Java 类java.security.AlgorithmConstraints 实例源码

项目:OpenJSharp    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints,
        Collection<SNIMatcher> sniMatchers,
        boolean preferLocalCipherSuites) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    this.sniMatchers = sniMatchers;
    this.preferLocalCipherSuites = preferLocalCipherSuites;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:OpenJSharp    文件:SignatureAndHashAlgorithm.java   
static Collection<SignatureAndHashAlgorithm>
        getSupportedAlgorithms(AlgorithmConstraints constraints) {

    Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
    synchronized (priorityMap) {
        for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
            if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
                    constraints.permits(SIGNATURE_PRIMITIVE_SET,
                            sigAlg.algorithm, null)) {
                supported.add(sigAlg);
            }
        }
    }

    return supported;
}
项目:OpenJSharp    文件:AlgorithmChecker.java   
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
项目:jdk8u-jdk    文件:SupportedEllipticCurvesExtension.java   
static SupportedEllipticCurvesExtension createExtension(
            AlgorithmConstraints constraints) {

    ArrayList<Integer> idList = new ArrayList<>(supportedCurveIds.length);
    for (int curveId : supportedCurveIds) {
        if (constraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
                            "EC", idToParams.get(curveId))) {
            idList.add(curveId);
        }
    }

    if (!idList.isEmpty()) {
        int[] ids = new int[idList.size()];
        int i = 0;
        for (Integer id : idList) {
            ids[i++] = id;
        }

        return new SupportedEllipticCurvesExtension(ids);
    }

    return null;
}
项目:jdk8u-jdk    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints,
        Collection<SNIMatcher> sniMatchers,
        boolean preferLocalCipherSuites) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    this.sniMatchers = sniMatchers;
    this.preferLocalCipherSuites = preferLocalCipherSuites;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:jdk8u-jdk    文件:AlgorithmChecker.java   
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
        // Check for anchor certificate restrictions
        trustedMatch = checkFingerprint(anchor.getTrustedCert());
        if (trustedMatch && debug != null) {
            debug.println("trustedMatch = true");
        }
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
项目:openjdk-jdk10    文件:Validator.java   
/**
 * Validate the given certificate chain.
 *
 * @param chain the target certificate chain
 * @param otherCerts a Collection of additional X509Certificates that
 *        could be helpful for path building (or null)
 * @param responseList a List of zero or more byte arrays, each
 *        one being a DER-encoded OCSP response (per RFC 6960).  Entries
 *        in the List must match the order of the certificates in the
 *        chain parameter.  It is possible that fewer responses may be
 *        in the list than are elements in {@code chain} and a missing
 *        response for a matching element in {@code chain} can be
 *        represented with a zero-length byte array.
 * @param constraints algorithm constraints for certification path
 *        processing
 * @param parameter an additional parameter object to pass specific data.
 *        This parameter object maybe one of the two below:
 *        1) TLS_SERVER variant validators, where it must be non null and
 *        the name of the TLS key exchange algorithm being used
 *        (see JSSE X509TrustManager specification).
 *        2) {@code Timestamp} object from a signed JAR file.
 * @return a non-empty chain that was used to validate the path. The
 *        end entity cert is at index 0, the trust anchor at index n-1.
 */
public final X509Certificate[] validate(X509Certificate[] chain,
            Collection<X509Certificate> otherCerts,
            List<byte[]> responseList,
            AlgorithmConstraints constraints,
            Object parameter) throws CertificateException {
    chain = engineValidate(chain, otherCerts, responseList, constraints,
            parameter);

    // omit EE extension check if EE cert is also trust anchor
    if (chain.length > 1) {
        // EndEntityChecker does not need to check unresolved critical
        // extensions when validating with a TYPE_PKIX Validator.
        // A TYPE_PKIX Validator will already have run checks on all
        // certs' extensions, including checks by any PKIXCertPathCheckers
        // included in the PKIXParameters, so the extra checks would be
        // redundant.
        boolean checkUnresolvedCritExts =
                (type == TYPE_PKIX) ? false : true;
        endEntityChecker.check(chain[0], parameter,
                               checkUnresolvedCritExts);
    }

    return chain;
}
项目:openjdk-jdk10    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, ClientAuthType clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints,
        Collection<SNIMatcher> sniMatchers,
        boolean preferLocalCipherSuites,
        String[] applicationProtocols) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    this.sniMatchers = sniMatchers;
    this.preferLocalCipherSuites = preferLocalCipherSuites;
    this.applicationProtocols = applicationProtocols;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:openjdk-jdk10    文件:SupportedGroupsExtension.java   
NamedGroup getPreferredGroup(
        AlgorithmConstraints constraints, NamedGroupType type) {

    for (int groupId : requestedNamedGroupIds) {
        NamedGroup namedGroup = NamedGroup.valueOf(groupId);
        if ((namedGroup != null) && (namedGroup.type == type) &&
            SupportedGroupsExtension.supports(namedGroup) &&
            constraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
                namedGroup.algorithm, namedGroupParams.get(namedGroup))) {

            return namedGroup;
        }
    }

    return null;
}
项目:openjdk9    文件:Validator.java   
/**
 * Validate the given certificate chain.
 *
 * @param chain the target certificate chain
 * @param otherCerts a Collection of additional X509Certificates that
 *        could be helpful for path building (or null)
 * @param responseList a List of zero or more byte arrays, each
 *        one being a DER-encoded OCSP response (per RFC 6960).  Entries
 *        in the List must match the order of the certificates in the
 *        chain parameter.  It is possible that fewer responses may be
 *        in the list than are elements in {@code chain} and a missing
 *        response for a matching element in {@code chain} can be
 *        represented with a zero-length byte array.
 * @param constraints algorithm constraints for certification path
 *        processing
 * @param parameter an additional parameter with variant specific meaning.
 *        Currently, it is only defined for TLS_SERVER variant validators,
 *        where it must be non null and the name of the TLS key exchange
 *        algorithm being used (see JSSE X509TrustManager specification).
 *        In the future, it could be used to pass in a PKCS#7 object for
 *        code signing to check time stamps.
 * @return a non-empty chain that was used to validate the path. The
 *        end entity cert is at index 0, the trust anchor at index n-1.
 */
public final X509Certificate[] validate(X509Certificate[] chain,
            Collection<X509Certificate> otherCerts,
            List<byte[]> responseList,
            AlgorithmConstraints constraints,
            Object parameter) throws CertificateException {
    chain = engineValidate(chain, otherCerts, responseList, constraints,
            parameter);

    // omit EE extension check if EE cert is also trust anchor
    if (chain.length > 1) {
        // EndEntityChecker does not need to check unresolved critical
        // extensions when validating with a TYPE_PKIX Validator.
        // A TYPE_PKIX Validator will already have run checks on all
        // certs' extensions, including checks by any PKIXCertPathCheckers
        // included in the PKIXParameters, so the extra checks would be
        // redundant.
        boolean checkUnresolvedCritExts =
                (type == TYPE_PKIX) ? false : true;
        endEntityChecker.check(chain[0], parameter,
                               checkUnresolvedCritExts);
    }

    return chain;
}
项目:openjdk9    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, ClientAuthType clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints,
        Collection<SNIMatcher> sniMatchers,
        boolean preferLocalCipherSuites) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    this.sniMatchers = sniMatchers;
    this.preferLocalCipherSuites = preferLocalCipherSuites;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:openjdk9    文件:AlgorithmChecker.java   
/**
 * Create a new {@code AlgorithmChecker} with the
 * given {@code TrustAnchor} and {@code AlgorithmConstraints}.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 * @param pkixdate Date the constraints are checked against. The value is
 *             either the PKIXParameter date or null for the current date.
 *
 * @throws IllegalArgumentException if the {@code anchor} is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints,
        Date pkixdate) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
        // Check for anchor certificate restrictions
        trustedMatch = checkFingerprint(anchor.getTrustedCert());
        if (trustedMatch && debug != null) {
            debug.println("trustedMatch = true");
        }
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
    this.pkixdate = pkixdate;
}
项目:jdk8u_jdk    文件:SupportedEllipticCurvesExtension.java   
static SupportedEllipticCurvesExtension createExtension(
            AlgorithmConstraints constraints) {

    ArrayList<Integer> idList = new ArrayList<>(supportedCurveIds.length);
    for (int curveId : supportedCurveIds) {
        if (constraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
                            "EC", idToParams.get(curveId))) {
            idList.add(curveId);
        }
    }

    if (!idList.isEmpty()) {
        int[] ids = new int[idList.size()];
        int i = 0;
        for (Integer id : idList) {
            ids[i++] = id;
        }

        return new SupportedEllipticCurvesExtension(ids);
    }

    return null;
}
项目:jdk8u_jdk    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints,
        Collection<SNIMatcher> sniMatchers,
        boolean preferLocalCipherSuites) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    this.sniMatchers = sniMatchers;
    this.preferLocalCipherSuites = preferLocalCipherSuites;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:lookaside_java-1.8.0-openjdk    文件:SupportedEllipticCurvesExtension.java   
static SupportedEllipticCurvesExtension createExtension(
            AlgorithmConstraints constraints) {

    ArrayList<Integer> idList = new ArrayList<>(supportedCurveIds.length);
    for (int curveId : supportedCurveIds) {
        if (constraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
                            "EC", idToParams.get(curveId))) {
            idList.add(curveId);
        }
    }

    if (!idList.isEmpty()) {
        int[] ids = new int[idList.size()];
        int i = 0;
        for (Integer id : idList) {
            ids[i++] = id;
        }

        return new SupportedEllipticCurvesExtension(ids);
    }

    return null;
}
项目:lookaside_java-1.8.0-openjdk    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints,
        Collection<SNIMatcher> sniMatchers,
        boolean preferLocalCipherSuites) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    this.sniMatchers = sniMatchers;
    this.preferLocalCipherSuites = preferLocalCipherSuites;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:infobip-open-jdk-8    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints,
        Collection<SNIMatcher> sniMatchers,
        boolean preferLocalCipherSuites) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    this.sniMatchers = sniMatchers;
    this.preferLocalCipherSuites = preferLocalCipherSuites;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:infobip-open-jdk-8    文件:SignatureAndHashAlgorithm.java   
static Collection<SignatureAndHashAlgorithm>
        getSupportedAlgorithms(AlgorithmConstraints constraints) {

    Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
    synchronized (priorityMap) {
        for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
            if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
                    constraints.permits(SIGNATURE_PRIMITIVE_SET,
                            sigAlg.algorithm, null)) {
                supported.add(sigAlg);
            }
        }
    }

    return supported;
}
项目:infobip-open-jdk-8    文件:AlgorithmChecker.java   
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
项目:jdk8u-dev-jdk    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints,
        Collection<SNIMatcher> sniMatchers,
        boolean preferLocalCipherSuites) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    this.sniMatchers = sniMatchers;
    this.preferLocalCipherSuites = preferLocalCipherSuites;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:jdk8u-dev-jdk    文件:SignatureAndHashAlgorithm.java   
static Collection<SignatureAndHashAlgorithm>
        getSupportedAlgorithms(AlgorithmConstraints constraints) {

    Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
    synchronized (priorityMap) {
        for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
            if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
                    constraints.permits(SIGNATURE_PRIMITIVE_SET,
                            sigAlg.algorithm, null)) {
                supported.add(sigAlg);
            }
        }
    }

    return supported;
}
项目:jdk8u-dev-jdk    文件:AlgorithmChecker.java   
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
项目:jdk7-jdk    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:jdk7-jdk    文件:SignatureAndHashAlgorithm.java   
static Collection<SignatureAndHashAlgorithm>
        getSupportedAlgorithms(AlgorithmConstraints constraints) {

    Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
    synchronized (priorityMap) {
        for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
            if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
                    constraints.permits(SIGNATURE_PRIMITIVE_SET,
                            sigAlg.algorithm, null)) {
                supported.add(sigAlg);
            }
        }
    }

    return supported;
}
项目:jdk7-jdk    文件:AlgorithmChecker.java   
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
项目:openjdk-source-code-learn    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:openjdk-source-code-learn    文件:SignatureAndHashAlgorithm.java   
static Collection<SignatureAndHashAlgorithm>
        getSupportedAlgorithms(AlgorithmConstraints constraints) {

    Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
    synchronized (priorityMap) {
        for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
            if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
                    constraints.permits(SIGNATURE_PRIMITIVE_SET,
                            sigAlg.algorithm, null)) {
                supported.add(sigAlg);
            }
        }
    }

    return supported;
}
项目:openjdk-source-code-learn    文件:AlgorithmChecker.java   
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
项目:OLD-OpenJDK8    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints,
        Collection<SNIMatcher> sniMatchers,
        boolean preferLocalCipherSuites) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    this.sniMatchers = sniMatchers;
    this.preferLocalCipherSuites = preferLocalCipherSuites;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:OLD-OpenJDK8    文件:SignatureAndHashAlgorithm.java   
static Collection<SignatureAndHashAlgorithm>
        getSupportedAlgorithms(AlgorithmConstraints constraints) {

    Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
    synchronized (priorityMap) {
        for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
            if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
                    constraints.permits(SIGNATURE_PRIMITIVE_SET,
                            sigAlg.algorithm, null)) {
                supported.add(sigAlg);
            }
        }
    }

    return supported;
}
项目:OLD-OpenJDK8    文件:AlgorithmChecker.java   
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
项目:openjdk-jdk7u-jdk    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:openjdk-jdk7u-jdk    文件:SignatureAndHashAlgorithm.java   
static Collection<SignatureAndHashAlgorithm>
        getSupportedAlgorithms(AlgorithmConstraints constraints) {

    Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
    synchronized (priorityMap) {
        for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
            if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
                    constraints.permits(SIGNATURE_PRIMITIVE_SET,
                            sigAlg.algorithm, null)) {
                supported.add(sigAlg);
            }
        }
    }

    return supported;
}
项目:openjdk-jdk7u-jdk    文件:AlgorithmChecker.java   
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
项目:openjdk-icedtea7    文件:SSLSocketImpl.java   
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
        CipherSuiteList suites, byte clientAuth,
        boolean sessionCreation, ProtocolList protocols,
        String identificationProtocol,
        AlgorithmConstraints algorithmConstraints) throws IOException {

    super();
    doClientAuth = clientAuth;
    enableSessionCreation = sessionCreation;
    this.identificationProtocol = identificationProtocol;
    this.algorithmConstraints = algorithmConstraints;
    init(context, serverMode);

    /*
     * Override what was picked out for us.
     */
    enabledCipherSuites = suites;
    enabledProtocols = protocols;
}
项目:openjdk-icedtea7    文件:SignatureAndHashAlgorithm.java   
static Collection<SignatureAndHashAlgorithm>
        getSupportedAlgorithms(AlgorithmConstraints constraints) {

    Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
    synchronized (priorityMap) {
        for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
            if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
                    constraints.permits(SIGNATURE_PRIMITIVE_SET,
                            sigAlg.algorithm, null)) {
                supported.add(sigAlg);
            }
        }
    }

    return supported;
}
项目:openjdk-icedtea7    文件:AlgorithmChecker.java   
/**
 * Create a new <code>AlgorithmChecker</code> with the
 * given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
 *
 * @param anchor the trust anchor selected to validate the target
 *     certificate
 * @param constraints the algorithm constraints (or null)
 *
 * @throws IllegalArgumentException if the <code>anchor</code> is null
 */
public AlgorithmChecker(TrustAnchor anchor,
        AlgorithmConstraints constraints) {

    if (anchor == null) {
        throw new IllegalArgumentException(
                    "The trust anchor cannot be null");
    }

    if (anchor.getTrustedCert() != null) {
        this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
    } else {
        this.trustedPubKey = anchor.getCAPublicKey();
    }

    this.prevPubKey = trustedPubKey;
    this.constraints = constraints;
}
项目:OpenJSharp    文件:Handshaker.java   
/**
 * Set the algorithm constraints. Called from the constructor or
 * SSLSocketImpl/SSLEngineImpl.setAlgorithmConstraints() (if the
 * handshake is not yet in progress).
 */
void setAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
    activeCipherSuites = null;
    activeProtocols = null;

    this.algorithmConstraints =
        new SSLAlgorithmConstraints(algorithmConstraints);
    this.localSupportedSignAlgs = null;
}
项目:jdk8u-jdk    文件:SupportedEllipticCurvesExtension.java   
private static int getPreferredCurve(int[] curves,
            AlgorithmConstraints constraints) {
    for (int curveId : curves) {
        if (isSupported(curveId) && constraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
                            "EC", idToParams.get(curveId))) {
            return curveId;
        }
    }

    return -1;
}
项目:jdk8u-jdk    文件:SignatureAndHashAlgorithm.java   
static Collection<SignatureAndHashAlgorithm>
        getSupportedAlgorithms(AlgorithmConstraints constraints) {

    Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
    for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
        if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
                constraints.permits(SIGNATURE_PRIMITIVE_SET,
                        sigAlg.algorithm, null)) {
            supported.add(sigAlg);
        }
    }

    return supported;
}