1 /* |
1 /* |
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
107 this.premasterSecret = premasterSecret; |
107 this.premasterSecret = premasterSecret; |
108 } |
108 } |
109 |
109 |
110 byte[] getEncoded(PublicKey publicKey, |
110 byte[] getEncoded(PublicKey publicKey, |
111 SecureRandom secureRandom) throws GeneralSecurityException { |
111 SecureRandom secureRandom) throws GeneralSecurityException { |
112 Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); |
112 Cipher cipher = Cipher.getInstance(JsseJce.CIPHER_RSA_PKCS1); |
113 cipher.init(Cipher.WRAP_MODE, publicKey, secureRandom); |
113 cipher.init(Cipher.WRAP_MODE, publicKey, secureRandom); |
114 return cipher.wrap(premasterSecret); |
114 return cipher.wrap(premasterSecret); |
115 } |
115 } |
116 |
116 |
117 @SuppressWarnings("deprecation") |
117 @SuppressWarnings("deprecation") |
118 static RSAPremasterSecret createPremasterSecret( |
118 static RSAPremasterSecret createPremasterSecret( |
119 ClientHandshakeContext chc) throws GeneralSecurityException { |
119 ClientHandshakeContext chc) throws GeneralSecurityException { |
120 String algorithm = chc.negotiatedProtocol.useTLS12PlusSpec() ? |
120 String algorithm = chc.negotiatedProtocol.useTLS12PlusSpec() ? |
121 "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"; |
121 "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"; |
122 KeyGenerator kg = JsseJce.getKeyGenerator(algorithm); |
122 KeyGenerator kg = KeyGenerator.getInstance(algorithm); |
123 TlsRsaPremasterSecretParameterSpec spec = |
123 TlsRsaPremasterSecretParameterSpec spec = |
124 new TlsRsaPremasterSecretParameterSpec( |
124 new TlsRsaPremasterSecretParameterSpec( |
125 chc.clientHelloVersion, |
125 chc.clientHelloVersion, |
126 chc.negotiatedProtocol.id); |
126 chc.negotiatedProtocol.id); |
127 kg.init(spec, chc.sslContext.getSecureRandom()); |
127 kg.init(spec, chc.sslContext.getSecureRandom()); |
134 PrivateKey privateKey, |
134 PrivateKey privateKey, |
135 byte[] encrypted) throws GeneralSecurityException { |
135 byte[] encrypted) throws GeneralSecurityException { |
136 |
136 |
137 byte[] encoded = null; |
137 byte[] encoded = null; |
138 boolean needFailover = false; |
138 boolean needFailover = false; |
139 Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); |
139 Cipher cipher = Cipher.getInstance(JsseJce.CIPHER_RSA_PKCS1); |
140 try { |
140 try { |
141 // Try UNWRAP_MODE mode firstly. |
141 // Try UNWRAP_MODE mode firstly. |
142 cipher.init(Cipher.UNWRAP_MODE, privateKey, |
142 cipher.init(Cipher.UNWRAP_MODE, privateKey, |
143 new TlsRsaPremasterSecretParameterSpec( |
143 new TlsRsaPremasterSecretParameterSpec( |
144 shc.clientHelloVersion, |
144 shc.clientHelloVersion, |
161 |
161 |
162 SecretKey preMaster; |
162 SecretKey preMaster; |
163 if (needFailover) { |
163 if (needFailover) { |
164 // The cipher might be spoiled by unsuccessful call to init(), |
164 // The cipher might be spoiled by unsuccessful call to init(), |
165 // so request a fresh instance |
165 // so request a fresh instance |
166 cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); |
166 cipher = Cipher.getInstance(JsseJce.CIPHER_RSA_PKCS1); |
167 |
167 |
168 // Use DECRYPT_MODE and dispose the previous initialization. |
168 // Use DECRYPT_MODE and dispose the previous initialization. |
169 cipher.init(Cipher.DECRYPT_MODE, privateKey); |
169 cipher.init(Cipher.DECRYPT_MODE, privateKey); |
170 boolean failed = false; |
170 boolean failed = false; |
171 try { |
171 try { |
225 } |
225 } |
226 |
226 |
227 try { |
227 try { |
228 String s = ((clientVersion >= ProtocolVersion.TLS12.id) ? |
228 String s = ((clientVersion >= ProtocolVersion.TLS12.id) ? |
229 "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); |
229 "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); |
230 KeyGenerator kg = JsseJce.getKeyGenerator(s); |
230 KeyGenerator kg = KeyGenerator.getInstance(s); |
231 kg.init(new TlsRsaPremasterSecretParameterSpec( |
231 kg.init(new TlsRsaPremasterSecretParameterSpec( |
232 clientVersion, serverVersion, encodedSecret), |
232 clientVersion, serverVersion, encodedSecret), |
233 generator); |
233 generator); |
234 return kg.generateKey(); |
234 return kg.generateKey(); |
235 } catch (InvalidAlgorithmParameterException | |
235 } catch (InvalidAlgorithmParameterException | |