jdk-sandbox: jdk/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java@911b1eb93667 (annotated)

7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	1	/*
23010 6dadb192ad81 8029235: Update copyright year to match last edit in jdk8 jdk repository for 2013 lana parents: 21278 diff changeset	2	* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	4	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	10	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	15	* accompanied this code).
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	16	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	20	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	23	* questions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	24	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	25
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	26	package sun.security.ssl;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	27
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	28	import java.security.AlgorithmConstraints;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	29	import java.security.CryptoPrimitive;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	30	import java.security.PrivateKey;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	31
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	32	import java.util.Set;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	33	import java.util.HashSet;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	34	import java.util.Map;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	35	import java.util.EnumSet;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	36	import java.util.TreeMap;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	37	import java.util.Collection;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	38	import java.util.Collections;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	39	import java.util.ArrayList;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	40
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 11521 diff changeset	41	import sun.security.util.KeyUtil;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	42
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	43	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	44	* Signature and hash algorithm.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	45	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	46	* [RFC5246] The client uses the "signature_algorithms" extension to
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	47	* indicate to the server which signature/hash algorithm pairs may be
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	48	* used in digital signatures. The "extension_data" field of this
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	49	* extension contains a "supported_signature_algorithms" value.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	50	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	51	* enum {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	52	* none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	53	* sha512(6), (255)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	54	* } HashAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	55	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	56	* enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	57	* SignatureAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	58	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	59	* struct {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	60	* HashAlgorithm hash;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	61	* SignatureAlgorithm signature;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	62	* } SignatureAndHashAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	63	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	64	final class SignatureAndHashAlgorithm {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	65
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	66	// minimum priority for default enabled algorithms
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	67	final static int SUPPORTED_ALG_PRIORITY_MAX_NUM = 0x00F0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	68
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	69	// performance optimization
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	70	private final static Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET =
23897 911b1eb93667 8029745: Enhance algorithm checking juh parents: 23010 diff changeset	71	Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	72
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	73	// supported pairs of signature and hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	74	private final static Map<Integer, SignatureAndHashAlgorithm> supportedMap;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	75	private final static Map<Integer, SignatureAndHashAlgorithm> priorityMap;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	76
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	77	// the hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	78	private HashAlgorithm hash;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	79
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	80	// id in 16 bit MSB format, i.e. 0x0603 for SHA512withECDSA
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	81	private int id;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	82
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	83	// the standard algorithm name, for example "SHA512withECDSA"
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	84	private String algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	85
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	86	// Priority for the preference order. The lower the better.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	87	//
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	88	// If the algorithm is unsupported, its priority should be bigger
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	89	// than SUPPORTED_ALG_PRIORITY_MAX_NUM.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	90	private int priority;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	91
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	92	// constructor for supported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	93	private SignatureAndHashAlgorithm(HashAlgorithm hash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	94	SignatureAlgorithm signature, String algorithm, int priority) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	95	this.hash = hash;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	96	this.algorithm = algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	97	this.id = ((hash.value & 0xFF) << 8) \| (signature.value & 0xFF);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	98	this.priority = priority;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	99	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	100
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	101	// constructor for unsupported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	102	private SignatureAndHashAlgorithm(String algorithm, int id, int sequence) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	103	this.hash = HashAlgorithm.valueOf((id >> 8) & 0xFF);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	104	this.algorithm = algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	105	this.id = id;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	106
14675 17224d0282f1 8004019: Removes unused method HandshakeHash.setCertificateVerifyAlg() xuelei parents: 11521 diff changeset	107	// add one more to the sequence number, in case that the number is zero
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	108	this.priority = SUPPORTED_ALG_PRIORITY_MAX_NUM + sequence + 1;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	109	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	110
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	111	// Note that we do not use the sequence argument for supported algorithms,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	112	// so please don't sort by comparing the objects read from handshake
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	113	// messages.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	114	static SignatureAndHashAlgorithm valueOf(int hash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	115	int signature, int sequence) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	116	hash &= 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	117	signature &= 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	118
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	119	int id = (hash << 8) \| signature;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	120	SignatureAndHashAlgorithm signAlg = supportedMap.get(id);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	121	if (signAlg == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	122	// unsupported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	123	signAlg = new SignatureAndHashAlgorithm(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	124	"Unknown (hash:0x" + Integer.toString(hash, 16) +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	125	", signature:0x" + Integer.toString(signature, 16) + ")",
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	126	id, sequence);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	127	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	128
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	129	return signAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	130	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	131
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	132	int getHashValue() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	133	return (id >> 8) & 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	134	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	135
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	136	int getSignatureValue() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	137	return id & 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	138	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	139
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	140	String getAlgorithmName() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	141	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	142	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	143
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	144	// return the size of a SignatureAndHashAlgorithm structure in TLS record
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	145	static int sizeInRecord() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	146	return 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	147	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	148
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	149	// Get local supported algorithm collection complying to
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	150	// algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	151	static Collection<SignatureAndHashAlgorithm>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	152	getSupportedAlgorithms(AlgorithmConstraints constraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	153
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	154	Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	155	synchronized (priorityMap) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	156	for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	157	if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	158	constraints.permits(SIGNATURE_PRIMITIVE_SET,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	159	sigAlg.algorithm, null)) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	160	supported.add(sigAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	161	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	162	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	163	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	164
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	165	return supported;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	166	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	167
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	168	// Get supported algorithm collection from an untrusted collection
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	169	static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	170	Collection<SignatureAndHashAlgorithm> algorithms ) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	171	Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	172	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	173	if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	174	supported.add(sigAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	175	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	176	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	177
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	178	return supported;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	179	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	180
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	181	static String[] getAlgorithmNames(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	182	Collection<SignatureAndHashAlgorithm> algorithms) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	183	ArrayList<String> algorithmNames = new ArrayList<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	184	if (algorithms != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	185	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	186	algorithmNames.add(sigAlg.algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	187	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	188	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	189
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	190	String[] array = new String[algorithmNames.size()];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	191	return algorithmNames.toArray(array);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	192	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	193
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	194	static Set<String> getHashAlgorithmNames(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	195	Collection<SignatureAndHashAlgorithm> algorithms) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	196	Set<String> algorithmNames = new HashSet<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	197	if (algorithms != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	198	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	199	if (sigAlg.hash.value > 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	200	algorithmNames.add(sigAlg.hash.standardName);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	201	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	202	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	203	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	204
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	205	return algorithmNames;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	206	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	207
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	208	static String getHashAlgorithmName(SignatureAndHashAlgorithm algorithm) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	209	return algorithm.hash.standardName;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	210	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	211
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	212	private static void supports(HashAlgorithm hash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	213	SignatureAlgorithm signature, String algorithm, int priority) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	214
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	215	SignatureAndHashAlgorithm pair =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	216	new SignatureAndHashAlgorithm(hash, signature, algorithm, priority);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	217	if (supportedMap.put(pair.id, pair) != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	218	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	219	"Duplicate SignatureAndHashAlgorithm definition, id: " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	220	pair.id);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	221	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	222	if (priorityMap.put(pair.priority, pair) != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	223	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	224	"Duplicate SignatureAndHashAlgorithm definition, priority: " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	225	pair.priority);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	226	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	227	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	228
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	229	static SignatureAndHashAlgorithm getPreferableAlgorithm(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	230	Collection<SignatureAndHashAlgorithm> algorithms, String expected) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	231
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	232	return SignatureAndHashAlgorithm.getPreferableAlgorithm(
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	233	algorithms, expected, null);
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	234	}
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	235
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	236	static SignatureAndHashAlgorithm getPreferableAlgorithm(
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	237	Collection<SignatureAndHashAlgorithm> algorithms,
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	238	String expected, PrivateKey signingKey) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	239
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	240	if (expected == null && !algorithms.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	241	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	242	if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	243	return sigAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	244	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	245	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	246
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	247	return null; // no supported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	248	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	249
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	250	if (expected == null ) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	251	return null; // no expected algorithm, no supported algorithm
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	252	}
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	253
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	254	/*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	255	* Need to check RSA key length to match the length of hash value
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	256	*/
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	257	int maxDigestLength = Integer.MAX_VALUE;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	258	if (signingKey != null &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	259	"rsa".equalsIgnoreCase(signingKey.getAlgorithm()) &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	260	expected.equalsIgnoreCase("rsa")) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	261	/*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	262	* RSA keys of 512 bits have been shown to be practically
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	263	* breakable, it does not make much sense to use the strong
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	264	* hash algorithm for keys whose key size less than 512 bits.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	265	* So it is not necessary to caculate the required max digest
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	266	* length exactly.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	267	*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	268	* If key size is greater than or equals to 768, there is no max
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	269	* digest length limitation in currect implementation.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	270	*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	271	* If key size is greater than or equals to 512, but less than
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	272	* 768, the digest length should be less than or equal to 32 bytes.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	273	*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	274	* If key size is less than 512, the digest length should be
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	275	* less than or equal to 20 bytes.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	276	*/
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 11521 diff changeset	277	int keySize = KeyUtil.getKeySize(signingKey);
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	278	if (keySize >= 768) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	279	maxDigestLength = HashAlgorithm.SHA512.length;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	280	} else if ((keySize >= 512) && (keySize < 768)) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	281	maxDigestLength = HashAlgorithm.SHA256.length;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	282	} else if ((keySize > 0) && (keySize < 512)) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	283	maxDigestLength = HashAlgorithm.SHA1.length;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	284	} // Otherwise, cannot determine the key size, prefer the most
21278 ef8a3a2a72f2 8022746: List of spelling errors in API doc malenkov parents: 16100 diff changeset	285	// preferable hash algorithm.
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	286	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	287
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	288	for (SignatureAndHashAlgorithm algorithm : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	289	int signValue = algorithm.id & 0xFF;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	290	if (expected.equalsIgnoreCase("rsa") &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	291	signValue == SignatureAlgorithm.RSA.value) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	292	if (algorithm.hash.length <= maxDigestLength) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	293	return algorithm;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	294	}
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	295	} else if (
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	296	(expected.equalsIgnoreCase("dsa") &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	297	signValue == SignatureAlgorithm.DSA.value) \|\|
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	298	(expected.equalsIgnoreCase("ecdsa") &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	299	signValue == SignatureAlgorithm.ECDSA.value) \|\|
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	300	(expected.equalsIgnoreCase("ec") &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	301	signValue == SignatureAlgorithm.ECDSA.value)) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	302	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	303	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	304	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	305
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	306	return null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	307	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	308
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	309	static enum HashAlgorithm {
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	310	UNDEFINED("undefined", "", -1, -1),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	311	NONE( "none", "NONE", 0, -1),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	312	MD5( "md5", "MD5", 1, 16),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	313	SHA1( "sha1", "SHA-1", 2, 20),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	314	SHA224( "sha224", "SHA-224", 3, 28),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	315	SHA256( "sha256", "SHA-256", 4, 32),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	316	SHA384( "sha384", "SHA-384", 5, 48),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	317	SHA512( "sha512", "SHA-512", 6, 64);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	318
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	319	final String name; // not the standard signature algorithm name
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	320	// except the UNDEFINED, other names are defined
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	321	// by TLS 1.2 protocol
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	322	final String standardName; // the standard MessageDigest algorithm name
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	323	final int value;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	324	final int length; // digest length in bytes, -1 means not applicable
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	325
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	326	private HashAlgorithm(String name, String standardName,
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	327	int value, int length) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	328	this.name = name;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	329	this.standardName = standardName;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	330	this.value = value;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	331	this.length = length;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	332	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	333
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	334	static HashAlgorithm valueOf(int value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	335	HashAlgorithm algorithm = UNDEFINED;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	336	switch (value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	337	case 0:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	338	algorithm = NONE;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	339	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	340	case 1:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	341	algorithm = MD5;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	342	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	343	case 2:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	344	algorithm = SHA1;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	345	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	346	case 3:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	347	algorithm = SHA224;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	348	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	349	case 4:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	350	algorithm = SHA256;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	351	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	352	case 5:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	353	algorithm = SHA384;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	354	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	355	case 6:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	356	algorithm = SHA512;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	357	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	358	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	359
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	360	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	361	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	362	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	363
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	364	static enum SignatureAlgorithm {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	365	UNDEFINED("undefined", -1),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	366	ANONYMOUS("anonymous", 0),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	367	RSA( "rsa", 1),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	368	DSA( "dsa", 2),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	369	ECDSA( "ecdsa", 3);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	370
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	371	final String name; // not the standard signature algorithm name
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	372	// except the UNDEFINED, other names are defined
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	373	// by TLS 1.2 protocol
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	374	final int value;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	375
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	376	private SignatureAlgorithm(String name, int value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	377	this.name = name;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	378	this.value = value;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	379	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	380
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	381	static SignatureAlgorithm valueOf(int value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	382	SignatureAlgorithm algorithm = UNDEFINED;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	383	switch (value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	384	case 0:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	385	algorithm = ANONYMOUS;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	386	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	387	case 1:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	388	algorithm = RSA;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	389	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	390	case 2:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	391	algorithm = DSA;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	392	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	393	case 3:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	394	algorithm = ECDSA;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	395	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	396	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	397
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	398	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	399	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	400	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	401
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	402	static {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	403	supportedMap = Collections.synchronizedSortedMap(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	404	new TreeMap<Integer, SignatureAndHashAlgorithm>());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	405	priorityMap = Collections.synchronizedSortedMap(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	406	new TreeMap<Integer, SignatureAndHashAlgorithm>());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	407
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	408	synchronized (supportedMap) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	409	int p = SUPPORTED_ALG_PRIORITY_MAX_NUM;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	410	supports(HashAlgorithm.MD5, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	411	"MD5withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	412	supports(HashAlgorithm.SHA1, SignatureAlgorithm.DSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	413	"SHA1withDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	414	supports(HashAlgorithm.SHA1, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	415	"SHA1withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	416	supports(HashAlgorithm.SHA1, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	417	"SHA1withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	418	supports(HashAlgorithm.SHA224, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	419	"SHA224withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	420	supports(HashAlgorithm.SHA224, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	421	"SHA224withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	422	supports(HashAlgorithm.SHA256, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	423	"SHA256withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	424	supports(HashAlgorithm.SHA256, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	425	"SHA256withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	426	supports(HashAlgorithm.SHA384, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	427	"SHA384withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	428	supports(HashAlgorithm.SHA384, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	429	"SHA384withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	430	supports(HashAlgorithm.SHA512, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	431	"SHA512withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	432	supports(HashAlgorithm.SHA512, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	433	"SHA512withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	434	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	435	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	436	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	437

author	juh
	Fri, 10 Jan 2014 13:42:44 -0800
changeset 23897	911b1eb93667
parent 23010	6dadb192ad81
permissions	-rw-r--r--