1 // ======================================================================== 2 // Copyright 2001-2005 Mort Bay Consulting Pty. Ltd. 3 // ------------------------------------------------------------------------ 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // Unless required by applicable law or agreed to in writing, software 9 // distributed under the License is distributed on an "AS IS" BASIS, 10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 // See the License for the specific language governing permissions and 12 // limitations under the License. 13 // ======================================================================== 14 15 package org.mortbay.jetty.security; 16 17 /* --------------------------------------------------------------------- */ 18 /** 19 * Jetty Servlet SSL support utilities. 20 * <p> 21 * A collection of utilities required to support the SSL requirements of the Servlet 2.2 and 2.3 22 * specs. 23 * 24 * <p> 25 * Used by the SSL listener classes. 26 * 27 * @author Brett Sealey 28 */ 29 public class ServletSSL 30 { 31 /* ------------------------------------------------------------ */ 32 /** 33 * Given the name of a TLS/SSL cipher suite, return an int representing it effective stream 34 * cipher key strength. i.e. How much entropy material is in the key material being fed into the 35 * encryption routines. 36 * 37 * <p> 38 * This is based on the information on effective key lengths in RFC 2246 - The TLS Protocol 39 * Version 1.0, Appendix C. CipherSuite definitions: 40 * 41 * <pre> 42 * Effective 43 * Cipher Type Key Bits 44 * 45 * NULL * Stream 0 46 * IDEA_CBC Block 128 47 * RC2_CBC_40 * Block 40 48 * RC4_40 * Stream 40 49 * RC4_128 Stream 128 50 * DES40_CBC * Block 40 51 * DES_CBC Block 56 52 * 3DES_EDE_CBC Block 168 53 * </pre> 54 * 55 * @param cipherSuite String name of the TLS cipher suite. 56 * @return int indicating the effective key entropy bit-length. 57 */ 58 public static final int deduceKeyLength(String cipherSuite) 59 { 60 // Roughly ordered from most common to least common. 61 if (cipherSuite == null) 62 return 0; 63 else if (cipherSuite.indexOf("WITH_AES_256_") >= 0) 64 return 256; 65 else if (cipherSuite.indexOf("WITH_RC4_128_") >= 0) 66 return 128; 67 else if (cipherSuite.indexOf("WITH_AES_128_") >= 0) 68 return 128; 69 else if (cipherSuite.indexOf("WITH_RC4_40_") >= 0) 70 return 40; 71 else if (cipherSuite.indexOf("WITH_3DES_EDE_CBC_") >= 0) 72 return 168; 73 else if (cipherSuite.indexOf("WITH_IDEA_CBC_") >= 0) 74 return 128; 75 else if (cipherSuite.indexOf("WITH_RC2_CBC_40_") >= 0) 76 return 40; 77 else if (cipherSuite.indexOf("WITH_DES40_CBC_") >= 0) 78 return 40; 79 else if (cipherSuite.indexOf("WITH_DES_CBC_") >= 0) 80 return 56; 81 else 82 return 0; 83 } 84 }