198 "The key spec to be validated cannot be null");
199 }
200
201 if (keySpec instanceof DHPublicKeySpec) {
202 validateDHPublicKey((DHPublicKeySpec)keySpec);
203 }
204 }
205
206 /**
207 * Returns whether the specified provider is Oracle provider or not.
208 *
209 * @param providerName
210 * the provider name
211 * @return true if, and only if, the provider of the specified
212 * {@code providerName} is Oracle provider
213 */
214 public static final boolean isOracleJCEProvider(String providerName) {
215 return providerName != null &&
216 (providerName.equals("SunJCE") ||
217 providerName.equals("SunMSCAPI") ||
218 providerName.equals("OracleUcrypto") ||
219 providerName.startsWith("SunPKCS11"));
220 }
221
222 /**
223 * Check the format of TLS PreMasterSecret.
224 * <P>
225 * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246,
226 * treating incorrectly formatted message blocks and/or mismatched
227 * version numbers in a manner indistinguishable from correctly
228 * formatted RSA blocks.
229 *
230 * RFC 5246 describes the approach as:
231 * <pre>{@literal
232 *
233 * 1. Generate a string R of 48 random bytes
234 *
235 * 2. Decrypt the message to recover the plaintext M
236 *
237 * 3. If the PKCS#1 padding is not correct, or the length of message
238 * M is not exactly 48 bytes:
|
198 "The key spec to be validated cannot be null");
199 }
200
201 if (keySpec instanceof DHPublicKeySpec) {
202 validateDHPublicKey((DHPublicKeySpec)keySpec);
203 }
204 }
205
206 /**
207 * Returns whether the specified provider is Oracle provider or not.
208 *
209 * @param providerName
210 * the provider name
211 * @return true if, and only if, the provider of the specified
212 * {@code providerName} is Oracle provider
213 */
214 public static final boolean isOracleJCEProvider(String providerName) {
215 return providerName != null &&
216 (providerName.equals("SunJCE") ||
217 providerName.equals("SunMSCAPI") ||
218 providerName.startsWith("SunPKCS11"));
219 }
220
221 /**
222 * Check the format of TLS PreMasterSecret.
223 * <P>
224 * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246,
225 * treating incorrectly formatted message blocks and/or mismatched
226 * version numbers in a manner indistinguishable from correctly
227 * formatted RSA blocks.
228 *
229 * RFC 5246 describes the approach as:
230 * <pre>{@literal
231 *
232 * 1. Generate a string R of 48 random bytes
233 *
234 * 2. Decrypt the message to recover the plaintext M
235 *
236 * 3. If the PKCS#1 padding is not correct, or the length of message
237 * M is not exactly 48 bytes:
|