summaryrefslogtreecommitdiff
path: root/gnu/javax/net/ssl/provider
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/javax/net/ssl/provider')
-rw-r--r--gnu/javax/net/ssl/provider/ClientHandshake.java2
-rw-r--r--gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java6
-rw-r--r--gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java6
-rw-r--r--gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java8
-rw-r--r--gnu/javax/net/ssl/provider/ServerDHParams.java9
-rw-r--r--gnu/javax/net/ssl/provider/ServerHandshake.java109
6 files changed, 34 insertions, 106 deletions
diff --git a/gnu/javax/net/ssl/provider/ClientHandshake.java b/gnu/javax/net/ssl/provider/ClientHandshake.java
index fc13b9be9..c938e284a 100644
--- a/gnu/javax/net/ssl/provider/ClientHandshake.java
+++ b/gnu/javax/net/ssl/provider/ClientHandshake.java
@@ -1,5 +1,5 @@
/* ClientHandshake.java --
- Copyright (C) 2006, 2015 Free Software Foundation, Inc.
+ Copyright (C) 2006 Free Software Foundation, Inc.
This file is a part of GNU Classpath.
diff --git a/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java b/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java
index b33efc629..5ef84ca1c 100644
--- a/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java
+++ b/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java
@@ -1,5 +1,5 @@
/* SSLv3HMacMD5.java --
- Copyright (C) 2006, 2015 Free Software Foundation, Inc.
+ Copyright (C) 2006 Free Software Foundation, Inc.
This file is a part of GNU Classpath.
@@ -38,8 +38,6 @@ exception statement from your version. */
package gnu.javax.net.ssl.provider;
-import gnu.javax.crypto.mac.IMac;
-
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
@@ -88,7 +86,7 @@ public class SSLv3HMacMD5Impl extends MacSpi
|| !key.getAlgorithm().equalsIgnoreCase("SSLv3HMac-MD5"))
throw new InvalidKeyException("expecting secret key with algorithm \"SSLv3HMac-MD5\"");
Map<String,byte[]> attr =
- Collections.singletonMap(IMac.MAC_KEY_MATERIAL, key.getEncoded());
+ Collections.singletonMap(SSLHMac.MAC_KEY_MATERIAL, key.getEncoded());
adaptee.init(attr);
}
diff --git a/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java b/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java
index d1e7ed768..6b9c9e9cc 100644
--- a/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java
+++ b/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java
@@ -1,5 +1,5 @@
/* SSLv3HMacSHA.java --
- Copyright (C) 2006, 2015 Free Software Foundation, Inc.
+ Copyright (C) 2006 Free Software Foundation, Inc.
This file is a part of GNU Classpath.
@@ -38,8 +38,6 @@ exception statement from your version. */
package gnu.javax.net.ssl.provider;
-import gnu.javax.crypto.mac.IMac;
-
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
@@ -88,7 +86,7 @@ public class SSLv3HMacSHAImpl extends MacSpi
|| !key.getAlgorithm().equalsIgnoreCase("SSLv3HMac-SHA"))
throw new InvalidKeyException("expecting secret key with algorithm \"SSLv3HMac-SHA\"");
Map<String,byte[]> attr =
- Collections.singletonMap(IMac.MAC_KEY_MATERIAL, key.getEncoded());
+ Collections.singletonMap(SSLHMac.MAC_KEY_MATERIAL, key.getEncoded());
adaptee.init(attr);
}
diff --git a/gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java b/gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java
index 6c53ed66a..1de3f8124 100644
--- a/gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java
+++ b/gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java
@@ -1,5 +1,5 @@
/* ServerDHE_PSKParameters.java --
- Copyright (C) 2006, 2015 Free Software Foundation, Inc.
+ Copyright (C) 2006 Free Software Foundation, Inc.
This file is a part of GNU Classpath.
@@ -57,7 +57,7 @@ import java.nio.charset.Charset;
*
* @author Casey Marshall (csm@gnu.org)
*/
-public class ServerDHE_PSKParameters implements Builder, ServerKeyExchangeParams
+public class ServerDHE_PSKParameters implements Constructed, Builder, ServerKeyExchangeParams
{
private ByteBuffer buffer;
@@ -81,7 +81,6 @@ public class ServerDHE_PSKParameters implements Builder, ServerKeyExchangeParams
buffer.put(dhParams);
}
- @Override
public KeyExchangeAlgorithm algorithm()
{
return KeyExchangeAlgorithm.DHE_PSK;
@@ -90,7 +89,6 @@ public class ServerDHE_PSKParameters implements Builder, ServerKeyExchangeParams
/* (non-Javadoc)
* @see gnu.javax.net.ssl.provider.Constructed#length()
*/
- @Override
public int length()
{
return (buffer.getShort(0) & 0xFFFF) + 2 + params().length();
@@ -117,7 +115,6 @@ public class ServerDHE_PSKParameters implements Builder, ServerKeyExchangeParams
/* (non-Javadoc)
* @see gnu.javax.net.ssl.provider.Builder#buffer()
*/
- @Override
public ByteBuffer buffer()
{
return (ByteBuffer) buffer.duplicate().rewind().limit(length());
@@ -131,7 +128,6 @@ public class ServerDHE_PSKParameters implements Builder, ServerKeyExchangeParams
/* (non-Javadoc)
* @see gnu.javax.net.ssl.provider.Constructed#toString(java.lang.String)
*/
- @Override
public String toString(String prefix)
{
StringWriter str = new StringWriter();
diff --git a/gnu/javax/net/ssl/provider/ServerDHParams.java b/gnu/javax/net/ssl/provider/ServerDHParams.java
index 225956e15..0e2c34881 100644
--- a/gnu/javax/net/ssl/provider/ServerDHParams.java
+++ b/gnu/javax/net/ssl/provider/ServerDHParams.java
@@ -1,5 +1,5 @@
/* ServerDHParams.java -- The server's Diffie-Hellman parameters.
- Copyright (C) 2006, 2015 Free Software Foundation, Inc.
+ Copyright (C) 2006 Free Software Foundation, Inc.
This file is a part of GNU Classpath.
@@ -104,13 +104,11 @@ public class ServerDHParams implements Builder, ServerKeyExchangeParams
buffer.put(y_bytes, y_off, y_len);
}
- @Deprecated @Override
- public KeyExchangeAlgorithm algorithm ()
+ @Deprecated public KeyExchangeAlgorithm algorithm ()
{
return null; // XXX can't support this.
}
- @Override
public int length ()
{
int offset1 = buffer.getShort (0) & 0xFFFF;
@@ -119,7 +117,6 @@ public class ServerDHParams implements Builder, ServerKeyExchangeParams
+ offset1 + offset2 + 6);
}
- @Override
public ByteBuffer buffer()
{
return (ByteBuffer) buffer.duplicate().position(0).limit(length());
@@ -224,13 +221,11 @@ public class ServerDHParams implements Builder, ServerKeyExchangeParams
buffer.put (buf, offset, length);
}
- @Override
public String toString ()
{
return toString (null);
}
- @Override
public String toString (final String prefix)
{
StringWriter str = new StringWriter ();
diff --git a/gnu/javax/net/ssl/provider/ServerHandshake.java b/gnu/javax/net/ssl/provider/ServerHandshake.java
index bfc7a28ef..d69fa120d 100644
--- a/gnu/javax/net/ssl/provider/ServerHandshake.java
+++ b/gnu/javax/net/ssl/provider/ServerHandshake.java
@@ -1,5 +1,5 @@
/* ServerHandshake.java -- the server-side handshake.
- Copyright (C) 2006, 2015 Free Software Foundation, Inc.
+ Copyright (C) 2006 Free Software Foundation, Inc.
This file is a part of GNU Classpath.
@@ -194,7 +194,8 @@ class ServerHandshake extends AbstractHandshake
* we have enabled.
*/
private CipherSuite chooseSuite (final CipherSuiteList clientSuites,
- final String[] enabledSuites)
+ final String[] enabledSuites,
+ final ProtocolVersion version)
throws SSLException
{
// Figure out which SignatureAlgorithms we can support.
@@ -335,7 +336,8 @@ class ServerHandshake extends AbstractHandshake
engine.getEnabledProtocols ());
engine.session().suite =
chooseSuite (hello.cipherSuites (),
- engine.getEnabledCipherSuites ());
+ engine.getEnabledCipherSuites (),
+ engine.session().version);
compression = chooseCompression (hello.compressionMethods ());
if (Debug.DEBUG)
logger.logv(Component.SSL_HANDSHAKE,
@@ -511,10 +513,10 @@ class ServerHandshake extends AbstractHandshake
{
ClientDHE_PSKParameters params = (ClientDHE_PSKParameters)
kex.exchangeKeys();
- DHPublicKey srvKey = (DHPublicKey) dhPair.getPublic();
+ DHPublicKey serverKey = (DHPublicKey) dhPair.getPublic();
DHPublicKey clientKey =
- new GnuDHPublicKey(null, srvKey.getParams().getP(),
- srvKey.getParams().getG(),
+ new GnuDHPublicKey(null, serverKey.getParams().getP(),
+ serverKey.getParams().getG(),
params.params().publicValue());
SecretKey psk = null;
try
@@ -571,12 +573,6 @@ class ServerHandshake extends AbstractHandshake
engine.session().privateData.masterSecret = new byte[0];
}
break;
- case DH_DSS:
- case DH_RSA:
- // Message contains no data in this case (RFC2246, 7.4.7)
- break;
- default:
- throw new SSLException("Unsupported algorithm: " + alg);
}
// XXX SRP
@@ -694,9 +690,6 @@ class ServerHandshake extends AbstractHandshake
}
}
break;
-
- default:
- throw new IllegalStateException("Invalid state: " + state);
}
handshakeOffset += handshake.length() + 4;
@@ -731,7 +724,8 @@ class ServerHandshake extends AbstractHandshake
{
if (state.isWriteState() || outBuffer.hasRemaining())
return HandshakeStatus.NEED_WRAP;
- return HandshakeStatus.NEED_UNWRAP;
+ else
+ return HandshakeStatus.NEED_UNWRAP;
}
// XXX what we need to do here is generate a "stream" of handshake
@@ -1149,8 +1143,6 @@ output_loop:
state = DONE;
}
break;
- default:
- throw new IllegalStateException("Invalid state: " + state);
}
}
if (!tasks.isEmpty())
@@ -1202,7 +1194,7 @@ output_loop:
helloV2 = true;
}
- ByteBuffer signParams(ByteBuffer serverParams)
+ private ByteBuffer signParams(ByteBuffer serverParams)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException
{
SignatureAlgorithm alg = engine.session().suite.signatureAlgorithm();
@@ -1262,43 +1254,6 @@ output_loop:
}
}
- // Accessors and mutators for delegated tasks.
-
- void setKeyAlias(final String ka)
- {
- keyAlias = ka;
- }
-
- String getKeyAlias()
- {
- return keyAlias;
- }
-
- void setLocalCert(final X509Certificate lc)
- {
- localCert = lc;
- }
-
- X509Certificate getLocalCert()
- {
- return localCert;
- }
-
- void setServerKey(final PrivateKey sk)
- {
- serverKey = sk;
- }
-
- PrivateKey getServerKey()
- {
- return serverKey;
- }
-
- void setDHPair(KeyPair dh)
- {
- dhPair = dh;
- }
-
// Delegated tasks.
class CertLoader extends DelegatedTask
@@ -1307,24 +1262,21 @@ output_loop:
{
}
- @Override
public void implRun() throws SSLException
{
KeyExchangeAlgorithm kexalg = engine.session().suite.keyExchangeAlgorithm();
X509ExtendedKeyManager km = engine.contextImpl.keyManager;
Principal[] issuers = null; // XXX use TrustedAuthorities extension.
- String kAlias = km.chooseEngineServerAlias(kexalg.name(), issuers, engine);
- setKeyAlias(kAlias);
- if (kAlias == null)
+ keyAlias = km.chooseEngineServerAlias(kexalg.name(), issuers, engine);
+ if (keyAlias == null)
throw new SSLException("no certificates available");
- X509Certificate[] chain = km.getCertificateChain(kAlias);
+ X509Certificate[] chain = km.getCertificateChain(keyAlias);
engine.session().setLocalCertificates(chain);
- X509Certificate lCert = chain[0];
- setLocalCert(lCert);
- setServerKey(km.getPrivateKey(kAlias));
+ localCert = chain[0];
+ serverKey = km.getPrivateKey(keyAlias);
if (kexalg == DH_DSS || kexalg == DH_RSA)
- setDHPair(new KeyPair(lCert.getPublicKey(),
- km.getPrivateKey(keyAlias)));
+ dhPair = new KeyPair(localCert.getPublicKey(),
+ km.getPrivateKey(keyAlias));
}
}
@@ -1336,15 +1288,6 @@ output_loop:
ByteBuffer paramsBuffer;
ByteBuffer sigBuffer;
- /**
- * Public constructor to avoid synthetic accessor.
- */
- public GenDH()
- {
- super();
- }
-
- @Override
protected void implRun()
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException,
InvalidKeyException, SignatureException
@@ -1352,9 +1295,8 @@ output_loop:
KeyPairGenerator dhGen = KeyPairGenerator.getInstance("DH");
DHParameterSpec dhparams = DiffieHellman.getParams().getParams();
dhGen.initialize(dhparams, engine.session().random());
- KeyPair pair = dhGen.generateKeyPair();
- setDHPair(pair);
- DHPublicKey pub = (DHPublicKey) pair.getPublic();
+ dhPair = dhGen.generateKeyPair();
+ DHPublicKey pub = (DHPublicKey) dhPair.getPublic();
// Generate the parameters message.
ServerDHParams params = new ServerDHParams(pub.getParams().getP(),
@@ -1371,7 +1313,7 @@ output_loop:
if (Debug.DEBUG_KEY_EXCHANGE)
logger.logv(Component.SSL_KEY_EXCHANGE,
"Diffie-Hellman public:{0} private:{1}",
- pair.getPublic(), pair.getPrivate());
+ dhPair.getPublic(), dhPair.getPrivate());
}
}
@@ -1384,14 +1326,13 @@ output_loop:
this.encryptedPreMasterSecret = encryptedPreMasterSecret;
}
- @Override
public void implRun()
throws BadPaddingException, IllegalBlockSizeException, InvalidKeyException,
NoSuchAlgorithmException, NoSuchPaddingException, SSLException
{
Cipher rsa = Cipher.getInstance("RSA");
- rsa.init(Cipher.DECRYPT_MODE, getServerKey());
- rsa.init(Cipher.DECRYPT_MODE, getLocalCert());
+ rsa.init(Cipher.DECRYPT_MODE, serverKey);
+ rsa.init(Cipher.DECRYPT_MODE, localCert);
preMasterSecret = rsa.doFinal(encryptedPreMasterSecret);
generateMasterSecret(clientRandom, serverRandom, engine.session());
byte[][] keys = generateKeys(clientRandom, serverRandom, engine.session());
@@ -1415,8 +1356,8 @@ output_loop:
NoSuchAlgorithmException, NoSuchPaddingException, SSLException
{
Cipher rsa = Cipher.getInstance("RSA");
- rsa.init(Cipher.DECRYPT_MODE, getServerKey());
- rsa.init(Cipher.DECRYPT_MODE, getLocalCert());
+ rsa.init(Cipher.DECRYPT_MODE, serverKey);
+ rsa.init(Cipher.DECRYPT_MODE, localCert);
byte[] rsaSecret = rsa.doFinal(encryptedPreMasterSecret);
byte[] psSecret = psKey.getEncoded();
preMasterSecret = new byte[rsaSecret.length + psSecret.length + 4];