Add some TLS exception detail messages

peterdettman · peterdettman · commit 93077bae2acc · 2024-11-15T15:59:02.000+07:00
diff --git a/tls/src/main/java/org/bouncycastle/tls/TlsUtils.java b/tls/src/main/java/org/bouncycastle/tls/TlsUtils.java
@@ -4765,7 +4765,8 @@ static void checkTlsFeatures(Certificate serverCertificate, Hashtable clientExte
             {
                 if (!(tlsFeaturesSeq.getObjectAt(i) instanceof ASN1Integer))
                 {
-                    throw new TlsFatalAlert(AlertDescription.bad_certificate);
+                    throw new TlsFatalAlert(AlertDescription.bad_certificate,
+                        "Server certificate has invalid TLS Features extension");
                 }
             }
 
@@ -4779,7 +4780,8 @@ static void checkTlsFeatures(Certificate serverCertificate, Hashtable clientExte
                     Integer extensionType = Integers.valueOf(tlsExtension.intValue());
                     if (clientExtensions.containsKey(extensionType) && !serverExtensions.containsKey(extensionType))
                     {
-                        throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+                        throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                            "Server extensions missing TLS Feature " + extensionType);
                     }
                 }
             }
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsCertificate.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsCertificate.java
@@ -102,7 +102,7 @@ public ASN1Encodable getSigAlgParams()
         return certificate.getSignatureAlgorithm().getParameters();
     }
 
-    protected boolean supportsKeyUsage(int keyUsageBits)
+    protected boolean supportsKeyUsage(int keyUsageBit)
     {
         Extensions exts = certificate.getTBSCertificate().getExtensions();
         if (exts != null)
@@ -111,7 +111,7 @@ protected boolean supportsKeyUsage(int keyUsageBits)
             if (ku != null)
             {
                 int bits = ku.getBytes()[0] & 0xff;
-                if ((bits & keyUsageBits) != keyUsageBits)
+                if ((bits & keyUsageBit) != keyUsageBit)
                 {
                     return false;
                 }
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsRawKeyCertificate.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsRawKeyCertificate.java
@@ -91,7 +91,7 @@ public TlsEncryptor createEncryptor(int tlsCertificateRole) throws IOException
 //        }
         }
 
-        throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+        throw new TlsFatalAlert(AlertDescription.internal_error);
     }
 
     public TlsVerifier createVerifier(short signatureAlgorithm) throws IOException
@@ -146,7 +146,7 @@ public TlsVerifier createVerifier(short signatureAlgorithm) throws IOException
         case SignatureAlgorithm.gostr34102012_512:
 
         default:
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            throw new TlsFatalAlert(AlertDescription.internal_error);
         }
     }
 
@@ -248,7 +248,7 @@ public Tls13Verifier createVerifier(int signatureScheme) throws IOException
 //        }
 
         default:
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            throw new TlsFatalAlert(AlertDescription.internal_error);
         }
     }
 
@@ -335,7 +335,7 @@ public DHPublicKeyParameters getPubKeyDH() throws IOException
         }
         catch (ClassCastException e)
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not DH", e);
         }
     }
 
@@ -347,7 +347,7 @@ public DSAPublicKeyParameters getPubKeyDSS() throws IOException
         }
         catch (ClassCastException e)
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not DSS", e);
         }
     }
 
@@ -359,7 +359,7 @@ public ECPublicKeyParameters getPubKeyEC() throws IOException
         }
         catch (ClassCastException e)
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not EC", e);
         }
     }
 
@@ -371,7 +371,7 @@ public Ed25519PublicKeyParameters getPubKeyEd25519() throws IOException
         }
         catch (ClassCastException e)
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not Ed25519", e);
         }
     }
 
@@ -383,7 +383,7 @@ public Ed448PublicKeyParameters getPubKeyEd448() throws IOException
         }
         catch (ClassCastException e)
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not Ed448", e);
         }
     }
 
@@ -395,7 +395,7 @@ public RSAKeyParameters getPubKeyRSA() throws IOException
         }
         catch (ClassCastException e)
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not RSA", e);
         }
     }
 
@@ -428,7 +428,7 @@ public TlsCertificate checkUsageInRole(int tlsCertificateRole) throws IOExceptio
         }
         }
 
-        throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+        throw new TlsFatalAlert(AlertDescription.internal_error);
     }
 
     protected AsymmetricKeyParameter getPublicKey() throws IOException
@@ -443,7 +443,7 @@ protected AsymmetricKeyParameter getPublicKey() throws IOException
         }
     }
 
-    protected boolean supportsKeyUsage(int keyUsageBits)
+    protected boolean supportsKeyUsage(int keyUsageBit)
     {
         return true;
     }
@@ -517,12 +517,25 @@ protected boolean supportsSignatureAlgorithm(short signatureAlgorithm, int keyUs
         }
     }
 
-    public void validateKeyUsage(int keyUsageBits)
+    public void validateKeyUsage(int keyUsageBit)
         throws IOException
     {
-        if (!supportsKeyUsage(keyUsageBits))
-        {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+        if (!supportsKeyUsage(keyUsageBit))
+        {
+            switch (keyUsageBit)
+            {
+            case KeyUsage.digitalSignature:
+                throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                    "KeyUsage does not allow digital signatures");
+            case KeyUsage.keyAgreement:
+                throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                    "KeyUsage does not allow key agreement");
+            case KeyUsage.keyEncipherment:
+                throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                    "KeyUsage does not allow key encipherment");
+            default:
+                throw new TlsFatalAlert(AlertDescription.internal_error);
+            }
         }
     }
 
@@ -531,7 +544,7 @@ protected void validateRSA_PKCS1()
     {
         if (!supportsRSA_PKCS1())
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "No support for rsa_pkcs1 signature schemes");
         }
     }
 
@@ -540,7 +553,8 @@ protected void validateRSA_PSS_PSS(short signatureAlgorithm)
     {
         if (!supportsRSA_PSS_PSS(signatureAlgorithm))
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                "No support for rsa_pss_pss signature schemes");
         }
     }
 
@@ -549,7 +563,8 @@ protected void validateRSA_PSS_RSAE()
     {
         if (!supportsRSA_PSS_RSAE())
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                "No support for rsa_pss_rsae signature schemes");
         }
     }
 }
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCertificate.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCertificate.java
@@ -21,6 +21,7 @@
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.asn1.x509.KeyUsage;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.tls.AlertDescription;
@@ -132,7 +133,7 @@ public TlsEncryptor createEncryptor(int tlsCertificateRole) throws IOException
 //        }
         }
 
-        throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+        throw new TlsFatalAlert(AlertDescription.internal_error);
     }
 
     public TlsVerifier createVerifier(short signatureAlgorithm) throws IOException
@@ -187,7 +188,7 @@ public TlsVerifier createVerifier(short signatureAlgorithm) throws IOException
         case SignatureAlgorithm.gostr34102012_512:
 
         default:
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            throw new TlsFatalAlert(AlertDescription.internal_error);
         }
     }
 
@@ -274,7 +275,7 @@ public Tls13Verifier createVerifier(int signatureScheme) throws IOException
 //        case SignatureScheme.sm2sig_sm3:
 
         default:
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            throw new TlsFatalAlert(AlertDescription.internal_error);
         }
     }
 
@@ -329,7 +330,7 @@ DHPublicKey getPubKeyDH() throws IOException
         }
         catch (ClassCastException e)
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not DH", e);
         }
     }
 
@@ -341,7 +342,7 @@ DSAPublicKey getPubKeyDSS() throws IOException
         }
         catch (ClassCastException e)
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not DSS", e);
         }
     }
 
@@ -353,7 +354,7 @@ ECPublicKey getPubKeyEC() throws IOException
         }
         catch (ClassCastException e)
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not EC", e);
         }
     }
 
@@ -365,7 +366,7 @@ PublicKey getPubKeyEd25519() throws IOException
             // Oracle provider (Java 15+) returns the key as an EdDSA one
             if (!("EdDSA".equals(publicKey.getAlgorithm()) && publicKey.toString().indexOf("Ed25519") >= 0))
             {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+                throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not Ed25519");
             }
         }
         return publicKey;
@@ -379,14 +380,15 @@ PublicKey getPubKeyEd448() throws IOException
             // Oracle provider (Java 15+) returns the key as an EdDSA one
             if (!("EdDSA".equals(publicKey.getAlgorithm()) && publicKey.toString().indexOf("Ed448") >= 0))
             {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+                throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not Ed448");
             }
         }
         return publicKey;
     }
 
     PublicKey getPubKeyRSA() throws IOException
     {
+        // TODO[tls] How to reliably check that this is an RSA key?
         return getPublicKey();
     }
 
@@ -470,7 +472,7 @@ public TlsCertificate checkUsageInRole(int tlsCertificateRole) throws IOExceptio
         }
         }
 
-        throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+        throw new TlsFatalAlert(AlertDescription.internal_error);
     }
 
     protected boolean implSupportsSignatureAlgorithm(short signatureAlgorithm) throws IOException
@@ -574,7 +576,20 @@ protected void validateKeyUsageBit(int keyUsageBit)
     {
         if (!supportsKeyUsageBit(keyUsageBit))
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            switch (keyUsageBit)
+            {
+            case KeyUsage.digitalSignature:
+                throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                    "KeyUsage does not allow digital signatures");
+            case KeyUsage.keyAgreement:
+                throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                    "KeyUsage does not allow key agreement");
+            case KeyUsage.keyEncipherment:
+                throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                    "KeyUsage does not allow key encipherment");
+            default:
+                throw new TlsFatalAlert(AlertDescription.internal_error);
+            }
         }
     }
 
@@ -583,7 +598,7 @@ protected void validateRSA_PKCS1()
     {
         if (!supportsRSA_PKCS1())
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown, "No support for rsa_pkcs1 signature schemes");
         }
     }
 
@@ -592,7 +607,8 @@ protected void validateRSA_PSS_PSS(short signatureAlgorithm)
     {
         if (!supportsRSA_PSS_PSS(signatureAlgorithm))
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                "No support for rsa_pss_pss signature schemes");
         }
     }
 
@@ -601,7 +617,8 @@ protected void validateRSA_PSS_RSAE()
     {
         if (!supportsRSA_PSS_RSAE())
         {
-            throw new TlsFatalAlert(AlertDescription.certificate_unknown);
+            throw new TlsFatalAlert(AlertDescription.certificate_unknown,
+                "No support for rsa_pss_rsae signature schemes");
         }
     }
 }
diff --git a/tls/src/main/jdk1.4/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCertificate.java b/tls/src/main/jdk1.4/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCertificate.java

Original file line number	Diff line number	Diff line change
`@@ -4765,7 +4765,8 @@ static void checkTlsFeatures(Certificate serverCertificate, Hashtable clientExte`
`4765`	`4765`	`{`
`4766`	`4766`	`if (!(tlsFeaturesSeq.getObjectAt(i) instanceof ASN1Integer))`
`4767`	`4767`	`{`
`4768`		`- throw new TlsFatalAlert(AlertDescription.bad_certificate);`
	`4768`	`+ throw new TlsFatalAlert(AlertDescription.bad_certificate,`
	`4769`	`+ "Server certificate has invalid TLS Features extension");`
`4769`	`4770`	`}`
`4770`	`4771`	`}`
`4771`	`4772`
`@@ -4779,7 +4780,8 @@ static void checkTlsFeatures(Certificate serverCertificate, Hashtable clientExte`
`4779`	`4780`	`Integer extensionType = Integers.valueOf(tlsExtension.intValue());`
`4780`	`4781`	`if (clientExtensions.containsKey(extensionType) && !serverExtensions.containsKey(extensionType))`
`4781`	`4782`	`{`
`4782`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`4783`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`4784`	`+ "Server extensions missing TLS Feature " + extensionType);`
`4783`	`4785`	`}`
`4784`	`4786`	`}`
`4785`	`4787`	`}`
Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ public ASN1Encodable getSigAlgParams()`
`102`	`102`	`return certificate.getSignatureAlgorithm().getParameters();`
`103`	`103`	`}`
`104`	`104`
`105`		`- protected boolean supportsKeyUsage(int keyUsageBits)`
	`105`	`+ protected boolean supportsKeyUsage(int keyUsageBit)`
`106`	`106`	`{`
`107`	`107`	`Extensions exts = certificate.getTBSCertificate().getExtensions();`
`108`	`108`	`if (exts != null)`
`@@ -111,7 +111,7 @@ protected boolean supportsKeyUsage(int keyUsageBits)`
`111`	`111`	`if (ku != null)`
`112`	`112`	`{`
`113`	`113`	`int bits = ku.getBytes()[0] & 0xff;`
`114`		`- if ((bits & keyUsageBits) != keyUsageBits)`
	`114`	`+ if ((bits & keyUsageBit) != keyUsageBit)`
`115`	`115`	`{`
`116`	`116`	`return false;`
`117`	`117`	`}`
Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ public TlsEncryptor createEncryptor(int tlsCertificateRole) throws IOException`
`91`	`91`	`// }`
`92`	`92`	`}`
`93`	`93`
`94`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`94`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`public TlsVerifier createVerifier(short signatureAlgorithm) throws IOException`
`@@ -146,7 +146,7 @@ public TlsVerifier createVerifier(short signatureAlgorithm) throws IOException`
`146`	`146`	`case SignatureAlgorithm.gostr34102012_512:`
`147`	`147`
`148`	`148`	`default:`
`149`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`149`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
`150`	`150`	`}`
`151`	`151`	`}`
`152`	`152`
`@@ -248,7 +248,7 @@ public Tls13Verifier createVerifier(int signatureScheme) throws IOException`
`248`	`248`	`// }`
`249`	`249`
`250`	`250`	`default:`
`251`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`251`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
`252`	`252`	`}`
`253`	`253`	`}`
`254`	`254`
`@@ -335,7 +335,7 @@ public DHPublicKeyParameters getPubKeyDH() throws IOException`
`335`	`335`	`}`
`336`	`336`	`catch (ClassCastException e)`
`337`	`337`	`{`
`338`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);`
	`338`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not DH", e);`
`339`	`339`	`}`
`340`	`340`	`}`
`341`	`341`
`@@ -347,7 +347,7 @@ public DSAPublicKeyParameters getPubKeyDSS() throws IOException`
`347`	`347`	`}`
`348`	`348`	`catch (ClassCastException e)`
`349`	`349`	`{`
`350`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);`
	`350`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not DSS", e);`
`351`	`351`	`}`
`352`	`352`	`}`
`353`	`353`
`@@ -359,7 +359,7 @@ public ECPublicKeyParameters getPubKeyEC() throws IOException`
`359`	`359`	`}`
`360`	`360`	`catch (ClassCastException e)`
`361`	`361`	`{`
`362`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);`
	`362`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not EC", e);`
`363`	`363`	`}`
`364`	`364`	`}`
`365`	`365`
`@@ -371,7 +371,7 @@ public Ed25519PublicKeyParameters getPubKeyEd25519() throws IOException`
`371`	`371`	`}`
`372`	`372`	`catch (ClassCastException e)`
`373`	`373`	`{`
`374`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);`
	`374`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not Ed25519", e);`
`375`	`375`	`}`
`376`	`376`	`}`
`377`	`377`
`@@ -383,7 +383,7 @@ public Ed448PublicKeyParameters getPubKeyEd448() throws IOException`
`383`	`383`	`}`
`384`	`384`	`catch (ClassCastException e)`
`385`	`385`	`{`
`386`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);`
	`386`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not Ed448", e);`
`387`	`387`	`}`
`388`	`388`	`}`
`389`	`389`
`@@ -395,7 +395,7 @@ public RSAKeyParameters getPubKeyRSA() throws IOException`
`395`	`395`	`}`
`396`	`396`	`catch (ClassCastException e)`
`397`	`397`	`{`
`398`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);`
	`398`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not RSA", e);`
`399`	`399`	`}`
`400`	`400`	`}`
`401`	`401`
`@@ -428,7 +428,7 @@ public TlsCertificate checkUsageInRole(int tlsCertificateRole) throws IOExceptio`
`428`	`428`	`}`
`429`	`429`	`}`
`430`	`430`
`431`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`431`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
`432`	`432`	`}`
`433`	`433`
`434`	`434`	`protected AsymmetricKeyParameter getPublicKey() throws IOException`
`@@ -443,7 +443,7 @@ protected AsymmetricKeyParameter getPublicKey() throws IOException`
`443`	`443`	`}`
`444`	`444`	`}`
`445`	`445`
`446`		`- protected boolean supportsKeyUsage(int keyUsageBits)`
	`446`	`+ protected boolean supportsKeyUsage(int keyUsageBit)`
`447`	`447`	`{`
`448`	`448`	`return true;`
`449`	`449`	`}`
`@@ -517,12 +517,25 @@ protected boolean supportsSignatureAlgorithm(short signatureAlgorithm, int keyUs`
`517`	`517`	`}`
`518`	`518`	`}`
`519`	`519`
`520`		`- public void validateKeyUsage(int keyUsageBits)`
	`520`	`+ public void validateKeyUsage(int keyUsageBit)`
`521`	`521`	`throws IOException`
`522`	`522`	`{`
`523`		`- if (!supportsKeyUsage(keyUsageBits))`
`524`		`- {`
`525`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`523`	`+ if (!supportsKeyUsage(keyUsageBit))`
	`524`	`+ {`
	`525`	`+ switch (keyUsageBit)`
	`526`	`+ {`
	`527`	`+ case KeyUsage.digitalSignature:`
	`528`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`529`	`+ "KeyUsage does not allow digital signatures");`
	`530`	`+ case KeyUsage.keyAgreement:`
	`531`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`532`	`+ "KeyUsage does not allow key agreement");`
	`533`	`+ case KeyUsage.keyEncipherment:`
	`534`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`535`	`+ "KeyUsage does not allow key encipherment");`
	`536`	`+ default:`
	`537`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
	`538`	`+ }`
`526`	`539`	`}`
`527`	`540`	`}`
`528`	`541`
`@@ -531,7 +544,7 @@ protected void validateRSA_PKCS1()`
`531`	`544`	`{`
`532`	`545`	`if (!supportsRSA_PKCS1())`
`533`	`546`	`{`
`534`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`547`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "No support for rsa_pkcs1 signature schemes");`
`535`	`548`	`}`
`536`	`549`	`}`
`537`	`550`
`@@ -540,7 +553,8 @@ protected void validateRSA_PSS_PSS(short signatureAlgorithm)`
`540`	`553`	`{`
`541`	`554`	`if (!supportsRSA_PSS_PSS(signatureAlgorithm))`
`542`	`555`	`{`
`543`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`556`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`557`	`+ "No support for rsa_pss_pss signature schemes");`
`544`	`558`	`}`
`545`	`559`	`}`
`546`	`560`
`@@ -549,7 +563,8 @@ protected void validateRSA_PSS_RSAE()`
`549`	`563`	`{`
`550`	`564`	`if (!supportsRSA_PSS_RSAE())`
`551`	`565`	`{`
`552`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`566`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`567`	`+ "No support for rsa_pss_rsae signature schemes");`
`553`	`568`	`}`
`554`	`569`	`}`
`555`	`570`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`	`import org.bouncycastle.asn1.ASN1Primitive;`
`22`	`22`	`import org.bouncycastle.asn1.x509.AlgorithmIdentifier;`
`23`	`23`	`import org.bouncycastle.asn1.x509.Certificate;`
	`24`	`+import org.bouncycastle.asn1.x509.KeyUsage;`
`24`	`25`	`import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;`
`25`	`26`	`import org.bouncycastle.jcajce.util.JcaJceHelper;`
`26`	`27`	`import org.bouncycastle.tls.AlertDescription;`
`@@ -132,7 +133,7 @@ public TlsEncryptor createEncryptor(int tlsCertificateRole) throws IOException`
`132`	`133`	`// }`
`133`	`134`	`}`
`134`	`135`
`135`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`136`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
`136`	`137`	`}`
`137`	`138`
`138`	`139`	`public TlsVerifier createVerifier(short signatureAlgorithm) throws IOException`
`@@ -187,7 +188,7 @@ public TlsVerifier createVerifier(short signatureAlgorithm) throws IOException`
`187`	`188`	`case SignatureAlgorithm.gostr34102012_512:`
`188`	`189`
`189`	`190`	`default:`
`190`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`191`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
`191`	`192`	`}`
`192`	`193`	`}`
`193`	`194`
`@@ -274,7 +275,7 @@ public Tls13Verifier createVerifier(int signatureScheme) throws IOException`
`274`	`275`	`// case SignatureScheme.sm2sig_sm3:`
`275`	`276`
`276`	`277`	`default:`
`277`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`278`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
`278`	`279`	`}`
`279`	`280`	`}`
`280`	`281`
`@@ -329,7 +330,7 @@ DHPublicKey getPubKeyDH() throws IOException`
`329`	`330`	`}`
`330`	`331`	`catch (ClassCastException e)`
`331`	`332`	`{`
`332`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);`
	`333`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not DH", e);`
`333`	`334`	`}`
`334`	`335`	`}`
`335`	`336`
`@@ -341,7 +342,7 @@ DSAPublicKey getPubKeyDSS() throws IOException`
`341`	`342`	`}`
`342`	`343`	`catch (ClassCastException e)`
`343`	`344`	`{`
`344`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);`
	`345`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not DSS", e);`
`345`	`346`	`}`
`346`	`347`	`}`
`347`	`348`
`@@ -353,7 +354,7 @@ ECPublicKey getPubKeyEC() throws IOException`
`353`	`354`	`}`
`354`	`355`	`catch (ClassCastException e)`
`355`	`356`	`{`
`356`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);`
	`357`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not EC", e);`
`357`	`358`	`}`
`358`	`359`	`}`
`359`	`360`
`@@ -365,7 +366,7 @@ PublicKey getPubKeyEd25519() throws IOException`
`365`	`366`	`// Oracle provider (Java 15+) returns the key as an EdDSA one`
`366`	`367`	`if (!("EdDSA".equals(publicKey.getAlgorithm()) && publicKey.toString().indexOf("Ed25519") >= 0))`
`367`	`368`	`{`
`368`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`369`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not Ed25519");`
`369`	`370`	`}`
`370`	`371`	`}`
`371`	`372`	`return publicKey;`
`@@ -379,14 +380,15 @@ PublicKey getPubKeyEd448() throws IOException`
`379`	`380`	`// Oracle provider (Java 15+) returns the key as an EdDSA one`
`380`	`381`	`if (!("EdDSA".equals(publicKey.getAlgorithm()) && publicKey.toString().indexOf("Ed448") >= 0))`
`381`	`382`	`{`
`382`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`383`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "Public key not Ed448");`
`383`	`384`	`}`
`384`	`385`	`}`
`385`	`386`	`return publicKey;`
`386`	`387`	`}`
`387`	`388`
`388`	`389`	`PublicKey getPubKeyRSA() throws IOException`
`389`	`390`	`{`
	`391`	`+ // TODO[tls] How to reliably check that this is an RSA key?`
`390`	`392`	`return getPublicKey();`
`391`	`393`	`}`
`392`	`394`
`@@ -470,7 +472,7 @@ public TlsCertificate checkUsageInRole(int tlsCertificateRole) throws IOExceptio`
`470`	`472`	`}`
`471`	`473`	`}`
`472`	`474`
`473`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`475`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
`474`	`476`	`}`
`475`	`477`
`476`	`478`	`protected boolean implSupportsSignatureAlgorithm(short signatureAlgorithm) throws IOException`
`@@ -574,7 +576,20 @@ protected void validateKeyUsageBit(int keyUsageBit)`
`574`	`576`	`{`
`575`	`577`	`if (!supportsKeyUsageBit(keyUsageBit))`
`576`	`578`	`{`
`577`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`579`	`+ switch (keyUsageBit)`
	`580`	`+ {`
	`581`	`+ case KeyUsage.digitalSignature:`
	`582`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`583`	`+ "KeyUsage does not allow digital signatures");`
	`584`	`+ case KeyUsage.keyAgreement:`
	`585`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`586`	`+ "KeyUsage does not allow key agreement");`
	`587`	`+ case KeyUsage.keyEncipherment:`
	`588`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`589`	`+ "KeyUsage does not allow key encipherment");`
	`590`	`+ default:`
	`591`	`+ throw new TlsFatalAlert(AlertDescription.internal_error);`
	`592`	`+ }`
`578`	`593`	`}`
`579`	`594`	`}`
`580`	`595`
`@@ -583,7 +598,7 @@ protected void validateRSA_PKCS1()`
`583`	`598`	`{`
`584`	`599`	`if (!supportsRSA_PKCS1())`
`585`	`600`	`{`
`586`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`601`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown, "No support for rsa_pkcs1 signature schemes");`
`587`	`602`	`}`
`588`	`603`	`}`
`589`	`604`
`@@ -592,7 +607,8 @@ protected void validateRSA_PSS_PSS(short signatureAlgorithm)`
`592`	`607`	`{`
`593`	`608`	`if (!supportsRSA_PSS_PSS(signatureAlgorithm))`
`594`	`609`	`{`
`595`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`610`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`611`	`+ "No support for rsa_pss_pss signature schemes");`
`596`	`612`	`}`
`597`	`613`	`}`
`598`	`614`
`@@ -601,7 +617,8 @@ protected void validateRSA_PSS_RSAE()`
`601`	`617`	`{`
`602`	`618`	`if (!supportsRSA_PSS_RSAE())`
`603`	`619`	`{`
`604`		`- throw new TlsFatalAlert(AlertDescription.certificate_unknown);`
	`620`	`+ throw new TlsFatalAlert(AlertDescription.certificate_unknown,`
	`621`	`+ "No support for rsa_pss_rsae signature schemes");`
`605`	`622`	`}`
`606`	`623`	`}`
`607`	`624`	`}`