From ed61cfa8521a699d1886165842cdf17e37e3e60e Mon Sep 17 00:00:00 2001 From: adam Date: Mon, 12 Apr 2004 03:12:54 +0000 Subject: [PATCH] finished last of the compile errors darcs-hash:20040412031254-5007d-cbff51f85df65c2e15eb6f99a8cb6222882dd13c.gz --- src/org/ibex/crypto/DER.java | 18 +++--- src/org/ibex/crypto/Digest.java | 75 +++++-------------------- src/org/ibex/crypto/HMAC.java | 3 + src/org/ibex/crypto/MD2.java | 17 ++++-- src/org/ibex/crypto/MD5.java | 2 +- src/org/ibex/crypto/RSA.java | 1 + src/org/ibex/crypto/SHA1.java | 2 +- src/org/ibex/crypto/X509.java | 60 ++++++++++---------- src/org/ibex/net/SSL.java | 53 ++++++++--------- src/org/ibex/net/ssl/GenCompactCAList.java | 14 ++--- src/org/ibex/net/ssl/SwingVerifyCallback.java | 4 +- 11 files changed, 102 insertions(+), 147 deletions(-) diff --git a/src/org/ibex/crypto/DER.java b/src/org/ibex/crypto/DER.java index 6e3ca1a..c313bd9 100644 --- a/src/org/ibex/crypto/DER.java +++ b/src/org/ibex/crypto/DER.java @@ -19,7 +19,7 @@ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * AUTHORS OR COPYRIGHT HOLDER.S BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. @@ -33,25 +33,25 @@ import java.util.*; import java.math.BigInteger; public class DER { - public class Null { + public static class Null { final static Null instance = new Null(); private Null() { /* noop */ } public boolean equals(Object o) { return o == this; } } - public class TaggedObject { + public static class TaggedObject { public final Object object; public final int tag; public TaggedObject(int tag, Object object) { this.tag = tag; this.object = object; } } - public class UnknownObject { + public static class UnknownObject { public final byte[] data; public final int tag; public UnknownObject(int tag,byte[] data) { this.tag = tag; this.data = data; } } - public class BitString { + public static class BitString { public final int paddingBits; public final byte[] data; @@ -61,11 +61,11 @@ public class DER { } } - public class Exception extends java.io.IOException { + public static class Exception extends java.io.IOException { public Exception(String s) { super(s); } } - public class InputStream extends FilterInputStream { + public static class InputStream extends FilterInputStream { private static final int MAX_OBJECT_SIZE = 4*1024*1024; private int limit; @@ -73,8 +73,8 @@ public class DER { private int pos; public int getPos() { return pos; } - public InputStream(InputStream is) { this(is,-1); } - public InputStream(InputStream is, int limit) { + public InputStream(java.io.InputStream is) { this(is,-1); } + public InputStream(java.io.InputStream is, int limit) { super(is); this.limit = limit; } diff --git a/src/org/ibex/crypto/Digest.java b/src/org/ibex/crypto/Digest.java index 3b71fe8..c487ae8 100644 --- a/src/org/ibex/crypto/Digest.java +++ b/src/org/ibex/crypto/Digest.java @@ -14,7 +14,7 @@ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * AUTHORS OR COPYRIGHT HOLDER.S BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. @@ -26,108 +26,63 @@ package org.ibex.crypto; * base implementation of MD4 family style digest as outlined in * "Handbook of Applied Cryptography", pages 344 - 347. */ -abstract class Digest -{ +public abstract class Digest { private byte[] xBuf; private int xBufOff; - private long byteCount; - /** - * Standard constructor - */ - protected Digest() - { - xBuf = new byte[4]; - xBufOff = 0; - } - - public void update( - byte in) - { + protected Digest() { xBuf = new byte[4]; xBufOff = 0; } + public void update(byte in) { xBuf[xBufOff++] = in; - - if (xBufOff == xBuf.length) - { + if (xBufOff == xBuf.length) { processWord(xBuf, 0); xBufOff = 0; } - byteCount++; } - public void update( - byte[] in, - int inOff, - int len) - { - // + public void update(byte[] in, int inOff, int len) { // fill the current word - // - while ((xBufOff != 0) && (len > 0)) - { + while ((xBufOff != 0) && (len > 0)) { update(in[inOff]); - inOff++; len--; } - // // process whole words. - // - while (len > xBuf.length) - { + while (len > xBuf.length) { processWord(in, inOff); - inOff += xBuf.length; len -= xBuf.length; byteCount += xBuf.length; } - // // load in the remainder. - // - while (len > 0) - { + while (len > 0) { update(in[inOff]); - inOff++; len--; } } - protected void finish() - { + protected void finish() { long bitLength = (byteCount << 3); - - // // add the pad bytes. - // update((byte)128); - - while (xBufOff != 0) - { - update((byte)0); - } - + while (xBufOff != 0) update((byte)0); processLength(bitLength); - processBlock(); } - public void reset() - { + public void reset() { byteCount = 0; - xBufOff = 0; - for ( int i = 0; i < xBuf.length; i++ ) { - xBuf[i] = 0; - } + for ( int i = 0; i < xBuf.length; i++) xBuf[i] = 0; } protected abstract void processWord(byte[] in, int inOff); - protected abstract void processLength(long bitLength); - protected abstract void processBlock(); + public abstract int getDigestSize(); + public abstract void doFinal(byte[] out, int outOff); } diff --git a/src/org/ibex/crypto/HMAC.java b/src/org/ibex/crypto/HMAC.java index d7da4c8..22fb126 100644 --- a/src/org/ibex/crypto/HMAC.java +++ b/src/org/ibex/crypto/HMAC.java @@ -35,4 +35,7 @@ public class HMAC extends Digest { h.doFinal(out,off); reset(); } + protected void processWord(byte[] in, int inOff) {} + protected void processLength(long bitLength) {} + protected void processBlock() {} } diff --git a/src/org/ibex/crypto/MD2.java b/src/org/ibex/crypto/MD2.java index 700824c..1f546a2 100644 --- a/src/org/ibex/crypto/MD2.java +++ b/src/org/ibex/crypto/MD2.java @@ -14,7 +14,7 @@ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * AUTHORS OR COPYRIGHT HOLDER.S BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. @@ -25,18 +25,18 @@ package org.ibex.crypto; /* implementation of MD2 * as outlined in RFC1319 by B.Kaliski from RSA Laboratories April 1992 */ -public class MD2 implements Digest +public class MD2 extends Digest { private static final int DIGEST_LENGTH = 16; /* X buffer */ private byte[] X = new byte[48]; private int xOff; - /* M buffer */ - private byte[] M = new byte[16]; + /* M buffer */ + private byte[] M = new byte[16]; private int mOff; - /* check sum */ - private byte[] C = new byte[16]; + /* check sum */ + private byte[] C = new byte[16]; //private int COff; public MD2() @@ -227,4 +227,9 @@ public class MD2 implements Digest (byte)237,(byte)31,(byte)26,(byte)219,(byte)153,(byte)141,(byte)51, (byte)159,(byte)17,(byte)131,(byte)20 }; + + + protected void processWord(byte[] in, int inOff) {} + protected void processLength(long bitLength) {} + protected void processBlock() {} } diff --git a/src/org/ibex/crypto/MD5.java b/src/org/ibex/crypto/MD5.java index 1aa50da..66f79b0 100644 --- a/src/org/ibex/crypto/MD5.java +++ b/src/org/ibex/crypto/MD5.java @@ -14,7 +14,7 @@ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * AUTHORS OR COPYRIGHT HOLDER.S BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. diff --git a/src/org/ibex/crypto/RSA.java b/src/org/ibex/crypto/RSA.java index 1740d1b..bc15cef 100644 --- a/src/org/ibex/crypto/RSA.java +++ b/src/org/ibex/crypto/RSA.java @@ -1,5 +1,6 @@ package org.ibex.crypto; import java.math.BigInteger; +import java.util.*; public class RSA { private final BigInteger pq; diff --git a/src/org/ibex/crypto/SHA1.java b/src/org/ibex/crypto/SHA1.java index 234a8b8..ab1af7e 100644 --- a/src/org/ibex/crypto/SHA1.java +++ b/src/org/ibex/crypto/SHA1.java @@ -14,7 +14,7 @@ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * AUTHORS OR COPYRIGHT HOLDER.S BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. diff --git a/src/org/ibex/crypto/X509.java b/src/org/ibex/crypto/X509.java index 2c1326d..c283aaf 100644 --- a/src/org/ibex/crypto/X509.java +++ b/src/org/ibex/crypto/X509.java @@ -19,7 +19,7 @@ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * AUTHORS OR COPYRIGHT HOLDER.S BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. @@ -45,20 +45,20 @@ public class X509 { public final Number version; public final Number serialNo; - public final X509Name issuer; + public final X509.Name issuer; public final Date startDate; public final Date endDate; - public final X509Name subject; + public final X509.Name subject; public final AlgorithmIdentifier publicKeyAlgorithm; - public final DERBitString publicKey; + public final DER.BitString publicKey; public final Object issuerUniqueID; public final Object subjectUniqueID; public final Vector extensions; - public final DERBitString signature; + public final DER.BitString signature; public final AlgorithmIdentifier signatureAlgorithm; public final BC basicContraints; @@ -67,41 +67,41 @@ public class X509 { public Certificate(InputStream is) throws IOException { int i; RecordingInputStream certIS = new RecordingInputStream(is); - DERInputStream certSequence = new DERInputStream(certIS).getSequenceStream(); + DER.InputStream certSequence = new DER.InputStream(certIS).getSequenceStream(); RecordingInputStream tbsCertIS = new RecordingInputStream(certSequence); try { - Vector tbsSequence = (Vector) new DERInputStream(tbsCertIS).readObject(); + Vector tbsSequence = (Vector) new DER.InputStream(tbsCertIS).readObject(); tbsCertBytes = tbsCertIS.getBytes(); signatureAlgorithm = new AlgorithmIdentifier(certSequence.readObject()); - signature = (DERBitString) certSequence.readObject(); + signature = (DER.BitString) certSequence.readObject(); i=0; - if(tbsSequence.elementAt(i) instanceof DERTaggedObject) - version = (Number)((DERTaggedObject)tbsSequence.elementAt(i++)).object; + if(tbsSequence.elementAt(i) instanceof DER.TaggedObject) + version = (Number)((DER.TaggedObject)tbsSequence.elementAt(i++)).object; else version = new Integer(0); serialNo = (Number) tbsSequence.elementAt(i++); AlgorithmIdentifier signatureAlgorithm2 = new AlgorithmIdentifier(tbsSequence.elementAt(i++)); if(!signatureAlgorithm2.equals(signatureAlgorithm)) - throw new DERException("AlgoritmIdentifier mismatch " + signatureAlgorithm + " vs " + signatureAlgorithm2); - issuer = new X509Name(tbsSequence.elementAt(i++)); + throw new DER.Exception("AlgoritmIdentifier mismatch " + signatureAlgorithm + " vs " + signatureAlgorithm2); + issuer = new X509.Name(tbsSequence.elementAt(i++)); Vector validity = (Vector) tbsSequence.elementAt(i++); startDate = (Date) validity.elementAt(0); endDate = (Date) validity.elementAt(1); - subject = new X509Name(tbsSequence.elementAt(i++)); + subject = new X509.Name(tbsSequence.elementAt(i++)); Vector publicKeyInfo = (Vector) tbsSequence.elementAt(i++); publicKeyAlgorithm = new AlgorithmIdentifier(publicKeyInfo.elementAt(0)); - publicKey = (DERBitString) publicKeyInfo.elementAt(1); + publicKey = (DER.BitString) publicKeyInfo.elementAt(1); Object issuerUniqueID_=null,subjectUniqueID_=null; Vector extensions_=null; for(;i < tbsSequence.size();i++) { - DERTaggedObject to = (DERTaggedObject) tbsSequence.elementAt(i); + DER.TaggedObject to = (DER.TaggedObject) tbsSequence.elementAt(i); switch(to.tag) { case 1: issuerUniqueID_ = to.object; break; case 2: subjectUniqueID_ = to.object; break; @@ -120,52 +120,52 @@ public class X509 { String oid = (String) extension.elementAt(0); byte[] data = (byte[]) extension.elementAt(extension.size()-1); if(oid.equals(BASIC_CONSTRAINTS)) - bc = new BC(new DERInputStream(new ByteArrayInputStream(data)).readObject()); + bc = new BC(new DER.InputStream(new ByteArrayInputStream(data)).readObject()); } } basicContraints = bc; } catch(RuntimeException e) { e.printStackTrace(); - throw new DERException("Invalid x509 Certificate"); + throw new DER.Exception("Invalid x509 Certificate"); } certBytes = certIS.getBytes(); } public String getSubjectField(String fieldID) { return subject.get(fieldID); } - public String getCN() { return getSubjectField(X509Name.CN); } + public String getCN() { return getSubjectField(X509.Name.CN); } public boolean isValid() { Date now = new Date(); return !now.after(endDate) && !now.before(startDate); } - public RSAPublicKey getRSAPublicKey() throws DERException { - if(!RSA_ENCRYPTION.equals(publicKeyAlgorithm.id)) throw new DERException("This isn't an RSA public key"); + public RSA.PublicKey getRSAPublicKey() throws DER.Exception { + if(!RSA_ENCRYPTION.equals(publicKeyAlgorithm.id)) throw new DER.Exception("This isn't an RSA public key"); try { - return new RSAPublicKey(new DERInputStream(new ByteArrayInputStream(publicKey.data)).readObject()); + return new RSA.PublicKey(new DER.InputStream(new ByteArrayInputStream(publicKey.data)).readObject()); } catch(IOException e) { - throw new DERException(e.getMessage()); + throw new DER.Exception(e.getMessage()); } catch(RuntimeException e) { - throw new DERException("Invalid RSA Public Key " + e.getMessage()); + throw new DER.Exception("Invalid RSA Public Key " + e.getMessage()); } } - public boolean isSignedBy(Certificate signer) throws DERException { + public boolean isSignedBy(Certificate signer) throws DER.Exception { return isSignedWith(signer.getRSAPublicKey()); } - public boolean isSignedWith(RSAPublicKey rsapk) throws DERException { + public boolean isSignedWith(RSA.PublicKey rsapk) throws DER.Exception { try { Digest digest; if(signatureAlgorithm.id.equals(MD5_WITH_RSA_ENCRYPTION)) digest = new MD5(); else if(signatureAlgorithm.id.equals(SHA1_WITH_RSA_ENCRYPTION)) digest = new SHA1(); else if(signatureAlgorithm.id.equals(MD2_WITH_RSA_ENCRYPTION)) digest = new MD2(); - else throw new DERException("Unknown signing algorithm: " + signatureAlgorithm.id); + else throw new DER.Exception("Unknown signing algorithm: " + signatureAlgorithm.id); PKCS1 pkcs1 = new PKCS1(new RSA(rsapk.modulus,rsapk.exponent,true)); byte[] d = pkcs1.decode(signature.data); - Vector v = (Vector) new DERInputStream(new ByteArrayInputStream(d)).readObject(); + Vector v = (Vector) new DER.InputStream(new ByteArrayInputStream(d)).readObject(); byte[] signedDigest = (byte[]) v.elementAt(1); if(signedDigest.length != digest.getDigestSize()) return false; @@ -246,7 +246,7 @@ public class X509 { System.err.println("Start Date: " + cert.startDate); System.err.println("End Date: " + cert.endDate); System.err.println("SHA1 Fingerprint: " + prettyBytes(cert.getSHA1Fingerprint())); - RSAPublicKey key = cert.getRSAPublicKey(); + RSA.PublicKey key = cert.getRSA.PublicKey(); System.err.println("Modulus: " + prettyBytes(key.modulus.toByteArray())); System.err.println("Exponent: " + key.exponent); System.err.println("Signature: " + prettyBytes(cert.signature.data)); @@ -278,7 +278,7 @@ public class X509 { private final Vector keys = new Vector(); private final Vector values = new Vector(); - public Name(Object seq_) throws DERException { + public Name(Object seq_) throws DER.Exception { try { Vector seq = (Vector) seq_; for(Enumeration e = seq.elements();e.hasMoreElements();) { @@ -288,7 +288,7 @@ public class X509 { } } catch(RuntimeException e) { e.printStackTrace(); - throw new DERException("Invalid Name " + e.toString()); + throw new DER.Exception("Invalid Name " + e.toString()); } } diff --git a/src/org/ibex/net/SSL.java b/src/org/ibex/net/SSL.java index 7078e81..04519cd 100644 --- a/src/org/ibex/net/SSL.java +++ b/src/org/ibex/net/SSL.java @@ -13,19 +13,7 @@ package org.ibex.net; -import org.ibex.der.DER.Exception; -import org.ibex.der.DER.InputStream; -import org.ibex.x509.X509Certificate; -import org.ibex.x509.RSAPublicKey; -import org.ibex.x509.X509Name; -import org.ibex.crypto.HMAC; -import org.ibex.crypto.PKCS1; -import org.ibex.crypto.RC4; -import org.ibex.crypto.RSA; -import org.ibex.crypto.Digest; -import org.ibex.crypto.MD5; -import org.ibex.crypto.SHA1; - +import org.ibex.crypto.*; import java.security.SecureRandom; import java.net.Socket; @@ -183,7 +171,7 @@ public class SSL extends Socket { } private void negotiateNew() throws IOException { - X509Certificate[] certs = receiveServerCertificates(); + X509.Certificate[] certs = receiveServerCertificates(); debug("got Certificate"); boolean gotCertificateRequest = false; @@ -309,7 +297,7 @@ public class SSL extends Socket { if(buf[p++] != 0x0) throw new Exn("unsupported compression " + buf[p-1]); } - private X509Certificate[] receiveServerCertificates() throws IOException { + private X509.Certificate[] receiveServerCertificates() throws IOException { byte[] buf = readHandshake(); if(buf[0] != 11) throw new Exn("expected a Certificate message"); if((((buf[4]&0xff)<<16)|((buf[5]&0xff)<<8)|((buf[6]&0xff)<<0)) != buf.length-7) throw new Exn("size mismatch in Certificate message"); @@ -318,21 +306,21 @@ public class SSL extends Socket { for(int i=p;i buf.length) throw new Exn("Certificate message cut short"); - certs[count++] = new X509Certificate(new ByteArrayInputStream(buf,p,len)); + certs[count++] = new X509.Certificate(new ByteArrayInputStream(buf,p,len)); p += len; } return certs; } - private void sendClientKeyExchange(X509Certificate serverCert) throws IOException { + private void sendClientKeyExchange(X509.Certificate serverCert) throws IOException { byte[] encryptedPreMasterSecret; - RSAPublicKey pks = serverCert.getRSAPublicKey(); + RSA.PublicKey pks = serverCert.getRSAPublicKey(); PKCS1 pkcs1 = new PKCS1(new RSA(pks.modulus,pks.exponent,false),random); encryptedPreMasterSecret = pkcs1.encode(preMasterSecret); byte[] buf; @@ -733,7 +721,7 @@ public class SSL extends Socket { return ret; } - public static class SSLv3HMAC implements Digest { + public static class SSLv3HMAC extends Digest { private final Digest h; private final byte[] digest; private final byte[] key; @@ -766,6 +754,9 @@ public class SSL extends Socket { h.doFinal(out,off); reset(); } + protected void processWord(byte[] in, int inOff) {} + protected void processLength(long bitLength) {} + protected void processBlock() {} } // @@ -907,7 +898,7 @@ public class SSL extends Socket { private static void debug(Object o) { if(debugOn) System.err.println("[BriSSL-Debug] " + o.toString()); } private static void log(Object o) { System.err.println("[BriSSL] " + o.toString()); } - private static void verifyCerts(X509Certificate[] certs) throws DER.Exception, Exn { + private static void verifyCerts(X509.Certificate[] certs) throws DER.Exception, Exn { try { verifyCerts_(certs); } catch(RuntimeException e) { @@ -916,14 +907,14 @@ public class SSL extends Socket { } } - private static void verifyCerts_(X509Certificate[] certs) throws DER.Exception, Exn { + private static void verifyCerts_(X509.Certificate[] certs) throws DER.Exception, Exn { boolean ignoreLast = false; for(int i=0;i