); 320 provide("KeyManagerFactory", "NewSunX509"); 321 } 322 323 // Fixups for dalvik 324 if (!IS_RI) { 325 326 // whole types that we do not provide 327 PROVIDER_ALGORITHMS.remove("Configuration"); 328 PROVIDER_ALGORITHMS.remove("GssApiMechanism"); 329 PROVIDER_ALGORITHMS.remove("KeyInfoFactory"); 330 PROVIDER_ALGORITHMS.remove("Policy"); 331 PROVIDER_ALGORITHMS.remove("SaslClientFactory"); 332 PROVIDER_ALGORITHMS.remove("SaslServerFactory"); 333 PROVIDER_ALGORITHMS.remove("TerminalFactory"); 334 PROVIDER_ALGORITHMS.remove("TransformService"); 335 PROVIDER_ALGORITHMS.remove("XMLSignatureFactory"); 336 337 // different names Diffie-Hellman vs DH 338 unprovide("AlgorithmParameterGenerator", "DiffieHellman"); 339 provide("AlgorithmParameterGenerator", "DH"); 340 unprovide("AlgorithmParameters", "DiffieHellman"); 341 provide("AlgorithmParameters", "DH"); 342 unprovide("KeyAgreement", "DiffieHellman"); 343 provide("KeyAgreement", "DH"); 344 unprovide("KeyFactory", "DiffieHellman"); 345 provide("KeyFactory", "DH"); 346 unprovide("KeyPairGenerator", "DiffieHellman"); 347 provide("KeyPairGenerator", "DH"); 348 349 // different names PBEWithSHA1AndDESede vs PBEWithSHAAnd3-KEYTripleDES-CBC 350 unprovide("AlgorithmParameters", "PBEWithSHA1AndDESede"); 351 unprovide("Cipher", "PBEWithSHA1AndDESede"); 352 unprovide("SecretKeyFactory", "PBEWithSHA1AndDESede"); 353 provide("AlgorithmParameters", "PKCS12PBE"); 354 provide("Cipher", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 355 provide("SecretKeyFactory", "PBEWithSHAAnd3-KEYTripleDES-CBC"); 356 357 // different names: BouncyCastle actually uses the Standard name of SHA-1 vs SHA 358 unprovide("MessageDigest", "SHA"); 359 provide("MessageDigest", "SHA-1"); 360 361 // Added to support Android KeyStore operations 362 provide("Signature", "NONEwithRSA"); 363 provide("Cipher", "RSA/ECB/NOPADDING"); 364 provide("Cipher", "RSA/ECB/PKCS1PADDING"); 365 366 // different names: ARCFOUR vs ARC4 367 unprovide("Cipher", "ARCFOUR"); 368 provide("Cipher", "ARC4"); 369 unprovide("KeyGenerator", "ARCFOUR"); 370 provide("KeyGenerator", "ARC4"); 371 372 // different case names: Blowfish vs BLOWFISH 373 unprovide("AlgorithmParameters", "Blowfish"); 374 provide("AlgorithmParameters", "BLOWFISH"); 375 unprovide("Cipher", "Blowfish"); 376 provide("Cipher", "BLOWFISH"); 377 unprovide("KeyGenerator", "Blowfish"); 378 provide("KeyGenerator", "BLOWFISH"); 379 380 // Harmony has X.509, BouncyCastle X509 381 // TODO remove one, probably Harmony's 382 provide("CertificateFactory", "X509"); 383 384 // not just different names, but different binary formats 385 unprovide("KeyStore", "JKS"); 386 provide("KeyStore", "BKS"); 387 unprovide("KeyStore", "JCEKS"); 388 provide("KeyStore", "BouncyCastle"); 389 390 // Noise to support KeyStore.PKCS12 391 provide("Cipher", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 392 provide("Cipher", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 393 provide("Cipher", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 394 provide("Cipher", "PBEWITHMD5ANDRC2"); 395 provide("Cipher", "PBEWITHSHA1ANDDES"); 396 provide("Cipher", "PBEWITHSHA1ANDRC2"); 397 provide("Cipher", "PBEWITHSHA256AND128BITAES-CBC-BC"); 398 provide("Cipher", "PBEWITHSHA256AND192BITAES-CBC-BC"); 399 provide("Cipher", "PBEWITHSHA256AND256BITAES-CBC-BC"); 400 provide("Cipher", "PBEWITHSHAAND128BITAES-CBC-BC"); 401 provide("Cipher", "PBEWITHSHAAND128BITRC2-CBC"); 402 provide("Cipher", "PBEWITHSHAAND128BITRC4"); 403 provide("Cipher", "PBEWITHSHAAND192BITAES-CBC-BC"); 404 provide("Cipher", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 405 provide("Cipher", "PBEWITHSHAAND256BITAES-CBC-BC"); 406 provide("Cipher", "PBEWITHSHAAND40BITRC2-CBC"); 407 provide("Cipher", "PBEWITHSHAAND40BITRC4"); 408 provide("Cipher", "PBEWITHSHAANDTWOFISH-CBC"); 409 provide("Mac", "PBEWITHHMACSHA"); 410 provide("Mac", "PBEWITHHMACSHA1"); 411 provide("SecretKeyFactory", "PBEWITHHMACSHA1"); 412 provide("SecretKeyFactory", "PBEWITHMD5AND128BITAES-CBC-OPENSSL"); 413 provide("SecretKeyFactory", "PBEWITHMD5AND192BITAES-CBC-OPENSSL"); 414 provide("SecretKeyFactory", "PBEWITHMD5AND256BITAES-CBC-OPENSSL"); 415 provide("SecretKeyFactory", "PBEWITHMD5ANDRC2"); 416 provide("SecretKeyFactory", "PBEWITHSHA1ANDDES"); 417 provide("SecretKeyFactory", "PBEWITHSHA1ANDRC2"); 418 provide("SecretKeyFactory", "PBEWITHSHA256AND128BITAES-CBC-BC"); 419 provide("SecretKeyFactory", "PBEWITHSHA256AND192BITAES-CBC-BC"); 420 provide("SecretKeyFactory", "PBEWITHSHA256AND256BITAES-CBC-BC"); 421 provide("SecretKeyFactory", "PBEWITHSHAAND128BITAES-CBC-BC"); 422 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC2-CBC"); 423 provide("SecretKeyFactory", "PBEWITHSHAAND128BITRC4"); 424 provide("SecretKeyFactory", "PBEWITHSHAAND192BITAES-CBC-BC"); 425 provide("SecretKeyFactory", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); 426 provide("SecretKeyFactory", "PBEWITHSHAAND256BITAES-CBC-BC"); 427 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC2-CBC"); 428 provide("SecretKeyFactory", "PBEWITHSHAAND40BITRC4"); 429 provide("SecretKeyFactory", "PBEWITHSHAANDTWOFISH-CBC"); 430 431 // Needed by our OpenSSL provider 432 provide("Cipher", "AES/CBC/NOPADDING"); 433 provide("Cipher", "AES/CBC/PKCS5PADDING"); 434 provide("Cipher", "AES/CFB/NOPADDING"); 435 provide("Cipher", "AES/CFB/PKCS5PADDING"); 436 provide("Cipher", "AES/CTR/NOPADDING"); 437 provide("Cipher", "AES/CTR/PKCS5PADDING"); 438 provide("Cipher", "AES/ECB/NOPADDING"); 439 provide("Cipher", "AES/ECB/PKCS5PADDING"); 440 provide("Cipher", "AES/OFB/NOPADDING"); 441 provide("Cipher", "AES/OFB/PKCS5PADDING"); 442 provide("Cipher", "DESEDE/CBC/NOPADDING"); 443 provide("Cipher", "DESEDE/CBC/PKCS5PADDING"); 444 provide("Cipher", "DESEDE/CFB/NOPADDING"); 445 provide("Cipher", "DESEDE/CFB/PKCS5PADDING"); 446 provide("Cipher", "DESEDE/ECB/NOPADDING"); 447 provide("Cipher", "DESEDE/ECB/PKCS5PADDING"); 448 provide("Cipher", "DESEDE/OFB/NOPADDING"); 449 provide("Cipher", "DESEDE/OFB/PKCS5PADDING"); 450 451 // removed LDAP 452 unprovide("CertStore", "LDAP"); 453 454 // removed MD2 455 unprovide("MessageDigest", "MD2"); 456 unprovide("Signature", "MD2withRSA"); 457 458 // removed RC2 459 // NOTE the implementation remains to support PKCS12 keystores 460 unprovide("AlgorithmParameters", "PBEWithSHA1AndRC2_40"); 461 unprovide("AlgorithmParameters", "RC2"); 462 unprovide("Cipher", "PBEWithSHA1AndRC2_40"); 463 unprovide("Cipher", "RC2"); 464 unprovide("KeyGenerator", "RC2"); 465 unprovide("SecretKeyFactory", "PBEWithSHA1AndRC2_40"); 466 467 // PBEWithMD5AndTripleDES is Sun proprietary 468 unprovide("AlgorithmParameters", "PBEWithMD5AndTripleDES"); 469 unprovide("Cipher", "PBEWithMD5AndTripleDES"); 470 unprovide("SecretKeyFactory", "PBEWithMD5AndTripleDES"); 471 472 // missing from Bouncy Castle 473 // Standard Names document says to use specific PBEWith*And* 474 unprovide("AlgorithmParameters", "PBE"); 475 476 // missing from Bouncy Castle 477 // TODO add to JDKAlgorithmParameters perhaps as wrapper on PBES2Parameters 478 // For now, can use AlgorithmParametersSpec javax.crypto.spec.PBEParameterSpec instead 479 unprovide("AlgorithmParameters", "PBEWithMD5AndDES"); // 1.2.840.113549.1.5.3 480 481 // EC support 482 // provide("AlgorithmParameters", "EC"); 483 provide("KeyAgreement", "ECDH"); 484 provide("KeyFactory", "EC"); 485 provide("KeyPairGenerator", "EC"); 486 provide("Signature", "NONEWITHECDSA"); 487 provide("Signature", "ECDSA"); // as opposed to SHA1WITHECDSA 488 provide("Signature", "SHA256WITHECDSA"); 489 provide("Signature", "SHA384WITHECDSA"); 490 provide("Signature", "SHA512WITHECDSA"); 491 492 // Android's CA store 493 provide("KeyStore", "AndroidCAStore"); 494 495 // Android's KeyStore provider 496 if (Security.getProvider("AndroidKeyStore") != null) { 497 provide("KeyStore", "AndroidKeyStore"); 498 } 499 } 500 } 501 502 public static final String SSL_CONTEXT_PROTOCOLS_DEFAULT = "Default"; 503 public static final Set<String> SSL_CONTEXT_PROTOCOLS = new HashSet<String>(Arrays.asList( 504 SSL_CONTEXT_PROTOCOLS_DEFAULT, 505 "SSL", 506 // "SSLv2", 507 "SSLv3", 508 "TLS", 509 "TLSv1", 510 "TLSv1.1", 511 "TLSv1.2")); 512 public static final String SSL_CONTEXT_PROTOCOL_DEFAULT = "TLS"; 513 514 public static final Set<String> KEY_TYPES = new HashSet<String>(Arrays.asList( 515 "RSA", 516 "DSA", 517 // DH_* are specified by standard names, but do not seem to be supported by RI 518 // "DH_RSA", 519 // "DH_DSA", 520 "EC", 521 "EC_EC", 522 "EC_RSA")); 523 524 public static final Set<String> SSL_SOCKET_PROTOCOLS = new HashSet<String>(Arrays.asList( 525 // "SSLv2", 526 "SSLv3", 527 "TLSv1", 528 "TLSv1.1", 529 "TLSv1.2")); 530 static { 531 if (IS_RI) { 532 /* Even though we use OpenSSL's SSLv23_method which 533 * supports sending SSLv2 client hello messages, the 534 * OpenSSL implementation in s23_client_hello disables 535 * this if SSL_OP_NO_SSLv2 is specified, which we always 536 * do to disable general use of SSLv2. 537 */ 538 SSL_SOCKET_PROTOCOLS.add("SSLv2Hello"); 539 } 540 } 541 542 public static final Set<String> SSL_SOCKET_PROTOCOLS_SSLENGINE = new HashSet<String>(SSL_SOCKET_PROTOCOLS); 543 static { 544 // No TLSv1.1 or TLSv1.2 support on SSLEngine based provider 545 if (!IS_RI) { 546 SSL_SOCKET_PROTOCOLS_SSLENGINE.remove("TLSv1.1"); 547 SSL_SOCKET_PROTOCOLS_SSLENGINE.remove("TLSv1.2"); 548 } 549 } 550 551 /** 552 * Valid values for X509TrustManager.checkClientTrusted authType, 553 * either the algorithm of the public key or UNKNOWN. 554 */ 555 public static final Set<String> CLIENT_AUTH_TYPES = new HashSet<String>(Arrays.asList( 556 "RSA", 557 "DSA", 558 "EC", 559 "UNKNOWN")); 560 561 /** 562 * Valid values for X509TrustManager.checkServerTrusted authType, 563 * either key exchange algorithm part of the cipher suite 564 * or UNKNOWN. 565 */ 566 public static final Set<String> SERVER_AUTH_TYPES = new HashSet<String>(Arrays.asList( 567 "DHE_DSS", 568 "DHE_DSS_EXPORT", 569 "DHE_RSA", 570 "DHE_RSA_EXPORT", 571 "DH_DSS_EXPORT", 572 "DH_RSA_EXPORT", 573 "DH_anon", 574 "DH_anon_EXPORT", 575 "KRB5", 576 "KRB5_EXPORT", 577 "RSA", 578 "RSA_EXPORT", 579 "RSA_EXPORT1024", 580 "ECDH_ECDSA", 581 "ECDH_RSA", 582 "ECDHE_ECDSA", 583 "ECDHE_RSA", 584 "UNKNOWN")); 585 586 public static final String CIPHER_SUITE_INVALID = "SSL_NULL_WITH_NULL_NULL"; 587 588 public static final Set<String> CIPHER_SUITES_NEITHER = new HashSet<String>(); 589 590 public static final Set<String> CIPHER_SUITES_RI = new LinkedHashSet<String>(); 591 public static final Set<String> CIPHER_SUITES_OPENSSL = new LinkedHashSet<String>(); 592 593 public static final Set<String> CIPHER_SUITES; 594 595 private static final void addRi(String cipherSuite) { 596 CIPHER_SUITES_RI.add(cipherSuite); 597 } 598 599 private static final void addOpenSsl(String cipherSuite) { 600 CIPHER_SUITES_OPENSSL.add(cipherSuite); 601 } 602 603 private static final void addBoth(String cipherSuite) { 604 addRi(cipherSuite); 605 addOpenSsl(cipherSuite); 606 } 607 608 private static final void addNeither(String cipherSuite) { 609 CIPHER_SUITES_NEITHER.add(cipherSuite); 610 } 611 612 static { 613 // Note these are added in priority order as defined by RI 7 documentation. 614 // defaultCipherSuites 615 addNeither("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"); 616 addNeither("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"); 617 addNeither("TLS_RSA_WITH_AES_256_CBC_SHA256"); 618 addNeither("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"); 619 addNeither("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"); 620 addNeither("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"); 621 addNeither("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"); 622 addOpenSsl("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"); 623 addOpenSsl("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); 624 addOpenSsl("TLS_RSA_WITH_AES_256_CBC_SHA"); 625 addOpenSsl("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"); 626 addOpenSsl("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"); 627 addOpenSsl("TLS_DHE_RSA_WITH_AES_256_CBC_SHA"); 628 addOpenSsl("TLS_DHE_DSS_WITH_AES_256_CBC_SHA"); 629 addRi( "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"); 630 addRi( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"); 631 addRi( "TLS_RSA_WITH_AES_128_CBC_SHA256"); 632 addRi( "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"); 633 addRi( "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"); 634 addRi( "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"); 635 addRi( "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"); 636 addBoth( "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"); 637 addBoth( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); 638 addBoth( "TLS_RSA_WITH_AES_128_CBC_SHA"); 639 addBoth( "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"); 640 addBoth( "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"); 641 addBoth( "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"); 642 addBoth( "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"); 643 addBoth( "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"); 644 addBoth( "TLS_ECDHE_RSA_WITH_RC4_128_SHA"); 645 addBoth( "SSL_RSA_WITH_RC4_128_SHA"); 646 addBoth( "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"); 647 addBoth( "TLS_ECDH_RSA_WITH_RC4_128_SHA"); 648 addBoth( "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"); 649 addBoth( "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"); 650 addBoth( "SSL_RSA_WITH_3DES_EDE_CBC_SHA"); 651 addBoth( "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"); 652 addBoth( "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"); 653 addBoth( "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"); 654 addBoth( "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"); 655 addBoth( "SSL_RSA_WITH_RC4_128_MD5"); 656 // RFC 5746's Signaling Cipher Suite Value to indicate a request for secure renegotiation 657 addBoth(CIPHER_SUITE_SECURE_RENEGOTIATION); 658 659 // non-defaultCipherSuites 660 addNeither("TLS_DH_anon_WITH_AES_256_CBC_SHA256"); 661 addOpenSsl("TLS_ECDH_anon_WITH_AES_256_CBC_SHA"); 662 addOpenSsl("TLS_DH_anon_WITH_AES_256_CBC_SHA"); 663 addRi( "TLS_DH_anon_WITH_AES_128_CBC_SHA256"); 664 addBoth( "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"); 665 addBoth( "TLS_DH_anon_WITH_AES_128_CBC_SHA"); 666 addBoth( "TLS_ECDH_anon_WITH_RC4_128_SHA"); 667 addBoth( "SSL_DH_anon_WITH_RC4_128_MD5"); 668 addBoth( "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"); 669 addBoth( "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); 670 addRi( "TLS_RSA_WITH_NULL_SHA256"); 671 addBoth( "TLS_ECDHE_ECDSA_WITH_NULL_SHA"); 672 addBoth( "TLS_ECDHE_RSA_WITH_NULL_SHA"); 673 addBoth( "SSL_RSA_WITH_NULL_SHA"); 674 addBoth( "TLS_ECDH_ECDSA_WITH_NULL_SHA"); 675 addBoth( "TLS_ECDH_RSA_WITH_NULL_SHA"); 676 addBoth( "TLS_ECDH_anon_WITH_NULL_SHA"); 677 addBoth( "SSL_RSA_WITH_NULL_MD5"); 678 addBoth( "SSL_RSA_WITH_DES_CBC_SHA"); 679 addBoth( "SSL_DHE_RSA_WITH_DES_CBC_SHA"); 680 addBoth( "SSL_DHE_DSS_WITH_DES_CBC_SHA"); 681 addBoth( "SSL_DH_anon_WITH_DES_CBC_SHA"); 682 addBoth( "SSL_RSA_EXPORT_WITH_RC4_40_MD5"); 683 addBoth( "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"); 684 addBoth( "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"); 685 addBoth( "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"); 686 addBoth( "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); 687 addBoth( "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"); 688 689 // Android does not have Keberos support 690 addRi( "TLS_KRB5_WITH_RC4_128_SHA"); 691 addRi( "TLS_KRB5_WITH_RC4_128_MD5"); 692 addRi( "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"); 693 addRi( "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"); 694 addRi( "TLS_KRB5_WITH_DES_CBC_SHA"); 695 addRi( "TLS_KRB5_WITH_DES_CBC_MD5"); 696 addRi( "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"); 697 addRi( "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"); 698 addRi( "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"); 699 addRi( "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"); 700 701 // Dropped 702 addNeither("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"); 703 addNeither("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"); 704 705 // Old non standard exportable encryption 706 addNeither("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA"); 707 addNeither("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA"); 708 709 // No RC2 710 addNeither("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"); 711 addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"); 712 addNeither("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"); 713 714 CIPHER_SUITES = (IS_RI) ? CIPHER_SUITES_RI : CIPHER_SUITES_OPENSSL; 715 } 716 717 public static final List<String> CIPHER_SUITES_DEFAULT = (IS_RI) 718 ? Arrays.asList("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 719 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 720 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 721 "SSL_RSA_WITH_RC4_128_SHA", 722 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 723 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 724 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 725 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 726 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 727 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 728 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 729 "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 730 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 731 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 732 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 733 "TLS_RSA_WITH_AES_128_CBC_SHA", 734 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 735 "SSL_RSA_WITH_RC4_128_MD5", 736 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 737 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 738 "SSL_RSA_WITH_3DES_EDE_CBC_SHA") 739 : Arrays.asList("SSL_RSA_WITH_RC4_128_MD5", 740 "SSL_RSA_WITH_RC4_128_SHA", 741 "TLS_RSA_WITH_AES_128_CBC_SHA", 742 "TLS_RSA_WITH_AES_256_CBC_SHA", 743 "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", 744 "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", 745 "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", 746 "TLS_ECDH_RSA_WITH_RC4_128_SHA", 747 "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", 748 "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", 749 "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", 750 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", 751 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", 752 "TLS_ECDHE_RSA_WITH_RC4_128_SHA", 753 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", 754 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", 755 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", 756 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", 757 "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", 758 "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", 759 "SSL_RSA_WITH_3DES_EDE_CBC_SHA", 760 "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", 761 "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", 762 "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", 763 "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", 764 "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", 765 "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", 766 "SSL_RSA_WITH_DES_CBC_SHA", 767 "SSL_DHE_RSA_WITH_DES_CBC_SHA", 768 "SSL_DHE_DSS_WITH_DES_CBC_SHA", 769 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", 770 "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 771 "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 772 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 773 CIPHER_SUITE_SECURE_RENEGOTIATION); 774 775 public static final Set<String> CIPHER_SUITES_SSLENGINE = new HashSet<String>(CIPHER_SUITES); 776 static { 777 // No Elliptic Curve support on SSLEngine based provider 778 if (!IS_RI) { 779 Iterator<String> i = CIPHER_SUITES_SSLENGINE.iterator(); 780 while (i.hasNext()) { 781 String cs = i.next(); 782 if (cs.startsWith("TLS_EC") || cs.equals(CIPHER_SUITE_SECURE_RENEGOTIATION)) { 783 i.remove(); 784 } 785 } 786 } 787 } 788 789 public static final Map<String, Class<? extends KeySpec>> PRIVATE_KEY_SPEC_CLASSES; 790 public static final Map<String, Class<? extends KeySpec>> PUBLIC_KEY_SPEC_CLASSES; 791 public static final Map<String, Integer> MINIMUM_KEY_SIZE; 792 static { 793 PRIVATE_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 794 PUBLIC_KEY_SPEC_CLASSES = new HashMap<String, Class<? extends KeySpec>>(); 795 MINIMUM_KEY_SIZE = new HashMap<String, Integer>(); 796 PRIVATE_KEY_SPEC_CLASSES.put("RSA", RSAPrivateCrtKeySpec.class); 797 PUBLIC_KEY_SPEC_CLASSES.put("RSA", RSAPublicKeySpec.class); 798 MINIMUM_KEY_SIZE.put("RSA", 256); 799 PRIVATE_KEY_SPEC_CLASSES.put("DSA", DSAPrivateKeySpec.class); 800 PUBLIC_KEY_SPEC_CLASSES.put("DSA", DSAPublicKeySpec.class); 801 MINIMUM_KEY_SIZE.put("DSA", 512); 802 PRIVATE_KEY_SPEC_CLASSES.put("DH", DHPrivateKeySpec.class); 803 PUBLIC_KEY_SPEC_CLASSES.put("DH", DHPublicKeySpec.class); 804 MINIMUM_KEY_SIZE.put("DH", 256); 805 PRIVATE_KEY_SPEC_CLASSES.put("EC", ECPrivateKeySpec.class); 806 PUBLIC_KEY_SPEC_CLASSES.put("EC", ECPublicKeySpec.class); 807 MINIMUM_KEY_SIZE.put("EC", 256); 808 } 809 810 public static Class<? extends KeySpec> getPrivateKeySpecClass(String algName) { 811 return PRIVATE_KEY_SPEC_CLASSES.get(algName); 812 } 813 814 public static Class<? extends KeySpec> getPublicKeySpecClass(String algName) { 815 return PUBLIC_KEY_SPEC_CLASSES.get(algName); 816 } 817 818 public static int getMinimumKeySize(String algName) { 819 return MINIMUM_KEY_SIZE.get(algName); 820 } 821 822 /** 823 * Asserts that the cipher suites array is non-null and that it 824 * all of its contents are cipher suites known to this 825 * implementation. As a convenience, returns any unenabled cipher 826 * suites in a test for those that want to verify separately that 827 * all cipher suites were included. 828 */ 829 public static Set<String> assertValidCipherSuites(Set<String> expected, String[] cipherSuites) { 830 assertNotNull(cipherSuites); 831 assertTrue(cipherSuites.length != 0); 832 833 // Make sure all cipherSuites names are expected 834 Set remainingCipherSuites = new HashSet<String>(expected); 835 Set unknownCipherSuites = new HashSet<String>(); 836 for (String cipherSuite : cipherSuites) { 837 boolean removed = remainingCipherSuites.remove(cipherSuite); 838 if (!removed) { 839 unknownCipherSuites.add(cipherSuite); 840 } 841 } 842 assertEquals("Unknown cipher suites", Collections.EMPTY_SET, unknownCipherSuites); 843 return remainingCipherSuites; 844 } 845 846 /** 847 * After using assertValidCipherSuites on cipherSuites, 848 * assertSupportedCipherSuites additionally verifies that all 849 * supported cipher suites where in the input array. 850 */ 851 public static void assertSupportedCipherSuites(Set<String> expected, String[] cipherSuites) { 852 Set<String> remainingCipherSuites = assertValidCipherSuites(expected, cipherSuites); 853 assertEquals("Missing cipher suites", Collections.EMPTY_SET, remainingCipherSuites); 854 assertEquals(expected.size(), cipherSuites.length); 855 } 856 857 /** 858 * Asserts that the protocols array is non-null and that it all of 859 * its contents are protocols known to this implementation. As a 860 * convenience, returns any unenabled protocols in a test for 861 * those that want to verify separately that all protocols were 862 * included. 863 */ 864 public static Set<String> assertValidProtocols(Set<String> expected, String[] protocols) { 865 assertNotNull(protocols); 866 assertTrue(protocols.length != 0); 867 868 // Make sure all protocols names are expected 869 Set remainingProtocols = new HashSet<String>(expected); 870 Set unknownProtocols = new HashSet<String>(); 871 for (String protocol : protocols) { 872 if (!remainingProtocols.remove(protocol)) { 873 unknownProtocols.add(protocol); 874 } 875 } 876 assertEquals("Unknown protocols", Collections.EMPTY_SET, unknownProtocols); 877 return remainingProtocols; 878 } 879 880 /** 881 * After using assertValidProtocols on protocols, 882 * assertSupportedProtocols additionally verifies that all 883 * supported protocols where in the input array. 884 */ 885 public static void assertSupportedProtocols(Set<String> expected, String[] protocols) { 886 Set<String> remainingProtocols = assertValidProtocols(expected, protocols); 887 assertEquals("Missing protocols", Collections.EMPTY_SET, remainingProtocols); 888 assertEquals(expected.size(), protocols.length); 889 } 890 891 /** 892 * Assert cipher suites match the default list in content and priority order. 893 */ 894 public static void assertDefaultCipherSuites(String[] cipherSuites) { 895 assertValidCipherSuites(CIPHER_SUITES, cipherSuites); 896 assertEquals(CIPHER_SUITES_DEFAULT, Arrays.asList(cipherSuites)); 897 } 898 899 /** 900 * Get all supported mode names for the given cipher. 901 */ 902 public static Set<String> getModesForCipher(String cipher) { 903 return CIPHER_MODES.get(cipher); 904 } 905 906 /** 907 * Get all supported padding names for the given cipher. 908 */ 909 public static Set<String> getPaddingsForCipher(String cipher) { 910 return CIPHER_PADDINGS.get(cipher); 911 } 912 } 913
