用于 TLS/SSL 密码套件强化的 Java 正则表达式

Question

I need Java Regex which can match the argument used to set ciphers for SSL/TLS

valid ciphers : (For testing multiple pattern at a go, added them to string with comma separated, later iterating each for pattern match)

"ALL:!kRSA:!CBC,ALL:-aRSA:-CBC:SHA256,ALL:!kRSA,ALL:!aRSA,ALL:!RSA,ALL:!EDH-RSA-DES-CBC-SHA,ALL:!DES-CBC,ALL:!DES,ALL:-RSA+AES-128-CBC+SHA256";

Can be matched with regex = "^((?:ALL)|(?:ALL)(:([!-]?(a|k)?[A-Z0-9]+([+-]?(a|k)?[A-Z0-9]+)?)*)*)$";

But when I try invalid ciphers: (basically it should fail to match)

invalidciphers = "ALL:+DES,+DES,-DES,DEFAULT:-aRSA,akRSA,kDHE-aRSA,!ECDHE";

unable to create one.

Can any one help me out?

Answer 1

You may use

^ALL(?::[!-]?[ak]?[A-Z0-9]+(?:[+-]?[ak]?[A-Z0-9]+)*)*(?:,ALL(?::[!-]?[ak]?[A-Z0-9]+(?:[+-]?[ak]?[A-Z0-9]+)*)*)*$

See the regex demo

The scheme is ^<single_pattern>(?:,<single_pattern>)*$ . It matches the start of string, then the single pattern, and then 0 or more occurrences of a comma followed with the single pattern up to the end of string.

The single_pattern here is ALL(?::[!-]?[ak]?[A-Z0-9]+(?:[+-]?[ak]?[A-Z0-9]+)*)* :

• ALL - a substring
• (?::[!-]?[ak]?[A-Z0-9]+(?:[+-]?[ak]?[A-Z0-9]+)*)* - 0 or more occurrences of
  • : - a colon
  • [!-]? - an optional ! or -
  • [ak]? - an optional a or k
  • [A-Z0-9]+ - 1+ uppercase letters or digits
  • (?:[+-]?[ak]?[A-Z0-9]+)* - 0 or more occurrences of
    • [+-]? - an optional + or -
    • [ak]? - an optional a or k
    • [A-Z0-9]+ - 1+ uppercase letters or digits