equal
deleted
inserted
replaced
93 |
93 |
94 // Peer supported signature and algorithms |
94 // Peer supported signature and algorithms |
95 Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs; |
95 Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs; |
96 |
96 |
97 /* |
97 /* |
98 |
|
99 /* |
|
100 * List of active protocols |
98 * List of active protocols |
101 * |
99 * |
102 * Active protocols is a subset of enabled protocols, and will |
100 * Active protocols is a subset of enabled protocols, and will |
103 * contain only those protocols that have vaild cipher suites |
101 * contain only those protocols that have vaild cipher suites |
104 * enabled. |
102 * enabled. |
112 * contain only those cipher suites available for the active protocols. |
110 * contain only those cipher suites available for the active protocols. |
113 */ |
111 */ |
114 private CipherSuiteList activeCipherSuites; |
112 private CipherSuiteList activeCipherSuites; |
115 |
113 |
116 // The server name indication and matchers |
114 // The server name indication and matchers |
117 List<SNIServerName> serverNames = |
115 List<SNIServerName> serverNames = Collections.<SNIServerName>emptyList(); |
118 Collections.<SNIServerName>emptyList(); |
116 Collection<SNIMatcher> sniMatchers = Collections.<SNIMatcher>emptyList(); |
119 Collection<SNIMatcher> sniMatchers = |
|
120 Collections.<SNIMatcher>emptyList(); |
|
121 |
117 |
122 private boolean isClient; |
118 private boolean isClient; |
123 private boolean needCertVerify; |
119 private boolean needCertVerify; |
124 |
120 |
125 SSLSocketImpl conn = null; |
121 SSLSocketImpl conn = null; |
137 CipherSuite cipherSuite; |
133 CipherSuite cipherSuite; |
138 |
134 |
139 // current key exchange. Never null, initially K_NULL |
135 // current key exchange. Never null, initially K_NULL |
140 KeyExchange keyExchange; |
136 KeyExchange keyExchange; |
141 |
137 |
142 /* True if this session is being resumed (fast handshake) */ |
138 // True if this session is being resumed (fast handshake) |
143 boolean resumingSession; |
139 boolean resumingSession; |
144 |
140 |
145 /* True if it's OK to start a new SSL session */ |
141 // True if it's OK to start a new SSL session |
146 boolean enableNewSession; |
142 boolean enableNewSession; |
|
143 |
|
144 // True if session keys have been calculated and the caller may receive |
|
145 // and process a ChangeCipherSpec message |
|
146 private boolean sessKeysCalculated; |
147 |
147 |
148 // Whether local cipher suites preference should be honored during |
148 // Whether local cipher suites preference should be honored during |
149 // handshaking? |
149 // handshaking? |
150 // |
150 // |
151 // Note that in this provider, this option only applies to server side. |
151 // Note that in this provider, this option only applies to server side. |
251 this.secureRenegotiation = secureRenegotiation; |
251 this.secureRenegotiation = secureRenegotiation; |
252 this.clientVerifyData = clientVerifyData; |
252 this.clientVerifyData = clientVerifyData; |
253 this.serverVerifyData = serverVerifyData; |
253 this.serverVerifyData = serverVerifyData; |
254 enableNewSession = true; |
254 enableNewSession = true; |
255 invalidated = false; |
255 invalidated = false; |
|
256 sessKeysCalculated = false; |
256 |
257 |
257 setCipherSuite(CipherSuite.C_NULL); |
258 setCipherSuite(CipherSuite.C_NULL); |
258 setEnabledProtocols(enabledProtocols); |
259 setEnabledProtocols(enabledProtocols); |
259 |
260 |
260 if (conn != null) { |
261 if (conn != null) { |
1079 SecretKey master = calculateMasterSecret(preMasterSecret, version); |
1080 SecretKey master = calculateMasterSecret(preMasterSecret, version); |
1080 session.setMasterSecret(master); |
1081 session.setMasterSecret(master); |
1081 calculateConnectionKeys(master); |
1082 calculateConnectionKeys(master); |
1082 } |
1083 } |
1083 |
1084 |
1084 |
|
1085 /* |
1085 /* |
1086 * Calculate the master secret from its various components. This is |
1086 * Calculate the master secret from its various components. This is |
1087 * used for key exchange by all cipher suites. |
1087 * used for key exchange by all cipher suites. |
1088 * |
1088 * |
1089 * The master secret is the catenation of three MD5 hashes, each |
1089 * The master secret is the catenation of three MD5 hashes, each |
1224 svrMacSecret = keySpec.getServerMacKey(); |
1224 svrMacSecret = keySpec.getServerMacKey(); |
1225 } catch (GeneralSecurityException e) { |
1225 } catch (GeneralSecurityException e) { |
1226 throw new ProviderException(e); |
1226 throw new ProviderException(e); |
1227 } |
1227 } |
1228 |
1228 |
|
1229 // Mark a flag that allows outside entities (like SSLSocket/SSLEngine) |
|
1230 // determine if a ChangeCipherSpec message could be processed. |
|
1231 sessKeysCalculated = true; |
|
1232 |
1229 // |
1233 // |
1230 // Dump the connection keys as they're generated. |
1234 // Dump the connection keys as they're generated. |
1231 // |
1235 // |
1232 if (debug != null && Debug.isOn("keygen")) { |
1236 if (debug != null && Debug.isOn("keygen")) { |
1233 synchronized (System.out) { |
1237 synchronized (System.out) { |
1276 } |
1280 } |
1277 } |
1281 } |
1278 System.out.flush(); |
1282 System.out.flush(); |
1279 } |
1283 } |
1280 } |
1284 } |
|
1285 } |
|
1286 |
|
1287 /** |
|
1288 * Return whether or not the Handshaker has derived session keys for |
|
1289 * this handshake. This is used for determining readiness to process |
|
1290 * an incoming ChangeCipherSpec message. |
|
1291 */ |
|
1292 boolean sessionKeysCalculated() { |
|
1293 return sessKeysCalculated; |
1281 } |
1294 } |
1282 |
1295 |
1283 private static void printHex(HexDumpEncoder dump, byte[] bytes) { |
1296 private static void printHex(HexDumpEncoder dump, byte[] bytes) { |
1284 if (bytes == null) { |
1297 if (bytes == null) { |
1285 System.out.println("(key bytes not available)"); |
1298 System.out.println("(key bytes not available)"); |