-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathGetCiphers.java
More file actions
154 lines (135 loc) · 6.04 KB
/
Copy pathGetCiphers.java
File metadata and controls
154 lines (135 loc) · 6.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.Security;
import java.util.Arrays;
import java.util.Collection;
import java.util.Set;
import java.util.TreeSet;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
public final class GetCiphers {
/*
* "TLS" asks JSSE for the runtime's default TLS context. On modern JDKs
* that context can still report old protocols as supported, while only
* enabling secure current protocols by default.
*/
private static final String DEFAULT_PROTOCOL = "TLS";
private GetCiphers() {
}
public static void main(String[] args) throws GeneralSecurityException {
if (args.length > 1 || (args.length == 1 && isHelp(args[0]))) {
printUsage();
return;
}
String protocol = args.length == 1 ? args[0] : DEFAULT_PROTOCOL;
/*
* SSLContext is provided by JSSE. Initializing it with null arguments
* makes Java use the default key managers, trust managers, and source
* of randomness for this runtime.
*/
SSLContext sslContext = SSLContext.getInstance(protocol);
sslContext.init(null, null, null);
/*
* Supported values are everything the provider knows how to handle.
* Default values are what Java enables unless an application overrides
* the SSL/TLS settings.
*/
SSLParameters supported = sslContext.getSupportedSSLParameters();
SSLParameters defaults = sslContext.getDefaultSSLParameters();
printRuntimeInfo(protocol, sslContext);
printSection("Supported TLS Protocols", supported.getProtocols());
printSection("Default TLS Protocols", defaults.getProtocols());
printSection("Cipher Suites For Requested Protocol", cipherSuitesForProtocol(protocol, supported.getCipherSuites()));
printSection("Supported Cipher Suites", supported.getCipherSuites());
printSection("Default Cipher Suites", defaults.getCipherSuites());
printProviders();
}
private static boolean isHelp(String arg) {
return "-h".equals(arg) || "--help".equals(arg) || "help".equalsIgnoreCase(arg);
}
private static void printUsage() {
System.out.println("Usage: java GetCiphers [TLS_PROTOCOL]");
System.out.println();
System.out.println("Examples:");
System.out.println(" java GetCiphers");
System.out.println(" java GetCiphers TLSv1.3");
System.out.println(" java GetCiphers TLSv1.2");
}
private static void printRuntimeInfo(String requestedProtocol, SSLContext sslContext) {
System.out.println("Java Runtime");
System.out.println(" java.version: " + System.getProperty("java.version"));
System.out.println(" java.vendor: " + System.getProperty("java.vendor"));
System.out.println(" java.home: " + System.getProperty("java.home"));
System.out.println(" os.name: " + System.getProperty("os.name"));
System.out.println(" requested: " + requestedProtocol);
System.out.println(" provider: " + sslContext.getProvider().getName());
System.out.println();
}
private static void printSection(String title, String[] values) {
System.out.println(title + " (" + values.length + ")");
for (String value : sorted(values)) {
System.out.println(" " + value);
}
System.out.println();
}
private static Collection<String> sorted(String[] values) {
/*
* A TreeSet gives stable alphabetical output and removes duplicates if
* a provider ever returns the same value more than once.
*/
Set<String> sortedValues = new TreeSet<String>();
sortedValues.addAll(Arrays.asList(values));
return sortedValues;
}
private static String[] cipherSuitesForProtocol(String protocol, String[] cipherSuites) {
/*
* JSSE exposes provider-wide cipher suite lists. TLS 1.3 cipher suite
* names are distinct from pre-TLS 1.3 names, so this derived view shows
* the suites that match the requested protocol family and removes SCSV
* signaling values that are not negotiable cipher suites.
*/
Collection<String> protocolCipherSuites = new TreeSet<String>();
for (String cipherSuite : cipherSuites) {
if (isSignalingCipherSuiteValue(cipherSuite)) {
continue;
}
if ("TLSv1.3".equals(protocol)) {
if (isTls13CipherSuite(cipherSuite)) {
protocolCipherSuites.add(cipherSuite);
}
} else if (isPreTls13Protocol(protocol)) {
if (!isTls13CipherSuite(cipherSuite)) {
protocolCipherSuites.add(cipherSuite);
}
} else {
protocolCipherSuites.add(cipherSuite);
}
}
return protocolCipherSuites.toArray(new String[0]);
}
private static boolean isTls13CipherSuite(String cipherSuite) {
return cipherSuite.startsWith("TLS_AES_")
|| "TLS_CHACHA20_POLY1305_SHA256".equals(cipherSuite);
}
private static boolean isPreTls13Protocol(String protocol) {
return "TLSv1.2".equals(protocol)
|| "TLSv1.1".equals(protocol)
|| "TLSv1".equals(protocol)
|| "SSLv3".equals(protocol);
}
private static boolean isSignalingCipherSuiteValue(String cipherSuite) {
return cipherSuite.endsWith("_SCSV");
}
private static void printProviders() {
/*
* Providers explain where algorithms come from. Platform-specific
* providers, such as SunMSCAPI on Windows, are useful when comparing
* the same JDK version across operating systems.
*/
Provider[] providers = Security.getProviders();
System.out.println("Security Providers (" + providers.length + ")");
for (Provider provider : providers) {
System.out.println(" " + provider);
}
}
}