protected Signer ˊ(
SignatureAndHashAlgorithm paramSignatureAndHashAlgorithm,
boolean paramBoolean1,
boolean paramBoolean2,
CipherParameters paramCipherParameters) {
int i;
if (paramSignatureAndHashAlgorithm != null) {
i = 1;
} else {
i = 0;
}
if (i != TlsUtils.ᐝ(this.aSQ)) {
throw new IllegalStateException();
}
if ((paramSignatureAndHashAlgorithm != null)
&& ((paramSignatureAndHashAlgorithm.mK() != 2)
|| (paramSignatureAndHashAlgorithm.mL() != mS()))) {
throw new IllegalStateException();
}
short s;
if (paramSignatureAndHashAlgorithm == null) {
s = 2;
} else {
s = paramSignatureAndHashAlgorithm.mK();
}
if (paramBoolean1) {
paramSignatureAndHashAlgorithm = new NullDigest();
} else {
paramSignatureAndHashAlgorithm = TlsUtils.ͺ(s);
}
paramSignatureAndHashAlgorithm = new DSADigestSigner(ʻ(s), paramSignatureAndHashAlgorithm);
paramSignatureAndHashAlgorithm.ˊ(paramBoolean2, ˋ(paramBoolean2, paramCipherParameters));
return paramSignatureAndHashAlgorithm;
}
/**
* Parse a {@link DigitallySigned} from an {@link InputStream}.
*
* @param context the {@link TlsContext} of the current connection.
* @param input the {@link InputStream} to parse from.
* @return a {@link DigitallySigned} object.
* @throws IOException
*/
public static DigitallySigned parse(TlsContext context, InputStream input) throws IOException {
SignatureAndHashAlgorithm algorithm = null;
if (TlsUtils.isTLSv12(context)) {
algorithm = SignatureAndHashAlgorithm.parse(input);
}
byte[] signature = TlsUtils.readOpaque16(input);
return new DigitallySigned(algorithm, signature);
}
Collection<SignatureAndHashAlgorithm> getLocalSupportedSignAlgs() {
if (localSupportedSignAlgs == null) {
localSupportedSignAlgs =
SignatureAndHashAlgorithm.getSupportedAlgorithms(algorithmConstraints);
}
return localSupportedSignAlgs;
}
/**
* Prior to handshaking, activate the handshake and initialize the version, input stream and
* output stream.
*/
void activate(ProtocolVersion helloVersion) throws IOException {
if (activeProtocols == null) {
activeProtocols = getActiveProtocols();
}
if (activeProtocols.collection().isEmpty() || activeProtocols.max.v == ProtocolVersion.NONE.v) {
throw new SSLHandshakeException("No appropriate protocol");
}
if (activeCipherSuites == null) {
activeCipherSuites = getActiveCipherSuites();
}
if (activeCipherSuites.collection().isEmpty()) {
throw new SSLHandshakeException("No appropriate cipher suite");
}
// temporary protocol version until the actual protocol version
// is negotiated in the Hello exchange. This affects the record
// version we sent with the ClientHello.
if (!isInitialHandshake) {
protocolVersion = activeProtocolVersion;
} else {
protocolVersion = activeProtocols.max;
}
if (helloVersion == null || helloVersion.v == ProtocolVersion.NONE.v) {
helloVersion = activeProtocols.helloVersion;
}
// We accumulate digests of the handshake messages so that
// we can read/write CertificateVerify and Finished messages,
// getting assurance against some particular active attacks.
Set<String> localSupportedHashAlgorithms =
SignatureAndHashAlgorithm.getHashAlgorithmNames(getLocalSupportedSignAlgs());
handshakeHash = new HandshakeHash(!isClient, needCertVerify, localSupportedHashAlgorithms);
// Generate handshake input/output stream.
input = new HandshakeInStream(handshakeHash);
if (conn != null) {
output = new HandshakeOutStream(protocolVersion, helloVersion, handshakeHash, conn);
conn.getAppInputStream().r.setHandshakeHash(handshakeHash);
conn.getAppInputStream().r.setHelloVersion(helloVersion);
conn.getAppOutputStream().r.setHelloVersion(helloVersion);
} else {
output = new HandshakeOutStream(protocolVersion, helloVersion, handshakeHash, engine);
engine.inputRecord.setHandshakeHash(handshakeHash);
engine.inputRecord.setHelloVersion(helloVersion);
engine.outputRecord.setHelloVersion(helloVersion);
}
// move state to activated
state = -1;
}
protected Signer makeSigner(
SignatureAndHashAlgorithm algorithm, boolean raw, boolean forSigning, CipherParameters cp) {
if ((algorithm != null) != TlsUtils.isTLSv12(context)) {
throw new IllegalStateException();
}
if (algorithm != null && algorithm.getSignature() != SignatureAlgorithm.rsa) {
throw new IllegalStateException();
}
Digest d;
if (raw) {
d = new NullDigest();
} else if (algorithm == null) {
d = new CombinedHash();
} else {
d = TlsUtils.createHash(algorithm.getHash());
}
Signer s;
if (algorithm != null) {
/*
* RFC 5246 4.7. In RSA signing, the opaque vector contains the signature generated
* using the RSASSA-PKCS1-v1_5 signature scheme defined in [PKCS1].
*/
s = new RSADigestSigner(d, TlsUtils.getOIDForHashAlgorithm(algorithm.getHash()));
} else {
/*
* RFC 5246 4.7. Note that earlier versions of TLS used a different RSA signature scheme
* that did not include a DigestInfo encoding.
*/
s = new GenericSigner(createRSAImpl(), d);
}
s.init(forSigning, cp);
return s;
}
/**
* Encode this {@link DigitallySigned} to an {@link OutputStream}.
*
* @param output the {@link OutputStream} to encode to.
* @throws IOException
*/
public void encode(OutputStream output) throws IOException {
if (algorithm != null) {
algorithm.encode(output);
}
TlsUtils.writeOpaque16(signature, output);
}
