diff options
Diffstat (limited to 'gnu/javax/net/ssl/provider')
-rw-r--r-- | gnu/javax/net/ssl/provider/ClientHandshake.java | 2 | ||||
-rw-r--r-- | gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java | 6 | ||||
-rw-r--r-- | gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java | 6 | ||||
-rw-r--r-- | gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java | 8 | ||||
-rw-r--r-- | gnu/javax/net/ssl/provider/ServerDHParams.java | 9 | ||||
-rw-r--r-- | gnu/javax/net/ssl/provider/ServerHandshake.java | 109 |
6 files changed, 34 insertions, 106 deletions
diff --git a/gnu/javax/net/ssl/provider/ClientHandshake.java b/gnu/javax/net/ssl/provider/ClientHandshake.java index fc13b9be9..c938e284a 100644 --- a/gnu/javax/net/ssl/provider/ClientHandshake.java +++ b/gnu/javax/net/ssl/provider/ClientHandshake.java @@ -1,5 +1,5 @@ /* ClientHandshake.java -- - Copyright (C) 2006, 2015 Free Software Foundation, Inc. + Copyright (C) 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. diff --git a/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java b/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java index b33efc629..5ef84ca1c 100644 --- a/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java +++ b/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java @@ -1,5 +1,5 @@ /* SSLv3HMacMD5.java -- - Copyright (C) 2006, 2015 Free Software Foundation, Inc. + Copyright (C) 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. @@ -38,8 +38,6 @@ exception statement from your version. */ package gnu.javax.net.ssl.provider; -import gnu.javax.crypto.mac.IMac; - import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.Key; @@ -88,7 +86,7 @@ public class SSLv3HMacMD5Impl extends MacSpi || !key.getAlgorithm().equalsIgnoreCase("SSLv3HMac-MD5")) throw new InvalidKeyException("expecting secret key with algorithm \"SSLv3HMac-MD5\""); Map<String,byte[]> attr = - Collections.singletonMap(IMac.MAC_KEY_MATERIAL, key.getEncoded()); + Collections.singletonMap(SSLHMac.MAC_KEY_MATERIAL, key.getEncoded()); adaptee.init(attr); } diff --git a/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java b/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java index d1e7ed768..6b9c9e9cc 100644 --- a/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java +++ b/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java @@ -1,5 +1,5 @@ /* SSLv3HMacSHA.java -- - Copyright (C) 2006, 2015 Free Software Foundation, Inc. + Copyright (C) 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. @@ -38,8 +38,6 @@ exception statement from your version. */ package gnu.javax.net.ssl.provider; -import gnu.javax.crypto.mac.IMac; - import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.Key; @@ -88,7 +86,7 @@ public class SSLv3HMacSHAImpl extends MacSpi || !key.getAlgorithm().equalsIgnoreCase("SSLv3HMac-SHA")) throw new InvalidKeyException("expecting secret key with algorithm \"SSLv3HMac-SHA\""); Map<String,byte[]> attr = - Collections.singletonMap(IMac.MAC_KEY_MATERIAL, key.getEncoded()); + Collections.singletonMap(SSLHMac.MAC_KEY_MATERIAL, key.getEncoded()); adaptee.init(attr); } diff --git a/gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java b/gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java index 6c53ed66a..1de3f8124 100644 --- a/gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java +++ b/gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java @@ -1,5 +1,5 @@ /* ServerDHE_PSKParameters.java -- - Copyright (C) 2006, 2015 Free Software Foundation, Inc. + Copyright (C) 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. @@ -57,7 +57,7 @@ import java.nio.charset.Charset; * * @author Casey Marshall (csm@gnu.org) */ -public class ServerDHE_PSKParameters implements Builder, ServerKeyExchangeParams +public class ServerDHE_PSKParameters implements Constructed, Builder, ServerKeyExchangeParams { private ByteBuffer buffer; @@ -81,7 +81,6 @@ public class ServerDHE_PSKParameters implements Builder, ServerKeyExchangeParams buffer.put(dhParams); } - @Override public KeyExchangeAlgorithm algorithm() { return KeyExchangeAlgorithm.DHE_PSK; @@ -90,7 +89,6 @@ public class ServerDHE_PSKParameters implements Builder, ServerKeyExchangeParams /* (non-Javadoc) * @see gnu.javax.net.ssl.provider.Constructed#length() */ - @Override public int length() { return (buffer.getShort(0) & 0xFFFF) + 2 + params().length(); @@ -117,7 +115,6 @@ public class ServerDHE_PSKParameters implements Builder, ServerKeyExchangeParams /* (non-Javadoc) * @see gnu.javax.net.ssl.provider.Builder#buffer() */ - @Override public ByteBuffer buffer() { return (ByteBuffer) buffer.duplicate().rewind().limit(length()); @@ -131,7 +128,6 @@ public class ServerDHE_PSKParameters implements Builder, ServerKeyExchangeParams /* (non-Javadoc) * @see gnu.javax.net.ssl.provider.Constructed#toString(java.lang.String) */ - @Override public String toString(String prefix) { StringWriter str = new StringWriter(); diff --git a/gnu/javax/net/ssl/provider/ServerDHParams.java b/gnu/javax/net/ssl/provider/ServerDHParams.java index 225956e15..0e2c34881 100644 --- a/gnu/javax/net/ssl/provider/ServerDHParams.java +++ b/gnu/javax/net/ssl/provider/ServerDHParams.java @@ -1,5 +1,5 @@ /* ServerDHParams.java -- The server's Diffie-Hellman parameters. - Copyright (C) 2006, 2015 Free Software Foundation, Inc. + Copyright (C) 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. @@ -104,13 +104,11 @@ public class ServerDHParams implements Builder, ServerKeyExchangeParams buffer.put(y_bytes, y_off, y_len); } - @Deprecated @Override - public KeyExchangeAlgorithm algorithm () + @Deprecated public KeyExchangeAlgorithm algorithm () { return null; // XXX can't support this. } - @Override public int length () { int offset1 = buffer.getShort (0) & 0xFFFF; @@ -119,7 +117,6 @@ public class ServerDHParams implements Builder, ServerKeyExchangeParams + offset1 + offset2 + 6); } - @Override public ByteBuffer buffer() { return (ByteBuffer) buffer.duplicate().position(0).limit(length()); @@ -224,13 +221,11 @@ public class ServerDHParams implements Builder, ServerKeyExchangeParams buffer.put (buf, offset, length); } - @Override public String toString () { return toString (null); } - @Override public String toString (final String prefix) { StringWriter str = new StringWriter (); diff --git a/gnu/javax/net/ssl/provider/ServerHandshake.java b/gnu/javax/net/ssl/provider/ServerHandshake.java index bfc7a28ef..d69fa120d 100644 --- a/gnu/javax/net/ssl/provider/ServerHandshake.java +++ b/gnu/javax/net/ssl/provider/ServerHandshake.java @@ -1,5 +1,5 @@ /* ServerHandshake.java -- the server-side handshake. - Copyright (C) 2006, 2015 Free Software Foundation, Inc. + Copyright (C) 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. @@ -194,7 +194,8 @@ class ServerHandshake extends AbstractHandshake * we have enabled. */ private CipherSuite chooseSuite (final CipherSuiteList clientSuites, - final String[] enabledSuites) + final String[] enabledSuites, + final ProtocolVersion version) throws SSLException { // Figure out which SignatureAlgorithms we can support. @@ -335,7 +336,8 @@ class ServerHandshake extends AbstractHandshake engine.getEnabledProtocols ()); engine.session().suite = chooseSuite (hello.cipherSuites (), - engine.getEnabledCipherSuites ()); + engine.getEnabledCipherSuites (), + engine.session().version); compression = chooseCompression (hello.compressionMethods ()); if (Debug.DEBUG) logger.logv(Component.SSL_HANDSHAKE, @@ -511,10 +513,10 @@ class ServerHandshake extends AbstractHandshake { ClientDHE_PSKParameters params = (ClientDHE_PSKParameters) kex.exchangeKeys(); - DHPublicKey srvKey = (DHPublicKey) dhPair.getPublic(); + DHPublicKey serverKey = (DHPublicKey) dhPair.getPublic(); DHPublicKey clientKey = - new GnuDHPublicKey(null, srvKey.getParams().getP(), - srvKey.getParams().getG(), + new GnuDHPublicKey(null, serverKey.getParams().getP(), + serverKey.getParams().getG(), params.params().publicValue()); SecretKey psk = null; try @@ -571,12 +573,6 @@ class ServerHandshake extends AbstractHandshake engine.session().privateData.masterSecret = new byte[0]; } break; - case DH_DSS: - case DH_RSA: - // Message contains no data in this case (RFC2246, 7.4.7) - break; - default: - throw new SSLException("Unsupported algorithm: " + alg); } // XXX SRP @@ -694,9 +690,6 @@ class ServerHandshake extends AbstractHandshake } } break; - - default: - throw new IllegalStateException("Invalid state: " + state); } handshakeOffset += handshake.length() + 4; @@ -731,7 +724,8 @@ class ServerHandshake extends AbstractHandshake { if (state.isWriteState() || outBuffer.hasRemaining()) return HandshakeStatus.NEED_WRAP; - return HandshakeStatus.NEED_UNWRAP; + else + return HandshakeStatus.NEED_UNWRAP; } // XXX what we need to do here is generate a "stream" of handshake @@ -1149,8 +1143,6 @@ output_loop: state = DONE; } break; - default: - throw new IllegalStateException("Invalid state: " + state); } } if (!tasks.isEmpty()) @@ -1202,7 +1194,7 @@ output_loop: helloV2 = true; } - ByteBuffer signParams(ByteBuffer serverParams) + private ByteBuffer signParams(ByteBuffer serverParams) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { SignatureAlgorithm alg = engine.session().suite.signatureAlgorithm(); @@ -1262,43 +1254,6 @@ output_loop: } } - // Accessors and mutators for delegated tasks. - - void setKeyAlias(final String ka) - { - keyAlias = ka; - } - - String getKeyAlias() - { - return keyAlias; - } - - void setLocalCert(final X509Certificate lc) - { - localCert = lc; - } - - X509Certificate getLocalCert() - { - return localCert; - } - - void setServerKey(final PrivateKey sk) - { - serverKey = sk; - } - - PrivateKey getServerKey() - { - return serverKey; - } - - void setDHPair(KeyPair dh) - { - dhPair = dh; - } - // Delegated tasks. class CertLoader extends DelegatedTask @@ -1307,24 +1262,21 @@ output_loop: { } - @Override public void implRun() throws SSLException { KeyExchangeAlgorithm kexalg = engine.session().suite.keyExchangeAlgorithm(); X509ExtendedKeyManager km = engine.contextImpl.keyManager; Principal[] issuers = null; // XXX use TrustedAuthorities extension. - String kAlias = km.chooseEngineServerAlias(kexalg.name(), issuers, engine); - setKeyAlias(kAlias); - if (kAlias == null) + keyAlias = km.chooseEngineServerAlias(kexalg.name(), issuers, engine); + if (keyAlias == null) throw new SSLException("no certificates available"); - X509Certificate[] chain = km.getCertificateChain(kAlias); + X509Certificate[] chain = km.getCertificateChain(keyAlias); engine.session().setLocalCertificates(chain); - X509Certificate lCert = chain[0]; - setLocalCert(lCert); - setServerKey(km.getPrivateKey(kAlias)); + localCert = chain[0]; + serverKey = km.getPrivateKey(keyAlias); if (kexalg == DH_DSS || kexalg == DH_RSA) - setDHPair(new KeyPair(lCert.getPublicKey(), - km.getPrivateKey(keyAlias))); + dhPair = new KeyPair(localCert.getPublicKey(), + km.getPrivateKey(keyAlias)); } } @@ -1336,15 +1288,6 @@ output_loop: ByteBuffer paramsBuffer; ByteBuffer sigBuffer; - /** - * Public constructor to avoid synthetic accessor. - */ - public GenDH() - { - super(); - } - - @Override protected void implRun() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, SignatureException @@ -1352,9 +1295,8 @@ output_loop: KeyPairGenerator dhGen = KeyPairGenerator.getInstance("DH"); DHParameterSpec dhparams = DiffieHellman.getParams().getParams(); dhGen.initialize(dhparams, engine.session().random()); - KeyPair pair = dhGen.generateKeyPair(); - setDHPair(pair); - DHPublicKey pub = (DHPublicKey) pair.getPublic(); + dhPair = dhGen.generateKeyPair(); + DHPublicKey pub = (DHPublicKey) dhPair.getPublic(); // Generate the parameters message. ServerDHParams params = new ServerDHParams(pub.getParams().getP(), @@ -1371,7 +1313,7 @@ output_loop: if (Debug.DEBUG_KEY_EXCHANGE) logger.logv(Component.SSL_KEY_EXCHANGE, "Diffie-Hellman public:{0} private:{1}", - pair.getPublic(), pair.getPrivate()); + dhPair.getPublic(), dhPair.getPrivate()); } } @@ -1384,14 +1326,13 @@ output_loop: this.encryptedPreMasterSecret = encryptedPreMasterSecret; } - @Override public void implRun() throws BadPaddingException, IllegalBlockSizeException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, SSLException { Cipher rsa = Cipher.getInstance("RSA"); - rsa.init(Cipher.DECRYPT_MODE, getServerKey()); - rsa.init(Cipher.DECRYPT_MODE, getLocalCert()); + rsa.init(Cipher.DECRYPT_MODE, serverKey); + rsa.init(Cipher.DECRYPT_MODE, localCert); preMasterSecret = rsa.doFinal(encryptedPreMasterSecret); generateMasterSecret(clientRandom, serverRandom, engine.session()); byte[][] keys = generateKeys(clientRandom, serverRandom, engine.session()); @@ -1415,8 +1356,8 @@ output_loop: NoSuchAlgorithmException, NoSuchPaddingException, SSLException { Cipher rsa = Cipher.getInstance("RSA"); - rsa.init(Cipher.DECRYPT_MODE, getServerKey()); - rsa.init(Cipher.DECRYPT_MODE, getLocalCert()); + rsa.init(Cipher.DECRYPT_MODE, serverKey); + rsa.init(Cipher.DECRYPT_MODE, localCert); byte[] rsaSecret = rsa.doFinal(encryptedPreMasterSecret); byte[] psSecret = psKey.getEncoded(); preMasterSecret = new byte[rsaSecret.length + psSecret.length + 4]; |