Search in sources :

Example 1 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project robovm by robovm.

the class ServerHandshakeImpl method processClientHello.

/**
     *
     * Processes Client Hello message.
     * Server responds to client hello message with server hello
     * and (if necessary) server certificate, server key exchange,
     * certificate request, and server hello done messages.
     */
void processClientHello() {
    CipherSuite cipher_suite;
    // check that clientHello contains CompressionMethod.null
    checkCompression: {
        for (int i = 0; i < clientHello.compression_methods.length; i++) {
            if (clientHello.compression_methods[i] == 0) {
                break checkCompression;
            }
        }
        fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "HANDSHAKE FAILURE. Incorrect client hello message");
    }
    byte[] server_version = clientHello.client_version;
    if (!ProtocolVersion.isSupported(clientHello.client_version)) {
        if (clientHello.client_version[0] >= 3) {
            // Protocol from the future, admit that the newest thing we know is TLSv1
            server_version = ProtocolVersion.TLSv1.version;
        } else {
            fatalAlert(AlertProtocol.PROTOCOL_VERSION, "PROTOCOL VERSION. Unsupported client version " + clientHello.client_version[0] + clientHello.client_version[1]);
        }
    }
    isResuming = false;
    FIND: if (clientHello.session_id.length != 0) {
        // client wishes to reuse session
        SSLSessionImpl sessionToResume;
        boolean reuseCurrent = false;
        // reuse current session
        if (session != null && Arrays.equals(session.id, clientHello.session_id)) {
            if (session.isValid()) {
                isResuming = true;
                break FIND;
            }
            reuseCurrent = true;
        }
        // find session in cash
        sessionToResume = findSessionToResume(clientHello.session_id);
        if (sessionToResume == null || !sessionToResume.isValid()) {
            if (!parameters.getEnableSessionCreation()) {
                if (reuseCurrent) {
                    // we can continue current session
                    sendWarningAlert(AlertProtocol.NO_RENEGOTIATION);
                    status = NOT_HANDSHAKING;
                    clearMessages();
                    return;
                }
                // throw AlertException
                fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "SSL Session may not be created");
            }
            session = null;
        } else {
            session = (SSLSessionImpl) sessionToResume.clone();
            isResuming = true;
        }
    }
    if (isResuming) {
        cipher_suite = session.cipherSuite;
        // clientHello.cipher_suites must include at least cipher_suite from the session
        checkCipherSuite: {
            for (int i = 0; i < clientHello.cipher_suites.length; i++) {
                if (cipher_suite.equals(clientHello.cipher_suites[i])) {
                    break checkCipherSuite;
                }
            }
            fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "HANDSHAKE FAILURE. Incorrect client hello message");
        }
    } else {
        cipher_suite = selectSuite(clientHello.cipher_suites);
        if (cipher_suite == null) {
            fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "HANDSHAKE FAILURE. NO COMMON SUITE");
        }
        if (!parameters.getEnableSessionCreation()) {
            fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "SSL Session may not be created");
        }
        session = new SSLSessionImpl(cipher_suite, parameters.getSecureRandom());
        if (engineOwner != null) {
            session.setPeer(engineOwner.getPeerHost(), engineOwner.getPeerPort());
        } else {
            session.setPeer(socketOwner.getInetAddress().getHostName(), socketOwner.getPort());
        }
    }
    recordProtocol.setVersion(server_version);
    session.protocol = ProtocolVersion.getByVersion(server_version);
    session.clientRandom = clientHello.random;
    // create server hello message
    serverHello = new ServerHello(parameters.getSecureRandom(), server_version, session.getId(), cipher_suite, //CompressionMethod.null
    (byte) 0);
    session.serverRandom = serverHello.random;
    send(serverHello);
    if (isResuming) {
        sendChangeCipherSpec();
        return;
    }
    //    create and send server certificate message if needed
    if (!cipher_suite.isAnonymous()) {
        // need to send server certificate
        X509Certificate[] certs = null;
        String certType = cipher_suite.getServerKeyType();
        if (certType == null) {
            fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "NO CERT TYPE FOR " + cipher_suite.getName());
        }
        // obtain certificates from key manager
        String alias = null;
        X509KeyManager km = parameters.getKeyManager();
        if (km instanceof X509ExtendedKeyManager) {
            X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) km;
            if (this.socketOwner != null) {
                alias = ekm.chooseServerAlias(certType, null, this.socketOwner);
            } else {
                alias = ekm.chooseEngineServerAlias(certType, null, this.engineOwner);
            }
            if (alias != null) {
                certs = ekm.getCertificateChain(alias);
            }
        } else {
            alias = km.chooseServerAlias(certType, null, this.socketOwner);
            if (alias != null) {
                certs = km.getCertificateChain(alias);
            }
        }
        if (certs == null) {
            fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "NO SERVER CERTIFICATE FOUND");
            return;
        }
        session.localCertificates = certs;
        serverCert = new CertificateMessage(certs);
        privKey = km.getPrivateKey(alias);
        send(serverCert);
    }
    // create and send server key exchange message if needed
    RSAPublicKey rsakey = null;
    DHPublicKeySpec dhkeySpec = null;
    byte[] hash = null;
    BigInteger p = null;
    BigInteger g = null;
    KeyPairGenerator kpg = null;
    try {
        if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
            PublicKey pk = serverCert.certs[0].getPublicKey();
            if (getRSAKeyLength(pk) > 512) {
                // key is longer than 512 bits
                kpg = KeyPairGenerator.getInstance("RSA");
                kpg.initialize(512);
            }
        } else if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS_EXPORT || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA_EXPORT || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DH_anon || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DH_anon_EXPORT) {
            kpg = KeyPairGenerator.getInstance("DH");
            p = new BigInteger(1, DHParameters.getPrime());
            g = new BigInteger("2");
            DHParameterSpec spec = new DHParameterSpec(p, g);
            kpg.initialize(spec);
        }
    } catch (Exception e) {
        fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR", e);
    }
    if (kpg != null) {
        // need to send server key exchange message
        DigitalSignature ds = new DigitalSignature(cipher_suite.authType);
        KeyPair kp = null;
        try {
            kp = kpg.genKeyPair();
            if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
                rsakey = (RSAPublicKey) kp.getPublic();
            } else {
                DHPublicKey dhkey = (DHPublicKey) kp.getPublic();
                KeyFactory kf = KeyFactory.getInstance("DH");
                dhkeySpec = kf.getKeySpec(dhkey, DHPublicKeySpec.class);
            }
            if (!cipher_suite.isAnonymous()) {
                // calculate signed_params
                // init by private key which correspond to
                // server certificate
                ds.init(privKey);
                // use emphemeral key for key exchange
                privKey = kp.getPrivate();
                ds.update(clientHello.getRandom());
                ds.update(serverHello.getRandom());
                //FIXME 1_byte==0x00
                if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
                    ServerKeyExchange.updateSignatureRsa(ds, rsakey.getModulus(), rsakey.getPublicExponent());
                } else {
                    ServerKeyExchange.updateSignatureDh(ds, dhkeySpec.getP(), dhkeySpec.getG(), dhkeySpec.getY());
                }
                hash = ds.sign();
            } else {
                // use emphemeral key for key exchange
                privKey = kp.getPrivate();
            }
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR", e);
        }
        if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
            serverKeyExchange = new ServerKeyExchange(rsakey.getModulus(), rsakey.getPublicExponent(), null, hash);
        } else {
            serverKeyExchange = new ServerKeyExchange(p, g, dhkeySpec.getY(), hash);
        }
        send(serverKeyExchange);
    }
    // CERTIFICATE_REQUEST
    certRequest: if (parameters.getWantClientAuth() || parameters.getNeedClientAuth()) {
        X509Certificate[] accepted;
        try {
            X509TrustManager tm = parameters.getTrustManager();
            accepted = tm.getAcceptedIssuers();
        } catch (ClassCastException e) {
            // don't send certificateRequest
            break certRequest;
        }
        byte[] requestedClientCertTypes = { CipherSuite.TLS_CT_RSA_SIGN, CipherSuite.TLS_CT_DSS_SIGN };
        certificateRequest = new CertificateRequest(requestedClientCertTypes, accepted);
        send(certificateRequest);
    }
    // SERVER_HELLO_DONE
    serverHelloDone = new ServerHelloDone();
    send(serverHelloDone);
    status = NEED_UNWRAP;
}
Also used : DHPublicKey(javax.crypto.interfaces.DHPublicKey) DHParameterSpec(javax.crypto.spec.DHParameterSpec) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) RSAPublicKey(java.security.interfaces.RSAPublicKey) X509KeyManager(javax.net.ssl.X509KeyManager) KeyFactory(java.security.KeyFactory) KeyPair(java.security.KeyPair) PublicKey(java.security.PublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509TrustManager(javax.net.ssl.X509TrustManager) BigInteger(java.math.BigInteger) DHPublicKeySpec(javax.crypto.spec.DHPublicKeySpec)

Example 2 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project XobotOS by xamarin.

the class ClientHandshakeImpl method processServerHelloDone.

/**
     * Processes ServerHelloDone: makes verification of the server messages; sends
     * client messages, computers masterSecret, sends ChangeCipherSpec
     */
void processServerHelloDone() {
    PrivateKey clientKey = null;
    if (serverCert != null) {
        if (session.cipherSuite.isAnonymous()) {
            unexpectedMessage();
            return;
        }
        verifyServerCert();
    } else {
        if (!session.cipherSuite.isAnonymous()) {
            unexpectedMessage();
            return;
        }
    }
    // Client certificate
    if (certificateRequest != null) {
        X509Certificate[] certs = null;
        // obtain certificates from key manager
        String alias = null;
        String[] certTypes = certificateRequest.getTypesAsString();
        X500Principal[] issuers = certificateRequest.certificate_authorities;
        X509KeyManager km = parameters.getKeyManager();
        if (km instanceof X509ExtendedKeyManager) {
            X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) km;
            if (this.socketOwner != null) {
                alias = ekm.chooseClientAlias(certTypes, issuers, this.socketOwner);
            } else {
                alias = ekm.chooseEngineClientAlias(certTypes, issuers, this.engineOwner);
            }
            if (alias != null) {
                certs = ekm.getCertificateChain(alias);
            }
        } else {
            alias = km.chooseClientAlias(certTypes, issuers, this.socketOwner);
            if (alias != null) {
                certs = km.getCertificateChain(alias);
            }
        }
        session.localCertificates = certs;
        clientCert = new CertificateMessage(certs);
        clientKey = km.getPrivateKey(alias);
        send(clientCert);
    }
    // Client key exchange
    if (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
        // RSA encrypted premaster secret message
        Cipher c;
        try {
            c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            if (serverKeyExchange != null) {
                c.init(Cipher.ENCRYPT_MODE, serverKeyExchange.getRSAPublicKey());
            } else {
                c.init(Cipher.ENCRYPT_MODE, serverCert.certs[0]);
            }
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
            return;
        }
        preMasterSecret = new byte[48];
        parameters.getSecureRandom().nextBytes(preMasterSecret);
        System.arraycopy(clientHello.client_version, 0, preMasterSecret, 0, 2);
        try {
            clientKeyExchange = new ClientKeyExchange(c.doFinal(preMasterSecret), serverHello.server_version[1] == 1);
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
            return;
        }
    } else {
        try {
            KeyFactory kf = KeyFactory.getInstance("DH");
            KeyAgreement agreement = KeyAgreement.getInstance("DH");
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
            PublicKey serverPublic;
            DHParameterSpec spec;
            if (serverKeyExchange != null) {
                serverPublic = kf.generatePublic(new DHPublicKeySpec(serverKeyExchange.par3, serverKeyExchange.par1, serverKeyExchange.par2));
                spec = new DHParameterSpec(serverKeyExchange.par1, serverKeyExchange.par2);
            } else {
                serverPublic = serverCert.certs[0].getPublicKey();
                spec = ((DHPublicKey) serverPublic).getParams();
            }
            kpg.initialize(spec);
            KeyPair kp = kpg.generateKeyPair();
            Key key = kp.getPublic();
            if (clientCert != null && serverCert != null && (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS)) {
                PublicKey client_pk = clientCert.certs[0].getPublicKey();
                PublicKey server_pk = serverCert.certs[0].getPublicKey();
                if (client_pk instanceof DHKey && server_pk instanceof DHKey) {
                    if (((DHKey) client_pk).getParams().getG().equals(((DHKey) server_pk).getParams().getG()) && ((DHKey) client_pk).getParams().getP().equals(((DHKey) server_pk).getParams().getG())) {
                        // client cert message DH public key parameters
                        // matched those specified by the
                        //   server in its certificate,
                        // empty
                        clientKeyExchange = new ClientKeyExchange();
                    }
                }
            } else {
                clientKeyExchange = new ClientKeyExchange(((DHPublicKey) key).getY());
            }
            key = kp.getPrivate();
            agreement.init(key);
            agreement.doPhase(serverPublic, true);
            preMasterSecret = agreement.generateSecret();
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
            return;
        }
    }
    if (clientKeyExchange != null) {
        send(clientKeyExchange);
    }
    computerMasterSecret();
    // fixed DH parameters
    if (clientCert != null && !clientKeyExchange.isEmpty()) {
        // Certificate verify
        String authType = clientKey.getAlgorithm();
        DigitalSignature ds = new DigitalSignature(authType);
        ds.init(clientKey);
        if ("RSA".equals(authType)) {
            ds.setMD5(io_stream.getDigestMD5());
            ds.setSHA(io_stream.getDigestSHA());
        } else if ("DSA".equals(authType)) {
            ds.setSHA(io_stream.getDigestSHA());
        // The Signature should be empty in case of anonymous signature algorithm:
        // } else if ("DH".equals(authType)) {
        }
        certificateVerify = new CertificateVerify(ds.sign());
        send(certificateVerify);
    }
    sendChangeCipherSpec();
}
Also used : PrivateKey(java.security.PrivateKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey) DHParameterSpec(javax.crypto.spec.DHParameterSpec) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) X509KeyManager(javax.net.ssl.X509KeyManager) DHKey(javax.crypto.interfaces.DHKey) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory) KeyPair(java.security.KeyPair) PublicKey(java.security.PublicKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X500Principal(javax.security.auth.x500.X500Principal) Cipher(javax.crypto.Cipher) DHPublicKeySpec(javax.crypto.spec.DHPublicKeySpec) PublicKey(java.security.PublicKey) Key(java.security.Key) DHKey(javax.crypto.interfaces.DHKey) PrivateKey(java.security.PrivateKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey)

Example 3 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project XobotOS by xamarin.

the class ServerHandshakeImpl method processClientHello.

/**
     *
     * Processes Client Hello message.
     * Server responds to client hello message with server hello
     * and (if necessary) server certificate, server key exchange,
     * certificate request, and server hello done messages.
     */
void processClientHello() {
    CipherSuite cipher_suite;
    // check that clientHello contains CompressionMethod.null
    checkCompression: {
        for (int i = 0; i < clientHello.compression_methods.length; i++) {
            if (clientHello.compression_methods[i] == 0) {
                break checkCompression;
            }
        }
        fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "HANDSHAKE FAILURE. Incorrect client hello message");
    }
    if (!ProtocolVersion.isSupported(clientHello.client_version)) {
        fatalAlert(AlertProtocol.PROTOCOL_VERSION, "PROTOCOL VERSION. Unsupported client version " + clientHello.client_version[0] + clientHello.client_version[1]);
    }
    isResuming = false;
    FIND: if (clientHello.session_id.length != 0) {
        // client wishes to reuse session
        SSLSessionImpl sessionToResume;
        boolean reuseCurrent = false;
        // reuse current session
        if (session != null && Arrays.equals(session.id, clientHello.session_id)) {
            if (session.isValid()) {
                isResuming = true;
                break FIND;
            }
            reuseCurrent = true;
        }
        // find session in cash
        sessionToResume = findSessionToResume(clientHello.session_id);
        if (sessionToResume == null || !sessionToResume.isValid()) {
            if (!parameters.getEnableSessionCreation()) {
                if (reuseCurrent) {
                    // we can continue current session
                    sendWarningAlert(AlertProtocol.NO_RENEGOTIATION);
                    status = NOT_HANDSHAKING;
                    clearMessages();
                    return;
                }
                // throw AlertException
                fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "SSL Session may not be created");
            }
            session = null;
        } else {
            session = (SSLSessionImpl) sessionToResume.clone();
            isResuming = true;
        }
    }
    if (isResuming) {
        cipher_suite = session.cipherSuite;
        // clientHello.cipher_suites must include at least cipher_suite from the session
        checkCipherSuite: {
            for (int i = 0; i < clientHello.cipher_suites.length; i++) {
                if (cipher_suite.equals(clientHello.cipher_suites[i])) {
                    break checkCipherSuite;
                }
            }
            fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "HANDSHAKE FAILURE. Incorrect client hello message");
        }
    } else {
        cipher_suite = selectSuite(clientHello.cipher_suites);
        if (cipher_suite == null) {
            fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "HANDSHAKE FAILURE. NO COMMON SUITE");
        }
        if (!parameters.getEnableSessionCreation()) {
            fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "SSL Session may not be created");
        }
        session = new SSLSessionImpl(cipher_suite, parameters.getSecureRandom());
        if (engineOwner != null) {
            session.setPeer(engineOwner.getPeerHost(), engineOwner.getPeerPort());
        } else {
            session.setPeer(socketOwner.getInetAddress().getHostName(), socketOwner.getPort());
        }
    }
    recordProtocol.setVersion(clientHello.client_version);
    session.protocol = ProtocolVersion.getByVersion(clientHello.client_version);
    session.clientRandom = clientHello.random;
    // create server hello message
    serverHello = new ServerHello(parameters.getSecureRandom(), clientHello.client_version, session.getId(), cipher_suite, //CompressionMethod.null
    (byte) 0);
    session.serverRandom = serverHello.random;
    send(serverHello);
    if (isResuming) {
        sendChangeCipherSpec();
        return;
    }
    //    create and send server certificate message if needed
    if (!cipher_suite.isAnonymous()) {
        // need to send server certificate
        X509Certificate[] certs = null;
        String certType = cipher_suite.getServerKeyType();
        if (certType == null) {
            fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "NO CERT TYPE FOR " + cipher_suite.getName());
        }
        // obtain certificates from key manager
        String alias = null;
        X509KeyManager km = parameters.getKeyManager();
        if (km instanceof X509ExtendedKeyManager) {
            X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) km;
            if (this.socketOwner != null) {
                alias = ekm.chooseServerAlias(certType, null, this.socketOwner);
            } else {
                alias = ekm.chooseEngineServerAlias(certType, null, this.engineOwner);
            }
            if (alias != null) {
                certs = ekm.getCertificateChain(alias);
            }
        } else {
            alias = km.chooseServerAlias(certType, null, this.socketOwner);
            if (alias != null) {
                certs = km.getCertificateChain(alias);
            }
        }
        if (certs == null) {
            fatalAlert(AlertProtocol.HANDSHAKE_FAILURE, "NO SERVER CERTIFICATE FOUND");
            return;
        }
        session.localCertificates = certs;
        serverCert = new CertificateMessage(certs);
        privKey = km.getPrivateKey(alias);
        send(serverCert);
    }
    // create and send server key exchange message if needed
    RSAPublicKey rsakey = null;
    DHPublicKeySpec dhkeySpec = null;
    byte[] hash = null;
    BigInteger p = null;
    BigInteger g = null;
    KeyPairGenerator kpg = null;
    try {
        if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
            PublicKey pk = serverCert.certs[0].getPublicKey();
            if (getRSAKeyLength(pk) > 512) {
                // key is longer than 512 bits
                kpg = KeyPairGenerator.getInstance("RSA");
                kpg.initialize(512);
            }
        } else if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS_EXPORT || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA_EXPORT || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DH_anon || cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_DH_anon_EXPORT) {
            kpg = KeyPairGenerator.getInstance("DH");
            p = new BigInteger(1, DHParameters.getPrime());
            g = new BigInteger("2");
            DHParameterSpec spec = new DHParameterSpec(p, g);
            kpg.initialize(spec);
        }
    } catch (Exception e) {
        fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR", e);
    }
    if (kpg != null) {
        // need to send server key exchange message
        DigitalSignature ds = new DigitalSignature(cipher_suite.authType);
        KeyPair kp = null;
        try {
            kp = kpg.genKeyPair();
            if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
                rsakey = (RSAPublicKey) kp.getPublic();
            } else {
                DHPublicKey dhkey = (DHPublicKey) kp.getPublic();
                KeyFactory kf = KeyFactory.getInstance("DH");
                dhkeySpec = kf.getKeySpec(dhkey, DHPublicKeySpec.class);
            }
            if (!cipher_suite.isAnonymous()) {
                // calculate signed_params
                // init by private key which correspond to
                // server certificate
                ds.init(privKey);
                // use emphemeral key for key exchange
                privKey = kp.getPrivate();
                ds.update(clientHello.getRandom());
                ds.update(serverHello.getRandom());
                byte[] tmp;
                byte[] tmpLength = new byte[2];
                //FIXME 1_byte==0x00
                if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
                    tmp = ServerKeyExchange.toUnsignedByteArray(rsakey.getModulus());
                    tmpLength[0] = (byte) ((tmp.length & 0xFF00) >>> 8);
                    tmpLength[1] = (byte) (tmp.length & 0xFF);
                    ds.update(tmpLength);
                    ds.update(tmp);
                    tmp = ServerKeyExchange.toUnsignedByteArray(rsakey.getPublicExponent());
                    tmpLength[0] = (byte) ((tmp.length & 0xFF00) >>> 8);
                    tmpLength[1] = (byte) (tmp.length & 0xFF);
                    ds.update(tmpLength);
                    ds.update(tmp);
                } else {
                    tmp = ServerKeyExchange.toUnsignedByteArray(dhkeySpec.getP());
                    tmpLength[0] = (byte) ((tmp.length & 0xFF00) >>> 8);
                    tmpLength[1] = (byte) (tmp.length & 0xFF);
                    ds.update(tmpLength);
                    ds.update(tmp);
                    tmp = ServerKeyExchange.toUnsignedByteArray(dhkeySpec.getG());
                    tmpLength[0] = (byte) ((tmp.length & 0xFF00) >>> 8);
                    tmpLength[1] = (byte) (tmp.length & 0xFF);
                    ds.update(tmpLength);
                    ds.update(tmp);
                    tmp = ServerKeyExchange.toUnsignedByteArray(dhkeySpec.getY());
                    tmpLength[0] = (byte) ((tmp.length & 0xFF00) >>> 8);
                    tmpLength[1] = (byte) (tmp.length & 0xFF);
                    ds.update(tmpLength);
                    ds.update(tmp);
                }
                hash = ds.sign();
            } else {
                // use emphemeral key for key exchange
                privKey = kp.getPrivate();
            }
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR", e);
        }
        if (cipher_suite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
            serverKeyExchange = new ServerKeyExchange(rsakey.getModulus(), rsakey.getPublicExponent(), null, hash);
        } else {
            serverKeyExchange = new ServerKeyExchange(p, g, dhkeySpec.getY(), hash);
        }
        send(serverKeyExchange);
    }
    // CERTIFICATE_REQUEST
    certRequest: if (parameters.getWantClientAuth() || parameters.getNeedClientAuth()) {
        X509Certificate[] accepted;
        try {
            X509TrustManager tm = parameters.getTrustManager();
            accepted = tm.getAcceptedIssuers();
        } catch (ClassCastException e) {
            // don't send certificateRequest
            break certRequest;
        }
        byte[] requestedClientCertTypes = { CipherSuite.TLS_CT_RSA_SIGN, CipherSuite.TLS_CT_DSS_SIGN };
        certificateRequest = new CertificateRequest(requestedClientCertTypes, accepted);
        send(certificateRequest);
    }
    // SERVER_HELLO_DONE
    serverHelloDone = new ServerHelloDone();
    send(serverHelloDone);
    status = NEED_UNWRAP;
}
Also used : DHPublicKey(javax.crypto.interfaces.DHPublicKey) DHParameterSpec(javax.crypto.spec.DHParameterSpec) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) RSAPublicKey(java.security.interfaces.RSAPublicKey) X509KeyManager(javax.net.ssl.X509KeyManager) KeyFactory(java.security.KeyFactory) KeyPair(java.security.KeyPair) PublicKey(java.security.PublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509TrustManager(javax.net.ssl.X509TrustManager) BigInteger(java.math.BigInteger) DHPublicKeySpec(javax.crypto.spec.DHPublicKeySpec)

Example 4 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project robovm by robovm.

the class ClientHandshakeImpl method processServerHelloDone.

/**
     * Processes ServerHelloDone: makes verification of the server messages; sends
     * client messages, computers masterSecret, sends ChangeCipherSpec
     */
void processServerHelloDone() {
    PrivateKey clientKey = null;
    if (serverCert != null) {
        if (session.cipherSuite.isAnonymous()) {
            unexpectedMessage();
            return;
        }
        verifyServerCert();
    } else {
        if (!session.cipherSuite.isAnonymous()) {
            unexpectedMessage();
            return;
        }
    }
    // Client certificate
    if (certificateRequest != null) {
        X509Certificate[] certs = null;
        // obtain certificates from key manager
        String alias = null;
        String[] certTypes = certificateRequest.getTypesAsString();
        X500Principal[] issuers = certificateRequest.certificate_authorities;
        X509KeyManager km = parameters.getKeyManager();
        if (km instanceof X509ExtendedKeyManager) {
            X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) km;
            if (this.socketOwner != null) {
                alias = ekm.chooseClientAlias(certTypes, issuers, this.socketOwner);
            } else {
                alias = ekm.chooseEngineClientAlias(certTypes, issuers, this.engineOwner);
            }
            if (alias != null) {
                certs = ekm.getCertificateChain(alias);
            }
        } else {
            alias = km.chooseClientAlias(certTypes, issuers, this.socketOwner);
            if (alias != null) {
                certs = km.getCertificateChain(alias);
            }
        }
        session.localCertificates = certs;
        clientCert = new CertificateMessage(certs);
        clientKey = km.getPrivateKey(alias);
        send(clientCert);
    }
    // Client key exchange
    if (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) {
        // RSA encrypted premaster secret message
        Cipher c;
        try {
            c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            if (serverKeyExchange != null) {
                if (!session.cipherSuite.isAnonymous()) {
                    DigitalSignature ds = new DigitalSignature(serverCert.getAuthType());
                    ds.init(serverCert.certs[0]);
                    ds.update(clientHello.getRandom());
                    ds.update(serverHello.getRandom());
                    if (!serverKeyExchange.verifySignature(ds)) {
                        fatalAlert(AlertProtocol.DECRYPT_ERROR, "Cannot verify RSA params");
                        return;
                    }
                }
                c.init(Cipher.WRAP_MODE, serverKeyExchange.getRSAPublicKey());
            } else {
                c.init(Cipher.WRAP_MODE, serverCert.certs[0]);
            }
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
            return;
        }
        preMasterSecret = new byte[48];
        parameters.getSecureRandom().nextBytes(preMasterSecret);
        System.arraycopy(clientHello.client_version, 0, preMasterSecret, 0, 2);
        try {
            clientKeyExchange = new ClientKeyExchange(c.wrap(new SecretKeySpec(preMasterSecret, "preMasterSecret")), serverHello.server_version[1] == 1);
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
            return;
        }
    } else if (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS_EXPORT || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA_EXPORT || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DH_anon || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DH_anon_EXPORT) {
        /*
             * All other key exchanges should have had a DH key communicated via
             * ServerKeyExchange beforehand.
             */
        if (serverKeyExchange == null) {
            fatalAlert(AlertProtocol.UNEXPECTED_MESSAGE, "Expected ServerKeyExchange");
            return;
        }
        if (session.cipherSuite.isAnonymous() != serverKeyExchange.isAnonymous()) {
            fatalAlert(AlertProtocol.DECRYPT_ERROR, "Wrong type in ServerKeyExchange");
            return;
        }
        try {
            if (!session.cipherSuite.isAnonymous()) {
                DigitalSignature ds = new DigitalSignature(serverCert.getAuthType());
                ds.init(serverCert.certs[0]);
                ds.update(clientHello.getRandom());
                ds.update(serverHello.getRandom());
                if (!serverKeyExchange.verifySignature(ds)) {
                    fatalAlert(AlertProtocol.DECRYPT_ERROR, "Cannot verify DH params");
                    return;
                }
            }
            KeyFactory kf = KeyFactory.getInstance("DH");
            KeyAgreement agreement = KeyAgreement.getInstance("DH");
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
            PublicKey serverDhPublic = kf.generatePublic(new DHPublicKeySpec(serverKeyExchange.par3, serverKeyExchange.par1, serverKeyExchange.par2));
            DHParameterSpec spec = new DHParameterSpec(serverKeyExchange.par1, serverKeyExchange.par2);
            kpg.initialize(spec);
            KeyPair kp = kpg.generateKeyPair();
            DHPublicKey pubDhKey = (DHPublicKey) kp.getPublic();
            clientKeyExchange = new ClientKeyExchange(pubDhKey.getY());
            PrivateKey privDhKey = kp.getPrivate();
            agreement.init(privDhKey);
            agreement.doPhase(serverDhPublic, true);
            preMasterSecret = agreement.generateSecret();
        } catch (Exception e) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e);
            return;
        }
    } else {
        fatalAlert(AlertProtocol.DECRYPT_ERROR, "Unsupported handshake type");
        return;
    }
    if (clientKeyExchange != null) {
        send(clientKeyExchange);
    }
    computerMasterSecret();
    // fixed DH parameters
    if (clientCert != null && clientCert.certs.length > 0 && !clientKeyExchange.isEmpty()) {
        // Certificate verify
        String authType = clientKey.getAlgorithm();
        DigitalSignature ds = new DigitalSignature(authType);
        ds.init(clientKey);
        if ("RSA".equals(authType)) {
            ds.setMD5(io_stream.getDigestMD5());
            ds.setSHA(io_stream.getDigestSHA());
        } else if ("DSA".equals(authType)) {
            ds.setSHA(io_stream.getDigestSHA());
        // The Signature should be empty in case of anonymous signature algorithm:
        // } else if ("DH".equals(authType)) {
        }
        certificateVerify = new CertificateVerify(ds.sign());
        send(certificateVerify);
    }
    sendChangeCipherSpec();
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey) PublicKey(java.security.PublicKey) DHPublicKey(javax.crypto.interfaces.DHPublicKey) DHParameterSpec(javax.crypto.spec.DHParameterSpec) KeyPairGenerator(java.security.KeyPairGenerator) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SecretKeySpec(javax.crypto.spec.SecretKeySpec) X509KeyManager(javax.net.ssl.X509KeyManager) X500Principal(javax.security.auth.x500.X500Principal) Cipher(javax.crypto.Cipher) DHPublicKeySpec(javax.crypto.spec.DHPublicKeySpec) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory)

Example 5 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project athenz by yahoo.

the class KeyManagerProxyTest method testKeyManagerProxySetKeyManger.

@Test
public void testKeyManagerProxySetKeyManger() {
    KeyManager[] keyManagers = new KeyManager[] { generateNewKeyManger() };
    KeyManagerProxy keyManagerProxy = new KeyManagerProxy(keyManagers);
    X509ExtendedKeyManager keyManagerFirst = Deencapsulation.getField(keyManagerProxy, "keyManager");
    assertNotNull(keyManagerFirst);
    keyManagerProxy.setKeyManager(new KeyManager[] { generateNewKeyManger() });
    X509ExtendedKeyManager keyManagerSecond = Deencapsulation.getField(keyManagerProxy, "keyManager");
    assertNotNull(keyManagerSecond);
    assertNotSame(keyManagerFirst, keyManagerSecond);
}
Also used : X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) KeyManager(javax.net.ssl.KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) Test(org.junit.Test)

Aggregations

X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)12 X509Certificate (java.security.cert.X509Certificate)6 KeyManager (javax.net.ssl.KeyManager)6 X509KeyManager (javax.net.ssl.X509KeyManager)5 IOException (java.io.IOException)4 Socket (java.net.Socket)4 KeyFactory (java.security.KeyFactory)4 KeyPair (java.security.KeyPair)4 KeyPairGenerator (java.security.KeyPairGenerator)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 PrivateKey (java.security.PrivateKey)4 PublicKey (java.security.PublicKey)4 CertificateException (java.security.cert.CertificateException)4 DHPublicKey (javax.crypto.interfaces.DHPublicKey)4 DHParameterSpec (javax.crypto.spec.DHParameterSpec)4 DHPublicKeySpec (javax.crypto.spec.DHPublicKeySpec)4 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)3 SSLEngine (javax.net.ssl.SSLEngine)3 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)2 BigInteger (java.math.BigInteger)2