Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java')
-rw-r--r--src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java113
1 files changed, 79 insertions, 34 deletions
diff --git a/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java b/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
index 810f1b52..0f59909f 100644
--- a/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
+++ b/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
@@ -17,7 +17,9 @@ import org.bouncycastle.crypto.util.PublicKeyFactory;
/**
* TLS 1.0/1.1 DH key exchange.
*/
-public class TlsDHKeyExchange extends AbstractTlsKeyExchange {
+public class TlsDHKeyExchange
+ extends AbstractTlsKeyExchange
+{
protected static final BigInteger ONE = BigInteger.valueOf(1);
protected static final BigInteger TWO = BigInteger.valueOf(2);
@@ -32,11 +34,13 @@ public class TlsDHKeyExchange extends AbstractTlsKeyExchange {
protected DHPublicKeyParameters dhAgreeClientPublicKey;
- public TlsDHKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters) {
+ public TlsDHKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters)
+ {
super(keyExchange, supportedSignatureAlgorithms);
- switch (keyExchange) {
+ switch (keyExchange)
+ {
case KeyExchangeAlgorithm.DH_RSA:
case KeyExchangeAlgorithm.DH_DSS:
this.tlsSigner = null;
@@ -54,43 +58,60 @@ public class TlsDHKeyExchange extends AbstractTlsKeyExchange {
this.dhParameters = dhParameters;
}
- public void init(TlsContext context) {
+ public void init(TlsContext context)
+ {
super.init(context);
- if (this.tlsSigner != null) {
+ if (this.tlsSigner != null)
+ {
this.tlsSigner.init(context);
}
}
- public void skipServerCredentials() throws IOException {
+ public void skipServerCredentials()
+ throws IOException
+ {
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
- public void processServerCertificate(Certificate serverCertificate) throws IOException {
+ public void processServerCertificate(Certificate serverCertificate)
+ throws IOException
+ {
- if (serverCertificate.isEmpty()) {
+ if (serverCertificate.isEmpty())
+ {
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
- try {
+ try
+ {
this.serverPublicKey = PublicKeyFactory.createKey(keyInfo);
- } catch (RuntimeException e) {
+ }
+ catch (RuntimeException e)
+ {
throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
}
- if (tlsSigner == null) {
- try {
- this.dhAgreeServerPublicKey = validateDHPublicKey((DHPublicKeyParameters) this.serverPublicKey);
- } catch (ClassCastException e) {
+ if (tlsSigner == null)
+ {
+ try
+ {
+ this.dhAgreeServerPublicKey = validateDHPublicKey((DHPublicKeyParameters)this.serverPublicKey);
+ }
+ catch (ClassCastException e)
+ {
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyAgreement);
- } else {
- if (!tlsSigner.isValidPublicKey(this.serverPublicKey)) {
+ }
+ else
+ {
+ if (!tlsSigner.isValidPublicKey(this.serverPublicKey))
+ {
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
@@ -100,8 +121,10 @@ public class TlsDHKeyExchange extends AbstractTlsKeyExchange {
super.processServerCertificate(serverCertificate);
}
- public boolean requiresServerKeyExchange() {
- switch (keyExchange) {
+ public boolean requiresServerKeyExchange()
+ {
+ switch (keyExchange)
+ {
case KeyExchangeAlgorithm.DHE_DSS:
case KeyExchangeAlgorithm.DHE_RSA:
case KeyExchangeAlgorithm.DH_anon:
@@ -111,10 +134,14 @@ public class TlsDHKeyExchange extends AbstractTlsKeyExchange {
}
}
- public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException {
+ public void validateCertificateRequest(CertificateRequest certificateRequest)
+ throws IOException
+ {
short[] types = certificateRequest.getCertificateTypes();
- for (int i = 0; i < types.length; ++i) {
- switch (types[i]) {
+ for (int i = 0; i < types.length; ++i)
+ {
+ switch (types[i])
+ {
case ClientCertificateType.rsa_sign:
case ClientCertificateType.dss_sign:
case ClientCertificateType.rsa_fixed_dh:
@@ -127,51 +154,69 @@ public class TlsDHKeyExchange extends AbstractTlsKeyExchange {
}
}
- public void processClientCredentials(TlsCredentials clientCredentials) throws IOException {
- if (clientCredentials instanceof TlsAgreementCredentials) {
+ public void processClientCredentials(TlsCredentials clientCredentials)
+ throws IOException
+ {
+ if (clientCredentials instanceof TlsAgreementCredentials)
+ {
// TODO Validate client cert has matching parameters (see 'areCompatibleParameters')?
- this.agreementCredentials = (TlsAgreementCredentials) clientCredentials;
- } else if (clientCredentials instanceof TlsSignerCredentials) {
+ this.agreementCredentials = (TlsAgreementCredentials)clientCredentials;
+ }
+ else if (clientCredentials instanceof TlsSignerCredentials)
+ {
// OK
- } else {
+ }
+ else
+ {
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
- public void generateClientKeyExchange(OutputStream output) throws IOException {
+ public void generateClientKeyExchange(OutputStream output)
+ throws IOException
+ {
/*
* RFC 2246 7.4.7.2 If the client certificate already contains a suitable Diffie-Hellman
* key, then Yc is implicit and does not need to be sent again. In this case, the Client Key
* Exchange message will be sent, but will be empty.
*/
- if (agreementCredentials == null) {
+ if (agreementCredentials == null)
+ {
this.dhAgreeClientPrivateKey = TlsDHUtils.generateEphemeralClientKeyExchange(context.getSecureRandom(),
dhAgreeServerPublicKey.getParameters(), output);
}
}
- public byte[] generatePremasterSecret() throws IOException {
- if (agreementCredentials != null) {
+ public byte[] generatePremasterSecret()
+ throws IOException
+ {
+ if (agreementCredentials != null)
+ {
return agreementCredentials.generateAgreement(dhAgreeServerPublicKey);
}
return calculateDHBasicAgreement(dhAgreeServerPublicKey, dhAgreeClientPrivateKey);
}
- protected boolean areCompatibleParameters(DHParameters a, DHParameters b) {
+ protected boolean areCompatibleParameters(DHParameters a, DHParameters b)
+ {
return a.getP().equals(b.getP()) && a.getG().equals(b.getG());
}
- protected byte[] calculateDHBasicAgreement(DHPublicKeyParameters publicKey, DHPrivateKeyParameters privateKey) {
+ protected byte[] calculateDHBasicAgreement(DHPublicKeyParameters publicKey, DHPrivateKeyParameters privateKey)
+ {
return TlsDHUtils.calculateDHBasicAgreement(publicKey, privateKey);
}
- protected AsymmetricCipherKeyPair generateDHKeyPair(DHParameters dhParams) {
+ protected AsymmetricCipherKeyPair generateDHKeyPair(DHParameters dhParams)
+ {
return TlsDHUtils.generateDHKeyPair(context.getSecureRandom(), dhParams);
}
- protected DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters key) throws IOException {
+ protected DHPublicKeyParameters validateDHPublicKey(DHPublicKeyParameters key)
+ throws IOException
+ {
return TlsDHUtils.validateDHPublicKey(key);
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-31 10:07:35 +0300