diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-19 15:12:59 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-19 15:12:59 +0400 |
commit | 14fa6ce5353addb53e5199c4de8e1cc307ceb9b1 (patch) | |
tree | 8aaa616d0cd51aff25630c1c08c0fbef8bba6e29 /core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java | |
parent | 839f4b348a9e576992a37b8e68caa368460a6e36 (diff) |
Use explicit DigitallySigned struct instead of simple signature
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java index 40adfa15..9c200ed5 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java @@ -334,14 +334,14 @@ public class TlsClientProtocol if (clientCreds != null && clientCreds instanceof TlsSignerCredentials) { - /* - * TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm - * prepended from TLS 1.2 - */ TlsSignerCredentials signerCreds = (TlsSignerCredentials)clientCreds; byte[] md5andsha1 = recordStream.getCurrentHash(null); - byte[] clientCertificateSignature = signerCreds.generateCertificateSignature(md5andsha1); - sendCertificateVerifyMessage(clientCertificateSignature); + byte[] signature = signerCreds.generateCertificateSignature(md5andsha1); + /* + * TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 + */ + DigitallySigned certificateVerify = new DigitallySigned(null, signature); + sendCertificateVerifyMessage(certificateVerify); this.connection_state = CS_CERTIFICATE_VERIFY; } @@ -650,18 +650,22 @@ public class TlsClientProtocol } } - protected void sendCertificateVerifyMessage(byte[] data) + protected void sendCertificateVerifyMessage(DigitallySigned certificateVerify) throws IOException { - /* - * Send signature of handshake messages so far to prove we are the owner of the cert See RFC - * 2246 sections 4.7, 7.4.3 and 7.4.8 - */ - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - TlsUtils.writeUint8(HandshakeType.certificate_verify, bos); - TlsUtils.writeUint24(data.length + 2, bos); - TlsUtils.writeOpaque16(data, bos); - byte[] message = bos.toByteArray(); + ByteArrayOutputStream buf = new ByteArrayOutputStream(); + + TlsUtils.writeUint8(HandshakeType.certificate_verify, buf); + + // Reserve space for length + TlsUtils.writeUint24(0, buf); + + certificateVerify.encode(buf); + + byte[] message = buf.toByteArray(); + + // Patch actual length back in + TlsUtils.writeUint24(message.length - 4, message, 1); safeWriteRecord(ContentType.handshake, message, 0, message.length); } |