Package org.bouncycastle.tls
Class AbstractTlsClient
- java.lang.Object
-
- org.bouncycastle.tls.AbstractTlsPeer
-
- org.bouncycastle.tls.AbstractTlsClient
-
- Direct Known Subclasses:
DefaultTlsClient
,PSKTlsClient
,SRPTlsClient
public abstract class AbstractTlsClient extends AbstractTlsPeer implements TlsClient
Base class for a TLS client.
-
-
Field Summary
Fields Modifier and Type Field Description protected int[]
cipherSuites
protected TlsClientContext
context
protected ProtocolVersion[]
protocolVersions
protected java.util.Vector
supportedGroups
protected java.util.Vector
supportedSignatureAlgorithms
protected java.util.Vector
supportedSignatureAlgorithmsCert
-
Constructor Summary
Constructors Constructor Description AbstractTlsClient(TlsCrypto crypto)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
allowUnexpectedServerExtension(java.lang.Integer extensionType, byte[] extensionData)
protected void
checkForUnexpectedServerExtension(java.util.Hashtable serverExtensions, java.lang.Integer extensionType)
protected java.util.Vector
getCertificateAuthorities()
protected CertificateStatusRequest
getCertificateStatusRequest()
int[]
getCipherSuites()
java.util.Hashtable
getClientExtensions()
java.util.Vector
getClientSupplementalData()
TlsDHGroupVerifier
getDHGroupVerifier()
java.util.Vector
getEarlyKeyShareGroups()
If this client is offering TLS 1.3 or higher, this method may be called to determine for which groups a key share should be included in the initial ClientHello.protected java.util.Vector
getMultiCertStatusRequest()
protected java.util.Vector
getNamedGroupRoles()
protected java.util.Vector
getProtocolNames()
ProtocolVersion[]
getProtocolVersions()
TlsPSKIdentity
getPSKIdentity()
TlsSession
getSessionToResume()
Return the session this client wants to resume, if any.protected java.util.Vector
getSNIServerNames()
TlsSRPConfigVerifier
getSRPConfigVerifier()
TlsSRPIdentity
getSRPIdentity()
protected java.util.Vector
getSupportedGroups(java.util.Vector namedGroupRoles)
The defaultgetClientExtensions()
implementation calls this to determine which named groups to include in the supported_groups extension for the ClientHello.protected java.util.Vector
getSupportedSignatureAlgorithms()
protected java.util.Vector
getSupportedSignatureAlgorithmsCert()
protected java.util.Vector
getTrustedCAIndication()
void
init(TlsClientContext context)
boolean
isFallback()
void
notifyHandshakeBeginning()
Notifies the peer that a new handshake is about to begin.void
notifyNewSessionTicket(NewSessionTicket newSessionTicket)
RFC 5077 3.3.void
notifySelectedCipherSuite(int selectedCipherSuite)
void
notifyServerVersion(ProtocolVersion serverVersion)
void
notifySessionID(byte[] sessionID)
Notifies the client of the session_id sent in the ServerHello.void
notifySessionToResume(TlsSession session)
Notifies the client of the session that will be offered in ClientHello for resumption, if any.void
processServerExtensions(java.util.Hashtable serverExtensions)
The TlsClientProtocol implementation validates that any server extensions received correspond to client extensions sent.void
processServerSupplementalData(java.util.Vector serverSupplementalData)
-
Methods inherited from class org.bouncycastle.tls.AbstractTlsPeer
allowLegacyResumption, cancel, getCrypto, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getRenegotiationPolicy, getSupportedCipherSuites, getSupportedVersions, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.bouncycastle.tls.TlsClient
getAuthentication
-
Methods inherited from interface org.bouncycastle.tls.TlsPeer
allowLegacyResumption, cancel, getCrypto, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getRenegotiationPolicy, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime
-
-
-
-
Field Detail
-
context
protected TlsClientContext context
-
protocolVersions
protected ProtocolVersion[] protocolVersions
-
cipherSuites
protected int[] cipherSuites
-
supportedGroups
protected java.util.Vector supportedGroups
-
supportedSignatureAlgorithms
protected java.util.Vector supportedSignatureAlgorithms
-
supportedSignatureAlgorithmsCert
protected java.util.Vector supportedSignatureAlgorithmsCert
-
-
Constructor Detail
-
AbstractTlsClient
public AbstractTlsClient(TlsCrypto crypto)
-
-
Method Detail
-
allowUnexpectedServerExtension
protected boolean allowUnexpectedServerExtension(java.lang.Integer extensionType, byte[] extensionData) throws java.io.IOException
- Throws:
java.io.IOException
-
getNamedGroupRoles
protected java.util.Vector getNamedGroupRoles()
-
checkForUnexpectedServerExtension
protected void checkForUnexpectedServerExtension(java.util.Hashtable serverExtensions, java.lang.Integer extensionType) throws java.io.IOException
- Throws:
java.io.IOException
-
getPSKIdentity
public TlsPSKIdentity getPSKIdentity() throws java.io.IOException
- Specified by:
getPSKIdentity
in interfaceTlsClient
- Throws:
java.io.IOException
-
getSRPIdentity
public TlsSRPIdentity getSRPIdentity() throws java.io.IOException
- Specified by:
getSRPIdentity
in interfaceTlsClient
- Throws:
java.io.IOException
-
getDHGroupVerifier
public TlsDHGroupVerifier getDHGroupVerifier()
- Specified by:
getDHGroupVerifier
in interfaceTlsClient
-
getSRPConfigVerifier
public TlsSRPConfigVerifier getSRPConfigVerifier()
- Specified by:
getSRPConfigVerifier
in interfaceTlsClient
-
getCertificateAuthorities
protected java.util.Vector getCertificateAuthorities()
-
getProtocolNames
protected java.util.Vector getProtocolNames()
-
getCertificateStatusRequest
protected CertificateStatusRequest getCertificateStatusRequest()
-
getMultiCertStatusRequest
protected java.util.Vector getMultiCertStatusRequest()
- Returns:
- a
Vector
ofCertificateStatusRequestItemV2
(or null).
-
getSNIServerNames
protected java.util.Vector getSNIServerNames()
-
getSupportedGroups
protected java.util.Vector getSupportedGroups(java.util.Vector namedGroupRoles)
The defaultgetClientExtensions()
implementation calls this to determine which named groups to include in the supported_groups extension for the ClientHello.- Parameters:
namedGroupRoles
- Thenamed group roles
for which there should be at least one supported group. By default this is inferred from the offered cipher suites and signature algorithms.- Returns:
- a
Vector
ofInteger
. SeeNamedGroup
for group constants.
-
getSupportedSignatureAlgorithms
protected java.util.Vector getSupportedSignatureAlgorithms()
-
getSupportedSignatureAlgorithmsCert
protected java.util.Vector getSupportedSignatureAlgorithmsCert()
-
getTrustedCAIndication
protected java.util.Vector getTrustedCAIndication()
-
init
public void init(TlsClientContext context)
-
getProtocolVersions
public ProtocolVersion[] getProtocolVersions()
- Specified by:
getProtocolVersions
in interfaceTlsPeer
-
getCipherSuites
public int[] getCipherSuites()
- Specified by:
getCipherSuites
in interfaceTlsPeer
-
notifyHandshakeBeginning
public void notifyHandshakeBeginning() throws java.io.IOException
Description copied from interface:TlsPeer
Notifies the peer that a new handshake is about to begin.- Specified by:
notifyHandshakeBeginning
in interfaceTlsPeer
- Overrides:
notifyHandshakeBeginning
in classAbstractTlsPeer
- Throws:
java.io.IOException
-
getSessionToResume
public TlsSession getSessionToResume()
Description copied from interface:TlsClient
Return the session this client wants to resume, if any. Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.- Specified by:
getSessionToResume
in interfaceTlsClient
- Returns:
- A
TlsSession
representing the resumable session to be used for this connection, or null to use a new session. - See Also:
SessionParameters.getPeerCertificate()
-
isFallback
public boolean isFallback()
- Specified by:
isFallback
in interfaceTlsClient
-
getClientExtensions
public java.util.Hashtable getClientExtensions() throws java.io.IOException
- Specified by:
getClientExtensions
in interfaceTlsClient
- Throws:
java.io.IOException
-
getEarlyKeyShareGroups
public java.util.Vector getEarlyKeyShareGroups()
Description copied from interface:TlsClient
If this client is offering TLS 1.3 or higher, this method may be called to determine for which groups a key share should be included in the initial ClientHello. Groups that were not included in the supported_groups extension (byTlsClient.getClientExtensions()
will be ignored. The protocol will then add a suitable key_share extension to the ClientHello extensions.- Specified by:
getEarlyKeyShareGroups
in interfaceTlsClient
- Returns:
- a
Vector
ofnamed group
values, possibly empty or null.
-
notifyServerVersion
public void notifyServerVersion(ProtocolVersion serverVersion) throws java.io.IOException
- Specified by:
notifyServerVersion
in interfaceTlsClient
- Throws:
java.io.IOException
-
notifySessionToResume
public void notifySessionToResume(TlsSession session)
Description copied from interface:TlsClient
Notifies the client of the session that will be offered in ClientHello for resumption, if any. This will be either the session returned fromTlsClient.getSessionToResume()
or null if that session was unusable. NOTE: the actual negotiated session_id is notified byTlsClient.notifySessionID(byte[])
.- Specified by:
notifySessionToResume
in interfaceTlsClient
- Parameters:
session
- TheTlsSession
representing the resumable session to be offered for this connection, or null if there is none.- See Also:
TlsClient.notifySessionID(byte[])
-
notifySessionID
public void notifySessionID(byte[] sessionID)
Description copied from interface:TlsClient
Notifies the client of the session_id sent in the ServerHello.- Specified by:
notifySessionID
in interfaceTlsClient
- See Also:
TlsContext.getSession()
-
notifySelectedCipherSuite
public void notifySelectedCipherSuite(int selectedCipherSuite)
- Specified by:
notifySelectedCipherSuite
in interfaceTlsClient
-
processServerExtensions
public void processServerExtensions(java.util.Hashtable serverExtensions) throws java.io.IOException
Description copied from interface:TlsClient
The TlsClientProtocol implementation validates that any server extensions received correspond to client extensions sent. If further processing of the server extensions is needed, it can be done in this callback. NOTE: This is not called for session resumption handshakes.- Specified by:
processServerExtensions
in interfaceTlsClient
- Parameters:
serverExtensions
- (Integer -> byte[])- Throws:
java.io.IOException
-
processServerSupplementalData
public void processServerSupplementalData(java.util.Vector serverSupplementalData) throws java.io.IOException
- Specified by:
processServerSupplementalData
in interfaceTlsClient
- Throws:
java.io.IOException
-
getClientSupplementalData
public java.util.Vector getClientSupplementalData() throws java.io.IOException
- Specified by:
getClientSupplementalData
in interfaceTlsClient
- Throws:
java.io.IOException
-
notifyNewSessionTicket
public void notifyNewSessionTicket(NewSessionTicket newSessionTicket) throws java.io.IOException
Description copied from interface:TlsClient
RFC 5077 3.3. NewSessionTicket Handshake MessageThis method will be called (only) when a NewSessionTicket handshake message is received. The ticket is opaque to the client and clients MUST NOT examine the ticket under the assumption that it complies with e.g. RFC 5077 4. Recommended Ticket Construction.
- Specified by:
notifyNewSessionTicket
in interfaceTlsClient
- Parameters:
newSessionTicket
- The ticket.- Throws:
java.io.IOException
-
-