From 548a585b2c4af9b4c2a98faabb8855fcb260daf2 Mon Sep 17 00:00:00 2001
From: Sam Whited <sam@samwhited.com>
Date: Wed, 14 Jan 2015 12:20:02 -0500
Subject: Harden the TLS connection cipher suites

---
 .../eu/siacs/conversations/utils/CryptoHelper.java  | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'src/main/java/eu/siacs/conversations/utils')

diff --git a/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java b/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java
index 7a36e2ba..48b0cdf3 100644
--- a/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java
+++ b/src/main/java/eu/siacs/conversations/utils/CryptoHelper.java
@@ -2,12 +2,17 @@ package eu.siacs.conversations.utils;
 
 import java.security.SecureRandom;
 import java.text.Normalizer;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.LinkedHashSet;
 
-public class CryptoHelper {
+import eu.siacs.conversations.Config;
+
+public final class CryptoHelper {
 	public static final String FILETRANSFER = "?FILETRANSFERv1:";
-	final protected static char[] hexArray = "0123456789abcdef".toCharArray();
-	final protected static char[] vowels = "aeiou".toCharArray();
-	final protected static char[] consonants = "bcdfghjklmnpqrstvwxyz".toCharArray();
+	private final static char[] hexArray = "0123456789abcdef".toCharArray();
+	private final static char[] vowels = "aeiou".toCharArray();
+	private final static char[] consonants = "bcdfghjklmnpqrstvwxyz".toCharArray();
 	final public static byte[] ONE = new byte[] { 0, 0, 0, 1 };
 
 	public static String bytesToHex(byte[] bytes) {
@@ -45,7 +50,7 @@ public class CryptoHelper {
 		return randomWord(3, random) + "." + randomWord(7, random);
 	}
 
-	protected static String randomWord(int lenght, SecureRandom random) {
+	private static String randomWord(int lenght, SecureRandom random) {
 		StringBuilder builder = new StringBuilder(lenght);
 		for (int i = 0; i < lenght; ++i) {
 			if (i % 2 == 0) {
@@ -91,4 +96,10 @@ public class CryptoHelper {
 		builder.insert(35, " ");
 		return builder.toString();
 	}
+
+	public static String[] getSupportedCipherSuites(final String[] platformSupportedCipherSuites) {
+		final Collection<String> cipherSuites = new LinkedHashSet<>(Arrays.asList(Config.ENABLED_CIPHERS));
+		cipherSuites.retainAll(Arrays.asList(platformSupportedCipherSuites));
+		return cipherSuites.toArray(new String[cipherSuites.size()]);
+	}
 }
-- 
cgit v1.2.3