1 /*
2 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.util;
27
28 import java.util.HashSet;
29 import java.util.Set;
30 import java.util.regex.Pattern;
31
32 /**
33 * The class decomposes standard algorithms into sub-elements.
34 */
35 public class AlgorithmDecomposer {
36
37 private static final Pattern transPattern = Pattern.compile("/");
38
39 // '(?<!padd)in': match 'in' but not preceded with 'padd'.
40 private static final Pattern pattern =
41 Pattern.compile("with|and|(?<!padd)in", Pattern.CASE_INSENSITIVE);
42
43 /**
44 * Decompose the standard algorithm name into sub-elements.
45 * <p>
46 * For example, we need to decompose "SHA1WithRSA" into "SHA1" and "RSA"
47 * so that we can check the "SHA1" and "RSA" algorithm constraints
48 * separately.
49 * <p>
50 * Please override the method if need to support more name pattern.
51 */
52 public Set<String> decompose(String algorithm) {
53 if (algorithm == null || algorithm.length() == 0) {
54 return new HashSet<>();
55 }
56
57 // algorithm/mode/padding
58 String[] transTockens = transPattern.split(algorithm);
59
60 Set<String> elements = new HashSet<>();
61 for (String transTocken : transTockens) {
62 if (transTocken == null || transTocken.length() == 0) {
63 continue;
64 }
65
66 // PBEWith<digest>And<encryption>
67 // PBEWith<prf>And<encryption>
68 // OAEPWith<digest>And<mgf>Padding
69 // <digest>with<encryption>
70 // <digest>with<encryption>and<mgf>
71 // <digest>with<encryption>in<format>
72 String[] tokens = pattern.split(transTocken);
73
74 for (String token : tokens) {
75 if (token == null || token.length() == 0) {
76 continue;
77 }
78
79 elements.add(token);
80 }
81 }
82
83 // In Java standard algorithm name specification, for different
84 // purpose, the SHA-1 and SHA-2 algorithm names are different. For
85 // example, for MessageDigest, the standard name is "SHA-256", while
86 // for Signature, the digest algorithm component is "SHA256" for
87 // signature algorithm "SHA256withRSA". So we need to check both
88 // "SHA-256" and "SHA256" to make the right constraint checking.
89
90 // handle special name: SHA-1 and SHA1
91 if (elements.contains("SHA1") && !elements.contains("SHA-1")) {
92 elements.add("SHA-1");
93 }
94 if (elements.contains("SHA-1") && !elements.contains("SHA1")) {
95 elements.add("SHA1");
96 }
97
98 // handle special name: SHA-224 and SHA224
99 if (elements.contains("SHA224") && !elements.contains("SHA-224")) {
100 elements.add("SHA-224");
101 }
113
114 // handle special name: SHA-384 and SHA384
115 if (elements.contains("SHA384") && !elements.contains("SHA-384")) {
116 elements.add("SHA-384");
117 }
118 if (elements.contains("SHA-384") && !elements.contains("SHA384")) {
119 elements.add("SHA384");
120 }
121
122 // handle special name: SHA-512 and SHA512
123 if (elements.contains("SHA512") && !elements.contains("SHA-512")) {
124 elements.add("SHA-512");
125 }
126 if (elements.contains("SHA-512") && !elements.contains("SHA512")) {
127 elements.add("SHA512");
128 }
129
130 return elements;
131 }
132
133 }
|
1 /*
2 * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.util;
27
28 import java.util.HashSet;
29 import java.util.Set;
30 import java.util.regex.Pattern;
31
32 /**
33 * The class decomposes standard algorithms into sub-elements.
34 */
35 public class AlgorithmDecomposer {
36
37 private static final Pattern transPattern = Pattern.compile("/");
38
39 // '(?<!padd)in': match 'in' but not preceded with 'padd'.
40 private static final Pattern pattern =
41 Pattern.compile("with|and|(?<!padd)in", Pattern.CASE_INSENSITIVE);
42
43 private static Set<String> decomposeImpl(String algorithm) {
44
45 // algorithm/mode/padding
46 String[] transTockens = transPattern.split(algorithm);
47
48 Set<String> elements = new HashSet<>();
49 for (String transTocken : transTockens) {
50 if (transTocken == null || transTocken.length() == 0) {
51 continue;
52 }
53
54 // PBEWith<digest>And<encryption>
55 // PBEWith<prf>And<encryption>
56 // OAEPWith<digest>And<mgf>Padding
57 // <digest>with<encryption>
58 // <digest>with<encryption>and<mgf>
59 // <digest>with<encryption>in<format>
60 String[] tokens = pattern.split(transTocken);
61
62 for (String token : tokens) {
63 if (token == null || token.length() == 0) {
64 continue;
65 }
66
67 elements.add(token);
68 }
69 }
70 return elements;
71 }
72
73 /**
74 * Decompose the standard algorithm name into sub-elements.
75 * <p>
76 * For example, we need to decompose "SHA1WithRSA" into "SHA1" and "RSA"
77 * so that we can check the "SHA1" and "RSA" algorithm constraints
78 * separately.
79 * <p>
80 * Please override the method if need to support more name pattern.
81 */
82 public Set<String> decompose(String algorithm) {
83 if (algorithm == null || algorithm.length() == 0) {
84 return new HashSet<>();
85 }
86
87 Set<String> elements = decomposeImpl(algorithm);
88
89 // In Java standard algorithm name specification, for different
90 // purpose, the SHA-1 and SHA-2 algorithm names are different. For
91 // example, for MessageDigest, the standard name is "SHA-256", while
92 // for Signature, the digest algorithm component is "SHA256" for
93 // signature algorithm "SHA256withRSA". So we need to check both
94 // "SHA-256" and "SHA256" to make the right constraint checking.
95
96 // handle special name: SHA-1 and SHA1
97 if (elements.contains("SHA1") && !elements.contains("SHA-1")) {
98 elements.add("SHA-1");
99 }
100 if (elements.contains("SHA-1") && !elements.contains("SHA1")) {
101 elements.add("SHA1");
102 }
103
104 // handle special name: SHA-224 and SHA224
105 if (elements.contains("SHA224") && !elements.contains("SHA-224")) {
106 elements.add("SHA-224");
107 }
119
120 // handle special name: SHA-384 and SHA384
121 if (elements.contains("SHA384") && !elements.contains("SHA-384")) {
122 elements.add("SHA-384");
123 }
124 if (elements.contains("SHA-384") && !elements.contains("SHA384")) {
125 elements.add("SHA384");
126 }
127
128 // handle special name: SHA-512 and SHA512
129 if (elements.contains("SHA512") && !elements.contains("SHA-512")) {
130 elements.add("SHA-512");
131 }
132 if (elements.contains("SHA-512") && !elements.contains("SHA512")) {
133 elements.add("SHA512");
134 }
135
136 return elements;
137 }
138
139 private static void hasLoop(Set<String> elements, String find, String replace) {
140 if (elements.contains(find)) {
141 if (!elements.contains(replace)) {
142 elements.add(replace);
143 }
144 elements.remove(find);
145 }
146 }
147
148 /*
149 * This decomposes a standard name into sub-elements with a consistent
150 * message digest algorithm name to avoid overly complicated checking.
151 */
152 public static Set<String> decomposeOneHash(String algorithm) {
153 if (algorithm == null || algorithm.length() == 0) {
154 return new HashSet<>();
155 }
156
157 Set<String> elements = decomposeImpl(algorithm);
158
159 hasLoop(elements, "SHA-1", "SHA1");
160 hasLoop(elements, "SHA-224", "SHA224");
161 hasLoop(elements, "SHA-256", "SHA256");
162 hasLoop(elements, "SHA-384", "SHA384");
163 hasLoop(elements, "SHA-512", "SHA512");
164
165 return elements;
166 }
167
168 /*
169 * The provided message digest algorithm name will return a consistent
170 * naming scheme.
171 */
172 public static String hashName(String algorithm) {
173 return algorithm.replace("-", "");
174 }
175 }
|