View Javadoc

1   // ========================================================================
2   // Copyright 2001-2005 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // Licensed under the Apache License, Version 2.0 (the "License");
5   // you may not use this file except in compliance with the License.
6   // You may obtain a copy of the License at 
7   // http://www.apache.org/licenses/LICENSE-2.0
8   // Unless required by applicable law or agreed to in writing, software
9   // distributed under the License is distributed on an "AS IS" BASIS,
10  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11  // See the License for the specific language governing permissions and
12  // limitations under the License.
13  // ========================================================================
14  
15  package org.mortbay.jetty.security;
16  
17  /* --------------------------------------------------------------------- */
18  /**
19   * Jetty Servlet SSL support utilities.
20   * <p>
21   * A collection of utilities required to support the SSL requirements of the Servlet 2.2 and 2.3
22   * specs.
23   * 
24   * <p>
25   * Used by the SSL listener classes.
26   * 
27   * @author Brett Sealey
28   */
29  public class ServletSSL
30  {
31      /* ------------------------------------------------------------ */
32      /**
33       * Given the name of a TLS/SSL cipher suite, return an int representing it effective stream
34       * cipher key strength. i.e. How much entropy material is in the key material being fed into the
35       * encryption routines.
36       * 
37       * <p>
38       * This is based on the information on effective key lengths in RFC 2246 - The TLS Protocol
39       * Version 1.0, Appendix C. CipherSuite definitions:
40       * 
41       * <pre>
42       *                         Effective 
43       *     Cipher       Type    Key Bits 
44       * 		       	       
45       *     NULL       * Stream     0     
46       *     IDEA_CBC     Block    128     
47       *     RC2_CBC_40 * Block     40     
48       *     RC4_40     * Stream    40     
49       *     RC4_128      Stream   128     
50       *     DES40_CBC  * Block     40     
51       *     DES_CBC      Block     56     
52       *     3DES_EDE_CBC Block    168     
53       * </pre>
54       * 
55       * @param cipherSuite String name of the TLS cipher suite.
56       * @return int indicating the effective key entropy bit-length.
57       */
58      public static final int deduceKeyLength(String cipherSuite)
59      {
60          // Roughly ordered from most common to least common.
61          if (cipherSuite == null)
62              return 0;
63          else if (cipherSuite.indexOf("WITH_AES_256_") >= 0)
64              return 256;
65          else if (cipherSuite.indexOf("WITH_RC4_128_") >= 0)
66              return 128;
67          else if (cipherSuite.indexOf("WITH_AES_128_") >= 0)
68              return 128;
69          else if (cipherSuite.indexOf("WITH_RC4_40_") >= 0)
70              return 40;
71          else if (cipherSuite.indexOf("WITH_3DES_EDE_CBC_") >= 0)
72              return 168;
73          else if (cipherSuite.indexOf("WITH_IDEA_CBC_") >= 0)
74              return 128;
75          else if (cipherSuite.indexOf("WITH_RC2_CBC_40_") >= 0)
76              return 40;
77          else if (cipherSuite.indexOf("WITH_DES40_CBC_") >= 0)
78              return 40;
79          else if (cipherSuite.indexOf("WITH_DES_CBC_") >= 0)
80              return 56;
81          else
82              return 0;
83      }
84  }