< prev index next >
src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java
Print this page
*** 1197,1207 ****
// Is it a local supported signature algorithm?
if (!localSupportedSignAlgs.contains(
preferableSignatureAlgorithm)) {
throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " +
! "ServerKeyExchange message");
}
} else {
this.preferableSignatureAlgorithm = null;
}
--- 1197,1207 ----
// Is it a local supported signature algorithm?
if (!localSupportedSignAlgs.contains(
preferableSignatureAlgorithm)) {
throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " +
! "ServerKeyExchange message: " + preferableSignatureAlgorithm);
}
} else {
this.preferableSignatureAlgorithm = null;
}
*** 1230,1240 ****
break;
case "RSA":
sig = RSASignature.getInstance();
break;
default:
! throw new SSLKeyException("neither an RSA or a DSA key");
}
}
sig.initVerify(publicKey);
updateSignature(sig, clntNonce, svrNonce);
--- 1230,1240 ----
break;
case "RSA":
sig = RSASignature.getInstance();
break;
default:
! throw new SSLKeyException("neither an RSA or a DSA key: " + algorithm);
}
}
sig.initVerify(publicKey);
updateSignature(sig, clntNonce, svrNonce);
*** 1480,1490 ****
// Is it a local supported signature algorithm?
if (!localSupportedSignAlgs.contains(
preferableSignatureAlgorithm)) {
throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " +
! "ServerKeyExchange message");
}
}
// read the signature
signatureBytes = input.getBytes16();
--- 1480,1490 ----
// Is it a local supported signature algorithm?
if (!localSupportedSignAlgs.contains(
preferableSignatureAlgorithm)) {
throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " +
! "ServerKeyExchange message: " + preferableSignatureAlgorithm);
}
}
// read the signature
signatureBytes = input.getBytes16();
*** 1520,1530 ****
case "EC":
return JsseJce.getSignature(JsseJce.SIGNATURE_ECDSA);
case "RSA":
return RSASignature.getInstance();
default:
! throw new NoSuchAlgorithmException("neither an RSA or a EC key");
}
}
private void updateSignature(Signature sig, byte[] clntNonce,
byte[] svrNonce) throws SignatureException {
--- 1520,1531 ----
case "EC":
return JsseJce.getSignature(JsseJce.SIGNATURE_ECDSA);
case "RSA":
return RSASignature.getInstance();
default:
! throw new NoSuchAlgorithmException(
! "neither an RSA or a EC key : " + keyAlgorithm);
}
}
private void updateSignature(Signature sig, byte[] clntNonce,
byte[] svrNonce) throws SignatureException {
*** 1727,1737 ****
// Read the supported_signature_algorithms for TLS 1.2 or later.
if (protocolVersion.useTLS12PlusSpec()) {
algorithmsLen = input.getInt16();
if (algorithmsLen < 2) {
throw new SSLProtocolException(
! "Invalid supported_signature_algorithms field");
}
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
int remains = algorithmsLen;
int sequence = 0;
--- 1728,1738 ----
// Read the supported_signature_algorithms for TLS 1.2 or later.
if (protocolVersion.useTLS12PlusSpec()) {
algorithmsLen = input.getInt16();
if (algorithmsLen < 2) {
throw new SSLProtocolException(
! "Invalid supported_signature_algorithms field: " + algorithmsLen);
}
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
int remains = algorithmsLen;
int sequence = 0;
*** 1746,1756 ****
remains -= 2; // one byte for hash, one byte for signature
}
if (remains != 0) {
throw new SSLProtocolException(
! "Invalid supported_signature_algorithms field");
}
} else {
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
algorithmsLen = 0;
}
--- 1747,1757 ----
remains -= 2; // one byte for hash, one byte for signature
}
if (remains != 0) {
throw new SSLProtocolException(
! "Invalid supported_signature_algorithms field. remains: " + remains);
}
} else {
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
algorithmsLen = 0;
}
*** 1763,1773 ****
v.add(dn);
len -= dn.length();
}
if (len != 0) {
! throw new SSLProtocolException("Bad CertificateRequest DN length");
}
authorities = v.toArray(new DistinguishedName[v.size()]);
}
--- 1764,1774 ----
v.add(dn);
len -= dn.length();
}
if (len != 0) {
! throw new SSLProtocolException("Bad CertificateRequest DN length: " + len);
}
authorities = v.toArray(new DistinguishedName[v.size()]);
}
*** 1994,2004 ****
// Is it a local supported signature algorithm?
if (!localSupportedSignAlgs.contains(
preferableSignatureAlgorithm)) {
throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " +
! "CertificateVerify message");
}
}
// read the signature
signature = input.getBytes16();
--- 1995,2005 ----
// Is it a local supported signature algorithm?
if (!localSupportedSignAlgs.contains(
preferableSignatureAlgorithm)) {
throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " +
! "CertificateVerify message: " + preferableSignatureAlgorithm);
}
}
// read the signature
signature = input.getBytes16();
*** 2362,2372 ****
KeyGenerator kg = JsseJce.getKeyGenerator(prfAlg);
kg.init(spec);
SecretKey prfKey = kg.generateKey();
if ("RAW".equals(prfKey.getFormat()) == false) {
throw new ProviderException(
! "Invalid PRF output, format must be RAW");
}
byte[] finished = prfKey.getEncoded();
return finished;
} catch (GeneralSecurityException e) {
throw new RuntimeException("PRF failed", e);
--- 2363,2374 ----
KeyGenerator kg = JsseJce.getKeyGenerator(prfAlg);
kg.init(spec);
SecretKey prfKey = kg.generateKey();
if ("RAW".equals(prfKey.getFormat()) == false) {
throw new ProviderException(
! "Invalid PRF output, format must be RAW. Format received:" +
! prfKey.getFormat());
}
byte[] finished = prfKey.getEncoded();
return finished;
} catch (GeneralSecurityException e) {
throw new RuntimeException("PRF failed", e);
< prev index next >