sun.security.ssl.ProtocolVersion Java Examples
The following examples show how to use
sun.security.ssl.ProtocolVersion.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: KerberosClientKeyExchangeImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #2
| Source File: KerberosPreMasterSecret.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #3
| Source File: KerberosPreMasterSecret.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #4
| Source File: KerberosClientKeyExchangeImpl.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #5
| Source File: KerberosClientKeyExchangeImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #6
| Source File: KerberosPreMasterSecret.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #7
| Source File: KerberosPreMasterSecret.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #8
| Source File: KerberosPreMasterSecret.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #9
| Source File: KerberosClientKeyExchangeImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #10
| Source File: KerberosClientKeyExchangeImpl.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #11
| Source File: KerberosPreMasterSecret.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #12
| Source File: KerberosClientKeyExchangeImpl.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #13
| Source File: KerberosClientKeyExchangeImpl.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #14
| Source File: KerberosPreMasterSecret.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #15
| Source File: KerberosClientKeyExchangeImpl.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #16
| Source File: KerberosPreMasterSecret.java From hottub with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #17
| Source File: KerberosPreMasterSecret.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #18
| Source File: KerberosClientKeyExchangeImpl.java From hottub with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #19
| Source File: Krb5KeyExchangeService.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
ExchangerImpl(String serverName, AccessControlContext acc,
ProtocolVersion protocolVersion, SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #20
| Source File: KerberosPreMasterSecret.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #21
| Source File: KerberosClientKeyExchangeImpl.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #22
| Source File: KerberosPreMasterSecret.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #23
| Source File: KerberosPreMasterSecret.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #24
| Source File: KerberosClientKeyExchangeImpl.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #25
| Source File: KerberosClientKeyExchangeImpl.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
Example #26
| Source File: KerberosPreMasterSecret.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #27
| Source File: LengthCheckTest.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Hex-dumps a ByteBuffer to stdout.
*/
private static void dumpByteBuffer(String header, ByteBuffer bBuf) {
if (dumpBufs == false) {
return;
}
int bufLen = bBuf.remaining();
if (bufLen > 0) {
bBuf.mark();
// We expect the position of the buffer to be at the
// beginning of a TLS record. Get the type, version and length.
int type = Byte.toUnsignedInt(bBuf.get());
int ver_major = Byte.toUnsignedInt(bBuf.get());
int ver_minor = Byte.toUnsignedInt(bBuf.get());
int recLen = Short.toUnsignedInt(bBuf.getShort());
ProtocolVersion pv = ProtocolVersion.valueOf(ver_major, ver_minor);
log("===== " + header + " (" + tlsRecType(type) + " / " +
pv + " / " + bufLen + " bytes) =====");
bBuf.reset();
for (int i = 0; i < bufLen; i++) {
if (i != 0 && i % 16 == 0) {
System.out.print("\n");
}
System.out.format("%02X ", bBuf.get(i));
}
log("\n===============================================");
bBuf.reset();
}
}
Example #28
| Source File: KerberosPreMasterSecret.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
private static byte[] generatePreMaster(SecureRandom rand,
ProtocolVersion ver) {
byte[] pm = new byte[48];
rand.nextBytes(pm);
pm[0] = ver.major;
pm[1] = ver.minor;
return pm;
}
Example #29
| Source File: LengthCheckTest.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Hex-dumps a ByteBuffer to stdout.
*/
private static void dumpByteBuffer(String header, ByteBuffer bBuf) {
if (dumpBufs == false) {
return;
}
int bufLen = bBuf.remaining();
if (bufLen > 0) {
bBuf.mark();
// We expect the position of the buffer to be at the
// beginning of a TLS record. Get the type, version and length.
int type = Byte.toUnsignedInt(bBuf.get());
int ver_major = Byte.toUnsignedInt(bBuf.get());
int ver_minor = Byte.toUnsignedInt(bBuf.get());
int recLen = Short.toUnsignedInt(bBuf.getShort());
ProtocolVersion pv = ProtocolVersion.valueOf(ver_major, ver_minor);
log("===== " + header + " (" + tlsRecType(type) + " / " +
pv + " / " + bufLen + " bytes) =====");
bBuf.reset();
for (int i = 0; i < bufLen; i++) {
if (i != 0 && i % 16 == 0) {
System.out.print("\n");
}
System.out.format("%02X ", bBuf.get(i));
}
log("\n===============================================");
bBuf.reset();
}
}
Example #30
| Source File: LengthCheckTest.java From hottub with GNU General Public License v2.0 | 5 votes |
|
/**
* Hex-dumps a ByteBuffer to stdout.
*/
private static void dumpByteBuffer(String header, ByteBuffer bBuf) {
if (dumpBufs == false) {
return;
}
int bufLen = bBuf.remaining();
if (bufLen > 0) {
bBuf.mark();
// We expect the position of the buffer to be at the
// beginning of a TLS record. Get the type, version and length.
int type = Byte.toUnsignedInt(bBuf.get());
int ver_major = Byte.toUnsignedInt(bBuf.get());
int ver_minor = Byte.toUnsignedInt(bBuf.get());
int recLen = Short.toUnsignedInt(bBuf.getShort());
ProtocolVersion pv = ProtocolVersion.valueOf(ver_major, ver_minor);
log("===== " + header + " (" + tlsRecType(type) + " / " +
pv + " / " + bufLen + " bytes) =====");
bBuf.reset();
for (int i = 0; i < bufLen; i++) {
if (i != 0 && i % 16 == 0) {
System.out.print("\n");
}
System.out.format("%02X ", bBuf.get(i));
}
log("\n===============================================");
bBuf.reset();
}
}
