1 // ========================================================================
2 // Copyright 2001-2005 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 // http://www.apache.org/licenses/LICENSE-2.0
8 // Unless required by applicable law or agreed to in writing, software
9 // distributed under the License is distributed on an "AS IS" BASIS,
10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 // See the License for the specific language governing permissions and
12 // limitations under the License.
13 // ========================================================================
14
15 package org.mortbay.jetty.security;
16
17 /* --------------------------------------------------------------------- */
18 /**
19 * Jetty Servlet SSL support utilities.
20 * <p>
21 * A collection of utilities required to support the SSL requirements of the Servlet 2.2 and 2.3
22 * specs.
23 *
24 * <p>
25 * Used by the SSL listener classes.
26 *
27 * @author Brett Sealey
28 */
29 public class ServletSSL
30 {
31 /* ------------------------------------------------------------ */
32 /**
33 * Given the name of a TLS/SSL cipher suite, return an int representing it effective stream
34 * cipher key strength. i.e. How much entropy material is in the key material being fed into the
35 * encryption routines.
36 *
37 * <p>
38 * This is based on the information on effective key lengths in RFC 2246 - The TLS Protocol
39 * Version 1.0, Appendix C. CipherSuite definitions:
40 *
41 * <pre>
42 * Effective
43 * Cipher Type Key Bits
44 *
45 * NULL * Stream 0
46 * IDEA_CBC Block 128
47 * RC2_CBC_40 * Block 40
48 * RC4_40 * Stream 40
49 * RC4_128 Stream 128
50 * DES40_CBC * Block 40
51 * DES_CBC Block 56
52 * 3DES_EDE_CBC Block 168
53 * </pre>
54 *
55 * @param cipherSuite String name of the TLS cipher suite.
56 * @return int indicating the effective key entropy bit-length.
57 */
58 public static final int deduceKeyLength(String cipherSuite)
59 {
60 // Roughly ordered from most common to least common.
61 if (cipherSuite == null)
62 return 0;
63 else if (cipherSuite.indexOf("WITH_AES_256_") >= 0)
64 return 256;
65 else if (cipherSuite.indexOf("WITH_RC4_128_") >= 0)
66 return 128;
67 else if (cipherSuite.indexOf("WITH_AES_128_") >= 0)
68 return 128;
69 else if (cipherSuite.indexOf("WITH_RC4_40_") >= 0)
70 return 40;
71 else if (cipherSuite.indexOf("WITH_3DES_EDE_CBC_") >= 0)
72 return 168;
73 else if (cipherSuite.indexOf("WITH_IDEA_CBC_") >= 0)
74 return 128;
75 else if (cipherSuite.indexOf("WITH_RC2_CBC_40_") >= 0)
76 return 40;
77 else if (cipherSuite.indexOf("WITH_DES40_CBC_") >= 0)
78 return 40;
79 else if (cipherSuite.indexOf("WITH_DES_CBC_") >= 0)
80 return 56;
81 else
82 return 0;
83 }
84 }