diff options
author | Casey Marshall <csm@gnu.org> | 2006-08-14 22:36:17 +0000 |
---|---|---|
committer | Casey Marshall <csm@gnu.org> | 2006-08-14 22:36:17 +0000 |
commit | 8c09ba9b0bb2b3c6768d7bf7849bf5e096efdc16 (patch) | |
tree | 2385de1ad71e083a0394a98b0865c95187cfeb76 /gnu/javax/net/ssl/provider/SSLRSASignature.java | |
parent | 32bb0e9c211961fbade190535b8041ece5df772c (diff) | |
download | classpath-8c09ba9b0bb2b3c6768d7bf7849bf5e096efdc16.tar.gz |
2006-08-14 Casey Marshall <csm@gnu.org>
Merge in ssl-nio-branch work. See `ChangeLog-ssl-nio' for a record
of changes made on this branch.
Files modified:
* gnu/classpath/debug/Component.java
* gnu/classpath/debug/SystemLogger.java
* gnu/java/security/action/GetPropertyAction.java
* gnu/java/security/action/GetSecurityPropertyAction.java
* gnu/javax/crypto/RSACipherImpl.java
* gnu/javax/net/ssl/PrivateCredentials.java
* gnu/javax/net/ssl/provider/Alert.java
* gnu/javax/net/ssl/provider/AlertException.java
* gnu/javax/net/ssl/provider/Certificate.java
* gnu/javax/net/ssl/provider/CertificateRequest.java
* gnu/javax/net/ssl/provider/CertificateType.java
* gnu/javax/net/ssl/provider/CertificateVerify.java
* gnu/javax/net/ssl/provider/CipherSuite.java
* gnu/javax/net/ssl/provider/ClientHello.java
* gnu/javax/net/ssl/provider/ClientKeyExchange.java
* gnu/javax/net/ssl/provider/CompressionMethod.java
* gnu/javax/net/ssl/provider/Constructed.java
* gnu/javax/net/ssl/provider/ContentType.java
* gnu/javax/net/ssl/provider/DiffieHellman.java
* gnu/javax/net/ssl/provider/Extension.java
* gnu/javax/net/ssl/provider/Finished.java
* gnu/javax/net/ssl/provider/Handshake.java
* gnu/javax/net/ssl/provider/Jessie.java
* gnu/javax/net/ssl/provider/ProtocolVersion.java
* gnu/javax/net/ssl/provider/Random.java
* gnu/javax/net/ssl/provider/ServerHello.java
* gnu/javax/net/ssl/provider/ServerKeyExchange.java
* gnu/javax/net/ssl/provider/Signature.java
* gnu/javax/net/ssl/provider/Util.java
* gnu/javax/net/ssl/provider/X509KeyManagerFactory.java
* gnu/javax/net/ssl/provider/X509TrustManagerFactory.java
* java/security/MessageDigest.java
* java/security/MessageDigestSpi.java
* java/security/Signature.java
* java/security/SignatureSpi.java
* javax/crypto/Mac.java
* javax/crypto/MacSpi.java
* javax/net/ssl/HandshakeCompletedEvent.java
* javax/net/ssl/HttpsURLConnection.java
* javax/net/ssl/SSLContext.java
* javax/net/ssl/SSLContextSpi.java
* javax/net/ssl/SSLSession.java
Files added:
* gnu/javax/net/ssl/provider/ServerKeyExchangeBuilder.java
* gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java
* gnu/javax/net/ssl/provider/SimpleSessionContext.java
* gnu/javax/net/ssl/provider/ServerRSAParams.java
* gnu/javax/net/ssl/provider/SSLContextImpl.java
* gnu/javax/net/ssl/provider/ServerDHParams.java
* gnu/javax/net/ssl/provider/ClientHelloBuilder.java
* gnu/javax/net/ssl/provider/ClientDHE_PSKParameters.java
* gnu/javax/net/ssl/provider/SignatureAlgorithm.java
* gnu/javax/net/ssl/provider/CipherSuiteList.java
* gnu/javax/net/ssl/provider/ServerNameList.java
* gnu/javax/net/ssl/provider/SSLServerSocketImpl.java
* gnu/javax/net/ssl/provider/CompressionMethodList.java
* gnu/javax/net/ssl/provider/ServerRSA_PSKParameters.java
* gnu/javax/net/ssl/provider/ClientKeyExchangeBuilder.java
* gnu/javax/net/ssl/provider/TrustedAuthorities.java
* gnu/javax/net/ssl/provider/CertificateStatusRequest.java
* gnu/javax/net/ssl/provider/ServerHelloDone.java
* gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java
* gnu/javax/net/ssl/provider/SSLSocketImpl.java
* gnu/javax/net/ssl/provider/ServerHelloBuilder.java
* gnu/javax/net/ssl/provider/Record.java
* gnu/javax/net/ssl/provider/SSLRSASignatureImpl.java
* gnu/javax/net/ssl/provider/EncryptedPreMasterSecret.java
* gnu/javax/net/ssl/provider/PreSharedKeyManagerFactoryImpl.java
* gnu/javax/net/ssl/provider/KeyExchangeAlgorithm.java
* gnu/javax/net/ssl/provider/SSLServerSocketFactoryImpl.java
* gnu/javax/net/ssl/provider/CertificateBuilder.java
* gnu/javax/net/ssl/provider/ClientRSA_PSKParameters.java
* gnu/javax/net/ssl/provider/CertificateStatusType.java
* gnu/javax/net/ssl/provider/ExtensionList.java
* gnu/javax/net/ssl/provider/ClientCertificateTypeList.java
* gnu/javax/net/ssl/provider/ClientPSKParameters.java
* gnu/javax/net/ssl/provider/X500PrincipalList.java
* gnu/javax/net/ssl/provider/ServerHandshake.java
* gnu/javax/net/ssl/provider/ClientDiffieHellmanPublic.java
* gnu/javax/net/ssl/provider/SessionImpl.java
* gnu/javax/net/ssl/provider/SSLSocketFactoryImpl.java
* gnu/javax/net/ssl/provider/ServerPSKParameters.java
* gnu/javax/net/ssl/provider/TruncatedHMAC.java
* gnu/javax/net/ssl/provider/MaxFragmentLength.java
* gnu/javax/net/ssl/provider/HelloRequest.java
* gnu/javax/net/ssl/provider/ServerKeyExchangeParams.java
* gnu/javax/net/ssl/provider/UnresolvedExtensionValue.java
* gnu/javax/net/ssl/provider/CipherAlgorithm.java
* gnu/javax/net/ssl/provider/ClientHandshake.java
* gnu/javax/net/ssl/provider/ExchangeKeys.java
* gnu/javax/net/ssl/provider/CertificateURL.java
* gnu/javax/net/ssl/provider/EmptyExchangeKeys.java
* gnu/javax/net/ssl/provider/CertificateRequestBuilder.java
* gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java
* gnu/javax/net/ssl/provider/Builder.java
* gnu/javax/net/ssl/provider/Debug.java
* gnu/javax/net/ssl/provider/SSLEngineImpl.java
* gnu/javax/net/ssl/provider/MacAlgorithm.java
* gnu/javax/net/ssl/provider/DelegatedTask.java
* gnu/javax/net/ssl/provider/InputSecurityParameters.java
* gnu/javax/net/ssl/provider/ClientHelloV2.java
* gnu/javax/net/ssl/provider/OutputSecurityParameters.java
* gnu/javax/net/ssl/provider/AbstractHandshake.java
* javax/net/ssl/SSLEngine.java
* javax/net/ssl/CertPathTrustManagerParameters.java
* javax/net/ssl/KeyStoreBuilderParameters.java
* javax/net/ssl/X509ExtendedKeyManager.java
* javax/net/ssl/SSLEngineResult.java
* gnu/javax/net/ssl/PreSharedKeyManager.java
* gnu/javax/net/ssl/Session.java
* gnu/javax/net/ssl/PreSharedKeyManagerParameters.java
* gnu/javax/net/ssl/SSLCipherSuite.java
* gnu/javax/net/ssl/AbstractSessionContext.java
* gnu/javax/net/ssl/SessionStoreException.java
* gnu/javax/net/ssl/SSLRecordHandler.java
* gnu/javax/net/ssl/SSLProtocolVersion.java
* gnu/javax/crypto/key/GnuPBEKey.java
* gnu/java/security/util/ByteBufferOutputStream.java
* gnu/java/security/Requires.java
* gnu/javax/security/auth/callback/CertificateCallback.java
Files removed:
* gnu/javax/net/ssl/provider/Context.java
* gnu/javax/net/ssl/provider/DigestInputStream.java
* gnu/javax/net/ssl/provider/DigestOutputStream.java
* gnu/javax/net/ssl/provider/Enumerated.java
* gnu/javax/net/ssl/provider/Extensions.java
* gnu/javax/net/ssl/provider/GNUSecurityParameters.java
* gnu/javax/net/ssl/provider/JCESecurityParameters.java
* gnu/javax/net/ssl/provider/JDBCSessionContext.java
* gnu/javax/net/ssl/provider/JessieDHPrivateKey.java
* gnu/javax/net/ssl/provider/JessieDHPublicKey.java
* gnu/javax/net/ssl/provider/JessieRSAPrivateKey.java
* gnu/javax/net/ssl/provider/JessieRSAPublicKey.java
* gnu/javax/net/ssl/provider/KeyPool.java
* gnu/javax/net/ssl/provider/OverflowException.java
* gnu/javax/net/ssl/provider/RecordInput.java
* gnu/javax/net/ssl/provider/RecordInputStream.java
* gnu/javax/net/ssl/provider/RecordOutputStream.java
* gnu/javax/net/ssl/provider/RecordingInputStream.java
* gnu/javax/net/ssl/provider/SSLRSASignature.java
* gnu/javax/net/ssl/provider/SSLServerSocket.java
* gnu/javax/net/ssl/provider/SSLServerSocketFactory.java
* gnu/javax/net/ssl/provider/SSLSocket.java
* gnu/javax/net/ssl/provider/SSLSocketFactory.java
* gnu/javax/net/ssl/provider/SSLSocketInputStream.java
* gnu/javax/net/ssl/provider/SSLSocketOutputStream.java
* gnu/javax/net/ssl/provider/SecurityParameters.java
* gnu/javax/net/ssl/provider/Session.java
* gnu/javax/net/ssl/provider/SessionContext.java
* gnu/javax/net/ssl/provider/SynchronizedRandom.java
* gnu/javax/net/ssl/provider/XMLSessionContext.java
Diffstat (limited to 'gnu/javax/net/ssl/provider/SSLRSASignature.java')
-rw-r--r-- | gnu/javax/net/ssl/provider/SSLRSASignature.java | 235 |
1 files changed, 0 insertions, 235 deletions
diff --git a/gnu/javax/net/ssl/provider/SSLRSASignature.java b/gnu/javax/net/ssl/provider/SSLRSASignature.java deleted file mode 100644 index 2f8c6cfe6..000000000 --- a/gnu/javax/net/ssl/provider/SSLRSASignature.java +++ /dev/null @@ -1,235 +0,0 @@ -/* SSLRSASignature.java -- SSL's RSA signature algorithm. - Copyright (C) 2006 Free Software Foundation, Inc. - -This file is a part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or (at -your option) any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; if not, write to the Free Software -Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 -USA - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. */ - - -package gnu.javax.net.ssl.provider; - -import java.math.BigInteger; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; - -import java.util.Arrays; -import java.util.Map; - -import gnu.java.security.hash.HashFactory; -import gnu.java.security.hash.IMessageDigest; -import gnu.java.security.sig.ISignature; -import gnu.java.security.sig.rsa.RSA; - -/** - * The RSA signature algorithm as used in the SSL protocol. Note that this - * is different from the RSA signature used to verify certificates. - * - * <p>This signature scheme works as follows:</p> - * - * <blockquote><p><pre>digitally-signed struct { - * opaque md5_hash[16]; - * opaque sha_hash[20]; - * }</pre></p></blockquote> - * - * <p>Where a <code>digitally-signed struct</code> is RSA-encrypted with - * block type 0 or 1 according to PKCS #1, version 1.5.</p> - */ -final class SSLRSASignature implements ISignature -{ - - // Fields. - // ------------------------------------------------------------------------- - - private RSAPublicKey pubkey; - private RSAPrivateKey privkey; - private final IMessageDigest md5, sha; - private boolean initVerify = false, initSign = false; - - // Constructor. - // ------------------------------------------------------------------------- - - SSLRSASignature() - { - this(HashFactory.getInstance("MD5"), HashFactory.getInstance("SHA-1")); - } - - SSLRSASignature(IMessageDigest md5, IMessageDigest sha) - { - this.md5 = md5; - this.sha = sha; - } - - // Instance methods. - // ------------------------------------------------------------------------- - - public String name() - { - return "RSA/SSL"; - } - - public void setupVerify(Map attrib) - { - PublicKey key = (PublicKey) attrib.get(VERIFIER_KEY); - if (key == null) - { - if (initSign) - { - return; // re-use. - } - throw new IllegalArgumentException("no key supplied"); - } - if (!(key instanceof RSAPublicKey)) - { - throw new IllegalArgumentException("not an RSA key"); - } - pubkey = (RSAPublicKey) key; - privkey = null; - initSign = false; - initVerify = true; - } - - public void setupSign(Map attrib) - { - PrivateKey key = (PrivateKey) attrib.get(SIGNER_KEY); - if (key == null) - { - if (initVerify) - { - return; // re-use. - } - throw new IllegalArgumentException("no key supplied"); - } - if (!(key instanceof RSAPrivateKey)) - { - throw new IllegalArgumentException("not an RSA key"); - } - privkey = (RSAPrivateKey) key; - pubkey = null; - initVerify = false; - initSign = true; - } - - public void update(byte b) - { - if (!initVerify && !initSign) - { - throw new IllegalStateException(); - } - md5.update(b); - sha.update(b); - } - - public void update(byte[] buf, int off, int len) - { - if (!initVerify && !initSign) - { - throw new IllegalStateException(); - } - md5.update(buf, off, len); - sha.update(buf, off, len); - } - - public Object sign() - { - if (!initSign) - { - throw new IllegalStateException(); - } - // Pad the hash results with RSA block type 1. - final int k = (privkey.getModulus().bitLength() + 7) >>> 3; - final byte[] d = Util.concat(md5.digest(), sha.digest()); - if (k - 11 < d.length) - { - throw new IllegalArgumentException("message too long"); - } - final byte[] eb = new byte[k]; - eb[0] = 0x00; - eb[1] = 0x01; - for (int i = 2; i < k - d.length - 1; i++) - { - eb[i] = (byte) 0xFF; - } - System.arraycopy(d, 0, eb, k - d.length, d.length); - BigInteger EB = new BigInteger(eb); - - // Private-key encrypt the padded hashes. - BigInteger EM = RSA.sign(privkey, EB); - return Util.trim(EM); - } - - public boolean verify(Object signature) - { - if (!initVerify) - { - throw new IllegalStateException(); - } - // Public-key decrypt the signature representative. - BigInteger EM = new BigInteger(1, (byte[]) signature); - BigInteger EB = RSA.verify(pubkey, EM); - - // Unpad the decrypted message. - int i = 0; - final byte[] eb = EB.toByteArray(); - if (eb[0] == 0x00) - { - for (i = 0; i < eb.length && eb[i] == 0x00; i++); - } - else if (eb[0] == 0x01) - { - for (i = 1; i < eb.length && eb[i] != 0x00; i++) - { - if (eb[i] != (byte) 0xFF) - { - throw new IllegalArgumentException("bad padding"); - } - } - i++; - } - else - { - throw new IllegalArgumentException("decryption failed"); - } - byte[] d1 = Util.trim(eb, i, eb.length - i); - byte[] d2 = Util.concat(md5.digest(), sha.digest()); - return Arrays.equals(d1, d2); - } - - public Object clone() - { - throw new UnsupportedOperationException(); - } -} |