1 /* 2 * Copyright (c) 2015, 2016 Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.util; 27 28 import java.security.AccessController; 29 import java.security.AlgorithmConstraints; 30 import java.security.PrivilegedAction; 31 import java.security.Security; 32 import java.util.Set; 33 34 /** 35 * The class contains common functionality for algorithm constraints classes. 36 */ 37 public abstract class AbstractAlgorithmConstraints 38 implements AlgorithmConstraints { 39 40 protected final AlgorithmDecomposer decomposer; 41 AbstractAlgorithmConstraints(AlgorithmDecomposer decomposer)42 protected AbstractAlgorithmConstraints(AlgorithmDecomposer decomposer) { 43 this.decomposer = decomposer; 44 } 45 46 // Get algorithm constraints from the specified security property. getAlgorithms(String propertyName)47 static String[] getAlgorithms(String propertyName) { 48 String property = AccessController.doPrivileged( 49 new PrivilegedAction<String>() { 50 @Override 51 public String run() { 52 return Security.getProperty(propertyName); 53 } 54 }); 55 56 57 String[] algorithmsInProperty = null; 58 if (property != null && !property.isEmpty()) { 59 // remove double quote marks from beginning/end of the property 60 if (property.length() >= 2 && property.charAt(0) == '"' && 61 property.charAt(property.length() - 1) == '"') { 62 property = property.substring(1, property.length() - 1); 63 } 64 algorithmsInProperty = property.split(","); 65 for (int i = 0; i < algorithmsInProperty.length; i++) { 66 algorithmsInProperty[i] = algorithmsInProperty[i].trim(); 67 } 68 } 69 70 // map the disabled algorithms 71 if (algorithmsInProperty == null) { 72 algorithmsInProperty = new String[0]; 73 } 74 return algorithmsInProperty; 75 } 76 checkAlgorithm(String[] algorithms, String algorithm, AlgorithmDecomposer decomposer)77 static boolean checkAlgorithm(String[] algorithms, String algorithm, 78 AlgorithmDecomposer decomposer) { 79 if (algorithm == null || algorithm.length() == 0) { 80 throw new IllegalArgumentException("No algorithm name specified"); 81 } 82 83 Set<String> elements = null; 84 for (String item : algorithms) { 85 if (item == null || item.isEmpty()) { 86 continue; 87 } 88 89 // check the full name 90 if (item.equalsIgnoreCase(algorithm)) { 91 return false; 92 } 93 94 // decompose the algorithm into sub-elements 95 if (elements == null) { 96 elements = decomposer.decompose(algorithm); 97 } 98 99 // check the items of the algorithm 100 for (String element : elements) { 101 if (item.equalsIgnoreCase(element)) { 102 return false; 103 } 104 } 105 } 106 107 return true; 108 } 109 110 } 111