From 1f7a4b1f0727b2d8a29498d78e57309f0bd87a6c Mon Sep 17 00:00:00 2001 From: Andrew John Hughes Date: Thu, 13 Aug 2015 03:00:30 +0100 Subject: Revert undocumented changes accidentally included with last commit. --- gnu/javax/net/ssl/provider/ServerHandshake.java | 109 ++++++------------------ 1 file changed, 25 insertions(+), 84 deletions(-) (limited to 'gnu/javax/net/ssl/provider/ServerHandshake.java') diff --git a/gnu/javax/net/ssl/provider/ServerHandshake.java b/gnu/javax/net/ssl/provider/ServerHandshake.java index bfc7a28ef..d69fa120d 100644 --- a/gnu/javax/net/ssl/provider/ServerHandshake.java +++ b/gnu/javax/net/ssl/provider/ServerHandshake.java @@ -1,5 +1,5 @@ /* ServerHandshake.java -- the server-side handshake. - Copyright (C) 2006, 2015 Free Software Foundation, Inc. + Copyright (C) 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. @@ -194,7 +194,8 @@ class ServerHandshake extends AbstractHandshake * we have enabled. */ private CipherSuite chooseSuite (final CipherSuiteList clientSuites, - final String[] enabledSuites) + final String[] enabledSuites, + final ProtocolVersion version) throws SSLException { // Figure out which SignatureAlgorithms we can support. @@ -335,7 +336,8 @@ class ServerHandshake extends AbstractHandshake engine.getEnabledProtocols ()); engine.session().suite = chooseSuite (hello.cipherSuites (), - engine.getEnabledCipherSuites ()); + engine.getEnabledCipherSuites (), + engine.session().version); compression = chooseCompression (hello.compressionMethods ()); if (Debug.DEBUG) logger.logv(Component.SSL_HANDSHAKE, @@ -511,10 +513,10 @@ class ServerHandshake extends AbstractHandshake { ClientDHE_PSKParameters params = (ClientDHE_PSKParameters) kex.exchangeKeys(); - DHPublicKey srvKey = (DHPublicKey) dhPair.getPublic(); + DHPublicKey serverKey = (DHPublicKey) dhPair.getPublic(); DHPublicKey clientKey = - new GnuDHPublicKey(null, srvKey.getParams().getP(), - srvKey.getParams().getG(), + new GnuDHPublicKey(null, serverKey.getParams().getP(), + serverKey.getParams().getG(), params.params().publicValue()); SecretKey psk = null; try @@ -571,12 +573,6 @@ class ServerHandshake extends AbstractHandshake engine.session().privateData.masterSecret = new byte[0]; } break; - case DH_DSS: - case DH_RSA: - // Message contains no data in this case (RFC2246, 7.4.7) - break; - default: - throw new SSLException("Unsupported algorithm: " + alg); } // XXX SRP @@ -694,9 +690,6 @@ class ServerHandshake extends AbstractHandshake } } break; - - default: - throw new IllegalStateException("Invalid state: " + state); } handshakeOffset += handshake.length() + 4; @@ -731,7 +724,8 @@ class ServerHandshake extends AbstractHandshake { if (state.isWriteState() || outBuffer.hasRemaining()) return HandshakeStatus.NEED_WRAP; - return HandshakeStatus.NEED_UNWRAP; + else + return HandshakeStatus.NEED_UNWRAP; } // XXX what we need to do here is generate a "stream" of handshake @@ -1149,8 +1143,6 @@ output_loop: state = DONE; } break; - default: - throw new IllegalStateException("Invalid state: " + state); } } if (!tasks.isEmpty()) @@ -1202,7 +1194,7 @@ output_loop: helloV2 = true; } - ByteBuffer signParams(ByteBuffer serverParams) + private ByteBuffer signParams(ByteBuffer serverParams) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { SignatureAlgorithm alg = engine.session().suite.signatureAlgorithm(); @@ -1262,43 +1254,6 @@ output_loop: } } - // Accessors and mutators for delegated tasks. - - void setKeyAlias(final String ka) - { - keyAlias = ka; - } - - String getKeyAlias() - { - return keyAlias; - } - - void setLocalCert(final X509Certificate lc) - { - localCert = lc; - } - - X509Certificate getLocalCert() - { - return localCert; - } - - void setServerKey(final PrivateKey sk) - { - serverKey = sk; - } - - PrivateKey getServerKey() - { - return serverKey; - } - - void setDHPair(KeyPair dh) - { - dhPair = dh; - } - // Delegated tasks. class CertLoader extends DelegatedTask @@ -1307,24 +1262,21 @@ output_loop: { } - @Override public void implRun() throws SSLException { KeyExchangeAlgorithm kexalg = engine.session().suite.keyExchangeAlgorithm(); X509ExtendedKeyManager km = engine.contextImpl.keyManager; Principal[] issuers = null; // XXX use TrustedAuthorities extension. - String kAlias = km.chooseEngineServerAlias(kexalg.name(), issuers, engine); - setKeyAlias(kAlias); - if (kAlias == null) + keyAlias = km.chooseEngineServerAlias(kexalg.name(), issuers, engine); + if (keyAlias == null) throw new SSLException("no certificates available"); - X509Certificate[] chain = km.getCertificateChain(kAlias); + X509Certificate[] chain = km.getCertificateChain(keyAlias); engine.session().setLocalCertificates(chain); - X509Certificate lCert = chain[0]; - setLocalCert(lCert); - setServerKey(km.getPrivateKey(kAlias)); + localCert = chain[0]; + serverKey = km.getPrivateKey(keyAlias); if (kexalg == DH_DSS || kexalg == DH_RSA) - setDHPair(new KeyPair(lCert.getPublicKey(), - km.getPrivateKey(keyAlias))); + dhPair = new KeyPair(localCert.getPublicKey(), + km.getPrivateKey(keyAlias)); } } @@ -1336,15 +1288,6 @@ output_loop: ByteBuffer paramsBuffer; ByteBuffer sigBuffer; - /** - * Public constructor to avoid synthetic accessor. - */ - public GenDH() - { - super(); - } - - @Override protected void implRun() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, SignatureException @@ -1352,9 +1295,8 @@ output_loop: KeyPairGenerator dhGen = KeyPairGenerator.getInstance("DH"); DHParameterSpec dhparams = DiffieHellman.getParams().getParams(); dhGen.initialize(dhparams, engine.session().random()); - KeyPair pair = dhGen.generateKeyPair(); - setDHPair(pair); - DHPublicKey pub = (DHPublicKey) pair.getPublic(); + dhPair = dhGen.generateKeyPair(); + DHPublicKey pub = (DHPublicKey) dhPair.getPublic(); // Generate the parameters message. ServerDHParams params = new ServerDHParams(pub.getParams().getP(), @@ -1371,7 +1313,7 @@ output_loop: if (Debug.DEBUG_KEY_EXCHANGE) logger.logv(Component.SSL_KEY_EXCHANGE, "Diffie-Hellman public:{0} private:{1}", - pair.getPublic(), pair.getPrivate()); + dhPair.getPublic(), dhPair.getPrivate()); } } @@ -1384,14 +1326,13 @@ output_loop: this.encryptedPreMasterSecret = encryptedPreMasterSecret; } - @Override public void implRun() throws BadPaddingException, IllegalBlockSizeException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, SSLException { Cipher rsa = Cipher.getInstance("RSA"); - rsa.init(Cipher.DECRYPT_MODE, getServerKey()); - rsa.init(Cipher.DECRYPT_MODE, getLocalCert()); + rsa.init(Cipher.DECRYPT_MODE, serverKey); + rsa.init(Cipher.DECRYPT_MODE, localCert); preMasterSecret = rsa.doFinal(encryptedPreMasterSecret); generateMasterSecret(clientRandom, serverRandom, engine.session()); byte[][] keys = generateKeys(clientRandom, serverRandom, engine.session()); @@ -1415,8 +1356,8 @@ output_loop: NoSuchAlgorithmException, NoSuchPaddingException, SSLException { Cipher rsa = Cipher.getInstance("RSA"); - rsa.init(Cipher.DECRYPT_MODE, getServerKey()); - rsa.init(Cipher.DECRYPT_MODE, getLocalCert()); + rsa.init(Cipher.DECRYPT_MODE, serverKey); + rsa.init(Cipher.DECRYPT_MODE, localCert); byte[] rsaSecret = rsa.doFinal(encryptedPreMasterSecret); byte[] psSecret = psKey.getEncoded(); preMasterSecret = new byte[rsaSecret.length + psSecret.length + 4]; -- cgit v1.2.1