From 0cdcee6122bb1f1663b3a1f3711af98bdbd5b9e3 Mon Sep 17 00:00:00 2001 From: coffeys Date: Thu, 7 Apr 2016 10:11:38 +0100 Subject: [PATCH] 8153531: Improve exception messaging for RSAClientKeyExchange Reviewed-by: xuelei --- .../sun/security/ssl/HandshakeMessage.java | 30 ++++++++++++------- .../security/ssl/RSAClientKeyExchange.java | 10 ++++--- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/src/share/classes/sun/security/ssl/HandshakeMessage.java b/src/share/classes/sun/security/ssl/HandshakeMessage.java index e921ea061..8ecaf7868 100644 --- a/src/share/classes/sun/security/ssl/HandshakeMessage.java +++ b/src/share/classes/sun/security/ssl/HandshakeMessage.java @@ -812,8 +812,9 @@ class DH_ServerKeyExchange extends ServerKeyExchange if (!localSupportedSignAlgs.contains( preferableSignatureAlgorithm)) { throw new SSLHandshakeException( - "Unsupported SignatureAndHashAlgorithm in " + - "ServerKeyExchange message"); + "Unsupported SignatureAndHashAlgorithm in " + + "ServerKeyExchange message: " + + preferableSignatureAlgorithm); } } else { this.preferableSignatureAlgorithm = null; @@ -846,7 +847,8 @@ class DH_ServerKeyExchange extends ServerKeyExchange sig = RSASignature.getInstance(); break; default: - throw new SSLKeyException("neither an RSA or a DSA key"); + throw new SSLKeyException( + "neither an RSA or a DSA key: " + algorithm); } } @@ -1096,7 +1098,8 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange { preferableSignatureAlgorithm)) { throw new SSLHandshakeException( "Unsupported SignatureAndHashAlgorithm in " + - "ServerKeyExchange message"); + "ServerKeyExchange message: " + + preferableSignatureAlgorithm); } } @@ -1136,7 +1139,8 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange { case "RSA": return RSASignature.getInstance(); default: - throw new NoSuchAlgorithmException("neither an RSA or a EC key"); + throw new NoSuchAlgorithmException( + "neither an RSA or a EC key : " + keyAlgorithm); } } @@ -1343,7 +1347,8 @@ class CertificateRequest extends HandshakeMessage algorithmsLen = input.getInt16(); if (algorithmsLen < 2) { throw new SSLProtocolException( - "Invalid supported_signature_algorithms field"); + "Invalid supported_signature_algorithms field: " + + algorithmsLen); } algorithms = new ArrayList(); @@ -1362,7 +1367,8 @@ class CertificateRequest extends HandshakeMessage if (remains != 0) { throw new SSLProtocolException( - "Invalid supported_signature_algorithms field"); + "Invalid supported_signature_algorithms field. remains: " + + remains); } } else { algorithms = new ArrayList(); @@ -1379,7 +1385,8 @@ class CertificateRequest extends HandshakeMessage } if (len != 0) { - throw new SSLProtocolException("Bad CertificateRequest DN length"); + throw new SSLProtocolException( + "Bad CertificateRequest DN length: " + len); } authorities = v.toArray(new DistinguishedName[v.size()]); @@ -1609,8 +1616,8 @@ static final class CertificateVerify extends HandshakeMessage { if (!localSupportedSignAlgs.contains( preferableSignatureAlgorithm)) { throw new SSLHandshakeException( - "Unsupported SignatureAndHashAlgorithm in " + - "CertificateVerify message"); + "Unsupported SignatureAndHashAlgorithm in " + + "CertificateVerify message: " + preferableSignatureAlgorithm); } } @@ -1977,7 +1984,8 @@ static final class Finished extends HandshakeMessage { SecretKey prfKey = kg.generateKey(); if ("RAW".equals(prfKey.getFormat()) == false) { throw new ProviderException( - "Invalid PRF output, format must be RAW"); + "Invalid PRF output, format must be RAW. " + + "Format received: " + prfKey.getFormat()); } byte[] finished = prfKey.getEncoded(); return finished; diff --git a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java index eacf8530f..783146cf4 100644 --- a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java +++ b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java @@ -67,7 +67,8 @@ final class RSAClientKeyExchange extends HandshakeMessage { ProtocolVersion maxVersion, SecureRandom generator, PublicKey publicKey) throws IOException { if (publicKey.getAlgorithm().equals("RSA") == false) { - throw new SSLKeyException("Public key not of type RSA"); + throw new SSLKeyException("Public key not of type RSA: " + + publicKey.getAlgorithm()); } this.protocolVersion = protocolVersion; @@ -98,7 +99,8 @@ final class RSAClientKeyExchange extends HandshakeMessage { int messageSize, PrivateKey privateKey) throws IOException { if (privateKey.getAlgorithm().equals("RSA") == false) { - throw new SSLKeyException("Private key not of type RSA"); + throw new SSLKeyException("Private key not of type RSA: " + + privateKey.getAlgorithm()); } if (currentVersion.v >= ProtocolVersion.TLS10.v) { @@ -159,8 +161,8 @@ final class RSAClientKeyExchange extends HandshakeMessage { } } catch (InvalidKeyException ibk) { // the message is too big to process with RSA - throw new SSLProtocolException( - "Unable to process PreMasterSecret, may be too big"); + throw new SSLException( + "Unable to process PreMasterSecret", ibk); } catch (Exception e) { // unlikely to happen, otherwise, must be a provider exception if (debug != null && Debug.isOn("handshake")) { -- GitLab