diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-22 13:50:56 +0400 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-22 13:50:56 +0400 |
| commit | bd21c5063237cec265538422e81d44cfa6e71809 (patch) | |
| tree | ca534d06f8fc62dacd0281a45bdb576f22c60b29 /core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | |
| parent | 6856192e4537b11a73d98b57f2684e7bfbb7838a (diff) | |
ChangeCipherSpec doesn't need a queue, and shouldn't have handshake
states associated with it.
Server sends ChangeCipherSpec eagerly.
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java')
| -rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | 51 |
1 files changed, 17 insertions, 34 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index 633a847e..342c343a 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -1,7 +1,6 @@ package org.bouncycastle.crypto.tls; import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -99,31 +98,6 @@ public class TlsServerProtocol return tlsServer; } - protected void handleChangeCipherSpecMessage() - throws IOException - { - switch (this.connection_state) - { - case CS_CLIENT_KEY_EXCHANGE: - { - if (this.certificateVerifyHash != null) - { - this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message); - } - // NB: Fall through to next case label - } - case CS_CERTIFICATE_VERIFY: - { - this.connection_state = CS_CLIENT_CHANGE_CIPHER_SPEC; - break; - } - default: - { - this.failWithError(AlertLevel.fatal, AlertDescription.handshake_failure); - } - } - } - protected void handleHandshakeMessage(short type, byte[] data) throws IOException { @@ -359,22 +333,30 @@ public class TlsServerProtocol { switch (this.connection_state) { - case CS_CLIENT_CHANGE_CIPHER_SPEC: + case CS_CLIENT_KEY_EXCHANGE: + { + if (this.certificateVerifyHash != null) + { + this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message); + } + // NB: Fall through to next case label + } + case CS_CERTIFICATE_VERIFY: + { processFinishedMessage(buf); this.connection_state = CS_CLIENT_FINISHED; if (this.expectSessionTicket) { sendNewSessionTicketMessage(tlsServer.getNewSessionTicket()); + sendChangeCipherSpecMessage(); } this.connection_state = CS_SERVER_SESSION_TICKET; - sendChangeCipherSpecMessage(); - this.connection_state = CS_SERVER_CHANGE_CIPHER_SPEC; - sendFinishedMessage(); this.connection_state = CS_SERVER_FINISHED; break; + } default: this.failWithError(AlertLevel.fatal, AlertDescription.unexpected_message); } @@ -611,11 +593,12 @@ public class TlsServerProtocol assertEmpty(buf); establishMasterSecret(getContext(), keyExchange); + recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher()); - /* - * Initialize our cipher suite - */ - recordStream.setPendingConnectionState(tlsServer.getCompression(), tlsServer.getCipher()); + if (!expectSessionTicket) + { + sendChangeCipherSpecMessage(); + } if (expectCertificateVerifyMessage()) { |