1 /* |
1 /* |
2 * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
113 } |
113 } |
114 } |
114 } |
115 |
115 |
116 byte[] encoded = null; |
116 byte[] encoded = null; |
117 try { |
117 try { |
|
118 boolean needFailover = false; |
118 Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); |
119 Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); |
119 boolean needFailover = !KeyUtil.isOracleJCEProvider( |
120 try { |
120 cipher.getProvider().getName()); |
121 // Try UNWRAP_MODE mode firstly. |
|
122 cipher.init(Cipher.UNWRAP_MODE, privateKey, |
|
123 new TlsRsaPremasterSecretParameterSpec( |
|
124 maxVersion.v, currentVersion.v), |
|
125 generator); |
|
126 |
|
127 // The provider selection can be delayed, please don't call |
|
128 // any Cipher method before the call to Cipher.init(). |
|
129 needFailover = !KeyUtil.isOracleJCEProvider( |
|
130 cipher.getProvider().getName()); |
|
131 } catch (InvalidKeyException | UnsupportedOperationException iue) { |
|
132 if (debug != null && Debug.isOn("handshake")) { |
|
133 System.out.println("The Cipher provider " + |
|
134 cipher.getProvider().getName() + |
|
135 " caused exception: " + iue.getMessage()); |
|
136 } |
|
137 |
|
138 needFailover = true; |
|
139 } |
|
140 |
121 if (needFailover) { |
141 if (needFailover) { |
|
142 // Use DECRYPT_MODE and dispose the previous initialization. |
122 cipher.init(Cipher.DECRYPT_MODE, privateKey); |
143 cipher.init(Cipher.DECRYPT_MODE, privateKey); |
123 boolean failed = false; |
144 boolean failed = false; |
124 try { |
145 try { |
125 encoded = cipher.doFinal(encrypted); |
146 encoded = cipher.doFinal(encrypted); |
126 } catch (BadPaddingException bpe) { |
147 } catch (BadPaddingException bpe) { |
132 generator, encoded, failed); |
153 generator, encoded, failed); |
133 preMaster = generatePreMasterSecret( |
154 preMaster = generatePreMasterSecret( |
134 maxVersion.v, currentVersion.v, |
155 maxVersion.v, currentVersion.v, |
135 encoded, generator); |
156 encoded, generator); |
136 } else { |
157 } else { |
137 cipher.init(Cipher.UNWRAP_MODE, privateKey, |
158 // the cipher should have been initialized |
138 new TlsRsaPremasterSecretParameterSpec( |
|
139 maxVersion.v, currentVersion.v), |
|
140 generator); |
|
141 preMaster = (SecretKey)cipher.unwrap(encrypted, |
159 preMaster = (SecretKey)cipher.unwrap(encrypted, |
142 "TlsRsaPremasterSecret", Cipher.SECRET_KEY); |
160 "TlsRsaPremasterSecret", Cipher.SECRET_KEY); |
143 } |
161 } |
144 } catch (InvalidKeyException ibk) { |
162 } catch (InvalidKeyException ibk) { |
145 // the message is too big to process with RSA |
163 // the message is too big to process with RSA |