25 |
25 |
26 package sun.security.ssl; |
26 package sun.security.ssl; |
27 |
27 |
28 import java.util.HashSet; |
28 import java.util.HashSet; |
29 import java.util.Set; |
29 import java.util.Set; |
|
30 import sun.security.ssl.CipherSuite.HashAlg; |
|
31 import sun.security.ssl.CipherSuite.KeyExchange; |
|
32 import static sun.security.ssl.CipherSuite.KeyExchange.*; |
|
33 import sun.security.ssl.CipherSuite.MacAlg; |
|
34 import static sun.security.ssl.SSLCipher.B_3DES; |
|
35 import static sun.security.ssl.SSLCipher.B_AES_128; |
|
36 import static sun.security.ssl.SSLCipher.B_AES_128_GCM; |
|
37 import static sun.security.ssl.SSLCipher.B_AES_256; |
|
38 import static sun.security.ssl.SSLCipher.B_AES_256_GCM; |
|
39 import static sun.security.ssl.SSLCipher.B_DES; |
|
40 import static sun.security.ssl.SSLCipher.B_DES_40; |
|
41 import static sun.security.ssl.SSLCipher.B_NULL; |
|
42 import static sun.security.ssl.SSLCipher.B_RC2_40; |
|
43 import static sun.security.ssl.SSLCipher.B_RC4_128; |
|
44 import static sun.security.ssl.SSLCipher.B_RC4_40; |
30 import sun.security.util.AlgorithmDecomposer; |
45 import sun.security.util.AlgorithmDecomposer; |
31 import static sun.security.ssl.CipherSuite.*; |
|
32 import static sun.security.ssl.CipherSuite.KeyExchange.*; |
|
33 |
46 |
34 /** |
47 /** |
35 * The class decomposes standard SSL/TLS cipher suites into sub-elements. |
48 * The class decomposes standard SSL/TLS cipher suites into sub-elements. |
36 */ |
49 */ |
37 class SSLAlgorithmDecomposer extends AlgorithmDecomposer { |
50 class SSLAlgorithmDecomposer extends AlgorithmDecomposer { |
124 components.add("ANON"); |
137 components.add("ANON"); |
125 components.add("ECDH_ANON"); |
138 components.add("ECDH_ANON"); |
126 } |
139 } |
127 break; |
140 break; |
128 default: |
141 default: |
129 if (ClientKeyExchangeService.find(keyExchange.name) != null) { |
|
130 if (!onlyX509) { |
|
131 components.add(keyExchange.name); |
|
132 } |
|
133 } |
|
134 // otherwise ignore |
142 // otherwise ignore |
135 } |
143 } |
136 |
144 |
137 return components; |
145 return components; |
138 } |
146 } |
139 |
147 |
140 private Set<String> decomposes(CipherSuite.BulkCipher bulkCipher) { |
148 private Set<String> decomposes(SSLCipher bulkCipher) { |
141 Set<String> components = new HashSet<>(); |
149 Set<String> components = new HashSet<>(); |
142 |
150 |
143 if (bulkCipher.transformation != null) { |
151 if (bulkCipher.transformation != null) { |
144 components.addAll(super.decompose(bulkCipher.transformation)); |
152 components.addAll(super.decompose(bulkCipher.transformation)); |
145 } |
153 } |
183 |
191 |
184 return components; |
192 return components; |
185 } |
193 } |
186 |
194 |
187 private Set<String> decomposes(CipherSuite.MacAlg macAlg, |
195 private Set<String> decomposes(CipherSuite.MacAlg macAlg, |
188 BulkCipher cipher) { |
196 SSLCipher cipher) { |
189 Set<String> components = new HashSet<>(); |
197 Set<String> components = new HashSet<>(); |
190 |
198 |
191 if (macAlg == CipherSuite.MacAlg.M_NULL |
199 if (macAlg == CipherSuite.MacAlg.M_NULL |
192 && cipher.cipherType != CipherType.AEAD_CIPHER) { |
200 && cipher.cipherType != CipherType.AEAD_CIPHER) { |
193 components.add("M_NULL"); |
201 components.add("M_NULL"); |
209 } |
217 } |
210 |
218 |
211 return components; |
219 return components; |
212 } |
220 } |
213 |
221 |
214 private Set<String> decompose(KeyExchange keyExchange, BulkCipher cipher, |
222 private Set<String> decomposes(CipherSuite.HashAlg hashAlg) { |
215 MacAlg macAlg) { |
223 Set<String> components = new HashSet<>(); |
|
224 |
|
225 if (hashAlg == CipherSuite.HashAlg.H_SHA256) { |
|
226 components.add("SHA256"); |
|
227 components.add("SHA-256"); |
|
228 components.add("HmacSHA256"); |
|
229 } else if (hashAlg == CipherSuite.HashAlg.H_SHA384) { |
|
230 components.add("SHA384"); |
|
231 components.add("SHA-384"); |
|
232 components.add("HmacSHA384"); |
|
233 } |
|
234 |
|
235 return components; |
|
236 } |
|
237 |
|
238 private Set<String> decompose(KeyExchange keyExchange, |
|
239 SSLCipher cipher, |
|
240 MacAlg macAlg, |
|
241 HashAlg hashAlg) { |
216 Set<String> components = new HashSet<>(); |
242 Set<String> components = new HashSet<>(); |
217 |
243 |
218 if (keyExchange != null) { |
244 if (keyExchange != null) { |
219 components.addAll(decomposes(keyExchange)); |
245 components.addAll(decomposes(keyExchange)); |
220 } |
246 } |
229 components.addAll(decomposes(cipher)); |
255 components.addAll(decomposes(cipher)); |
230 } |
256 } |
231 |
257 |
232 if (macAlg != null) { |
258 if (macAlg != null) { |
233 components.addAll(decomposes(macAlg, cipher)); |
259 components.addAll(decomposes(macAlg, cipher)); |
|
260 } |
|
261 |
|
262 if (hashAlg != null) { |
|
263 components.addAll(decomposes(hashAlg)); |
234 } |
264 } |
235 |
265 |
236 return components; |
266 return components; |
237 } |
267 } |
238 |
268 |
239 @Override |
269 @Override |
240 public Set<String> decompose(String algorithm) { |
270 public Set<String> decompose(String algorithm) { |
241 if (algorithm.startsWith("SSL_") || algorithm.startsWith("TLS_")) { |
271 if (algorithm.startsWith("SSL_") || algorithm.startsWith("TLS_")) { |
242 CipherSuite cipherSuite = null; |
272 CipherSuite cipherSuite = null; |
243 try { |
273 try { |
244 cipherSuite = CipherSuite.valueOf(algorithm); |
274 cipherSuite = CipherSuite.nameOf(algorithm); |
245 } catch (IllegalArgumentException iae) { |
275 } catch (IllegalArgumentException iae) { |
246 // ignore: unknown or unsupported ciphersuite |
276 // ignore: unknown or unsupported ciphersuite |
247 } |
277 } |
248 |
278 |
249 if (cipherSuite != null) { |
279 if (cipherSuite != null) { |
250 return decompose(cipherSuite.keyExchange, cipherSuite.cipher, |
280 return decompose(cipherSuite.keyExchange, |
251 cipherSuite.macAlg); |
281 cipherSuite.bulkCipher, |
|
282 cipherSuite.macAlg, |
|
283 cipherSuite.hashAlg); |
252 } |
284 } |
253 } |
285 } |
254 |
286 |
255 return super.decompose(algorithm); |
287 return super.decompose(algorithm); |
256 } |
288 } |
257 |
|
258 } |
289 } |