/**
* Return an array of merged ciphers.
*
* @param enableCiphers ciphers enabled by socket factory
* @param ssl3TlsCiphers
* @param ssl2Ciphers
*/
private String[] mergeCiphers(
String[] enableCiphers, String[] ssl3TlsCiphers, String[] ssl2Ciphers) {
if (ssl3TlsCiphers == null && ssl2Ciphers == null) {
return null;
}
int eSize = (enableCiphers != null) ? enableCiphers.length : 0;
if (_logger.isLoggable(Level.FINE)) {
StringBuffer buf = new StringBuffer("Default socket ciphers: ");
for (int i = 0; i < eSize; i++) {
buf.append(enableCiphers[i] + ", ");
}
_logger.log(Level.FINE, buf.toString());
}
ArrayList cList = new ArrayList();
if (ssl3TlsCiphers != null) {
for (int i = 0; i < ssl3TlsCiphers.length; i++) {
cList.add(ssl3TlsCiphers[i]);
}
} else {
for (int i = 0; i < eSize; i++) {
String cipher = enableCiphers[i];
CipherInfo cInfo = CipherInfo.getCipherInfo(cipher);
if (cInfo != null && (cInfo.isTLS() || cInfo.isSSL3())) {
cList.add(cipher);
}
}
}
if (ssl2Ciphers != null) {
for (int i = 0; i < ssl2Ciphers.length; i++) {
cList.add(ssl2Ciphers[i]);
}
} else {
for (int i = 0; i < eSize; i++) {
String cipher = enableCiphers[i];
CipherInfo cInfo = CipherInfo.getCipherInfo(cipher);
if (cInfo != null && cInfo.isSSL2()) {
cList.add(cipher);
}
}
}
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Merged socket ciphers: " + cList);
}
return (String[]) cList.toArray(new String[cList.size()]);
}
/**
* This API return an array of String listing the enabled cipher suites. Input is the
* cipherSuiteStr from xml which a space separated list ciphers with a prefix '+' indicating
* enabled, '-' indicating disabled. If no cipher is enabled, then it returns an empty array. If
* no cipher is specified, then all are enabled and it returns null.
*
* @param cipherSuiteStr cipherSuiteStr from xml
* @param ssl2Enabled
* @param ssl3Enabled
* @param tlsEnabled
* @return an array of enabled Ciphers
*/
private String[] getEnabledCipherSuites(
String cipherSuiteStr, boolean ssl2Enabled, boolean ssl3Enabled, boolean tlsEnabled) {
String[] cipherArr = null;
if (cipherSuiteStr != null && cipherSuiteStr.length() > 0) {
ArrayList cipherList = new ArrayList();
StringTokenizer tokens = new StringTokenizer(cipherSuiteStr, ",");
while (tokens.hasMoreTokens()) {
String cipherAction = tokens.nextToken();
if (cipherAction.startsWith("+")) {
String cipher = cipherAction.substring(1);
CipherInfo cipherInfo = CipherInfo.getCipherInfo(cipher);
if (cipherInfo != null
&& isValidProtocolCipher(cipherInfo, ssl2Enabled, ssl3Enabled, tlsEnabled)) {
cipherList.add(cipherInfo.getCipherName());
} else {
throw new IllegalStateException(
getFormatMessage("iiop.unknown_cipher", new Object[] {cipher}));
}
} else if (cipherAction.startsWith("-")) {
String cipher = cipherAction.substring(1);
CipherInfo cipherInfo = CipherInfo.getCipherInfo(cipher);
if (cipherInfo == null
|| !isValidProtocolCipher(cipherInfo, ssl2Enabled, ssl3Enabled, tlsEnabled)) {
throw new IllegalStateException(
getFormatMessage("iiop.unknown_cipher", new Object[] {cipher}));
}
} else if (cipherAction.trim().length() > 0) {
throw new IllegalStateException(
getFormatMessage("iiop.invalid_cipheraction", new Object[] {cipherAction}));
}
}
cipherArr = (String[]) cipherList.toArray(new String[cipherList.size()]);
}
return cipherArr;
}
/**
* Check whether given cipherInfo belongs to given protocol.
*
* @param cipherInfo
* @param ssl2Enabled
* @param ssl3Enabled
* @param tlsEnabled
*/
private boolean isValidProtocolCipher(
CipherInfo cipherInfo, boolean ssl2Enabled, boolean ssl3Enabled, boolean tlsEnabled) {
return (tlsEnabled && cipherInfo.isTLS()
|| ssl3Enabled && cipherInfo.isSSL3()
|| ssl2Enabled && cipherInfo.isSSL2());
}
