org.openjsse.sun.security.ssl.SSLAlgorithmDecomposer Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of openjsse Show documentation
Show all versions of openjsse Show documentation
OpenJSSE delivers a TLS 1.3 JSSE provider for Java SE 8
The newest version!
/*
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package org.openjsse.sun.security.ssl;
import java.util.HashSet;
import java.util.Set;
import org.openjsse.sun.security.ssl.CipherSuite.HashAlg;
import org.openjsse.sun.security.ssl.CipherSuite.KeyExchange;
import static org.openjsse.sun.security.ssl.CipherSuite.KeyExchange.*;
import org.openjsse.sun.security.ssl.CipherSuite.MacAlg;
import static org.openjsse.sun.security.ssl.SSLCipher.*;
import sun.security.util.AlgorithmDecomposer;
/**
* The class decomposes standard SSL/TLS cipher suites into sub-elements.
*/
class SSLAlgorithmDecomposer extends AlgorithmDecomposer {
// indicates that only certification path algorithms need to be used
private final boolean onlyX509;
SSLAlgorithmDecomposer(boolean onlyX509) {
this.onlyX509 = onlyX509;
}
SSLAlgorithmDecomposer() {
this(false);
}
private Set decomposes(CipherSuite.KeyExchange keyExchange) {
Set components = new HashSet<>();
switch (keyExchange) {
case K_NULL:
if (!onlyX509) {
components.add("K_NULL");
}
break;
case K_RSA:
components.add("RSA");
break;
case K_RSA_EXPORT:
components.add("RSA");
components.add("RSA_EXPORT");
break;
case K_DH_RSA:
components.add("RSA");
components.add("DH");
components.add("DiffieHellman");
components.add("DH_RSA");
break;
case K_DH_DSS:
components.add("DSA");
components.add("DSS");
components.add("DH");
components.add("DiffieHellman");
components.add("DH_DSS");
break;
case K_DHE_DSS:
components.add("DSA");
components.add("DSS");
components.add("DH");
components.add("DHE");
components.add("DiffieHellman");
components.add("DHE_DSS");
break;
case K_DHE_RSA:
components.add("RSA");
components.add("DH");
components.add("DHE");
components.add("DiffieHellman");
components.add("DHE_RSA");
break;
case K_DH_ANON:
if (!onlyX509) {
components.add("ANON");
components.add("DH");
components.add("DiffieHellman");
components.add("DH_ANON");
}
break;
case K_ECDH_ECDSA:
components.add("ECDH");
components.add("ECDSA");
components.add("ECDH_ECDSA");
break;
case K_ECDH_RSA:
components.add("ECDH");
components.add("RSA");
components.add("ECDH_RSA");
break;
case K_ECDHE_ECDSA:
components.add("ECDHE");
components.add("ECDSA");
components.add("ECDHE_ECDSA");
break;
case K_ECDHE_RSA:
components.add("ECDHE");
components.add("RSA");
components.add("ECDHE_RSA");
break;
case K_ECDH_ANON:
if (!onlyX509) {
components.add("ECDH");
components.add("ANON");
components.add("ECDH_ANON");
}
break;
default:
// otherwise ignore
}
return components;
}
private Set decomposes(SSLCipher bulkCipher) {
Set components = new HashSet<>();
if (bulkCipher.transformation != null) {
components.addAll(super.decompose(bulkCipher.transformation));
}
switch (bulkCipher) {
case B_NULL:
components.add("C_NULL");
break;
case B_RC2_40:
components.add("RC2_CBC_40");
break;
case B_RC4_40:
components.add("RC4_40");
break;
case B_RC4_128:
components.add("RC4_128");
break;
case B_DES_40:
components.add("DES40_CBC");
components.add("DES_CBC_40");
break;
case B_DES:
components.add("DES_CBC");
break;
case B_3DES:
components.add("3DES_EDE_CBC");
break;
case B_AES_128:
components.add("AES_128_CBC");
break;
case B_AES_256:
components.add("AES_256_CBC");
break;
case B_AES_128_GCM:
components.add("AES_128_GCM");
break;
case B_AES_256_GCM:
components.add("AES_256_GCM");
break;
}
return components;
}
private Set decomposes(CipherSuite.MacAlg macAlg,
SSLCipher cipher) {
Set components = new HashSet<>();
if (macAlg == CipherSuite.MacAlg.M_NULL
&& cipher.cipherType != CipherType.AEAD_CIPHER) {
components.add("M_NULL");
} else if (macAlg == CipherSuite.MacAlg.M_MD5) {
components.add("MD5");
components.add("HmacMD5");
} else if (macAlg == CipherSuite.MacAlg.M_SHA) {
components.add("SHA1");
components.add("SHA-1");
components.add("HmacSHA1");
} else if (macAlg == CipherSuite.MacAlg.M_SHA256) {
components.add("SHA256");
components.add("SHA-256");
components.add("HmacSHA256");
} else if (macAlg == CipherSuite.MacAlg.M_SHA384) {
components.add("SHA384");
components.add("SHA-384");
components.add("HmacSHA384");
}
return components;
}
private Set decomposes(CipherSuite.HashAlg hashAlg) {
Set components = new HashSet<>();
if (hashAlg == CipherSuite.HashAlg.H_SHA256) {
components.add("SHA256");
components.add("SHA-256");
components.add("HmacSHA256");
} else if (hashAlg == CipherSuite.HashAlg.H_SHA384) {
components.add("SHA384");
components.add("SHA-384");
components.add("HmacSHA384");
}
return components;
}
private Set decompose(KeyExchange keyExchange,
SSLCipher cipher,
MacAlg macAlg,
HashAlg hashAlg) {
Set components = new HashSet<>();
if (keyExchange != null) {
components.addAll(decomposes(keyExchange));
}
if (onlyX509) {
// Certification path algorithm constraints do not apply
// to cipher and macAlg.
return components;
}
if (cipher != null) {
components.addAll(decomposes(cipher));
}
if (macAlg != null) {
components.addAll(decomposes(macAlg, cipher));
}
if (hashAlg != null) {
components.addAll(decomposes(hashAlg));
}
return components;
}
@Override
public Set decompose(String algorithm) {
if (algorithm.startsWith("SSL_") || algorithm.startsWith("TLS_")) {
CipherSuite cipherSuite = null;
try {
cipherSuite = CipherSuite.nameOf(algorithm);
} catch (IllegalArgumentException iae) {
// ignore: unknown or unsupported ciphersuite
}
if (cipherSuite != null &&
cipherSuite != CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) {
return decompose(cipherSuite.keyExchange,
cipherSuite.bulkCipher,
cipherSuite.macAlg,
cipherSuite.hashAlg);
}
}
return super.decompose(algorithm);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy