All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.jsse.provider.JsseUtils_8 Maven / Gradle / Ivy

Go to download

The Bouncy Castle Java APIs for the TLS, including a JSSE provider. The APIs are designed primarily to be used in conjunction with the BC LTS provider but may also be used with other providers providing cryptographic services.

There is a newer version: 2.73.7
Show newest version
package org.bouncycastle.jsse.provider;

import java.security.cert.CertPathBuilder;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;

import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.StandardConstants;

import org.bouncycastle.jsse.BCApplicationProtocolSelector;
import org.bouncycastle.jsse.BCSNIHostName;
import org.bouncycastle.jsse.BCSNIMatcher;
import org.bouncycastle.jsse.BCSNIServerName;
import org.bouncycastle.jsse.BCStandardConstants;

abstract class JsseUtils_8
    extends JsseUtils_7
{
    static class ExportAPSelector implements BiFunction, String>
    {
        private final BCApplicationProtocolSelector selector;

        ExportAPSelector(BCApplicationProtocolSelector selector)
        {
            this.selector = selector;
        }

        @Override
        public String apply(T t, List u)
        {
            return selector.select(t, u);
        }

        BCApplicationProtocolSelector unwrap()
        {
            return selector;
        }
    }

    static class ExportSNIMatcher extends SNIMatcher
    {
        private final BCSNIMatcher matcher;

        ExportSNIMatcher(BCSNIMatcher matcher)
        {
            super(matcher.getType());

            this.matcher = matcher;
        }

        @Override
        public boolean matches(SNIServerName serverName)
        {
            return matcher.matches(importSNIServerName(serverName));
        }

        BCSNIMatcher unwrap()
        {
            return matcher;
        }
    }

    static class ImportAPSelector implements BCApplicationProtocolSelector
    {
        private final BiFunction, String> selector;

        ImportAPSelector(BiFunction, String> selector)
        {
            this.selector = selector;
        }

        @Override
        public String select(T transport, List protocols)
        {
            return selector.apply(transport, protocols);
        }

        BiFunction, String> unwrap()
        {
            return selector;
        }
    }

    static class ImportSNIMatcher extends BCSNIMatcher
    {
        private final SNIMatcher matcher;

        ImportSNIMatcher(SNIMatcher matcher)
        {
            super(matcher.getType());

            this.matcher = matcher;
        }

        @Override
        public boolean matches(BCSNIServerName serverName)
        {
            return matcher.matches(exportSNIServerName(serverName));
        }

        SNIMatcher unwrap()
        {
            return matcher;
        }
    }

    static class UnknownServerName extends SNIServerName
    {
        UnknownServerName(int type, byte[] encoded)
        {
            super(type, encoded);
        }
    }

    static void addStatusResponses(CertPathBuilder pkixBuilder, PKIXBuilderParameters pkixParameters,
        Map statusResponseMap)
    {
        if (statusResponseMap.isEmpty())
        {
            return;
        }

        List certPathCheckers = pkixParameters.getCertPathCheckers();
        PKIXRevocationChecker existingChecker = getFirstRevocationChecker(certPathCheckers);

        if (null != existingChecker)
        {
            // NOTE: Existing checker will be used irrespective of pkixParameters.isRevocationEnabled
            Map ocspResponses = existingChecker.getOcspResponses();
            if (putAnyAbsent(ocspResponses, statusResponseMap) > 0)
            {
                existingChecker.setOcspResponses(ocspResponses);
                pkixParameters.setCertPathCheckers(certPathCheckers);
            }
        }
        else
        {
            if (pkixParameters.isRevocationEnabled())
            {
                PKIXRevocationChecker checker = (PKIXRevocationChecker)pkixBuilder.getRevocationChecker();
                checker.setOcspResponses(statusResponseMap);
                pkixParameters.addCertPathChecker(checker);
            }
        }
    }

    static  BiFunction, String> exportAPSelector(BCApplicationProtocolSelector selector)
    {
        if (null == selector)
        {
            return null;
        }

        if (selector instanceof ImportAPSelector)
        {
            return ((ImportAPSelector)selector).unwrap();
        }

        return new ExportAPSelector(selector);
    }

    static SNIMatcher exportSNIMatcher(BCSNIMatcher matcher)
    {
        if (null == matcher)
        {
            return null;
        }

        if (matcher instanceof ImportSNIMatcher)
        {
            return ((ImportSNIMatcher)matcher).unwrap();
        }

        return new ExportSNIMatcher(matcher);
    }

    static List exportSNIMatchers(Collection matchers)
    {
        if (null == matchers || matchers.isEmpty())
        {
            return Collections.emptyList();
        }

        ArrayList result = new ArrayList(matchers.size());
        for (BCSNIMatcher matcher : matchers)
        {
            result.add(exportSNIMatcher(matcher));
        }
        return Collections.unmodifiableList(result);
    }

    /*
     * NOTE: Return type is Object to isolate callers from JDK 8 type
     */
    static Object exportSNIMatchersDynamic(Collection matchers)
    {
        return exportSNIMatchers(matchers);
    }

    static SNIServerName exportSNIServerName(BCSNIServerName serverName)
    {
        if (null == serverName)
        {
            return null;
        }

        int type = serverName.getType();
        byte[] encoded = serverName.getEncoded();

        switch (type)
        {
        case BCStandardConstants.SNI_HOST_NAME:
            return new SNIHostName(encoded);
        default:
            return new UnknownServerName(type, encoded);
        }
    }

    static List exportSNIServerNames(Collection serverNames)
    {
        if (null == serverNames || serverNames.isEmpty())
        {
            return Collections.emptyList();
        }

        ArrayList result = new ArrayList(serverNames.size());
        for (BCSNIServerName serverName : serverNames)
        {
            result.add(exportSNIServerName(serverName));
        }
        return Collections.unmodifiableList(result);
    }

    /*
     * NOTE: Return type is Object to isolate callers from JDK 8 type
     */
    static Object exportSNIServerNamesDynamic(Collection serverNames)
    {
        return exportSNIServerNames(serverNames);
    }

    static PKIXRevocationChecker getFirstRevocationChecker(List certPathCheckers)
    {
        for (PKIXCertPathChecker certPathChecker : certPathCheckers)
        {
            if (certPathChecker instanceof PKIXRevocationChecker)
            {
                return (PKIXRevocationChecker)certPathChecker;
            }
        }
        return null;
    }

    static  BCApplicationProtocolSelector importAPSelector(BiFunction, String> selector)
    {
        if (null == selector)
        {
            return null;
        }

        if (selector instanceof ExportAPSelector)
        {
            return ((ExportAPSelector)selector).unwrap();
        }

        return new ImportAPSelector(selector);
    }

    static BCSNIMatcher importSNIMatcher(SNIMatcher matcher)
    {
        if (null == matcher)
        {
            return null;
        }

        if (matcher instanceof ExportSNIMatcher)
        {
            return ((ExportSNIMatcher)matcher).unwrap();
        }

        return new ImportSNIMatcher(matcher);
    }

    static List importSNIMatchers(Collection matchers)
    {
        if (null == matchers || matchers.isEmpty())
        {
            return Collections.emptyList();
        }

        ArrayList result = new ArrayList(matchers.size());
        for (SNIMatcher matcher : matchers)
        {
            result.add(importSNIMatcher(matcher));
        }
        return Collections.unmodifiableList(result);
    }

    /*
     * NOTE: Argument type is Object to isolate callers from JDK 8 type
     */
    @SuppressWarnings("unchecked")
    static List importSNIMatchersDynamic(Object matchers)
    {
        return importSNIMatchers((Collection)matchers);
    }

    static BCSNIServerName importSNIServerName(SNIServerName serverName)
    {
        if (null == serverName)
        {
            return null;
        }

        int type = serverName.getType();
        byte[] encoded = serverName.getEncoded();

        switch (type)
        {
        case StandardConstants.SNI_HOST_NAME:
            return new BCSNIHostName(encoded);
        default:
            return new BCUnknownServerName(type, encoded);
        }
    }

    static List importSNIServerNames(Collection serverNames)
    {
        if (null == serverNames || serverNames.isEmpty())
        {
            return Collections.emptyList();
        }

        ArrayList result = new ArrayList(serverNames.size());
        for (SNIServerName serverName : serverNames)
        {
            result.add(importSNIServerName(serverName));
        }
        return Collections.unmodifiableList(result);
    }

    /*
     * NOTE: Argument type is Object to isolate callers from JDK 8 type
     */
    @SuppressWarnings("unchecked")
    static List importSNIServerNamesDynamic(Object serverNames)
    {
        return importSNIServerNames((Collection)serverNames);
    }

    static  int putAnyAbsent(Map to, Map from)
    {
        int count = 0;
        for (Map.Entry entry : from.entrySet())
        {
            if (null == to.putIfAbsent(entry.getKey(), entry.getValue()))
            {
                ++count;
            }
        }
        return count;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy