Package org.bouncycastle.crypto.tls
Class TlsProtocol
- java.lang.Object
-
- org.bouncycastle.crypto.tls.TlsProtocol
-
- Direct Known Subclasses:
TlsClientProtocol
,TlsServerProtocol
public abstract class TlsProtocol extends java.lang.Object
-
-
Field Summary
Fields Modifier and Type Field Description protected static short
ADS_MODE_0_N
protected static short
ADS_MODE_0_N_FIRSTONLY
protected static short
ADS_MODE_1_Nsub1
protected boolean
allowCertificateStatus
protected boolean
blocking
protected java.util.Hashtable
clientExtensions
protected short
connection_state
protected static short
CS_CERTIFICATE_REQUEST
protected static short
CS_CERTIFICATE_STATUS
protected static short
CS_CERTIFICATE_VERIFY
protected static short
CS_CLIENT_CERTIFICATE
protected static short
CS_CLIENT_FINISHED
protected static short
CS_CLIENT_HELLO
protected static short
CS_CLIENT_KEY_EXCHANGE
protected static short
CS_CLIENT_SUPPLEMENTAL_DATA
protected static short
CS_END
protected static short
CS_SERVER_CERTIFICATE
protected static short
CS_SERVER_FINISHED
protected static short
CS_SERVER_HELLO
protected static short
CS_SERVER_HELLO_DONE
protected static short
CS_SERVER_KEY_EXCHANGE
protected static short
CS_SERVER_SESSION_TICKET
protected static short
CS_SERVER_SUPPLEMENTAL_DATA
protected static short
CS_START
protected boolean
expectSessionTicket
protected static java.lang.Integer
EXT_RenegotiationInfo
protected static java.lang.Integer
EXT_SessionTicket
protected ByteQueueInputStream
inputBuffers
protected int[]
offeredCipherSuites
protected short[]
offeredCompressionMethods
protected ByteQueueOutputStream
outputBuffer
protected Certificate
peerCertificate
protected boolean
receivedChangeCipherSpec
protected boolean
resumedSession
protected boolean
secure_renegotiation
protected java.security.SecureRandom
secureRandom
protected SecurityParameters
securityParameters
protected java.util.Hashtable
serverExtensions
protected SessionParameters
sessionParameters
protected TlsSession
tlsSession
-
Constructor Summary
Constructors Constructor Description TlsProtocol(java.io.InputStream input, java.io.OutputStream output, java.security.SecureRandom secureRandom)
TlsProtocol(java.security.SecureRandom secureRandom)
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected int
applicationDataAvailable()
protected void
applyMaxFragmentLengthExtension()
protected static void
assertEmpty(java.io.ByteArrayInputStream buf)
Make sure the InputStream 'buf' now empty.protected void
blockForHandshake()
protected void
checkReceivedChangeCipherSpec(boolean expected)
protected void
cleanupHandshake()
void
close()
Closes this connection.void
closeInput()
Should be called in non-blocking mode when the input data reaches EOF.protected void
completeHandshake()
protected static byte[]
createRandomBlock(boolean useGMTUnixTime, RandomGenerator randomGenerator)
protected static byte[]
createRenegotiationInfo(byte[] renegotiated_connection)
protected byte[]
createVerifyData(boolean isServer)
protected static void
establishMasterSecret(TlsContext context, TlsKeyExchange keyExchange)
protected void
flush()
int
getAvailableInputBytes()
Gets the amount of received application data.int
getAvailableOutputBytes()
Gets the amount of encrypted data available to be sent.protected abstract TlsContext
getContext()
protected static byte[]
getCurrentPRFHash(TlsContext context, TlsHandshakeHash handshakeHash, byte[] sslSender)
'sender' only relevant to SSLv3java.io.InputStream
getInputStream()
java.io.OutputStream
getOutputStream()
protected abstract TlsPeer
getPeer()
protected static int
getPRFAlgorithm(TlsContext context, int ciphersuite)
protected void
handleAlertMessage(short alertLevel, short alertDescription)
protected void
handleAlertWarningMessage(short alertDescription)
protected void
handleChangeCipherSpecMessage()
protected void
handleClose(boolean user_canceled)
protected void
handleException(short alertDescription, java.lang.String message, java.lang.Throwable cause)
protected void
handleFailure()
protected abstract void
handleHandshakeMessage(short type, java.io.ByteArrayInputStream buf)
protected void
invalidateSession()
boolean
isClosed()
void
offerInput(byte[] input)
Offer input from an arbitrary source.void
offerOutput(byte[] buffer, int offset, int length)
Offer output from an arbitrary source.protected void
processFinishedMessage(java.io.ByteArrayInputStream buf)
protected short
processMaxFragmentLengthExtension(java.util.Hashtable clientExtensions, java.util.Hashtable serverExtensions, short alertDescription)
protected void
processRecord(short protocol, byte[] buf, int off, int len)
protected void
raiseAlertFatal(short alertDescription, java.lang.String message, java.lang.Throwable cause)
protected void
raiseAlertWarning(short alertDescription, java.lang.String message)
protected int
readApplicationData(byte[] buf, int offset, int len)
Read data from the network.protected static java.util.Hashtable
readExtensions(java.io.ByteArrayInputStream input)
int
readInput(byte[] buffer, int offset, int length)
Retrieves received application data.int
readOutput(byte[] buffer, int offset, int length)
Retrieves encrypted data to be sent.protected static java.util.Vector
readSupplementalDataMessage(java.io.ByteArrayInputStream input)
protected void
refuseRenegotiation()
protected void
safeCheckRecordHeader(byte[] recordHeader)
protected void
safeReadRecord()
protected void
safeWriteRecord(short type, byte[] buf, int offset, int len)
protected void
sendCertificateMessage(Certificate certificate)
protected void
sendChangeCipherSpecMessage()
protected void
sendFinishedMessage()
protected void
sendSupplementalDataMessage(java.util.Vector supplementalData)
protected void
setAppDataSplitMode(int appDataSplitMode)
protected void
writeData(byte[] buf, int offset, int len)
Send some application data to the remote system.protected static void
writeExtensions(java.io.OutputStream output, java.util.Hashtable extensions)
protected void
writeHandshakeMessage(byte[] buf, int off, int len)
protected static void
writeSelectedExtensions(java.io.OutputStream output, java.util.Hashtable extensions, boolean selectEmpty)
protected static void
writeSupplementalData(java.io.OutputStream output, java.util.Vector supplementalData)
-
-
-
Field Detail
-
EXT_RenegotiationInfo
protected static final java.lang.Integer EXT_RenegotiationInfo
-
EXT_SessionTicket
protected static final java.lang.Integer EXT_SessionTicket
-
CS_START
protected static final short CS_START
- See Also:
- Constant Field Values
-
CS_CLIENT_HELLO
protected static final short CS_CLIENT_HELLO
- See Also:
- Constant Field Values
-
CS_SERVER_HELLO
protected static final short CS_SERVER_HELLO
- See Also:
- Constant Field Values
-
CS_SERVER_SUPPLEMENTAL_DATA
protected static final short CS_SERVER_SUPPLEMENTAL_DATA
- See Also:
- Constant Field Values
-
CS_SERVER_CERTIFICATE
protected static final short CS_SERVER_CERTIFICATE
- See Also:
- Constant Field Values
-
CS_CERTIFICATE_STATUS
protected static final short CS_CERTIFICATE_STATUS
- See Also:
- Constant Field Values
-
CS_SERVER_KEY_EXCHANGE
protected static final short CS_SERVER_KEY_EXCHANGE
- See Also:
- Constant Field Values
-
CS_CERTIFICATE_REQUEST
protected static final short CS_CERTIFICATE_REQUEST
- See Also:
- Constant Field Values
-
CS_SERVER_HELLO_DONE
protected static final short CS_SERVER_HELLO_DONE
- See Also:
- Constant Field Values
-
CS_CLIENT_SUPPLEMENTAL_DATA
protected static final short CS_CLIENT_SUPPLEMENTAL_DATA
- See Also:
- Constant Field Values
-
CS_CLIENT_CERTIFICATE
protected static final short CS_CLIENT_CERTIFICATE
- See Also:
- Constant Field Values
-
CS_CLIENT_KEY_EXCHANGE
protected static final short CS_CLIENT_KEY_EXCHANGE
- See Also:
- Constant Field Values
-
CS_CERTIFICATE_VERIFY
protected static final short CS_CERTIFICATE_VERIFY
- See Also:
- Constant Field Values
-
CS_CLIENT_FINISHED
protected static final short CS_CLIENT_FINISHED
- See Also:
- Constant Field Values
-
CS_SERVER_SESSION_TICKET
protected static final short CS_SERVER_SESSION_TICKET
- See Also:
- Constant Field Values
-
CS_SERVER_FINISHED
protected static final short CS_SERVER_FINISHED
- See Also:
- Constant Field Values
-
CS_END
protected static final short CS_END
- See Also:
- Constant Field Values
-
ADS_MODE_1_Nsub1
protected static final short ADS_MODE_1_Nsub1
- See Also:
- Constant Field Values
-
ADS_MODE_0_N
protected static final short ADS_MODE_0_N
- See Also:
- Constant Field Values
-
ADS_MODE_0_N_FIRSTONLY
protected static final short ADS_MODE_0_N_FIRSTONLY
- See Also:
- Constant Field Values
-
secureRandom
protected java.security.SecureRandom secureRandom
-
tlsSession
protected TlsSession tlsSession
-
sessionParameters
protected SessionParameters sessionParameters
-
securityParameters
protected SecurityParameters securityParameters
-
peerCertificate
protected Certificate peerCertificate
-
offeredCipherSuites
protected int[] offeredCipherSuites
-
offeredCompressionMethods
protected short[] offeredCompressionMethods
-
clientExtensions
protected java.util.Hashtable clientExtensions
-
serverExtensions
protected java.util.Hashtable serverExtensions
-
connection_state
protected short connection_state
-
resumedSession
protected boolean resumedSession
-
receivedChangeCipherSpec
protected boolean receivedChangeCipherSpec
-
secure_renegotiation
protected boolean secure_renegotiation
-
allowCertificateStatus
protected boolean allowCertificateStatus
-
expectSessionTicket
protected boolean expectSessionTicket
-
blocking
protected boolean blocking
-
inputBuffers
protected ByteQueueInputStream inputBuffers
-
outputBuffer
protected ByteQueueOutputStream outputBuffer
-
-
Method Detail
-
getContext
protected abstract TlsContext getContext()
-
getPeer
protected abstract TlsPeer getPeer()
-
handleAlertMessage
protected void handleAlertMessage(short alertLevel, short alertDescription) throws java.io.IOException
- Throws:
java.io.IOException
-
handleAlertWarningMessage
protected void handleAlertWarningMessage(short alertDescription) throws java.io.IOException
- Throws:
java.io.IOException
-
handleChangeCipherSpecMessage
protected void handleChangeCipherSpecMessage() throws java.io.IOException
- Throws:
java.io.IOException
-
handleClose
protected void handleClose(boolean user_canceled) throws java.io.IOException
- Throws:
java.io.IOException
-
handleException
protected void handleException(short alertDescription, java.lang.String message, java.lang.Throwable cause) throws java.io.IOException
- Throws:
java.io.IOException
-
handleFailure
protected void handleFailure()
-
handleHandshakeMessage
protected abstract void handleHandshakeMessage(short type, java.io.ByteArrayInputStream buf) throws java.io.IOException
- Throws:
java.io.IOException
-
applyMaxFragmentLengthExtension
protected void applyMaxFragmentLengthExtension() throws java.io.IOException
- Throws:
java.io.IOException
-
checkReceivedChangeCipherSpec
protected void checkReceivedChangeCipherSpec(boolean expected) throws java.io.IOException
- Throws:
java.io.IOException
-
cleanupHandshake
protected void cleanupHandshake()
-
blockForHandshake
protected void blockForHandshake() throws java.io.IOException
- Throws:
java.io.IOException
-
completeHandshake
protected void completeHandshake() throws java.io.IOException
- Throws:
java.io.IOException
-
processRecord
protected void processRecord(short protocol, byte[] buf, int off, int len) throws java.io.IOException
- Throws:
java.io.IOException
-
applicationDataAvailable
protected int applicationDataAvailable()
-
readApplicationData
protected int readApplicationData(byte[] buf, int offset, int len) throws java.io.IOException
Read data from the network. The method will return immediately, if there is still some data left in the buffer, or block until some application data has been read from the network.- Parameters:
buf
- The buffer where the data will be copied to.offset
- The position where the data will be placed in the buffer.len
- The maximum number of bytes to read.- Returns:
- The number of bytes read.
- Throws:
java.io.IOException
- If something goes wrong during reading data.
-
safeCheckRecordHeader
protected void safeCheckRecordHeader(byte[] recordHeader) throws java.io.IOException
- Throws:
java.io.IOException
-
safeReadRecord
protected void safeReadRecord() throws java.io.IOException
- Throws:
java.io.IOException
-
safeWriteRecord
protected void safeWriteRecord(short type, byte[] buf, int offset, int len) throws java.io.IOException
- Throws:
java.io.IOException
-
writeData
protected void writeData(byte[] buf, int offset, int len) throws java.io.IOException
Send some application data to the remote system.The method will handle fragmentation internally.
- Parameters:
buf
- The buffer with the data.offset
- The position in the buffer where the data is placed.len
- The length of the data.- Throws:
java.io.IOException
- If something goes wrong during sending.
-
setAppDataSplitMode
protected void setAppDataSplitMode(int appDataSplitMode)
-
writeHandshakeMessage
protected void writeHandshakeMessage(byte[] buf, int off, int len) throws java.io.IOException
- Throws:
java.io.IOException
-
getOutputStream
public java.io.OutputStream getOutputStream()
- Returns:
- An OutputStream which can be used to send data. Only allowed in blocking mode.
-
getInputStream
public java.io.InputStream getInputStream()
- Returns:
- An InputStream which can be used to read data. Only allowed in blocking mode.
-
closeInput
public void closeInput() throws java.io.IOException
Should be called in non-blocking mode when the input data reaches EOF.- Throws:
java.io.IOException
-
offerInput
public void offerInput(byte[] input) throws java.io.IOException
Offer input from an arbitrary source. Only allowed in non-blocking mode.
After this method returns, the input buffer is "owned" by this object. Other code must not attempt to do anything with it.
This method will decrypt and process all records that are fully available. If only part of a record is available, the buffer will be retained until the remainder of the record is offered.
If any records containing application data were processed, the decrypted data can be obtained usingreadInput(byte[], int, int)
. If any records containing protocol data were processed, a response may have been generated. You should always check to see if there is any available output after calling this method by callinggetAvailableOutputBytes()
.- Parameters:
input
- The input buffer to offer- Throws:
java.io.IOException
- If an error occurs while decrypting or processing a record
-
getAvailableInputBytes
public int getAvailableInputBytes()
Gets the amount of received application data. A call toreadInput(byte[], int, int)
is guaranteed to be able to return at least this much data.
Only allowed in non-blocking mode.- Returns:
- The number of bytes of available application data
-
readInput
public int readInput(byte[] buffer, int offset, int length)
Retrieves received application data. UsegetAvailableInputBytes()
to check how much application data is currently available. This method functions similarly toInputStream.read(byte[], int, int)
, except that it never blocks. If no data is available, nothing will be copied and zero will be returned.
Only allowed in non-blocking mode.- Parameters:
buffer
- The buffer to hold the application dataoffset
- The start offset in the buffer at which the data is writtenlength
- The maximum number of bytes to read- Returns:
- The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.
-
offerOutput
public void offerOutput(byte[] buffer, int offset, int length) throws java.io.IOException
Offer output from an arbitrary source. Only allowed in non-blocking mode.
After this method returns, the specified section of the buffer will have been processed. UsereadOutput(byte[], int, int)
to get the bytes to transmit to the other peer.
This method must not be called until after the handshake is complete! Attempting to call it before the handshake is complete will result in an exception.- Parameters:
buffer
- The buffer containing application data to encryptoffset
- The offset at which to begin reading datalength
- The number of bytes of data to read- Throws:
java.io.IOException
- If an error occurs encrypting the data, or the handshake is not complete
-
getAvailableOutputBytes
public int getAvailableOutputBytes()
Gets the amount of encrypted data available to be sent. A call toreadOutput(byte[], int, int)
is guaranteed to be able to return at least this much data.
Only allowed in non-blocking mode.- Returns:
- The number of bytes of available encrypted data
-
readOutput
public int readOutput(byte[] buffer, int offset, int length)
Retrieves encrypted data to be sent. UsegetAvailableOutputBytes()
to check how much encrypted data is currently available. This method functions similarly toInputStream.read(byte[], int, int)
, except that it never blocks. If no data is available, nothing will be copied and zero will be returned.
Only allowed in non-blocking mode.- Parameters:
buffer
- The buffer to hold the encrypted dataoffset
- The start offset in the buffer at which the data is writtenlength
- The maximum number of bytes to read- Returns:
- The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.
-
invalidateSession
protected void invalidateSession()
-
processFinishedMessage
protected void processFinishedMessage(java.io.ByteArrayInputStream buf) throws java.io.IOException
- Throws:
java.io.IOException
-
raiseAlertFatal
protected void raiseAlertFatal(short alertDescription, java.lang.String message, java.lang.Throwable cause) throws java.io.IOException
- Throws:
java.io.IOException
-
raiseAlertWarning
protected void raiseAlertWarning(short alertDescription, java.lang.String message) throws java.io.IOException
- Throws:
java.io.IOException
-
sendCertificateMessage
protected void sendCertificateMessage(Certificate certificate) throws java.io.IOException
- Throws:
java.io.IOException
-
sendChangeCipherSpecMessage
protected void sendChangeCipherSpecMessage() throws java.io.IOException
- Throws:
java.io.IOException
-
sendFinishedMessage
protected void sendFinishedMessage() throws java.io.IOException
- Throws:
java.io.IOException
-
sendSupplementalDataMessage
protected void sendSupplementalDataMessage(java.util.Vector supplementalData) throws java.io.IOException
- Throws:
java.io.IOException
-
createVerifyData
protected byte[] createVerifyData(boolean isServer)
-
close
public void close() throws java.io.IOException
Closes this connection.- Throws:
java.io.IOException
- If something goes wrong during closing.
-
flush
protected void flush() throws java.io.IOException
- Throws:
java.io.IOException
-
isClosed
public boolean isClosed()
-
processMaxFragmentLengthExtension
protected short processMaxFragmentLengthExtension(java.util.Hashtable clientExtensions, java.util.Hashtable serverExtensions, short alertDescription) throws java.io.IOException
- Throws:
java.io.IOException
-
refuseRenegotiation
protected void refuseRenegotiation() throws java.io.IOException
- Throws:
java.io.IOException
-
assertEmpty
protected static void assertEmpty(java.io.ByteArrayInputStream buf) throws java.io.IOException
Make sure the InputStream 'buf' now empty. Fail otherwise.- Parameters:
buf
- The InputStream to check.- Throws:
java.io.IOException
- If 'buf' is not empty.
-
createRandomBlock
protected static byte[] createRandomBlock(boolean useGMTUnixTime, RandomGenerator randomGenerator)
-
createRenegotiationInfo
protected static byte[] createRenegotiationInfo(byte[] renegotiated_connection) throws java.io.IOException
- Throws:
java.io.IOException
-
establishMasterSecret
protected static void establishMasterSecret(TlsContext context, TlsKeyExchange keyExchange) throws java.io.IOException
- Throws:
java.io.IOException
-
getCurrentPRFHash
protected static byte[] getCurrentPRFHash(TlsContext context, TlsHandshakeHash handshakeHash, byte[] sslSender)
'sender' only relevant to SSLv3
-
readExtensions
protected static java.util.Hashtable readExtensions(java.io.ByteArrayInputStream input) throws java.io.IOException
- Throws:
java.io.IOException
-
readSupplementalDataMessage
protected static java.util.Vector readSupplementalDataMessage(java.io.ByteArrayInputStream input) throws java.io.IOException
- Throws:
java.io.IOException
-
writeExtensions
protected static void writeExtensions(java.io.OutputStream output, java.util.Hashtable extensions) throws java.io.IOException
- Throws:
java.io.IOException
-
writeSelectedExtensions
protected static void writeSelectedExtensions(java.io.OutputStream output, java.util.Hashtable extensions, boolean selectEmpty) throws java.io.IOException
- Throws:
java.io.IOException
-
writeSupplementalData
protected static void writeSupplementalData(java.io.OutputStream output, java.util.Vector supplementalData) throws java.io.IOException
- Throws:
java.io.IOException
-
getPRFAlgorithm
protected static int getPRFAlgorithm(TlsContext context, int ciphersuite) throws java.io.IOException
- Throws:
java.io.IOException
-
-