Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java')
-rw-r--r--src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java149
1 files changed, 104 insertions, 45 deletions
diff --git a/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java b/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java
index b97528da..35ab9fbf 100644
--- a/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java
+++ b/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java
@@ -4,7 +4,10 @@ import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;
-public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsServer {
+public abstract class AbstractTlsServer
+ extends AbstractTlsPeer
+ implements TlsServer
+{
protected TlsCipherFactory cipherFactory;
@@ -25,33 +28,40 @@ public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsSe
protected short selectedCompressionMethod;
protected Hashtable serverExtensions;
- public AbstractTlsServer() {
+ public AbstractTlsServer()
+ {
this(new DefaultTlsCipherFactory());
}
- public AbstractTlsServer(TlsCipherFactory cipherFactory) {
+ public AbstractTlsServer(TlsCipherFactory cipherFactory)
+ {
this.cipherFactory = cipherFactory;
}
protected abstract int[] getCipherSuites();
- protected short[] getCompressionMethods() {
- return new short[] { CompressionMethod._null };
+ protected short[] getCompressionMethods()
+ {
+ return new short[]{CompressionMethod._null};
}
- protected ProtocolVersion getMaximumVersion() {
+ protected ProtocolVersion getMaximumVersion()
+ {
return ProtocolVersion.TLSv11;
}
- protected ProtocolVersion getMinimumVersion() {
+ protected ProtocolVersion getMinimumVersion()
+ {
return ProtocolVersion.TLSv10;
}
- protected boolean supportsClientECCCapabilities(int[] namedCurves, short[] ecPointFormats) {
+ protected boolean supportsClientECCCapabilities(int[] namedCurves, short[] ecPointFormats)
+ {
// NOTE: BC supports all the current set of point formats so we don't check them here
- if (namedCurves == null) {
+ if (namedCurves == null)
+ {
/*
* RFC 4492 4. A client that proposes ECC cipher suites may choose not to include these
* extensions. In this case, the server is free to choose any one of the elliptic curves
@@ -60,9 +70,11 @@ public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsSe
return TlsECCUtils.hasAnySupportedNamedCurves();
}
- for (int i = 0; i < namedCurves.length; ++i) {
+ for (int i = 0; i < namedCurves.length; ++i)
+ {
int namedCurve = namedCurves[i];
- if (!NamedCurve.refersToASpecificNamedCurve(namedCurve) || TlsECCUtils.isSupportedNamedCurve(namedCurve)) {
+ if (!NamedCurve.refersToASpecificNamedCurve(namedCurve) || TlsECCUtils.isSupportedNamedCurve(namedCurve))
+ {
return true;
}
}
@@ -70,25 +82,35 @@ public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsSe
return false;
}
- public void init(TlsServerContext context) {
+ public void init(TlsServerContext context)
+ {
this.context = context;
}
- public void notifyClientVersion(ProtocolVersion clientVersion) throws IOException {
+ public void notifyClientVersion(ProtocolVersion clientVersion)
+ throws IOException
+ {
this.clientVersion = clientVersion;
}
- public void notifyOfferedCipherSuites(int[] offeredCipherSuites) throws IOException {
+ public void notifyOfferedCipherSuites(int[] offeredCipherSuites)
+ throws IOException
+ {
this.offeredCipherSuites = offeredCipherSuites;
this.eccCipherSuitesOffered = TlsECCUtils.containsECCCipherSuites(this.offeredCipherSuites);
}
- public void notifyOfferedCompressionMethods(short[] offeredCompressionMethods) throws IOException {
+ public void notifyOfferedCompressionMethods(short[] offeredCompressionMethods)
+ throws IOException
+ {
this.offeredCompressionMethods = offeredCompressionMethods;
}
- public void notifySecureRenegotiation(boolean secureRenegotiation) throws IOException {
- if (!secureRenegotiation) {
+ public void notifySecureRenegotiation(boolean secureRenegotiation)
+ throws IOException
+ {
+ if (!secureRenegotiation)
+ {
/*
* RFC 5746 3.6. In this case, some servers may want to terminate the handshake instead
* of continuing; see Section 4.3 for discussion.
@@ -97,19 +119,24 @@ public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsSe
}
}
- public void processClientExtensions(Hashtable clientExtensions) throws IOException {
+ public void processClientExtensions(Hashtable clientExtensions)
+ throws IOException
+ {
this.clientExtensions = clientExtensions;
- if (clientExtensions != null) {
+ if (clientExtensions != null)
+ {
this.supportedSignatureAlgorithms = TlsUtils.getSignatureAlgorithmsExtension(clientExtensions);
- if (this.supportedSignatureAlgorithms != null) {
+ if (this.supportedSignatureAlgorithms != null)
+ {
/*
* RFC 5246 7.4.1.4.1. Note: this extension is not meaningful for TLS versions prior
* to 1.2. Clients MUST NOT offer it if they are offering prior versions.
*/
- if (!TlsUtils.isSignatureAlgorithmsExtensionAllowed(clientVersion)) {
+ if (!TlsUtils.isSignatureAlgorithmsExtensionAllowed(clientVersion))
+ {
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
}
@@ -122,25 +149,33 @@ public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsSe
* RFC 4429 4. The client MUST NOT include these extensions in the ClientHello message if it
* does not propose any ECC cipher suites.
*/
- if (!this.eccCipherSuitesOffered && (this.namedCurves != null || this.clientECPointFormats != null)) {
+ if (!this.eccCipherSuitesOffered && (this.namedCurves != null || this.clientECPointFormats != null))
+ {
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
}
- public ProtocolVersion getServerVersion() throws IOException {
- if (getMinimumVersion().isEqualOrEarlierVersionOf(clientVersion)) {
+ public ProtocolVersion getServerVersion()
+ throws IOException
+ {
+ if (getMinimumVersion().isEqualOrEarlierVersionOf(clientVersion))
+ {
ProtocolVersion maximumVersion = getMaximumVersion();
- if (clientVersion.isEqualOrEarlierVersionOf(maximumVersion)) {
+ if (clientVersion.isEqualOrEarlierVersionOf(maximumVersion))
+ {
return serverVersion = clientVersion;
}
- if (clientVersion.isLaterVersionOf(maximumVersion)) {
+ if (clientVersion.isLaterVersionOf(maximumVersion))
+ {
return serverVersion = maximumVersion;
}
}
throw new TlsFatalAlert(AlertDescription.protocol_version);
}
- public int getSelectedCipherSuite() throws IOException {
+ public int getSelectedCipherSuite()
+ throws IOException
+ {
/*
* TODO RFC 5246 7.4.3. In order to negotiate correctly, the server MUST check any candidate
@@ -159,20 +194,26 @@ public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsSe
boolean eccCipherSuitesEnabled = supportsClientECCCapabilities(this.namedCurves, this.clientECPointFormats);
int[] cipherSuites = getCipherSuites();
- for (int i = 0; i < cipherSuites.length; ++i) {
+ for (int i = 0; i < cipherSuites.length; ++i)
+ {
int cipherSuite = cipherSuites[i];
if (TlsProtocol.arrayContains(this.offeredCipherSuites, cipherSuite)
- && (eccCipherSuitesEnabled || !TlsECCUtils.isECCCipherSuite(cipherSuite))) {
+ && (eccCipherSuitesEnabled || !TlsECCUtils.isECCCipherSuite(cipherSuite)))
+ {
return this.selectedCipherSuite = cipherSuite;
}
}
throw new TlsFatalAlert(AlertDescription.handshake_failure);
}
- public short getSelectedCompressionMethod() throws IOException {
+ public short getSelectedCompressionMethod()
+ throws IOException
+ {
short[] compressionMethods = getCompressionMethods();
- for (int i = 0; i < compressionMethods.length; ++i) {
- if (TlsProtocol.arrayContains(offeredCompressionMethods, compressionMethods[i])) {
+ for (int i = 0; i < compressionMethods.length; ++i)
+ {
+ if (TlsProtocol.arrayContains(offeredCompressionMethods, compressionMethods[i]))
+ {
return this.selectedCompressionMethod = compressionMethods[i];
}
}
@@ -180,16 +221,19 @@ public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsSe
}
// Hashtable is (Integer -> byte[])
- public Hashtable getServerExtensions() throws IOException {
+ public Hashtable getServerExtensions()
+ throws IOException
+ {
- if (this.clientECPointFormats != null && TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) {
+ if (this.clientECPointFormats != null && TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite))
+ {
/*
* RFC 4492 5.2. A server that selects an ECC cipher suite in response to a ClientHello
* message including a Supported Point Formats Extension appends this extension (along
* with others) to its ServerHello message, enumerating the point formats it can parse.
*/
- this.serverECPointFormats = new short[] { ECPointFormat.ansiX962_compressed_char2,
- ECPointFormat.ansiX962_compressed_prime, ECPointFormat.uncompressed };
+ this.serverECPointFormats = new short[]{ECPointFormat.ansiX962_compressed_char2,
+ ECPointFormat.ansiX962_compressed_prime, ECPointFormat.uncompressed};
this.serverExtensions = new Hashtable();
TlsECCUtils.addSupportedPointFormatsExtension(serverExtensions, serverECPointFormats);
@@ -199,26 +243,37 @@ public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsSe
return null;
}
- public Vector getServerSupplementalData() throws IOException {
+ public Vector getServerSupplementalData()
+ throws IOException
+ {
return null;
}
- public CertificateRequest getCertificateRequest() {
+ public CertificateRequest getCertificateRequest()
+ {
return null;
}
- public void processClientSupplementalData(Vector clientSupplementalData) throws IOException {
- if (clientSupplementalData != null) {
+ public void processClientSupplementalData(Vector clientSupplementalData)
+ throws IOException
+ {
+ if (clientSupplementalData != null)
+ {
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
}
- public void notifyClientCertificate(Certificate clientCertificate) throws IOException {
+ public void notifyClientCertificate(Certificate clientCertificate)
+ throws IOException
+ {
throw new TlsFatalAlert(AlertDescription.internal_error);
}
- public TlsCompression getCompression() throws IOException {
- switch (selectedCompressionMethod) {
+ public TlsCompression getCompression()
+ throws IOException
+ {
+ switch (selectedCompressionMethod)
+ {
case CompressionMethod._null:
return new TlsNullCompression();
@@ -231,7 +286,9 @@ public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsSe
}
}
- public NewSessionTicket getNewSessionTicket() throws IOException {
+ public NewSessionTicket getNewSessionTicket()
+ throws IOException
+ {
/*
* RFC 5077 3.3. If the server determines that it does not want to include a ticket after it
* has included the SessionTicket extension in the ServerHello, then it sends a zero-length
@@ -240,6 +297,8 @@ public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsSe
return new NewSessionTicket(0L, TlsUtils.EMPTY_BYTES);
}
- public void notifyHandshakeComplete() throws IOException {
+ public void notifyHandshakeComplete()
+ throws IOException
+ {
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-31 09:07:41 +0300