protected Signer ˊ( SignatureAndHashAlgorithm paramSignatureAndHashAlgorithm, boolean paramBoolean1, boolean paramBoolean2, CipherParameters paramCipherParameters) { int i; if (paramSignatureAndHashAlgorithm != null) { i = 1; } else { i = 0; } if (i != TlsUtils.ᐝ(this.aSQ)) { throw new IllegalStateException(); } if ((paramSignatureAndHashAlgorithm != null) && ((paramSignatureAndHashAlgorithm.mK() != 2) || (paramSignatureAndHashAlgorithm.mL() != mS()))) { throw new IllegalStateException(); } short s; if (paramSignatureAndHashAlgorithm == null) { s = 2; } else { s = paramSignatureAndHashAlgorithm.mK(); } if (paramBoolean1) { paramSignatureAndHashAlgorithm = new NullDigest(); } else { paramSignatureAndHashAlgorithm = TlsUtils.ͺ(s); } paramSignatureAndHashAlgorithm = new DSADigestSigner(ʻ(s), paramSignatureAndHashAlgorithm); paramSignatureAndHashAlgorithm.ˊ(paramBoolean2, ˋ(paramBoolean2, paramCipherParameters)); return paramSignatureAndHashAlgorithm; }
/** * Parse a {@link DigitallySigned} from an {@link InputStream}. * * @param context the {@link TlsContext} of the current connection. * @param input the {@link InputStream} to parse from. * @return a {@link DigitallySigned} object. * @throws IOException */ public static DigitallySigned parse(TlsContext context, InputStream input) throws IOException { SignatureAndHashAlgorithm algorithm = null; if (TlsUtils.isTLSv12(context)) { algorithm = SignatureAndHashAlgorithm.parse(input); } byte[] signature = TlsUtils.readOpaque16(input); return new DigitallySigned(algorithm, signature); }
Collection<SignatureAndHashAlgorithm> getLocalSupportedSignAlgs() { if (localSupportedSignAlgs == null) { localSupportedSignAlgs = SignatureAndHashAlgorithm.getSupportedAlgorithms(algorithmConstraints); } return localSupportedSignAlgs; }
/** * Prior to handshaking, activate the handshake and initialize the version, input stream and * output stream. */ void activate(ProtocolVersion helloVersion) throws IOException { if (activeProtocols == null) { activeProtocols = getActiveProtocols(); } if (activeProtocols.collection().isEmpty() || activeProtocols.max.v == ProtocolVersion.NONE.v) { throw new SSLHandshakeException("No appropriate protocol"); } if (activeCipherSuites == null) { activeCipherSuites = getActiveCipherSuites(); } if (activeCipherSuites.collection().isEmpty()) { throw new SSLHandshakeException("No appropriate cipher suite"); } // temporary protocol version until the actual protocol version // is negotiated in the Hello exchange. This affects the record // version we sent with the ClientHello. if (!isInitialHandshake) { protocolVersion = activeProtocolVersion; } else { protocolVersion = activeProtocols.max; } if (helloVersion == null || helloVersion.v == ProtocolVersion.NONE.v) { helloVersion = activeProtocols.helloVersion; } // We accumulate digests of the handshake messages so that // we can read/write CertificateVerify and Finished messages, // getting assurance against some particular active attacks. Set<String> localSupportedHashAlgorithms = SignatureAndHashAlgorithm.getHashAlgorithmNames(getLocalSupportedSignAlgs()); handshakeHash = new HandshakeHash(!isClient, needCertVerify, localSupportedHashAlgorithms); // Generate handshake input/output stream. input = new HandshakeInStream(handshakeHash); if (conn != null) { output = new HandshakeOutStream(protocolVersion, helloVersion, handshakeHash, conn); conn.getAppInputStream().r.setHandshakeHash(handshakeHash); conn.getAppInputStream().r.setHelloVersion(helloVersion); conn.getAppOutputStream().r.setHelloVersion(helloVersion); } else { output = new HandshakeOutStream(protocolVersion, helloVersion, handshakeHash, engine); engine.inputRecord.setHandshakeHash(handshakeHash); engine.inputRecord.setHelloVersion(helloVersion); engine.outputRecord.setHelloVersion(helloVersion); } // move state to activated state = -1; }
protected Signer makeSigner( SignatureAndHashAlgorithm algorithm, boolean raw, boolean forSigning, CipherParameters cp) { if ((algorithm != null) != TlsUtils.isTLSv12(context)) { throw new IllegalStateException(); } if (algorithm != null && algorithm.getSignature() != SignatureAlgorithm.rsa) { throw new IllegalStateException(); } Digest d; if (raw) { d = new NullDigest(); } else if (algorithm == null) { d = new CombinedHash(); } else { d = TlsUtils.createHash(algorithm.getHash()); } Signer s; if (algorithm != null) { /* * RFC 5246 4.7. In RSA signing, the opaque vector contains the signature generated * using the RSASSA-PKCS1-v1_5 signature scheme defined in [PKCS1]. */ s = new RSADigestSigner(d, TlsUtils.getOIDForHashAlgorithm(algorithm.getHash())); } else { /* * RFC 5246 4.7. Note that earlier versions of TLS used a different RSA signature scheme * that did not include a DigestInfo encoding. */ s = new GenericSigner(createRSAImpl(), d); } s.init(forSigning, cp); return s; }
/** * Encode this {@link DigitallySigned} to an {@link OutputStream}. * * @param output the {@link OutputStream} to encode to. * @throws IOException */ public void encode(OutputStream output) throws IOException { if (algorithm != null) { algorithm.encode(output); } TlsUtils.writeOpaque16(signature, output); }