1 /* 2 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.util; 27 28 import java.util.HashSet; 29 import java.util.Set; 30 import java.util.regex.Pattern; 31 32 /** 33 * The class decomposes standard algorithms into sub-elements. 34 */ 35 public class AlgorithmDecomposer { 36 37 private static final Pattern transPattern = Pattern.compile("/"); 38 39 // '(?<!padd)in': match 'in' but not preceded with 'padd'. 40 private static final Pattern pattern = 41 Pattern.compile("with|and|(?<!padd)in", Pattern.CASE_INSENSITIVE); 42 43 /** 44 * Decompose the standard algorithm name into sub-elements. 45 * <p> 46 * For example, we need to decompose "SHA1WithRSA" into "SHA1" and "RSA" 47 * so that we can check the "SHA1" and "RSA" algorithm constraints 48 * separately. 49 * <p> 50 * Please override the method if need to support more name pattern. 51 */ 52 public Set<String> decompose(String algorithm) { 53 if (algorithm == null || algorithm.length() == 0) { 54 return new HashSet<>(); 55 } 56 57 // algorithm/mode/padding 58 String[] transTockens = transPattern.split(algorithm); 59 60 Set<String> elements = new HashSet<>(); 61 for (String transTocken : transTockens) { 62 if (transTocken == null || transTocken.length() == 0) { 63 continue; 64 } 65 66 // PBEWith<digest>And<encryption> 67 // PBEWith<prf>And<encryption> 68 // OAEPWith<digest>And<mgf>Padding 69 // <digest>with<encryption> 70 // <digest>with<encryption>and<mgf> 71 // <digest>with<encryption>in<format> 72 String[] tokens = pattern.split(transTocken); 73 74 for (String token : tokens) { 75 if (token == null || token.length() == 0) { 76 continue; 77 } 78 79 elements.add(token); 80 } 81 } 82 83 // In Java standard algorithm name specification, for different 84 // purpose, the SHA-1 and SHA-2 algorithm names are different. For 85 // example, for MessageDigest, the standard name is "SHA-256", while 86 // for Signature, the digest algorithm component is "SHA256" for 87 // signature algorithm "SHA256withRSA". So we need to check both 88 // "SHA-256" and "SHA256" to make the right constraint checking. 89 90 // handle special name: SHA-1 and SHA1 91 if (elements.contains("SHA1") && !elements.contains("SHA-1")) { 92 elements.add("SHA-1"); 93 } 94 if (elements.contains("SHA-1") && !elements.contains("SHA1")) { 95 elements.add("SHA1"); 96 } 97 98 // handle special name: SHA-224 and SHA224 99 if (elements.contains("SHA224") && !elements.contains("SHA-224")) { 100 elements.add("SHA-224"); 101 } 102 if (elements.contains("SHA-224") && !elements.contains("SHA224")) { 103 elements.add("SHA224"); 104 } 105 106 // handle special name: SHA-256 and SHA256 107 if (elements.contains("SHA256") && !elements.contains("SHA-256")) { 108 elements.add("SHA-256"); 109 } 110 if (elements.contains("SHA-256") && !elements.contains("SHA256")) { 111 elements.add("SHA256"); 112 } 113 114 // handle special name: SHA-384 and SHA384 115 if (elements.contains("SHA384") && !elements.contains("SHA-384")) { 116 elements.add("SHA-384"); 117 } 118 if (elements.contains("SHA-384") && !elements.contains("SHA384")) { 119 elements.add("SHA384"); 120 } 121 122 // handle special name: SHA-512 and SHA512 123 if (elements.contains("SHA512") && !elements.contains("SHA-512")) { 124 elements.add("SHA-512"); 125 } 126 if (elements.contains("SHA-512") && !elements.contains("SHA512")) { 127 elements.add("SHA512"); 128 } 129 130 return elements; 131 } 132 133 }