[Pkg-freeipa-devel] tomcatjss: Changes to 'upstream'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Thu Jul 23 21:35:29 UTC 2015
build.xml | 6
src/org/apache/tomcat/util/net/jss/IJSSFactory.java | 9
src/org/apache/tomcat/util/net/jss/IPasswordStore.java | 18
src/org/apache/tomcat/util/net/jss/JSSFactory.java | 11
src/org/apache/tomcat/util/net/jss/JSSImplementation.java | 37
src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java | 1235 ++++++++------
src/org/apache/tomcat/util/net/jss/JSSSupport.java | 41
src/org/apache/tomcat/util/net/jss/PlainPasswordFile.java | 40
tomcatjss.spec | 20
9 files changed, 822 insertions(+), 595 deletions(-)
New commits:
commit f88189fa69bece09da22fbb218636529f9d531d8
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Thu May 7 08:27:13 2015 +0300
Imported Upstream version 7.1.2
diff --git a/build.xml b/build.xml
index 1b60236..eaa3bda 100755
--- a/build.xml
+++ b/build.xml
@@ -37,8 +37,8 @@
<property name="Name" value="Tomcat JSS"/>
<property name="name" value="tomcatjss"/>
- <property name="version" value="7.1.1"/>
- <property name="manifest-version" value="7.1.1"/>
+ <property name="version" value="7.1.2"/>
+ <property name="manifest-version" value="7.1.2"/>
<!--
Set the properties that control various build options
@@ -104,6 +104,7 @@
<!-- This property is set to '/dirsec' when built on rhel4 -->
<property name="dirsec" value="" />
<property name="jss.jar" value="${jss.home}${dirsec}/jss4.jar" />
+ <property name="commons-lang.jar" value="${jar.home}/commons-lang.jar" />
<!--
Classpath
@@ -112,6 +113,7 @@
<pathelement location="${jss.jar}"/>
<pathelement location="${tomcat-coyote.jar}"/>
<pathelement location="${commons-logging.jar}"/>
+ <pathelement location="${commons-lang.jar}"/>
</path>
<!--
diff --git a/src/org/apache/tomcat/util/net/jss/IJSSFactory.java b/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
index 1051767..49c9695 100755
--- a/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/IJSSFactory.java
@@ -19,11 +19,14 @@
package org.apache.tomcat.util.net.jss;
-import org.mozilla.jss.ssl.*;
-import org.apache.tomcat.util.net.*;
-import java.net.*;
+import java.net.Socket;
+
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.ServerSocketFactory;
interface IJSSFactory {
public ServerSocketFactory getSocketFactory(AbstractEndpoint endpoint);
+
public SSLSupport getSSLSupport(Socket socket);
}
diff --git a/src/org/apache/tomcat/util/net/jss/IPasswordStore.java b/src/org/apache/tomcat/util/net/jss/IPasswordStore.java
index 0e82134..b0f1d43 100755
--- a/src/org/apache/tomcat/util/net/jss/IPasswordStore.java
+++ b/src/org/apache/tomcat/util/net/jss/IPasswordStore.java
@@ -12,21 +12,27 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
+ *
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK */
package org.apache.tomcat.util.net.jss;
-import java.util.*;
-import java.io.*;
+import java.io.IOException;
+import java.util.Enumeration;
public interface IPasswordStore {
public void init(String pwdPath) throws IOException;
+
+ public String getPassword(String tag, int iteration);
+
public String getPassword(String tag);
- public Enumeration getTags();
+
+ public Enumeration<String> getTags();
+
public Object putPassword(String tag, String password);
- public void commit()
- throws IOException, ClassCastException, NullPointerException;
+
+ public void commit() throws IOException, ClassCastException,
+ NullPointerException;
}
diff --git a/src/org/apache/tomcat/util/net/jss/JSSFactory.java b/src/org/apache/tomcat/util/net/jss/JSSFactory.java
index 7e09cba..601ddfe 100755
--- a/src/org/apache/tomcat/util/net/jss/JSSFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSFactory.java
@@ -19,9 +19,12 @@
package org.apache.tomcat.util.net.jss;
-import org.mozilla.jss.ssl.*;
-import org.apache.tomcat.util.net.*;
-import java.net.*;
+import java.net.Socket;
+
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.apache.tomcat.util.net.SSLSupport;
+import org.apache.tomcat.util.net.ServerSocketFactory;
+import org.mozilla.jss.ssl.SSLSocket;
class JSSFactory implements IJSSFactory {
JSSFactory() {
@@ -32,6 +35,6 @@ class JSSFactory implements IJSSFactory {
}
public SSLSupport getSSLSupport(Socket socket) {
- return new JSSSupport((SSLSocket)socket);
+ return new JSSSupport((SSLSocket) socket);
}
}
diff --git a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
index 312bae1..5646c4d 100755
--- a/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSImplementation.java
@@ -20,21 +20,19 @@
package org.apache.tomcat.util.net.jss;
import java.net.Socket;
-import java.io.*;
+
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLImplementation;
import org.apache.tomcat.util.net.SSLSupport;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.ServerSocketFactory;
-public class JSSImplementation extends SSLImplementation
-{
- static final String JSSFactory =
- "org.apache.tomcat.util.net.jss.JSSFactory";
+public class JSSImplementation extends SSLImplementation {
+ static final String JSSFactory = "org.apache.tomcat.util.net.jss.JSSFactory";
static final String SSLSocketClass = "org.mozilla.jss.ssl.SSLSocket";
- static org.apache.commons.logging.Log logger =
- org.apache.commons.logging.LogFactory.getLog(JSSImplementation.class);
+ static org.apache.commons.logging.Log logger = org.apache.commons.logging.LogFactory
+ .getLog(JSSImplementation.class);
private JSSFactory factory = null;
@@ -43,9 +41,9 @@ public class JSSImplementation extends SSLImplementation
try {
Class factcl = Class.forName(JSSFactory);
- factory = (JSSFactory)factcl.newInstance();
+ factory = (JSSFactory) factcl.newInstance();
} catch (Exception e) {
- if(logger.isDebugEnabled())
+ if (logger.isDebugEnabled())
logger.debug("Error getting factory: " + JSSFactory, e);
}
}
@@ -54,8 +52,7 @@ public class JSSImplementation extends SSLImplementation
return "JSS";
}
- public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint)
- {
+ public ServerSocketFactory getServerSocketFactory(AbstractEndpoint endpoint) {
ServerSocketFactory ssf = factory.getSocketFactory(endpoint);
return ssf;
}
@@ -68,28 +65,28 @@ public class JSSImplementation extends SSLImplementation
public SSLSupport getSSLSupport(javax.net.ssl.SSLSession session) {
/*
- * The Tomcat 6.0.26 docs says:
- * This method has been deprecated since it adds a JSSE dependency
- * to this interface. It will be removed in versions after 6.0.x.
- *
+ * The Tomcat 6.0.26 docs says: This method has been deprecated since it
+ * adds a JSSE dependency to this interface. It will be removed in
+ * versions after 6.0.x.
+ *
* But we have to provide a implementation of this method because it's
* declared as abstract.
- *
+ *
* Unfortunately there does not appear to be any way to get SSLSupport
* information from a session with JSS. JSS looks up the information
* based on a socket, not a session. This done in SSLSocket.c
* Java_org_mozilla_jss_ssl_SSLSocket_getStatus().
- *
+ *
* So while it would be nice to provide a working implmentation there
* doesn't seem to be an easy way to do this. Given that this method is
* already deprecated and there hasn't been any evidence of it being
* called it therefore seems reasonable to just return null to satify
* the compiler's demand for an implementation.
- *
+ *
* Once this abstract method is removed from SSLImplementation in a
* future release we can remove this stub.
- *
- * NOTE: This method has NOT yet been deprecated in Tomcat 7!
+ *
+ * NOTE: This method has NOT yet been deprecated in Tomcat 7!
*/
return null;
}
diff --git a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
index 1ea3ad4..7576618 100755
--- a/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
+++ b/src/org/apache/tomcat/util/net/jss/JSSSocketFactory.java
@@ -12,371 +12,509 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
+ *
* Copyright (C) 2007 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK */
package org.apache.tomcat.util.net.jss;
-import java.util.*;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketException;
+import java.security.GeneralSecurityException;
import java.text.SimpleDateFormat;
-import java.lang.Thread;
-import java.lang.NumberFormatException;
-import org.mozilla.jss.ssl.*;
-import org.mozilla.jss.crypto.*;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.util.*;
-import org.mozilla.jss.pkcs11.*;
-import java.net.*;
-import java.io.*;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.StringTokenizer;
-// Imports required to "implement" Tomcat 7 Interface
-import org.apache.tomcat.util.net.AbstractEndpoint;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
-public class JSSSocketFactory
- implements org.apache.tomcat.util.net.ServerSocketFactory,
- org.apache.tomcat.util.net.SSLUtil {
-
- private static HashMap cipherMap = new HashMap();
+import org.apache.commons.lang.StringUtils;
+// Imports required to "implement" Tomcat 7 Interface
+import org.apache.tomcat.util.net.AbstractEndpoint;
+import org.mozilla.jss.CertDatabaseException;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.CryptoManager.NotInitializedException;
+import org.mozilla.jss.KeyDatabaseException;
+import org.mozilla.jss.NoSuchTokenException;
+import org.mozilla.jss.crypto.AlreadyInitializedException;
+import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.TokenException;
+import org.mozilla.jss.ssl.SSLServerSocket;
+import org.mozilla.jss.ssl.SSLSocket;
+import org.mozilla.jss.util.IncorrectPasswordException;
+import org.mozilla.jss.util.Password;
+
+public class JSSSocketFactory implements
+ org.apache.tomcat.util.net.ServerSocketFactory,
+ org.apache.tomcat.util.net.SSLUtil {
+
+ private static HashMap<String, Integer> cipherMap = new HashMap<String, Integer>();
static {
// SSLv2
- cipherMap.put("SSL2_RC4_128_WITH_MD5", SSLSocket.SSL2_RC4_128_WITH_MD5);
- cipherMap.put("SSL2_RC4_128_EXPORT40_WITH_MD5", SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5);
- cipherMap.put("SSL2_RC2_128_CBC_WITH_MD5", SSLSocket.SSL2_RC2_128_CBC_WITH_MD5);
- cipherMap.put("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5", SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5);
- cipherMap.put("SSL2_IDEA_128_CBC_WITH_MD5", SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5);
- cipherMap.put("SSL2_DES_64_CBC_WITH_MD5", SSLSocket.SSL2_DES_64_CBC_WITH_MD5);
- cipherMap.put("SSL2_DES_192_EDE3_CBC_WITH_MD5", SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5);
+ cipherMap.put("SSL2_RC4_128_WITH_MD5", SSLSocket.SSL2_RC4_128_WITH_MD5);
+ cipherMap.put("SSL2_RC4_128_EXPORT40_WITH_MD5",
+ SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5);
+ cipherMap.put("SSL2_RC2_128_CBC_WITH_MD5",
+ SSLSocket.SSL2_RC2_128_CBC_WITH_MD5);
+ cipherMap.put("SSL2_RC2_128_CBC_EXPORT40_WITH_MD5",
+ SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5);
+ cipherMap.put("SSL2_IDEA_128_CBC_WITH_MD5",
+ SSLSocket.SSL2_IDEA_128_CBC_WITH_MD5);
+ cipherMap.put("SSL2_DES_64_CBC_WITH_MD5",
+ SSLSocket.SSL2_DES_64_CBC_WITH_MD5);
+ cipherMap.put("SSL2_DES_192_EDE3_CBC_WITH_MD5",
+ SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5);
// SSLv3
- cipherMap.put("SSL3_RSA_WITH_NULL_MD5", SSLSocket.SSL3_RSA_WITH_NULL_MD5);
- cipherMap.put("SSL3_RSA_WITH_NULL_SHA", SSLSocket.SSL3_RSA_WITH_NULL_SHA);
- cipherMap.put("SSL3_RSA_EXPORT_WITH_RC4_40_MD5", SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5);
- cipherMap.put("SSL3_RSA_WITH_RC4_128_MD5", SSLSocket.SSL3_RSA_WITH_RC4_128_MD5);
- cipherMap.put("SSL3_RSA_WITH_RC4_128_SHA", SSLSocket.SSL3_RSA_WITH_RC4_128_SHA);
- cipherMap.put("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5", SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
- cipherMap.put("SSL3_RSA_WITH_IDEA_CBC_SHA", SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA);
- cipherMap.put("SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DH_DSS_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DH_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA", SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA", SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5", SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
- cipherMap.put("SSL3_DH_ANON_WITH_RC4_128_MD5", SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5);
- cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA", SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA);
- cipherMap.put("SSL3_DH_ANON_WITH_DES_CBC_SHA", SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA);
- cipherMap.put("SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA);
-
- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_NULL_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_NULL_SHA);
- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
- cipherMap.put("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA", SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA);
-
- cipherMap.put("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("SSL_RSA_FIPS_WITH_DES_CBC_SHA", SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA);
-
+ cipherMap.put("SSL3_RSA_WITH_NULL_MD5",
+ SSLSocket.SSL3_RSA_WITH_NULL_MD5);
+ cipherMap.put("SSL3_RSA_WITH_NULL_SHA",
+ SSLSocket.SSL3_RSA_WITH_NULL_SHA);
+ cipherMap.put("SSL3_RSA_EXPORT_WITH_RC4_40_MD5",
+ SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5);
+ cipherMap.put("SSL3_RSA_WITH_RC4_128_MD5",
+ SSLSocket.SSL3_RSA_WITH_RC4_128_MD5);
+ cipherMap.put("SSL3_RSA_WITH_RC4_128_SHA",
+ SSLSocket.SSL3_RSA_WITH_RC4_128_SHA);
+ cipherMap.put("SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+ SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
+ cipherMap.put("SSL3_RSA_WITH_IDEA_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_IDEA_CBC_SHA);
+ cipherMap.put("SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DH_DSS_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DH_DSS_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DH_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DH_RSA_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DHE_DSS_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DHE_RSA_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5",
+ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5);
+ cipherMap.put("SSL3_DH_ANON_WITH_RC4_128_MD5",
+ SSLSocket.SSL3_DH_ANON_WITH_RC4_128_MD5);
+ cipherMap.put("SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA",
+ SSLSocket.SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA);
+ cipherMap.put("SSL3_DH_ANON_WITH_DES_CBC_SHA",
+ SSLSocket.SSL3_DH_ANON_WITH_DES_CBC_SHA);
+ cipherMap.put("SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA);
+
+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_NULL_SHA",
+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_NULL_SHA);
+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA",
+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA);
+ cipherMap.put("SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA",
+ SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA);
+
+ cipherMap.put("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("SSL_RSA_FIPS_WITH_DES_CBC_SHA",
+ SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA);
+
// TLS
- cipherMap.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
- cipherMap.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
-
- cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
- cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
- cipherMap.put("TLS_DHE_DSS_WITH_RC4_128_SHA", SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA);
-
- cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_DH_ANON_WITH_AES_128_CBC_SHA", SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA);
-
- cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
- cipherMap.put("TLS_DH_ANON_WITH_AES_256_CBC_SHA", SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
+ SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA);
+ cipherMap.put("TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
+ SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA);
+
+ cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
+ SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA);
+ cipherMap.put("TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
+ SSLSocket.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA);
+ cipherMap.put("TLS_DHE_DSS_WITH_RC4_128_SHA",
+ SSLSocket.TLS_DHE_DSS_WITH_RC4_128_SHA);
+
+ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_DH_ANON_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_DH_ANON_WITH_AES_128_CBC_SHA);
+
+ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
+ cipherMap.put("TLS_DH_ANON_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_DH_ANON_WITH_AES_256_CBC_SHA);
// ECC
- cipherMap.put("TLS_ECDH_ECDSA_WITH_NULL_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
-
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
-
- cipherMap.put("TLS_ECDHE_RSA_WITH_NULL_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
-
- cipherMap.put("TLS_ECDH_anon_WITH_NULL_SHA", SSLSocket.TLS_ECDH_anon_WITH_NULL_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_RC4_128_SHA", SSLSocket.TLS_ECDH_anon_WITH_RC4_128_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
- cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA", SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
-
- //TLSv1_2
- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
- cipherMap.put("TLS_RSA_WITH_NULL_SHA256", SSLSocket.TLS_RSA_WITH_NULL_SHA256);
- cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256", SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
- cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA", SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
- cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
- cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
- cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
+
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
+
+ cipherMap.put("TLS_ECDHE_RSA_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+
+ cipherMap.put("TLS_ECDH_anon_WITH_NULL_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_NULL_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_RC4_128_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_RC4_128_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_AES_128_CBC_SHA);
+ cipherMap.put("TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+ SSLSocket.TLS_ECDH_anon_WITH_AES_256_CBC_SHA);
+
+ // TLSv1_2
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
+ cipherMap.put("TLS_RSA_WITH_NULL_SHA256",
+ SSLSocket.TLS_RSA_WITH_NULL_SHA256);
+ cipherMap.put("TLS_RSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_RSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_RSA_WITH_AES_256_CBC_SHA256",
+ SSLSocket.TLS_RSA_WITH_AES_256_CBC_SHA256);
+ cipherMap.put("TLS_RSA_WITH_SEED_CBC_SHA",
+ SSLSocket.TLS_RSA_WITH_SEED_CBC_SHA);
+ cipherMap.put("TLS_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
+ cipherMap.put("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+ cipherMap.put("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
}
- private static HashMap eccCipherMap = new HashMap();
+ private static HashMap<Integer, String> eccCipherMap = new HashMap<Integer, String>();
static {
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS_ECDH_RSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS_ECDHE_RSA_WITH_NULL_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA, "TLS_ECDH_RSA_WITH_NULL_SHA");
- eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS_ECDH_ECDSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA,
+ "TLS_ECDH_RSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+ "TLS_ECDHE_ECDSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA,
+ "TLS_ECDHE_RSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA,
+ "TLS_ECDH_RSA_WITH_NULL_SHA");
+ eccCipherMap.put(SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA,
+ "TLS_ECDH_ECDSA_WITH_NULL_SHA");
}
private AbstractEndpoint endpoint;
- static org.apache.commons.logging.Log log =
- org.apache.commons.logging.LogFactory.getLog(JSSSocketFactory.class);
+ static org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory
+ .getLog(JSSSocketFactory.class);
protected static boolean ocspConfigured = false;
protected boolean requireClientAuth = false;
protected boolean wantClientAuth = false;
- private Vector enabledCiphers = new Vector();
private boolean initialized = false;
private String serverCertNick = "";
- private String mServerCertNickPath ="";
- private String mPwdPath ="";
- private String mPwdClass ="";
+ private String mServerCertNickPath = "";
+ private String mPwdPath = "";
+ private String mPwdClass = "";
private static final String DATE_PATTERN = "dd/MMM/yyyy:HH:mm:ss";
- private static SimpleDateFormat timeStampFormat = new SimpleDateFormat(DATE_PATTERN);
+ private static SimpleDateFormat timeStampFormat = new SimpleDateFormat(
+ DATE_PATTERN);
FileWriter debugFile = null;
boolean debug = false;
private IPasswordStore mPasswordStore = null;
private boolean mStrictCiphers = false;
+ private static final int MAX_PW_ATTEMPTS = 3;
- public JSSSocketFactory (AbstractEndpoint endpoint) {
+ public JSSSocketFactory(AbstractEndpoint endpoint) {
this.endpoint = endpoint;
}
private void debugWrite(String m) throws IOException {
- if (debug) {
+ if (debug) {
String timeStamp = timeStampFormat.format(new Date());
String threadName = Thread.currentThread().getName();
- debugFile.write("[" + timeStamp + "][" + threadName + "]: " + m);
+ debugFile.write("[" + timeStamp + "][" + threadName + "]: " + m);
}
}
- public void setSSLCiphers(String attr) throws SocketException, IOException
- {
- String ciphers = (String)endpoint.getAttribute(attr);
- if (ciphers == null || ciphers.equals("")) {
- debugWrite("JSSSocketFactory setSSLCiphers: "+ attr +" not found");
- return;
- }
- StringTokenizer st = new StringTokenizer(ciphers, ",");
- while (st.hasMoreTokens()) {
- String cipherstr = st.nextToken();
- int cipherid = 0;
- String text;
- boolean state;
-
- if (cipherstr.startsWith("+")) {
- state = true;
- text = cipherstr.substring(1);
- } else if (cipherstr.startsWith("-")) {
- state = false;
- text = cipherstr.substring(1);
- } else {
- state = true; // no enable/disable flag, assume enable
- text = cipherstr;
+ public void setSSLCiphers(String attr) throws SocketException, IOException {
+ String ciphers = getEndpointAttribute(attr);
+ if (StringUtils.isEmpty(ciphers)) {
+ debugWrite("JSSSocketFactory setSSLCiphers: " + attr + " not found");
+ return;
}
-
- if (text.startsWith("0x") || text.startsWith("0X")) {
- // this allows us to specify new ciphers
- try {
- cipherid = Integer.parseInt(text.substring(2), 16);
- }
- catch (Exception e) {
- System.err.println("Error: SSL cipher \"\""+text+"\" cannot be read as an integer");
- continue;
+ StringTokenizer st = new StringTokenizer(ciphers, ",");
+ while (st.hasMoreTokens()) {
+ String cipherstr = st.nextToken();
+ int cipherid = 0;
+ String text;
+ boolean state;
+
+ if (cipherstr.startsWith("+")) {
+ state = true;
+ text = cipherstr.substring(1);
+ } else if (cipherstr.startsWith("-")) {
+ state = false;
+ text = cipherstr.substring(1);
+ } else {
+ state = true; // no enable/disable flag, assume enable
+ text = cipherstr;
}
- } else {
- Object mapValue;
- mapValue = cipherMap.get(text);
- if (mapValue == null) {
- cipherid = 0;
+ if (text.startsWith("0x") || text.startsWith("0X")) {
+ // this allows us to specify new ciphers
+ try {
+ cipherid = Integer.parseInt(text.substring(2), 16);
+ } catch (Exception e) {
+ System.err.println("Error: SSL cipher \"\"" + text
+ + "\" cannot be read as an integer");
+ continue;
+ }
} else {
- cipherid = (Integer)mapValue;
- }
- }
- if (cipherid != 0) {
- try {
- debugWrite("JSSSocketFactory setSSLCiphers: "+
- cipherstr+": 0x"+Integer.toHexString(cipherid) +"\n");
- SSLSocket.setCipherPreferenceDefault(cipherid, state);
- }
- catch (Exception e) {
- if (eccCipherMap.containsKey(cipherid)) {
- System.err.println("Warning: SSL ECC cipher \""+text+"\" unsupported by NSS. "+
- "This is probably O.K. unless ECC support has been installed.");
+ Object mapValue;
+
+ mapValue = cipherMap.get(text);
+ if (mapValue == null) {
+ cipherid = 0;
} else {
- System.err.println("Error: SSL cipher \""+text+"\" unsupported by NSS");
+ cipherid = (Integer) mapValue;
}
}
- } else {
- System.err.println("Error: SSL cipher \""+text+"\" not recognized by tomcatjss");
+ if (cipherid != 0) {
+ try {
+ debugWrite("JSSSocketFactory setSSLCiphers: " + cipherstr
+ + ": 0x" + Integer.toHexString(cipherid) + "\n");
+ SSLSocket.setCipherPreferenceDefault(cipherid, state);
+ } catch (Exception e) {
+ if (eccCipherMap.containsKey(cipherid)) {
+ System.err
+ .println("Warning: SSL ECC cipher \""
+ + text
+ + "\" unsupported by NSS. "
+ + "This is probably O.K. unless ECC support has been installed.");
+ } else {
+ System.err.println("Error: SSL cipher \"" + text
+ + "\" unsupported by NSS");
+ }
+ }
+ } else {
+ System.err.println("Error: SSL cipher \"" + text
+ + "\" not recognized by tomcatjss");
+ }
}
- }
}
/*
- * note: the SSL_OptionSet-based API for controlling the enabled
- * protocol versions are obsolete and replaced by the
- * setSSLVersionRange calls. If the "range" parameters are
- * present in the attributes then the sslOptions parameter is
- * ignored.
+ * note: the SSL_OptionSet-based API for controlling the enabled protocol
+ * versions are obsolete and replaced by the setSSLVersionRange calls. If
+ * the "range" parameters are present in the attributes then the sslOptions
+ * parameter is ignored.
*/
- public void setSSLOptions() throws SocketException, IOException
- {
- String options = (String)endpoint.getAttribute("sslOptions");
- StringTokenizer st = new StringTokenizer(options, ",");
- while (st.hasMoreTokens()) {
- String option = st.nextToken();
- StringTokenizer st1 = new StringTokenizer(option, "=");
- String name = st1.nextToken();
- String value = st1.nextToken();
- if (name.equals("ssl2")) {
- if (value.equals("true")) {
- SSLSocket.enableSSL2Default(true);
- setSSLCiphers("ssl2Ciphers");
- } else {
- SSLSocket.enableSSL2Default(false);
- }
- }
- if (name.equals("ssl3")) {
- if (value.equals("true")) {
- SSLSocket.enableSSL3Default(true);
- setSSLCiphers("ssl3Ciphers");
- } else {
- SSLSocket.enableSSL3Default(false);
- }
+ public void setSSLOptions() throws SocketException, IOException {
+ String options = getEndpointAttribute("sslOptions");
+ if (StringUtils.isEmpty(options)) {
+ debugWrite("no sslOptions specified");
+ return;
}
- if (name.equals("tls")) {
- if (value.equals("true")) {
- SSLSocket.enableTLSDefault(true);
- setSSLCiphers("tlsCiphers");
- } else {
- SSLSocket.enableTLSDefault(false);
- }
+ StringTokenizer st = new StringTokenizer(options, ",");
+ while (st.hasMoreTokens()) {
+ String option = st.nextToken();
+ StringTokenizer st1 = new StringTokenizer(option, "=");
+ String name = st1.nextToken();
+ String value = st1.nextToken();
+ if (name.equals("ssl2")) {
+ if (value.equals("true")) {
+ SSLSocket.enableSSL2Default(true);
+ setSSLCiphers("ssl2Ciphers");
+ } else {
+ SSLSocket.enableSSL2Default(false);
+ }
+ }
+ if (name.equals("ssl3")) {
+ if (value.equals("true")) {
+ SSLSocket.enableSSL3Default(true);
+ setSSLCiphers("ssl3Ciphers");
+ } else {
+ SSLSocket.enableSSL3Default(false);
+ }
+ }
+ if (name.equals("tls")) {
+ if (value.equals("true")) {
+ SSLSocket.enableTLSDefault(true);
+ setSSLCiphers("tlsCiphers");
+ } else {
+ SSLSocket.enableTLSDefault(false);
+ }
+ }
}
- }
}
// remove all to start with a clean slate
- public void unsetSSLCiphers() throws SocketException
- {
+ public void unsetSSLCiphers() throws SocketException {
int ciphers[] = SSLSocket.getImplementedCipherSuites();
try {
- for (int i = 0; ciphers != null && i < ciphers.length; i++) {
+ for (int i = 0; ciphers != null && i < ciphers.length; i++) {
- debugWrite("JSSSocketFactory unsetSSLCiphers - turning off '0x"+
- Integer.toHexString(ciphers[i]) + "'\n");
- SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
- }
+ debugWrite("JSSSocketFactory unsetSSLCiphers - turning off '0x"
+ + Integer.toHexString(ciphers[i]) + "'\n");
+ SSLSocket.setCipherPreferenceDefault(ciphers[i], false);
+ }
} catch (Exception e) {
}
}
-
/*
- * setSSLVersionRangeDefault sets the range of allowed ssl versions.
- * This replaces the obsolete SSL_Option* API
+ * setSSLVersionRangeDefault sets the range of allowed ssl versions. This
+ * replaces the obsolete SSL_Option* API
+ *
+ * @param protoVariant indicates whether this setting is for type "stream"
+ * or "datagram"
*
- * @param protoVariant indicates whether this setting is for
- type "stream" or "datagram"
- * @param sslVersionRange_s takes on the form of "min:max" where
- * min/max values can be "ssl3, tls1_0, tls1_1, or tls1_2"
- * ssl2 is not supported for tomcatjss via this interface
- * The format is "sslVersionRange=min:max"
+ * @param sslVersionRange_s takes on the form of "min:max" where min/max
+ * values can be "ssl3, tls1_0, tls1_1, or tls1_2" ssl2 is not supported for
+ * tomcatjss via this interface The format is "sslVersionRange=min:max"
*/
public void setSSLVersionRangeDefault(
org.mozilla.jss.ssl.SSLSocket.SSLProtocolVariant protoVariant,
- String sslVersionRange_s)
- throws SocketException, IllegalArgumentException, IOException {
+ String sslVersionRange_s) throws SocketException,
+ IllegalArgumentException, IOException {
// process sslVersionRange_s
- String[] sslVersionRange = sslVersionRange_s.split(":");
+ String[] sslVersionRange = sslVersionRange_s.split(":");
if (sslVersionRange.length != 2) {
- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: " + sslVersionRange_s +"\n");
- throw new SocketException("tomcatjss: setSSLversionRangeDefault format error");
+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: "
+ + sslVersionRange_s + "\n");
+ throw new SocketException(
+ "tomcatjss: setSSLversionRangeDefault format error");
}
String min_s = sslVersionRange[0];
String max_s = sslVersionRange[1];
int min = getSSLVersionRangeEnum(min_s);
int max = getSSLVersionRangeEnum(max_s);
- if ((min == -1) || (max== -1)) {
- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: " + sslVersionRange_s +"\n");
- throw new SocketException("tomcatjss: setSSLversionRangeDefault format error");
+ if ((min == -1) || (max == -1)) {
+ debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range format error: "
+ + sslVersionRange_s + "\n");
+ throw new SocketException(
+ "tomcatjss: setSSLversionRangeDefault format error");
}
- debugWrite("JSSSocketFactory setSSLversionRangeDefault- SSL Version Range set to min=" + min + " max = " + max +"\n");
- org.mozilla.jss.ssl.SSLSocket.SSLVersionRange range =
More information about the Pkg-freeipa-devel
mailing list