org.bouncycastle.tls

Class AbstractTlsClient

java.lang.Object

org.bouncycastle.tls.AbstractTlsPeer

org.bouncycastle.tls.AbstractTlsClient

All Implemented Interfaces:

TlsClient, TlsPeer

Direct Known Subclasses:

DefaultTlsClient, PSKTlsClient, SRPTlsClient

public abstract class AbstractTlsClient
extends AbstractTlsPeer
implements TlsClient

Base class for a TLS client.

Field Summary

Fields

Modifier and Type	Field and Description
protected int[]	cipherSuites
protected TlsClientContext	context
protected ProtocolVersion[]	protocolVersions
protected java.util.Vector	supportedGroups
protected java.util.Vector	supportedSignatureAlgorithms
protected java.util.Vector	supportedSignatureAlgorithmsCert

Constructor Summary

Constructors

Constructor and Description
AbstractTlsClient(TlsCrypto crypto)

Method Summary

Modifier and Type	Method and Description
protected boolean	allowUnexpectedServerExtension(java.lang.Integer extensionType, byte[] extensionData)
protected void	checkForUnexpectedServerExtension(java.util.Hashtable serverExtensions, java.lang.Integer extensionType)
protected short[]	getAllowedClientCertificateTypes()
protected short[]	getAllowedServerCertificateTypes()
protected java.util.Vector	getCertificateAuthorities()
protected CertificateStatusRequest	getCertificateStatusRequest()
int[]	getCipherSuites()
java.util.Hashtable	getClientExtensions()
java.util.Vector	getClientSupplementalData()
TlsDHGroupVerifier	getDHGroupVerifier()
java.util.Vector	getEarlyKeyShareGroups() If this client is offering TLS 1.3 or higher, this method may be called to determine for which groups a key share should be included in the initial ClientHello.
java.util.Vector	getExternalPSKs() Return the external PSKs to offer in the ClientHello.
protected java.util.Vector	getMultiCertStatusRequest()
protected java.util.Vector	getNamedGroupRoles()
protected byte[]	getNewConnectionID() RFC 9146 DTLS connection ID.
protected java.util.Vector	getProtocolNames()
ProtocolVersion[]	getProtocolVersions()
TlsPSKIdentity	getPSKIdentity()
TlsSession	getSessionToResume() Return the session this client wants to resume, if any.
protected java.util.Vector	getSNIServerNames()
TlsSRPConfigVerifier	getSRPConfigVerifier()
TlsSRPIdentity	getSRPIdentity()
protected java.util.Vector	getSupportedGroups(java.util.Vector namedGroupRoles) The default getClientExtensions() implementation calls this to determine which named groups to include in the supported_groups extension for the ClientHello.
protected java.util.Vector	getSupportedSignatureAlgorithms()
protected java.util.Vector	getSupportedSignatureAlgorithmsCert()
protected java.util.Vector	getTrustedCAIndication()
void	init(TlsClientContext context)
boolean	isFallback()
void	notifyHandshakeBeginning() Notifies the peer that a new handshake is about to begin.
void	notifyNewSessionTicket(NewSessionTicket newSessionTicket) RFC 5077 3.3.
void	notifySelectedCipherSuite(int selectedCipherSuite)
void	notifySelectedPSK(TlsPSK selectedPSK)
void	notifyServerVersion(ProtocolVersion serverVersion)
void	notifySessionID(byte[] sessionID) Notifies the client of the session_id sent in the ServerHello.
void	notifySessionToResume(TlsSession session) Notifies the client of the session that will be offered in ClientHello for resumption, if any.
void	processServerExtensions(java.util.Hashtable serverExtensions) The TlsClientProtocol implementation validates that any server extensions received correspond to client extensions sent.
void	processServerSupplementalData(java.util.Vector serverSupplementalData)

Methods inherited from class org.bouncycastle.tls.AbstractTlsPeer

allowLegacyResumption, cancel, getCrypto, getHandshakeResendTimeMillis, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getPskKeyExchangeModes, getRenegotiationPolicy, getSupportedCipherSuites, getSupportedVersions, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyConnectionClosed, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.bouncycastle.tls.TlsClient

getAuthentication

Methods inherited from interface org.bouncycastle.tls.TlsPeer

allowLegacyResumption, cancel, getCrypto, getHandshakeResendTimeMillis, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getPskKeyExchangeModes, getRenegotiationPolicy, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyConnectionClosed, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime

Field Detail

context

protected TlsClientContext context

protocolVersions

protected ProtocolVersion[] protocolVersions

cipherSuites

protected int[] cipherSuites

supportedGroups

protected java.util.Vector supportedGroups

supportedSignatureAlgorithms

protected java.util.Vector supportedSignatureAlgorithms

supportedSignatureAlgorithmsCert

protected java.util.Vector supportedSignatureAlgorithmsCert

Constructor Detail

AbstractTlsClient

public AbstractTlsClient(TlsCrypto crypto)

Method Detail

allowUnexpectedServerExtension

protected boolean allowUnexpectedServerExtension(java.lang.Integer extensionType,
                                                 byte[] extensionData)
                                          throws java.io.IOException

Throws:

java.io.IOException

getNamedGroupRoles

protected java.util.Vector getNamedGroupRoles()

checkForUnexpectedServerExtension

protected void checkForUnexpectedServerExtension(java.util.Hashtable serverExtensions,
                                                 java.lang.Integer extensionType)
                                          throws java.io.IOException

Throws:

java.io.IOException

getNewConnectionID

protected byte[] getNewConnectionID()

RFC 9146 DTLS connection ID.

The default getClientExtensions() implementation calls this to get the connection_id extension the client will send. As future communication doesn't include the connection IDs length, this should either be fixed-length or include the connection ID's length. (see explanation in RFC 9146 4. "cid:")

Returns:

The connection ID to use.

getPSKIdentity

public TlsPSKIdentity getPSKIdentity()
                              throws java.io.IOException

Specified by:

getPSKIdentity in interface TlsClient

Throws:

java.io.IOException

getSRPIdentity

public TlsSRPIdentity getSRPIdentity()
                              throws java.io.IOException

Specified by:

getSRPIdentity in interface TlsClient

Throws:

java.io.IOException

getDHGroupVerifier

public TlsDHGroupVerifier getDHGroupVerifier()

Specified by:

getDHGroupVerifier in interface TlsClient

getSRPConfigVerifier

public TlsSRPConfigVerifier getSRPConfigVerifier()

Specified by:

getSRPConfigVerifier in interface TlsClient

getCertificateAuthorities

protected java.util.Vector getCertificateAuthorities()

getProtocolNames

protected java.util.Vector getProtocolNames()

getCertificateStatusRequest

protected CertificateStatusRequest getCertificateStatusRequest()

getMultiCertStatusRequest

protected java.util.Vector getMultiCertStatusRequest()

Returns:

a Vector of CertificateStatusRequestItemV2 (or null).

getSNIServerNames

protected java.util.Vector getSNIServerNames()

getSupportedGroups

protected java.util.Vector getSupportedGroups(java.util.Vector namedGroupRoles)

The default getClientExtensions() implementation calls this to determine which named groups to include in the supported_groups extension for the ClientHello.

Parameters:

namedGroupRoles - The named group roles for which there should be at least one supported group. By default this is inferred from the offered cipher suites and signature algorithms.

Returns:

a Vector of Integer. See NamedGroup for group constants.

getSupportedSignatureAlgorithms

protected java.util.Vector getSupportedSignatureAlgorithms()

getSupportedSignatureAlgorithmsCert

protected java.util.Vector getSupportedSignatureAlgorithmsCert()

getTrustedCAIndication

protected java.util.Vector getTrustedCAIndication()

getAllowedClientCertificateTypes

protected short[] getAllowedClientCertificateTypes()

getAllowedServerCertificateTypes

protected short[] getAllowedServerCertificateTypes()

init

public void init(TlsClientContext context)

Specified by:

init in interface TlsClient

getProtocolVersions

public ProtocolVersion[] getProtocolVersions()

Specified by:

getProtocolVersions in interface TlsPeer

getCipherSuites

public int[] getCipherSuites()

Specified by:

getCipherSuites in interface TlsPeer

notifyHandshakeBeginning

public void notifyHandshakeBeginning()
                              throws java.io.IOException

Description copied from interface: TlsPeer

Notifies the peer that a new handshake is about to begin.

Specified by:

notifyHandshakeBeginning in interface TlsPeer

Overrides:

notifyHandshakeBeginning in class AbstractTlsPeer

Throws:

java.io.IOException

getSessionToResume

public TlsSession getSessionToResume()

Description copied from interface: TlsClient

Return the session this client wants to resume, if any. Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.

Specified by:

getSessionToResume in interface TlsClient

Returns:

A TlsSession representing the resumable session to be used for this connection, or null to use a new session.

See Also:

SessionParameters.getPeerCertificate()

getExternalPSKs

public java.util.Vector getExternalPSKs()

Description copied from interface: TlsClient

Return the external PSKs to offer in the ClientHello. Note that this will only be called when TLS 1.3 or higher is amongst the offered protocol versions.

Specified by:

getExternalPSKs in interface TlsClient

Returns:

a Vector of TlsPSKExternal instances, or null if none should be offered.

isFallback

public boolean isFallback()

Specified by:

isFallback in interface TlsClient

getClientExtensions

public java.util.Hashtable getClientExtensions()
                                        throws java.io.IOException

Specified by:

getClientExtensions in interface TlsClient

Throws:

java.io.IOException

getEarlyKeyShareGroups

public java.util.Vector getEarlyKeyShareGroups()

Description copied from interface: TlsClient

If this client is offering TLS 1.3 or higher, this method may be called to determine for which groups a key share should be included in the initial ClientHello. Groups that were not included in the supported_groups extension (by TlsClient.getClientExtensions() will be ignored. The protocol will then add a suitable key_share extension to the ClientHello extensions.

Specified by:

getEarlyKeyShareGroups in interface TlsClient

Returns:

a Vector of named group values, possibly empty or null.

notifyServerVersion

public void notifyServerVersion(ProtocolVersion serverVersion)
                         throws java.io.IOException

Specified by:

notifyServerVersion in interface TlsClient

Throws:

java.io.IOException

notifySessionToResume

public void notifySessionToResume(TlsSession session)

Description copied from interface: TlsClient

Notifies the client of the session that will be offered in ClientHello for resumption, if any. This will be either the session returned from TlsClient.getSessionToResume() or null if that session was unusable. NOTE: the actual negotiated session_id is notified by TlsClient.notifySessionID(byte[]).

Specified by:

notifySessionToResume in interface TlsClient

Parameters:

session - The TlsSession representing the resumable session to be offered for this connection, or null if there is none.

See Also:

TlsClient.notifySessionID(byte[])

notifySessionID

public void notifySessionID(byte[] sessionID)

Description copied from interface: TlsClient

Notifies the client of the session_id sent in the ServerHello.

Specified by:

notifySessionID in interface TlsClient

See Also:

TlsContext.getSession()

notifySelectedCipherSuite

public void notifySelectedCipherSuite(int selectedCipherSuite)

Specified by:

notifySelectedCipherSuite in interface TlsClient

notifySelectedPSK

public void notifySelectedPSK(TlsPSK selectedPSK)
                       throws java.io.IOException

Specified by:

notifySelectedPSK in interface TlsClient

Throws:

java.io.IOException

processServerExtensions

public void processServerExtensions(java.util.Hashtable serverExtensions)
                             throws java.io.IOException

Description copied from interface: TlsClient

The TlsClientProtocol implementation validates that any server extensions received correspond to client extensions sent. If further processing of the server extensions is needed, it can be done in this callback. NOTE: This is not called for session resumption handshakes.

Specified by:

processServerExtensions in interface TlsClient

Parameters:

serverExtensions - (Integer -> byte[])

Throws:

java.io.IOException

processServerSupplementalData

public void processServerSupplementalData(java.util.Vector serverSupplementalData)
                                   throws java.io.IOException

Specified by:

processServerSupplementalData in interface TlsClient

Throws:

java.io.IOException

getClientSupplementalData

public java.util.Vector getClientSupplementalData()
                                           throws java.io.IOException

Specified by:

getClientSupplementalData in interface TlsClient

Throws:

java.io.IOException

notifyNewSessionTicket

public void notifyNewSessionTicket(NewSessionTicket newSessionTicket)
                            throws java.io.IOException

Description copied from interface: TlsClient

RFC 5077 3.3. NewSessionTicket Handshake Message

This method will be called (only) when a NewSessionTicket handshake message is received. The ticket is opaque to the client and clients MUST NOT examine the ticket under the assumption that it complies with e.g. RFC 5077 4. Recommended Ticket Construction.

Specified by:

notifyNewSessionTicket in interface TlsClient

Parameters:

newSessionTicket - The ticket.

Throws:

java.io.IOException