Package org.bouncycastle.tls
Class AbstractTlsServer
- java.lang.Object
-
- org.bouncycastle.tls.AbstractTlsPeer
-
- org.bouncycastle.tls.AbstractTlsServer
-
- Direct Known Subclasses:
DefaultTlsServer
,PSKTlsServer
,SRPTlsServer
public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsServer
Base class for a TLS server.
-
-
Field Summary
Fields Modifier and Type Field Description protected CertificateStatusRequest
certificateStatusRequest
protected int[]
cipherSuites
protected java.util.Hashtable
clientExtensions
protected java.util.Vector
clientProtocolNames
protected boolean
clientSentECPointFormats
protected TlsServerContext
context
protected boolean
encryptThenMACOffered
protected short
maxFragmentLengthOffered
protected int[]
offeredCipherSuites
protected ProtocolVersion[]
protocolVersions
protected int
selectedCipherSuite
protected ProtocolName
selectedProtocolName
protected java.util.Hashtable
serverExtensions
protected java.util.Vector
statusRequestV2
protected boolean
truncatedHMacOffered
protected java.util.Vector
trustedCAKeys
-
Constructor Summary
Constructors Constructor Description AbstractTlsServer(TlsCrypto crypto)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected boolean
allowCertificateStatus()
protected boolean
allowEncryptThenMAC()
protected boolean
allowMultiCertStatus()
protected boolean
allowTruncatedHMac()
protected boolean
allowTrustedCAIndication()
protected java.util.Hashtable
checkServerExtensions()
Deprecated.Use 'serverExtensions' directly, it is now never nullCertificateRequest
getCertificateRequest()
CertificateStatus
getCertificateStatus()
This method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello.int[]
getCipherSuites()
TlsDHConfig
getDHConfig()
TlsECConfig
getECDHConfig()
TlsPSKExternal
getExternalPSK(java.util.Vector identities)
WARNING: EXPERIMENTAL FEATURE, UNSTABLE API Return theexternal PSK
to select from the ClientHello.protected int
getMaximumNegotiableCurveBits()
protected int
getMaximumNegotiableFiniteFieldBits()
byte[]
getNewSessionID()
NewSessionTicket
getNewSessionTicket()
RFC 5077 3.3.protected java.util.Vector
getProtocolNames()
ProtocolVersion[]
getProtocolVersions()
TlsPSKIdentityManager
getPSKIdentityManager()
int
getSelectedCipherSuite()
java.util.Hashtable
getServerExtensions()
void
getServerExtensionsForConnection(java.util.Hashtable serverExtensions)
java.util.Vector
getServerSupplementalData()
ProtocolVersion
getServerVersion()
TlsSession
getSessionToResume(byte[] sessionID)
Return the specified session, if available.TlsSRPLoginParameters
getSRPLoginParameters()
int[]
getSupportedGroups()
void
init(TlsServerContext context)
protected boolean
isSelectableCipherSuite(int cipherSuite, int availCurveBits, int availFiniteFieldBits, java.util.Vector sigAlgs)
void
notifyClientCertificate(Certificate clientCertificate)
Called by the protocol handler to report the client certificate, only ifTlsServer.getCertificateRequest()
returned non-null.void
notifyClientVersion(ProtocolVersion clientVersion)
void
notifyFallback(boolean isFallback)
void
notifyHandshakeBeginning()
Notifies the peer that a new handshake is about to begin.void
notifyOfferedCipherSuites(int[] offeredCipherSuites)
void
notifySession(TlsSession session)
protected boolean
preferLocalCipherSuites()
void
processClientExtensions(java.util.Hashtable clientExtensions)
void
processClientSupplementalData(java.util.Vector clientSupplementalData)
protected boolean
selectCipherSuite(int cipherSuite)
protected int
selectDH(int minimumFiniteFieldBits)
protected int
selectDHDefault(int minimumFiniteFieldBits)
protected int
selectECDH(int minimumCurveBits)
protected int
selectECDHDefault(int minimumCurveBits)
protected ProtocolName
selectProtocolName()
protected ProtocolName
selectProtocolName(java.util.Vector clientProtocolNames, java.util.Vector serverProtocolNames)
protected boolean
shouldSelectProtocolNameEarly()
-
Methods inherited from class org.bouncycastle.tls.AbstractTlsPeer
allowLegacyResumption, cancel, getCrypto, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getPskKeyExchangeModes, getRenegotiationPolicy, getSupportedCipherSuites, getSupportedVersions, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.bouncycastle.tls.TlsPeer
allowLegacyResumption, cancel, getCrypto, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getPskKeyExchangeModes, getRenegotiationPolicy, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime
-
Methods inherited from interface org.bouncycastle.tls.TlsServer
getCredentials
-
-
-
-
Field Detail
-
context
protected TlsServerContext context
-
protocolVersions
protected ProtocolVersion[] protocolVersions
-
cipherSuites
protected int[] cipherSuites
-
offeredCipherSuites
protected int[] offeredCipherSuites
-
clientExtensions
protected java.util.Hashtable clientExtensions
-
encryptThenMACOffered
protected boolean encryptThenMACOffered
-
maxFragmentLengthOffered
protected short maxFragmentLengthOffered
-
truncatedHMacOffered
protected boolean truncatedHMacOffered
-
clientSentECPointFormats
protected boolean clientSentECPointFormats
-
certificateStatusRequest
protected CertificateStatusRequest certificateStatusRequest
-
statusRequestV2
protected java.util.Vector statusRequestV2
-
trustedCAKeys
protected java.util.Vector trustedCAKeys
-
selectedCipherSuite
protected int selectedCipherSuite
-
clientProtocolNames
protected java.util.Vector clientProtocolNames
-
selectedProtocolName
protected ProtocolName selectedProtocolName
-
serverExtensions
protected final java.util.Hashtable serverExtensions
-
-
Constructor Detail
-
AbstractTlsServer
public AbstractTlsServer(TlsCrypto crypto)
-
-
Method Detail
-
allowCertificateStatus
protected boolean allowCertificateStatus()
-
allowEncryptThenMAC
protected boolean allowEncryptThenMAC()
-
allowMultiCertStatus
protected boolean allowMultiCertStatus()
-
allowTruncatedHMac
protected boolean allowTruncatedHMac()
-
allowTrustedCAIndication
protected boolean allowTrustedCAIndication()
-
checkServerExtensions
protected java.util.Hashtable checkServerExtensions()
Deprecated.Use 'serverExtensions' directly, it is now never null
-
getMaximumNegotiableCurveBits
protected int getMaximumNegotiableCurveBits()
-
getMaximumNegotiableFiniteFieldBits
protected int getMaximumNegotiableFiniteFieldBits()
-
getProtocolNames
protected java.util.Vector getProtocolNames()
-
isSelectableCipherSuite
protected boolean isSelectableCipherSuite(int cipherSuite, int availCurveBits, int availFiniteFieldBits, java.util.Vector sigAlgs)
-
preferLocalCipherSuites
protected boolean preferLocalCipherSuites()
-
selectCipherSuite
protected boolean selectCipherSuite(int cipherSuite) throws java.io.IOException
- Throws:
java.io.IOException
-
selectDH
protected int selectDH(int minimumFiniteFieldBits)
-
selectDHDefault
protected int selectDHDefault(int minimumFiniteFieldBits)
-
selectECDH
protected int selectECDH(int minimumCurveBits)
-
selectECDHDefault
protected int selectECDHDefault(int minimumCurveBits)
-
selectProtocolName
protected ProtocolName selectProtocolName() throws java.io.IOException
- Throws:
java.io.IOException
-
selectProtocolName
protected ProtocolName selectProtocolName(java.util.Vector clientProtocolNames, java.util.Vector serverProtocolNames)
-
shouldSelectProtocolNameEarly
protected boolean shouldSelectProtocolNameEarly()
-
init
public void init(TlsServerContext context)
-
getProtocolVersions
public ProtocolVersion[] getProtocolVersions()
- Specified by:
getProtocolVersions
in interfaceTlsPeer
-
getCipherSuites
public int[] getCipherSuites()
- Specified by:
getCipherSuites
in interfaceTlsPeer
-
notifyHandshakeBeginning
public void notifyHandshakeBeginning() throws java.io.IOException
Description copied from interface:TlsPeer
Notifies the peer that a new handshake is about to begin.- Specified by:
notifyHandshakeBeginning
in interfaceTlsPeer
- Overrides:
notifyHandshakeBeginning
in classAbstractTlsPeer
- Throws:
java.io.IOException
-
getSessionToResume
public TlsSession getSessionToResume(byte[] sessionID)
Description copied from interface:TlsServer
Return the specified session, if available. Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.- Specified by:
getSessionToResume
in interfaceTlsServer
- Parameters:
sessionID
- the ID of the session to resume.- Returns:
- A
TlsSession
with the specified session ID, or null. - See Also:
SessionParameters.getPeerCertificate()
-
getNewSessionID
public byte[] getNewSessionID()
- Specified by:
getNewSessionID
in interfaceTlsServer
-
getExternalPSK
public TlsPSKExternal getExternalPSK(java.util.Vector identities)
Description copied from interface:TlsServer
WARNING: EXPERIMENTAL FEATURE, UNSTABLE API Return theexternal PSK
to select from the ClientHello. Note that this will only be called when TLS 1.3 or higher is amongst the offered protocol versions, and one or more PSKs are actually offered.- Specified by:
getExternalPSK
in interfaceTlsServer
- Parameters:
identities
- aVector
ofPskIdentity
instances.- Returns:
- the
TlsPSKExternal
corresponding to the selected identity, or null to not select any.
-
notifySession
public void notifySession(TlsSession session)
- Specified by:
notifySession
in interfaceTlsServer
-
notifyClientVersion
public void notifyClientVersion(ProtocolVersion clientVersion) throws java.io.IOException
- Specified by:
notifyClientVersion
in interfaceTlsServer
- Throws:
java.io.IOException
-
notifyFallback
public void notifyFallback(boolean isFallback) throws java.io.IOException
- Specified by:
notifyFallback
in interfaceTlsServer
- Throws:
java.io.IOException
-
notifyOfferedCipherSuites
public void notifyOfferedCipherSuites(int[] offeredCipherSuites) throws java.io.IOException
- Specified by:
notifyOfferedCipherSuites
in interfaceTlsServer
- Throws:
java.io.IOException
-
processClientExtensions
public void processClientExtensions(java.util.Hashtable clientExtensions) throws java.io.IOException
- Specified by:
processClientExtensions
in interfaceTlsServer
- Throws:
java.io.IOException
-
getServerVersion
public ProtocolVersion getServerVersion() throws java.io.IOException
- Specified by:
getServerVersion
in interfaceTlsServer
- Throws:
java.io.IOException
-
getSupportedGroups
public int[] getSupportedGroups() throws java.io.IOException
- Specified by:
getSupportedGroups
in interfaceTlsServer
- Throws:
java.io.IOException
-
getSelectedCipherSuite
public int getSelectedCipherSuite() throws java.io.IOException
- Specified by:
getSelectedCipherSuite
in interfaceTlsServer
- Throws:
java.io.IOException
-
getServerExtensions
public java.util.Hashtable getServerExtensions() throws java.io.IOException
- Specified by:
getServerExtensions
in interfaceTlsServer
- Throws:
java.io.IOException
-
getServerExtensionsForConnection
public void getServerExtensionsForConnection(java.util.Hashtable serverExtensions) throws java.io.IOException
- Specified by:
getServerExtensionsForConnection
in interfaceTlsServer
- Throws:
java.io.IOException
-
getServerSupplementalData
public java.util.Vector getServerSupplementalData() throws java.io.IOException
- Specified by:
getServerSupplementalData
in interfaceTlsServer
- Throws:
java.io.IOException
-
getCertificateStatus
public CertificateStatus getCertificateStatus() throws java.io.IOException
Description copied from interface:TlsServer
This method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello. See RFC 3546 3.6. Certificate Status Request. If a non-nullCertificateStatus
is returned, it is sent to the client as a handshake message of type "certificate_status".- Specified by:
getCertificateStatus
in interfaceTlsServer
- Returns:
- A
CertificateStatus
to be sent to the client (or null for none). - Throws:
java.io.IOException
-
getCertificateRequest
public CertificateRequest getCertificateRequest() throws java.io.IOException
- Specified by:
getCertificateRequest
in interfaceTlsServer
- Throws:
java.io.IOException
-
getPSKIdentityManager
public TlsPSKIdentityManager getPSKIdentityManager() throws java.io.IOException
- Specified by:
getPSKIdentityManager
in interfaceTlsServer
- Throws:
java.io.IOException
-
getSRPLoginParameters
public TlsSRPLoginParameters getSRPLoginParameters() throws java.io.IOException
- Specified by:
getSRPLoginParameters
in interfaceTlsServer
- Throws:
java.io.IOException
-
getDHConfig
public TlsDHConfig getDHConfig() throws java.io.IOException
- Specified by:
getDHConfig
in interfaceTlsServer
- Throws:
java.io.IOException
-
getECDHConfig
public TlsECConfig getECDHConfig() throws java.io.IOException
- Specified by:
getECDHConfig
in interfaceTlsServer
- Throws:
java.io.IOException
-
processClientSupplementalData
public void processClientSupplementalData(java.util.Vector clientSupplementalData) throws java.io.IOException
- Specified by:
processClientSupplementalData
in interfaceTlsServer
- Throws:
java.io.IOException
-
notifyClientCertificate
public void notifyClientCertificate(Certificate clientCertificate) throws java.io.IOException
Description copied from interface:TlsServer
Called by the protocol handler to report the client certificate, only ifTlsServer.getCertificateRequest()
returned non-null. Note: this method is responsible for certificate verification and validation.- Specified by:
notifyClientCertificate
in interfaceTlsServer
- Parameters:
clientCertificate
- the effective client certificate (may be an empty chain).- Throws:
java.io.IOException
-
getNewSessionTicket
public NewSessionTicket getNewSessionTicket() throws java.io.IOException
Description copied from interface:TlsServer
RFC 5077 3.3. NewSessionTicket Handshake Message.This method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077 4. Recommended Ticket Construction for recommended format and protection.
- Specified by:
getNewSessionTicket
in interfaceTlsServer
- Returns:
- The ticket.
- Throws:
java.io.IOException
-
-