diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-19 16:52:32 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-19 16:52:32 +0400 |
commit | 86055ae8e8dedac6a0391090233aa26531d010cd (patch) | |
tree | 46437c254292afc6c912bd010203ac8ec0d71fb5 /core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java | |
parent | ee17e30b822c0f27717f5652e224e98f33ce67f5 (diff) |
Add supported_signature_algorithms field to CertificateRequest for TLS
1.2
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java | 60 |
1 files changed, 40 insertions, 20 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java b/core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java index 00bf9508..540d6d6a 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java @@ -25,8 +25,9 @@ import org.bouncycastle.asn1.x500.X500Name; */ public class CertificateRequest { - private short[] certificateTypes; - private Vector certificateAuthorities; + protected short[] certificateTypes; + protected Vector supportedSignatureAlgorithms; + protected Vector certificateAuthorities; /* * TODO RFC 5264 7.4.4 A list of the hash/signature algorithm pairs that the server is able to @@ -37,9 +38,10 @@ public class CertificateRequest * @param certificateTypes see {@link ClientCertificateType} for valid constants. * @param certificateAuthorities a {@link Vector} of {@link X500Name}. */ - public CertificateRequest(short[] certificateTypes, Vector certificateAuthorities) + public CertificateRequest(short[] certificateTypes, Vector supportedSignatureAlgorithms, Vector certificateAuthorities) { this.certificateTypes = certificateTypes; + this.supportedSignatureAlgorithms = supportedSignatureAlgorithms; this.certificateAuthorities = certificateAuthorities; } @@ -53,6 +55,14 @@ public class CertificateRequest } /** + * @return a {@link Vector} of {@link SignatureAndHashAlgorithm} (or null before TLS 1.2). + */ + public Vector getSupportedSignatureAlgorithms() + { + return supportedSignatureAlgorithms; + } + + /** * @return a {@link Vector} of {@link X500Name} */ public Vector getCertificateAuthorities() @@ -69,7 +79,6 @@ public class CertificateRequest public void encode(OutputStream output) throws IOException { - if (certificateTypes == null || certificateTypes.length == 0) { TlsUtils.writeUint8((short)0, output); @@ -80,28 +89,33 @@ public class CertificateRequest TlsUtils.writeUint8Array(certificateTypes, output); } + if (supportedSignatureAlgorithms != null) + { + // TODO Check whether SignatureAlgorithm.anonymous is allowed here + TlsUtils.encodeSupportedSignatureAlgorithms(supportedSignatureAlgorithms, false, output); + } + if (certificateAuthorities == null || certificateAuthorities.isEmpty()) { TlsUtils.writeUint16(0, output); } else { - - Vector encDNs = new Vector(certificateAuthorities.size()); + Vector derEncodings = new Vector(certificateAuthorities.size()); int totalLength = 0; for (int i = 0; i < certificateAuthorities.size(); ++i) { - X500Name authorityDN = (X500Name)certificateAuthorities.elementAt(i); - byte[] encDN = authorityDN.getEncoded(ASN1Encoding.DER); - encDNs.addElement(encDN); - totalLength += encDN.length; + X500Name certificateAuthority = (X500Name)certificateAuthorities.elementAt(i); + byte[] derEncoding = certificateAuthority.getEncoded(ASN1Encoding.DER); + derEncodings.addElement(derEncoding); + totalLength += derEncoding.length; } TlsUtils.writeUint16(totalLength, output); - for (int i = 0; i < encDNs.size(); ++i) + for (int i = 0; i < derEncodings.size(); ++i) { - byte[] encDN = (byte[])encDNs.elementAt(i); + byte[] encDN = (byte[])derEncodings.elementAt(i); output.write(encDN); } } @@ -114,7 +128,7 @@ public class CertificateRequest * @return a {@link CertificateRequest} object. * @throws IOException */ - public static CertificateRequest parse(InputStream input) + public static CertificateRequest parse(TlsContext context, InputStream input) throws IOException { int numTypes = TlsUtils.readUint8(input); @@ -124,17 +138,23 @@ public class CertificateRequest certificateTypes[i] = TlsUtils.readUint8(input); } - byte[] authorities = TlsUtils.readOpaque16(input); - - Vector authorityDNs = new Vector(); + Vector supportedSignatureAlgorithms = null; + if (TlsUtils.isTLSv12(context)) + { + // TODO Check whether SignatureAlgorithm.anonymous is allowed here + supportedSignatureAlgorithms = TlsUtils.parseSupportedSignatureAlgorithms(false, input); + } - ByteArrayInputStream bis = new ByteArrayInputStream(authorities); + Vector certificateAuthorities = new Vector(); + byte[] certAuthData = TlsUtils.readOpaque16(input); + ByteArrayInputStream bis = new ByteArrayInputStream(certAuthData); while (bis.available() > 0) { - byte[] dnBytes = TlsUtils.readOpaque16(bis); - authorityDNs.addElement(X500Name.getInstance(ASN1Primitive.fromByteArray(dnBytes))); + byte[] derEncoding = TlsUtils.readOpaque16(bis); + ASN1Primitive asn1 = TlsUtils.readASN1Object(derEncoding); + certificateAuthorities.addElement(X500Name.getInstance(asn1)); } - return new CertificateRequest(certificateTypes, authorityDNs); + return new CertificateRequest(certificateTypes, supportedSignatureAlgorithms, certificateAuthorities); } } |