提交 0cdcee61 编写于 作者: C coffeys

8153531: Improve exception messaging for RSAClientKeyExchange

Reviewed-by: xuelei
上级 f57a7560
......@@ -812,8 +812,9 @@ class DH_ServerKeyExchange extends ServerKeyExchange
if (!localSupportedSignAlgs.contains(
preferableSignatureAlgorithm)) {
throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " +
"ServerKeyExchange message");
"Unsupported SignatureAndHashAlgorithm in " +
"ServerKeyExchange message: " +
preferableSignatureAlgorithm);
}
} else {
this.preferableSignatureAlgorithm = null;
......@@ -846,7 +847,8 @@ class DH_ServerKeyExchange extends ServerKeyExchange
sig = RSASignature.getInstance();
break;
default:
throw new SSLKeyException("neither an RSA or a DSA key");
throw new SSLKeyException(
"neither an RSA or a DSA key: " + algorithm);
}
}
......@@ -1096,7 +1098,8 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange {
preferableSignatureAlgorithm)) {
throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " +
"ServerKeyExchange message");
"ServerKeyExchange message: " +
preferableSignatureAlgorithm);
}
}
......@@ -1136,7 +1139,8 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange {
case "RSA":
return RSASignature.getInstance();
default:
throw new NoSuchAlgorithmException("neither an RSA or a EC key");
throw new NoSuchAlgorithmException(
"neither an RSA or a EC key : " + keyAlgorithm);
}
}
......@@ -1343,7 +1347,8 @@ class CertificateRequest extends HandshakeMessage
algorithmsLen = input.getInt16();
if (algorithmsLen < 2) {
throw new SSLProtocolException(
"Invalid supported_signature_algorithms field");
"Invalid supported_signature_algorithms field: " +
algorithmsLen);
}
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
......@@ -1362,7 +1367,8 @@ class CertificateRequest extends HandshakeMessage
if (remains != 0) {
throw new SSLProtocolException(
"Invalid supported_signature_algorithms field");
"Invalid supported_signature_algorithms field. remains: " +
remains);
}
} else {
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
......@@ -1379,7 +1385,8 @@ class CertificateRequest extends HandshakeMessage
}
if (len != 0) {
throw new SSLProtocolException("Bad CertificateRequest DN length");
throw new SSLProtocolException(
"Bad CertificateRequest DN length: " + len);
}
authorities = v.toArray(new DistinguishedName[v.size()]);
......@@ -1609,8 +1616,8 @@ static final class CertificateVerify extends HandshakeMessage {
if (!localSupportedSignAlgs.contains(
preferableSignatureAlgorithm)) {
throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " +
"CertificateVerify message");
"Unsupported SignatureAndHashAlgorithm in " +
"CertificateVerify message: " + preferableSignatureAlgorithm);
}
}
......@@ -1977,7 +1984,8 @@ static final class Finished extends HandshakeMessage {
SecretKey prfKey = kg.generateKey();
if ("RAW".equals(prfKey.getFormat()) == false) {
throw new ProviderException(
"Invalid PRF output, format must be RAW");
"Invalid PRF output, format must be RAW. " +
"Format received: " + prfKey.getFormat());
}
byte[] finished = prfKey.getEncoded();
return finished;
......
......@@ -67,7 +67,8 @@ final class RSAClientKeyExchange extends HandshakeMessage {
ProtocolVersion maxVersion,
SecureRandom generator, PublicKey publicKey) throws IOException {
if (publicKey.getAlgorithm().equals("RSA") == false) {
throw new SSLKeyException("Public key not of type RSA");
throw new SSLKeyException("Public key not of type RSA: " +
publicKey.getAlgorithm());
}
this.protocolVersion = protocolVersion;
......@@ -98,7 +99,8 @@ final class RSAClientKeyExchange extends HandshakeMessage {
int messageSize, PrivateKey privateKey) throws IOException {
if (privateKey.getAlgorithm().equals("RSA") == false) {
throw new SSLKeyException("Private key not of type RSA");
throw new SSLKeyException("Private key not of type RSA: " +
privateKey.getAlgorithm());
}
if (currentVersion.v >= ProtocolVersion.TLS10.v) {
......@@ -159,8 +161,8 @@ final class RSAClientKeyExchange extends HandshakeMessage {
}
} catch (InvalidKeyException ibk) {
// the message is too big to process with RSA
throw new SSLProtocolException(
"Unable to process PreMasterSecret, may be too big");
throw new SSLException(
"Unable to process PreMasterSecret", ibk);
} catch (Exception e) {
// unlikely to happen, otherwise, must be a provider exception
if (debug != null && Debug.isOn("handshake")) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册