Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk

体验新版 GitCode,发现更多精彩内容 >>

提交 4c8b5981 编写于 作者: W wetmore
浏览文件
操作

Merge

上级 9f4b0a82 878c17e5
展开全部 隐藏空白更改
内联 并排
Showing with 623 addition and 2 deletion
src/share/classes/sun/security/ssl/ClientHandshaker.java
浏览文件 @ 4c8b5981
......@@ -32,6 +32,7 @@ import java.security.*;
import java.util.*;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.cert.X509Certificate;
......@@ -147,8 +148,33 @@ final class ClientHandshaker extends Handshaker {
case HandshakeMessage.ht_server_key_exchange:
serverKeyExchangeReceived = true;
switch (keyExchange) {
case K_RSA:
case K_RSA_EXPORT:
/**
* The server key exchange message is sent by the server only
* when the server certificate message does not contain the
* proper amount of data to allow the client to exchange a
* premaster secret, such as when RSA_EXPORT is used and the
* public key in the server certificate is longer than 512 bits.
*/
if (serverKey == null) {
throw new SSLProtocolException
("Server did not send certificate message");
}
if (!(serverKey instanceof RSAPublicKey)) {
throw new SSLProtocolException("Protocol violation:" +
" the certificate type must be appropriate for the" +
" selected cipher suite's key exchange algorithm");
}
if (JsseJce.getRSAKeyLength(serverKey) <= 512) {
throw new SSLProtocolException("Protocol violation:" +
" server sent a server key exchange message for" +
" key exchange " + keyExchange +
" when the public key in the server certificate" +
" is less than or equal to 512 bits in length");
}
try {
this.serverKeyExchange(new RSA_ServerKeyExchange(input));
} catch (GeneralSecurityException e) {
......@@ -180,6 +206,9 @@ final class ClientHandshaker extends Handshaker {
throwSSLException("Server key", e);
}
break;
case K_RSA:
case K_DH_RSA:
case K_DH_DSS:
case K_ECDH_ECDSA:
case K_ECDH_RSA:
throw new SSLProtocolException("Protocol violation: server sent"
......@@ -580,6 +609,16 @@ final class ClientHandshaker extends Handshaker {
case K_RSA:
case K_RSA_EXPORT:
if (serverKey == null) {
throw new SSLProtocolException
("Server did not send certificate message");
}
if (!(serverKey instanceof RSAPublicKey)) {
throw new SSLProtocolException
("Server certificate does not include an RSA key");
}
/*
* For RSA key exchange, we randomly generate a new
* pre-master secret and encrypt it with the server's
......@@ -588,8 +627,29 @@ final class ClientHandshaker extends Handshaker {
* it's a performance speedup not to do that until
* the client's waiting for the server response, but
* more of a speedup for the D-H case.
*
* If the RSA_EXPORT scheme is active, when the public
* key in the server certificate is less than or equal
* to 512 bits in length, use the cert's public key,
* otherwise, the ephemeral one.
*/
PublicKey key = (keyExchange == K_RSA) ? serverKey : ephemeralServerKey;
PublicKey key;
if (keyExchange == K_RSA) {
key = serverKey;
} else { // K_RSA_EXPORT
if (JsseJce.getRSAKeyLength(serverKey) <= 512) {
// extraneous ephemeralServerKey check done
// above in processMessage()
key = serverKey;
} else {
if (ephemeralServerKey == null) {
throw new SSLProtocolException("Server did not send" +
" a RSA_EXPORT Server Key Exchange message");
}
key = ephemeralServerKey;
}
}
m2 = new RSAClientKeyExchange(protocolVersion, maxProtocolVersion,
sslContext.getSecureRandom(), key);
break;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册