org.bouncycastle.jsse.provider.JsseUtils_8 Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bctls-lts8on Show documentation
Show all versions of bctls-lts8on Show documentation
The Bouncy Castle Java APIs for the TLS, including a JSSE provider. The APIs are designed primarily to be used in conjunction with the BC LTS provider but may also be used with other providers providing cryptographic services.
package org.bouncycastle.jsse.provider;
import java.security.cert.CertPathBuilder;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.StandardConstants;
import org.bouncycastle.jsse.BCApplicationProtocolSelector;
import org.bouncycastle.jsse.BCSNIHostName;
import org.bouncycastle.jsse.BCSNIMatcher;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.BCStandardConstants;
abstract class JsseUtils_8
extends JsseUtils_7
{
static class ExportAPSelector implements BiFunction, String>
{
private final BCApplicationProtocolSelector selector;
ExportAPSelector(BCApplicationProtocolSelector selector)
{
this.selector = selector;
}
@Override
public String apply(T t, List u)
{
return selector.select(t, u);
}
BCApplicationProtocolSelector unwrap()
{
return selector;
}
}
static class ExportSNIMatcher extends SNIMatcher
{
private final BCSNIMatcher matcher;
ExportSNIMatcher(BCSNIMatcher matcher)
{
super(matcher.getType());
this.matcher = matcher;
}
@Override
public boolean matches(SNIServerName serverName)
{
return matcher.matches(importSNIServerName(serverName));
}
BCSNIMatcher unwrap()
{
return matcher;
}
}
static class ImportAPSelector implements BCApplicationProtocolSelector
{
private final BiFunction, String> selector;
ImportAPSelector(BiFunction, String> selector)
{
this.selector = selector;
}
@Override
public String select(T transport, List protocols)
{
return selector.apply(transport, protocols);
}
BiFunction, String> unwrap()
{
return selector;
}
}
static class ImportSNIMatcher extends BCSNIMatcher
{
private final SNIMatcher matcher;
ImportSNIMatcher(SNIMatcher matcher)
{
super(matcher.getType());
this.matcher = matcher;
}
@Override
public boolean matches(BCSNIServerName serverName)
{
return matcher.matches(exportSNIServerName(serverName));
}
SNIMatcher unwrap()
{
return matcher;
}
}
static class UnknownServerName extends SNIServerName
{
UnknownServerName(int type, byte[] encoded)
{
super(type, encoded);
}
}
static void addStatusResponses(CertPathBuilder pkixBuilder, PKIXBuilderParameters pkixParameters,
Map statusResponseMap)
{
if (statusResponseMap.isEmpty())
{
return;
}
List certPathCheckers = pkixParameters.getCertPathCheckers();
PKIXRevocationChecker existingChecker = getFirstRevocationChecker(certPathCheckers);
if (null != existingChecker)
{
// NOTE: Existing checker will be used irrespective of pkixParameters.isRevocationEnabled
Map ocspResponses = existingChecker.getOcspResponses();
if (putAnyAbsent(ocspResponses, statusResponseMap) > 0)
{
existingChecker.setOcspResponses(ocspResponses);
pkixParameters.setCertPathCheckers(certPathCheckers);
}
}
else
{
if (pkixParameters.isRevocationEnabled())
{
PKIXRevocationChecker checker = (PKIXRevocationChecker)pkixBuilder.getRevocationChecker();
checker.setOcspResponses(statusResponseMap);
pkixParameters.addCertPathChecker(checker);
}
}
}
static BiFunction, String> exportAPSelector(BCApplicationProtocolSelector selector)
{
if (null == selector)
{
return null;
}
if (selector instanceof ImportAPSelector)
{
return ((ImportAPSelector)selector).unwrap();
}
return new ExportAPSelector(selector);
}
static SNIMatcher exportSNIMatcher(BCSNIMatcher matcher)
{
if (null == matcher)
{
return null;
}
if (matcher instanceof ImportSNIMatcher)
{
return ((ImportSNIMatcher)matcher).unwrap();
}
return new ExportSNIMatcher(matcher);
}
static List exportSNIMatchers(Collection matchers)
{
if (null == matchers || matchers.isEmpty())
{
return Collections.emptyList();
}
ArrayList result = new ArrayList(matchers.size());
for (BCSNIMatcher matcher : matchers)
{
result.add(exportSNIMatcher(matcher));
}
return Collections.unmodifiableList(result);
}
/*
* NOTE: Return type is Object to isolate callers from JDK 8 type
*/
static Object exportSNIMatchersDynamic(Collection matchers)
{
return exportSNIMatchers(matchers);
}
static SNIServerName exportSNIServerName(BCSNIServerName serverName)
{
if (null == serverName)
{
return null;
}
int type = serverName.getType();
byte[] encoded = serverName.getEncoded();
switch (type)
{
case BCStandardConstants.SNI_HOST_NAME:
return new SNIHostName(encoded);
default:
return new UnknownServerName(type, encoded);
}
}
static List exportSNIServerNames(Collection serverNames)
{
if (null == serverNames || serverNames.isEmpty())
{
return Collections.emptyList();
}
ArrayList result = new ArrayList(serverNames.size());
for (BCSNIServerName serverName : serverNames)
{
result.add(exportSNIServerName(serverName));
}
return Collections.unmodifiableList(result);
}
/*
* NOTE: Return type is Object to isolate callers from JDK 8 type
*/
static Object exportSNIServerNamesDynamic(Collection serverNames)
{
return exportSNIServerNames(serverNames);
}
static PKIXRevocationChecker getFirstRevocationChecker(List certPathCheckers)
{
for (PKIXCertPathChecker certPathChecker : certPathCheckers)
{
if (certPathChecker instanceof PKIXRevocationChecker)
{
return (PKIXRevocationChecker)certPathChecker;
}
}
return null;
}
static BCApplicationProtocolSelector importAPSelector(BiFunction, String> selector)
{
if (null == selector)
{
return null;
}
if (selector instanceof ExportAPSelector)
{
return ((ExportAPSelector)selector).unwrap();
}
return new ImportAPSelector(selector);
}
static BCSNIMatcher importSNIMatcher(SNIMatcher matcher)
{
if (null == matcher)
{
return null;
}
if (matcher instanceof ExportSNIMatcher)
{
return ((ExportSNIMatcher)matcher).unwrap();
}
return new ImportSNIMatcher(matcher);
}
static List importSNIMatchers(Collection matchers)
{
if (null == matchers || matchers.isEmpty())
{
return Collections.emptyList();
}
ArrayList result = new ArrayList(matchers.size());
for (SNIMatcher matcher : matchers)
{
result.add(importSNIMatcher(matcher));
}
return Collections.unmodifiableList(result);
}
/*
* NOTE: Argument type is Object to isolate callers from JDK 8 type
*/
@SuppressWarnings("unchecked")
static List importSNIMatchersDynamic(Object matchers)
{
return importSNIMatchers((Collection)matchers);
}
static BCSNIServerName importSNIServerName(SNIServerName serverName)
{
if (null == serverName)
{
return null;
}
int type = serverName.getType();
byte[] encoded = serverName.getEncoded();
switch (type)
{
case StandardConstants.SNI_HOST_NAME:
return new BCSNIHostName(encoded);
default:
return new BCUnknownServerName(type, encoded);
}
}
static List importSNIServerNames(Collection serverNames)
{
if (null == serverNames || serverNames.isEmpty())
{
return Collections.emptyList();
}
ArrayList result = new ArrayList(serverNames.size());
for (SNIServerName serverName : serverNames)
{
result.add(importSNIServerName(serverName));
}
return Collections.unmodifiableList(result);
}
/*
* NOTE: Argument type is Object to isolate callers from JDK 8 type
*/
@SuppressWarnings("unchecked")
static List importSNIServerNamesDynamic(Object serverNames)
{
return importSNIServerNames((Collection)serverNames);
}
static int putAnyAbsent(Map to, Map from)
{
int count = 0;
for (Map.Entry entry : from.entrySet())
{
if (null == to.putIfAbsent(entry.getKey(), entry.getValue()))
{
++count;
}
}
return count;
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy