/** * Return an array of merged ciphers. * * @param enableCiphers ciphers enabled by socket factory * @param ssl3TlsCiphers * @param ssl2Ciphers */ private String[] mergeCiphers( String[] enableCiphers, String[] ssl3TlsCiphers, String[] ssl2Ciphers) { if (ssl3TlsCiphers == null && ssl2Ciphers == null) { return null; } int eSize = (enableCiphers != null) ? enableCiphers.length : 0; if (_logger.isLoggable(Level.FINE)) { StringBuffer buf = new StringBuffer("Default socket ciphers: "); for (int i = 0; i < eSize; i++) { buf.append(enableCiphers[i] + ", "); } _logger.log(Level.FINE, buf.toString()); } ArrayList cList = new ArrayList(); if (ssl3TlsCiphers != null) { for (int i = 0; i < ssl3TlsCiphers.length; i++) { cList.add(ssl3TlsCiphers[i]); } } else { for (int i = 0; i < eSize; i++) { String cipher = enableCiphers[i]; CipherInfo cInfo = CipherInfo.getCipherInfo(cipher); if (cInfo != null && (cInfo.isTLS() || cInfo.isSSL3())) { cList.add(cipher); } } } if (ssl2Ciphers != null) { for (int i = 0; i < ssl2Ciphers.length; i++) { cList.add(ssl2Ciphers[i]); } } else { for (int i = 0; i < eSize; i++) { String cipher = enableCiphers[i]; CipherInfo cInfo = CipherInfo.getCipherInfo(cipher); if (cInfo != null && cInfo.isSSL2()) { cList.add(cipher); } } } if (_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE, "Merged socket ciphers: " + cList); } return (String[]) cList.toArray(new String[cList.size()]); }
/** * This API return an array of String listing the enabled cipher suites. Input is the * cipherSuiteStr from xml which a space separated list ciphers with a prefix '+' indicating * enabled, '-' indicating disabled. If no cipher is enabled, then it returns an empty array. If * no cipher is specified, then all are enabled and it returns null. * * @param cipherSuiteStr cipherSuiteStr from xml * @param ssl2Enabled * @param ssl3Enabled * @param tlsEnabled * @return an array of enabled Ciphers */ private String[] getEnabledCipherSuites( String cipherSuiteStr, boolean ssl2Enabled, boolean ssl3Enabled, boolean tlsEnabled) { String[] cipherArr = null; if (cipherSuiteStr != null && cipherSuiteStr.length() > 0) { ArrayList cipherList = new ArrayList(); StringTokenizer tokens = new StringTokenizer(cipherSuiteStr, ","); while (tokens.hasMoreTokens()) { String cipherAction = tokens.nextToken(); if (cipherAction.startsWith("+")) { String cipher = cipherAction.substring(1); CipherInfo cipherInfo = CipherInfo.getCipherInfo(cipher); if (cipherInfo != null && isValidProtocolCipher(cipherInfo, ssl2Enabled, ssl3Enabled, tlsEnabled)) { cipherList.add(cipherInfo.getCipherName()); } else { throw new IllegalStateException( getFormatMessage("iiop.unknown_cipher", new Object[] {cipher})); } } else if (cipherAction.startsWith("-")) { String cipher = cipherAction.substring(1); CipherInfo cipherInfo = CipherInfo.getCipherInfo(cipher); if (cipherInfo == null || !isValidProtocolCipher(cipherInfo, ssl2Enabled, ssl3Enabled, tlsEnabled)) { throw new IllegalStateException( getFormatMessage("iiop.unknown_cipher", new Object[] {cipher})); } } else if (cipherAction.trim().length() > 0) { throw new IllegalStateException( getFormatMessage("iiop.invalid_cipheraction", new Object[] {cipherAction})); } } cipherArr = (String[]) cipherList.toArray(new String[cipherList.size()]); } return cipherArr; }
/** * Check whether given cipherInfo belongs to given protocol. * * @param cipherInfo * @param ssl2Enabled * @param ssl3Enabled * @param tlsEnabled */ private boolean isValidProtocolCipher( CipherInfo cipherInfo, boolean ssl2Enabled, boolean ssl3Enabled, boolean tlsEnabled) { return (tlsEnabled && cipherInfo.isTLS() || ssl3Enabled && cipherInfo.isSSL3() || ssl2Enabled && cipherInfo.isSSL2()); }