@Override public boolean permits(Set<CryptoPrimitive> primitives, Key key) { boolean permitted = true; if (peerAlgConstraints != null) { permitted = peerAlgConstraints.permits(primitives, key); } if (permitted && userAlgConstraints != null) { permitted = userAlgConstraints.permits(primitives, key); } if (permitted) { permitted = tlsDisabledAlgConstraints.permits(primitives, key); } if (permitted && enabledX509DisabledAlgConstraints) { permitted = x509DisabledAlgConstraints.permits(primitives, key); } return permitted; }
static SupportedEllipticCurvesExtension createExtension( AlgorithmConstraints constraints) { ArrayList<Integer> idList = new ArrayList<>(supportedCurveIds.length); for (int curveId : supportedCurveIds) { if (constraints.permits( EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), "EC", idToParams.get(curveId))) { idList.add(curveId); } } if (!idList.isEmpty()) { int[] ids = new int[idList.size()]; int i = 0; for (Integer id : idList) { ids[i++] = id; } return new SupportedEllipticCurvesExtension(ids); } return null; }
private boolean checkConstraints(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) { // check the key parameter, it cannot be null. if (key == null) { throw new IllegalArgumentException("The key cannot be null"); } // check the signature algorithm if (algorithm != null && algorithm.length() != 0) { if (!permits(primitives, algorithm, parameters)) { return false; } } // check the key algorithm if (!permits(primitives, key.getAlgorithm(), null)) { return false; } // check the key constraints return algorithmConstraints.permits(key); }
private void checkConstraints(Set<CryptoPrimitive> primitives, CertConstraintParameters cp) throws CertPathValidatorException { X509Certificate cert = cp.getCertificate(); String algorithm = cert.getSigAlgName(); // Check signature algorithm is not disabled if (!permits(primitives, algorithm, null)) { throw new CertPathValidatorException( "Algorithm constraints check failed on disabled "+ "signature algorithm: " + algorithm, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED); } // Check key algorithm is not disabled if (!permits(primitives, cert.getPublicKey().getAlgorithm(), null)) { throw new CertPathValidatorException( "Algorithm constraints check failed on disabled "+ "public key algorithm: " + algorithm, null, null, -1, BasicReason.ALGORITHM_CONSTRAINED); } // Check the certificate and key constraints algorithmConstraints.permits(cp); }
NamedGroup getPreferredGroup( AlgorithmConstraints constraints, NamedGroupType type) { for (int groupId : requestedNamedGroupIds) { NamedGroup namedGroup = NamedGroup.valueOf(groupId); if ((namedGroup != null) && (namedGroup.type == type) && SupportedGroupsExtension.supports(namedGroup) && constraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), namedGroup.algorithm, namedGroupParams.get(namedGroup))) { return namedGroup; } } return null; }
private boolean checkConstraints(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) { // check the key parameter, it cannot be null. if (key == null) { throw new IllegalArgumentException("The key cannot be null"); } // check the signature algorithm with parameters if (algorithm != null && algorithm.length() != 0) { if (!permits(primitives, algorithm, parameters)) { return false; } } // check the key algorithm if (!permits(primitives, key.getAlgorithm(), null)) { return false; } // check the key constraints return algorithmConstraints.permits(key); }
public boolean permits(Set<CryptoPrimitive> primitives, Key key) { boolean permitted = true; if (peerAlgConstraints != null) { permitted = peerAlgConstraints.permits(primitives, key); } if (permitted && userAlgConstraints != null) { permitted = userAlgConstraints.permits(primitives, key); } if (permitted) { permitted = tlsDisabledAlgConstraints.permits(primitives, key); } if (permitted && enabledX509DisabledAlgConstraints) { permitted = x509DisabledAlgConstraints.permits(primitives, key); } return permitted; }
@Override public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) { boolean permitted = true; if (peerAlgConstraints != null) { permitted = peerAlgConstraints.permits( primitives, algorithm, parameters); } if (permitted && userAlgConstraints != null) { permitted = userAlgConstraints.permits( primitives, algorithm, parameters); } if (permitted) { permitted = tlsDisabledAlgConstraints.permits( primitives, algorithm, parameters); } if (permitted && enabledX509DisabledAlgConstraints) { permitted = x509DisabledAlgConstraints.permits( primitives, algorithm, parameters); } return permitted; }
@Override public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) { boolean permitted = true; if (peerAlgConstraints != null) { permitted = peerAlgConstraints.permits( primitives, algorithm, key, parameters); } if (permitted && userAlgConstraints != null) { permitted = userAlgConstraints.permits( primitives, algorithm, key, parameters); } if (permitted) { permitted = tlsDisabledAlgConstraints.permits( primitives, algorithm, key, parameters); } if (permitted && enabledX509DisabledAlgConstraints) { permitted = x509DisabledAlgConstraints.permits( primitives, algorithm, key, parameters); } return permitted; }
@Override public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) { if (algorithm == null || algorithm.length() == 0) { throw new IllegalArgumentException( "No algorithm name specified"); } if (primitives == null || primitives.isEmpty()) { throw new IllegalArgumentException( "No cryptographic primitive specified"); } if (supportedAlgorithms == null || supportedAlgorithms.length == 0) { return false; } // trim the MGF part: <digest>with<encryption>and<mgf> int position = algorithm.indexOf("and"); if (position > 0) { algorithm = algorithm.substring(0, position); } for (String supportedAlgorithm : supportedAlgorithms) { if (algorithm.equalsIgnoreCase(supportedAlgorithm)) { return true; } } return false; }
@Override final public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) { if (algorithm == null || algorithm.length() == 0) { throw new IllegalArgumentException( "No algorithm name specified"); } return permits(primitives, algorithm, parameters); }
@Override final public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) { if (algorithm == null || algorithm.length() == 0) { throw new IllegalArgumentException("No algorithm name specified"); } if (primitives == null || primitives.isEmpty()) { throw new IllegalArgumentException( "No cryptographic primitive specified"); } Set<String> elements = null; for (String disabled : disabledAlgorithms) { if (disabled == null || disabled.isEmpty()) { continue; } // check the full name if (disabled.equalsIgnoreCase(algorithm)) { return false; } // decompose the algorithm into sub-elements if (elements == null) { elements = decomposes(algorithm); } // check the items of the algorithm for (String element : elements) { if (disabled.equalsIgnoreCase(element)) { return false; } } } return true; }
@Override final public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) { if (algorithm == null || algorithm.length() == 0) { throw new IllegalArgumentException("No algorithm name specified"); } return checkConstraints(primitives, algorithm, key, parameters); }
private boolean checkConstraints(Set<CryptoPrimitive> primitives, String algorithm, Key key, AlgorithmParameters parameters) { // check the key parameter, it cannot be null. if (key == null) { throw new IllegalArgumentException("The key cannot be null"); } // check the target algorithm if (algorithm != null && algorithm.length() != 0) { if (!permits(primitives, algorithm, parameters)) { return false; } } // check the key algorithm if (!permits(primitives, key.getAlgorithm(), null)) { return false; } // check the key constraints if (keySizeConstraints.disables(key)) { return false; } return true; }
private static int getPreferredCurve(int[] curves, AlgorithmConstraints constraints) { for (int curveId : curves) { if (isSupported(curveId) && constraints.permits( EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), "EC", idToParams.get(curveId))) { return curveId; } } return -1; }
@Override final public boolean permits(Set<CryptoPrimitive> primitives, String algorithm, AlgorithmParameters parameters) { if (primitives == null || primitives.isEmpty()) { throw new IllegalArgumentException( "No cryptographic primitive specified"); } return checkAlgorithm(disabledAlgorithms, algorithm, decomposer); }
static NamedGroup getPreferredECGroup(AlgorithmConstraints constraints) { for (NamedGroup namedGroup : supportedNamedGroups) { if ((namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE) && constraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), namedGroup.algorithm, namedGroupParams.get(namedGroup))) { return namedGroup; } } return null; }
static boolean isActivatable( AlgorithmConstraints constraints, NamedGroupType type) { boolean hasFFDHEGroups = false; for (NamedGroup namedGroup : supportedNamedGroups) { if (namedGroup.type == type) { if (constraints.permits( EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), namedGroup.algorithm, namedGroupParams.get(namedGroup))) { return true; } if (!hasFFDHEGroups && (type == NamedGroupType.NAMED_GROUP_FFDHE)) { hasFFDHEGroups = true; } } } // For compatibility, if no FFDHE groups are defined, the non-FFDHE // compatible mode (using DHE cipher suite without FFDHE extension) // is allowed. // // Note that the constraints checking on DHE parameters will be // performed during key exchanging in a handshake. if (!hasFFDHEGroups && (type == NamedGroupType.NAMED_GROUP_FFDHE)) { return true; } return false; }