Path: blob/master/src/java.base/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java
41161 views
/*1* Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.internal.spec;2627import sun.security.action.GetBooleanAction;2829import java.security.spec.AlgorithmParameterSpec;3031/**32* Parameters for SSL/TLS RSA premaster secret.33*34* <p>Instances of this class are immutable.35*36* @since 1.637* @author Andreas Sterbenz38* @deprecated Sun JDK internal use only --- WILL BE REMOVED in a future39* release.40*/41@Deprecated42public class TlsRsaPremasterSecretParameterSpec43implements AlgorithmParameterSpec {4445private final byte[] encodedSecret;4647/*48* The TLS spec says that the version in the RSA premaster secret must49* be the maximum version supported by the client (i.e. the version it50* requested in its client hello version). However, we (and other51* implementations) used to send the active negotiated version. The52* system property below allows to toggle the behavior.53* Default is "false" (old behavior) for compatibility reasons in54* SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property.55*/56private static final boolean rsaPreMasterSecretFix = GetBooleanAction57.privilegedGetProperty("com.sun.net.ssl.rsaPreMasterSecretFix");5859private final int clientVersion;60private final int serverVersion;6162/**63* Constructs a new TlsRsaPremasterSecretParameterSpec.64*65* @param clientVersion the version of the TLS protocol by which the66* client wishes to communicate during this session67* @param serverVersion the negotiated version of the TLS protocol which68* contains the lower of that suggested by the client in the client69* hello and the highest supported by the server.70*71* @throws IllegalArgumentException if clientVersion or serverVersion are72* negative or larger than (2^16 - 1)73*/74public TlsRsaPremasterSecretParameterSpec(75int clientVersion, int serverVersion) {7677this.clientVersion = checkVersion(clientVersion);78this.serverVersion = checkVersion(serverVersion);79this.encodedSecret = null;80}8182/**83* Constructs a new TlsRsaPremasterSecretParameterSpec.84*85* @param clientVersion the version of the TLS protocol by which the86* client wishes to communicate during this session87* @param serverVersion the negotiated version of the TLS protocol which88* contains the lower of that suggested by the client in the client89* hello and the highest supported by the server.90* @param encodedSecret the encoded secret key91*92* @throws IllegalArgumentException if clientVersion or serverVersion are93* negative or larger than (2^16 - 1) or if encodedSecret is not94* exactly 48 bytes95*/96public TlsRsaPremasterSecretParameterSpec(97int clientVersion, int serverVersion, byte[] encodedSecret) {9899this.clientVersion = checkVersion(clientVersion);100this.serverVersion = checkVersion(serverVersion);101if (encodedSecret == null || encodedSecret.length != 48) {102throw new IllegalArgumentException(103"Encoded secret is not exactly 48 bytes");104}105this.encodedSecret = encodedSecret.clone();106}107108/**109* Returns the version of the TLS protocol by which the client wishes to110* communicate during this session.111*112* @return the version of the TLS protocol in ClientHello message113*/114public int getClientVersion() {115return clientVersion;116}117118/**119* Returns the negotiated version of the TLS protocol which contains the120* lower of that suggested by the client in the client hello and the121* highest supported by the server.122*123* @return the negotiated version of the TLS protocol in ServerHello message124*/125public int getServerVersion() {126return serverVersion;127}128129/**130* Returns the major version used in RSA premaster secret.131*132* @return the major version used in RSA premaster secret.133*/134public int getMajorVersion() {135if (rsaPreMasterSecretFix || clientVersion >= 0x0302) {136// 0x0302: TLSv1.1137return (clientVersion >>> 8) & 0xFF;138}139140return (serverVersion >>> 8) & 0xFF;141}142143/**144* Returns the minor version used in RSA premaster secret.145*146* @return the minor version used in RSA premaster secret.147*/148public int getMinorVersion() {149if (rsaPreMasterSecretFix || clientVersion >= 0x0302) {150// 0x0302: TLSv1.1151return clientVersion & 0xFF;152}153154return serverVersion & 0xFF;155}156157private int checkVersion(int version) {158if ((version < 0) || (version > 0xFFFF)) {159throw new IllegalArgumentException(160"Version must be between 0 and 65,535");161}162return version;163}164165/**166* Returns the encoded secret.167*168* @return the encoded secret, may be null if no encoded secret.169*/170public byte[] getEncodedSecret() {171return encodedSecret == null ? null : encodedSecret.clone();172}173}174175176