gnu.javax.net.ssl.provider

Class AbstractHandshake

java.lang.Object
- gnu.javax.net.ssl.provider.AbstractHandshake

Known Direct Subclasses:: ClientHandshake

public abstract class AbstractHandshake

extends Object

The base interface for handshake implementations. Concrete subclasses of this class (one for the server, one for the client) handle the HANDSHAKE content-type in communications.

Nested Class Summary
`protected class`	`AbstractHandshake.CertVerifier`
`protected class`	`AbstractHandshake.DHE_PSKGen`
`protected class`	`AbstractHandshake.DHPhase`

Field Summary
`protected static byte[]`	`CLIENT_FINISHED` "client finished" -- TLS 1.0 and later
`protected static byte[]`	`PAD1` SSL 3.0; the value 0x36 40 (for SHA-1 hashes) or 48 (for MD5 hashes) times.
`protected static byte[]`	`PAD2` SSL 3.0; the value 0x5c 40 (for SHA-1 hashes) or 48 (for MD5 hashes) times.
`protected static byte[]`	`SERVER_FINISHED` "server finished" -- TLS 1.0 and later
`protected Random`	`clientRandom`
`protected CompressionMethod`	`compression`
`protected SSLEngineImpl`	`engine`
`protected ByteBuffer`	`handshakeBuffer` The currently-read handshake messages.
`protected int`	`handshakeOffset` The offset into `handshakeBuffer' where the first unread handshake message resides.
`protected InputSecurityParameters`	`inParams`
`protected KeyAgreement`	`keyAgreement`
`protected static SystemLogger`	`logger`
`protected MessageDigest`	`md5`
`protected OutputSecurityParameters`	`outParams`
`protected byte[]`	`preMasterSecret`
`protected Random`	`serverRandom`
`protected MessageDigest`	`sha`
`protected LinkedList`	`tasks`

Constructor Summary
`AbstractHandshake(SSLEngineImpl engine)`

Method Summary
`protected boolean`	`doHash()`
`protected byte[]`	`genV3CertificateVerify(MessageDigest md5, MessageDigest sha, SessionImpl session)` Generate a certificate verify message for SSLv3.
`protected ByteBuffer`	`generateFinished(MessageDigest md5, MessageDigest sha, boolean isClient, SessionImpl session)` Generate a "finished" message.
`protected byte[][]`	`generateKeys(Random clientRandom, Random serverRandom, SessionImpl session)` Generate the session keys from the computed master secret.
`protected void`	`generateMasterSecret(Random clientRandom, Random serverRandom, SessionImpl session)`
`protected void`	`generatePSKSecret(String identity, byte[] otherkey, boolean isClient)`
`SSLEngineResult.HandshakeStatus`	`handleInput(ByteBuffer fragment)` Handles the next input message in the handshake.
`SSLEngineResult.HandshakeStatus`	`handleOutput(ByteBuffer fragment)` Produce more handshake output.
`protected boolean`	`hasMessage()` Tell if the handshake buffer currently has a full handshake message.
`protected abstract SSLEngineResult.HandshakeStatus`	`implHandleInput()` Called to process more handshake data.
`protected abstract SSLEngineResult.HandshakeStatus`	`implHandleOutput(ByteBuffer fragment)` Called to implement the underlying output handling.
`protected void`	`initDiffieHellman(DHPrivateKey dhKey, SecureRandom random)`
`protected boolean`	`pollHandshake(ByteBuffer fragment)` Attempt to read the next handshake message from the given record.
`protected void`	`setupSecurityParameters(byte[][] keys, boolean isClient, SSLEngineImpl engine, CompressionMethod compression)`

Methods inherited from class java.lang.Object
`clone`, `equals`, `extends Object> getClass`, `finalize`, `hashCode`, `notify`, `notifyAll`, `toString`, `wait`, `wait`, `wait`

CLIENT_FINISHED

protected static final byte[] CLIENT_FINISHED

"client finished" -- TLS 1.0 and later

PAD1

protected static final byte[] PAD1

SSL 3.0; the value 0x36 40 (for SHA-1 hashes) or 48 (for MD5 hashes) times.

PAD2

protected static final byte[] PAD2

SSL 3.0; the value 0x5c 40 (for SHA-1 hashes) or 48 (for MD5 hashes) times.

SERVER_FINISHED

protected static final byte[] SERVER_FINISHED

"server finished" -- TLS 1.0 and later

clientRandom

protected Random clientRandom

compression

protected CompressionMethod compression

engine

protected final SSLEngineImpl engine

handshakeBuffer

protected ByteBuffer handshakeBuffer

The currently-read handshake messages. There may be zero, or multiple, handshake messages in this buffer.

handshakeOffset

protected int handshakeOffset

The offset into `handshakeBuffer' where the first unread handshake message resides.

inParams

protected InputSecurityParameters inParams

keyAgreement

protected KeyAgreement keyAgreement

logger

protected static final SystemLogger logger

md5

protected MessageDigest md5

outParams

protected OutputSecurityParameters outParams

preMasterSecret

protected byte[] preMasterSecret

serverRandom

protected Random serverRandom

sha

protected MessageDigest sha

tasks

protected LinkedList tasks

AbstractHandshake

protected AbstractHandshake(SSLEngineImpl engine)
            throws NoSuchAlgorithmException

doHash

protected boolean doHash()

genV3CertificateVerify

protected byte[] genV3CertificateVerify(MessageDigest md5,
                                        MessageDigest sha,
                                        SessionImpl session)

Generate a certificate verify message for SSLv3. In SSLv3, a different algorithm was used to generate this value was subtly different than that used in TLSv1.0 and later. In TLSv1.0 and later, this value is just the digest over the handshake messages.
SSLv3 uses the algorithm:
CertificateVerify.signature.md5_hash
MD5(master_secret + pad_2 +
MD5(handshake_messages + master_secret + pad_1));
Certificate.signature.sha_hash
SHA(master_secret + pad_2 +
SHA(handshake_messages + master_secret + pad_1));
Parameters:
md5 - The running MD5 hash of the handshake.
sha - The running SHA-1 hash of the handshake.
session - The current session being negotiated.
Returns:
The computed to-be-signed value.

generateFinished

protected ByteBuffer generateFinished(MessageDigest md5,
                                      MessageDigest sha,
                                      boolean isClient,
                                      SessionImpl session)

Generate a "finished" message. The hashes passed in are modified by this function, so they should be clone copies of the digest if the hash function needs to be used more.
Parameters:
md5 - The MD5 computation.
sha - The SHA-1 computation.
isClient - Whether or not the client-side finished message is being computed.
session - The current session.
Returns:
A byte buffer containing the computed finished message.

generateKeys

protected byte[][] generateKeys(Random clientRandom,
                                Random serverRandom,
                                SessionImpl session)

Generate the session keys from the computed master secret.
Parameters:
clientRandom - The client's nonce.
serverRandom - The server's nonce.
session - The session being established.
Returns:
The derived keys.

generateMasterSecret

protected void generateMasterSecret(Random clientRandom,
                                    Random serverRandom,
                                    SessionImpl session)
            throws SSLException

generatePSKSecret

protected void generatePSKSecret(String identity,
                                 byte[] otherkey,
                                 boolean isClient)
            throws SSLException

handleInput

public final SSLEngineResult.HandshakeStatus handleInput(ByteBuffer fragment)
            throws SSLException

Handles the next input message in the handshake. This is called in response to a call to javax.net.ssl.SSLEngine.unwrap for a message with content-type HANDSHAKE.
Parameters:
Returns:
An SSLEngineResult describing the result.

handleOutput

public final SSLEngineResult.HandshakeStatus handleOutput(ByteBuffer fragment)
            throws SSLException

Produce more handshake output. This is called in response to a call to javax.net.ssl.SSLEngine.wrap, when the handshake is still in progress.
Parameters:
Returns:
An SSLEngineResult describing the result.

hasMessage

protected boolean hasMessage()

Tell if the handshake buffer currently has a full handshake message.

implHandleInput

protected abstract SSLEngineResult.HandshakeStatus implHandleInput()
            throws SSLException

Called to process more handshake data. This method will be called repeatedly while there is remaining handshake data, and while the status is
Returns:
Throws:
SSLException -

implHandleOutput

protected abstract SSLEngineResult.HandshakeStatus implHandleOutput(ByteBuffer fragment)
            throws SSLException

Called to implement the underlying output handling. The callee should attempt to fill the given buffer as much as it can; this can include multiple, and even partial, handshake messages.
Parameters:
fragment - The buffer the callee should write handshake messages to.
Returns:
The new status of the handshake.
Throws:
SSLException - If an error occurs processing the output message.

initDiffieHellman

protected void initDiffieHellman(DHPrivateKey dhKey,
                                 SecureRandom random)
            throws SSLException

pollHandshake

protected boolean pollHandshake(ByteBuffer fragment)

Attempt to read the next handshake message from the given record. If only a partial handshake message is available, then this method saves the incoming bytes and returns false. If a complete handshake is read, or if there was one buffered in the handshake buffer, this method returns true, and `handshakeBuffer' can be used to read the handshake.
Parameters:
Returns:
True if a complete handshake is present in the buffer; false if only a partial one.

setupSecurityParameters

protected void setupSecurityParameters(byte[][] keys,
                                       boolean isClient,
                                       SSLEngineImpl engine,
                                       CompressionMethod compression)
            throws SSLException

AbstractHandshake.java -- abstract handshake handler. Copyright (C) 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.

Overview Package Class Use Source Tree Index Deprecated About
Prev Class \| Next Class		Frames \| No Frames
Summary: Nested \| Field \| Method \| Constr	Detail: Nested \| Field \| Method \| Constr