Back to index...

	/*
	* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package sun.security.internal.spec;

	import java.security.spec.AlgorithmParameterSpec;
	import java.security.AccessController;
	import java.security.PrivilegedAction;

	/**
	* Parameters for SSL/TLS RSA premaster secret.
	*
	* <p>Instances of this class are immutable.
	*
	* @since 1.6
	* @author Andreas Sterbenz
	* @deprecated Sun JDK internal use only --- WILL BE REMOVED in a future
	* release.
	*/
	@Deprecated
	public class TlsRsaPremasterSecretParameterSpec
	implements AlgorithmParameterSpec {

	private final byte[] encodedSecret;

	/*
	* The TLS spec says that the version in the RSA premaster secret must
	* be the maximum version supported by the client (i.e. the version it
	* requested in its client hello version). However, we (and other
	* implementations) used to send the active negotiated version. The
	* system property below allows to toggle the behavior.
	*/
	private static final String PROP_NAME =
	"com.sun.net.ssl.rsaPreMasterSecretFix";

	/*
	* Default is "false" (old behavior) for compatibility reasons in
	* SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property.
	*/
	private static final boolean rsaPreMasterSecretFix =
	AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
	public Boolean run() {
	String value = System.getProperty(PROP_NAME);
	if (value != null && value.equalsIgnoreCase("true")) {
	return Boolean.TRUE;
	}

	return Boolean.FALSE;
	}
	});

	private final int clientVersion;
	private final int serverVersion;

	/**
	* Constructs a new TlsRsaPremasterSecretParameterSpec.
	*
	* @param clientVersion the version of the TLS protocol by which the
	* client wishes to communicate during this session
	* @param serverVersion the negotiated version of the TLS protocol which
	* contains the lower of that suggested by the client in the client
	* hello and the highest supported by the server.
	*
	* @throws IllegalArgumentException if clientVersion or serverVersion are
	* negative or larger than (2^16 - 1)
	*/
	public TlsRsaPremasterSecretParameterSpec(
	int clientVersion, int serverVersion) {

	this.clientVersion = checkVersion(clientVersion);
	this.serverVersion = checkVersion(serverVersion);
	this.encodedSecret = null;
	}

	/**
	* Constructs a new TlsRsaPremasterSecretParameterSpec.
	*
	* @param clientVersion the version of the TLS protocol by which the
	* client wishes to communicate during this session
	* @param serverVersion the negotiated version of the TLS protocol which
	* contains the lower of that suggested by the client in the client
	* hello and the highest supported by the server.
	* @param encodedSecret the encoded secret key
	*
	* @throws IllegalArgumentException if clientVersion or serverVersion are
	* negative or larger than (2^16 - 1) or if encodedSecret is not
	* exactly 48 bytes
	*/
	public TlsRsaPremasterSecretParameterSpec(
	int clientVersion, int serverVersion, byte[] encodedSecret) {

	this.clientVersion = checkVersion(clientVersion);
	this.serverVersion = checkVersion(serverVersion);
	if (encodedSecret == null \|\| encodedSecret.length != 48) {
	throw new IllegalArgumentException(
	"Encoded secret is not exactly 48 bytes");
	}
	this.encodedSecret = encodedSecret.clone();
	}

	/**
	* Returns the version of the TLS protocol by which the client wishes to
	* communicate during this session.
	*
	* @return the version of the TLS protocol in ClientHello message
	*/
	public int getClientVersion() {
	return clientVersion;
	}

	/**
	* Returns the negotiated version of the TLS protocol which contains the
	* lower of that suggested by the client in the client hello and the
	* highest supported by the server.
	*
	* @return the negotiated version of the TLS protocol in ServerHello message
	*/
	public int getServerVersion() {
	return serverVersion;
	}

	/**
	* Returns the major version used in RSA premaster secret.
	*
	* @return the major version used in RSA premaster secret.
	*/
	public int getMajorVersion() {
	if (rsaPreMasterSecretFix \|\| clientVersion >= 0x0302) {
	// 0x0302: TLSv1.1
	return (clientVersion >>> 8) & 0xFF;
	}

	return (serverVersion >>> 8) & 0xFF;
	}

	/**
	* Returns the minor version used in RSA premaster secret.
	*
	* @return the minor version used in RSA premaster secret.
	*/
	public int getMinorVersion() {
	if (rsaPreMasterSecretFix \|\| clientVersion >= 0x0302) {
	// 0x0302: TLSv1.1
	return clientVersion & 0xFF;
	}

	return serverVersion & 0xFF;
	}

	private int checkVersion(int version) {
	if ((version < 0) \|\| (version > 0xFFFF)) {
	throw new IllegalArgumentException(
	"Version must be between 0 and 65,535");
	}
	return version;
	}

	/**
	* Returns the encoded secret.
	*
	* @return the encoded secret, may be null if no encoded secret.
	*/
	public byte[] getEncodedSecret() {
	return encodedSecret == null ? null : encodedSecret.clone();
	}
	}

Back to index...