Call TlsServer.getCertificateStatus, if applicable, and send

certificate_status handshake message accordingly

1 files changed, 20 insertions, 3 deletions

diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java
index 82216f17..fef6de3e 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java
@@ -180,11 +180,10 @@ public class TlsServerProtocol
 
                 if (this.allowCertificateStatus)
                 {
-                    // TODO[RFC 3546] Get certificate status, if any, and send
-                    CertificateStatus certificateStatus = null; //tlsServer.getCertificateStatus();
+                    CertificateStatus certificateStatus = tlsServer.getCertificateStatus();
                     if (certificateStatus != null)
                     {
-//                        sendCertificateStatusMessage(certificateStatus);
+                        sendCertificateStatusMessage(certificateStatus);
                     }
                 }
 
@@ -635,6 +634,24 @@ public class TlsServerProtocol
         safeWriteRecord(ContentType.handshake, message, 0, message.length);
     }
 
+    protected void sendCertificateStatusMessage(CertificateStatus certificateStatus)
+        throws IOException
+    {
+        ByteArrayOutputStream buf = new ByteArrayOutputStream();
+        TlsUtils.writeUint8(HandshakeType.certificate_status, buf);
+
+        // Reserve space for length
+        TlsUtils.writeUint24(0, buf);
+
+        certificateStatus.encode(buf);
+        byte[] message = buf.toByteArray();
+
+        // Patch actual length back in
+        TlsUtils.writeUint24(message.length - 4, message, 1);
+
+        safeWriteRecord(ContentType.handshake, message, 0, message.length);
+    }
+
     protected void sendNewSessionTicketMessage(NewSessionTicket newSessionTicket)
         throws IOException
     {