--- a/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmDecomposer.java Fri May 11 14:55:56 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLAlgorithmDecomposer.java Fri May 11 15:53:12 2018 -0700
@@ -27,9 +27,22 @@
import java.util.HashSet;
import java.util.Set;
+import sun.security.ssl.CipherSuite.HashAlg;
+import sun.security.ssl.CipherSuite.KeyExchange;
+import static sun.security.ssl.CipherSuite.KeyExchange.*;
+import sun.security.ssl.CipherSuite.MacAlg;
+import static sun.security.ssl.SSLCipher.B_3DES;
+import static sun.security.ssl.SSLCipher.B_AES_128;
+import static sun.security.ssl.SSLCipher.B_AES_128_GCM;
+import static sun.security.ssl.SSLCipher.B_AES_256;
+import static sun.security.ssl.SSLCipher.B_AES_256_GCM;
+import static sun.security.ssl.SSLCipher.B_DES;
+import static sun.security.ssl.SSLCipher.B_DES_40;
+import static sun.security.ssl.SSLCipher.B_NULL;
+import static sun.security.ssl.SSLCipher.B_RC2_40;
+import static sun.security.ssl.SSLCipher.B_RC4_128;
+import static sun.security.ssl.SSLCipher.B_RC4_40;
import sun.security.util.AlgorithmDecomposer;
-import static sun.security.ssl.CipherSuite.*;
-import static sun.security.ssl.CipherSuite.KeyExchange.*;
/**
* The class decomposes standard SSL/TLS cipher suites into sub-elements.
@@ -126,18 +139,13 @@
}
break;
default:
- if (ClientKeyExchangeService.find(keyExchange.name) != null) {
- if (!onlyX509) {
- components.add(keyExchange.name);
- }
- }
// otherwise ignore
}
return components;
}
- private Set<String> decomposes(CipherSuite.BulkCipher bulkCipher) {
+ private Set<String> decomposes(SSLCipher bulkCipher) {
Set<String> components = new HashSet<>();
if (bulkCipher.transformation != null) {
@@ -185,7 +193,7 @@
}
private Set<String> decomposes(CipherSuite.MacAlg macAlg,
- BulkCipher cipher) {
+ SSLCipher cipher) {
Set<String> components = new HashSet<>();
if (macAlg == CipherSuite.MacAlg.M_NULL
@@ -211,8 +219,26 @@
return components;
}
- private Set<String> decompose(KeyExchange keyExchange, BulkCipher cipher,
- MacAlg macAlg) {
+ private Set<String> decomposes(CipherSuite.HashAlg hashAlg) {
+ Set<String> components = new HashSet<>();
+
+ if (hashAlg == CipherSuite.HashAlg.H_SHA256) {
+ components.add("SHA256");
+ components.add("SHA-256");
+ components.add("HmacSHA256");
+ } else if (hashAlg == CipherSuite.HashAlg.H_SHA384) {
+ components.add("SHA384");
+ components.add("SHA-384");
+ components.add("HmacSHA384");
+ }
+
+ return components;
+ }
+
+ private Set<String> decompose(KeyExchange keyExchange,
+ SSLCipher cipher,
+ MacAlg macAlg,
+ HashAlg hashAlg) {
Set<String> components = new HashSet<>();
if (keyExchange != null) {
@@ -233,6 +259,10 @@
components.addAll(decomposes(macAlg, cipher));
}
+ if (hashAlg != null) {
+ components.addAll(decomposes(hashAlg));
+ }
+
return components;
}
@@ -241,18 +271,19 @@
if (algorithm.startsWith("SSL_") || algorithm.startsWith("TLS_")) {
CipherSuite cipherSuite = null;
try {
- cipherSuite = CipherSuite.valueOf(algorithm);
+ cipherSuite = CipherSuite.nameOf(algorithm);
} catch (IllegalArgumentException iae) {
// ignore: unknown or unsupported ciphersuite
}
if (cipherSuite != null) {
- return decompose(cipherSuite.keyExchange, cipherSuite.cipher,
- cipherSuite.macAlg);
+ return decompose(cipherSuite.keyExchange,
+ cipherSuite.bulkCipher,
+ cipherSuite.macAlg,
+ cipherSuite.hashAlg);
}
}
return super.decompose(algorithm);
}
-
}