< prev index next >

src/java.base/share/classes/sun/security/ssl/SignatureScheme.java

Print this page




   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.security.*;

  29 import java.security.spec.AlgorithmParameterSpec;
  30 import java.security.spec.ECParameterSpec;
  31 import java.security.spec.MGF1ParameterSpec;
  32 import java.security.spec.PSSParameterSpec;
  33 import java.util.ArrayList;
  34 import java.util.Arrays;
  35 import java.util.Collection;
  36 import java.util.Collections;
  37 import java.util.EnumSet;
  38 import java.util.LinkedList;
  39 import java.util.List;
  40 import java.util.Set;
  41 import sun.security.ssl.NamedGroup.NamedGroupType;

  42 import sun.security.ssl.X509Authentication.X509Possession;
  43 import sun.security.util.KeyUtil;
  44 import sun.security.util.SignatureUtil;
  45 
  46 enum SignatureScheme {
  47     // EdDSA algorithms
  48     ED25519                 (0x0807, "ed25519", "ed25519",
  49                                     "ed25519",
  50                                     ProtocolVersion.PROTOCOLS_OF_13),
  51     ED448                   (0x0808, "ed448", "ed448",
  52                                     "ed448",
  53                                     ProtocolVersion.PROTOCOLS_OF_13),
  54 
  55     // ECDSA algorithms
  56     ECDSA_SECP256R1_SHA256  (0x0403, "ecdsa_secp256r1_sha256",
  57                                     "SHA256withECDSA",
  58                                     "EC",
  59                                     NamedGroup.SECP256_R1,
  60                                     ProtocolVersion.PROTOCOLS_TO_13),
  61     ECDSA_SECP384R1_SHA384  (0x0503, "ecdsa_secp384r1_sha384",


 413         return null;
 414     }
 415 
 416     static SignatureScheme getPreferableAlgorithm(
 417             List<SignatureScheme> schemes,
 418             X509Possession x509Possession,
 419             ProtocolVersion version) {
 420 
 421         PrivateKey signingKey = x509Possession.popPrivateKey;
 422         String keyAlgorithm = signingKey.getAlgorithm();
 423         int keySize;
 424         // Only need to check RSA algorithm at present.
 425         if (keyAlgorithm.equalsIgnoreCase("RSA") ||
 426                 keyAlgorithm.equalsIgnoreCase("RSASSA-PSS")) {
 427             keySize = KeyUtil.getKeySize(signingKey);
 428         } else {
 429             keySize = Integer.MAX_VALUE;
 430         }
 431         for (SignatureScheme ss : schemes) {
 432             if (ss.isAvailable && (keySize >= ss.minimalKeySize) &&
 433                     ss.handshakeSupportedProtocols.contains(version) &&
 434                     keyAlgorithm.equalsIgnoreCase(ss.keyAlgorithm)) {
 435                 if ((ss.namedGroup != null) && (ss.namedGroup.type ==
 436                         NamedGroupType.NAMED_GROUP_ECDHE)) {
 437                     ECParameterSpec params =
 438                             x509Possession.getECParameterSpec();
 439                     if (params != null &&
 440                             ss.namedGroup == NamedGroup.valueOf(params)) {
 441                         return ss;
 442                     }
 443                 } else {
 444                     return ss;
 445                 }
 446             }
 447         }
 448 
 449         return null;
 450     }
 451 
 452     static String[] getAlgorithmNames(Collection<SignatureScheme> schemes) {
 453         if (schemes != null) {
 454             ArrayList<String> names = new ArrayList<>(schemes.size());
 455             for (SignatureScheme scheme : schemes) {
 456                 names.add(scheme.algorithm);




   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.security.*;
  29 import java.security.interfaces.ECPrivateKey;
  30 import java.security.spec.AlgorithmParameterSpec;
  31 import java.security.spec.ECParameterSpec;
  32 import java.security.spec.MGF1ParameterSpec;
  33 import java.security.spec.PSSParameterSpec;
  34 import java.util.ArrayList;
  35 import java.util.Arrays;
  36 import java.util.Collection;
  37 import java.util.Collections;
  38 import java.util.EnumSet;
  39 import java.util.LinkedList;
  40 import java.util.List;
  41 import java.util.Set;
  42 import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
  43 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
  44 import sun.security.ssl.X509Authentication.X509Possession;
  45 import sun.security.util.KeyUtil;
  46 import sun.security.util.SignatureUtil;
  47 
  48 enum SignatureScheme {
  49     // EdDSA algorithms
  50     ED25519                 (0x0807, "ed25519", "ed25519",
  51                                     "ed25519",
  52                                     ProtocolVersion.PROTOCOLS_OF_13),
  53     ED448                   (0x0808, "ed448", "ed448",
  54                                     "ed448",
  55                                     ProtocolVersion.PROTOCOLS_OF_13),
  56 
  57     // ECDSA algorithms
  58     ECDSA_SECP256R1_SHA256  (0x0403, "ecdsa_secp256r1_sha256",
  59                                     "SHA256withECDSA",
  60                                     "EC",
  61                                     NamedGroup.SECP256_R1,
  62                                     ProtocolVersion.PROTOCOLS_TO_13),
  63     ECDSA_SECP384R1_SHA384  (0x0503, "ecdsa_secp384r1_sha384",


 415         return null;
 416     }
 417 
 418     static SignatureScheme getPreferableAlgorithm(
 419             List<SignatureScheme> schemes,
 420             X509Possession x509Possession,
 421             ProtocolVersion version) {
 422 
 423         PrivateKey signingKey = x509Possession.popPrivateKey;
 424         String keyAlgorithm = signingKey.getAlgorithm();
 425         int keySize;
 426         // Only need to check RSA algorithm at present.
 427         if (keyAlgorithm.equalsIgnoreCase("RSA") ||
 428                 keyAlgorithm.equalsIgnoreCase("RSASSA-PSS")) {
 429             keySize = KeyUtil.getKeySize(signingKey);
 430         } else {
 431             keySize = Integer.MAX_VALUE;
 432         }
 433         for (SignatureScheme ss : schemes) {
 434             if (ss.isAvailable && (keySize >= ss.minimalKeySize) &&
 435                 ss.handshakeSupportedProtocols.contains(version) &&
 436                 keyAlgorithm.equalsIgnoreCase(ss.keyAlgorithm)) {
 437                 if (ss.namedGroup != null &&
 438                     ss.namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE) {
 439                     ECParameterSpec params =
 440                             x509Possession.getECParameterSpec();
 441                     if (params != null &&
 442                             ss.namedGroup == NamedGroup.valueOf(params)) {
 443                         return ss;
 444                     }
 445                 } else {
 446                     return ss;
 447                 }
 448             }
 449         }
 450 
 451         return null;
 452     }
 453 
 454     static String[] getAlgorithmNames(Collection<SignatureScheme> schemes) {
 455         if (schemes != null) {
 456             ArrayList<String> names = new ArrayList<>(schemes.size());
 457             for (SignatureScheme scheme : schemes) {
 458                 names.add(scheme.algorithm);


< prev index next >