1 /* |
1 /* |
2 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
25 |
25 |
26 package sun.security.ssl; |
26 package sun.security.ssl; |
27 |
27 |
28 import java.util.HashSet; |
28 import java.util.HashSet; |
29 import java.util.Set; |
29 import java.util.Set; |
|
30 import sun.security.ssl.CipherSuite.HashAlg; |
|
31 import sun.security.ssl.CipherSuite.KeyExchange; |
|
32 import static sun.security.ssl.CipherSuite.KeyExchange.*; |
|
33 import sun.security.ssl.CipherSuite.MacAlg; |
|
34 import static sun.security.ssl.SSLCipher.*; |
30 import sun.security.util.AlgorithmDecomposer; |
35 import sun.security.util.AlgorithmDecomposer; |
31 import static sun.security.ssl.CipherSuite.*; |
|
32 import static sun.security.ssl.CipherSuite.KeyExchange.*; |
|
33 |
36 |
34 /** |
37 /** |
35 * The class decomposes standard SSL/TLS cipher suites into sub-elements. |
38 * The class decomposes standard SSL/TLS cipher suites into sub-elements. |
36 */ |
39 */ |
37 class SSLAlgorithmDecomposer extends AlgorithmDecomposer { |
40 class SSLAlgorithmDecomposer extends AlgorithmDecomposer { |
124 components.add("ANON"); |
127 components.add("ANON"); |
125 components.add("ECDH_ANON"); |
128 components.add("ECDH_ANON"); |
126 } |
129 } |
127 break; |
130 break; |
128 default: |
131 default: |
129 if (ClientKeyExchangeService.find(keyExchange.name) != null) { |
|
130 if (!onlyX509) { |
|
131 components.add(keyExchange.name); |
|
132 } |
|
133 } |
|
134 // otherwise ignore |
132 // otherwise ignore |
135 } |
133 } |
136 |
134 |
137 return components; |
135 return components; |
138 } |
136 } |
139 |
137 |
140 private Set<String> decomposes(CipherSuite.BulkCipher bulkCipher) { |
138 private Set<String> decomposes(SSLCipher bulkCipher) { |
141 Set<String> components = new HashSet<>(); |
139 Set<String> components = new HashSet<>(); |
142 |
140 |
143 if (bulkCipher.transformation != null) { |
141 if (bulkCipher.transformation != null) { |
144 components.addAll(super.decompose(bulkCipher.transformation)); |
142 components.addAll(super.decompose(bulkCipher.transformation)); |
145 } |
143 } |
183 |
181 |
184 return components; |
182 return components; |
185 } |
183 } |
186 |
184 |
187 private Set<String> decomposes(CipherSuite.MacAlg macAlg, |
185 private Set<String> decomposes(CipherSuite.MacAlg macAlg, |
188 BulkCipher cipher) { |
186 SSLCipher cipher) { |
189 Set<String> components = new HashSet<>(); |
187 Set<String> components = new HashSet<>(); |
190 |
188 |
191 if (macAlg == CipherSuite.MacAlg.M_NULL |
189 if (macAlg == CipherSuite.MacAlg.M_NULL |
192 && cipher.cipherType != CipherType.AEAD_CIPHER) { |
190 && cipher.cipherType != CipherType.AEAD_CIPHER) { |
193 components.add("M_NULL"); |
191 components.add("M_NULL"); |
209 } |
207 } |
210 |
208 |
211 return components; |
209 return components; |
212 } |
210 } |
213 |
211 |
214 private Set<String> decompose(KeyExchange keyExchange, BulkCipher cipher, |
212 private Set<String> decomposes(CipherSuite.HashAlg hashAlg) { |
215 MacAlg macAlg) { |
213 Set<String> components = new HashSet<>(); |
|
214 |
|
215 if (hashAlg == CipherSuite.HashAlg.H_SHA256) { |
|
216 components.add("SHA256"); |
|
217 components.add("SHA-256"); |
|
218 components.add("HmacSHA256"); |
|
219 } else if (hashAlg == CipherSuite.HashAlg.H_SHA384) { |
|
220 components.add("SHA384"); |
|
221 components.add("SHA-384"); |
|
222 components.add("HmacSHA384"); |
|
223 } |
|
224 |
|
225 return components; |
|
226 } |
|
227 |
|
228 private Set<String> decompose(KeyExchange keyExchange, |
|
229 SSLCipher cipher, |
|
230 MacAlg macAlg, |
|
231 HashAlg hashAlg) { |
216 Set<String> components = new HashSet<>(); |
232 Set<String> components = new HashSet<>(); |
217 |
233 |
218 if (keyExchange != null) { |
234 if (keyExchange != null) { |
219 components.addAll(decomposes(keyExchange)); |
235 components.addAll(decomposes(keyExchange)); |
220 } |
236 } |
229 components.addAll(decomposes(cipher)); |
245 components.addAll(decomposes(cipher)); |
230 } |
246 } |
231 |
247 |
232 if (macAlg != null) { |
248 if (macAlg != null) { |
233 components.addAll(decomposes(macAlg, cipher)); |
249 components.addAll(decomposes(macAlg, cipher)); |
|
250 } |
|
251 |
|
252 if (hashAlg != null) { |
|
253 components.addAll(decomposes(hashAlg)); |
234 } |
254 } |
235 |
255 |
236 return components; |
256 return components; |
237 } |
257 } |
238 |
258 |
239 @Override |
259 @Override |
240 public Set<String> decompose(String algorithm) { |
260 public Set<String> decompose(String algorithm) { |
241 if (algorithm.startsWith("SSL_") || algorithm.startsWith("TLS_")) { |
261 if (algorithm.startsWith("SSL_") || algorithm.startsWith("TLS_")) { |
242 CipherSuite cipherSuite = null; |
262 CipherSuite cipherSuite = null; |
243 try { |
263 try { |
244 cipherSuite = CipherSuite.valueOf(algorithm); |
264 cipherSuite = CipherSuite.nameOf(algorithm); |
245 } catch (IllegalArgumentException iae) { |
265 } catch (IllegalArgumentException iae) { |
246 // ignore: unknown or unsupported ciphersuite |
266 // ignore: unknown or unsupported ciphersuite |
247 } |
267 } |
248 |
268 |
249 if (cipherSuite != null) { |
269 if (cipherSuite != null) { |
250 return decompose(cipherSuite.keyExchange, cipherSuite.cipher, |
270 return decompose(cipherSuite.keyExchange, |
251 cipherSuite.macAlg); |
271 cipherSuite.bulkCipher, |
|
272 cipherSuite.macAlg, |
|
273 cipherSuite.hashAlg); |
252 } |
274 } |
253 } |
275 } |
254 |
276 |
255 return super.decompose(algorithm); |
277 return super.decompose(algorithm); |
256 } |
278 } |
257 |
|
258 } |
279 } |