1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
|
2006-07-18 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/ClientHandshake.java
(implHandleInput, implHandleOutput): fix PSK exchange handling.
(ClientDHGen.full): new field.
(ClientDHGen.implRun): run full key exchange if `full' is true.
(ClientDHGen.serverKey): new method.
(RSAGen.full): new field.
(RSAGen.implRun): run full key exchange if `full' is true.
* gnu/javax/net/ssl/provider/ClientDHE_PSKParameters.java
(params): slice the buffer.
* gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java
(<init>): use `dhParams,' not `buffer.'
(params): slice the buffer.
* gnu/javax/net/ssl/provider/ServerKeyExchange.java (length):
handle case where parameters or signature are null.
* gnu/javax/net/ssl/provider/ClientRSA_PSKParameters.java
(version): removed.
(<init>): don't take version argument.
(<init>): don't take version argument; take buffer argument.
(secret): pass TLS_1 to EncryptedPreMasterSecret constructor.
* gnu/javax/net/ssl/provider/CipherSuite.java (isResolved): new
field.
(<init>, <init>): set `isResolved.'
(resolve): add PSK cipher suite detection.
(isResolved): new method.
* gnu/javax/net/ssl/provider/ServerHandshake.java (serverKey): new
field.
(chooseSuites): choose NONE key exchanges, too; omit unresolved
cipher suites.
(implHandleInput, implHandleOutput): fix PSK handling.
(checkKeyExchange): update for NONE and PSK exchanges.
(CertLoader.implRun): grab our private key here.
(RSAKeyExchange.implRun): initialize RSA cipher with our private
key.
(RSA_PSKExchange.implRun): likewise.
* gnu/javax/net/ssl/provider/ExchangeKeys.java (<init>): duplicate
and order the buffer; handle null argument.
* gnu/javax/net/ssl/provider/ClientKeyExchange.java
(exchangeKeys): handle NONE exchange.
* gnu/javax/net/ssl/provider/SSLContextImpl.java (engineInit):
handle PSK key managers properly.
* gnu/javax/net/ssl/provider/SSLEngineImpl.java (<init>): remove
debug logging.
* gnu/javax/net/ssl/provider/ServerDHParams.java (<init>):
duplicate and order the buffer.
* gnu/javax/crypto/RSACipherImpl.java (doFinal): allow short
input.
(rsaDecrypt): ensure there's a leading zero.
* gnu/javax/net/ssl/provider/EmptyExchangeKeys.java: new file.
2006-07-14 Casey Marshall <csm@gnu.org>
* gnu/java/net/protocol/http/HTTPConnection.java (getSocket):
enable TLSv1.1.
* gnu/java/security/action/GetPropertyAction.java: implement
PrivilegedAction<String>.
(run): return String.
2006-07-14 Casey Marshall <csm@gnu.org>
* gnu/classpath/debug/Component.java (SSL_DELEGATED_TASK): new
constant.
* gnu/classpath/debug/SystemLogger.java (getSystemLogger): new
class method.
* gnu/javax/crypto/RSACipherImpl.java (logger): make instance of
SystemLogger.
(doFinal): use `EME_PKCS1_V1_5' to pad/unpad.
* gnu/javax/net/ssl/AbstractSessionContext.java (getSession): new
method.
* gnu/javax/net/ssl/PreSharedKeyManager.java: new file.
* gnu/javax/net/ssl/PreSharedKeyManagerParameters.java: new file.
* gnu/javax/net/ssl/provider/AbstractHandshake.java: move
delegated task classes to the end.
(handleInput): don't stop processing current input if tasks are
scheduled.
(DHE_PSKGen): new class.
* gnu/javax/net/ssl/provider/CertificateStatusRequest.java
(buffer): make non-final.
(<init>): new "builder" constructor.
(buffer): new method.
* gnu/javax/net/ssl/provider/CertificateURL.java (buffer): make
non-final.
(<init>): new "builder" constructor.
(buffer): new method.
(URLAndOptionalHash): implement Builder.
(URLAndOptionalHash.<init>): set buffer order to BIG_ENDIAN.
(URLAndOptionalHash.<init>, URLAndOptionalHash.<init>): new
"builder" constructors.
(URLAndOptionalHash.buffer): new method.
* gnu/javax/net/ssl/provider/CipherSuite.java: replace
DIFFIE_HELLMAN with qualified algorithm.
(TLS_PSK_WITH_RC4_128_SHA, TLS_PSK_WITH_3DES_EDE_CBC_SHA,
TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA,
TLS_DHE_PSK_WITH_RC4_128_SHA, TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
TLS_RSA_PSK_WITH_RC4_128_SHA, TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
TLS_RSA_PSK_WITH_AES_256_CBC_SHA): new constants.
* gnu/javax/net/ssl/provider/ClientDHE_PSKParameters.java: new
file.
* gnu/javax/net/ssl/provider/ClientHandshake.java
(maxFragmentLengthSent, truncatedHMacSent, sentVersion): new
fields.
(implHandleInput): handle hello extensions; handle PSK key
exchange.
(implHandleOutput): send extensions if configured; handle PSK key
exchange.
(enableExtensions, maxFragmentLength, truncatedHMac,
getPSKIdentity): new methods.
(RSAGen.implRun): use the protocol version we sent in the
generated secret, not the agreed version.
* gnu/javax/net/ssl/provider/ClientHello.java: remove unused
imports.
(disableExtensions): new field.
(length): use `disableExtensions' field.
(extensions): fix telling if there are extensions.
* gnu/javax/net/ssl/provider/ClientHelloBuilder.java
(setExtensions): fix.
(setDisableExtensions): new method.
* gnu/javax/net/ssl/provider/ClientKeyExchange.java
(exchangeKeys): handle PSK exchange.
* gnu/javax/net/ssl/provider/ClientPSKParameters.java: new file.
* gnu/javax/net/ssl/provider/ClientRSA_PSKParameters.java: new
file.
* gnu/javax/net/ssl/provider/EncryptedPreMasterSecret.java
(toString): include hexdump output.
* gnu/javax/net/ssl/provider/Extension.java: implement Builder.
(buffer): mark non-final.
(<init>): make public.
(<init>): new "builder" constructor.
(length): include length of the extension type.
(buffer): new method.
(Value): implement Builder.
* gnu/javax/net/ssl/provider/ExtensionList.java: implement
Builder.
(<init>): new "builder" constructor.
(get): fix.
(length): return total length, including length field.
* gnu/javax/net/ssl/provider/InputSecurityParameters.java
(decrypt): handle stream ciphers (with no padding) properly.
* gnu/javax/net/ssl/provider/Jessie.java (<init>): add JessiePSK
key manager factory.
* gnu/javax/net/ssl/provider/KeyExchangeAlgorithm.java
(DIFFIE_HELLMAN): removed.
(DH_DSS, DH_RSA, DH_anon, DHE_DSS, DHE_RSA, PSK, DHE_PSK,
RSA_PSK): new enum constants.
* gnu/javax/net/ssl/provider/MaxFragmentLength.java (buffer): new
method.
* gnu/javax/net/ssl/provider/OutputSecurityParameters.java
(encrypt): don't use `doFinal.'
* gnu/javax/net/ssl/provider/PreSharedKeyManagerFactoryImpl.java:
new file.
* gnu/javax/net/ssl/provider/SSLContextImpl.java (pskManager): new
field.
(engineInit): initialize PSK manager, if specified.
* gnu/javax/net/ssl/provider/SSLEngineImpl.java (unwrap): debug
logging; don't log warnings on closure alerts.
* gnu/javax/net/ssl/provider/SSLSocketImpl.java
(SocketOutputStream.write): throw an exception if the handshake
threw one in another thread; clear the output buffer after writing
the record.
(doHandshake): fix this; capture exceptions thrown here, for other
threads.
* gnu/javax/net/ssl/provider/ServerDHE_PSKParameters.java: new
file.
* gnu/javax/net/ssl/provider/ServerDHParams.java (algorithm): mark
deprecated (it's difficult to support this properly).
* gnu/javax/net/ssl/provider/ServerHandshake.java
(chooseSuites): select suites based on key exchange algorithm.
(implHandleInput): handle key exchange better; handle PSK
exchange.
(implHandleOutput): likewise.
(CertLoader.implRun): just use key exchange name directly.
(RSA_PSKExchange): new class.
* gnu/javax/net/ssl/provider/ServerKeyExchange.java (params):
handle PSK exchange algorithms.
(signature): likewise.
* gnu/javax/net/ssl/provider/ServerNameList.java
(buffer): make non-final.
(<init>): new "builder" constructor.
(buffer): new method.
(ServerName.buffer): make non-final.
(ServerName.<init>): new "builder" constructor.
(ServerName.length): return total length, including type and
length fields.
(ServerName.buffer): new method.
* gnu/javax/net/ssl/provider/ServerPSKParameters.java: new file.
* gnu/javax/net/ssl/provider/ServerRSA_PSKParameters.java: new
file.
* gnu/javax/net/ssl/provider/TruncatedHMAC.java (buffer): new
method.
* gnu/javax/net/ssl/provider/TrustedAuthorities.java (<init>): set
buffer order to BIG_ENDIAN.
(buffer): new method.
* gnu/javax/net/ssl/provider/UnresolvedExtensionValue.java
(buffer): new method.
* gnu/javax/net/ssl/provider/Util.java (wrapBuffer, wrapBuffer):
new methods.
(WrappedBuffer): new class.
* gnu/javax/net/ssl/provider/X509KeyManagerFactory.java
(getAliases): add RSA_PSK.
2006-07-12 Casey Marshall <csm@gnu.org>
* gnu/javax/security/auth/callback/CertificateCallback.java: new
file.
2006-07-12 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/AbstractHandshake.java
(engine, inParams, outParams, tasks, serverRandom, clientRandom,
compression): new fields.
(<init>): take an SSLEngineImpl parameter; init `tasks.'
(handleInput): return NEED_TASK if we have tasks.
(getInputParams, getOutputParams): implement here; mark final.
(getTask): new method.
(checkKeyExchange): new method.
(reallocateBuffer): use `compact.'
(diffieHellmanPhase1, diffieHellmanPhase2): removed.
(DHPhase, CertVerifier): new classes.
(generateMasterSecret): add asserts.
(setupSecurityParameters): new method.
* gnu/javax/net/ssl/provider/Certificate.java (certificates): fix
reading multiple certificates.
* gnu/javax/net/ssl/provider/ClientCertificateTypeList.java:
implement Iterable<ClientCertificateType>.
(iterator): new method.
* gnu/javax/net/ssl/provider/ClientDiffieHellmanPublic.java: make
public; implement Builder.
(<init>): make public.
(<init>): new constructor.
(wrap): new method.
(buffer): new method.
(publicValue): make public; use `rewind.'
(setPublicValue): use `Util.trim;' use `rewind.'
(length): return proper length.
* gnu/javax/net/ssl/provider/ClientHandshake.java: new file.
* gnu/javax/net/ssl/provider/ClientKeyExchange.java: remove unused
imports; make public, non-final.
(buffer): make protected, non-final.
(suite, version): make protected.
(<init>): make public.
(length): return 0 for NONE key exchange algorithm.
* gnu/javax/net/ssl/provider/ClientKeyExchangeBuilder.java: new
file.
* gnu/javax/net/ssl/provider/DelegatedTask.java: new file.
* gnu/javax/net/ssl/provider/DiffieHellman.java (getParams): use
AccessController instead of Util.
* gnu/javax/net/ssl/provider/EncryptedPreMasterSecret.java: make
public; implement Builder.
(<init>): make public.
(<init>): new constructor.
(buffer): new method.
(encryptedSecret): make public; fix SSLv3 handling.
(setEncryptedSecret): make public; rewind the buffer after putting
the value.
(length): fix length computation.
* gnu/javax/net/ssl/provider/ExchangeKeys.java: make public.
(buffer): make protected, non-final.
(<init>): made public; don't check null.
* gnu/javax/net/ssl/provider/Jessie.java (<init>): add "SSL" alias.
* gnu/javax/net/ssl/provider/ServerHandshake.java: clean up unused
imports.
(engine, compression, clientRandom, serverRandom, clientSessionID,
inParams, outParams, keyAgreement): moved to superclass.
(genDH, certVerifier, certLoader, keyExchangeTask): new fields.
(<init>): pass engine to superclass constructor.
(implHandleInput): throw `AlertException' when it makes sense; run
long-running tasks as delegated tasks; return NEED_TASK if we
scheduled a delegated task.
(implHandleOutput): generate keys for continued sessions; run
long-running tasks as delegated tasks; return NEED_TASK if we
scheduled a delegated task.
(status): also return NEED_TASK as appropriate.
(getInputParams, getOutputParams): removed.
(checkKeyExchange): new method.
(genDiffieHellman): removed.
(signParams): throw exceptions.
(CertLoader, GenDH, RSAKeyExchange): new classes.
* gnu/javax/net/ssl/provider/SSLContextImpl.java
(engineGetServerSocketFactory): implement.
(engineGetSocketFactory): implement.
(defaultRandom): use AccessController instead of Util.
* gnu/javax/net/ssl/provider/SSLEngineImpl.java (<init>): use
`defaultSuites.'
(defaultSuites): new method.
(startHandshake): start client handshake in client mode.
(getDelegatedTask): implement.
(unwrap, wrap): send alert if we catch an AlertException during
handshaking.
* gnu/javax/net/ssl/provider/SSLServerSocketFactoryImpl.java: new
file.
* gnu/javax/net/ssl/provider/SSLServerSocketImpl.java: new file.
* gnu/javax/net/ssl/provider/SSLSocketFactoryImpl.java: new file.
* gnu/javax/net/ssl/provider/SSLSocketImpl.java: new file.
* gnu/javax/net/ssl/provider/X509TrustManagerFactory.java
(sep, JSSE_CERTS, CA_CERTS, engineInit): use AccessController, not
Util.
(checkTrusted): don't require revocation checking.
* java/util/Collections.java (CheckedMap.entrySet): casting hack.
* java/util/concurrent/CopyOnWriteArrayList.java: new file.
2006-07-09 Casey Marshall <csm@gnu.org>
* gnu/java/io/ByteBufferOutputStream.java (write): new method.
(buffer): use flip() and slice() to get the buffer.
(toString): new method.
* gnu/java/security/Engine.java: merge mwringe's case-insensitive
algorithm name patch.
* gnu/javax/crypto/jce/GnuCrypto.java (<init>): qualify
PrivilegedAction.
* gnu/javax/crypto/key/dh/GnuDHPrivateKey.java (toString): new
method.
* gnu/javax/crypto/key/dh/GnuDHPublicKey.java (toString): new
method.
* java/security/Security.java: qualify generic types.
2006-07-09 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/AbstractSessionContext.java (newInstance):
return `AbstractSessionContext.'
(getSession): check if the session is null.
* gnu/javax/net/ssl/Session.java (packetBufferSize): removed.
(<init>): initialize `applicationBufferSize.'
(getPacketBufferSize): return application buffer size, plus 2048.
* gnu/javax/net/ssl/provider/AbstractHandshake.java (PAD1, PAD2):
new constants.
(handleInput): implement; call `implHandleOutput,' and hash
messages as they are consumed.
(implHandleInput): new abstract method.
(handleOutput): fix hashing of produced bytes.
(status, handleV2Hello): new abstract methods.
(pollHandshake): don't hash the input here; add logging.
(hasMessage): add logging.
(reallocateBuffer): shift the existing contents down in the
buffer, if it is, on the whole, large enough for new input.
(genV2CertificateVerify): renamed...
(genV3CertificateVerify): to this, which is correct.
(generateKeys): fix PRF setup; generate an IV for 1.1; add
logging.
(generateFinished): add logging; update with correct padding.
(generateMasterSecret): add logging; fix PRF initialization.
* gnu/javax/net/ssl/provider/CipherSuite.java (mac): use mac
algorithm name "HMac-SHA1".
* gnu/javax/net/ssl/provider/ClientHello.java: make extendable.
* gnu/javax/net/ssl/provider/ClientHelloBuilder.java: new file.
* gnu/javax/net/ssl/provider/ClientHelloV2.java (<init>): order
the input buffer BIG_ENDIAN.
(cipherSpecs): made public; use qualified return type.
* gnu/javax/net/ssl/provider/Debug.java: new file.
* gnu/javax/net/ssl/provider/Extension.java (<init>): order the
input buffer BIG_ENDIAN.
(length): return the total length, including the length field.
(toString): add prefix to value.
* gnu/javax/net/ssl/provider/ExtensionList.java (<init>): order
the input buffer BIG_ENDIAN.
* gnu/javax/net/ssl/provider/InputSecurityParameters.java
(logger): new constant.
(suite): new field.
(<init>): also take a `CipherSuite' argument.
(decrypt): use `update,' not `doFinal' for decryption; add debug
logging; fix mac computation; fix copying fragment to output.
(cipherSuite): return `suite' field.
* gnu/javax/net/ssl/provider/Jessie.java (<init>): add
"TLSv1.1-RSA" signature.
* gnu/javax/net/ssl/provider/OutputSecurityParameters.java
(logger): new constant.
(suite): new field.
(<init>): take additional `CipherSuite' argument.
(encrypt): add debug logging; fix mac computation; various little
fixes.
(suite): new method.
* gnu/javax/net/ssl/provider/ProtocolVersion.java (forName): also
recognize "TLSv1.1".
* gnu/javax/net/ssl/provider/Random.java (copy): fix copying the
internal buffer.
* gnu/javax/net/ssl/provider/Record.java (<init>): order the input
buffer BIG_ENDIAN.
(toString): include length in output.
* gnu/javax/net/ssl/provider/SSLContextImpl.java (serverContext,
clientContext): declare both as `AbstractSessionContext.'
* gnu/javax/net/ssl/provider/SSLEngineImpl.java (logger): make an
instance of `SystemLogger.'
(mode): declare as a Mode.
(Mode): new enum.
(<init>): add logging; initialize `enabledProtocols' and
`enabledSuites.'
(beginHandshake): debug logging; handle Mode enum.
(closeOutbound): prepare `lastAlert' to carry the close alert.
(isInboundDone, isOutboundDone): implement.
(setUseClientMode): use Mode enum.
(unwrap): fix V2 hello handling; optimize calls when the cipher
suite is TLS_NULL_WITH_NULL_NULL; add debug logging; handle closue
alerts properly; fix record length reporting.
(wrap): set `outClosed' if we are sending a closure alert here;
delay changing output security params until we emit the change
notification; optimize initial handshake; fix input buffer
consumption; handle end of handshake.
* gnu/javax/net/ssl/provider/SSLRSASignatureImpl.java: new file.
* gnu/javax/net/ssl/provider/ServerDHParams.java (buffer): set
position to 0 in the buffer we return.
* gnu/javax/net/ssl/provider/ServerHandshake.java (version,
suite): removed.
(chooseSuite): make non-static; only choose a cipher suite that we
have a compatible certificate for.
(chooseCompression): use properties to enable/disable zlib.
(doHash): say no if we are handling a V2 hello.
(handleInput): rename to...
(implHandleInput): this; only handle a single handshake message in
this method (handleInput from the superclass will call us
repeatedly to drain the input buffer); various other fixes.
(implHandleOutput): debug logging; temporarily disable packing
more than one handshake per record; various little fixes.
(status, handleV2Hello): new methods.
(genDiffieHellman): use static parameters from the DiffieHellman
class.
(signParams): use correct signature algorithm.
* gnu/javax/net/ssl/provider/ServerHello.java (totalLength):
removed.
(disableExtensions): new field.
(length): don't query extensions if `disableExtensions' is true.
* gnu/javax/net/ssl/provider/ServerHelloBuilder.java
(setDisableExtensions): new method.
* gnu/javax/net/ssl/provider/ServerNameList.java: various parsing
fixes.
* gnu/javax/net/ssl/provider/SessionImpl.java (<init>): new
constructor.
(setApplicationBufferSize): new method.
(setPacketBufferSize): new method.
* gnu/javax/net/ssl/provider/SignatureAlgorithm.java
(getAlgorithm): new method.
* gnu/javax/net/ssl/provider/Util.java: make public; mark
security-sensitive methods deprecated.
* gnu/javax/net/ssl/provider/X509KeyManagerFactory.java
(chooseAliases): handle DSA; handle unrecognized signature
algorithms.
2006-06-28 Casey Marshall <csm@gnu.org>
* jessie-tests/testCertificate.java: update for Builder
interface and API changes.
* jesasie-tests/testServerHello.java: likewise.
* jessie-tests/testServerKeyExchange.java: likewise.
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/javax/crypto/key/GnuPBEKey.java: new file.
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/AbstractHandshake.java: implement
numerous "common" methods in server and client handshakes.
* gnu/javax/net/ssl/provider/AlertException.java: made public; add
cause constructors.
* gnu/javax/net/ssl/provider/Builder.java: new file.
* gnu/javax/net/ssl/provider/Certificate.java: make subclassable.
* gnu/javax/net/ssl/provider/CertificateBuilder.java: new file.
* gnu/javax/net/ssl/provider/CertificateRequest.java: make
subclassable.
* gnu/javax/net/ssl/provider/CertificateRequestBuilder.java: new
file.
* gnu/javax/net/ssl/provider/CipherSuite.java: remove dependence
on protocol version.
* gnu/javax/net/ssl/provider/ClientHello.java (hasExtensions): new
method.
* gnu/javax/net/ssl/provider/ClientHelloV2.java (cipherSpecs):
genericize collections.
* gnu/javax/net/ssl/provider/ClientKeyExchange.java: make version
argument explicit, instead of implied by the cipher suite.
* gnu/javax/net/ssl/provider/Constructed.java: expand JavaDocs.
* gnu/javax/net/ssl/provider/Finished.java: accept TLS 1.1 version
numbers, too.
* gnu/javax/net/ssl/provider/Handshake.java: make version
explicit, instead of implied by the cipher suite.
* gnu/javax/net/ssl/provider/InputSecurityParameters.java: made
public.
(suite): removed.
(session): new field (replaces/encapsulates `suite').
(<init>): made public; take a SessionImpl, not a CipherSuite.
(decrypt, decrypt, decrypt): add support for growable buffers AND
a fixed-size array of buffers (we use the former internally; the
latter is used to implement the scatter/gather model of
SSLEngine.
* gnu/javax/net/ssl/provider/Jessie.java: update algorithms.
* gnu/javax/net/ssl/provider/MacAlgorithm.java: just specify
NULL/MD5/SHA, not version-specific algorithms.
* gnu/javax/net/ssl/provider/OutputSecurityParameters.java:
replace suite with session; support scatter/gather operation.
* gnu/javax/net/ssl/provider/ProtocolVersion.java: implement
Comparable<ProtocolVersion>.
* gnu/javax/net/ssl/provider/Random.java: implement Builder.
(buffer): new method.
* gnu/javax/net/ssl/provider/SSLContextImpl.java: new file.
* gnu/javax/net/ssl/provider/SSLEngineImpl.java: numerous changes;
largely implemented now.
* gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java: new file.
* gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java: new file.
* gnu/javax/net/ssl/provider/ServerDHParams.java: implement
Builder.
(<init>): new constructor that takes known parameters.
(buffer): new method.
* gnu/javax/net/ssl/provider/ServerHandshake.java: numerous
changes; largely implemented now.
* gnu/javax/net/ssl/provider/ServerHello.java: make subclassable.
* gnu/javax/net/ssl/provider/ServerHelloBuilder.java: new file.
* gnu/javax/net/ssl/provider/ServerKeyExchange.java: make
subclassable.
* gnu/javax/net/ssl/provider/ServerKeyExchangeBuilder.java: new
file.
* gnu/javax/net/ssl/provider/SessionImpl.java: expanded.
* gnu/javax/net/ssl/provider/Signature.java: implement Builder.
(<init>): new method, that takes a pre-computed signature.
(buffer): new method.
* gnu/javax/net/ssl/provider/SimpleSessionContext.java: new file.
* gnu/javax/net/ssl/provider/X509KeyManagerFactory.java:
genericize Collections usage.
(Manager): extend X509ExtendedKeyManager; genericize fields.
(Manager.chooseEngineClientAlias): new method.
(Manager.chooseEngineServerAlias): new method.
* gnu/javax/net/ssl/provider/X509TrustManagerFactory.java (sep):
new constant; use it instead of constantly calling getProperty.
(init): genericize lists.
(Manager.trusted): removed.
(Manager.anchors): new field (replacement for above).
(<init>): handle changes to fields.
(getAcceptedIssuers): use `anchors.toArray().'
(checkTrusted): use a PKIX CertPathVerifier.
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/AbstractSessionContext.java: renamed from
`SessionStore.' Implement SessionContext.
* gnu/javax/net/ssl/PrivateCredentials.java: genericize
collections.
* gnu/javax/net/ssl/Session.java (packetBufferSize): new field.
(values): genericize.
(random): make transient.
(truncatedMac, context): new fields.
(getLocalPrincipal, getPacketBufferSize, getPeerPrincipal)
(getSessionContext): implement.
(isTruncatedMac): new method.
(repair, privateData, setPrivateData): new abstract methods.
(PrivateData.serialVersionUID): new constant.
* gnu/javax/net/ssl/SessionStore.java: renamed to
`AbstractSessionContext.'
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/java/security/Requires.java: new annotation.
* gnu/java/security/action/GetSecurityPropertyAction.java:
implement PrivilegedAction<String>.
(run): return String.
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/java/io/ByteBufferOutputStream.java: new file.
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/classpath/debug/SystemLogger.java: extend Logger.
(SYSTEM): declare as instance of SystemLogger; set it to such an
instance.
(<clinit>): removed debug lines.
(<init>): new method.
(logv): new method.
2006-06-28 Casey Marshall <csm@gnu.org>
* java/security/Signature.java (update): new method.
* java/security/SignatureSpi.java (engineUpdate): new method.
2006-06-10 Casey Marshall <csm@gnu.org>
* jessie-tests/testClientHello.java: update for extensions
changes.
* jessie-tests/testExtensionList.java: likewise.
* jessie-tests/testServerHello.java: likewise.
2006-06-10 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/ServerHello.java (extensions): return
an ExtensionList.
(setExtensionsLength): set the length in the buffer.
(toString): print out individual extensions.
* gnu/javax/net/ssl/provider/Extension.java (valueBytes): new
method.
(valueBuffer): new method.
(value): return an Extenion.Value.
(toString): print out extension value.
(Value): new abstract inner class.
* gnu/javax/net/ssl/provider/ClientHello.java (extensions): return
an ExtensionList.
(setExtensionListLength): set the length in the buffer.
(toString): print out extensions.
* gnu/javax/net/ssl/provider/ServerHandshake.java
(chooseSuite, chooseCompression): use generics and foreach loops.
* gnu/javax/net/ssl/provider/ExtensionList.java: new class.
* gnu/javax/net/ssl/provider/MaxFragmentLength.java: new class.
* gnu/javax/net/ssl/provider/CertificateURL.java: new class.
* gnu/javax/net/ssl/provider/UnresolvedExtensionValue.java: new
class.
* gnu/javax/net/ssl/provider/TruncatedHMAC.java: new class.
* gnu/javax/net/ssl/provider/ServerNameList.java: new class.
* gnu/javax/net/ssl/provider/TrustedAuthorities.java: new class.
* gnu/javax/net/ssl/provider/CertificateStatusType.java: new
class.
* gnu/javax/net/ssl/provider/CertificateStatusRequest.java: new
class.
2006-06-05 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/Extension.java: add Javadoc.
(length): return the length of the extension value.
(setLength, setType, setValue, setValue): new methods.
* gnu/javax/net/ssl/provider/ExtensionList.java: new file.
* jessie-tests/run-tests.sh: add testExtensionList.
* jessie-tests/testExtensionList.java: new file.
2006-06-05 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/CipherSuiteList.java: implement
Iterable<CipherSuite>.
(iterator): new method.
* gnu/javax/net/ssl/provider/CompressionMethodList.java: implement
Iterable<CompressionMethod>.
(iterator): new method.
* gnu/javax/net/ssl/provider/X500PrincipalList.java: implement
Iterable<X500Principal>.
(iterator): new method.
2006-06-05 C. Scott Marshall <csm@gnu.org>
* java/security/MessageDigest.java (update): new method.
* java/security/MessageDigestSpi.java (engineUpdate): new method.
2006-06-03 C. Scott Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/ServerHelloDone.java: made public.
* jessie-tests/run-tests.sh: add `testServerHelloDone.'
* jessie-tests/testServerHelloDone.java: new test.
|
