// ========================================================================
// Copyright (c) 2001-2009 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
package org.eclipse.jetty.server.ssl;
/* --------------------------------------------------------------------- */
/**
* Jetty Servlet SSL support utilities.
* <p>
* A collection of utilities required to support the SSL requirements of the Servlet 2.2 and 2.3
* specs.
*
* <p>
* Used by the SSL listener classes.
*
*
*/
public class ServletSSL
{
/* ------------------------------------------------------------ */
/**
* Given the name of a TLS/SSL cipher suite, return an int representing it effective stream
* cipher key strength. i.e. How much entropy material is in the key material being fed into the
* encryption routines.
*
* <p>
* This is based on the information on effective key lengths in RFC 2246 - The TLS Protocol
* Version 1.0, Appendix C. CipherSuite definitions:
*
* <pre>
* Effective
* Cipher Type Key Bits
*
* NULL * Stream 0
* IDEA_CBC Block 128
* RC2_CBC_40 * Block 40
* RC4_40 * Stream 40
* RC4_128 Stream 128
* DES40_CBC * Block 40
* DES_CBC Block 56
* 3DES_EDE_CBC Block 168
* </pre>
*
* @param cipherSuite String name of the TLS cipher suite.
* @return int indicating the effective key entropy bit-length.
*/
public static int deduceKeyLength(String cipherSuite)
{
// Roughly ordered from most common to least common.
if (cipherSuite == null)
return 0;
else if (cipherSuite.indexOf("WITH_AES_256_") >= 0)
return 256;
else if (cipherSuite.indexOf("WITH_RC4_128_") >= 0)
return 128;
else if (cipherSuite.indexOf("WITH_AES_128_") >= 0)
return 128;
else if (cipherSuite.indexOf("WITH_RC4_40_") >= 0)
return 40;
else if (cipherSuite.indexOf("WITH_3DES_EDE_CBC_") >= 0)
return 168;
else if (cipherSuite.indexOf("WITH_IDEA_CBC_") >= 0)
return 128;
else if (cipherSuite.indexOf("WITH_RC2_CBC_40_") >= 0)
return 40;
else if (cipherSuite.indexOf("WITH_DES40_CBC_") >= 0)
return 40;
else if (cipherSuite.indexOf("WITH_DES_CBC_") >= 0)
return 56;
else
return 0;
}
}