jdk-sandbox: src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java@71c04702a3d5 (annotated)

7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	1	/*
45566 0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	2	* Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	4	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	10	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	15	* accompanied this code).
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	16	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	20	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	23	* questions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	24	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	25
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	26	package sun.security.ssl;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	27
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	28	import java.security.AlgorithmConstraints;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	29	import java.security.CryptoPrimitive;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	30	import java.security.PrivateKey;
31063 4338d96ed321 7130985: Four helper classes missing in Sun JDK robm parents: 25859 diff changeset	31	import java.security.Security;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	32
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	33	import java.util.Set;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	34	import java.util.HashSet;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	35	import java.util.Map;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	36	import java.util.EnumSet;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	37	import java.util.TreeMap;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	38	import java.util.Collection;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	39	import java.util.Collections;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	40	import java.util.ArrayList;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	41
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 11521 diff changeset	42	import sun.security.util.KeyUtil;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	43
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	44	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	45	* Signature and hash algorithm.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	46	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	47	* [RFC5246] The client uses the "signature_algorithms" extension to
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	48	* indicate to the server which signature/hash algorithm pairs may be
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	49	* used in digital signatures. The "extension_data" field of this
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	50	* extension contains a "supported_signature_algorithms" value.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	51	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	52	* enum {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	53	* none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	54	* sha512(6), (255)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	55	* } HashAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	56	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	57	* enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	58	* SignatureAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	59	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	60	* struct {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	61	* HashAlgorithm hash;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	62	* SignatureAlgorithm signature;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	63	* } SignatureAndHashAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	64	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	65	final class SignatureAndHashAlgorithm {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	66
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	67	// minimum priority for default enabled algorithms
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31063 diff changeset	68	static final int SUPPORTED_ALG_PRIORITY_MAX_NUM = 0x00F0;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	69
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	70	// performance optimization
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31063 diff changeset	71	private static final Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET =
23897 911b1eb93667 8029745: Enhance algorithm checking juh parents: 23010 diff changeset	72	Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	73
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	74	// supported pairs of signature and hash algorithm
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31063 diff changeset	75	private static final Map<Integer, SignatureAndHashAlgorithm> supportedMap;
2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31063 diff changeset	76	private static final Map<Integer, SignatureAndHashAlgorithm> priorityMap;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	77
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	78	// the hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	79	private HashAlgorithm hash;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	80
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	81	// id in 16 bit MSB format, i.e. 0x0603 for SHA512withECDSA
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	82	private int id;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	83
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	84	// the standard algorithm name, for example "SHA512withECDSA"
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	85	private String algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	86
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	87	// Priority for the preference order. The lower the better.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	88	//
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	89	// If the algorithm is unsupported, its priority should be bigger
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	90	// than SUPPORTED_ALG_PRIORITY_MAX_NUM.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	91	private int priority;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	92
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	93	// constructor for supported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	94	private SignatureAndHashAlgorithm(HashAlgorithm hash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	95	SignatureAlgorithm signature, String algorithm, int priority) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	96	this.hash = hash;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	97	this.algorithm = algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	98	this.id = ((hash.value & 0xFF) << 8) \| (signature.value & 0xFF);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	99	this.priority = priority;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	100	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	101
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	102	// constructor for unsupported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	103	private SignatureAndHashAlgorithm(String algorithm, int id, int sequence) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	104	this.hash = HashAlgorithm.valueOf((id >> 8) & 0xFF);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	105	this.algorithm = algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	106	this.id = id;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	107
14675 17224d0282f1 8004019: Removes unused method HandshakeHash.setCertificateVerifyAlg() xuelei parents: 11521 diff changeset	108	// add one more to the sequence number, in case that the number is zero
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	109	this.priority = SUPPORTED_ALG_PRIORITY_MAX_NUM + sequence + 1;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	110	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	111
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	112	// Note that we do not use the sequence argument for supported algorithms,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	113	// so please don't sort by comparing the objects read from handshake
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	114	// messages.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	115	static SignatureAndHashAlgorithm valueOf(int hash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	116	int signature, int sequence) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	117	hash &= 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	118	signature &= 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	119
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	120	int id = (hash << 8) \| signature;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	121	SignatureAndHashAlgorithm signAlg = supportedMap.get(id);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	122	if (signAlg == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	123	// unsupported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	124	signAlg = new SignatureAndHashAlgorithm(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	125	"Unknown (hash:0x" + Integer.toString(hash, 16) +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	126	", signature:0x" + Integer.toString(signature, 16) + ")",
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	127	id, sequence);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	128	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	129
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	130	return signAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	131	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	132
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	133	int getHashValue() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	134	return (id >> 8) & 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	135	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	136
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	137	int getSignatureValue() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	138	return id & 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	139	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	140
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	141	String getAlgorithmName() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	142	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	143	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	144
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	145	// return the size of a SignatureAndHashAlgorithm structure in TLS record
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	146	static int sizeInRecord() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	147	return 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	148	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	149
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	150	// Get local supported algorithm collection complying to
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	151	// algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	152	static Collection<SignatureAndHashAlgorithm>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	153	getSupportedAlgorithms(AlgorithmConstraints constraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	154
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	155	Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
34937 17d60670c834 8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms xuelei parents: 34883 diff changeset	156	for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
17d60670c834 8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms xuelei parents: 34883 diff changeset	157	if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
17d60670c834 8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms xuelei parents: 34883 diff changeset	158	constraints.permits(SIGNATURE_PRIMITIVE_SET,
17d60670c834 8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms xuelei parents: 34883 diff changeset	159	sigAlg.algorithm, null)) {
17d60670c834 8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms xuelei parents: 34883 diff changeset	160	supported.add(sigAlg);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	161	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	162	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	163
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	164	return supported;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	165	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	166
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	167	// Get supported algorithm collection from an untrusted collection
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	168	static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms(
35305 500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	169	AlgorithmConstraints constraints,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	170	Collection<SignatureAndHashAlgorithm> algorithms ) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	171	Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	172	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
35305 500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	173	if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	174	constraints.permits(SIGNATURE_PRIMITIVE_SET,
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	175	sigAlg.algorithm, null)) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	176	supported.add(sigAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	177	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	178	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	179
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	180	return supported;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	181	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	182
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	183	static String[] getAlgorithmNames(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	184	Collection<SignatureAndHashAlgorithm> algorithms) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	185	ArrayList<String> algorithmNames = new ArrayList<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	186	if (algorithms != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	187	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	188	algorithmNames.add(sigAlg.algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	189	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	190	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	191
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	192	String[] array = new String[algorithmNames.size()];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	193	return algorithmNames.toArray(array);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	194	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	195
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	196	static Set<String> getHashAlgorithmNames(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	197	Collection<SignatureAndHashAlgorithm> algorithms) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	198	Set<String> algorithmNames = new HashSet<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	199	if (algorithms != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	200	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	201	if (sigAlg.hash.value > 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	202	algorithmNames.add(sigAlg.hash.standardName);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	203	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	204	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	205	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	206
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	207	return algorithmNames;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	208	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	209
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	210	static String getHashAlgorithmName(SignatureAndHashAlgorithm algorithm) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	211	return algorithm.hash.standardName;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	212	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	213
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	214	private static void supports(HashAlgorithm hash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	215	SignatureAlgorithm signature, String algorithm, int priority) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	216
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	217	SignatureAndHashAlgorithm pair =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	218	new SignatureAndHashAlgorithm(hash, signature, algorithm, priority);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	219	if (supportedMap.put(pair.id, pair) != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	220	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	221	"Duplicate SignatureAndHashAlgorithm definition, id: " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	222	pair.id);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	223	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	224	if (priorityMap.put(pair.priority, pair) != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	225	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	226	"Duplicate SignatureAndHashAlgorithm definition, priority: " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	227	pair.priority);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	228	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	229	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	230
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	231	static SignatureAndHashAlgorithm getPreferableAlgorithm(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	232	Collection<SignatureAndHashAlgorithm> algorithms, String expected) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	233
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	234	return SignatureAndHashAlgorithm.getPreferableAlgorithm(
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	235	algorithms, expected, null);
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	236	}
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	237
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	238	static SignatureAndHashAlgorithm getPreferableAlgorithm(
35305 500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	239	Collection<SignatureAndHashAlgorithm> algorithms,
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	240	String expected, PrivateKey signingKey) {
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	241
35305 500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	242	int maxDigestLength = getMaxDigestLength(signingKey);
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	243	for (SignatureAndHashAlgorithm algorithm : algorithms) {
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	244	int signValue = algorithm.id & 0xFF;
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	245	if ((expected == null) \|\|
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	246	(expected.equalsIgnoreCase("rsa") &&
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	247	signValue == SignatureAlgorithm.RSA.value) \|\|
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	248	(expected.equalsIgnoreCase("dsa") &&
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	249	signValue == SignatureAlgorithm.DSA.value) \|\|
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	250	(expected.equalsIgnoreCase("ecdsa") &&
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	251	signValue == SignatureAlgorithm.ECDSA.value) \|\|
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	252	(expected.equalsIgnoreCase("ec") &&
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	253	signValue == SignatureAlgorithm.ECDSA.value)) {
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	254
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	255	if (algorithm.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	256	algorithm.hash.length <= maxDigestLength) {
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	257
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	258	return algorithm;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	259	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	260	}
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	261	}
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	262
35305 500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	263	return null;
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	264	}
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	265
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	266	/*
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	267	* Need to check key length to match the length of hash value
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	268	*/
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	269	private static int getMaxDigestLength(PrivateKey signingKey) {
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	270	int maxDigestLength = Integer.MAX_VALUE;
35305 500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	271
500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	272	// only need to check RSA algorithm at present.
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	273	if (signingKey != null &&
35305 500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	274	"rsa".equalsIgnoreCase(signingKey.getAlgorithm())) {
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	275	/*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	276	* RSA keys of 512 bits have been shown to be practically
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	277	* breakable, it does not make much sense to use the strong
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	278	* hash algorithm for keys whose key size less than 512 bits.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	279	* So it is not necessary to caculate the required max digest
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	280	* length exactly.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	281	*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	282	* If key size is greater than or equals to 768, there is no max
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	283	* digest length limitation in currect implementation.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	284	*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	285	* If key size is greater than or equals to 512, but less than
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	286	* 768, the digest length should be less than or equal to 32 bytes.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	287	*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	288	* If key size is less than 512, the digest length should be
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	289	* less than or equal to 20 bytes.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	290	*/
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 11521 diff changeset	291	int keySize = KeyUtil.getKeySize(signingKey);
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	292	if (keySize >= 768) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	293	maxDigestLength = HashAlgorithm.SHA512.length;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	294	} else if ((keySize >= 512) && (keySize < 768)) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	295	maxDigestLength = HashAlgorithm.SHA256.length;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	296	} else if ((keySize > 0) && (keySize < 512)) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	297	maxDigestLength = HashAlgorithm.SHA1.length;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	298	} // Otherwise, cannot determine the key size, prefer the most
21278 ef8a3a2a72f2 8022746: List of spelling errors in API doc malenkov parents: 16100 diff changeset	299	// preferable hash algorithm.
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	300	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	301
35305 500c5fc13aa4 8147931: Incorrect edits for JDK-8064330 robm parents: 35304 diff changeset	302	return maxDigestLength;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	303	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	304
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	305	static enum HashAlgorithm {
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	306	UNDEFINED("undefined", "", -1, -1),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	307	NONE( "none", "NONE", 0, -1),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	308	MD5( "md5", "MD5", 1, 16),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	309	SHA1( "sha1", "SHA-1", 2, 20),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	310	SHA224( "sha224", "SHA-224", 3, 28),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	311	SHA256( "sha256", "SHA-256", 4, 32),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	312	SHA384( "sha384", "SHA-384", 5, 48),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	313	SHA512( "sha512", "SHA-512", 6, 64);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	314
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	315	final String name; // not the standard signature algorithm name
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	316	// except the UNDEFINED, other names are defined
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	317	// by TLS 1.2 protocol
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	318	final String standardName; // the standard MessageDigest algorithm name
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	319	final int value;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	320	final int length; // digest length in bytes, -1 means not applicable
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	321
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	322	private HashAlgorithm(String name, String standardName,
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	323	int value, int length) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	324	this.name = name;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	325	this.standardName = standardName;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	326	this.value = value;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	327	this.length = length;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	328	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	329
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	330	static HashAlgorithm valueOf(int value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	331	HashAlgorithm algorithm = UNDEFINED;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	332	switch (value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	333	case 0:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	334	algorithm = NONE;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	335	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	336	case 1:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	337	algorithm = MD5;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	338	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	339	case 2:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	340	algorithm = SHA1;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	341	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	342	case 3:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	343	algorithm = SHA224;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	344	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	345	case 4:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	346	algorithm = SHA256;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	347	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	348	case 5:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	349	algorithm = SHA384;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	350	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	351	case 6:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	352	algorithm = SHA512;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	353	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	354	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	355
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	356	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	357	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	358	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	359
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	360	static enum SignatureAlgorithm {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	361	UNDEFINED("undefined", -1),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	362	ANONYMOUS("anonymous", 0),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	363	RSA( "rsa", 1),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	364	DSA( "dsa", 2),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	365	ECDSA( "ecdsa", 3);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	366
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	367	final String name; // not the standard signature algorithm name
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	368	// except the UNDEFINED, other names are defined
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	369	// by TLS 1.2 protocol
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	370	final int value;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	371
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	372	private SignatureAlgorithm(String name, int value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	373	this.name = name;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	374	this.value = value;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	375	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	376
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	377	static SignatureAlgorithm valueOf(int value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	378	SignatureAlgorithm algorithm = UNDEFINED;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	379	switch (value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	380	case 0:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	381	algorithm = ANONYMOUS;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	382	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	383	case 1:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	384	algorithm = RSA;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	385	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	386	case 2:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	387	algorithm = DSA;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	388	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	389	case 3:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	390	algorithm = ECDSA;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	391	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	392	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	393
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	394	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	395	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	396	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	397
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	398	static {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	399	supportedMap = Collections.synchronizedSortedMap(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	400	new TreeMap<Integer, SignatureAndHashAlgorithm>());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	401	priorityMap = Collections.synchronizedSortedMap(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	402	new TreeMap<Integer, SignatureAndHashAlgorithm>());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	403
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	404	synchronized (supportedMap) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	405	int p = SUPPORTED_ALG_PRIORITY_MAX_NUM;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	406	supports(HashAlgorithm.MD5, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	407	"MD5withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	408	supports(HashAlgorithm.SHA1, SignatureAlgorithm.DSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	409	"SHA1withDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	410	supports(HashAlgorithm.SHA1, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	411	"SHA1withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	412	supports(HashAlgorithm.SHA1, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	413	"SHA1withECDSA", --p);
45566 0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	414
0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	415	if (Security.getProvider("SunMSCAPI") == null) {
0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	416	supports(HashAlgorithm.SHA224, SignatureAlgorithm.DSA,
0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	417	"SHA224withDSA", --p);
0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	418	supports(HashAlgorithm.SHA224, SignatureAlgorithm.RSA,
0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	419	"SHA224withRSA", --p);
0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	420	supports(HashAlgorithm.SHA224, SignatureAlgorithm.ECDSA,
0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	421	"SHA224withECDSA", --p);
0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	422	}
0d263f0f8bd1 8182388: Backout 8182143 asmotrak parents: 45561 diff changeset	423
34719 fb410bcbffa0 8049321: Support SHA256WithDSA in JSSE xuelei parents: 32649 diff changeset	424	supports(HashAlgorithm.SHA256, SignatureAlgorithm.DSA,
fb410bcbffa0 8049321: Support SHA256WithDSA in JSSE xuelei parents: 32649 diff changeset	425	"SHA256withDSA", --p);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	426	supports(HashAlgorithm.SHA256, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	427	"SHA256withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	428	supports(HashAlgorithm.SHA256, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	429	"SHA256withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	430	supports(HashAlgorithm.SHA384, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	431	"SHA384withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	432	supports(HashAlgorithm.SHA384, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	433	"SHA384withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	434	supports(HashAlgorithm.SHA512, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	435	"SHA512withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	436	supports(HashAlgorithm.SHA512, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	437	"SHA512withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	438	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	439	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	440	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	441

author	erikj
	Tue, 12 Sep 2017 19:03:39 +0200
changeset 47216	71c04702a3d5
parent 45566	jdk/src/java.base/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java@0d263f0f8bd1
permissions	-rw-r--r--