401 state = HandshakeMessage.ht_finished - 1;
402 calculateConnectionKeys(session.getMasterSecret());
403 if (debug != null && Debug.isOn("session")) {
404 System.out.println("%% Server resumed " + session);
405 }
406 return;
407 } else {
408 // we wanted to resume, but the server refused
409 session = null;
410 if (!enableNewSession) {
411 throw new SSLException
412 ("New session creation is disabled");
413 }
414 }
415 }
416
417 // check extensions
418 for (HelloExtension ext : mesg.extensions.list()) {
419 ExtensionType type = ext.type;
420 if ((type != ExtensionType.EXT_ELLIPTIC_CURVES)
421 && (type != ExtensionType.EXT_EC_POINT_FORMATS)) {
422 fatalSE(Alerts.alert_unsupported_extension,
423 "Server sent an unsupported extension: " + type);
424 }
425 }
426
427 // Create a new session, we need to do the full handshake
428 session = new SSLSessionImpl(protocolVersion, cipherSuite,
429 mesg.sessionId, getHostSE(), getPortSE());
430 if (debug != null && Debug.isOn("handshake")) {
431 System.out.println("** " + cipherSuite);
432 }
433 }
434
435 /*
436 * Server's own key was either a signing-only key, or was too
437 * large for export rules ... this message holds an ephemeral
438 * RSA key to use for key exchange.
439 */
440 private void serverKeyExchange(RSA_ServerKeyExchange mesg)
441 throws IOException, GeneralSecurityException {
952 }
953 mesg.sessionId = session.getSessionId();
954
955 mesg.protocolVersion = sessionVersion;
956 maxProtocolVersion = sessionVersion;
957
958 // Update SSL version number in underlying SSL socket and
959 // handshake output stream, so that the output records (at the
960 // record layer) have the correct version
961 setVersion(sessionVersion);
962 }
963
964 //
965 // don't say much beyond the obvious if we _must_ resume.
966 //
967 if (!enableNewSession) {
968 if (session == null) {
969 throw new SSLException(
970 "Can't reuse existing SSL client session");
971 }
972 mesg.setCipherSuites(new CipherSuiteList(sessionSuite));
973 return mesg;
974 }
975 }
976 if (session == null) {
977 if (enableNewSession) {
978 mesg.sessionId = SSLSessionImpl.nullSession.getSessionId();
979 } else {
980 throw new SSLException("No existing session to resume.");
981 }
982 }
983
984 //
985 // All we have left to do is fill out the cipher suites.
986 // (If this changes, change the 'return' above!)
987 //
988 mesg.setCipherSuites(enabledCipherSuites);
989
990 return mesg;
991 }
992
993 /*
994 * Fault detected during handshake.
995 */
996 void handshakeAlert(byte description) throws SSLProtocolException {
997 String message = Alerts.alertDescription(description);
998
999 if (debug != null && Debug.isOn("handshake")) {
1000 System.out.println("SSL - handshake alert: " + message);
1001 }
1002 throw new SSLProtocolException("handshake alert: " + message);
1003 }
|
401 state = HandshakeMessage.ht_finished - 1;
402 calculateConnectionKeys(session.getMasterSecret());
403 if (debug != null && Debug.isOn("session")) {
404 System.out.println("%% Server resumed " + session);
405 }
406 return;
407 } else {
408 // we wanted to resume, but the server refused
409 session = null;
410 if (!enableNewSession) {
411 throw new SSLException
412 ("New session creation is disabled");
413 }
414 }
415 }
416
417 // check extensions
418 for (HelloExtension ext : mesg.extensions.list()) {
419 ExtensionType type = ext.type;
420 if ((type != ExtensionType.EXT_ELLIPTIC_CURVES)
421 && (type != ExtensionType.EXT_EC_POINT_FORMATS)
422 && (type != ExtensionType.EXT_SERVER_NAME)) {
423 fatalSE(Alerts.alert_unsupported_extension,
424 "Server sent an unsupported extension: " + type);
425 }
426 }
427
428 // Create a new session, we need to do the full handshake
429 session = new SSLSessionImpl(protocolVersion, cipherSuite,
430 mesg.sessionId, getHostSE(), getPortSE());
431 if (debug != null && Debug.isOn("handshake")) {
432 System.out.println("** " + cipherSuite);
433 }
434 }
435
436 /*
437 * Server's own key was either a signing-only key, or was too
438 * large for export rules ... this message holds an ephemeral
439 * RSA key to use for key exchange.
440 */
441 private void serverKeyExchange(RSA_ServerKeyExchange mesg)
442 throws IOException, GeneralSecurityException {
953 }
954 mesg.sessionId = session.getSessionId();
955
956 mesg.protocolVersion = sessionVersion;
957 maxProtocolVersion = sessionVersion;
958
959 // Update SSL version number in underlying SSL socket and
960 // handshake output stream, so that the output records (at the
961 // record layer) have the correct version
962 setVersion(sessionVersion);
963 }
964
965 //
966 // don't say much beyond the obvious if we _must_ resume.
967 //
968 if (!enableNewSession) {
969 if (session == null) {
970 throw new SSLException(
971 "Can't reuse existing SSL client session");
972 }
973 mesg.setServerName(this.getHostSE());
974 mesg.setCipherSuites(new CipherSuiteList(sessionSuite));
975 return mesg;
976 }
977 }
978 if (session == null) {
979 if (enableNewSession) {
980 mesg.sessionId = SSLSessionImpl.nullSession.getSessionId();
981 } else {
982 throw new SSLException("No existing session to resume.");
983 }
984 }
985
986 // Put an RFC4366 TLS server name indication extension into ClientHello.
987 mesg.setServerName(this.getHostSE());
988
989 //
990 // All we have left to do is fill out the cipher suites.
991 // (If this changes, change the 'return' above!)
992 //
993 mesg.setCipherSuites(enabledCipherSuites);
994
995 return mesg;
996 }
997
998 /*
999 * Fault detected during handshake.
1000 */
1001 void handshakeAlert(byte description) throws SSLProtocolException {
1002 String message = Alerts.alertDescription(description);
1003
1004 if (debug != null && Debug.isOn("handshake")) {
1005 System.out.println("SSL - handshake alert: " + message);
1006 }
1007 throw new SSLProtocolException("handshake alert: " + message);
1008 }
|