Package org.bouncycastle.tls

Class AbstractTlsPeer

java.lang.Object
org.bouncycastle.tls.AbstractTlsPeer
All Implemented Interfaces:
TlsPeer
Direct Known Subclasses:
AbstractTlsClient, AbstractTlsServer
public abstract class AbstractTlsPeer extends Object implements TlsPeer
Base class for a TLS client or server.

  • Constructor Details

    • AbstractTlsPeer

      protected AbstractTlsPeer(TlsCrypto crypto)

  • Method Details

    • getSupportedVersions

      protected ProtocolVersion[] getSupportedVersions()
      Get the ProtocolVersion values that are supported by this peer.

      WARNING: Mixing DTLS and TLS versions in the returned array is currently NOT supported. Use a separate (sub-)class for each case.

      Returns:
      an array of supported ProtocolVersion values.

    • getSupportedCipherSuites

      protected abstract int[] getSupportedCipherSuites()

    • cancel

      public void cancel() throws IOException
      Specified by:
      cancel in interface TlsPeer
      Throws:
      IOException

    • getCrypto

      public TlsCrypto getCrypto()
      Specified by:
      getCrypto in interface TlsPeer

    • notifyCloseHandle

      public void notifyCloseHandle(TlsCloseable closeHandle)
      Specified by:
      notifyCloseHandle in interface TlsPeer

    • notifyHandshakeBeginning

      public void notifyHandshakeBeginning() throws IOException
      Description copied from interface: TlsPeer
      Notifies the peer that a new handshake is about to begin.
      Specified by:
      notifyHandshakeBeginning in interface TlsPeer
      Throws:
      IOException

    • getHandshakeTimeoutMillis

      public int getHandshakeTimeoutMillis()
      Description copied from interface: TlsPeer

      NOTE: Currently only respected by DTLS protocols.

      Specify the timeout, in milliseconds, to use for the complete handshake process. Negative values are not allowed. A timeout of zero means an infinite timeout (i.e. the handshake will never time out).

      Specified by:
      getHandshakeTimeoutMillis in interface TlsPeer
      Returns:
      the handshake timeout, in milliseconds.

    • getHandshakeResendTimeMillis

      public int getHandshakeResendTimeMillis()
      Description copied from interface: TlsPeer

      NOTE: Currently only respected by DTLS protocols.

      Specify the time, in milliseconds, after which a handshake packet is resent.

      Specified by:
      getHandshakeResendTimeMillis in interface TlsPeer
      Returns:
      the handshake resend time, in milliseconds.

    • allowLegacyResumption

      public boolean allowLegacyResumption()
      Specified by:
      allowLegacyResumption in interface TlsPeer

    • getMaxCertificateChainLength

      public int getMaxCertificateChainLength()
      Specified by:
      getMaxCertificateChainLength in interface TlsPeer

    • getMaxHandshakeMessageSize

      public int getMaxHandshakeMessageSize()
      Specified by:
      getMaxHandshakeMessageSize in interface TlsPeer

    • getPskKeyExchangeModes

      public short[] getPskKeyExchangeModes()
      Specified by:
      getPskKeyExchangeModes in interface TlsPeer

    • requiresCloseNotify

      public boolean requiresCloseNotify()
      Description copied from interface: TlsPeer
      This option is provided as a last resort for interoperability with TLS peers that fail to correctly send a close_notify alert at end of stream. Implementations SHOULD return true; caution is advised if returning false without a full understanding of the implications.
      Specified by:
      requiresCloseNotify in interface TlsPeer

    • requiresExtendedMasterSecret

      public boolean requiresExtendedMasterSecret()
      Description copied from interface: TlsPeer
      This implementation supports RFC 7627 and will always negotiate the extended_master_secret extension where possible. When connecting to a peer that does not offer/accept this extension, it is recommended to abort the handshake. This option is provided for interoperability with legacy peers, although some TLS features will be disabled in that case (see RFC 7627 5.4).
      Specified by:
      requiresExtendedMasterSecret in interface TlsPeer
      Returns:
      true if the handshake should be aborted when the peer does not negotiate the extended_master_secret extension, or false to support legacy interoperability.

    • shouldCheckSigAlgOfPeerCerts

      public boolean shouldCheckSigAlgOfPeerCerts()
      Description copied from interface: TlsPeer
      Controls whether the protocol will check the 'signatureAlgorithm' of received certificates as specified in RFC 5246 7.4.2, 7.4.4, 7.4.6 and similar rules for earlier TLS versions. We recommend to enable these checks, but this option is provided for cases where the default checks are for some reason too strict.
      Specified by:
      shouldCheckSigAlgOfPeerCerts in interface TlsPeer
      Returns:
      true if the 'signatureAlgorithm' of received certificates should be checked, or false to skip those checks.

    • shouldUseExtendedMasterSecret

      public boolean shouldUseExtendedMasterSecret()
      Specified by:
      shouldUseExtendedMasterSecret in interface TlsPeer

    • shouldUseExtendedPadding

      public boolean shouldUseExtendedPadding()
      Description copied from interface: TlsPeer
      See RFC 5246 6.2.3.2. Controls whether block cipher encryption may randomly add extra padding beyond the minimum. Note that in configurations where this is known to be potential security risk this setting will be ignored (and extended padding disabled). Extra padding is always supported when decrypting received records.
      Specified by:
      shouldUseExtendedPadding in interface TlsPeer
      Returns:
      true if random extra padding should be added during block cipher encryption, or false to always use the minimum amount of required padding.

    • shouldUseGMTUnixTime

      public boolean shouldUseGMTUnixTime()
      Description copied from interface: TlsPeer
      draft-mathewson-no-gmtunixtime-00 2. "If existing users of a TLS implementation may rely on gmt_unix_time containing the current time, we recommend that implementors MAY provide the ability to set gmt_unix_time as an option only, off by default." NOTE: For a server that has negotiated TLS 1.3 (or later), or a client that has offered TLS 1.3 (or later), this is not called and gmt_unix_time is not used.
      Specified by:
      shouldUseGMTUnixTime in interface TlsPeer
      Returns:
      true if the current time should be used in the gmt_unix_time field of Random, or false if gmt_unix_time should contain a cryptographically random value.

    • notifySecureRenegotiation

      public void notifySecureRenegotiation(boolean secureRenegotiation) throws IOException
      Description copied from interface: TlsPeer
      RFC 5746 3.4/3.6. In case this is false, peers may want to terminate the handshake instead of continuing; see Section 4.1/4.3 for discussion. NOTE: TLS 1.3 forbids renegotiation, so this is never called when TLS 1.3 (or later) was negotiated.
      Specified by:
      notifySecureRenegotiation in interface TlsPeer
      Throws:
      IOException

    • getKeyExchangeFactory

      public TlsKeyExchangeFactory getKeyExchangeFactory() throws IOException
      Specified by:
      getKeyExchangeFactory in interface TlsPeer
      Throws:
      IOException

    • notifyAlertRaised

      public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
      Description copied from interface: TlsPeer
      This method will be called when an alert is raised by the protocol.
      Specified by:
      notifyAlertRaised in interface TlsPeer
      Parameters:
      alertLevel - AlertLevel
      alertDescription - AlertDescription
      message - A human-readable message explaining what caused this alert. May be null.
      cause - The Throwable that caused this alert to be raised. May be null.

    • notifyAlertReceived

      public void notifyAlertReceived(short alertLevel, short alertDescription)
      Description copied from interface: TlsPeer
      This method will be called when an alert is received from the remote peer.
      Specified by:
      notifyAlertReceived in interface TlsPeer
      Parameters:
      alertLevel - AlertLevel
      alertDescription - AlertDescription

    • notifyConnectionClosed

      public void notifyConnectionClosed()
      Description copied from interface: TlsPeer
      Notifies the peer that the connection has been closed.
      Specified by:
      notifyConnectionClosed in interface TlsPeer

    • notifyHandshakeComplete

      public void notifyHandshakeComplete() throws IOException
      Description copied from interface: TlsPeer
      Notifies the peer that the handshake has been successfully completed.
      Specified by:
      notifyHandshakeComplete in interface TlsPeer
      Throws:
      IOException

    • getHeartbeat

      public TlsHeartbeat getHeartbeat()
      Description copied from interface: TlsPeer
      Return a TlsHeartbeat instance that will control the generation of heartbeats locally (if permitted by the remote peer), or null to not generate heartbeats. Heartbeats are described in RFC 6520.
      Specified by:
      getHeartbeat in interface TlsPeer
      Returns:
      an instance of TlsHeartbeat.
      See Also:

    • getHeartbeatPolicy

      public short getHeartbeatPolicy()
      Description copied from interface: TlsPeer

      Return the heartbeat mode applicable to the remote peer. Heartbeats are described in RFC 6520.

      See enumeration class HeartbeatMode for appropriate return values.

      Specified by:
      getHeartbeatPolicy in interface TlsPeer
      Returns:
      the HeartbeatMode value.

    • getRenegotiationPolicy

      public int getRenegotiationPolicy()
      Description copied from interface: TlsPeer
      WARNING: EXPERIMENTAL FEATURE Return this peer's policy on renegotiation requests from the remote peer. This will be called only outside of ongoing handshakes, either when a remote server has sent a hello_request, or a remote client has sent a new ClientHello, and only when the requirements for secure renegotiation (including those of RFC 5746) have been met.
      Specified by:
      getRenegotiationPolicy in interface TlsPeer
      Returns:
      The RenegotiationPolicy constant corresponding to the desired policy.
      See Also: