Class CipherFactory

java.lang.Object
org.h2.security.CipherFactory

public class CipherFactory extends Object
A factory to create new block cipher objects.
  • Field Details

    • KEYSTORE_PASSWORD

      public static final String KEYSTORE_PASSWORD
      The default password to use for the .h2.keystore file
      See Also:
    • LEGACY_ALGORITHMS_SECURITY_KEY

      public static final String LEGACY_ALGORITHMS_SECURITY_KEY
      The security property which can prevent anonymous TLS connections. Introduced into Java 6, 7, 8 in updates from July 2015.
      See Also:
    • DEFAULT_LEGACY_ALGORITHMS

      public static final String DEFAULT_LEGACY_ALGORITHMS
      The value of "jdk.tls.legacyAlgorithms" security property at the time of class initialization. Null if it is not set.
    • KEYSTORE

      private static final String KEYSTORE
      See Also:
    • KEYSTORE_KEY

      private static final String KEYSTORE_KEY
      See Also:
    • KEYSTORE_PASSWORD_KEY

      private static final String KEYSTORE_PASSWORD_KEY
      See Also:
  • Constructor Details

    • CipherFactory

      private CipherFactory()
  • Method Details

    • getBlockCipher

      public static BlockCipher getBlockCipher(String algorithm)
      Get a new block cipher object for the given algorithm.
      Parameters:
      algorithm - the algorithm
      Returns:
      a new cipher object
    • createSocket

      public static Socket createSocket(InetAddress address, int port) throws IOException
      Create a secure client socket that is connected to the given address and port.
      Parameters:
      address - the address to connect to
      port - the port
      Returns:
      the socket
      Throws:
      IOException - on failure
    • createServerSocket

      public static ServerSocket createServerSocket(int port, InetAddress bindAddress) throws IOException
      Create a secure server socket. If a bind address is specified, the socket is only bound to this address. If h2.enableAnonymousTLS is true, an attempt is made to modify the security property jdk.tls.legacyAlgorithms (in newer JVMs) to allow anonymous TLS. This system change is effectively permanent for the lifetime of the JVM.
      Parameters:
      port - the port to listen on
      bindAddress - the address to bind to, or null to bind to all addresses
      Returns:
      the server socket
      Throws:
      IOException - on failure
      See Also:
    • removeDhAnonFromCommaSeparatedList

      public static String removeDhAnonFromCommaSeparatedList(String list)
      Removes DH_anon and ECDH_anon from a comma separated list of ciphers. Only the first occurrence is removed. If there is nothing to remove, returns the reference to the argument.
      Parameters:
      list - a list of names separated by commas (and spaces)
      Returns:
      a new string without DH_anon and ECDH_anon items, or the original if none were found
    • removeAnonFromLegacyAlgorithms

      public static void removeAnonFromLegacyAlgorithms()
      Attempts to weaken the security properties to allow anonymous TLS. New JREs would not choose an anonymous cipher suite in a TLS handshake if server-side security property "jdk.tls.legacyAlgorithms" were not modified from the default value.

      NOTE: In current (as of 2016) default implementations of JSSE which use this security property, the value is permanently cached inside the ServerHandshake class upon its first use. Therefore the modification accomplished by this method has to be done before the first use of a server SSL socket. Later changes to this property will not have any effect on server socket behavior.

    • resetDefaultLegacyAlgorithms

      public static void resetDefaultLegacyAlgorithms()
      Attempts to resets the security property to the default value. The default value of "jdk.tls.legacyAlgorithms" was obtained at time of class initialization.

      NOTE: Resetting the property might not have any effect on server socket behavior.

      See Also:
    • getLegacyAlgorithmsSilently

      public static String getLegacyAlgorithmsSilently()
      Returns the security property "jdk.tls.legacyAlgorithms". Ignores security exceptions.
      Returns:
      the value of the security property, or null if not set or not accessible
    • setLegacyAlgorithmsSilently

      private static void setLegacyAlgorithmsSilently(String legacyAlgorithms)
    • getKeyStoreBytes

      private static byte[] getKeyStoreBytes(KeyStore store, String password) throws IOException
      Throws:
      IOException
    • getKeyStore

      public static KeyStore getKeyStore(String password) throws IOException
      Get the keystore object using the given password.
      Parameters:
      password - the keystore password
      Returns:
      the keystore
      Throws:
      IOException - on failure
    • setKeystore

      private static void setKeystore() throws IOException
      Throws:
      IOException
    • enableAnonymous

      private static String[] enableAnonymous(String[] enabled, String[] supported)
    • disableSSL

      private static String[] disableSSL(String[] enabled)