Package org.bouncycastle.crypto.tls

Class TlsProtocol

    • Field Detail

      • EXT_RenegotiationInfo

        protected static final java.lang.Integer EXT_RenegotiationInfo

      • EXT_SessionTicket

        protected static final java.lang.Integer EXT_SessionTicket

      • CS_SERVER_SUPPLEMENTAL_DATA

        protected static final short CS_SERVER_SUPPLEMENTAL_DATA
        See Also:
        Constant Field Values

      • CS_SERVER_CERTIFICATE

        protected static final short CS_SERVER_CERTIFICATE
        See Also:
        Constant Field Values

      • CS_CERTIFICATE_STATUS

        protected static final short CS_CERTIFICATE_STATUS
        See Also:
        Constant Field Values

      • CS_SERVER_KEY_EXCHANGE

        protected static final short CS_SERVER_KEY_EXCHANGE
        See Also:
        Constant Field Values

      • CS_CERTIFICATE_REQUEST

        protected static final short CS_CERTIFICATE_REQUEST
        See Also:
        Constant Field Values

      • CS_SERVER_HELLO_DONE

        protected static final short CS_SERVER_HELLO_DONE
        See Also:
        Constant Field Values

      • CS_CLIENT_SUPPLEMENTAL_DATA

        protected static final short CS_CLIENT_SUPPLEMENTAL_DATA
        See Also:
        Constant Field Values

      • CS_CLIENT_CERTIFICATE

        protected static final short CS_CLIENT_CERTIFICATE
        See Also:
        Constant Field Values

      • CS_CLIENT_KEY_EXCHANGE

        protected static final short CS_CLIENT_KEY_EXCHANGE
        See Also:
        Constant Field Values

      • CS_CERTIFICATE_VERIFY

        protected static final short CS_CERTIFICATE_VERIFY
        See Also:
        Constant Field Values

      • CS_SERVER_SESSION_TICKET

        protected static final short CS_SERVER_SESSION_TICKET
        See Also:
        Constant Field Values

      • ADS_MODE_0_N_FIRSTONLY

        protected static final short ADS_MODE_0_N_FIRSTONLY
        See Also:
        Constant Field Values

      • secureRandom

        protected java.security.SecureRandom secureRandom

      • peerCertificate

        protected Certificate peerCertificate

      • offeredCipherSuites

        protected int[] offeredCipherSuites

      • offeredCompressionMethods

        protected short[] offeredCompressionMethods

      • clientExtensions

        protected java.util.Hashtable clientExtensions

      • serverExtensions

        protected java.util.Hashtable serverExtensions

      • connection_state

        protected short connection_state

      • resumedSession

        protected boolean resumedSession

      • receivedChangeCipherSpec

        protected boolean receivedChangeCipherSpec

      • secure_renegotiation

        protected boolean secure_renegotiation

      • allowCertificateStatus

        protected boolean allowCertificateStatus

      • expectSessionTicket

        protected boolean expectSessionTicket

      • blocking

        protected boolean blocking

    • Constructor Detail

      • TlsProtocol

        public TlsProtocol​(java.io.InputStream input,
                   java.io.OutputStream output,
                   java.security.SecureRandom secureRandom)

      • TlsProtocol

        public TlsProtocol​(java.security.SecureRandom secureRandom)

    • Method Detail

      • getContext

        protected abstract TlsContext getContext()

      • getPeer

        protected abstract TlsPeer getPeer()

      • handleAlertMessage

        protected void handleAlertMessage​(short alertLevel,
                                  short alertDescription)
                           throws java.io.IOException
        Throws:
        java.io.IOException

      • handleAlertWarningMessage

        protected void handleAlertWarningMessage​(short alertDescription)
                                  throws java.io.IOException
        Throws:
        java.io.IOException

      • handleChangeCipherSpecMessage

        protected void handleChangeCipherSpecMessage()
                                      throws java.io.IOException
        Throws:
        java.io.IOException

      • handleClose

        protected void handleClose​(boolean user_canceled)
                    throws java.io.IOException
        Throws:
        java.io.IOException

      • handleException

        protected void handleException​(short alertDescription,
                               java.lang.String message,
                               java.lang.Throwable cause)
                        throws java.io.IOException
        Throws:
        java.io.IOException

      • handleFailure

        protected void handleFailure()

      • handleHandshakeMessage

        protected abstract void handleHandshakeMessage​(short type,
                                               java.io.ByteArrayInputStream buf)
                                        throws java.io.IOException
        Throws:
        java.io.IOException

      • applyMaxFragmentLengthExtension

        protected void applyMaxFragmentLengthExtension()
                                        throws java.io.IOException
        Throws:
        java.io.IOException

      • checkReceivedChangeCipherSpec

        protected void checkReceivedChangeCipherSpec​(boolean expected)
                                      throws java.io.IOException
        Throws:
        java.io.IOException

      • cleanupHandshake

        protected void cleanupHandshake()

      • blockForHandshake

        protected void blockForHandshake()
                          throws java.io.IOException
        Throws:
        java.io.IOException

      • completeHandshake

        protected void completeHandshake()
                          throws java.io.IOException
        Throws:
        java.io.IOException

      • processRecord

        protected void processRecord​(short protocol,
                             byte[] buf,
                             int off,
                             int len)
                      throws java.io.IOException
        Throws:
        java.io.IOException

      • applicationDataAvailable

        protected int applicationDataAvailable()

      • readApplicationData

        protected int readApplicationData​(byte[] buf,
                                  int offset,
                                  int len)
                           throws java.io.IOException
        Read data from the network. The method will return immediately, if there is still some data left in the buffer, or block until some application data has been read from the network.
        Parameters:
        buf - The buffer where the data will be copied to.
        offset - The position where the data will be placed in the buffer.
        len - The maximum number of bytes to read.
        Returns:
        The number of bytes read.
        Throws:
        java.io.IOException - If something goes wrong during reading data.

      • safeCheckRecordHeader

        protected void safeCheckRecordHeader​(byte[] recordHeader)
                              throws java.io.IOException
        Throws:
        java.io.IOException

      • safeReadRecord

        protected void safeReadRecord()
                       throws java.io.IOException
        Throws:
        java.io.IOException

      • safeWriteRecord

        protected void safeWriteRecord​(short type,
                               byte[] buf,
                               int offset,
                               int len)
                        throws java.io.IOException
        Throws:
        java.io.IOException

      • writeData

        protected void writeData​(byte[] buf,
                         int offset,
                         int len)
                  throws java.io.IOException
        Send some application data to the remote system.

        The method will handle fragmentation internally.

        Parameters:
        buf - The buffer with the data.
        offset - The position in the buffer where the data is placed.
        len - The length of the data.
        Throws:
        java.io.IOException - If something goes wrong during sending.

      • setAppDataSplitMode

        protected void setAppDataSplitMode​(int appDataSplitMode)

      • writeHandshakeMessage

        protected void writeHandshakeMessage​(byte[] buf,
                                     int off,
                                     int len)
                              throws java.io.IOException
        Throws:
        java.io.IOException

      • getOutputStream

        public java.io.OutputStream getOutputStream()
        Returns:
        An OutputStream which can be used to send data. Only allowed in blocking mode.

      • getInputStream

        public java.io.InputStream getInputStream()
        Returns:
        An InputStream which can be used to read data. Only allowed in blocking mode.

      • closeInput

        public void closeInput()
                throws java.io.IOException
        Should be called in non-blocking mode when the input data reaches EOF.
        Throws:
        java.io.IOException

      • offerInput

        public void offerInput​(byte[] input)
                throws java.io.IOException
        Offer input from an arbitrary source. Only allowed in non-blocking mode.

        After this method returns, the input buffer is "owned" by this object. Other code must not attempt to do anything with it.

        This method will decrypt and process all records that are fully available. If only part of a record is available, the buffer will be retained until the remainder of the record is offered.

        If any records containing application data were processed, the decrypted data can be obtained using readInput(byte[], int, int). If any records containing protocol data were processed, a response may have been generated. You should always check to see if there is any available output after calling this method by calling getAvailableOutputBytes().
        Parameters:
        input - The input buffer to offer
        Throws:
        java.io.IOException - If an error occurs while decrypting or processing a record

      • getAvailableInputBytes

        public int getAvailableInputBytes()
        Gets the amount of received application data. A call to readInput(byte[], int, int) is guaranteed to be able to return at least this much data.

        Only allowed in non-blocking mode.
        Returns:
        The number of bytes of available application data

      • readInput

        public int readInput​(byte[] buffer,
                     int offset,
                     int length)
        Retrieves received application data. Use getAvailableInputBytes() to check how much application data is currently available. This method functions similarly to InputStream.read(byte[], int, int), except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

        Only allowed in non-blocking mode.
        Parameters:
        buffer - The buffer to hold the application data
        offset - The start offset in the buffer at which the data is written
        length - The maximum number of bytes to read
        Returns:
        The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.

      • offerOutput

        public void offerOutput​(byte[] buffer,
                        int offset,
                        int length)
                 throws java.io.IOException
        Offer output from an arbitrary source. Only allowed in non-blocking mode.

        After this method returns, the specified section of the buffer will have been processed. Use readOutput(byte[], int, int) to get the bytes to transmit to the other peer.

        This method must not be called until after the handshake is complete! Attempting to call it before the handshake is complete will result in an exception.
        Parameters:
        buffer - The buffer containing application data to encrypt
        offset - The offset at which to begin reading data
        length - The number of bytes of data to read
        Throws:
        java.io.IOException - If an error occurs encrypting the data, or the handshake is not complete

      • getAvailableOutputBytes

        public int getAvailableOutputBytes()
        Gets the amount of encrypted data available to be sent. A call to readOutput(byte[], int, int) is guaranteed to be able to return at least this much data.

        Only allowed in non-blocking mode.
        Returns:
        The number of bytes of available encrypted data

      • readOutput

        public int readOutput​(byte[] buffer,
                      int offset,
                      int length)
        Retrieves encrypted data to be sent. Use getAvailableOutputBytes() to check how much encrypted data is currently available. This method functions similarly to InputStream.read(byte[], int, int), except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

        Only allowed in non-blocking mode.
        Parameters:
        buffer - The buffer to hold the encrypted data
        offset - The start offset in the buffer at which the data is written
        length - The maximum number of bytes to read
        Returns:
        The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.

      • invalidateSession

        protected void invalidateSession()

      • processFinishedMessage

        protected void processFinishedMessage​(java.io.ByteArrayInputStream buf)
                               throws java.io.IOException
        Throws:
        java.io.IOException

      • raiseAlertFatal

        protected void raiseAlertFatal​(short alertDescription,
                               java.lang.String message,
                               java.lang.Throwable cause)
                        throws java.io.IOException
        Throws:
        java.io.IOException

      • raiseAlertWarning

        protected void raiseAlertWarning​(short alertDescription,
                                 java.lang.String message)
                          throws java.io.IOException
        Throws:
        java.io.IOException

      • sendCertificateMessage

        protected void sendCertificateMessage​(Certificate certificate)
                               throws java.io.IOException
        Throws:
        java.io.IOException

      • sendChangeCipherSpecMessage

        protected void sendChangeCipherSpecMessage()
                                    throws java.io.IOException
        Throws:
        java.io.IOException

      • sendFinishedMessage

        protected void sendFinishedMessage()
                            throws java.io.IOException
        Throws:
        java.io.IOException

      • sendSupplementalDataMessage

        protected void sendSupplementalDataMessage​(java.util.Vector supplementalData)
                                    throws java.io.IOException
        Throws:
        java.io.IOException

      • createVerifyData

        protected byte[] createVerifyData​(boolean isServer)

      • close

        public void close()
           throws java.io.IOException
        Closes this connection.
        Throws:
        java.io.IOException - If something goes wrong during closing.

      • flush

        protected void flush()
              throws java.io.IOException
        Throws:
        java.io.IOException

      • isClosed

        public boolean isClosed()

      • processMaxFragmentLengthExtension

        protected short processMaxFragmentLengthExtension​(java.util.Hashtable clientExtensions,
                                                  java.util.Hashtable serverExtensions,
                                                  short alertDescription)
                                           throws java.io.IOException
        Throws:
        java.io.IOException

      • refuseRenegotiation

        protected void refuseRenegotiation()
                            throws java.io.IOException
        Throws:
        java.io.IOException

      • assertEmpty

        protected static void assertEmpty​(java.io.ByteArrayInputStream buf)
                           throws java.io.IOException
        Make sure the InputStream 'buf' now empty. Fail otherwise.
        Parameters:
        buf - The InputStream to check.
        Throws:
        java.io.IOException - If 'buf' is not empty.

      • createRandomBlock

        protected static byte[] createRandomBlock​(boolean useGMTUnixTime,
                                          RandomGenerator randomGenerator)

      • createRenegotiationInfo

        protected static byte[] createRenegotiationInfo​(byte[] renegotiated_connection)
                                         throws java.io.IOException
        Throws:
        java.io.IOException

      • establishMasterSecret

        protected static void establishMasterSecret​(TlsContext context,
                                            TlsKeyExchange keyExchange)
                                     throws java.io.IOException
        Throws:
        java.io.IOException

      • getCurrentPRFHash

        protected static byte[] getCurrentPRFHash​(TlsContext context,
                                          TlsHandshakeHash handshakeHash,
                                          byte[] sslSender)
        'sender' only relevant to SSLv3

      • readExtensions

        protected static java.util.Hashtable readExtensions​(java.io.ByteArrayInputStream input)
                                             throws java.io.IOException
        Throws:
        java.io.IOException

      • readSupplementalDataMessage

        protected static java.util.Vector readSupplementalDataMessage​(java.io.ByteArrayInputStream input)
                                                       throws java.io.IOException
        Throws:
        java.io.IOException

      • writeExtensions

        protected static void writeExtensions​(java.io.OutputStream output,
                                      java.util.Hashtable extensions)
                               throws java.io.IOException
        Throws:
        java.io.IOException

      • writeSelectedExtensions

        protected static void writeSelectedExtensions​(java.io.OutputStream output,
                                              java.util.Hashtable extensions,
                                              boolean selectEmpty)
                                       throws java.io.IOException
        Throws:
        java.io.IOException

      • writeSupplementalData

        protected static void writeSupplementalData​(java.io.OutputStream output,
                                            java.util.Vector supplementalData)
                                     throws java.io.IOException
        Throws:
        java.io.IOException

      • getPRFAlgorithm

        protected static int getPRFAlgorithm​(TlsContext context,
                                     int ciphersuite)
                              throws java.io.IOException
        Throws:
        java.io.IOException