/*
 * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.internal.spec;

import java.security.spec.AlgorithmParameterSpec;
import java.security.AccessController;
import java.security.PrivilegedAction;

Parameters for SSL/TLS RSA premaster secret.

Instances of this class are immutable.

Author: Andreas Sterbenz
Since: 1.6
Deprecated:Sun JDK internal use only --- WILL BE REMOVED in a future release.
/** * Parameters for SSL/TLS RSA premaster secret. * * <p>Instances of this class are immutable. * * @since 1.6 * @author Andreas Sterbenz * @deprecated Sun JDK internal use only --- WILL BE REMOVED in a future * release. */
@Deprecated public class TlsRsaPremasterSecretParameterSpec implements AlgorithmParameterSpec { private final byte[] encodedSecret; /* * The TLS spec says that the version in the RSA premaster secret must * be the maximum version supported by the client (i.e. the version it * requested in its client hello version). However, we (and other * implementations) used to send the active negotiated version. The * system property below allows to toggle the behavior. */ private static final String PROP_NAME = "com.sun.net.ssl.rsaPreMasterSecretFix"; /* * Default is "false" (old behavior) for compatibility reasons in * SSLv3/TLSv1. Later protocols (TLSv1.1+) do not use this property. */ private static final boolean rsaPreMasterSecretFix = AccessController.doPrivileged(new PrivilegedAction<Boolean>() { public Boolean run() { String value = System.getProperty(PROP_NAME); if (value != null && value.equalsIgnoreCase("true")) { return Boolean.TRUE; } return Boolean.FALSE; } }); private final int clientVersion; private final int serverVersion;
Constructs a new TlsRsaPremasterSecretParameterSpec.
Params:
  • clientVersion – the version of the TLS protocol by which the client wishes to communicate during this session
  • serverVersion – the negotiated version of the TLS protocol which contains the lower of that suggested by the client in the client hello and the highest supported by the server.
Throws:
/** * Constructs a new TlsRsaPremasterSecretParameterSpec. * * @param clientVersion the version of the TLS protocol by which the * client wishes to communicate during this session * @param serverVersion the negotiated version of the TLS protocol which * contains the lower of that suggested by the client in the client * hello and the highest supported by the server. * * @throws IllegalArgumentException if clientVersion or serverVersion are * negative or larger than (2^16 - 1) */
public TlsRsaPremasterSecretParameterSpec( int clientVersion, int serverVersion) { this.clientVersion = checkVersion(clientVersion); this.serverVersion = checkVersion(serverVersion); this.encodedSecret = null; }
Constructs a new TlsRsaPremasterSecretParameterSpec.
Params:
  • clientVersion – the version of the TLS protocol by which the client wishes to communicate during this session
  • serverVersion – the negotiated version of the TLS protocol which contains the lower of that suggested by the client in the client hello and the highest supported by the server.
  • encodedSecret – the encoded secret key
Throws:
  • IllegalArgumentException – if clientVersion or serverVersion are negative or larger than (2^16 - 1) or if encodedSecret is not exactly 48 bytes
/** * Constructs a new TlsRsaPremasterSecretParameterSpec. * * @param clientVersion the version of the TLS protocol by which the * client wishes to communicate during this session * @param serverVersion the negotiated version of the TLS protocol which * contains the lower of that suggested by the client in the client * hello and the highest supported by the server. * @param encodedSecret the encoded secret key * * @throws IllegalArgumentException if clientVersion or serverVersion are * negative or larger than (2^16 - 1) or if encodedSecret is not * exactly 48 bytes */
public TlsRsaPremasterSecretParameterSpec( int clientVersion, int serverVersion, byte[] encodedSecret) { this.clientVersion = checkVersion(clientVersion); this.serverVersion = checkVersion(serverVersion); if (encodedSecret == null || encodedSecret.length != 48) { throw new IllegalArgumentException( "Encoded secret is not exactly 48 bytes"); } this.encodedSecret = encodedSecret.clone(); }
Returns the version of the TLS protocol by which the client wishes to communicate during this session.
Returns:the version of the TLS protocol in ClientHello message
/** * Returns the version of the TLS protocol by which the client wishes to * communicate during this session. * * @return the version of the TLS protocol in ClientHello message */
public int getClientVersion() { return clientVersion; }
Returns the negotiated version of the TLS protocol which contains the lower of that suggested by the client in the client hello and the highest supported by the server.
Returns:the negotiated version of the TLS protocol in ServerHello message
/** * Returns the negotiated version of the TLS protocol which contains the * lower of that suggested by the client in the client hello and the * highest supported by the server. * * @return the negotiated version of the TLS protocol in ServerHello message */
public int getServerVersion() { return serverVersion; }
Returns the major version used in RSA premaster secret.
Returns:the major version used in RSA premaster secret.
/** * Returns the major version used in RSA premaster secret. * * @return the major version used in RSA premaster secret. */
public int getMajorVersion() { if (rsaPreMasterSecretFix || clientVersion >= 0x0302) { // 0x0302: TLSv1.1 return (clientVersion >>> 8) & 0xFF; } return (serverVersion >>> 8) & 0xFF; }
Returns the minor version used in RSA premaster secret.
Returns:the minor version used in RSA premaster secret.
/** * Returns the minor version used in RSA premaster secret. * * @return the minor version used in RSA premaster secret. */
public int getMinorVersion() { if (rsaPreMasterSecretFix || clientVersion >= 0x0302) { // 0x0302: TLSv1.1 return clientVersion & 0xFF; } return serverVersion & 0xFF; } private int checkVersion(int version) { if ((version < 0) || (version > 0xFFFF)) { throw new IllegalArgumentException( "Version must be between 0 and 65,535"); } return version; }
Returns the encoded secret.
Returns:the encoded secret, may be null if no encoded secret.
/** * Returns the encoded secret. * * @return the encoded secret, may be null if no encoded secret. */
public byte[] getEncodedSecret() { return encodedSecret == null ? null : encodedSecret.clone(); } }