下面列出了怎么用javax.net.ssl.SSLProtocolException的API类实例代码及写法,或者点击链接到github查看源代码。
private SHKeyShareSpec(ByteBuffer buffer) throws IOException {
// struct {
// KeyShareEntry server_share;
// } KeyShareServerHello;
if (buffer.remaining() < 5) { // 5: minimal server_share
throw new SSLProtocolException(
"Invalid key_share extension: " +
"insufficient data (length=" + buffer.remaining() + ")");
}
int namedGroupId = Record.getInt16(buffer);
byte[] keyExchange = Record.getBytes16(buffer);
if (buffer.hasRemaining()) {
throw new SSLProtocolException(
"Invalid key_share extension: unknown extra data");
}
this.serverShare = new KeyShareEntry(namedGroupId, keyExchange);
}
private SupportedGroupsSpec(ByteBuffer m) throws IOException {
if (m.remaining() < 2) { // 2: the length of the list
throw new SSLProtocolException(
"Invalid supported_groups extension: insufficient data");
}
byte[] ngs = Record.getBytes16(m);
if (m.hasRemaining()) {
throw new SSLProtocolException(
"Invalid supported_groups extension: unknown extra data");
}
if ((ngs == null) || (ngs.length == 0) || (ngs.length % 2 != 0)) {
throw new SSLProtocolException(
"Invalid supported_groups extension: incomplete data");
}
int[] ids = new int[ngs.length / 2];
for (int i = 0, j = 0; i < ngs.length;) {
ids[j++] = ((ngs[i++] & 0xFF) << 8) | (ngs[i++] & 0xFF);
}
this.namedGroupsIds = ids;
}
SignatureSchemesSpec(ByteBuffer buffer) throws IOException {
if (buffer.remaining() < 2) { // 2: the length of the list
throw new SSLProtocolException(
"Invalid signature_algorithms: insufficient data");
}
byte[] algs = Record.getBytes16(buffer);
if (buffer.hasRemaining()) {
throw new SSLProtocolException(
"Invalid signature_algorithms: unknown extra data");
}
if (algs == null || algs.length == 0 || (algs.length & 0x01) != 0) {
throw new SSLProtocolException(
"Invalid signature_algorithms: incomplete data");
}
int[] schemes = new int[algs.length / 2];
for (int i = 0, j = 0; i < algs.length;) {
byte hash = algs[i++];
byte sign = algs[i++];
schemes[j++] = ((hash & 0xFF) << 8) | (sign & 0xFF);
}
this.signatureSchemes = schemes;
}
CertificateAuthoritiesSpec(ByteBuffer buffer) throws IOException {
if (buffer.remaining() < 2) { // 2: the length of the list
throw new SSLProtocolException(
"Invalid signature_algorithms: insufficient data");
}
// read number of certificate authorities
int caLength = Record.getInt16(buffer);
if (buffer.remaining() != caLength) {
throw new SSLProtocolException(
"Invalid certificate_authorities: incorrect data size");
}
ArrayList<X500Principal> dnList = new ArrayList<X500Principal>();
while(buffer.remaining()>0) {
byte dn[] = Record.getBytes16(buffer);
X500Principal ca = new X500Principal(dn);
dnList.add(ca);
}
this.authorities = dnList.toArray(new X500Principal[dnList.size()]);
}
private CertStatusResponseSpec(ByteBuffer buffer) throws IOException {
if (buffer.remaining() < 2) {
throw new SSLProtocolException(
"Invalid status_request extension: insufficient data");
}
// Get the status type (1 byte) and response data (vector)
byte type = (byte)Record.getInt8(buffer);
byte[] respData = Record.getBytes24(buffer);
// Create the CertStatusResponse based on the type
if (type == CertStatusRequestType.OCSP.id) {
this.statusResponse = new OCSPStatusResponse(type, respData);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.info(
"Unknown certificate status response " +
"(status type: " + type + ")");
}
this.statusResponse = new CertStatusResponse(type, respData);
}
}
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);
algorithmsLen = s.getInt16();
if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
int remains = algorithmsLen;
int sequence = 0;
while (remains > 1) { // needs at least two bytes
int hash = s.getInt8(); // hash algorithm
int signature = s.getInt8(); // signature algorithm
SignatureAndHashAlgorithm algorithm =
SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
algorithms.add(algorithm);
remains -= 2; // one byte for hash, one byte for signature
}
if (remains != 0) {
throw new SSLProtocolException("Invalid server_name extension");
}
}
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);
algorithmsLen = s.getInt16();
if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
int remains = algorithmsLen;
int sequence = 0;
while (remains > 1) { // needs at least two bytes
int hash = s.getInt8(); // hash algorithm
int signature = s.getInt8(); // signature algorithm
SignatureAndHashAlgorithm algorithm =
SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
algorithms.add(algorithm);
remains -= 2; // one byte for hash, one byte for signature
}
if (remains != 0) {
throw new SSLProtocolException("Invalid server_name extension");
}
}
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);
algorithmsLen = s.getInt16();
if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
int remains = algorithmsLen;
int sequence = 0;
while (remains > 1) { // needs at least two bytes
int hash = s.getInt8(); // hash algorithm
int signature = s.getInt8(); // signature algorithm
SignatureAndHashAlgorithm algorithm =
SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
algorithms.add(algorithm);
remains -= 2; // one byte for hash, one byte for signature
}
if (remains != 0) {
throw new SSLProtocolException("Invalid server_name extension");
}
}
RenegotiationInfoExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_RENEGOTIATION_INFO);
// check the extension length
if (len < 1) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
int renegoInfoDataLen = s.getInt8();
if (renegoInfoDataLen + 1 != len) { // + 1 = the byte we just read
throw new SSLProtocolException("Invalid " + type + " extension");
}
renegotiated_connection = new byte[renegoInfoDataLen];
if (renegoInfoDataLen != 0) {
s.read(renegotiated_connection, 0, renegoInfoDataLen);
}
}
EllipticPointFormatsExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_EC_POINT_FORMATS);
formats = s.getBytes8();
// RFC 4492 says uncompressed points must always be supported.
// Check just to make sure.
boolean uncompressed = false;
for (int format : formats) {
if (format == FMT_UNCOMPRESSED) {
uncompressed = true;
break;
}
}
if (uncompressed == false) {
throw new SSLProtocolException
("Peer does not support uncompressed points");
}
}
RenegotiationInfoExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_RENEGOTIATION_INFO);
// check the extension length
if (len < 1) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
int renegoInfoDataLen = s.getInt8();
if (renegoInfoDataLen + 1 != len) { // + 1 = the byte we just read
throw new SSLProtocolException("Invalid " + type + " extension");
}
renegotiated_connection = new byte[renegoInfoDataLen];
if (renegoInfoDataLen != 0) {
s.read(renegotiated_connection, 0, renegoInfoDataLen);
}
}
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);
algorithmsLen = s.getInt16();
if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
int remains = algorithmsLen;
int sequence = 0;
while (remains > 1) { // needs at least two bytes
int hash = s.getInt8(); // hash algorithm
int signature = s.getInt8(); // signature algorithm
SignatureAndHashAlgorithm algorithm =
SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
algorithms.add(algorithm);
remains -= 2; // one byte for hash, one byte for signature
}
if (remains != 0) {
throw new SSLProtocolException("Invalid server_name extension");
}
}
RenegotiationInfoExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_RENEGOTIATION_INFO);
// check the extension length
if (len < 1) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
int renegoInfoDataLen = s.getInt8();
if (renegoInfoDataLen + 1 != len) { // + 1 = the byte we just read
throw new SSLProtocolException("Invalid " + type + " extension");
}
renegotiated_connection = new byte[renegoInfoDataLen];
if (renegoInfoDataLen != 0) {
s.read(renegotiated_connection, 0, renegoInfoDataLen);
}
}
SupportedEllipticPointFormatsExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_EC_POINT_FORMATS);
formats = s.getBytes8();
// RFC 4492 says uncompressed points must always be supported.
// Check just to make sure.
boolean uncompressed = false;
for (int format : formats) {
if (format == FMT_UNCOMPRESSED) {
uncompressed = true;
break;
}
}
if (uncompressed == false) {
throw new SSLProtocolException
("Peer does not support uncompressed points");
}
}
EllipticPointFormatsExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_EC_POINT_FORMATS);
formats = s.getBytes8();
// RFC 4492 says uncompressed points must always be supported.
// Check just to make sure.
boolean uncompressed = false;
for (int format : formats) {
if (format == FMT_UNCOMPRESSED) {
uncompressed = true;
break;
}
}
if (uncompressed == false) {
throw new SSLProtocolException
("Peer does not support uncompressed points");
}
}
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);
algorithmsLen = s.getInt16();
if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
int remains = algorithmsLen;
int sequence = 0;
while (remains > 1) { // needs at least two bytes
int hash = s.getInt8(); // hash algorithm
int signature = s.getInt8(); // signature algorithm
SignatureAndHashAlgorithm algorithm =
SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
algorithms.add(algorithm);
remains -= 2; // one byte for hash, one byte for signature
}
if (remains != 0) {
throw new SSLProtocolException("Invalid server_name extension");
}
}
RenegotiationInfoExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_RENEGOTIATION_INFO);
// check the extension length
if (len < 1) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
int renegoInfoDataLen = s.getInt8();
if (renegoInfoDataLen + 1 != len) { // + 1 = the byte we just read
throw new SSLProtocolException("Invalid " + type + " extension");
}
renegotiated_connection = new byte[renegoInfoDataLen];
if (renegoInfoDataLen != 0) {
s.read(renegotiated_connection, 0, renegoInfoDataLen);
}
}
EllipticPointFormatsExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_EC_POINT_FORMATS);
formats = s.getBytes8();
// RFC 4492 says uncompressed points must always be supported.
// Check just to make sure.
boolean uncompressed = false;
for (int format : formats) {
if (format == FMT_UNCOMPRESSED) {
uncompressed = true;
break;
}
}
if (uncompressed == false) {
throw new SSLProtocolException
("Peer does not support uncompressed points");
}
}
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);
algorithmsLen = s.getInt16();
if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
algorithms = new ArrayList<SignatureAndHashAlgorithm>();
int remains = algorithmsLen;
int sequence = 0;
while (remains > 1) { // needs at least two bytes
int hash = s.getInt8(); // hash algorithm
int signature = s.getInt8(); // signature algorithm
SignatureAndHashAlgorithm algorithm =
SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
algorithms.add(algorithm);
remains -= 2; // one byte for hash, one byte for signature
}
if (remains != 0) {
throw new SSLProtocolException("Invalid server_name extension");
}
}
RenegotiationInfoExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_RENEGOTIATION_INFO);
// check the extension length
if (len < 1) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
int renegoInfoDataLen = s.getInt8();
if (renegoInfoDataLen + 1 != len) { // + 1 = the byte we just read
throw new SSLProtocolException("Invalid " + type + " extension");
}
renegotiated_connection = new byte[renegoInfoDataLen];
if (renegoInfoDataLen != 0) {
s.read(renegotiated_connection, 0, renegoInfoDataLen);
}
}
private SHKeyShareSpec(ByteBuffer buffer) throws IOException {
// struct {
// KeyShareEntry server_share;
// } KeyShareServerHello;
if (buffer.remaining() < 5) { // 5: minimal server_share
throw new SSLProtocolException(
"Invalid key_share extension: " +
"insufficient data (length=" + buffer.remaining() + ")");
}
int namedGroupId = Record.getInt16(buffer);
byte[] keyExchange = Record.getBytes16(buffer);
if (buffer.hasRemaining()) {
throw new SSLProtocolException(
"Invalid key_share extension: unknown extra data");
}
this.serverShare = new KeyShareEntry(namedGroupId, keyExchange);
}
private CertStatusResponseSpec(ByteBuffer buffer) throws IOException {
if (buffer.remaining() < 2) {
throw new SSLProtocolException(
"Invalid status_request extension: insufficient data");
}
// Get the status type (1 byte) and response data (vector)
byte type = (byte)Record.getInt8(buffer);
byte[] respData = Record.getBytes24(buffer);
// Create the CertStatusResponse based on the type
if (type == CertStatusRequestType.OCSP.id) {
this.statusResponse = new OCSPStatusResponse(type, respData);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.info(
"Unknown certificate status response " +
"(status type: " + type + ")");
}
this.statusResponse = new CertStatusResponse(type, respData);
}
}
private SupportedGroupsSpec(ByteBuffer m) throws IOException {
if (m.remaining() < 2) { // 2: the length of the list
throw new SSLProtocolException(
"Invalid supported_groups extension: insufficient data");
}
byte[] ngs = Record.getBytes16(m);
if (m.hasRemaining()) {
throw new SSLProtocolException(
"Invalid supported_groups extension: unknown extra data");
}
if ((ngs == null) || (ngs.length == 0) || (ngs.length % 2 != 0)) {
throw new SSLProtocolException(
"Invalid supported_groups extension: incomplete data");
}
int[] ids = new int[ngs.length / 2];
for (int i = 0, j = 0; i < ngs.length;) {
ids[j++] = ((ngs[i++] & 0xFF) << 8) | (ngs[i++] & 0xFF);
}
this.namedGroupsIds = ids;
}
SignatureSchemesSpec(ByteBuffer buffer) throws IOException {
if (buffer.remaining() < 2) { // 2: the length of the list
throw new SSLProtocolException(
"Invalid signature_algorithms: insufficient data");
}
byte[] algs = Record.getBytes16(buffer);
if (buffer.hasRemaining()) {
throw new SSLProtocolException(
"Invalid signature_algorithms: unknown extra data");
}
if (algs == null || algs.length == 0 || (algs.length & 0x01) != 0) {
throw new SSLProtocolException(
"Invalid signature_algorithms: incomplete data");
}
int[] schemes = new int[algs.length / 2];
for (int i = 0, j = 0; i < algs.length;) {
byte hash = algs[i++];
byte sign = algs[i++];
schemes[j++] = ((hash & 0xFF) << 8) | (sign & 0xFF);
}
this.signatureSchemes = schemes;
}
private AlpnSpec(ByteBuffer buffer) throws IOException {
// ProtocolName protocol_name_list<2..2^16-1>, RFC 7301.
if (buffer.remaining() < 2) {
throw new SSLProtocolException(
"Invalid application_layer_protocol_negotiation: " +
"insufficient data (length=" + buffer.remaining() + ")");
}
int listLen = Record.getInt16(buffer);
if (listLen < 2 || listLen != buffer.remaining()) {
throw new SSLProtocolException(
"Invalid application_layer_protocol_negotiation: " +
"incorrect list length (length=" + listLen + ")");
}
List<String> protocolNames = new LinkedList<>();
while (buffer.hasRemaining()) {
// opaque ProtocolName<1..2^8-1>, RFC 7301.
byte[] bytes = Record.getBytes8(buffer);
if (bytes.length == 0) {
throw new SSLProtocolException(
"Invalid application_layer_protocol_negotiation " +
"extension: empty application protocol name");
}
String appProtocol = new String(bytes, StandardCharsets.UTF_8);
protocolNames.add(appProtocol);
}
this.applicationProtocols =
Collections.unmodifiableList(protocolNames);
}
private CookieSpec(ByteBuffer m) throws IOException {
// opaque cookie<1..2^16-1>;
if (m.remaining() < 3) {
throw new SSLProtocolException(
"Invalid cookie extension: insufficient data");
}
this.cookie = Record.getBytes16(m);
}
/**
* Checks the length of the session ID to make sure it sits within
* the range called out in the specification
*/
void checkLength(int protocolVersion) throws SSLProtocolException {
// As of today all versions of TLS have a 32-byte maximum length.
// In the future we can do more here to support protocol versions
// that may have longer max lengths.
if (sessionId.length > MAX_LENGTH) {
throw new SSLProtocolException("Invalid session ID length (" +
sessionId.length + " bytes)");
}
}
private CertStatusRequestSpec(ByteBuffer buffer) throws IOException {
// Is it a empty extension_data?
if (buffer.remaining() == 0) {
// server response
this.statusRequest = null;
return;
}
if (buffer.remaining() < 1) {
throw new SSLProtocolException(
"Invalid status_request extension: insufficient data");
}
byte statusType = (byte)Record.getInt8(buffer);
byte[] encoded = new byte[buffer.remaining()];
if (encoded.length != 0) {
buffer.get(encoded);
}
if (statusType == CertStatusRequestType.OCSP.id) {
this.statusRequest = new OCSPStatusRequest(statusType, encoded);
} else {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.info(
"Unknown certificate status request " +
"(status type: " + statusType + ")");
}
this.statusRequest = new CertStatusRequest(statusType, encoded);
}
}
private HRRKeyShareSpec(ByteBuffer buffer) throws IOException {
// struct {
// NamedGroup selected_group;
// } KeyShareHelloRetryRequest;
if (buffer.remaining() != 2) {
throw new SSLProtocolException(
"Invalid key_share extension: " +
"improper data (length=" + buffer.remaining() + ")");
}
this.selectedGroup = Record.getInt16(buffer);
}
PskKeyExchangeModesSpec(ByteBuffer m) throws IOException {
if (m.remaining() < 2) {
throw new SSLProtocolException(
"Invalid psk_key_exchange_modes extension: " +
"insufficient data");
}
this.modes = Record.getBytes8(m);
}