413 SSLLogger.finest("Can't resume, incorrect protocol version"); |
413 SSLLogger.finest("Can't resume, incorrect protocol version"); |
414 } |
414 } |
415 result = false; |
415 result = false; |
416 } |
416 } |
417 |
417 |
|
418 // Make sure that the server handshake context's localSupportedSignAlgs |
|
419 // field is populated. This is particularly important when |
|
420 // client authentication was used in an initial session and it is |
|
421 // now being resumed. |
|
422 if (shc.localSupportedSignAlgs == null) { |
|
423 shc.localSupportedSignAlgs = |
|
424 SignatureScheme.getSupportedAlgorithms( |
|
425 shc.algorithmConstraints, shc.activeProtocols); |
|
426 } |
|
427 |
418 // Validate the required client authentication. |
428 // Validate the required client authentication. |
419 if (result && |
429 if (result && |
420 (shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) { |
430 (shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) { |
421 try { |
431 try { |
422 s.getPeerPrincipal(); |
432 s.getPeerPrincipal(); |
761 HKDF hkdf = new HKDF(hashAlg.name); |
771 HKDF hkdf = new HKDF(hashAlg.name); |
762 byte[] zeros = new byte[hashAlg.hashLength]; |
772 byte[] zeros = new byte[hashAlg.hashLength]; |
763 SecretKey earlySecret = hkdf.extract(zeros, psk, "TlsEarlySecret"); |
773 SecretKey earlySecret = hkdf.extract(zeros, psk, "TlsEarlySecret"); |
764 |
774 |
765 byte[] label = ("tls13 res binder").getBytes(); |
775 byte[] label = ("tls13 res binder").getBytes(); |
766 MessageDigest md = MessageDigest.getInstance(hashAlg.toString());; |
776 MessageDigest md = MessageDigest.getInstance(hashAlg.name); |
767 byte[] hkdfInfo = SSLSecretDerivation.createHkdfInfo( |
777 byte[] hkdfInfo = SSLSecretDerivation.createHkdfInfo( |
768 label, md.digest(new byte[0]), hashAlg.hashLength); |
778 label, md.digest(new byte[0]), hashAlg.hashLength); |
769 return hkdf.expand(earlySecret, |
779 return hkdf.expand(earlySecret, |
770 hkdfInfo, hashAlg.hashLength, "TlsBinderKey"); |
780 hkdfInfo, hashAlg.hashLength, "TlsBinderKey"); |
771 } catch (GeneralSecurityException ex) { |
781 } catch (GeneralSecurityException ex) { |