diff options
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java')
| -rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java b/core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java new file mode 100644 index 00000000..a338c388 --- /dev/null +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java @@ -0,0 +1,75 @@ +package org.bouncycastle.crypto.tls; + +import java.io.IOException; + +import org.bouncycastle.crypto.InvalidCipherTextException; +import org.bouncycastle.crypto.encodings.PKCS1Encoding; +import org.bouncycastle.crypto.engines.RSABlindedEngine; +import org.bouncycastle.crypto.params.AsymmetricKeyParameter; +import org.bouncycastle.crypto.params.ParametersWithRandom; +import org.bouncycastle.crypto.params.RSAKeyParameters; + +public class DefaultTlsEncryptionCredentials + implements TlsEncryptionCredentials +{ + protected TlsContext context; + protected Certificate certificate; + protected AsymmetricKeyParameter privateKey; + + public DefaultTlsEncryptionCredentials(TlsContext context, Certificate certificate, + AsymmetricKeyParameter privateKey) + { + if (certificate == null) + { + throw new IllegalArgumentException("'certificate' cannot be null"); + } + if (certificate.isEmpty()) + { + throw new IllegalArgumentException("'certificate' cannot be empty"); + } + if (privateKey == null) + { + throw new IllegalArgumentException("'privateKey' cannot be null"); + } + if (!privateKey.isPrivate()) + { + throw new IllegalArgumentException("'privateKey' must be private"); + } + + if (privateKey instanceof RSAKeyParameters) + { + } + else + { + throw new IllegalArgumentException("'privateKey' type not supported: " + + privateKey.getClass().getName()); + } + + this.context = context; + this.certificate = certificate; + this.privateKey = privateKey; + } + + public Certificate getCertificate() + { + return certificate; + } + + public byte[] decryptPreMasterSecret(byte[] encryptedPreMasterSecret) + throws IOException + { + + PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine()); + encoding.init(false, new ParametersWithRandom(this.privateKey, context.getSecureRandom())); + + try + { + return encoding.processBlock(encryptedPreMasterSecret, 0, + encryptedPreMasterSecret.length); + } + catch (InvalidCipherTextException e) + { + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + } +} |