102 private boolean invalidated; |
102 private boolean invalidated; |
103 private X509Certificate[] localCerts; |
103 private X509Certificate[] localCerts; |
104 private PrivateKey localPrivateKey; |
104 private PrivateKey localPrivateKey; |
105 private final String[] localSupportedSignAlgs; |
105 private final String[] localSupportedSignAlgs; |
106 private String[] peerSupportedSignAlgs; |
106 private String[] peerSupportedSignAlgs; |
|
107 private boolean useDefaultPeerSignAlgs = false; |
107 private List<byte[]> statusResponses; |
108 private List<byte[]> statusResponses; |
108 private SecretKey resumptionMasterSecret; |
109 private SecretKey resumptionMasterSecret; |
109 private SecretKey preSharedKey; |
110 private SecretKey preSharedKey; |
110 private byte[] pskIdentity; |
111 private byte[] pskIdentity; |
111 private final long ticketCreationTime = System.currentTimeMillis(); |
112 private final long ticketCreationTime = System.currentTimeMillis(); |
330 Collection<SignatureScheme> signatureSchemes) { |
331 Collection<SignatureScheme> signatureSchemes) { |
331 peerSupportedSignAlgs = |
332 peerSupportedSignAlgs = |
332 SignatureScheme.getAlgorithmNames(signatureSchemes); |
333 SignatureScheme.getAlgorithmNames(signatureSchemes); |
333 } |
334 } |
334 |
335 |
|
336 // TLS 1.2 only |
|
337 // |
|
338 // Per RFC 5246, If the client supports only the default hash |
|
339 // and signature algorithms, it MAY omit the |
|
340 // signature_algorithms extension. If the client does not |
|
341 // support the default algorithms, or supports other hash |
|
342 // and signature algorithms (and it is willing to use them |
|
343 // for verifying messages sent by the server, i.e., server |
|
344 // certificates and server key exchange), it MUST send the |
|
345 // signature_algorithms extension, listing the algorithms it |
|
346 // is willing to accept. |
|
347 void setUseDefaultPeerSignAlgs() { |
|
348 useDefaultPeerSignAlgs = true; |
|
349 peerSupportedSignAlgs = new String[] { |
|
350 "SHA1withRSA", "SHA1withDSA", "SHA1withECDSA"}; |
|
351 } |
|
352 |
|
353 // Returns the connection session. |
|
354 SSLSessionImpl finish() { |
|
355 if (useDefaultPeerSignAlgs) { |
|
356 this.peerSupportedSignAlgs = new String[0]; |
|
357 } |
|
358 |
|
359 return this; |
|
360 } |
|
361 |
335 /** |
362 /** |
336 * Provide status response data obtained during the SSL handshake. |
363 * Provide status response data obtained during the SSL handshake. |
337 * |
364 * |
338 * @param responses a {@link List} of responses in binary form. |
365 * @param responses a {@link List} of responses in binary form. |
339 */ |
366 */ |