Package org.bouncycastle.tls

Class TlsProtocol

java.lang.Object
org.bouncycastle.tls.TlsProtocol
All Implemented Interfaces:
TlsCloseable
Direct Known Subclasses:
TlsClientProtocol, TlsServerProtocol
public abstract class TlsProtocol extends Object implements TlsCloseable

  • Field Details

    • EXT_RenegotiationInfo

      protected static final Integer EXT_RenegotiationInfo

    • EXT_SessionTicket

      protected static final Integer EXT_SessionTicket

    • CS_START

      protected static final short CS_START
      See Also:

    • CS_CLIENT_HELLO

      protected static final short CS_CLIENT_HELLO
      See Also:

    • CS_SERVER_HELLO_RETRY_REQUEST

      protected static final short CS_SERVER_HELLO_RETRY_REQUEST
      See Also:

    • CS_CLIENT_HELLO_RETRY

      protected static final short CS_CLIENT_HELLO_RETRY
      See Also:

    • CS_SERVER_HELLO

      protected static final short CS_SERVER_HELLO
      See Also:

    • CS_SERVER_ENCRYPTED_EXTENSIONS

      protected static final short CS_SERVER_ENCRYPTED_EXTENSIONS
      See Also:

    • CS_SERVER_SUPPLEMENTAL_DATA

      protected static final short CS_SERVER_SUPPLEMENTAL_DATA
      See Also:

    • CS_SERVER_CERTIFICATE

      protected static final short CS_SERVER_CERTIFICATE
      See Also:

    • CS_SERVER_CERTIFICATE_STATUS

      protected static final short CS_SERVER_CERTIFICATE_STATUS
      See Also:

    • CS_SERVER_CERTIFICATE_VERIFY

      protected static final short CS_SERVER_CERTIFICATE_VERIFY
      See Also:

    • CS_SERVER_KEY_EXCHANGE

      protected static final short CS_SERVER_KEY_EXCHANGE
      See Also:

    • CS_SERVER_CERTIFICATE_REQUEST

      protected static final short CS_SERVER_CERTIFICATE_REQUEST
      See Also:

    • CS_SERVER_HELLO_DONE

      protected static final short CS_SERVER_HELLO_DONE
      See Also:

    • CS_CLIENT_END_OF_EARLY_DATA

      protected static final short CS_CLIENT_END_OF_EARLY_DATA
      See Also:

    • CS_CLIENT_SUPPLEMENTAL_DATA

      protected static final short CS_CLIENT_SUPPLEMENTAL_DATA
      See Also:

    • CS_CLIENT_CERTIFICATE

      protected static final short CS_CLIENT_CERTIFICATE
      See Also:

    • CS_CLIENT_KEY_EXCHANGE

      protected static final short CS_CLIENT_KEY_EXCHANGE
      See Also:

    • CS_CLIENT_CERTIFICATE_VERIFY

      protected static final short CS_CLIENT_CERTIFICATE_VERIFY
      See Also:

    • CS_CLIENT_FINISHED

      protected static final short CS_CLIENT_FINISHED
      See Also:

    • CS_SERVER_SESSION_TICKET

      protected static final short CS_SERVER_SESSION_TICKET
      See Also:

    • CS_SERVER_FINISHED

      protected static final short CS_SERVER_FINISHED
      See Also:

    • CS_END

      protected static final short CS_END
      See Also:

    • ADS_MODE_1_Nsub1

      protected static final short ADS_MODE_1_Nsub1
      See Also:

    • ADS_MODE_0_N

      protected static final short ADS_MODE_0_N
      See Also:

    • ADS_MODE_0_N_FIRSTONLY

      protected static final short ADS_MODE_0_N_FIRSTONLY
      See Also:

    • tlsSession

      protected TlsSession tlsSession

    • sessionParameters

      protected SessionParameters sessionParameters

    • sessionMasterSecret

      protected TlsSecret sessionMasterSecret

    • retryCookie

      protected byte[] retryCookie

    • retryGroup

      protected int retryGroup

    • clientExtensions

      protected Hashtable clientExtensions

    • serverExtensions

      protected Hashtable serverExtensions

    • connection_state

      protected short connection_state

    • selectedPSK13

      protected boolean selectedPSK13

    • receivedChangeCipherSpec

      protected boolean receivedChangeCipherSpec

    • expectSessionTicket

      protected boolean expectSessionTicket

    • blocking

      protected boolean blocking

    • inputBuffers

      protected ByteQueueInputStream inputBuffers

    • outputBuffer

      protected ByteQueueOutputStream outputBuffer

  • Constructor Details

    • TlsProtocol

      protected TlsProtocol()

    • TlsProtocol

      protected TlsProtocol(InputStream input, OutputStream output)

  • Method Details

    • isLegacyConnectionState

      protected boolean isLegacyConnectionState()

    • isTLSv13ConnectionState

      protected boolean isTLSv13ConnectionState()

    • resumeHandshake

      public void resumeHandshake() throws IOException
      Throws:
      IOException

    • closeConnection

      protected void closeConnection() throws IOException
      Throws:
      IOException

    • getContext

      protected abstract TlsContext getContext()

    • getPeer

      protected abstract TlsPeer getPeer()

    • getRenegotiationPolicy

      protected int getRenegotiationPolicy()

    • handleAlertMessage

      protected void handleAlertMessage(short alertLevel, short alertDescription) throws IOException
      Throws:
      IOException

    • handleAlertWarningMessage

      protected void handleAlertWarningMessage(short alertDescription) throws IOException
      Throws:
      IOException

    • handleChangeCipherSpecMessage

      protected void handleChangeCipherSpecMessage() throws IOException
      Throws:
      IOException

    • handleClose

      protected void handleClose(boolean user_canceled) throws IOException
      Throws:
      IOException

    • handleException

      protected void handleException(short alertDescription, String message, Throwable e) throws IOException
      Throws:
      IOException

    • handleFailure

      protected void handleFailure() throws IOException
      Throws:
      IOException

    • handleHandshakeMessage

      protected abstract void handleHandshakeMessage(short type, HandshakeMessageInput buf) throws IOException
      Throws:
      IOException

    • handleRenegotiation

      protected boolean handleRenegotiation() throws IOException
      Throws:
      IOException

    • applyMaxFragmentLengthExtension

      protected void applyMaxFragmentLengthExtension(short maxFragmentLength) throws IOException
      Throws:
      IOException

    • checkReceivedChangeCipherSpec

      protected void checkReceivedChangeCipherSpec(boolean expected) throws IOException
      Throws:
      IOException

    • blockForHandshake

      protected void blockForHandshake() throws IOException
      Throws:
      IOException

    • beginHandshake

      protected void beginHandshake(boolean renegotiation) throws IOException
      Throws:
      IOException

    • cleanupHandshake

      protected void cleanupHandshake()

    • completeHandshake

      protected void completeHandshake() throws IOException
      Throws:
      IOException

    • processRecord

      protected void processRecord(short protocol, byte[] buf, int off, int len) throws IOException
      Throws:
      IOException

    • applicationDataAvailable

      public int applicationDataAvailable()

    • readApplicationData

      public int readApplicationData(byte[] buf, int off, int len) throws IOException
      Read data from the network. The method will return immediately, if there is still some data left in the buffer, or block until some application data has been read from the network.
      Parameters:
      buf - The buffer where the data will be copied to.
      off - The position where the data will be placed in the buffer.
      len - The maximum number of bytes to read.
      Returns:
      The number of bytes read.
      Throws:
      IOException - If something goes wrong during reading data.

    • safePreviewRecordHeader

      protected RecordPreview safePreviewRecordHeader(byte[] recordHeader) throws IOException
      Throws:
      IOException

    • safeReadRecord

      protected void safeReadRecord() throws IOException
      Throws:
      IOException

    • safeReadFullRecord

      protected boolean safeReadFullRecord(byte[] input, int inputOff, int inputLen) throws IOException
      Throws:
      IOException

    • safeWriteRecord

      protected void safeWriteRecord(short type, byte[] buf, int offset, int len) throws IOException
      Throws:
      IOException

    • writeApplicationData

      public void writeApplicationData(byte[] buf, int off, int len) throws IOException
      Write some application data. Fragmentation is handled internally. Usable in both blocking/non-blocking modes.

      In blocking mode, the output will be automatically sent via the underlying transport. In non-blocking mode, call readOutput(byte[], int, int) to get the output bytes to send to the peer.

      This method must not be called until after the initial handshake is complete. Attempting to call it earlier will result in an IllegalStateException.
      Parameters:
      buf - The buffer containing application data to send
      off - The offset at which the application data begins
      len - The number of bytes of application data
      Throws:
      IllegalStateException - If called before the initial handshake has completed.
      IOException - If connection is already closed, or for encryption or transport errors.

    • getAppDataSplitMode

      public int getAppDataSplitMode()

    • setAppDataSplitMode

      public void setAppDataSplitMode(int appDataSplitMode)

    • isResumableHandshake

      public boolean isResumableHandshake()

    • setResumableHandshake

      public void setResumableHandshake(boolean resumableHandshake)

    • getOutputStream

      public OutputStream getOutputStream()
      Returns:
      An OutputStream which can be used to send data. Only allowed in blocking mode.

    • getInputStream

      public InputStream getInputStream()
      Returns:
      An InputStream which can be used to read data. Only allowed in blocking mode.

    • closeInput

      public void closeInput() throws IOException
      Should be called in non-blocking mode when the input data reaches EOF.
      Throws:
      IOException

    • previewInputRecord

      public RecordPreview previewInputRecord(byte[] recordHeader) throws IOException
      Throws:
      IOException

    • previewOutputRecord

      public int previewOutputRecord()

    • previewOutputRecord

      public RecordPreview previewOutputRecord(int applicationDataSize) throws IOException
      Throws:
      IOException

    • offerInput

      public void offerInput(byte[] input) throws IOException
      Equivalent to offerInput(input, 0, input.length)
      Parameters:
      input - The input buffer to offer
      Throws:
      IOException - If an error occurs while decrypting or processing a record
      See Also:

    • offerInput

      public void offerInput(byte[] input, int inputOff, int inputLen) throws IOException
      Offer input from an arbitrary source. Only allowed in non-blocking mode.

      This method will decrypt and process all records that are fully available. If only part of a record is available, the buffer will be retained until the remainder of the record is offered.

      If any records containing application data were processed, the decrypted data can be obtained using readInput(byte[], int, int). If any records containing protocol data were processed, a response may have been generated. You should always check to see if there is any available output after calling this method by calling getAvailableOutputBytes().
      Parameters:
      input - The input buffer to offer
      inputOff - The offset within the input buffer that input begins
      inputLen - The number of bytes of input being offered
      Throws:
      IOException - If an error occurs while decrypting or processing a record

    • getApplicationDataLimit

      public int getApplicationDataLimit()

    • getAvailableInputBytes

      public int getAvailableInputBytes()
      Gets the amount of received application data. A call to readInput(byte[], int, int) is guaranteed to be able to return at least this much data.

      Only allowed in non-blocking mode.
      Returns:
      The number of bytes of available application data

    • readInput

      public int readInput(byte[] buffer, int offset, int length)
      Retrieves received application data. Use getAvailableInputBytes() to check how much application data is currently available. This method functions similarly to InputStream.read(byte[], int, int), except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

      Only allowed in non-blocking mode.
      Parameters:
      buffer - The buffer to hold the application data
      offset - The start offset in the buffer at which the data is written
      length - The maximum number of bytes to read
      Returns:
      The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.

    • readInput

      public int readInput(ByteBuffer buffer, int length)
      Retrieves received application data into a ByteBuffer. Use getAvailableInputBytes() to check how much application data is currently available. This method functions similarly to InputStream.read(byte[], int, int), except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

      Only allowed in non-blocking mode.
      Parameters:
      buffer - The ByteBuffer to hold the application data
      length - The maximum number of bytes to read
      Returns:
      The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.

    • getAvailableOutputBytes

      public int getAvailableOutputBytes()
      Gets the amount of encrypted data available to be sent. A call to readOutput(byte[], int, int) is guaranteed to be able to return at least this much data.

      Only allowed in non-blocking mode.
      Returns:
      The number of bytes of available encrypted data

    • readOutput

      public int readOutput(byte[] buffer, int offset, int length)
      Retrieves encrypted data to be sent. Use getAvailableOutputBytes() to check how much encrypted data is currently available. This method functions similarly to InputStream.read(byte[], int, int), except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

      Only allowed in non-blocking mode.
      Parameters:
      buffer - The buffer to hold the encrypted data
      offset - The start offset in the buffer at which the data is written
      length - The maximum number of bytes to read
      Returns:
      The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.

    • readOutput

      public int readOutput(ByteBuffer buffer, int length)
      Retrieves encrypted data to be sent. Use getAvailableOutputBytes() to check how much encrypted data is currently available. This method functions similarly to InputStream.read(byte[], int, int), except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

      Only allowed in non-blocking mode.
      Parameters:
      buffer - The ByteBuffer to hold the encrypted data
      length - The maximum number of bytes to read
      Returns:
      The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.

    • establishSession

      protected boolean establishSession(TlsSession sessionToResume)

    • cancelSession

      protected void cancelSession()

    • invalidateSession

      protected void invalidateSession()

    • processFinishedMessage

      protected void processFinishedMessage(ByteArrayInputStream buf) throws IOException
      Throws:
      IOException

    • process13FinishedMessage

      protected void process13FinishedMessage(ByteArrayInputStream buf) throws IOException
      Throws:
      IOException

    • raiseAlertFatal

      protected void raiseAlertFatal(short alertDescription, String message, Throwable cause) throws IOException
      Throws:
      IOException

    • raiseAlertWarning

      protected void raiseAlertWarning(short alertDescription, String message) throws IOException
      Throws:
      IOException

    • receive13KeyUpdate

      protected void receive13KeyUpdate(ByteArrayInputStream buf) throws IOException
      Throws:
      IOException

    • sendCertificateMessage

      protected void sendCertificateMessage(Certificate certificate, OutputStream endPointHash) throws IOException
      Throws:
      IOException

    • send13CertificateMessage

      protected void send13CertificateMessage(Certificate certificate) throws IOException
      Throws:
      IOException

    • send13CertificateVerifyMessage

      protected void send13CertificateVerifyMessage(DigitallySigned certificateVerify) throws IOException
      Throws:
      IOException

    • sendChangeCipherSpec

      protected void sendChangeCipherSpec() throws IOException
      Throws:
      IOException

    • sendChangeCipherSpecMessage

      protected void sendChangeCipherSpecMessage() throws IOException
      Throws:
      IOException

    • sendFinishedMessage

      protected void sendFinishedMessage() throws IOException
      Throws:
      IOException

    • send13FinishedMessage

      protected void send13FinishedMessage() throws IOException
      Throws:
      IOException

    • send13KeyUpdate

      protected void send13KeyUpdate(boolean updateRequested) throws IOException
      Throws:
      IOException

    • sendSupplementalDataMessage

      protected void sendSupplementalDataMessage(Vector supplementalData) throws IOException
      Throws:
      IOException

    • close

      public void close() throws IOException
      Closes this connection.
      Specified by:
      close in interface TlsCloseable
      Throws:
      IOException - If something goes wrong during closing.

    • flush

      public void flush() throws IOException
      Throws:
      IOException

    • isClosed

      public boolean isClosed()

    • isConnected

      public boolean isConnected()

    • isHandshaking

      public boolean isHandshaking()

    • processMaxFragmentLengthExtension

      protected short processMaxFragmentLengthExtension(Hashtable clientExtensions, Hashtable serverExtensions, short alertDescription) throws IOException
      Deprecated.
      Will be removed.
      Throws:
      IOException

    • refuseRenegotiation

      protected void refuseRenegotiation() throws IOException
      Throws:
      IOException

    • assertEmpty

      protected static void assertEmpty(ByteArrayInputStream buf) throws IOException
      Make sure the InputStream 'buf' now empty. Fail otherwise.
      Parameters:
      buf - The InputStream to check.
      Throws:
      IOException - If 'buf' is not empty.

    • createRandomBlock

      protected static byte[] createRandomBlock(boolean useGMTUnixTime, TlsContext context)

    • createRenegotiationInfo

      protected static byte[] createRenegotiationInfo(byte[] renegotiated_connection) throws IOException
      Throws:
      IOException

    • establishMasterSecret

      protected static void establishMasterSecret(TlsContext context, TlsKeyExchange keyExchange) throws IOException
      Throws:
      IOException

    • readExtensions

      protected static Hashtable readExtensions(ByteArrayInputStream input) throws IOException
      Throws:
      IOException

    • readExtensionsData

      protected static Hashtable readExtensionsData(byte[] extBytes) throws IOException
      Throws:
      IOException

    • readExtensionsData13

      protected static Hashtable readExtensionsData13(int handshakeType, byte[] extBytes) throws IOException
      Throws:
      IOException

    • readExtensionsDataClientHello

      protected static Hashtable readExtensionsDataClientHello(byte[] extBytes) throws IOException
      Throws:
      IOException

    • readSupplementalDataMessage

      protected static Vector readSupplementalDataMessage(ByteArrayInputStream input) throws IOException
      Throws:
      IOException

    • writeExtensions

      protected static void writeExtensions(OutputStream output, Hashtable extensions) throws IOException
      Throws:
      IOException

    • writeExtensions

      protected static void writeExtensions(OutputStream output, Hashtable extensions, int bindersSize) throws IOException
      Throws:
      IOException

    • writeExtensionsData

      protected static byte[] writeExtensionsData(Hashtable extensions) throws IOException
      Throws:
      IOException

    • writeExtensionsData

      protected static byte[] writeExtensionsData(Hashtable extensions, int bindersSize) throws IOException
      Throws:
      IOException

    • writeExtensionsData

      protected static void writeExtensionsData(Hashtable extensions, int bindersSize, ByteArrayOutputStream buf) throws IOException
      Throws:
      IOException

    • writePreSharedKeyExtension

      protected static void writePreSharedKeyExtension(OutputStream output, Hashtable extensions, int bindersSize) throws IOException
      Throws:
      IOException

    • writeSelectedExtensions

      protected static void writeSelectedExtensions(OutputStream output, Hashtable extensions, boolean selectEmpty) throws IOException
      Throws:
      IOException

    • writeSupplementalData

      protected static void writeSupplementalData(OutputStream output, Vector supplementalData) throws IOException
      Throws:
      IOException