1 files changed, 175 insertions, 0 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOASSLAlgorithmConstraints.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOASSLAlgorithmConstraints.java
new file mode 100644
index 000000000..8f367598d
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOASSLAlgorithmConstraints.java
@@ -0,0 +1,175 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import java.security.AlgorithmConstraints;
+import java.security.AlgorithmParameters;
+import java.security.CryptoPrimitive;
+import java.security.Key;
+import java.util.Set;
+
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSocket;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOASSLAlgorithmConstraints implements AlgorithmConstraints {
+	   
+	   private AlgorithmConstraints userAlgConstraints = null;
+	   private AlgorithmConstraints peerAlgConstraints = null;
+	 
+	   private boolean enabledX509DisabledAlgConstraints = true;
+	 
+	 
+	   static final AlgorithmConstraints DEFAULT = new MOASSLAlgorithmConstraints(null);
+
+	   
+	   public MOASSLAlgorithmConstraints()
+	   {
+		   		   
+	   }
+
+	 
+	   static final AlgorithmConstraints DEFAULT_SSL_ONLY = new MOASSLAlgorithmConstraints((SSLSocket)null, false);
+
+	   MOASSLAlgorithmConstraints(AlgorithmConstraints paramAlgorithmConstraints)
+	   {
+		   this.userAlgConstraints = paramAlgorithmConstraints;
+		   		   
+	   }
+	   
+	   
+	   MOASSLAlgorithmConstraints(SSLSocket paramSSLSocket, boolean paramBoolean)
+	   {
+	     if (paramSSLSocket != null) {
+	       this.userAlgConstraints = paramSSLSocket.getSSLParameters().getAlgorithmConstraints();
+	 
+	    }
+	 
+	     if (!(paramBoolean))
+	       this.enabledX509DisabledAlgConstraints = false;
+	   }
+	 
+	 
+	   MOASSLAlgorithmConstraints(SSLEngine paramSSLEngine, boolean paramBoolean)
+	   {
+	     if (paramSSLEngine != null) {
+	       this.userAlgConstraints = paramSSLEngine.getSSLParameters().getAlgorithmConstraints();
+	 
+	     }
+	 
+	     if (!(paramBoolean))
+	       this.enabledX509DisabledAlgConstraints = false;
+	   }
+	   
+	   MOASSLAlgorithmConstraints(SSLSocket paramSSLSocket, String[] paramArrayOfString, boolean paramBoolean)
+	   {
+	     if (paramSSLSocket != null) {
+	       this.userAlgConstraints = paramSSLSocket.getSSLParameters().getAlgorithmConstraints();
+	 
+	       //this.peerAlgConstraints = new SupportedSignatureAlgorithmConstraints(paramArrayOfString);
+	 
+	     }
+	 
+	     if (!(paramBoolean))
+	       this.enabledX509DisabledAlgConstraints = false;
+	   }
+	 
+	 
+//	   MOASSLAlgorithmConstraints(SSLEngine paramSSLEngine, String[] paramArrayOfString, boolean paramBoolean)
+//	   {
+//	     if (paramSSLEngine != null) {
+//	       this.userAlgConstraints = paramSSLEngine.getSSLParameters().getAlgorithmConstraints();
+//	 
+//	       this.peerAlgConstraints = new SupportedSignatureAlgorithmConstraints(paramArrayOfString);
+//	 
+//	     }
+//	 
+//	     if (!(paramBoolean))
+//	       this.enabledX509DisabledAlgConstraints = false;
+//	   }
+	   
+	
+	/* (non-Javadoc)
+	 * @see java.security.AlgorithmConstraints#permits(java.util.Set, java.lang.String, java.security.AlgorithmParameters)
+	 */
+	@Override
+	public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) {
+         boolean bool = true;
+
+         if (this.peerAlgConstraints != null) {
+           bool = this.peerAlgConstraints.permits(primitives, algorithm, parameters);
+           
+         }
+	     
+         if ((bool) && (this.userAlgConstraints != null)) {
+           bool = this.userAlgConstraints.permits(primitives, algorithm, parameters);
+     
+         }
+	    	     
+        return bool;
+	
+	}
+
+	/* (non-Javadoc)
+	 * @see java.security.AlgorithmConstraints#permits(java.util.Set, java.security.Key)
+	 */
+	@Override
+	public boolean permits(Set<CryptoPrimitive> primitives, Key key) {
+		 boolean bool = true;
+		  
+		     if (this.peerAlgConstraints != null) {
+		       bool = this.peerAlgConstraints.permits(primitives, key);
+		     }
+		  
+		     if ((bool) && (this.userAlgConstraints != null)) {
+		       bool = this.userAlgConstraints.permits(primitives, key);
+		     }
+		     
+		     return bool;
+				
+	}
+
+	/* (non-Javadoc)
+	 * @see java.security.AlgorithmConstraints#permits(java.util.Set, java.lang.String, java.security.Key, java.security.AlgorithmParameters)
+	 */
+	@Override
+	public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) {
+		boolean bool = true;
+		 
+		     if (this.peerAlgConstraints != null) {
+		       bool = this.peerAlgConstraints.permits(primitives, algorithm, key, parameters);
+		
+		     }
+		 
+		     if ((bool) && (this.userAlgConstraints != null)) {
+		       bool = this.userAlgConstraints.permits(primitives, algorithm, key, parameters);
+		 
+		     }
+		     
+		     return bool;
+	}
+
+}