[英]Java regex for cipher suite hardening for TLS/SSL
I need Java Regex which can match the argument used to set ciphers for SSL/TLS我需要 Java Regex,它可以匹配用于为 SSL/TLS 设置密码的参数
valid ciphers : (For testing multiple pattern at a go, added them to string with comma separated, later iterating each for pattern match)有效的密码:(为了一次测试多个模式,将它们添加到用逗号分隔的字符串中,然后迭代每个模式匹配)
"ALL:!kRSA:!CBC,ALL:-aRSA:-CBC:SHA256,ALL:!kRSA,ALL:!aRSA,ALL:!RSA,ALL:!EDH-RSA-DES-CBC-SHA,ALL:!DES-CBC,ALL:!DES,ALL:-RSA+AES-128-CBC+SHA256";
Can be matched with regex = "^((?:ALL)|(?:ALL)(:([!-]?(a|k)?[A-Z0-9]+([+-]?(a|k)?[A-Z0-9]+)?)*)*)$";
可以搭配正则表达式 =
"^((?:ALL)|(?:ALL)(:([!-]?(a|k)?[A-Z0-9]+([+-]?(a|k)?[A-Z0-9]+)?)*)*)$";
But when I try invalid ciphers: (basically it should fail to match)但是当我尝试无效的密码时:(基本上它应该无法匹配)
invalidciphers = "ALL:+DES,+DES,-DES,DEFAULT:-aRSA,akRSA,kDHE-aRSA,!ECDHE";
unable to create one.无法创建一个。
Can any one help me out?谁能帮我吗?
You may use您可以使用
^ALL(?::[!-]?[ak]?[A-Z0-9]+(?:[+-]?[ak]?[A-Z0-9]+)*)*(?:,ALL(?::[!-]?[ak]?[A-Z0-9]+(?:[+-]?[ak]?[A-Z0-9]+)*)*)*$
See the regex demo查看正则表达式演示
The scheme is ^<single_pattern>(?:,<single_pattern>)*$
.该方案是
^<single_pattern>(?:,<single_pattern>)*$
。 It matches the start of string, then the single pattern, and then 0 or more occurrences of a comma followed with the single pattern up to the end of string.它匹配字符串的开头,然后是单个模式,然后是 0 次或多次出现的逗号,后跟单个模式直到字符串的结尾。
The single_pattern
here is ALL(?::[!-]?[ak]?[A-Z0-9]+(?:[+-]?[ak]?[A-Z0-9]+)*)*
:这里的
single_pattern
是ALL(?::[!-]?[ak]?[A-Z0-9]+(?:[+-]?[ak]?[A-Z0-9]+)*)*
:
ALL
- a substring ALL
- 一个子串(?::[!-]?[ak]?[A-Z0-9]+(?:[+-]?[ak]?[A-Z0-9]+)*)*
- 0 or more occurrences of (?::[!-]?[ak]?[A-Z0-9]+(?:[+-]?[ak]?[A-Z0-9]+)*)*
- 0 次或多次出现的
:
- a colon :
- 一个冒号[!-]?
- an optional !
!
or -
-
[ak]?
- an optional a
or k
a
或k
[A-Z0-9]+
- 1+ uppercase letters or digits [A-Z0-9]+
- 1+ 大写字母或数字(?:[+-]?[ak]?[A-Z0-9]+)*
- 0 or more occurrences of (?:[+-]?[ak]?[A-Z0-9]+)*
- 0 次或多次出现
[+-]?
- an optional +
or -
+
或-
[ak]?
- an optional a
or k
a
或k
[A-Z0-9]+
- 1+ uppercase letters or digits [A-Z0-9]+
- 1+ 大写字母或数字
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.