jdk-sandbox: jdk/src/share/classes/sun/security/ssl/HandshakeHash.java@c459f79af46b (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	2	* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26
90ce3da70b43 Initial load duke parents: diff changeset	27	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	28
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	29	import java.io.ByteArrayOutputStream;
2 90ce3da70b43 Initial load duke parents: diff changeset	30	import java.security.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	31	import java.util.Arrays;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	32	import java.util.LinkedList;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	33	import java.util.List;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	34	import java.util.Locale;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	35	import java.util.Set;
2 90ce3da70b43 Initial load duke parents: diff changeset	36
90ce3da70b43 Initial load duke parents: diff changeset	37	/**
90ce3da70b43 Initial load duke parents: diff changeset	38	* Abstraction for the SSL/TLS hash of all handshake messages that is
90ce3da70b43 Initial load duke parents: diff changeset	39	* maintained to verify the integrity of the negotiation. Internally,
90ce3da70b43 Initial load duke parents: diff changeset	40	* it consists of an MD5 and an SHA1 digest. They are used in the client
90ce3da70b43 Initial load duke parents: diff changeset	41	* and server finished messages and in certificate verify messages (if sent).
90ce3da70b43 Initial load duke parents: diff changeset	42	*
90ce3da70b43 Initial load duke parents: diff changeset	43	* This class transparently deals with cloneable and non-cloneable digests.
90ce3da70b43 Initial load duke parents: diff changeset	44	*
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	45	* This class now supports TLS 1.2 also. The key difference for TLS 1.2
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	46	* is that you cannot determine the hash algorithms for CertificateVerify
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	47	* at a early stage. On the other hand, it's simpler than TLS 1.1 (and earlier)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	48	* that there is no messy MD5+SHA1 digests.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	49	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	50	* You need to obey these conventions when using this class:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	51	*
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	52	* 1. protocolDetermined(version) should be called when the negotiated
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	53	* protocol version is determined.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	54	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	55	* 2. Before protocolDetermined() is called, only update(), reset(),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	56	* restrictCertificateVerifyAlgs(), setFinishedAlg(), and
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	57	* setCertificateVerifyAlg() can be called.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	58	*
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	59	* 3. After protocolDetermined() is called, reset() cannot be called.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	60	*
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	61	* 4. After protocolDetermined() is called, if the version is pre-TLS 1.2,
c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	62	* getFinishedHash() and getCertificateVerifyHash() cannot be called. Otherwise,
c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	63	* getMD5Clone() and getSHAClone() cannot be called.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	64	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	65	* 5. getMD5Clone() and getSHAClone() can only be called after
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	66	* protocolDetermined() is called and version is pre-TLS 1.2.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	67	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	68	* 6. getFinishedHash() and getCertificateVerifyHash() can only be called after
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	69	* all protocolDetermined(), setCertificateVerifyAlg() and setFinishedAlg()
c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	70	* have been called and the version is TLS 1.2. If a CertificateVerify message
c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	71	* is to be used, call setCertificateVerifyAlg() with the hash algorithm as the
c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	72	* argument. Otherwise, you still must call setCertificateVerifyAlg(null) before
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	73	* calculating any hash value.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	74	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	75	* Suggestions: Call protocolDetermined(), restrictCertificateVerifyAlgs(),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	76	* setFinishedAlg(), and setCertificateVerifyAlg() as early as possible.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	77	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	78	* Example:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	79	* <pre>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	80	* HandshakeHash hh = new HandshakeHash(...)
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	81	* hh.protocolDetermined(ProtocolVersion.TLS12);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	82	* hh.update(clientHelloBytes);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	83	* hh.setFinishedAlg("SHA-256");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	84	* hh.update(serverHelloBytes);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	85	* ...
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	86	* hh.setCertificateVerifyAlg("SHA-384");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	87	* hh.update(CertificateVerifyBytes);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	88	* byte[] cvDigest = hh.getCertificateVerifyHash();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	89	* ...
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	90	* hh.update(finished1);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	91	* byte[] finDigest1 = hh.getFinishedHash();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	92	* hh.update(finished2);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	93	* byte[] finDigest2 = hh.getFinishedHash();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	94	* </pre>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	95	* If no CertificateVerify message is to be used, call
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	96	* <pre>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	97	* hh.setCertificateVerifyAlg(null);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	98	* </pre>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	99	* This call can be made once you are certain that this message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	100	* will never be used.
2 90ce3da70b43 Initial load duke parents: diff changeset	101	*/
90ce3da70b43 Initial load duke parents: diff changeset	102	final class HandshakeHash {
90ce3da70b43 Initial load duke parents: diff changeset	103
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	104	// Common
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	105
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	106	// -1: unknown
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	107	// 1: <=TLS 1.1
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	108	// 2: TLS 1.2
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	109	private int version = -1;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	110	private ByteArrayOutputStream data = new ByteArrayOutputStream();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	111	private final boolean isServer;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	112
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	113	// For TLS 1.1
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	114	private MessageDigest md5, sha;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	115	private final int clonesNeeded; // needs to be saved for later use
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	116
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	117	// For TLS 1.2
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	118	// cvAlgDetermined == true means setCertificateVerifyAlg() is called
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	119	private boolean cvAlgDetermined = false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	120	private String cvAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	121	private MessageDigest finMD;
2 90ce3da70b43 Initial load duke parents: diff changeset	122
90ce3da70b43 Initial load duke parents: diff changeset	123	/**
90ce3da70b43 Initial load duke parents: diff changeset	124	* Create a new HandshakeHash. needCertificateVerify indicates whether
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	125	* a hash for the certificate verify message is required. The argument
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	126	* algs is a set of all possible hash algorithms that might be used in
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	127	* TLS 1.2. If the caller is sure that TLS 1.2 won't be used or no
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	128	* CertificateVerify message will be used, leave it null or empty.
2 90ce3da70b43 Initial load duke parents: diff changeset	129	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	130	HandshakeHash(boolean isServer, boolean needCertificateVerify,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	131	Set<String> algs) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	132	this.isServer = isServer;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	133	clonesNeeded = needCertificateVerify ? 3 : 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	134	}
2 90ce3da70b43 Initial load duke parents: diff changeset	135
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	136	void update(byte[] b, int offset, int len) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	137	switch (version) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	138	case 1:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	139	md5.update(b, offset, len);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	140	sha.update(b, offset, len);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	141	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	142	default:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	143	if (finMD != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	144	finMD.update(b, offset, len);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	145	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	146	data.write(b, offset, len);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	147	break;
2 90ce3da70b43 Initial load duke parents: diff changeset	148	}
90ce3da70b43 Initial load duke parents: diff changeset	149	}
90ce3da70b43 Initial load duke parents: diff changeset	150
90ce3da70b43 Initial load duke parents: diff changeset	151	/**
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	152	* Reset the remaining digests. Note this does not reset the number of
2 90ce3da70b43 Initial load duke parents: diff changeset	153	* digest clones that can be obtained. Digests that have already been
90ce3da70b43 Initial load duke parents: diff changeset	154	* cloned and are gone remain gone.
90ce3da70b43 Initial load duke parents: diff changeset	155	*/
90ce3da70b43 Initial load duke parents: diff changeset	156	void reset() {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	157	if (version != -1) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	158	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	159	"reset() can be only be called before protocolDetermined");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	160	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	161	data.reset();
2 90ce3da70b43 Initial load duke parents: diff changeset	162	}
90ce3da70b43 Initial load duke parents: diff changeset	163
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	164
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	165	void protocolDetermined(ProtocolVersion pv) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	166
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	167	// Do not set again, will ignore
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	168	if (version != -1) return;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	169
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	170	version = pv.compareTo(ProtocolVersion.TLS12) >= 0 ? 2 : 1;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	171	switch (version) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	172	case 1:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	173	// initiate md5, sha and call update on saved array
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	174	try {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	175	md5 = CloneableDigest.getDigest("MD5", clonesNeeded);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	176	sha = CloneableDigest.getDigest("SHA", clonesNeeded);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	177	} catch (NoSuchAlgorithmException e) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	178	throw new RuntimeException
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	179	("Algorithm MD5 or SHA not available", e);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	180	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	181	byte[] bytes = data.toByteArray();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	182	update(bytes, 0, bytes.length);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	183	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	184	case 2:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	185	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	186	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	187	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	188
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	189	/////////////////////////////////////////////////////////////
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	190	// Below are old methods for pre-TLS 1.1
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	191	/////////////////////////////////////////////////////////////
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	192
2 90ce3da70b43 Initial load duke parents: diff changeset	193	/**
90ce3da70b43 Initial load duke parents: diff changeset	194	* Return a new MD5 digest updated with all data hashed so far.
90ce3da70b43 Initial load duke parents: diff changeset	195	*/
90ce3da70b43 Initial load duke parents: diff changeset	196	MessageDigest getMD5Clone() {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	197	if (version != 1) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	198	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	199	"getMD5Clone() can be only be called for TLS 1.1");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	200	}
2 90ce3da70b43 Initial load duke parents: diff changeset	201	return cloneDigest(md5);
90ce3da70b43 Initial load duke parents: diff changeset	202	}
90ce3da70b43 Initial load duke parents: diff changeset	203
90ce3da70b43 Initial load duke parents: diff changeset	204	/**
90ce3da70b43 Initial load duke parents: diff changeset	205	* Return a new SHA digest updated with all data hashed so far.
90ce3da70b43 Initial load duke parents: diff changeset	206	*/
90ce3da70b43 Initial load duke parents: diff changeset	207	MessageDigest getSHAClone() {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	208	if (version != 1) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	209	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	210	"getSHAClone() can be only be called for TLS 1.1");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	211	}
2 90ce3da70b43 Initial load duke parents: diff changeset	212	return cloneDigest(sha);
90ce3da70b43 Initial load duke parents: diff changeset	213	}
90ce3da70b43 Initial load duke parents: diff changeset	214
90ce3da70b43 Initial load duke parents: diff changeset	215	private static MessageDigest cloneDigest(MessageDigest digest) {
90ce3da70b43 Initial load duke parents: diff changeset	216	try {
90ce3da70b43 Initial load duke parents: diff changeset	217	return (MessageDigest)digest.clone();
90ce3da70b43 Initial load duke parents: diff changeset	218	} catch (CloneNotSupportedException e) {
90ce3da70b43 Initial load duke parents: diff changeset	219	// cannot occur for digests generated via CloneableDigest
90ce3da70b43 Initial load duke parents: diff changeset	220	throw new RuntimeException("Could not clone digest", e);
90ce3da70b43 Initial load duke parents: diff changeset	221	}
90ce3da70b43 Initial load duke parents: diff changeset	222	}
90ce3da70b43 Initial load duke parents: diff changeset	223
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	224	/////////////////////////////////////////////////////////////
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	225	// Below are new methods for TLS 1.2
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	226	/////////////////////////////////////////////////////////////
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	227
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	228	private static String normalizeAlgName(String alg) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	229	alg = alg.toUpperCase(Locale.US);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	230	if (alg.startsWith("SHA")) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	231	if (alg.length() == 3) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	232	return "SHA-1";
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	233	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	234	if (alg.charAt(3) != '-') {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	235	return "SHA-" + alg.substring(3);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	236	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	237	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	238	return alg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	239	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	240	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	241	* Specifies the hash algorithm used in Finished. This should be called
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	242	* based in info in ServerHello.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	243	* Can be called multiple times.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	244	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	245	void setFinishedAlg(String s) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	246	if (s == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	247	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	248	"setFinishedAlg's argument cannot be null");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	249	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	250
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	251	// Can be called multiple times, but only set once
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	252	if (finMD != null) return;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	253
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	254	try {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	255	finMD = CloneableDigest.getDigest(normalizeAlgName(s), 2);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	256	} catch (NoSuchAlgorithmException e) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	257	throw new Error(e);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	258	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	259	finMD.update(data.toByteArray());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	260	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	261
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	262	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	263	* Restricts the possible algorithms for the CertificateVerify. Called by
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	264	* the server based on info in CertRequest. The argument must be a subset
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	265	* of the argument with the same name in the constructor. The method can be
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	266	* called multiple times. If the caller is sure that no CertificateVerify
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	267	* message will be used, leave this argument null or empty.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	268	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	269	void restrictCertificateVerifyAlgs(Set<String> algs) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	270	if (version == 1) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	271	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	272	"setCertificateVerifyAlg() cannot be called for TLS 1.1");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	273	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	274	// Not used yet
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	275	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	276
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	277	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	278	* Specifies the hash algorithm used in CertificateVerify.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	279	* Can be called multiple times.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	280	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	281	void setCertificateVerifyAlg(String s) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	282
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	283	// Can be called multiple times, but only set once
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	284	if (cvAlgDetermined) return;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	285
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	286	cvAlg = s == null ? null : normalizeAlgName(s);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	287	cvAlgDetermined = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	288	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	289
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	290	byte[] getAllHandshakeMessages() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	291	return data.toByteArray();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	292	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	293
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	294	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	295	* Calculates the hash in the CertificateVerify. Must be called right
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	296	* after setCertificateVerifyAlg()
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	297	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	298	/*byte[] getCertificateVerifyHash() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	299	throw new Error("Do not call getCertificateVerifyHash()");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	300	}*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	301
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	302	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	303	* Calculates the hash in Finished. Must be called after setFinishedAlg().
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	304	* This method can be called twice, for Finished messages of the server
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	305	* side and client side respectively.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	306	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	307	byte[] getFinishedHash() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	308	try {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	309	return cloneDigest(finMD).digest();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	310	} catch (Exception e) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	311	throw new Error("BAD");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	312	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	313	}
2 90ce3da70b43 Initial load duke parents: diff changeset	314	}
90ce3da70b43 Initial load duke parents: diff changeset	315
90ce3da70b43 Initial load duke parents: diff changeset	316	/**
90ce3da70b43 Initial load duke parents: diff changeset	317	* A wrapper for MessageDigests that simulates cloning of non-cloneable
90ce3da70b43 Initial load duke parents: diff changeset	318	* digests. It uses the standard MessageDigest API and therefore can be used
90ce3da70b43 Initial load duke parents: diff changeset	319	* transparently in place of a regular digest.
90ce3da70b43 Initial load duke parents: diff changeset	320	*
90ce3da70b43 Initial load duke parents: diff changeset	321	* Note that we extend the MessageDigest class directly rather than
90ce3da70b43 Initial load duke parents: diff changeset	322	* MessageDigestSpi. This works because MessageDigest was originally designed
90ce3da70b43 Initial load duke parents: diff changeset	323	* this way in the JDK 1.1 days which allows us to avoid creating an internal
90ce3da70b43 Initial load duke parents: diff changeset	324	* provider.
90ce3da70b43 Initial load duke parents: diff changeset	325	*
90ce3da70b43 Initial load duke parents: diff changeset	326	* It can be "cloned" a limited number of times, which is specified at
90ce3da70b43 Initial load duke parents: diff changeset	327	* construction time. This is achieved by internally maintaining n digests
90ce3da70b43 Initial load duke parents: diff changeset	328	* in parallel. Consequently, it is only 1/n-th times as fast as the original
90ce3da70b43 Initial load duke parents: diff changeset	329	* digest.
90ce3da70b43 Initial load duke parents: diff changeset	330	*
90ce3da70b43 Initial load duke parents: diff changeset	331	* Example:
90ce3da70b43 Initial load duke parents: diff changeset	332	* MessageDigest md = CloneableDigest.getDigest("SHA", 2);
90ce3da70b43 Initial load duke parents: diff changeset	333	* md.update(data1);
90ce3da70b43 Initial load duke parents: diff changeset	334	* MessageDigest md2 = (MessageDigest)md.clone();
90ce3da70b43 Initial load duke parents: diff changeset	335	* md2.update(data2);
90ce3da70b43 Initial load duke parents: diff changeset	336	* byte[] d1 = md2.digest(); // digest of data1 \|\| data2
90ce3da70b43 Initial load duke parents: diff changeset	337	* md.update(data3);
90ce3da70b43 Initial load duke parents: diff changeset	338	* byte[] d2 = md.digest(); // digest of data1 \|\| data3
90ce3da70b43 Initial load duke parents: diff changeset	339	*
90ce3da70b43 Initial load duke parents: diff changeset	340	* This class is not thread safe.
90ce3da70b43 Initial load duke parents: diff changeset	341	*
90ce3da70b43 Initial load duke parents: diff changeset	342	*/
90ce3da70b43 Initial load duke parents: diff changeset	343	final class CloneableDigest extends MessageDigest implements Cloneable {
90ce3da70b43 Initial load duke parents: diff changeset	344
90ce3da70b43 Initial load duke parents: diff changeset	345	/**
90ce3da70b43 Initial load duke parents: diff changeset	346	* The individual MessageDigests. Initially, all elements are non-null.
90ce3da70b43 Initial load duke parents: diff changeset	347	* When clone() is called, the non-null element with the maximum index is
90ce3da70b43 Initial load duke parents: diff changeset	348	* returned and the array element set to null.
90ce3da70b43 Initial load duke parents: diff changeset	349	*
90ce3da70b43 Initial load duke parents: diff changeset	350	* All non-null element are always in the same state.
90ce3da70b43 Initial load duke parents: diff changeset	351	*/
90ce3da70b43 Initial load duke parents: diff changeset	352	private final MessageDigest[] digests;
90ce3da70b43 Initial load duke parents: diff changeset	353
90ce3da70b43 Initial load duke parents: diff changeset	354	private CloneableDigest(MessageDigest digest, int n, String algorithm)
90ce3da70b43 Initial load duke parents: diff changeset	355	throws NoSuchAlgorithmException {
90ce3da70b43 Initial load duke parents: diff changeset	356	super(algorithm);
90ce3da70b43 Initial load duke parents: diff changeset	357	digests = new MessageDigest[n];
90ce3da70b43 Initial load duke parents: diff changeset	358	digests[0] = digest;
90ce3da70b43 Initial load duke parents: diff changeset	359	for (int i = 1; i < n; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	360	digests[i] = JsseJce.getMessageDigest(algorithm);
90ce3da70b43 Initial load duke parents: diff changeset	361	}
90ce3da70b43 Initial load duke parents: diff changeset	362	}
90ce3da70b43 Initial load duke parents: diff changeset	363
90ce3da70b43 Initial load duke parents: diff changeset	364	/**
90ce3da70b43 Initial load duke parents: diff changeset	365	* Return a MessageDigest for the given algorithm that can be cloned the
90ce3da70b43 Initial load duke parents: diff changeset	366	* specified number of times. If the default implementation supports
90ce3da70b43 Initial load duke parents: diff changeset	367	* cloning, it is returned. Otherwise, an instance of this class is
90ce3da70b43 Initial load duke parents: diff changeset	368	* returned.
90ce3da70b43 Initial load duke parents: diff changeset	369	*/
90ce3da70b43 Initial load duke parents: diff changeset	370	static MessageDigest getDigest(String algorithm, int n)
90ce3da70b43 Initial load duke parents: diff changeset	371	throws NoSuchAlgorithmException {
90ce3da70b43 Initial load duke parents: diff changeset	372	MessageDigest digest = JsseJce.getMessageDigest(algorithm);
90ce3da70b43 Initial load duke parents: diff changeset	373	try {
90ce3da70b43 Initial load duke parents: diff changeset	374	digest.clone();
90ce3da70b43 Initial load duke parents: diff changeset	375	// already cloneable, use it
90ce3da70b43 Initial load duke parents: diff changeset	376	return digest;
90ce3da70b43 Initial load duke parents: diff changeset	377	} catch (CloneNotSupportedException e) {
90ce3da70b43 Initial load duke parents: diff changeset	378	return new CloneableDigest(digest, n, algorithm);
90ce3da70b43 Initial load duke parents: diff changeset	379	}
90ce3da70b43 Initial load duke parents: diff changeset	380	}
90ce3da70b43 Initial load duke parents: diff changeset	381
90ce3da70b43 Initial load duke parents: diff changeset	382	/**
90ce3da70b43 Initial load duke parents: diff changeset	383	* Check if this object is still usable. If it has already been cloned the
90ce3da70b43 Initial load duke parents: diff changeset	384	* maximum number of times, there are no digests left and this object can no
90ce3da70b43 Initial load duke parents: diff changeset	385	* longer be used.
90ce3da70b43 Initial load duke parents: diff changeset	386	*/
90ce3da70b43 Initial load duke parents: diff changeset	387	private void checkState() {
90ce3da70b43 Initial load duke parents: diff changeset	388	// XXX handshaking currently doesn't stop updating hashes...
90ce3da70b43 Initial load duke parents: diff changeset	389	// if (digests[0] == null) {
90ce3da70b43 Initial load duke parents: diff changeset	390	// throw new IllegalStateException("no digests left");
90ce3da70b43 Initial load duke parents: diff changeset	391	// }
90ce3da70b43 Initial load duke parents: diff changeset	392	}
90ce3da70b43 Initial load duke parents: diff changeset	393
90ce3da70b43 Initial load duke parents: diff changeset	394	protected int engineGetDigestLength() {
90ce3da70b43 Initial load duke parents: diff changeset	395	checkState();
90ce3da70b43 Initial load duke parents: diff changeset	396	return digests[0].getDigestLength();
90ce3da70b43 Initial load duke parents: diff changeset	397	}
90ce3da70b43 Initial load duke parents: diff changeset	398
90ce3da70b43 Initial load duke parents: diff changeset	399	protected void engineUpdate(byte b) {
90ce3da70b43 Initial load duke parents: diff changeset	400	checkState();
90ce3da70b43 Initial load duke parents: diff changeset	401	for (int i = 0; (i < digests.length) && (digests[i] != null); i++) {
90ce3da70b43 Initial load duke parents: diff changeset	402	digests[i].update(b);
90ce3da70b43 Initial load duke parents: diff changeset	403	}
90ce3da70b43 Initial load duke parents: diff changeset	404	}
90ce3da70b43 Initial load duke parents: diff changeset	405
90ce3da70b43 Initial load duke parents: diff changeset	406	protected void engineUpdate(byte[] b, int offset, int len) {
90ce3da70b43 Initial load duke parents: diff changeset	407	checkState();
90ce3da70b43 Initial load duke parents: diff changeset	408	for (int i = 0; (i < digests.length) && (digests[i] != null); i++) {
90ce3da70b43 Initial load duke parents: diff changeset	409	digests[i].update(b, offset, len);
90ce3da70b43 Initial load duke parents: diff changeset	410	}
90ce3da70b43 Initial load duke parents: diff changeset	411	}
90ce3da70b43 Initial load duke parents: diff changeset	412
90ce3da70b43 Initial load duke parents: diff changeset	413	protected byte[] engineDigest() {
90ce3da70b43 Initial load duke parents: diff changeset	414	checkState();
90ce3da70b43 Initial load duke parents: diff changeset	415	byte[] digest = digests[0].digest();
90ce3da70b43 Initial load duke parents: diff changeset	416	digestReset();
90ce3da70b43 Initial load duke parents: diff changeset	417	return digest;
90ce3da70b43 Initial load duke parents: diff changeset	418	}
90ce3da70b43 Initial load duke parents: diff changeset	419
90ce3da70b43 Initial load duke parents: diff changeset	420	protected int engineDigest(byte[] buf, int offset, int len)
90ce3da70b43 Initial load duke parents: diff changeset	421	throws DigestException {
90ce3da70b43 Initial load duke parents: diff changeset	422	checkState();
90ce3da70b43 Initial load duke parents: diff changeset	423	int n = digests[0].digest(buf, offset, len);
90ce3da70b43 Initial load duke parents: diff changeset	424	digestReset();
90ce3da70b43 Initial load duke parents: diff changeset	425	return n;
90ce3da70b43 Initial load duke parents: diff changeset	426	}
90ce3da70b43 Initial load duke parents: diff changeset	427
90ce3da70b43 Initial load duke parents: diff changeset	428	/**
90ce3da70b43 Initial load duke parents: diff changeset	429	* Reset all digests after a digest() call. digests[0] has already been
90ce3da70b43 Initial load duke parents: diff changeset	430	* implicitly reset by the digest() call and does not need to be reset
90ce3da70b43 Initial load duke parents: diff changeset	431	* again.
90ce3da70b43 Initial load duke parents: diff changeset	432	*/
90ce3da70b43 Initial load duke parents: diff changeset	433	private void digestReset() {
90ce3da70b43 Initial load duke parents: diff changeset	434	for (int i = 1; (i < digests.length) && (digests[i] != null); i++) {
90ce3da70b43 Initial load duke parents: diff changeset	435	digests[i].reset();
90ce3da70b43 Initial load duke parents: diff changeset	436	}
90ce3da70b43 Initial load duke parents: diff changeset	437	}
90ce3da70b43 Initial load duke parents: diff changeset	438
90ce3da70b43 Initial load duke parents: diff changeset	439	protected void engineReset() {
90ce3da70b43 Initial load duke parents: diff changeset	440	checkState();
90ce3da70b43 Initial load duke parents: diff changeset	441	for (int i = 0; (i < digests.length) && (digests[i] != null); i++) {
90ce3da70b43 Initial load duke parents: diff changeset	442	digests[i].reset();
90ce3da70b43 Initial load duke parents: diff changeset	443	}
90ce3da70b43 Initial load duke parents: diff changeset	444	}
90ce3da70b43 Initial load duke parents: diff changeset	445
90ce3da70b43 Initial load duke parents: diff changeset	446	public Object clone() {
90ce3da70b43 Initial load duke parents: diff changeset	447	checkState();
90ce3da70b43 Initial load duke parents: diff changeset	448	for (int i = digests.length - 1; i >= 0; i--) {
90ce3da70b43 Initial load duke parents: diff changeset	449	if (digests[i] != null) {
90ce3da70b43 Initial load duke parents: diff changeset	450	MessageDigest digest = digests[i];
90ce3da70b43 Initial load duke parents: diff changeset	451	digests[i] = null;
90ce3da70b43 Initial load duke parents: diff changeset	452	return digest;
90ce3da70b43 Initial load duke parents: diff changeset	453	}
90ce3da70b43 Initial load duke parents: diff changeset	454	}
90ce3da70b43 Initial load duke parents: diff changeset	455	// cannot occur
90ce3da70b43 Initial load duke parents: diff changeset	456	throw new InternalError();
90ce3da70b43 Initial load duke parents: diff changeset	457	}
90ce3da70b43 Initial load duke parents: diff changeset	458
90ce3da70b43 Initial load duke parents: diff changeset	459	}

author	xuelei
	Fri, 08 Apr 2011 02:00:09 -0700
changeset 9246	c459f79af46b
parent 7804	c59149ba3780
child 14664	e71aa0962e70
permissions	-rw-r--r--