org.bouncycastle.crypto.tls

Class AbstractTlsServer

java.lang.Object

org.bouncycastle.crypto.tls.AbstractTlsPeer

org.bouncycastle.crypto.tls.AbstractTlsServer

All Implemented Interfaces:

TlsPeer, TlsServer

Direct Known Subclasses:

DefaultTlsServer, PSKTlsServer, SRPTlsServer

public abstract class AbstractTlsServer
extends AbstractTlsPeer
implements TlsServer

Field Summary

Fields

Modifier and Type	Field and Description
protected TlsCipherFactory	cipherFactory
protected short[]	clientECPointFormats
protected Hashtable	clientExtensions
protected ProtocolVersion	clientVersion
protected TlsServerContext	context
protected boolean	eccCipherSuitesOffered
protected boolean	encryptThenMACOffered
protected short	maxFragmentLengthOffered
protected int[]	namedCurves
protected int[]	offeredCipherSuites
protected short[]	offeredCompressionMethods
protected int	selectedCipherSuite
protected short	selectedCompressionMethod
protected short[]	serverECPointFormats
protected Hashtable	serverExtensions
protected ProtocolVersion	serverVersion
protected Vector	supportedSignatureAlgorithms
protected boolean	truncatedHMacOffered

Constructor Summary

Constructors

Constructor and Description
AbstractTlsServer()
AbstractTlsServer(TlsCipherFactory cipherFactory)

Method Summary

Modifier and Type	Method and Description
protected boolean	allowEncryptThenMAC()
protected boolean	allowTruncatedHMac()
protected Hashtable	checkServerExtensions()
CertificateRequest	getCertificateRequest()
CertificateStatus	getCertificateStatus() This method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello.
TlsCipher	getCipher()
protected abstract int[]	getCipherSuites()
TlsCompression	getCompression()
protected short[]	getCompressionMethods()
protected ProtocolVersion	getMaximumVersion()
protected ProtocolVersion	getMinimumVersion()
NewSessionTicket	getNewSessionTicket() RFC 5077 3.3.
int	getSelectedCipherSuite()
short	getSelectedCompressionMethod()
Hashtable	getServerExtensions()
Vector	getServerSupplementalData()
ProtocolVersion	getServerVersion()
void	init(TlsServerContext context)
void	notifyClientCertificate(Certificate clientCertificate) Called by the protocol handler to report the client certificate, only if TlsServer.getCertificateRequest() returned non-null.
void	notifyClientVersion(ProtocolVersion clientVersion)
void	notifyFallback(boolean isFallback)
void	notifyOfferedCipherSuites(int[] offeredCipherSuites)
void	notifyOfferedCompressionMethods(short[] offeredCompressionMethods)
void	processClientExtensions(Hashtable clientExtensions)
void	processClientSupplementalData(Vector clientSupplementalData)
protected boolean	supportsClientECCCapabilities(int[] namedCurves, short[] ecPointFormats)

Methods inherited from class org.bouncycastle.crypto.tls.AbstractTlsPeer

notifyAlertRaised, notifyAlertReceived, notifyHandshakeComplete, notifySecureRenegotiation, requiresExtendedMasterSecret, shouldUseGMTUnixTime

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.bouncycastle.crypto.tls.TlsServer

getCredentials, getKeyExchange

Methods inherited from interface org.bouncycastle.crypto.tls.TlsPeer

notifyAlertRaised, notifyAlertReceived, notifyHandshakeComplete, notifySecureRenegotiation, requiresExtendedMasterSecret, shouldUseGMTUnixTime

Field Detail

cipherFactory

protected TlsCipherFactory cipherFactory

context

protected TlsServerContext context

clientVersion

protected ProtocolVersion clientVersion

offeredCipherSuites

protected int[] offeredCipherSuites

offeredCompressionMethods

protected short[] offeredCompressionMethods

clientExtensions

protected Hashtable clientExtensions

encryptThenMACOffered

protected boolean encryptThenMACOffered

maxFragmentLengthOffered

protected short maxFragmentLengthOffered

truncatedHMacOffered

protected boolean truncatedHMacOffered

supportedSignatureAlgorithms

protected Vector supportedSignatureAlgorithms

eccCipherSuitesOffered

protected boolean eccCipherSuitesOffered

namedCurves

protected int[] namedCurves

clientECPointFormats

protected short[] clientECPointFormats

serverECPointFormats

protected short[] serverECPointFormats

serverVersion

protected ProtocolVersion serverVersion

selectedCipherSuite

protected int selectedCipherSuite

selectedCompressionMethod

protected short selectedCompressionMethod

serverExtensions

protected Hashtable serverExtensions

Constructor Detail

AbstractTlsServer

public AbstractTlsServer()

AbstractTlsServer

public AbstractTlsServer(TlsCipherFactory cipherFactory)

Method Detail

allowEncryptThenMAC

protected boolean allowEncryptThenMAC()

allowTruncatedHMac

protected boolean allowTruncatedHMac()

checkServerExtensions

protected Hashtable checkServerExtensions()

getCipherSuites

protected abstract int[] getCipherSuites()

getCompressionMethods

protected short[] getCompressionMethods()

getMaximumVersion

protected ProtocolVersion getMaximumVersion()

getMinimumVersion

protected ProtocolVersion getMinimumVersion()

supportsClientECCCapabilities

protected boolean supportsClientECCCapabilities(int[] namedCurves,
                                                short[] ecPointFormats)

init

public void init(TlsServerContext context)

Specified by:

init in interface TlsServer

notifyClientVersion

public void notifyClientVersion(ProtocolVersion clientVersion)
                         throws IOException

Specified by:

notifyClientVersion in interface TlsServer

Throws:

IOException

notifyFallback

public void notifyFallback(boolean isFallback)
                    throws IOException

Specified by:

notifyFallback in interface TlsServer

Throws:

IOException

notifyOfferedCipherSuites

public void notifyOfferedCipherSuites(int[] offeredCipherSuites)
                               throws IOException

Specified by:

notifyOfferedCipherSuites in interface TlsServer

Throws:

IOException

notifyOfferedCompressionMethods

public void notifyOfferedCompressionMethods(short[] offeredCompressionMethods)
                                     throws IOException

Specified by:

notifyOfferedCompressionMethods in interface TlsServer

Throws:

IOException

processClientExtensions

public void processClientExtensions(Hashtable clientExtensions)
                             throws IOException

Specified by:

processClientExtensions in interface TlsServer

Throws:

IOException

getServerVersion

public ProtocolVersion getServerVersion()
                                 throws IOException

Specified by:

getServerVersion in interface TlsServer

Throws:

IOException

getSelectedCipherSuite

public int getSelectedCipherSuite()
                           throws IOException

Specified by:

getSelectedCipherSuite in interface TlsServer

Throws:

IOException

getSelectedCompressionMethod

public short getSelectedCompressionMethod()
                                   throws IOException

Specified by:

getSelectedCompressionMethod in interface TlsServer

Throws:

IOException

getServerExtensions

public Hashtable getServerExtensions()
                              throws IOException

Specified by:

getServerExtensions in interface TlsServer

Throws:

IOException

getServerSupplementalData

public Vector getServerSupplementalData()
                                 throws IOException

Specified by:

getServerSupplementalData in interface TlsServer

Throws:

IOException

getCertificateStatus

public CertificateStatus getCertificateStatus()
                                       throws IOException

Description copied from interface: TlsServer

This method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello. See RFC 3546 3.6. Certificate Status Request. If a non-null CertificateStatus is returned, it is sent to the client as a handshake message of type "certificate_status".

Specified by:

getCertificateStatus in interface TlsServer

Returns:

A CertificateStatus to be sent to the client (or null for none).

Throws:

IOException

getCertificateRequest

public CertificateRequest getCertificateRequest()
                                         throws IOException

Specified by:

getCertificateRequest in interface TlsServer

Throws:

IOException

processClientSupplementalData

public void processClientSupplementalData(Vector clientSupplementalData)
                                   throws IOException

Specified by:

processClientSupplementalData in interface TlsServer

Throws:

IOException

notifyClientCertificate

public void notifyClientCertificate(Certificate clientCertificate)
                             throws IOException

Description copied from interface: TlsServer

Called by the protocol handler to report the client certificate, only if TlsServer.getCertificateRequest() returned non-null. Note: this method is responsible for certificate verification and validation.

Specified by:

notifyClientCertificate in interface TlsServer

Parameters:

clientCertificate - the effective client certificate (may be an empty chain).

Throws:

IOException

getCompression

public TlsCompression getCompression()
                              throws IOException

Specified by:

getCompression in interface TlsPeer

Throws:

IOException

getCipher

public TlsCipher getCipher()
                    throws IOException

Specified by:

getCipher in interface TlsPeer

Throws:

IOException

getNewSessionTicket

public NewSessionTicket getNewSessionTicket()
                                     throws IOException

Description copied from interface: TlsServer

RFC 5077 3.3. NewSessionTicket Handshake Message.

This method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077 4. Recommended Ticket Construction for recommended format and protection.

Specified by:

getNewSessionTicket in interface TlsServer

Returns:

The ticket.

Throws:

IOException