gnu.javax.net.ssl.provider
Class AbstractHandshake
 The base interface for handshake implementations. Concrete
 subclasses of this class (one for the server, one for the client)
 handle the HANDSHAKE content-type in communications.
| protected  boolean | doHash()
 |  | protected  byte[] | genV3CertificateVerify(MessageDigest md5, MessageDigest sha, SessionImpl session) Generate a certificate verify message for SSLv3. 
 |  | protected  ByteBuffer | generateFinished(MessageDigest md5, MessageDigest sha, boolean isClient, SessionImpl session) Generate a "finished" message. 
 |  | protected  byte[][] | generateKeys(Random clientRandom, Random serverRandom, SessionImpl session) Generate the session keys from the computed master secret.
 |  | protected  void | generateMasterSecret(Random clientRandom, Random serverRandom, SessionImpl session)
 |  | protected  void | generatePSKSecret(String identity, byte[] otherkey, boolean isClient)
 |  |  SSLEngineResult.HandshakeStatus | handleInput(ByteBuffer fragment) Handles the next input message in the handshake. 
 |  |  SSLEngineResult.HandshakeStatus | handleOutput(ByteBuffer fragment) Produce more handshake output. 
 |  | protected  boolean | hasMessage() Tell if the handshake buffer currently has a full handshake
 message.
 |  | protected abstract SSLEngineResult.HandshakeStatus | implHandleInput() Called to process more handshake data. 
 |  | protected abstract SSLEngineResult.HandshakeStatus | implHandleOutput(ByteBuffer fragment) Called to implement the underlying output handling. 
 |  | protected  void | initDiffieHellman(DHPrivateKey dhKey, SecureRandom random)
 |  | protected  boolean | pollHandshake(ByteBuffer fragment) Attempt to read the next handshake message from the given
 record. 
 |  | protected  void | setupSecurityParameters(byte[][] keys, boolean isClient, SSLEngineImpl engine, CompressionMethod compression)
 |  
 
| clone,equals,extends Object> getClass,finalize,hashCode,notify,notifyAll,toString,wait,wait,wait |  
 
CLIENT_FINISHED
protected static final byte[] CLIENT_FINISHED
 "client finished" -- TLS 1.0 and later
PAD1
protected static final byte[] PAD1
 SSL 3.0; the value 0x36 40 (for SHA-1 hashes) or 48 (for MD5 hashes)
 times.
PAD2
protected static final byte[] PAD2
 SSL 3.0; the value 0x5c 40 (for SHA-1 hashes) or 48 (for MD5 hashes)
 times.
SERVER_FINISHED
protected static final byte[] SERVER_FINISHED
 "server finished" -- TLS 1.0 and later
handshakeBuffer
protected ByteBuffer handshakeBuffer
 The currently-read handshake messages. There may be zero, or
 multiple, handshake messages in this buffer.
handshakeOffset
protected int handshakeOffset
 The offset into `handshakeBuffer' where the first unread
 handshake message resides.
tasks
protected LinkedList tasks
doHash
protected boolean doHash()
genV3CertificateVerify
protected byte[] genV3CertificateVerify(MessageDigest md5,
                                        MessageDigest sha,
                                        SessionImpl session) Generate a certificate verify message for SSLv3. In SSLv3, a different
 algorithm was used to generate this value was subtly different than
 that used in TLSv1.0 and later. In TLSv1.0 and later, this value is
 just the digest over the handshake messages.
 
SSLv3 uses the algorithm:
 
CertificateVerify.signature.md5_hash
MD5(master_secret + pad_2 +
MD5(handshake_messages + master_secret + pad_1));
Certificate.signature.sha_hash
SHA(master_secret + pad_2 +
SHA(handshake_messages + master_secret + pad_1));
- md5- The running MD5 hash of the handshake.
- sha- The running SHA-1 hash of the handshake.
- session- The current session being negotiated.
- The computed to-be-signed value.
generateFinished
protected ByteBuffer generateFinished(MessageDigest md5,
                                      MessageDigest sha,
                                      boolean isClient,
                                      SessionImpl session) Generate a "finished" message. The hashes passed in are modified
 by this function, so they should be clone copies of the digest if
 the hash function needs to be used more.
- md5- The MD5 computation.
- sha- The SHA-1 computation.
- isClient- Whether or not the client-side finished message is
being computed.
- session- The current session.
- A byte buffer containing the computed finished message.
generateKeys
protected byte[][] generateKeys(Random clientRandom,
                                Random serverRandom,
                                SessionImpl session) Generate the session keys from the computed master secret.
- clientRandom- The client's nonce.
- serverRandom- The server's nonce.
- session- The session being established.
hasMessage
protected boolean hasMessage()
 Tell if the handshake buffer currently has a full handshake
 message.
implHandleOutput
protected abstract SSLEngineResult.HandshakeStatus implHandleOutput(ByteBuffer fragment)
            throws SSLException Called to implement the underlying output handling. The callee should
 attempt to fill the given buffer as much as it can; this can include
 multiple, and even partial, handshake messages.
- fragment- The buffer the callee should write handshake messages to.
- The new status of the handshake.
- SSLException- If an error occurs processing the output message.
pollHandshake
protected boolean pollHandshake(ByteBuffer fragment)
 Attempt to read the next handshake message from the given
 record. If only a partial handshake message is available, then
 this method saves the incoming bytes and returns false. If a
 complete handshake is read, or if there was one buffered in the
 handshake buffer, this method returns true, and `handshakeBuffer'
 can be used to read the handshake.
- True if a complete handshake is present in the buffer;
false if only a partial one.
AbstractHandshake.java -- abstract handshake handler.
   Copyright (C) 2006  Free Software Foundation, Inc.
This file is a part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA
Linking this library statically or dynamically with other modules is
making a combined work based on this library.  Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module.  An independent module is a module which is not derived from
or based on this library.  If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so.  If you do not wish to do so, delete this
exception statement from your version.