iaik.security.ssl
Class CipherSuiteList

java.lang.Object
  iaik.security.ssl.CipherSuiteList

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable

public class CipherSuiteList
extends java.lang.Object
implements java.io.Serializable, java.lang.Cloneable

This class implements a list of cipher suites to select the enabled cipher suites etc. Actually it is an ordered set and not a list, i.e. each elements can appear only once.

See Also:

Serialized Form

Field Summary

static int	L_ALL Selection constant for a list with all known cipher suites.
static int	L_DEFAULT Selection constant for a list with the default cipher suites.
static int	L_IMPLEMENTED Selection constant for a list with all implemented cipher suites.
static int	L_NONE Selection constant for an empty list.

Constructor Summary

CipherSuiteList()
Create an empty cipher suite list.

CipherSuiteList(CipherSuite suite)
Create a new cipher suite list with the specified suite as its only element.

CipherSuiteList(CipherSuite[] suites)
Create a new cipher suite list from the contents of the given array.

CipherSuiteList(CipherSuiteList suites)
Create a copy of the given cipher suite list.

CipherSuiteList(int which)
Create a new cipher suite list with the contents determined by the selection value.

CipherSuiteList(java.lang.String[] suites)
Create a new cipher suite list from an array of cipher suite names.

Method Summary

void	add(CipherSuite suite) Add a cipher suite to the end of this list.
void	add(CipherSuite[] suites) Add all cipher suite from an array to this list in order.
void	clear() Remove all elements from this list.
java.lang.Object	clone() Return a clone of this cipher suite list.
boolean	contains(CipherSuite suite) Test if the given cipher suite is an element of this list.
boolean	containsTLS13Suite() Checks if this cipher suite list contains any TLS 1.3 suite.
CipherSuite	elementAt(int i) Return the element at the given index.
java.util.Enumeration	elements() Return an Enumeration of the elements of this list.
void	ensureAvailable() Make sure this list only contains cipher suites that can actually be used.
int	indexOf(CipherSuite suite) Gets the index of the given cipher suite in this list.
void	insertSorted(CipherSuite suite) Perform a sorted insertion of the given cipher suite into this list.
void	insertSorted(CipherSuite[] suites) Perform a sorted insertion of the cipher suites from the given array into this list.
void	intersectWith(CipherSuiteList other) Compute the intersection of this list and another list.
void	remove(CipherSuite suite) Remove a cipher suite from this list.
void	remove(CipherSuite[] suites) Remove all cipher suite from an array from this list.
int	size() Return the number of elements in this list.
void	sort() Sort the cipher suites by strength.
CipherSuite[]	toArray() Convert this list to an array of cipher suites.
java.lang.String	toString() Return a string representation of this list.

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

L_NONE

public static final int L_NONE

Selection constant for an empty list.

See Also:

Constant Field Values

L_DEFAULT

public static final int L_DEFAULT

Selection constant for a list with the default cipher suites.

See Also:

Constant Field Values

L_IMPLEMENTED

public static final int L_IMPLEMENTED

Selection constant for a list with all implemented cipher suites.

See Also:

Constant Field Values

L_ALL

public static final int L_ALL

Selection constant for a list with all known cipher suites. Note that this list contains not implemented cipher suites and therefore should be used for testing only.

See Also:

Constant Field Values

Constructor Detail

CipherSuiteList

public CipherSuiteList()

Create an empty cipher suite list.

CipherSuiteList

public CipherSuiteList(int which)

Create a new cipher suite list with the contents determined by the selection value. It should be one of L_xxx values defined for this class. The resulting list will be sorted and only contain the cipher suites that are available, i.e. can be used with the installed security provider.

• L_NONE creates an empty list
• L_DEFAULT creates a list with the default cipher suites. These are all standard cipher suites except anonymous (DH_anon) and non encrypting (RSA_WITH_NULL) cipher suites.
• L_IMPLEMENTED creates a list with all implemented cipher suites. These are all cipher suites defined in the CipherSuite class plus all user created cipher suites.
• L_ALL creates a list with all known cipher suites. As this list will contain unsupported cipher suite it should be used for testing only. Note that this list will not be sorted.

Note that ensureAvailable() is automatically called on the created list.

CipherSuiteList

public CipherSuiteList(CipherSuite suite)

Create a new cipher suite list with the specified suite as its only element.

CipherSuiteList

public CipherSuiteList(CipherSuite[] suites)

Create a new cipher suite list from the contents of the given array. If a cipher suite occurs multiple times in the array only the first occurrence is used.

CipherSuiteList

public CipherSuiteList(java.lang.String[] suites)
                throws java.lang.IllegalArgumentException

Create a new cipher suite list from an array of cipher suite names. If a cipher suite occurs multiple times in the array only the first occurrence is used.

Parameters:

suites - the cipher suite names

Throws:

java.lang.IllegalArgumentException - if the list of suite names refers a cipher suite that is not supported

CipherSuiteList

public CipherSuiteList(CipherSuiteList suites)

Create a copy of the given cipher suite list.

Method Detail

add

public void add(CipherSuite suite)

Add a cipher suite to the end of this list. If it is already contained in the list the call is ignored.

remove

public void remove(CipherSuite suite)

Remove a cipher suite from this list. If it is not contained in the list the call is ignored.

contains

public boolean contains(CipherSuite suite)

Test if the given cipher suite is an element of this list.

indexOf

public int indexOf(CipherSuite suite)

Gets the index of the given cipher suite in this list.

Returns:

the index of the cipher suite in the list or -1 if the suite is not included in the list

add

public void add(CipherSuite[] suites)

Add all cipher suite from an array to this list in order.

remove

public void remove(CipherSuite[] suites)

Remove all cipher suite from an array from this list.

clear

public void clear()

Remove all elements from this list.

toArray

public CipherSuite[] toArray()

Convert this list to an array of cipher suites.

size

public int size()

Return the number of elements in this list.

elementAt

public CipherSuite elementAt(int i)
                      throws java.lang.ArrayIndexOutOfBoundsException

Return the element at the given index. An ArrayIndexOutOfBoundsException is thrown if the index is invalid.

Throws:

java.lang.ArrayIndexOutOfBoundsException

elements

public java.util.Enumeration elements()

Return an Enumeration of the elements of this list.

insertSorted

public void insertSorted(CipherSuite suite)

Perform a sorted insertion of the given cipher suite into this list. This list must already be sorted according to the criteria given below. If the suite is already contained in this list the call is ignored.

Cipher suites are sorted by cryptographic strength, the strongest come first. We define a cipher suite to be stronger than another by the following ordered criteria.

1. Encryption algorithm: AES_256_CBC, CAMELLIA_256_CBC, AES_128_CBC, CAMELLIA_128_CBC, 3DES_EDE_CBC, RC4_128, IDEA_CBC, DES_CBC
2. Key length (however, AES_128_CBC comes before 3DES_EDE_CBC)
3. Export key size limit
4. MAC algorithm SHA over MD5
5. Key Exchange algorithm: ECDHE_RSA, ECDHE_ECDSA, DHE_RSA, DHE_DSS, RSA, ECDH_RSA, ECDH_ECDSA, DH_RSA, DH_DSS
   (EC)DHE and RSA key exchange are preferred over (EC)DH with fixed parameters are preferred over PSK key exchange (EC)DHE and PSK exchange are preferred over PSK exchange with symmetric keys only (EC)DH_anon and RSA_WITH_NULL are handled separately as they do not offer the full security of the other cipher suites. All other cipher suites are defined to be stronger than DH_anon except RSA_WITH_NULL which are weaker.

* PSK suites are interleaved, but this should be no problem because PSK suites and other suites will hardly be used at the same time. For cipher suites that are equally strong by this definition the resulting ordering is undefined.

insertSorted

public void insertSorted(CipherSuite[] suites)

Perform a sorted insertion of the cipher suites from the given array into this list. This list must already be sorted, they array need not.

sort

public void sort()

Sort the cipher suites by strength. For the criteria see insertSorted().

ensureAvailable

public void ensureAvailable()

Make sure this list only contains cipher suites that can actually be used. This method disables all cipher suites for which CipherSuite.isAvailable() returns false.

See Also:

CipherSuite.isAvailable()

intersectWith

public void intersectWith(CipherSuiteList other)

Compute the intersection of this list and another list. This object is modified to only contain cipher suites enabled in both this and other.

clone

public java.lang.Object clone()

Return a clone of this cipher suite list.

Overrides:

clone in class java.lang.Object

containsTLS13Suite

public boolean containsTLS13Suite()

Checks if this cipher suite list contains any TLS 1.3 suite.

Returns:

true if any TLS 1.3 suite is included, false otherwise

toString

public java.lang.String toString()

Return a string representation of this list.

Overrides:

toString in class java.lang.Object