diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-15 15:18:41 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-15 15:18:41 +0400 |
commit | bfdd645ac1f6f828889a03fa0a3396f90879eb2d (patch) | |
tree | efade729a36e5a4eafe0d2d97fea5423aaa11ca9 /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | |
parent | 9754a8788cac61791e0ea4afe45f3a18c00d24e7 (diff) |
Basic protocol outline for certificate_status handshake messages
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | 23 |
1 files changed, 10 insertions, 13 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index d970d662..73922a49 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -15,7 +15,6 @@ import org.bouncycastle.util.Arrays; public class DTLSServerProtocol extends DTLSProtocol { - protected boolean verifyRequests = true; public DTLSServerProtocol(SecureRandom secureRandom) @@ -36,7 +35,6 @@ public class DTLSServerProtocol public DTLSTransport accept(TlsServer server, DatagramTransport transport) throws IOException { - if (server == null) { throw new IllegalArgumentException("'server' cannot be null"); @@ -83,7 +81,6 @@ public class DTLSServerProtocol public DTLSTransport serverHandshake(ServerHandshakeState state, DTLSRecordLayer recordLayer) throws IOException { - SecurityParameters securityParameters = state.serverContext.getSecurityParameters(); DTLSReliableHandshake handshake = new DTLSReliableHandshake(state.serverContext, recordLayer); @@ -133,6 +130,9 @@ public class DTLSServerProtocol state.keyExchange.init(state.serverContext); state.serverCredentials = state.server.getCredentials(); + + Certificate serverCertificate = null; + if (state.serverCredentials == null) { state.keyExchange.skipServerCredentials(); @@ -141,10 +141,16 @@ public class DTLSServerProtocol { state.keyExchange.processServerCredentials(state.serverCredentials); - byte[] certificateBody = generateCertificate(state.serverCredentials.getCertificate()); + serverCertificate = state.serverCredentials.getCertificate(); + byte[] certificateBody = generateCertificate(serverCertificate); handshake.sendMessage(HandshakeType.certificate, certificateBody); } + if (serverCertificate != null && !serverCertificate.isEmpty()) + { + // TODO[RFC 3546] Get certificate status, if any, and send + } + byte[] serverKeyExchange = state.keyExchange.generateServerKeyExchange(); if (serverKeyExchange != null) { @@ -275,7 +281,6 @@ public class DTLSServerProtocol protected byte[] generateCertificateRequest(ServerHandshakeState state, CertificateRequest certificateRequest) throws IOException { - ByteArrayOutputStream buf = new ByteArrayOutputStream(); certificateRequest.encode(buf); return buf.toByteArray(); @@ -284,7 +289,6 @@ public class DTLSServerProtocol protected byte[] generateNewSessionTicket(ServerHandshakeState state, NewSessionTicket newSessionTicket) throws IOException { - ByteArrayOutputStream buf = new ByteArrayOutputStream(); newSessionTicket.encode(buf); return buf.toByteArray(); @@ -293,7 +297,6 @@ public class DTLSServerProtocol protected byte[] generateServerHello(ServerHandshakeState state) throws IOException { - ByteArrayOutputStream buf = new ByteArrayOutputStream(); ProtocolVersion server_version = state.server.getServerVersion(); @@ -383,7 +386,6 @@ public class DTLSServerProtocol protected void notifyClientCertificate(ServerHandshakeState state, Certificate clientCertificate) throws IOException { - if (state.certificateRequest == null) { throw new IllegalStateException(); @@ -429,7 +431,6 @@ public class DTLSServerProtocol protected void processClientCertificate(ServerHandshakeState state, byte[] body) throws IOException { - ByteArrayInputStream buf = new ByteArrayInputStream(body); Certificate clientCertificate = Certificate.parse(buf); @@ -442,7 +443,6 @@ public class DTLSServerProtocol protected void processCertificateVerify(ServerHandshakeState state, byte[] body, byte[] certificateVerifyHash) throws IOException { - ByteArrayInputStream buf = new ByteArrayInputStream(body); byte[] clientCertificateSignature = TlsUtils.readOpaque16(buf); @@ -470,7 +470,6 @@ public class DTLSServerProtocol protected void processClientHello(ServerHandshakeState state, byte[] body) throws IOException { - ByteArrayInputStream buf = new ByteArrayInputStream(body); // TODO Read RFCs for guidance on the expected record layer version number @@ -586,7 +585,6 @@ public class DTLSServerProtocol protected void processClientKeyExchange(ServerHandshakeState state, byte[] body) throws IOException { - ByteArrayInputStream buf = new ByteArrayInputStream(body); state.keyExchange.processClientKeyExchange(buf); @@ -599,7 +597,6 @@ public class DTLSServerProtocol protected void processClientSupplementalData(ServerHandshakeState state, byte[] body) throws IOException { - ByteArrayInputStream buf = new ByteArrayInputStream(body); Vector clientSupplementalData = TlsProtocol.readSupplementalDataMessage(buf); state.server.processClientSupplementalData(clientSupplementalData); |