import sun.security.internal.spec.TlsMasterSecretParameterSpec; //导入依赖的package包/类
@SuppressWarnings("deprecation")
protected void engineInit(AlgorithmParameterSpec params,
SecureRandom random) throws InvalidAlgorithmParameterException {
if (params instanceof TlsMasterSecretParameterSpec == false) {
throw new InvalidAlgorithmParameterException(MSG);
}
TlsMasterSecretParameterSpec spec = (TlsMasterSecretParameterSpec)params;
int version = (spec.getMajorVersion() << 8) | spec.getMinorVersion();
if ((version == 0x0300 && !supportSSLv3) || (version < 0x0300) ||
(version > 0x0302)) {
throw new InvalidAlgorithmParameterException
("Only" + (supportSSLv3? " SSL 3.0,": "") +
" TLS 1.0, and TLS 1.1 are supported (0x" +
Integer.toHexString(version) + ")");
}
SecretKey key = spec.getPremasterSecret();
// algorithm should be either TlsRsaPremasterSecret or TlsPremasterSecret,
// but we omit the check
try {
p11Key = P11SecretKeyFactory.convertKey(token, key, null);
} catch (InvalidKeyException e) {
throw new InvalidAlgorithmParameterException("init() failed", e);
}
this.spec = spec;
if (p11Key.getAlgorithm().equals("TlsRsaPremasterSecret")) {
mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE
: CKM_TLS_MASTER_KEY_DERIVE;
ckVersion = new CK_VERSION(0, 0);
} else {
// Note: we use DH for all non-RSA premaster secrets. That includes
// Kerberos. That should not be a problem because master secret
// calculation is always a straightforward application of the
// TLS PRF (or the SSL equivalent).
// The only thing special about RSA master secret calculation is
// that it extracts the version numbers from the premaster secret.
mechanism = (version == 0x0300) ? CKM_SSL3_MASTER_KEY_DERIVE_DH
: CKM_TLS_MASTER_KEY_DERIVE_DH;
ckVersion = null;
}
}