static CipherSuitePredicate optimize(CipherSuitePredicate predicate) { return predicate.isAlwaysFalse() ? matchFalse() : predicate.isAlwaysTrue() ? matchTrue() : predicate; }
case "HIGH": return CipherSuitePredicate.matchLevel(SecurityLevel.HIGH); case "MEDIUM": return CipherSuitePredicate.matchLevel(SecurityLevel.MEDIUM); case "LOW": return CipherSuitePredicate.matchLevel(SecurityLevel.LOW); case "EXP": // synonym case "EXPORT": return CipherSuitePredicate.matchLevel(SecurityLevel.EXP40, SecurityLevel.EXP56); case "EXPORT40": return CipherSuitePredicate.matchLevel(SecurityLevel.EXP40); case "EXPORT56": return CipherSuitePredicate.matchLevel(SecurityLevel.EXP56); case "NULL": // synonym case "eNULL": return CipherSuitePredicate.matchEncryption(Encryption.NULL); case "aNULL": return CipherSuitePredicate.matchAuthentication(Authentication.NULL); case "kRSA": return CipherSuitePredicate.matchKeyAgreement(KeyAgreement.RSA); case "aRSA": return CipherSuitePredicate.matchAuthentication(Authentication.RSA); case "RSA": return CipherSuitePredicate.matchAny(CipherSuitePredicate.matchKeyAgreement(KeyAgreement.RSA), CipherSuitePredicate.matchAuthentication(Authentication.RSA)); case "kDHr": return CipherSuitePredicate.matchKeyAgreement(KeyAgreement.DHr); case "kDHd": return CipherSuitePredicate.matchKeyAgreement(KeyAgreement.DHd); case "kDH": return CipherSuitePredicate.matchKeyExchange(KeyAgreement.DHr, KeyAgreement.DHd); case "kDHE": // synonym case "kEDH": return CipherSuitePredicate.matchKeyAgreement(KeyAgreement.DHE); case "DHE": // synonym case "EDH": return CipherSuitePredicate.matchAll(CipherSuitePredicate.matchKeyAgreement(KeyAgreement.DHE), CipherSuitePredicate.matchNot(CipherSuitePredicate.matchAuthentication(Authentication.NULL))); case "ADH": return CipherSuitePredicate.matchAnonDH(); case "DH": return CipherSuitePredicate.matchAll(CipherSuitePredicate.matchKeyExchange(KeyAgreement.DHE, KeyAgreement.DHd, KeyAgreement.DHr, KeyAgreement.ECDHe, KeyAgreement.ECDHr, KeyAgreement.ECDHE), CipherSuitePredicate.matchAuthentication(Authentication.DH, Authentication.ECDH, Authentication.NULL)); case "kECDHr": return CipherSuitePredicate.matchKeyAgreement(KeyAgreement.ECDHr); case "kECDHe": return CipherSuitePredicate.matchKeyAgreement(KeyAgreement.ECDHe); case "kECDH": return CipherSuitePredicate.matchKeyExchange(KeyAgreement.ECDHe, KeyAgreement.ECDHr); case "kEECDH": // synonym case "kECDHE": return CipherSuitePredicate.matchKeyAgreement(KeyAgreement.ECDHE); case "ECDHE": // synonym case "EECDHE": return CipherSuitePredicate.matchAll(CipherSuitePredicate.matchKeyAgreement(KeyAgreement.ECDHE), CipherSuitePredicate.matchNot(CipherSuitePredicate.matchAuthentication(Authentication.NULL)));
/** * Return a predicate which matches any of the given encryption schemes. * * @param encryptions the encryption schemes * @return the predicate */ public static CipherSuitePredicate matchEncryption(Encryption... encryptions) { encryptions = withoutNulls(encryptions); return encryptions == null || encryptions.length == 0 ? matchFalse() : encryptions.length == Encryption.fullSize ? matchTrue() : new EncryptionCipherSuitePredicate(EnumSet.of(encryptions[0], encryptions)); }
/** * Push all cipher suites which are matched by the given predicate to the end of the enabled ciphers list. Only * cipher suites which are already enabled will be moved; no cipher suites are added by this transformation. * * @param predicate the predicate to match * @return a new selector which includes the new rule */ public CipherSuiteSelector pushToEnd(final CipherSuitePredicate predicate) { return predicate == null || predicate.isAlwaysFalse() || predicate.isAlwaysTrue() ? this : new PushToEndCipherSuiteSelector(this, predicate); }
switch (name) { case "DEFAULT": current = current.add(CipherSuitePredicate.matchOpenSslAll()) .deleteFully(CipherSuitePredicate.matchOpenSslDefaultDeletes()); break; case "COMPLEMENTOFDEFAULT": current = current.add(CipherSuitePredicate.matchAnonDH()); break; case "ALL": current = current.add(CipherSuitePredicate.matchOpenSslAll()); break; case "COMPLEMENTOFALL": current = current.add(CipherSuitePredicate.matchOpenSslComplementOfAll()); break;
/** * Return a predicate which matches any of the given protocols. * * @param protocols the protocols * @return the predicate */ public static CipherSuitePredicate matchProtocol(EnumSet<Protocol> protocols) { return protocols == null || protocols.isEmpty() ? matchFalse() : Protocol.isFull(protocols) ? matchTrue() : new ProtocolCipherSuitePredicate(protocols); }
boolean isAlwaysFalse() { for (CipherSuitePredicate predicate : predicates) { if (predicate != null && ! predicate.isAlwaysFalse()) return false; } return true; } }
/** * Return a predicate which matches any of the given authentication schemes. * * @param authentications the authentication schemes * @return the predicate */ public static CipherSuitePredicate matchAuthentication(EnumSet<Authentication> authentications) { return authentications == null || authentications.isEmpty() ? matchFalse() : Authentication.isFull(authentications) ? matchTrue() : optimize(new AuthenticationCipherSuitePredicate(true, authentications)); }
/** * Return a predicate which matches all security levels less than the given level. * * @param level the security level to compare against * @return the predicate */ public static CipherSuitePredicate matchLevelLessThan(final SecurityLevel level) { return level == null || level == SecurityLevel.NONE ? matchFalse() : new CipherSuitePredicate() { void toString(final StringBuilder b) { b.append("security level is less than ").append(level); } boolean test(final MechanismDatabase.Entry entry) { return entry.getLevel().compareTo(level) < 0; } }; }
boolean isAlwaysTrue() { for (CipherSuitePredicate predicate : predicates) { if (predicate != null && predicate.isAlwaysTrue()) return true; } return false; }
private static CipherSuitePredicate parseAndPredicate(CipherSuitePredicate item, final CodePointIterator i) { final ArrayList<CipherSuitePredicate> list = new ArrayList<>(); list.add(item); do { list.add(getSimplePredicateByName(i.delimitedBy('+', ':', ',', ' ').drainToString())); } while (i.hasNext() && i.next() == '+'); return CipherSuitePredicate.matchAll(list.toArray(new CipherSuitePredicate[list.size()])); }
/** * Return a predicate which matches any of the given digest schemes. * * @param digests the digest schemes * @return the predicate */ public static CipherSuitePredicate matchDigest(Digest... digests) { digests = withoutNulls(digests); return digests == null || digests.length == 0 ? matchFalse() : digests.length == Digest.fullSize ? matchTrue() : new DigestCipherSuitePredicate(EnumSet.of(digests[0], digests)); }
switch (name) { case "DEFAULT": current = current.add(CipherSuitePredicate.matchOpenSslAll()) .deleteFully(CipherSuitePredicate.matchOpenSslDefaultDeletes()); break; case "COMPLEMENTOFDEFAULT": current = current.add(CipherSuitePredicate.matchAnonDH()); break; case "ALL": current = current.add(CipherSuitePredicate.matchOpenSslAll()); break; case "COMPLEMENTOFALL": current = current.add(CipherSuitePredicate.matchOpenSslComplementOfAll()); break;
/** * Return a predicate which matches any of the given security levels. * * @param levels the security levels * @return the predicate */ public static CipherSuitePredicate matchLevel(EnumSet<SecurityLevel> levels) { return levels == null || levels.isEmpty() ? matchFalse() : SecurityLevel.isFull(levels) ? matchTrue() : new LevelCipherSuitePredicate(levels); }
boolean isAlwaysFalse() { for (CipherSuitePredicate predicate : predicates) { if (predicate != null && predicate.isAlwaysFalse()) return true; } return false; } }
/** * Return a predicate which matches any of the given authentication schemes. * * @param authentications the authentication schemes * @return the predicate */ public static CipherSuitePredicate matchAuthentication(EnumSet<Authentication> authentications) { return authentications == null || authentications.isEmpty() ? matchFalse() : Authentication.isFull(authentications) ? matchTrue() : optimize(new AuthenticationCipherSuitePredicate(true, authentications)); }
/** * Return a predicate which matches a cipher suite with the given name. The cipher suite name must be a * standard or OpenSSL-style mechanism name identifying a single mechanism. * * @return the predicate */ public static CipherSuitePredicate matchName(final String name) { return name == null ? matchFalse() : new CipherSuitePredicate() { void toString(final StringBuilder b) { b.append("cipher name is \"").append(name).append("\""); } boolean test(final MechanismDatabase.Entry entry) { return entry.getOpenSslNames().contains(name) || entry.getAliases().contains(name) || entry.getName().equals(name); } }; }
/** * Push all cipher suites which are matched by the given predicate to the end of the enabled ciphers list. Only * cipher suites which are already enabled will be moved; no cipher suites are added by this transformation. * * @param predicate the predicate to match * @return a new selector which includes the new rule */ public CipherSuiteSelector pushToEnd(final CipherSuitePredicate predicate) { return predicate == null || predicate.isAlwaysFalse() || predicate.isAlwaysTrue() ? this : new PushToEndCipherSuiteSelector(this, predicate); }
boolean isAlwaysTrue() { for (CipherSuitePredicate predicate : predicates) { if (predicate != null && ! predicate.isAlwaysTrue()) return false; } return true; }
private static CipherSuitePredicate parseAndPredicate(CipherSuitePredicate item, final CodePointIterator i) { final ArrayList<CipherSuitePredicate> list = new ArrayList<>(); list.add(item); do { list.add(getSimplePredicateByName(i.delimitedBy('+', ':', ',', ' ').drainToString())); } while (i.hasNext() && i.next() == '+'); return CipherSuitePredicate.matchAll(list.toArray(new CipherSuitePredicate[list.size()])); }