jdk-sandbox: jdk/src/share/classes/sun/security/ssl/SignatureAndHashAlgorithm.java@d7698e6c5f51 (annotated)

7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	1	/*
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	2	* Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	4	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	10	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	15	* accompanied this code).
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	16	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	20	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	23	* questions.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	24	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	25
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	26	package sun.security.ssl;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	27
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	28	import java.security.AlgorithmConstraints;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	29	import java.security.CryptoPrimitive;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	30	import java.security.PrivateKey;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	31
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	32	import java.util.Set;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	33	import java.util.HashSet;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	34	import java.util.Map;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	35	import java.util.EnumSet;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	36	import java.util.TreeMap;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	37	import java.util.Collection;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	38	import java.util.Collections;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	39	import java.util.ArrayList;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	40
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	41	import sun.security.util.KeyLength;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	42
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	43	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	44	* Signature and hash algorithm.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	45	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	46	* [RFC5246] The client uses the "signature_algorithms" extension to
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	47	* indicate to the server which signature/hash algorithm pairs may be
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	48	* used in digital signatures. The "extension_data" field of this
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	49	* extension contains a "supported_signature_algorithms" value.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	50	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	51	* enum {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	52	* none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	53	* sha512(6), (255)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	54	* } HashAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	55	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	56	* enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	57	* SignatureAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	58	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	59	* struct {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	60	* HashAlgorithm hash;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	61	* SignatureAlgorithm signature;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	62	* } SignatureAndHashAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	63	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	64	final class SignatureAndHashAlgorithm {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	65
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	66	// minimum priority for default enabled algorithms
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	67	final static int SUPPORTED_ALG_PRIORITY_MAX_NUM = 0x00F0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	68
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	69	// performance optimization
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	70	private final static Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	71	EnumSet.of(CryptoPrimitive.SIGNATURE);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	72
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	73	// supported pairs of signature and hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	74	private final static Map<Integer, SignatureAndHashAlgorithm> supportedMap;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	75	private final static Map<Integer, SignatureAndHashAlgorithm> priorityMap;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	76
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	77	// the hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	78	private HashAlgorithm hash;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	79
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	80	// the signature algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	81	private SignatureAlgorithm signature;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	82
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	83	// id in 16 bit MSB format, i.e. 0x0603 for SHA512withECDSA
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	84	private int id;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	85
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	86	// the standard algorithm name, for example "SHA512withECDSA"
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	87	private String algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	88
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	89	// Priority for the preference order. The lower the better.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	90	//
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	91	// If the algorithm is unsupported, its priority should be bigger
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	92	// than SUPPORTED_ALG_PRIORITY_MAX_NUM.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	93	private int priority;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	94
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	95	// constructor for supported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	96	private SignatureAndHashAlgorithm(HashAlgorithm hash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	97	SignatureAlgorithm signature, String algorithm, int priority) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	98	this.hash = hash;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	99	this.signature = signature;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	100	this.algorithm = algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	101	this.id = ((hash.value & 0xFF) << 8) \| (signature.value & 0xFF);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	102	this.priority = priority;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	103	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	104
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	105	// constructor for unsupported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	106	private SignatureAndHashAlgorithm(String algorithm, int id, int sequence) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	107	this.hash = HashAlgorithm.valueOf((id >> 8) & 0xFF);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	108	this.signature = SignatureAlgorithm.valueOf(id & 0xFF);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	109	this.algorithm = algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	110	this.id = id;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	111
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	112	// add one more to the sequece number, in case that the number is zero
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	113	this.priority = SUPPORTED_ALG_PRIORITY_MAX_NUM + sequence + 1;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	114	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	115
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	116	// Note that we do not use the sequence argument for supported algorithms,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	117	// so please don't sort by comparing the objects read from handshake
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	118	// messages.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	119	static SignatureAndHashAlgorithm valueOf(int hash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	120	int signature, int sequence) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	121	hash &= 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	122	signature &= 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	123
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	124	int id = (hash << 8) \| signature;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	125	SignatureAndHashAlgorithm signAlg = supportedMap.get(id);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	126	if (signAlg == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	127	// unsupported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	128	signAlg = new SignatureAndHashAlgorithm(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	129	"Unknown (hash:0x" + Integer.toString(hash, 16) +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	130	", signature:0x" + Integer.toString(signature, 16) + ")",
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	131	id, sequence);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	132	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	133
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	134	return signAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	135	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	136
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	137	int getHashValue() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	138	return (id >> 8) & 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	139	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	140
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	141	int getSignatureValue() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	142	return id & 0xFF;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	143	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	144
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	145	String getAlgorithmName() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	146	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	147	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	148
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	149	// return the size of a SignatureAndHashAlgorithm structure in TLS record
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	150	static int sizeInRecord() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	151	return 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	152	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	153
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	154	// Get local supported algorithm collection complying to
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	155	// algorithm constraints
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	156	static Collection<SignatureAndHashAlgorithm>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	157	getSupportedAlgorithms(AlgorithmConstraints constraints) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	158
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	159	Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	160	synchronized (priorityMap) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	161	for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	162	if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	163	constraints.permits(SIGNATURE_PRIMITIVE_SET,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	164	sigAlg.algorithm, null)) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	165	supported.add(sigAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	166	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	167	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	168	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	169
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	170	return supported;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	171	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	172
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	173	// Get supported algorithm collection from an untrusted collection
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	174	static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	175	Collection<SignatureAndHashAlgorithm> algorithms ) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	176	Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	177	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	178	if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	179	supported.add(sigAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	180	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	181	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	182
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	183	return supported;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	184	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	185
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	186	static String[] getAlgorithmNames(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	187	Collection<SignatureAndHashAlgorithm> algorithms) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	188	ArrayList<String> algorithmNames = new ArrayList<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	189	if (algorithms != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	190	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	191	algorithmNames.add(sigAlg.algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	192	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	193	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	194
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	195	String[] array = new String[algorithmNames.size()];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	196	return algorithmNames.toArray(array);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	197	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	198
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	199	static Set<String> getHashAlgorithmNames(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	200	Collection<SignatureAndHashAlgorithm> algorithms) {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	201	Set<String> algorithmNames = new HashSet<>();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	202	if (algorithms != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	203	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	204	if (sigAlg.hash.value > 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	205	algorithmNames.add(sigAlg.hash.standardName);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	206	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	207	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	208	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	209
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	210	return algorithmNames;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	211	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	212
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	213	static String getHashAlgorithmName(SignatureAndHashAlgorithm algorithm) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	214	return algorithm.hash.standardName;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	215	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	216
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	217	private static void supports(HashAlgorithm hash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	218	SignatureAlgorithm signature, String algorithm, int priority) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	219
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	220	SignatureAndHashAlgorithm pair =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	221	new SignatureAndHashAlgorithm(hash, signature, algorithm, priority);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	222	if (supportedMap.put(pair.id, pair) != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	223	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	224	"Duplicate SignatureAndHashAlgorithm definition, id: " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	225	pair.id);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	226	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	227	if (priorityMap.put(pair.priority, pair) != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	228	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	229	"Duplicate SignatureAndHashAlgorithm definition, priority: " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	230	pair.priority);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	231	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	232	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	233
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	234	static SignatureAndHashAlgorithm getPreferableAlgorithm(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	235	Collection<SignatureAndHashAlgorithm> algorithms, String expected) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	236
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	237	return SignatureAndHashAlgorithm.getPreferableAlgorithm(
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	238	algorithms, expected, null);
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	239	}
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	240
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	241	static SignatureAndHashAlgorithm getPreferableAlgorithm(
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	242	Collection<SignatureAndHashAlgorithm> algorithms,
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	243	String expected, PrivateKey signingKey) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	244
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	245	if (expected == null && !algorithms.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	246	for (SignatureAndHashAlgorithm sigAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	247	if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	248	return sigAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	249	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	250	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	251
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	252	return null; // no supported algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	253	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	254
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	255	if (expected == null ) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	256	return null; // no expected algorithm, no supported algorithm
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	257	}
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	258
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	259	/*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	260	* Need to check RSA key length to match the length of hash value
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	261	*/
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	262	int maxDigestLength = Integer.MAX_VALUE;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	263	if (signingKey != null &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	264	"rsa".equalsIgnoreCase(signingKey.getAlgorithm()) &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	265	expected.equalsIgnoreCase("rsa")) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	266	/*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	267	* RSA keys of 512 bits have been shown to be practically
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	268	* breakable, it does not make much sense to use the strong
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	269	* hash algorithm for keys whose key size less than 512 bits.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	270	* So it is not necessary to caculate the required max digest
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	271	* length exactly.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	272	*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	273	* If key size is greater than or equals to 768, there is no max
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	274	* digest length limitation in currect implementation.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	275	*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	276	* If key size is greater than or equals to 512, but less than
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	277	* 768, the digest length should be less than or equal to 32 bytes.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	278	*
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	279	* If key size is less than 512, the digest length should be
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	280	* less than or equal to 20 bytes.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	281	*/
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	282	int keySize = KeyLength.getKeySize(signingKey);
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	283	if (keySize >= 768) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	284	maxDigestLength = HashAlgorithm.SHA512.length;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	285	} else if ((keySize >= 512) && (keySize < 768)) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	286	maxDigestLength = HashAlgorithm.SHA256.length;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	287	} else if ((keySize > 0) && (keySize < 512)) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	288	maxDigestLength = HashAlgorithm.SHA1.length;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	289	} // Otherwise, cannot determine the key size, prefer the most
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	290	// perferable hash algorithm.
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	291	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	292
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	293	for (SignatureAndHashAlgorithm algorithm : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	294	int signValue = algorithm.id & 0xFF;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	295	if (expected.equalsIgnoreCase("rsa") &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	296	signValue == SignatureAlgorithm.RSA.value) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	297	if (algorithm.hash.length <= maxDigestLength) {
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	298	return algorithm;
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	299	}
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	300	} else if (
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	301	(expected.equalsIgnoreCase("dsa") &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	302	signValue == SignatureAlgorithm.DSA.value) \|\|
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	303	(expected.equalsIgnoreCase("ecdsa") &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	304	signValue == SignatureAlgorithm.ECDSA.value) \|\|
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	305	(expected.equalsIgnoreCase("ec") &&
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	306	signValue == SignatureAlgorithm.ECDSA.value)) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	307	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	308	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	309	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	310
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	311	return null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	312	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	313
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	314	static enum HashAlgorithm {
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	315	UNDEFINED("undefined", "", -1, -1),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	316	NONE( "none", "NONE", 0, -1),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	317	MD5( "md5", "MD5", 1, 16),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	318	SHA1( "sha1", "SHA-1", 2, 20),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	319	SHA224( "sha224", "SHA-224", 3, 28),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	320	SHA256( "sha256", "SHA-256", 4, 32),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	321	SHA384( "sha384", "SHA-384", 5, 48),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	322	SHA512( "sha512", "SHA-512", 6, 64);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	323
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	324	final String name; // not the standard signature algorithm name
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	325	// except the UNDEFINED, other names are defined
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	326	// by TLS 1.2 protocol
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	327	final String standardName; // the standard MessageDigest algorithm name
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	328	final int value;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	329	final int length; // digest length in bytes, -1 means not applicable
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	330
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	331	private HashAlgorithm(String name, String standardName,
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	332	int value, int length) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	333	this.name = name;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	334	this.standardName = standardName;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	335	this.value = value;
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 9035 diff changeset	336	this.length = length;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	337	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	338
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	339	static HashAlgorithm valueOf(int value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	340	HashAlgorithm algorithm = UNDEFINED;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	341	switch (value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	342	case 0:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	343	algorithm = NONE;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	344	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	345	case 1:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	346	algorithm = MD5;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	347	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	348	case 2:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	349	algorithm = SHA1;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	350	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	351	case 3:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	352	algorithm = SHA224;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	353	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	354	case 4:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	355	algorithm = SHA256;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	356	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	357	case 5:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	358	algorithm = SHA384;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	359	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	360	case 6:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	361	algorithm = SHA512;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	362	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	363	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	364
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	365	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	366	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	367	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	368
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	369	static enum SignatureAlgorithm {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	370	UNDEFINED("undefined", -1),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	371	ANONYMOUS("anonymous", 0),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	372	RSA( "rsa", 1),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	373	DSA( "dsa", 2),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	374	ECDSA( "ecdsa", 3);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	375
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	376	final String name; // not the standard signature algorithm name
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	377	// except the UNDEFINED, other names are defined
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	378	// by TLS 1.2 protocol
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	379	final int value;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	380
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	381	private SignatureAlgorithm(String name, int value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	382	this.name = name;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	383	this.value = value;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	384	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	385
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	386	static SignatureAlgorithm valueOf(int value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	387	SignatureAlgorithm algorithm = UNDEFINED;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	388	switch (value) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	389	case 0:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	390	algorithm = ANONYMOUS;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	391	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	392	case 1:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	393	algorithm = RSA;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	394	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	395	case 2:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	396	algorithm = DSA;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	397	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	398	case 3:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	399	algorithm = ECDSA;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	400	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	401	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	402
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	403	return algorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	404	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	405	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	406
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	407	static {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	408	supportedMap = Collections.synchronizedSortedMap(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	409	new TreeMap<Integer, SignatureAndHashAlgorithm>());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	410	priorityMap = Collections.synchronizedSortedMap(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	411	new TreeMap<Integer, SignatureAndHashAlgorithm>());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	412
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	413	synchronized (supportedMap) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	414	int p = SUPPORTED_ALG_PRIORITY_MAX_NUM;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	415	supports(HashAlgorithm.MD5, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	416	"MD5withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	417	supports(HashAlgorithm.SHA1, SignatureAlgorithm.DSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	418	"SHA1withDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	419	supports(HashAlgorithm.SHA1, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	420	"SHA1withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	421	supports(HashAlgorithm.SHA1, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	422	"SHA1withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	423	supports(HashAlgorithm.SHA224, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	424	"SHA224withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	425	supports(HashAlgorithm.SHA224, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	426	"SHA224withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	427	supports(HashAlgorithm.SHA256, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	428	"SHA256withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	429	supports(HashAlgorithm.SHA256, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	430	"SHA256withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	431	supports(HashAlgorithm.SHA384, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	432	"SHA384withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	433	supports(HashAlgorithm.SHA384, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	434	"SHA384withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	435	supports(HashAlgorithm.SHA512, SignatureAlgorithm.RSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	436	"SHA512withRSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	437	supports(HashAlgorithm.SHA512, SignatureAlgorithm.ECDSA,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	438	"SHA512withECDSA", --p);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	439	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	440	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	441	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: diff changeset	442

author	xuelei
	Thu, 12 Jan 2012 03:39:37 -0800
changeset 11521	d7698e6c5f51
parent 9035	1255eb81cc2f
child 16080	0e6266b88242
child 14675	17224d0282f1
permissions	-rw-r--r--