1 /*
   2  * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.util;
  27 
  28 import java.util.HashSet;
  29 import java.util.Set;
  30 import java.util.regex.Pattern;
  31 
  32 /**
  33  * The class decomposes standard algorithms into sub-elements.
  34  */
  35 public class AlgorithmDecomposer {
  36 
  37     private static final Pattern transPattern = Pattern.compile("/");
  38 
  39     // '(?<!padd)in': match 'in' but not preceded with 'padd'.
  40     private static final Pattern pattern =
  41             Pattern.compile("with|and|(?<!padd)in", Pattern.CASE_INSENSITIVE);
  42 
  43     /**
  44      * Decompose the standard algorithm name into sub-elements.
  45      * <p>
  46      * For example, we need to decompose "SHA1WithRSA" into "SHA1" and "RSA"
  47      * so that we can check the "SHA1" and "RSA" algorithm constraints
  48      * separately.
  49      * <p>
  50      * Please override the method if need to support more name pattern.
  51      */
  52     public Set<String> decompose(String algorithm) {
  53         if (algorithm == null || algorithm.length() == 0) {
  54             return new HashSet<>();
  55         }
  56 
  57         // algorithm/mode/padding
  58         String[] transTockens = transPattern.split(algorithm);
  59 
  60         Set<String> elements = new HashSet<>();
  61         for (String transTocken : transTockens) {
  62             if (transTocken == null || transTocken.length() == 0) {
  63                 continue;
  64             }
  65 
  66             // PBEWith<digest>And<encryption>
  67             // PBEWith<prf>And<encryption>
  68             // OAEPWith<digest>And<mgf>Padding
  69             // <digest>with<encryption>
  70             // <digest>with<encryption>and<mgf>
  71             // <digest>with<encryption>in<format>
  72             String[] tokens = pattern.split(transTocken);
  73 
  74             for (String token : tokens) {
  75                 if (token == null || token.length() == 0) {
  76                     continue;
  77                 }
  78 
  79                 elements.add(token);
  80             }
  81         }
  82 
  83         // In Java standard algorithm name specification, for different
  84         // purpose, the SHA-1 and SHA-2 algorithm names are different. For
  85         // example, for MessageDigest, the standard name is "SHA-256", while
  86         // for Signature, the digest algorithm component is "SHA256" for
  87         // signature algorithm "SHA256withRSA". So we need to check both
  88         // "SHA-256" and "SHA256" to make the right constraint checking.
  89 
  90         // handle special name: SHA-1 and SHA1
  91         if (elements.contains("SHA1") && !elements.contains("SHA-1")) {
  92             elements.add("SHA-1");
  93         }
  94         if (elements.contains("SHA-1") && !elements.contains("SHA1")) {
  95             elements.add("SHA1");
  96         }
  97 
  98         // handle special name: SHA-224 and SHA224
  99         if (elements.contains("SHA224") && !elements.contains("SHA-224")) {
 100             elements.add("SHA-224");
 101         }
 102         if (elements.contains("SHA-224") && !elements.contains("SHA224")) {
 103             elements.add("SHA224");
 104         }
 105 
 106         // handle special name: SHA-256 and SHA256
 107         if (elements.contains("SHA256") && !elements.contains("SHA-256")) {
 108             elements.add("SHA-256");
 109         }
 110         if (elements.contains("SHA-256") && !elements.contains("SHA256")) {
 111             elements.add("SHA256");
 112         }
 113 
 114         // handle special name: SHA-384 and SHA384
 115         if (elements.contains("SHA384") && !elements.contains("SHA-384")) {
 116             elements.add("SHA-384");
 117         }
 118         if (elements.contains("SHA-384") && !elements.contains("SHA384")) {
 119             elements.add("SHA384");
 120         }
 121 
 122         // handle special name: SHA-512 and SHA512
 123         if (elements.contains("SHA512") && !elements.contains("SHA-512")) {
 124             elements.add("SHA-512");
 125         }
 126         if (elements.contains("SHA-512") && !elements.contains("SHA512")) {
 127             elements.add("SHA512");
 128         }
 129 
 130         return elements;
 131     }
 132 
 133 }