Refactoring of 1.4 TLS updates.

ant/jdk14.xml

@@ -109,33 +109,13 @@
 
             <fileset dir="tls/src/main/java" includes="**/*.java">
                 <exclude name="**/jsse/**"/>
-                <exclude name="**/JceTlsECDomain.java"/>
-                <exclude name="**/JceX25519Domain.java"/>
-                <exclude name="**/JceX448Domain.java"/>
-                <exclude name="**/JceTlsECDH.java"/>
-                <exclude name="**/JceDefaultTlsCredentialedAgreement.java"/>
-                <exclude name="**/JceAEADCipherImpl.java"/>
-                <exclude name="**/JceBlockCipherWithCBCImplicitIVImpl.java"/>
-                <exclude name="**/JceBlockCipherImpl.java"/>
-                <exclude name="**/JcaTlsRSAVerifier.java"/>
-                <exclude name="**/JcaTlsDSSVerifier.java"/>
-                <exclude name="**/JcaTlsCryptoProvider.java"/>
-                <exclude name="**/JcaTlsCertificate.java"/>
-                <exclude name="**/JcaTlsCrypto.java"/>
-                <exclude name="**/JceTlsSecret.java"/>
-                <exclude name="**/JcaDefaultTlsCredentialedSigner.java"/>
-                <exclude name="**/bc/BcDefaultTlsCredentialedSigner.java"/>
-
             </fileset>
-            <fileset dir="tls/src/main/jdk1.4" includes="**/*.java"/>
             <fileset dir="tls/src/main/javadoc" includes="**/*.html"/>
             <fileset dir="tls/src/test/java" includes="**/*.java">
                 <exclude name="**/jsse/**"/>
                 <exclude name="**/CertChainUtil.java"/>
                 <exclude name="**/TlsTestUtils.java"/>
             </fileset>
-            <fileset dir="tls/src/test/jdk1.4" includes="**/*.java">
-            </fileset>
 
             <fileset dir="tls/src/test/resources" includes="**/*.*"/>
 
@@ -171,11 +151,13 @@
             <fileset dir="prov/src/main/jdk1.4" includes="**/*.java"/>
             <fileset dir="pkix/src/main/jdk1.4" includes="**/*.java"/>
             <fileset dir="pg/src/main/jdk1.4" includes="**/*.java"/>
+            <fileset dir="tls/src/main/jdk1.4" includes="**/*.java"/>
             <fileset dir="core/src/test/jdk1.4" includes="**/*.java"/>
             <fileset dir="mail/src/test/jdk1.4" includes="**/*.java"/>
             <fileset dir="prov/src/test/jdk1.4" includes="**/*.java"/>
             <fileset dir="pg/src/test/jdk1.4" includes="**/*.java"/>
             <fileset dir="pkix/src/test/jdk1.4" includes="**/*.java"/>
+            <fileset dir="tls/src/test/jdk1.4" includes="**/*.java"/>
         </copy>
 
         <replaceregexp match="${regexp}" replace=" " flags="g" byline="true">

tls/src/main/java/org/bouncycastle/tls/DeferredHash.java

@@ -68,12 +68,12 @@ public TlsHandshakeHash notifyPRFDetermined()
         int prfAlgorithm = context.getSecurityParameters().getPrfAlgorithm();
         if (prfAlgorithm == PRFAlgorithm.tls_prf_legacy)
         {
-            checkTrackingHash(new Short(HashAlgorithm.md5));
-            checkTrackingHash(new Short(HashAlgorithm.sha1));
+            checkTrackingHash(Shorts.valueOf(HashAlgorithm.md5));
+            checkTrackingHash(Shorts.valueOf(HashAlgorithm.sha1));
         }
         else
         {
-            checkTrackingHash(new Short(TlsUtils.getHashAlgorithmForPRFAlgorithm(prfAlgorithm)));
+            checkTrackingHash(Shorts.valueOf(TlsUtils.getHashAlgorithmForPRFAlgorithm(prfAlgorithm)));
         }
         return this;
     }
@@ -225,7 +225,7 @@ protected void checkTrackingHash(Short hashAlgorithm)
 
     protected TlsHash cloneHash(short hashAlgorithm)
     {
-        return cloneHash(new Short(hashAlgorithm));
+        return cloneHash(Shorts.valueOf(hashAlgorithm));
     }
 
     protected TlsHash cloneHash(Short hashAlgorithm)
@@ -235,7 +235,7 @@ protected TlsHash cloneHash(Short hashAlgorithm)
 
     protected void cloneHash(Hashtable newHashes, short hashAlgorithm)
     {
-        cloneHash(newHashes, new Short(hashAlgorithm));
+        cloneHash(newHashes, Shorts.valueOf(hashAlgorithm));
     }
 
     protected void cloneHash(Hashtable newHashes, Short hashAlgorithm)

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcDefaultTlsCredentialedSigner.java

@@ -44,7 +44,7 @@ else if (privateKey instanceof Ed25519PrivateKeyParameters)
             }
             catch (IOException e)
             {
-                throw new IllegalArgumentException(e);
+                throw Exceptions.illegalArgumentException("exception converting certificate", e);
             }
         }
         else if (privateKey instanceof Ed448PrivateKeyParameters)
@@ -56,7 +56,7 @@ else if (privateKey instanceof Ed448PrivateKeyParameters)
             }
             catch (IOException e)
             {
-                throw new IllegalArgumentException(e);
+                throw Exceptions.illegalArgumentException("exception converting certificate", e);
             }
         }
         else

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/Exceptions.java

@@ -0,0 +1,12 @@
+package org.bouncycastle.tls.crypto.impl.bc;
+
+/**
+ * In earlier JDK's these do not allow nested exceptions
+ */
+class Exceptions
+{
+    static IllegalArgumentException illegalArgumentException(String message, Throwable cause)
+    {
+        return new IllegalArgumentException(message, cause);
+    }
+}

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/ECUtil.java

@@ -0,0 +1,35 @@
+package org.bouncycastle.tls.crypto.impl.jcajce;
+
+import java.security.AlgorithmParameters;
+import java.security.PrivateKey;
+import java.security.interfaces.ECPrivateKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+
+import org.bouncycastle.jcajce.util.JcaJceHelper;
+
+class ECUtil
+{
+    static boolean isECPrivateKey(PrivateKey key)
+    {
+        return key instanceof ECPrivateKey || "EC".equals(key.getAlgorithm());
+    }
+
+    static boolean isCurveSupported(String curveName, JcaJceHelper helper)
+    {
+        try
+        {
+            AlgorithmParameters params = helper.createAlgorithmParameters("EC");
+            params.init(new ECGenParameterSpec(curveName));
+            if (params.getParameterSpec(ECParameterSpec.class) != null)
+            {
+                return true;
+            }
+        }
+        catch (Exception e)
+        {
+        }
+
+        return false;
+    }
+}

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/Exceptions.java

@@ -0,0 +1,17 @@
+package org.bouncycastle.tls.crypto.impl.jcajce;
+
+/**
+ * In earlier JDK's these do not allow nested exceptions
+ */
+class Exceptions
+{
+    static IllegalStateException illegalStateException(String message, Throwable cause)
+    {
+        return new IllegalStateException(message, cause);
+    }
+
+    static IllegalArgumentException illegalArgumentException(String message, Throwable cause)
+    {
+        return new IllegalArgumentException(message, cause);
+    }
+}

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaDefaultTlsCredentialedSigner.java

@@ -2,7 +2,6 @@
 
 import java.security.PrivateKey;
 import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.RSAPrivateKey;
 
 import org.bouncycastle.tls.Certificate;
@@ -30,7 +29,7 @@ else if (privateKey instanceof DSAPrivateKey || "DSA".equals(algorithm))
         {
             signer = new JcaTlsDSASigner(crypto, privateKey);
         }
-        else if (privateKey instanceof ECPrivateKey || "EC".equals(algorithm))
+        else if (ECUtil.isECPrivateKey(privateKey))
         {
             signer = new JcaTlsECDSASigner(crypto, privateKey);
         }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java

@@ -2,14 +2,11 @@
 
 import java.io.IOException;
 import java.math.BigInteger;
-import java.security.AlgorithmParameters;
 import java.security.GeneralSecurityException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.SecureRandom;
 import java.security.interfaces.RSAPublicKey;
-import java.security.spec.ECGenParameterSpec;
-import java.security.spec.ECParameterSpec;
 import java.util.Hashtable;
 
 import javax.crypto.Cipher;
@@ -405,7 +402,7 @@ public boolean hasNamedGroup(int namedGroup)
             return false;
         }
 
-        int key = Integers.valueOf(namedGroup);
+        Integer key = Integers.valueOf(namedGroup);
 
         synchronized (supportedGroups)
         {
@@ -523,7 +520,7 @@ public TlsHash createHash(short algorithm)
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalArgumentException("unable to create message digest:" + e.getMessage(), e);
+            throw Exceptions.illegalArgumentException("unable to create message digest:" + e.getMessage(), e);
         }
     }
 
@@ -680,20 +677,7 @@ protected TlsNullCipher createNullCipher(TlsCryptoParameters cryptoParams, int m
 
     protected boolean isCurveSupported(String curveName)
     {
-        try
-        {
-            AlgorithmParameters params = getHelper().createAlgorithmParameters("EC");
-            params.init(new ECGenParameterSpec(curveName));
-            if (params.getParameterSpec(ECParameterSpec.class) != null)
-            {
-                return true;
-            }
-        }
-        catch (Exception e)
-        {
-        }
-
-        return false;
+        return ECUtil.isCurveSupported(curveName, this.getHelper());
     }
 
     public JcaJceHelper getHelper()

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCryptoProvider.java

@@ -79,7 +79,7 @@ public TlsCrypto create(SecureRandom random)
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException("unable to create TlsCrypto: " + e.getMessage(), e);
+            throw Exceptions.illegalStateException("unable to create TlsCrypto: " + e.getMessage(), e);
         }
     }
 
@@ -181,7 +181,7 @@ private void runDigest(byte[] x, byte[] y, byte[] z)
                 }
                 catch (DigestException e)
                 {
-                    throw new IllegalStateException("unable to generate nonce data: " + e.getMessage(), e);
+                    throw Exceptions.illegalStateException("unable to generate nonce data: " + e.getMessage(), e);
                 }
             }
         }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsDSSVerifier.java

@@ -68,7 +68,7 @@ public boolean verifyRawSignature(DigitallySigned signedParams, byte[] hash)
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException("unable to process signature: " + e.getMessage(), e);
+            throw Exceptions.illegalStateException("unable to process signature: " + e.getMessage(), e);
         }
     }
 }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsRSAVerifier.java

@@ -132,7 +132,7 @@ public boolean verifyRawSignature(DigitallySigned signedParams, byte[] hash) thr
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException("unable to process signature: " + e.getMessage(), e);
+            throw Exceptions.illegalStateException("unable to process signature: " + e.getMessage(), e);
         }
     }
 

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceAEADCipherImpl.java

@@ -104,7 +104,7 @@ public void init(byte[] nonce, int macSize, byte[] additionalData)
         }
         catch (Exception e)
         {
-            throw new IllegalStateException(e.getMessage(), e);
+            throw Exceptions.illegalStateException(e.getMessage(), e);
         }
     }
 
@@ -121,7 +121,7 @@ public int doFinal(byte[] input, int inputOffset, int inputLength, byte[] output
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException(e);
+            throw Exceptions.illegalStateException("", e);
         }
     }
 }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceBlockCipherImpl.java

@@ -42,7 +42,7 @@ public void init(byte[] iv, int ivOff, int ivLen)
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException(e);
+            throw Exceptions.illegalStateException(e.getMessage(), e);
         }
     }
 
@@ -54,7 +54,7 @@ public int doFinal(byte[] input, int inputOffset, int inputLength, byte[] output
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException(e);
+            throw Exceptions.illegalStateException(e.getMessage(), e);
         }
     }
 

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceBlockCipherWithCBCImplicitIVImpl.java

@@ -71,7 +71,7 @@ public int doFinal(byte[] input, int inputOffset, int inputLength, byte[] output
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException(e);
+            throw Exceptions.illegalStateException(e.getMessage(), e);
         }
     }
 

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedAgreement.java

@@ -4,7 +4,6 @@
 import java.security.GeneralSecurityException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.interfaces.ECPrivateKey;
 
 import javax.crypto.SecretKey;
 import javax.crypto.interfaces.DHPrivateKey;
@@ -27,7 +26,7 @@ public static String getAgreementAlgorithm(PrivateKey privateKey)
         {
             return "DH";
         }
-        if (privateKey instanceof ECPrivateKey)
+        if (ECUtil.isECPrivateKey(privateKey))
         {
             return "ECDH";
         }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceTlsECDomain.java

@@ -127,7 +127,7 @@ public KeyPair generateKeyPair()
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException("unable to create key pair: " + e.getMessage(), e);
+            throw Exceptions.illegalStateException("unable to create key pair: " + e.getMessage(), e);
         }
     }
 
@@ -180,7 +180,7 @@ private void init(int namedGroup)
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException("unable to create key pair: " + e.getMessage(), e);
+            throw Exceptions.illegalStateException("unable to create key pair: " + e.getMessage(), e);
         }
     }
 

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceX25519Domain.java

@@ -107,7 +107,7 @@ public KeyPair generateKeyPair()
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException("unable to create key pair: " + e.getMessage(), e);
+            throw Exceptions.illegalStateException("unable to create key pair: " + e.getMessage(), e);
         }
     }
 }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceX448Domain.java

@@ -107,7 +107,7 @@ public KeyPair generateKeyPair()
         }
         catch (GeneralSecurityException e)
         {
-            throw new IllegalStateException("unable to create key pair: " + e.getMessage(), e);
+            throw Exceptions.illegalStateException("unable to create key pair: " + e.getMessage(), e);
         }
     }
 }