iaik.security.ssl

Class SignatureAndHashAlgorithmList

java.lang.Object

iaik.security.ssl.SignatureAndHashAlgorithmList

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable

Direct Known Subclasses:

SignatureSchemeList

public class SignatureAndHashAlgorithmList
extends java.lang.Object
implements java.io.Serializable, java.lang.Cloneable

Implements the TLS 1.2 SignatureAndHashAlgorithmList structure used by the SignatureAlgorithms extension as specified by RFC 5246.

Note that TLS 1.3 (RFC 8446) replaces SignatureAndHashAlgorithmList by SignatureSchemeList. For compatibility reasons iSaSiLk can be used with both SignatureAndHashAlgorithmList and SignatureSchemeList.

A TLS client/server may use the SignatureSchme structure to announce the signature/hash algorithms it is able to support to the peer. The client, for instance, may send a SignatureAlgorithms extension with the ClientHello extension list to tell the server which SignatureAndHashAlgorithms the client can process to, e.g., verify the server certificates or, e.g., sign the CertificateVerify message.
The server, for instance, will specify a list of expected SignatureAndHashAlgorithms when sending the CertificateRequest message.

See Also:

SignatureAlgorithms, SignatureAndHashAlgorithm, Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static int	L_ALL Selection constant for a list with all supported signature algorithms.
static int	L_DEFAULT Selection constant for a list with the default signature algorithms.
static SignatureScheme[]	L_DSA Deprecated. by TLS 1.3
static SignatureScheme[]	L_ECDSA An array containing all ECDSA signature algorithms.
static SignatureScheme[]	L_EDDSA An array containing all EDDSA signature algorithms.
static int	L_NONE Selection constant for an empty list.
static SignatureScheme[]	L_RSA An array containing all RSA signature algorithms.
static SignatureScheme[]	L_RSA_PKCS15 An array containing all RSA PKCS#1v1.5 signature algorithms.
static SignatureScheme[]	L_RSA_PSS An array containing all RSASSA-PSS signature algorithms public key OID RSASSA-PSS.
static SignatureScheme[]	L_RSA_PSS_PSS An array containing all RSASSA-PSS PSS signature algorithms public key OID RSASSA-PSS.
static SignatureScheme[]	L_RSA_PSS_RSAE An array containing all RSASSA-PSS RSAE signature algorithms public key OID rsaEncryption.

Constructor Summary

Constructors

Constructor and Description
SignatureAndHashAlgorithmList() Creates an empty signature algorithm list.
SignatureAndHashAlgorithmList(int which) Creates a new signature algorithm list with the contents determined by the selection value.
SignatureAndHashAlgorithmList(SignatureAndHashAlgorithm algorithm) Creates a new signature algorithm list with the specified algorithm as its only element.
SignatureAndHashAlgorithmList(SignatureAndHashAlgorithm[] algorithms) Creates a new signature algorithm list from the contents of the given array.
SignatureAndHashAlgorithmList(SignatureAndHashAlgorithmList algorithms) Creates a copy of the given signature algorithm list.
SignatureAndHashAlgorithmList(java.lang.String[] algorithms) Create a new signature algorithm list from an array of signature algorithm names.

Method Summary

Modifier and Type	Method and Description
void	add(SignatureAndHashAlgorithm algorithm) Adds a signature algorithm to the end of this list.
void	add(SignatureAndHashAlgorithm[] algorithms) Adds all signature algorithms from an array to this list in order.
void	clear() Removes all elements from this list.
java.lang.Object	clone() Returns a clone of this signature algorithm list.
java.lang.Object	clone(int version) Returns a clone of this signature algorithm list for the given protocol version.
boolean	contains(SignatureAndHashAlgorithm algorithm) Checks if the given signature algorithm is an element of this list.
void	ensureAvailable() Make sure this list only contains signature algorithms that can actually be used.
boolean	equals(java.lang.Object obj) Checks if this signature algorithm list object is equal to the given object.
SignatureAndHashAlgorithm	get(int i) Returns the element at the given index.
static SignatureAndHashAlgorithmList	getAll() Gets a list containing all supported signature algorithms.
static SignatureAndHashAlgorithmList	getDefault() Gets a list containing the signature algorithms /schemes supported by default.
int	hashCode() Gets a hash code of this object.
void	insertAt(int index, SignatureAndHashAlgorithm algorithm) Inserts the given algorithm at the given position i.
void	intersectWith(SignatureAndHashAlgorithmList other) Computes the intersection of this list and another list.
java.util.Iterator	iterator() Return an Iterator for the elements of this list.
void	remove(SignatureAndHashAlgorithm algorithm) Removes a signature algorithm from this list.
void	remove(SignatureAndHashAlgorithm[] algorithms) Removes all signature algorithms from an array from this list.
int	size() Returns the number of elements in this list.
SignatureAndHashAlgorithm[]	toArray() Converts this list to an array of signature algorithms.
java.lang.String	toString() Returns a string representation of this list.

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

L_NONE

public static final int L_NONE

Selection constant for an empty list.

See Also:

Constant Field Values

L_DEFAULT

public static final int L_DEFAULT

Selection constant for a list with the default signature algorithms.

See Also:

Constant Field Values

L_ALL

public static final int L_ALL

Selection constant for a list with all supported signature algorithms.

See Also:

Constant Field Values

L_RSA_PKCS15

public static final SignatureScheme[] L_RSA_PKCS15

An array containing all RSA PKCS#1v1.5 signature algorithms.

L_RSA_PSS_RSAE

public static final SignatureScheme[] L_RSA_PSS_RSAE

An array containing all RSASSA-PSS RSAE signature algorithms public key OID rsaEncryption.

L_RSA_PSS_PSS

public static final SignatureScheme[] L_RSA_PSS_PSS

An array containing all RSASSA-PSS PSS signature algorithms public key OID RSASSA-PSS.

L_RSA_PSS

public static final SignatureScheme[] L_RSA_PSS

An array containing all RSASSA-PSS signature algorithms public key OID RSASSA-PSS.

L_RSA

public static final SignatureScheme[] L_RSA

An array containing all RSA signature algorithms.

L_DSA

public static final SignatureScheme[] L_DSA

Deprecated. by TLS 1.3

An array containing all DSA signature algorithms.

L_ECDSA

public static final SignatureScheme[] L_ECDSA

An array containing all ECDSA signature algorithms.

L_EDDSA

public static final SignatureScheme[] L_EDDSA

An array containing all EDDSA signature algorithms.

Constructor Detail

SignatureAndHashAlgorithmList

public SignatureAndHashAlgorithmList()

Creates an empty signature algorithm list.

SignatureAndHashAlgorithmList

public SignatureAndHashAlgorithmList(int which)

Creates a new signature algorithm list with the contents determined by the selection value. It should be one of L_xxx values defined for this class. The resulting list will be sorted and only contain the signature algorithms that are available, i.e. can be used with the installed security provider.

• L_NONE (1) creates an empty list
• L_DEFAULT (2) creates a list with the default signature algorithms.
• L_ALL (3) creates a list with all implemented signature algorithms.

Note that ensureAvailable() is automatically called on the created list.

Parameters:

which - the selection value deciding which type of list shall be created (L_NONE, L_DEFAULT, or L_ALL)

Throws:

IllegalParameterException - if the selection value is not one of

SignatureAndHashAlgorithmList

public SignatureAndHashAlgorithmList(SignatureAndHashAlgorithm algorithm)

Creates a new signature algorithm list with the specified algorithm as its only element.

Parameters:

algorithm - the signature algorithm

SignatureAndHashAlgorithmList

public SignatureAndHashAlgorithmList(SignatureAndHashAlgorithm[] algorithms)

Creates a new signature algorithm list from the contents of the given array. If a signature algorithm occurs multiple times in the array only the first occurrence is used.

Parameters:

algorithms - the array of signature algorithms

SignatureAndHashAlgorithmList

public SignatureAndHashAlgorithmList(SignatureAndHashAlgorithmList algorithms)

Creates a copy of the given signature algorithm list.

Parameters:

algorithms - the algorithm list to be copied

SignatureAndHashAlgorithmList

public SignatureAndHashAlgorithmList(java.lang.String[] algorithms)
                              throws java.lang.IllegalArgumentException

Create a new signature algorithm list from an array of signature algorithm names. If a signature algorithm occurs multiple times in the array only the first occurrence is used.

Parameters:

algorithms - the signature algorithm names

Throws:

java.lang.IllegalArgumentException - if the list of algorithm names refers a signature algorithm that is not supported

Method Detail

getDefault

public static final SignatureAndHashAlgorithmList getDefault()

Gets a list containing the signature algorithms /schemes supported by default. Contains the following algorithms (if supported by the installed SecurityProvider):

• ecdsa_secp256r1_sha256 (SHA256withECDSA) (id: 0x0403)
• ed25519 (ED25519) (id: 0x0807)
• rsa_pss_rsae_sha256 (SignatureAndHashAlgorithm.SHA256withRSAPSS_RSAE) (id: 0x0804)
• rsa_pkcs1_sha256 (SHA256withRSA) (id: 0x0401)
• ecdsa_secp384r1_sha384 (SHA384withECDSA) (id: 0x0503)
• rsa_pss_rsae_sha384 (SignatureAndHashAlgorithm.SHA384withRSAPSS_RSAE) (id: 0x0805)
• rsa_pkcs1_sha384 (SHA384withRSA) (id: 0x0501)
• ecdsa_secp521r1_sha512 (SHA512withECDSA) (id: 0x0603)
• rsa_pss_rsae_sha512 (SignatureAndHashAlgorithm.SHA512withRSAPSS_RSAE) (id: 0x0806)
• rsa_pkcs1_sha512 (SHA512withRSA) (id: 0x0601)
• rsa_pkcs1_sha1 (SHA1withRSA) (id: 0x0201); legacy
• ecdsa_sha1 (SHA1withECDSA) (id: 0x0203); legacy

Returns:

a list containing the default algorithms supported by the installed SecurityProvider

getAll

public static final SignatureAndHashAlgorithmList getAll()

Gets a list containing all supported signature algorithms. Contains all signature and hash algorithms specified by TLS 1.2 (RFC 5246) and TLS 1.3 (RFC 8446) if supported by the installed SecurityProvider):

• ecdsa_secp256r1_sha256 (SHA256withECDSA) (id: 0x0403)
• ed25519 (ED25519) (id: 0x0807)
• rsa_pss_rsae_sha256 (SignatureAndHashAlgorithm.SHA256withRSAPSS_RSAE) (id: 0x0804)
• rsa_pkcs1_sha256 (SHA256withRSA) (id: 0x0401)
• ecdsa_secp384r1_sha384 (SHA384withECDSA) (id: 0x0503)
• rsa_pss_rsae_sha384 (SignatureAndHashAlgorithm.SHA384withRSAPSS_RSAE) (id: 0x0805)
• rsa_pkcs1_sha384 (SHA384withRSA) (id: 0x0501)
• ecdsa_secp521r1_sha512 (SHA512withECDSA) (id: 0x0603)
• rsa_pss_rsae_sha512 (SignatureAndHashAlgorithm.SHA512withRSAPSS_RSAE) (id: 0x0806)
• rsa_pkcs1_sha512 (SHA512withRSA) (id: 0x0601)
• ed448 (ED448) (id: 0x0808)
• rsa_pss_pss_sha256 (SignatureAndHashAlgorithm.SHA256withRSAPSS_PSS) (id: 0x0809)
• rsa_pss_pss_sha384 (SignatureAndHashAlgorithm.SHA384withRSAPSS_PSS) (id: 0x080a)
• rsa_pss_pss_sha512 (SignatureAndHashAlgorithm.SHA512withRSAPSS_PSS) (id: 0x080b)
• rsa_pkcs1_sha1 (SHA1withRSA) (id: 0x0201), legacy
• ecdsa_sha1 (SHA1withECDSA) (id: 0x0203), legacy
• rsa_pkcs1_sha224 (SHA224withRSA) (id: 0x0301); deprecated; not enabled for TLS 1.3
• ecdsa_sha224 (SHA224withECDSA) (id: 0x0303); deprecated; not enabled for TLS 1.3
• dsa_sha256 (SHA256withDSA) (id: 0x0402); deprecated; not enabled for TLS 1.3
• dsa_sha384 (SHA384withDSA) (id: 0x0502); deprecated; not enabled for TLS 1.3
• dsa_sha512 (SHA512withDSA) (id: 0x0602); deprecated; not enabled for TLS 1.3
• dsa_sha224 (SHA224withDSA) (id: 0x0302); deprecated; not enabled for TLS 1.3
• dsa_sha1 (SHA1withDSA) (id: 0x0202); deprecated; not enabled for TLS 1.3
• rsa_pkcs1_md5 (MD5withRSA) (id: 0x0101); deprecated; not enabled for TLS 1.3

Returns:

a list containing all signature algorithms supported by the installed SecurityProvider

add

public void add(SignatureAndHashAlgorithm algorithm)

Adds a signature algorithm to the end of this list. If it is already contained in the list the call is ignored.

Parameters:

algorithm - the algorithm to be added

insertAt

public void insertAt(int index,
                     SignatureAndHashAlgorithm algorithm)

Inserts the given algorithm at the given position i. If it is already contained in the list it is moved to the given position.

Parameters:

algorithm - the algorithm to be added

remove

public void remove(SignatureAndHashAlgorithm algorithm)

Removes a signature algorithm from this list. If it is not contained in the list the call is ignored.

Parameters:

algorithm - the algorithm to be removed

contains

public boolean contains(SignatureAndHashAlgorithm algorithm)

Checks if the given signature algorithm is an element of this list.

Parameters:

algorithm - the algorithm to be checked

Returns:

true if the algorithm is included, false if it is not included

add

public void add(SignatureAndHashAlgorithm[] algorithms)

Adds all signature algorithms from an array to this list in order.

Parameters:

algorithms - the signature algorithms to be added

remove

public void remove(SignatureAndHashAlgorithm[] algorithms)

Removes all signature algorithms from an array from this list.

Parameters:

algorithms - the algorithms to be removed

clear

public void clear()

Removes all elements from this list.

toArray

public SignatureAndHashAlgorithm[] toArray()

Converts this list to an array of signature algorithms.

Returns:

an array containing all signature algorithms of this list

size

public int size()

Returns the number of elements in this list.

Returns:

the size of this list

get

public SignatureAndHashAlgorithm get(int i)
                              throws java.lang.IndexOutOfBoundsException

Returns the element at the given index. An IndexOutOfBoundsException is thrown if the index is invalid.

Parameters:

i - the index of the requested element

Returns:

the element at index i

Throws:

java.lang.IndexOutOfBoundsException - if the index

iterator

public java.util.Iterator iterator()

Return an Iterator for the elements of this list.

Returns:

an Iterator for stepping through the elements of this list

ensureAvailable

public void ensureAvailable()

Make sure this list only contains signature algorithms that can actually be used. Any algorithm that cannot be used is removed from the list.

intersectWith

public void intersectWith(SignatureAndHashAlgorithmList other)

Computes the intersection of this list and another list. This list is modified to only contain signature algorithms enabled in both this and other.

Parameters:

other - the other list

hashCode

public int hashCode()

Gets a hash code of this object.

Overrides:

hashCode in class java.lang.Object

Returns:

a hash code of this object

equals

public boolean equals(java.lang.Object obj)

Checks if this signature algorithm list object is equal to the given object.

Two signature algorithm lists are treated as equal if they contain the same signature algorithm objects (same number and same order).

Overrides:

equals in class java.lang.Object

Returns:

true if this signature algorithm list object is equal to the given list, false if it is not equal to it

clone

public java.lang.Object clone()

Returns a clone of this signature algorithm list.

Overrides:

clone in class java.lang.Object

Returns:

the clone of this list

clone

public java.lang.Object clone(int version)

Returns a clone of this signature algorithm list for the given protocol version.

Parameters:

version - the protocol version

Returns:

the clone of this list for the given protocol version

toString

public java.lang.String toString()

Returns a string representation of this list.

Overrides:

toString in class java.lang.Object

Returns:

a string representation of this list