diff options
Diffstat (limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOASSLAlgorithmConstraints.java')
-rw-r--r-- | id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOASSLAlgorithmConstraints.java | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOASSLAlgorithmConstraints.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOASSLAlgorithmConstraints.java new file mode 100644 index 000000000..8f367598d --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOASSLAlgorithmConstraints.java @@ -0,0 +1,175 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.utils.ssl; + +import java.security.AlgorithmConstraints; +import java.security.AlgorithmParameters; +import java.security.CryptoPrimitive; +import java.security.Key; +import java.util.Set; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLSocket; + +/** + * @author tlenz + * + */ +public class MOASSLAlgorithmConstraints implements AlgorithmConstraints { + + private AlgorithmConstraints userAlgConstraints = null; + private AlgorithmConstraints peerAlgConstraints = null; + + private boolean enabledX509DisabledAlgConstraints = true; + + + static final AlgorithmConstraints DEFAULT = new MOASSLAlgorithmConstraints(null); + + + public MOASSLAlgorithmConstraints() + { + + } + + + static final AlgorithmConstraints DEFAULT_SSL_ONLY = new MOASSLAlgorithmConstraints((SSLSocket)null, false); + + MOASSLAlgorithmConstraints(AlgorithmConstraints paramAlgorithmConstraints) + { + this.userAlgConstraints = paramAlgorithmConstraints; + + } + + + MOASSLAlgorithmConstraints(SSLSocket paramSSLSocket, boolean paramBoolean) + { + if (paramSSLSocket != null) { + this.userAlgConstraints = paramSSLSocket.getSSLParameters().getAlgorithmConstraints(); + + } + + if (!(paramBoolean)) + this.enabledX509DisabledAlgConstraints = false; + } + + + MOASSLAlgorithmConstraints(SSLEngine paramSSLEngine, boolean paramBoolean) + { + if (paramSSLEngine != null) { + this.userAlgConstraints = paramSSLEngine.getSSLParameters().getAlgorithmConstraints(); + + } + + if (!(paramBoolean)) + this.enabledX509DisabledAlgConstraints = false; + } + + MOASSLAlgorithmConstraints(SSLSocket paramSSLSocket, String[] paramArrayOfString, boolean paramBoolean) + { + if (paramSSLSocket != null) { + this.userAlgConstraints = paramSSLSocket.getSSLParameters().getAlgorithmConstraints(); + + //this.peerAlgConstraints = new SupportedSignatureAlgorithmConstraints(paramArrayOfString); + + } + + if (!(paramBoolean)) + this.enabledX509DisabledAlgConstraints = false; + } + + +// MOASSLAlgorithmConstraints(SSLEngine paramSSLEngine, String[] paramArrayOfString, boolean paramBoolean) +// { +// if (paramSSLEngine != null) { +// this.userAlgConstraints = paramSSLEngine.getSSLParameters().getAlgorithmConstraints(); +// +// this.peerAlgConstraints = new SupportedSignatureAlgorithmConstraints(paramArrayOfString); +// +// } +// +// if (!(paramBoolean)) +// this.enabledX509DisabledAlgConstraints = false; +// } + + + /* (non-Javadoc) + * @see java.security.AlgorithmConstraints#permits(java.util.Set, java.lang.String, java.security.AlgorithmParameters) + */ + @Override + public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) { + boolean bool = true; + + if (this.peerAlgConstraints != null) { + bool = this.peerAlgConstraints.permits(primitives, algorithm, parameters); + + } + + if ((bool) && (this.userAlgConstraints != null)) { + bool = this.userAlgConstraints.permits(primitives, algorithm, parameters); + + } + + return bool; + + } + + /* (non-Javadoc) + * @see java.security.AlgorithmConstraints#permits(java.util.Set, java.security.Key) + */ + @Override + public boolean permits(Set<CryptoPrimitive> primitives, Key key) { + boolean bool = true; + + if (this.peerAlgConstraints != null) { + bool = this.peerAlgConstraints.permits(primitives, key); + } + + if ((bool) && (this.userAlgConstraints != null)) { + bool = this.userAlgConstraints.permits(primitives, key); + } + + return bool; + + } + + /* (non-Javadoc) + * @see java.security.AlgorithmConstraints#permits(java.util.Set, java.lang.String, java.security.Key, java.security.AlgorithmParameters) + */ + @Override + public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) { + boolean bool = true; + + if (this.peerAlgConstraints != null) { + bool = this.peerAlgConstraints.permits(primitives, algorithm, key, parameters); + + } + + if ((bool) && (this.userAlgConstraints != null)) { + bool = this.userAlgConstraints.permits(primitives, algorithm, key, parameters); + + } + + return bool; + } + +} |