diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-16 09:13:25 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-16 09:13:25 +0400 |
commit | 0d63885e9fc432eec6de3256123d7839fdaf37af (patch) | |
tree | d0b6a4f15ed6ff4b7e89e407124e937b8c2ffeb7 /core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | |
parent | 992abcbfa5b7d03cda1bbdafbc792146473601c1 (diff) |
Track whether or not a certificate_status message is allowed
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index 1cbcfdb6..82216f17 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -17,7 +17,6 @@ import org.bouncycastle.util.Arrays; public class TlsServerProtocol extends TlsProtocol { - protected TlsServer tlsServer = null; protected TlsServerContextImpl tlsServerContext = null; @@ -51,7 +50,6 @@ public class TlsServerProtocol public void accept(TlsServer tlsServer) throws IOException { - if (tlsServer == null) { throw new IllegalArgumentException("'tlsServer' cannot be null"); @@ -91,7 +89,6 @@ public class TlsServerProtocol protected void handleChangeCipherSpecMessage() throws IOException { - switch (this.connection_state) { case CS_CLIENT_KEY_EXCHANGE: @@ -117,7 +114,6 @@ public class TlsServerProtocol protected void handleHandshakeMessage(short type, byte[] data) throws IOException { - ByteArrayInputStream buf = new ByteArrayInputStream(data); switch (type) @@ -176,10 +172,22 @@ public class TlsServerProtocol } this.connection_state = CS_SERVER_CERTIFICATE; - if (serverCertificate != null && !serverCertificate.isEmpty()) + // TODO[RFC 3546] Check whether empty certificates is possible, allowed, or excludes CertificateStatus + if (serverCertificate == null || serverCertificate.isEmpty()) + { + this.allowCertificateStatus = false; + } + + if (this.allowCertificateStatus) { // TODO[RFC 3546] Get certificate status, if any, and send + CertificateStatus certificateStatus = null; //tlsServer.getCertificateStatus(); + if (certificateStatus != null) + { +// sendCertificateStatusMessage(certificateStatus); + } } + this.connection_state = CS_CERTIFICATE_STATUS; byte[] serverKeyExchange = this.keyExchange.generateServerKeyExchange(); @@ -346,7 +354,7 @@ public class TlsServerProtocol processFinishedMessage(buf); this.connection_state = CS_CLIENT_FINISHED; - if (expectSessionTicket) + if (this.expectSessionTicket) { sendNewSessionTicketMessage(tlsServer.getNewSessionTicket()); } @@ -404,7 +412,6 @@ public class TlsServerProtocol protected void notifyClientCertificate(Certificate clientCertificate) throws IOException { - if (certificateRequest == null) { throw new IllegalStateException(); @@ -450,7 +457,6 @@ public class TlsServerProtocol protected void receiveCertificateMessage(ByteArrayInputStream buf) throws IOException { - Certificate clientCertificate = Certificate.parse(buf); assertEmpty(buf); @@ -461,7 +467,6 @@ public class TlsServerProtocol protected void receiveCertificateVerifyMessage(ByteArrayInputStream buf) throws IOException { - byte[] clientCertificateSignature = TlsUtils.readOpaque16(buf); assertEmpty(buf); @@ -487,7 +492,6 @@ public class TlsServerProtocol protected void receiveClientHelloMessage(ByteArrayInputStream buf) throws IOException { - ProtocolVersion client_version = TlsUtils.readVersion(buf); if (client_version.isDTLS()) { @@ -596,7 +600,6 @@ public class TlsServerProtocol protected void receiveClientKeyExchangeMessage(ByteArrayInputStream buf) throws IOException { - this.keyExchange.processClientKeyExchange(buf); assertEmpty(buf); @@ -617,7 +620,6 @@ public class TlsServerProtocol protected void sendCertificateRequestMessage(CertificateRequest certificateRequest) throws IOException { - ByteArrayOutputStream buf = new ByteArrayOutputStream(); TlsUtils.writeUint8(HandshakeType.certificate_request, buf); @@ -636,7 +638,6 @@ public class TlsServerProtocol protected void sendNewSessionTicketMessage(NewSessionTicket newSessionTicket) throws IOException { - if (newSessionTicket == null) { throw new TlsFatalAlert(AlertDescription.internal_error); @@ -660,7 +661,6 @@ public class TlsServerProtocol protected void sendServerHelloMessage() throws IOException { - ByteArrayOutputStream buf = new ByteArrayOutputStream(); TlsUtils.writeUint8(HandshakeType.server_hello, buf); @@ -740,7 +740,10 @@ public class TlsServerProtocol if (this.serverExtensions != null) { + // TODO[RFC 3546] Should this code check that the 'extension_data' is empty? + this.allowCertificateStatus = serverExtensions.containsKey(TlsExtensionsUtils.EXT_status_request); this.expectSessionTicket = serverExtensions.containsKey(EXT_SessionTicket); + writeExtensions(buf, this.serverExtensions); } @@ -755,7 +758,6 @@ public class TlsServerProtocol protected void sendServerHelloDoneMessage() throws IOException { - byte[] message = new byte[4]; TlsUtils.writeUint8(HandshakeType.server_hello_done, message, 0); TlsUtils.writeUint24(0, message, 1); |