public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsServer
| Modifier and Type | Field and Description |
|---|---|
protected CertificateStatusRequest |
certificateStatusRequest |
protected int[] |
cipherSuites |
protected java.util.Hashtable |
clientExtensions |
protected java.util.Vector |
clientProtocolNames |
protected boolean |
clientSentECPointFormats |
protected TlsServerContext |
context |
protected boolean |
encryptThenMACOffered |
protected short |
maxFragmentLengthOffered |
protected int[] |
offeredCipherSuites |
protected ProtocolVersion[] |
protocolVersions |
protected int |
selectedCipherSuite |
protected ProtocolName |
selectedProtocolName |
protected java.util.Hashtable |
serverExtensions |
protected java.util.Vector |
statusRequestV2 |
protected boolean |
truncatedHMacOffered |
protected java.util.Vector |
trustedCAKeys |
| Constructor and Description |
|---|
AbstractTlsServer(TlsCrypto crypto) |
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
allowCertificateStatus() |
protected boolean |
allowEncryptThenMAC() |
protected boolean |
allowMultiCertStatus() |
protected boolean |
allowTruncatedHMac() |
protected boolean |
allowTrustedCAIndication() |
protected java.util.Hashtable |
checkServerExtensions()
Deprecated.
Use 'serverExtensions' directly, it is now never null
|
protected short[] |
getAllowedClientCertificateTypes() |
CertificateRequest |
getCertificateRequest() |
CertificateStatus |
getCertificateStatus()
This method will be called (only) if the server included an extension of type
"status_request" with empty "extension_data" in the extended server hello.
|
int[] |
getCipherSuites() |
protected java.lang.String |
getDetailMessageNoCipherSuite() |
TlsDHConfig |
getDHConfig() |
TlsECConfig |
getECDHConfig() |
TlsPSKExternal |
getExternalPSK(java.util.Vector identities)
WARNING: EXPERIMENTAL FEATURE, UNSTABLE API
Return the
external PSK to select from the ClientHello. |
protected int |
getMaximumNegotiableCurveBits() |
protected int |
getMaximumNegotiableFiniteFieldBits() |
protected byte[] |
getNewConnectionID()
RFC 9146 DTLS connection ID.
|
byte[] |
getNewSessionID() |
NewSessionTicket |
getNewSessionTicket()
RFC 5077 3.3.
|
protected java.util.Vector |
getProtocolNames() |
ProtocolVersion[] |
getProtocolVersions() |
TlsPSKIdentityManager |
getPSKIdentityManager() |
int |
getSelectedCipherSuite() |
java.util.Hashtable |
getServerExtensions() |
void |
getServerExtensionsForConnection(java.util.Hashtable serverExtensions) |
java.util.Vector |
getServerSupplementalData() |
ProtocolVersion |
getServerVersion() |
TlsSession |
getSessionToResume(byte[] sessionID)
Return the specified session, if available.
|
TlsSRPLoginParameters |
getSRPLoginParameters() |
int[] |
getSupportedGroups() |
void |
init(TlsServerContext context) |
protected boolean |
isSelectableCipherSuite(int cipherSuite,
int availCurveBits,
int availFiniteFieldBits,
java.util.Vector sigAlgs) |
void |
notifyClientCertificate(Certificate clientCertificate)
Called by the protocol handler to report the client certificate, only if
TlsServer.getCertificateRequest() returned non-null. |
void |
notifyClientVersion(ProtocolVersion clientVersion) |
void |
notifyFallback(boolean isFallback) |
void |
notifyHandshakeBeginning()
Notifies the peer that a new handshake is about to begin.
|
void |
notifyOfferedCipherSuites(int[] offeredCipherSuites) |
void |
notifySession(TlsSession session) |
protected boolean |
preferLocalCipherSuites() |
protected boolean |
preferLocalClientCertificateTypes() |
void |
processClientExtensions(java.util.Hashtable clientExtensions) |
void |
processClientSupplementalData(java.util.Vector clientSupplementalData) |
protected boolean |
selectCipherSuite(int cipherSuite) |
protected int |
selectDH(int minimumFiniteFieldBits) |
protected int |
selectDHDefault(int minimumFiniteFieldBits) |
protected int |
selectECDH(int minimumCurveBits) |
protected int |
selectECDHDefault(int minimumCurveBits) |
protected ProtocolName |
selectProtocolName() |
protected ProtocolName |
selectProtocolName(java.util.Vector clientProtocolNames,
java.util.Vector serverProtocolNames) |
protected boolean |
shouldSelectProtocolNameEarly() |
allowLegacyResumption, cancel, getCrypto, getHandshakeResendTimeMillis, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getPskKeyExchangeModes, getRenegotiationPolicy, getSupportedCipherSuites, getSupportedVersions, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyConnectionClosed, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTimeclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetCredentialsallowLegacyResumption, cancel, getCrypto, getHandshakeResendTimeMillis, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getPskKeyExchangeModes, getRenegotiationPolicy, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyConnectionClosed, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTimeprotected TlsServerContext context
protected ProtocolVersion[] protocolVersions
protected int[] cipherSuites
protected int[] offeredCipherSuites
protected java.util.Hashtable clientExtensions
protected boolean encryptThenMACOffered
protected short maxFragmentLengthOffered
protected boolean truncatedHMacOffered
protected boolean clientSentECPointFormats
protected CertificateStatusRequest certificateStatusRequest
protected java.util.Vector statusRequestV2
protected java.util.Vector trustedCAKeys
protected int selectedCipherSuite
protected java.util.Vector clientProtocolNames
protected ProtocolName selectedProtocolName
protected final java.util.Hashtable serverExtensions
public AbstractTlsServer(TlsCrypto crypto)
protected boolean allowCertificateStatus()
protected boolean allowEncryptThenMAC()
protected boolean allowMultiCertStatus()
protected boolean allowTruncatedHMac()
protected boolean allowTrustedCAIndication()
protected java.util.Hashtable checkServerExtensions()
protected java.lang.String getDetailMessageNoCipherSuite()
protected int getMaximumNegotiableCurveBits()
protected int getMaximumNegotiableFiniteFieldBits()
protected java.util.Vector getProtocolNames()
protected boolean isSelectableCipherSuite(int cipherSuite,
int availCurveBits,
int availFiniteFieldBits,
java.util.Vector sigAlgs)
protected boolean preferLocalCipherSuites()
protected boolean selectCipherSuite(int cipherSuite)
throws java.io.IOException
java.io.IOExceptionprotected int selectDH(int minimumFiniteFieldBits)
protected int selectDHDefault(int minimumFiniteFieldBits)
protected int selectECDH(int minimumCurveBits)
protected int selectECDHDefault(int minimumCurveBits)
protected ProtocolName selectProtocolName() throws java.io.IOException
java.io.IOExceptionprotected ProtocolName selectProtocolName(java.util.Vector clientProtocolNames, java.util.Vector serverProtocolNames)
protected boolean shouldSelectProtocolNameEarly()
protected boolean preferLocalClientCertificateTypes()
protected short[] getAllowedClientCertificateTypes()
protected byte[] getNewConnectionID()
public void init(TlsServerContext context)
public ProtocolVersion[] getProtocolVersions()
getProtocolVersions in interface TlsPeerpublic int[] getCipherSuites()
getCipherSuites in interface TlsPeerpublic void notifyHandshakeBeginning()
throws java.io.IOException
TlsPeernotifyHandshakeBeginning in interface TlsPeernotifyHandshakeBeginning in class AbstractTlsPeerjava.io.IOExceptionpublic TlsSession getSessionToResume(byte[] sessionID)
TlsServergetSessionToResume in interface TlsServersessionID - the ID of the session to resume.TlsSession with the specified session ID, or null.SessionParameters.getPeerCertificate()public byte[] getNewSessionID()
getNewSessionID in interface TlsServerpublic TlsPSKExternal getExternalPSK(java.util.Vector identities)
TlsServerexternal PSK to select from the ClientHello. Note that this will only
be called when TLS 1.3 or higher is amongst the offered protocol versions, and one or more PSKs are
actually offered.getExternalPSK in interface TlsServeridentities - a Vector of PskIdentity instances.TlsPSKExternal corresponding to the selected identity, or null to not select any.public void notifySession(TlsSession session)
notifySession in interface TlsServerpublic void notifyClientVersion(ProtocolVersion clientVersion) throws java.io.IOException
notifyClientVersion in interface TlsServerjava.io.IOExceptionpublic void notifyFallback(boolean isFallback)
throws java.io.IOException
notifyFallback in interface TlsServerjava.io.IOExceptionpublic void notifyOfferedCipherSuites(int[] offeredCipherSuites)
throws java.io.IOException
notifyOfferedCipherSuites in interface TlsServerjava.io.IOExceptionpublic void processClientExtensions(java.util.Hashtable clientExtensions)
throws java.io.IOException
processClientExtensions in interface TlsServerjava.io.IOExceptionpublic ProtocolVersion getServerVersion() throws java.io.IOException
getServerVersion in interface TlsServerjava.io.IOExceptionpublic int[] getSupportedGroups()
throws java.io.IOException
getSupportedGroups in interface TlsServerjava.io.IOExceptionpublic int getSelectedCipherSuite()
throws java.io.IOException
getSelectedCipherSuite in interface TlsServerjava.io.IOExceptionpublic java.util.Hashtable getServerExtensions()
throws java.io.IOException
getServerExtensions in interface TlsServerjava.io.IOExceptionpublic void getServerExtensionsForConnection(java.util.Hashtable serverExtensions)
throws java.io.IOException
getServerExtensionsForConnection in interface TlsServerjava.io.IOExceptionpublic java.util.Vector getServerSupplementalData()
throws java.io.IOException
getServerSupplementalData in interface TlsServerjava.io.IOExceptionpublic CertificateStatus getCertificateStatus() throws java.io.IOException
TlsServerCertificateStatus is returned, it
is sent to the client as a handshake message of type "certificate_status".getCertificateStatus in interface TlsServerCertificateStatus to be sent to the client (or null for none).java.io.IOExceptionpublic CertificateRequest getCertificateRequest() throws java.io.IOException
getCertificateRequest in interface TlsServerjava.io.IOExceptionpublic TlsPSKIdentityManager getPSKIdentityManager() throws java.io.IOException
getPSKIdentityManager in interface TlsServerjava.io.IOExceptionpublic TlsSRPLoginParameters getSRPLoginParameters() throws java.io.IOException
getSRPLoginParameters in interface TlsServerjava.io.IOExceptionpublic TlsDHConfig getDHConfig() throws java.io.IOException
getDHConfig in interface TlsServerjava.io.IOExceptionpublic TlsECConfig getECDHConfig() throws java.io.IOException
getECDHConfig in interface TlsServerjava.io.IOExceptionpublic void processClientSupplementalData(java.util.Vector clientSupplementalData)
throws java.io.IOException
processClientSupplementalData in interface TlsServerjava.io.IOExceptionpublic void notifyClientCertificate(Certificate clientCertificate) throws java.io.IOException
TlsServerTlsServer.getCertificateRequest() returned non-null.
Note: this method is responsible for certificate verification and validation.notifyClientCertificate in interface TlsServerclientCertificate - the effective client certificate (may be an empty chain).java.io.IOExceptionpublic NewSessionTicket getNewSessionTicket() throws java.io.IOException
TlsServerThis method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077 4. Recommended Ticket Construction for recommended format and protection.
getNewSessionTicket in interface TlsServerjava.io.IOException