author | xuelei |
Thu, 10 Dec 2015 06:09:36 +0000 | |
changeset 34534 | 0d45108a3e62 |
parent 31689 | 1201792aa3a3 |
child 37726 | bbecfff95ec3 |
permissions | -rw-r--r-- |
31689 | 1 |
/* |
2 |
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. |
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. Oracle designates this |
|
8 |
* particular file as subject to the "Classpath" exception as provided |
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
|
10 |
* |
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
24 |
*/ |
|
25 |
||
26 |
package sun.security.util; |
|
27 |
||
28 |
import java.util.HashSet; |
|
29 |
import java.util.Set; |
|
30 |
import java.util.regex.Pattern; |
|
31 |
||
32 |
/** |
|
33 |
* The class decomposes standard algorithms into sub-elements. |
|
34 |
*/ |
|
35 |
public class AlgorithmDecomposer { |
|
36 |
||
37 |
private static final Pattern transPattern = Pattern.compile("/"); |
|
34534
0d45108a3e62
8136410: AlgorithmDecomposer is not parsing padding correctly
xuelei
parents:
31689
diff
changeset
|
38 |
|
0d45108a3e62
8136410: AlgorithmDecomposer is not parsing padding correctly
xuelei
parents:
31689
diff
changeset
|
39 |
// '(?<!padd)in': match 'in' but not preceded with 'padd'. |
31689 | 40 |
private static final Pattern pattern = |
34534
0d45108a3e62
8136410: AlgorithmDecomposer is not parsing padding correctly
xuelei
parents:
31689
diff
changeset
|
41 |
Pattern.compile("with|and|(?<!padd)in", Pattern.CASE_INSENSITIVE); |
31689 | 42 |
|
43 |
/** |
|
44 |
* Decompose the standard algorithm name into sub-elements. |
|
45 |
* <p> |
|
46 |
* For example, we need to decompose "SHA1WithRSA" into "SHA1" and "RSA" |
|
47 |
* so that we can check the "SHA1" and "RSA" algorithm constraints |
|
48 |
* separately. |
|
49 |
* <p> |
|
50 |
* Please override the method if need to support more name pattern. |
|
51 |
*/ |
|
52 |
public Set<String> decompose(String algorithm) { |
|
53 |
if (algorithm == null || algorithm.length() == 0) { |
|
54 |
return new HashSet<>(); |
|
55 |
} |
|
56 |
||
57 |
// algorithm/mode/padding |
|
58 |
String[] transTockens = transPattern.split(algorithm); |
|
59 |
||
60 |
Set<String> elements = new HashSet<>(); |
|
61 |
for (String transTocken : transTockens) { |
|
62 |
if (transTocken == null || transTocken.length() == 0) { |
|
63 |
continue; |
|
64 |
} |
|
65 |
||
66 |
// PBEWith<digest>And<encryption> |
|
67 |
// PBEWith<prf>And<encryption> |
|
68 |
// OAEPWith<digest>And<mgf>Padding |
|
69 |
// <digest>with<encryption> |
|
70 |
// <digest>with<encryption>and<mgf> |
|
71 |
// <digest>with<encryption>in<format> |
|
72 |
String[] tokens = pattern.split(transTocken); |
|
73 |
||
74 |
for (String token : tokens) { |
|
75 |
if (token == null || token.length() == 0) { |
|
76 |
continue; |
|
77 |
} |
|
78 |
||
79 |
elements.add(token); |
|
80 |
} |
|
81 |
} |
|
82 |
||
83 |
// In Java standard algorithm name specification, for different |
|
84 |
// purpose, the SHA-1 and SHA-2 algorithm names are different. For |
|
85 |
// example, for MessageDigest, the standard name is "SHA-256", while |
|
86 |
// for Signature, the digest algorithm component is "SHA256" for |
|
87 |
// signature algorithm "SHA256withRSA". So we need to check both |
|
88 |
// "SHA-256" and "SHA256" to make the right constraint checking. |
|
89 |
||
90 |
// handle special name: SHA-1 and SHA1 |
|
91 |
if (elements.contains("SHA1") && !elements.contains("SHA-1")) { |
|
92 |
elements.add("SHA-1"); |
|
93 |
} |
|
94 |
if (elements.contains("SHA-1") && !elements.contains("SHA1")) { |
|
95 |
elements.add("SHA1"); |
|
96 |
} |
|
97 |
||
98 |
// handle special name: SHA-224 and SHA224 |
|
99 |
if (elements.contains("SHA224") && !elements.contains("SHA-224")) { |
|
100 |
elements.add("SHA-224"); |
|
101 |
} |
|
102 |
if (elements.contains("SHA-224") && !elements.contains("SHA224")) { |
|
103 |
elements.add("SHA224"); |
|
104 |
} |
|
105 |
||
106 |
// handle special name: SHA-256 and SHA256 |
|
107 |
if (elements.contains("SHA256") && !elements.contains("SHA-256")) { |
|
108 |
elements.add("SHA-256"); |
|
109 |
} |
|
110 |
if (elements.contains("SHA-256") && !elements.contains("SHA256")) { |
|
111 |
elements.add("SHA256"); |
|
112 |
} |
|
113 |
||
114 |
// handle special name: SHA-384 and SHA384 |
|
115 |
if (elements.contains("SHA384") && !elements.contains("SHA-384")) { |
|
116 |
elements.add("SHA-384"); |
|
117 |
} |
|
118 |
if (elements.contains("SHA-384") && !elements.contains("SHA384")) { |
|
119 |
elements.add("SHA384"); |
|
120 |
} |
|
121 |
||
122 |
// handle special name: SHA-512 and SHA512 |
|
123 |
if (elements.contains("SHA512") && !elements.contains("SHA-512")) { |
|
124 |
elements.add("SHA-512"); |
|
125 |
} |
|
126 |
if (elements.contains("SHA-512") && !elements.contains("SHA512")) { |
|
127 |
elements.add("SHA512"); |
|
128 |
} |
|
129 |
||
130 |
return elements; |
|
131 |
} |
|
132 |
||
133 |
} |