org.bouncycastle.tls

Class AbstractTlsPeer

java.lang.Object

org.bouncycastle.tls.AbstractTlsPeer

All Implemented Interfaces:

TlsPeer

Direct Known Subclasses:

AbstractTlsClient, AbstractTlsServer

public abstract class AbstractTlsPeer
extends java.lang.Object
implements TlsPeer

Base class for a TLS client or server.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AbstractTlsPeer(TlsCrypto crypto)

Method Summary

Modifier and Type	Method and Description
TlsCrypto	getCrypto()
TlsKeyExchangeFactory	getKeyExchangeFactory()
int	getRenegotiationPolicy() WARNING: EXPERIMENTAL FEATURE Return this peer's policy on renegotiation requests from the remote peer.
ProtocolVersion[]	getSupportedVersions()
void	notifyAlertRaised(short alertLevel, short alertDescription, java.lang.String message, java.lang.Throwable cause) This method will be called when an alert is raised by the protocol.
void	notifyAlertReceived(short alertLevel, short alertDescription) This method will be called when an alert is received from the remote peer.
void	notifyHandshakeBeginning() Notifies the peer that a new handshake is about to begin.
void	notifyHandshakeComplete() Notifies the peer that the handshake has been successfully completed.
void	notifySecureRenegotiation(boolean secureRenegotiation)
boolean	requiresExtendedMasterSecret() This implementation supports RFC 7627 and will always negotiate the extended_master_secret extension where possible.
boolean	shouldCheckSigAlgOfPeerCerts() Controls whether the protocol will check the 'signatureAlgorithm' of received certificates as specified in RFC 5246 7.4.2, 7.4.4, 7.4.6 and similar rules for earlier TLS versions.
boolean	shouldUseExtendedPadding() See RFC 5246 6.2.3.2.
boolean	shouldUseGMTUnixTime() draft-mathewson-no-gmtunixtime-00 2.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractTlsPeer

protected AbstractTlsPeer(TlsCrypto crypto)

Method Detail

getCrypto

public TlsCrypto getCrypto()

Specified by:

getCrypto in interface TlsPeer

notifyHandshakeBeginning

public void notifyHandshakeBeginning()
                              throws java.io.IOException

Description copied from interface: TlsPeer

Notifies the peer that a new handshake is about to begin.

Specified by:

notifyHandshakeBeginning in interface TlsPeer

Throws:

java.io.IOException

getSupportedVersions

public ProtocolVersion[] getSupportedVersions()

Specified by:

getSupportedVersions in interface TlsPeer

requiresExtendedMasterSecret

public boolean requiresExtendedMasterSecret()

Description copied from interface: TlsPeer

This implementation supports RFC 7627 and will always negotiate the extended_master_secret extension where possible. When connecting to a peer that does not offer/accept this extension, it is recommended to abort the handshake. This option is provided for interoperability with legacy peers, although some TLS features will be disabled in that case (see RFC 7627 5.4).

Specified by:

requiresExtendedMasterSecret in interface TlsPeer

Returns:

true if the handshake should be aborted when the peer does not negotiate the extended_master_secret extension, or false to support legacy interoperability.

shouldCheckSigAlgOfPeerCerts

public boolean shouldCheckSigAlgOfPeerCerts()

Description copied from interface: TlsPeer

Controls whether the protocol will check the 'signatureAlgorithm' of received certificates as specified in RFC 5246 7.4.2, 7.4.4, 7.4.6 and similar rules for earlier TLS versions. We recommend to enable these checks, but this option is provided for cases where the default checks are for some reason too strict.

Specified by:

shouldCheckSigAlgOfPeerCerts in interface TlsPeer

Returns:

true if the 'signatureAlgorithm' of received certificates should be checked, or false to skip those checks.

shouldUseExtendedPadding

public boolean shouldUseExtendedPadding()

Description copied from interface: TlsPeer

See RFC 5246 6.2.3.2. Controls whether block cipher encryption may randomly add extra padding beyond the minimum. Note that in configurations where this is known to be potential security risk this setting will be ignored (and extended padding disabled). Extra padding is always supported when decrypting received records.

Specified by:

shouldUseExtendedPadding in interface TlsPeer

Returns:

true if random extra padding should be added during block cipher encryption, or false to always use the minimum amount of required padding.

shouldUseGMTUnixTime

public boolean shouldUseGMTUnixTime()

Description copied from interface: TlsPeer

draft-mathewson-no-gmtunixtime-00 2. "If existing users of a TLS implementation may rely on gmt_unix_time containing the current time, we recommend that implementors MAY provide the ability to set gmt_unix_time as an option only, off by default."

Specified by:

shouldUseGMTUnixTime in interface TlsPeer

Returns:

true if the current time should be used in the gmt_unix_time field of Random, or false if gmt_unix_time should contain a cryptographically random value.

notifySecureRenegotiation

public void notifySecureRenegotiation(boolean secureRenegotiation)
                               throws java.io.IOException

Specified by:

notifySecureRenegotiation in interface TlsPeer

Throws:

java.io.IOException

getKeyExchangeFactory

public TlsKeyExchangeFactory getKeyExchangeFactory()
                                            throws java.io.IOException

Specified by:

getKeyExchangeFactory in interface TlsPeer

Throws:

java.io.IOException

notifyAlertRaised

public void notifyAlertRaised(short alertLevel,
                              short alertDescription,
                              java.lang.String message,
                              java.lang.Throwable cause)

Description copied from interface: TlsPeer

This method will be called when an alert is raised by the protocol.

Specified by:

notifyAlertRaised in interface TlsPeer

Parameters:

alertLevel - AlertLevel

alertDescription - AlertDescription

message - A human-readable message explaining what caused this alert. May be null.

cause - The Throwable that caused this alert to be raised. May be null.

notifyAlertReceived

public void notifyAlertReceived(short alertLevel,
                                short alertDescription)

Description copied from interface: TlsPeer

This method will be called when an alert is received from the remote peer.

Specified by:

notifyAlertReceived in interface TlsPeer

Parameters:

alertLevel - AlertLevel

alertDescription - AlertDescription

notifyHandshakeComplete

public void notifyHandshakeComplete()
                             throws java.io.IOException

Description copied from interface: TlsPeer

Notifies the peer that the handshake has been successfully completed.

Specified by:

notifyHandshakeComplete in interface TlsPeer

Throws:

java.io.IOException

getRenegotiationPolicy

public int getRenegotiationPolicy()

Description copied from interface: TlsPeer

WARNING: EXPERIMENTAL FEATURE Return this peer's policy on renegotiation requests from the remote peer. This will be called only outside of ongoing handshakes, either when a remote server has sent a hello_request, or a remote client has sent a new ClientHello, and only when the requirements for secure renegotiation (including those of RFC 5746) have been met.

Specified by:

getRenegotiationPolicy in interface TlsPeer

Returns:

The RenegotiationPolicy constant corresponding to the desired policy.

See Also:

RenegotiationPolicy