org.bouncycastle.jsse.provider.JsseUtils_8 Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bctls-fips Show documentation
Show all versions of bctls-fips Show documentation
The Bouncy Castle Java APIs for the TLS, including a JSSE provider. The APIs are designed primarily to be used in conjunction with the BC FIPS provider. The APIs may also be used with other providers although if being used in a FIPS context it is the responsibility of the user to ensure that any other providers used are FIPS certified and used appropriately.
package org.bouncycastle.jsse.provider;
import java.security.cert.CertPathBuilder;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.StandardConstants;
import org.bouncycastle.jsse.BCApplicationProtocolSelector;
import org.bouncycastle.jsse.BCSNIHostName;
import org.bouncycastle.jsse.BCSNIMatcher;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.BCStandardConstants;
abstract class JsseUtils_8
extends JsseUtils_7
{
static class ExportAPSelector implements BiFunction, String>
{
private final BCApplicationProtocolSelector selector;
ExportAPSelector(BCApplicationProtocolSelector selector)
{
this.selector = selector;
}
@Override
public String apply(T t, List u)
{
return selector.select(t, u);
}
BCApplicationProtocolSelector unwrap()
{
return selector;
}
}
static class ExportSNIMatcher extends SNIMatcher
{
private final BCSNIMatcher matcher;
ExportSNIMatcher(BCSNIMatcher matcher)
{
super(matcher.getType());
this.matcher = matcher;
}
@Override
public boolean matches(SNIServerName serverName)
{
return matcher.matches(importSNIServerName(serverName));
}
BCSNIMatcher unwrap()
{
return matcher;
}
}
static class ImportAPSelector implements BCApplicationProtocolSelector
{
private final BiFunction, String> selector;
ImportAPSelector(BiFunction, String> selector)
{
this.selector = selector;
}
@Override
public String select(T transport, List protocols)
{
return selector.apply(transport, protocols);
}
BiFunction, String> unwrap()
{
return selector;
}
}
static class ImportSNIMatcher extends BCSNIMatcher
{
private final SNIMatcher matcher;
ImportSNIMatcher(SNIMatcher matcher)
{
super(matcher.getType());
this.matcher = matcher;
}
@Override
public boolean matches(BCSNIServerName serverName)
{
return matcher.matches(exportSNIServerName(serverName));
}
SNIMatcher unwrap()
{
return matcher;
}
}
static class UnknownServerName extends SNIServerName
{
UnknownServerName(int type, byte[] encoded)
{
super(type, encoded);
}
}
static void addStatusResponses(CertPathBuilder pkixBuilder, PKIXBuilderParameters pkixParameters,
Map statusResponseMap)
{
if (statusResponseMap.isEmpty())
{
return;
}
List certPathCheckers = pkixParameters.getCertPathCheckers();
PKIXRevocationChecker existingChecker = getFirstRevocationChecker(certPathCheckers);
if (null != existingChecker)
{
// NOTE: Existing checker will be used irrespective of pkixParameters.isRevocationEnabled
Map ocspResponses = existingChecker.getOcspResponses();
if (putAnyAbsent(ocspResponses, statusResponseMap) > 0)
{
existingChecker.setOcspResponses(ocspResponses);
pkixParameters.setCertPathCheckers(certPathCheckers);
}
}
else
{
if (pkixParameters.isRevocationEnabled())
{
PKIXRevocationChecker checker = (PKIXRevocationChecker)pkixBuilder.getRevocationChecker();
checker.setOcspResponses(statusResponseMap);
pkixParameters.addCertPathChecker(checker);
}
}
}
static BiFunction, String> exportAPSelector(BCApplicationProtocolSelector selector)
{
if (null == selector)
{
return null;
}
if (selector instanceof ImportAPSelector)
{
return ((ImportAPSelector)selector).unwrap();
}
return new ExportAPSelector(selector);
}
static SNIMatcher exportSNIMatcher(BCSNIMatcher matcher)
{
if (null == matcher)
{
return null;
}
if (matcher instanceof ImportSNIMatcher)
{
return ((ImportSNIMatcher)matcher).unwrap();
}
return new ExportSNIMatcher(matcher);
}
static List exportSNIMatchers(Collection matchers)
{
if (null == matchers || matchers.isEmpty())
{
return Collections.emptyList();
}
ArrayList result = new ArrayList(matchers.size());
for (BCSNIMatcher matcher : matchers)
{
result.add(exportSNIMatcher(matcher));
}
return Collections.unmodifiableList(result);
}
/*
* NOTE: Return type is Object to isolate callers from JDK 8 type
*/
static Object exportSNIMatchersDynamic(Collection matchers)
{
return exportSNIMatchers(matchers);
}
static SNIServerName exportSNIServerName(BCSNIServerName serverName)
{
if (null == serverName)
{
return null;
}
int type = serverName.getType();
byte[] encoded = serverName.getEncoded();
switch (type)
{
case BCStandardConstants.SNI_HOST_NAME:
return new SNIHostName(encoded);
default:
return new UnknownServerName(type, encoded);
}
}
static List exportSNIServerNames(Collection serverNames)
{
if (null == serverNames || serverNames.isEmpty())
{
return Collections.emptyList();
}
ArrayList result = new ArrayList(serverNames.size());
for (BCSNIServerName serverName : serverNames)
{
result.add(exportSNIServerName(serverName));
}
return Collections.unmodifiableList(result);
}
/*
* NOTE: Return type is Object to isolate callers from JDK 8 type
*/
static Object exportSNIServerNamesDynamic(Collection serverNames)
{
return exportSNIServerNames(serverNames);
}
static PKIXRevocationChecker getFirstRevocationChecker(List certPathCheckers)
{
for (PKIXCertPathChecker certPathChecker : certPathCheckers)
{
if (certPathChecker instanceof PKIXRevocationChecker)
{
return (PKIXRevocationChecker)certPathChecker;
}
}
return null;
}
static BCApplicationProtocolSelector importAPSelector(BiFunction, String> selector)
{
if (null == selector)
{
return null;
}
if (selector instanceof ExportAPSelector)
{
return ((ExportAPSelector)selector).unwrap();
}
return new ImportAPSelector(selector);
}
static BCSNIMatcher importSNIMatcher(SNIMatcher matcher)
{
if (null == matcher)
{
return null;
}
if (matcher instanceof ExportSNIMatcher)
{
return ((ExportSNIMatcher)matcher).unwrap();
}
return new ImportSNIMatcher(matcher);
}
static List importSNIMatchers(Collection matchers)
{
if (null == matchers || matchers.isEmpty())
{
return Collections.emptyList();
}
ArrayList result = new ArrayList(matchers.size());
for (SNIMatcher matcher : matchers)
{
result.add(importSNIMatcher(matcher));
}
return Collections.unmodifiableList(result);
}
/*
* NOTE: Argument type is Object to isolate callers from JDK 8 type
*/
@SuppressWarnings("unchecked")
static List importSNIMatchersDynamic(Object matchers)
{
return importSNIMatchers((Collection)matchers);
}
static BCSNIServerName importSNIServerName(SNIServerName serverName)
{
if (null == serverName)
{
return null;
}
int type = serverName.getType();
byte[] encoded = serverName.getEncoded();
switch (type)
{
case StandardConstants.SNI_HOST_NAME:
return new BCSNIHostName(encoded);
default:
return new BCUnknownServerName(type, encoded);
}
}
static List importSNIServerNames(Collection serverNames)
{
if (null == serverNames || serverNames.isEmpty())
{
return Collections.emptyList();
}
ArrayList result = new ArrayList(serverNames.size());
for (SNIServerName serverName : serverNames)
{
result.add(importSNIServerName(serverName));
}
return Collections.unmodifiableList(result);
}
/*
* NOTE: Argument type is Object to isolate callers from JDK 8 type
*/
@SuppressWarnings("unchecked")
static List importSNIServerNamesDynamic(Object serverNames)
{
return importSNIServerNames((Collection)serverNames);
}
static int putAnyAbsent(Map to, Map from)
{
int count = 0;
for (Map.Entry entry : from.entrySet())
{
if (null == to.putIfAbsent(entry.getKey(), entry.getValue()))
{
++count;
}
}
return count;
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy