public abstract class AbstractTlsClient extends AbstractTlsPeer implements TlsClient
Modifier and Type | Field and Description |
---|---|
protected int[] |
cipherSuites |
protected TlsClientContext |
context |
protected ProtocolVersion[] |
protocolVersions |
protected java.util.Vector |
supportedGroups |
protected java.util.Vector |
supportedSignatureAlgorithms |
protected java.util.Vector |
supportedSignatureAlgorithmsCert |
Constructor and Description |
---|
AbstractTlsClient(TlsCrypto crypto) |
Modifier and Type | Method and Description |
---|---|
protected boolean |
allowUnexpectedServerExtension(java.lang.Integer extensionType,
byte[] extensionData) |
protected void |
checkForUnexpectedServerExtension(java.util.Hashtable serverExtensions,
java.lang.Integer extensionType) |
protected java.util.Vector |
getCertificateAuthorities() |
protected CertificateStatusRequest |
getCertificateStatusRequest() |
int[] |
getCipherSuites() |
java.util.Hashtable |
getClientExtensions() |
java.util.Vector |
getClientSupplementalData() |
TlsDHGroupVerifier |
getDHGroupVerifier() |
java.util.Vector |
getEarlyKeyShareGroups()
If this client is offering TLS 1.3 or higher, this method may be called to determine for which
groups a key share should be included in the initial ClientHello.
|
java.util.Vector |
getExternalPSKs()
Return the
external PSKs to offer in the ClientHello. |
protected java.util.Vector |
getMultiCertStatusRequest() |
protected java.util.Vector |
getNamedGroupRoles() |
protected java.util.Vector |
getProtocolNames() |
ProtocolVersion[] |
getProtocolVersions() |
TlsPSKIdentity |
getPSKIdentity() |
TlsSession |
getSessionToResume()
Return the session this client wants to resume, if any.
|
protected java.util.Vector |
getSNIServerNames() |
TlsSRPConfigVerifier |
getSRPConfigVerifier() |
TlsSRPIdentity |
getSRPIdentity() |
protected java.util.Vector |
getSupportedGroups(java.util.Vector namedGroupRoles)
The default
getClientExtensions() implementation calls this to determine which named
groups to include in the supported_groups extension for the ClientHello. |
protected java.util.Vector |
getSupportedSignatureAlgorithms() |
protected java.util.Vector |
getSupportedSignatureAlgorithmsCert() |
protected java.util.Vector |
getTrustedCAIndication() |
void |
init(TlsClientContext context) |
boolean |
isFallback() |
void |
notifyHandshakeBeginning()
Notifies the peer that a new handshake is about to begin.
|
void |
notifyNewSessionTicket(NewSessionTicket newSessionTicket)
RFC 5077 3.3.
|
void |
notifySelectedCipherSuite(int selectedCipherSuite) |
void |
notifySelectedPSK(TlsPSK selectedPSK) |
void |
notifyServerVersion(ProtocolVersion serverVersion) |
void |
notifySessionID(byte[] sessionID)
Notifies the client of the session_id sent in the ServerHello.
|
void |
notifySessionToResume(TlsSession session)
Notifies the client of the session that will be offered in ClientHello for resumption, if any.
|
void |
processServerExtensions(java.util.Hashtable serverExtensions)
The TlsClientProtocol implementation validates that any server extensions received correspond
to client extensions sent.
|
void |
processServerSupplementalData(java.util.Vector serverSupplementalData) |
allowLegacyResumption, cancel, getCrypto, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getPskKeyExchangeModes, getRenegotiationPolicy, getSupportedCipherSuites, getSupportedVersions, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getAuthentication
allowLegacyResumption, cancel, getCrypto, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getPskKeyExchangeModes, getRenegotiationPolicy, notifyAlertRaised, notifyAlertReceived, notifyCloseHandle, notifyHandshakeComplete, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime
protected TlsClientContext context
protected ProtocolVersion[] protocolVersions
protected int[] cipherSuites
protected java.util.Vector supportedGroups
protected java.util.Vector supportedSignatureAlgorithms
protected java.util.Vector supportedSignatureAlgorithmsCert
public AbstractTlsClient(TlsCrypto crypto)
protected boolean allowUnexpectedServerExtension(java.lang.Integer extensionType, byte[] extensionData) throws java.io.IOException
java.io.IOException
protected java.util.Vector getNamedGroupRoles()
protected void checkForUnexpectedServerExtension(java.util.Hashtable serverExtensions, java.lang.Integer extensionType) throws java.io.IOException
java.io.IOException
public TlsPSKIdentity getPSKIdentity() throws java.io.IOException
getPSKIdentity
in interface TlsClient
java.io.IOException
public TlsSRPIdentity getSRPIdentity() throws java.io.IOException
getSRPIdentity
in interface TlsClient
java.io.IOException
public TlsDHGroupVerifier getDHGroupVerifier()
getDHGroupVerifier
in interface TlsClient
public TlsSRPConfigVerifier getSRPConfigVerifier()
getSRPConfigVerifier
in interface TlsClient
protected java.util.Vector getCertificateAuthorities()
protected java.util.Vector getProtocolNames()
protected CertificateStatusRequest getCertificateStatusRequest()
protected java.util.Vector getMultiCertStatusRequest()
Vector
of CertificateStatusRequestItemV2
(or null).protected java.util.Vector getSNIServerNames()
protected java.util.Vector getSupportedGroups(java.util.Vector namedGroupRoles)
getClientExtensions()
implementation calls this to determine which named
groups to include in the supported_groups extension for the ClientHello.namedGroupRoles
- The named group roles
for which there should be at
least one supported group. By default this is inferred from the offered cipher
suites and signature algorithms.Vector
of Integer
. See NamedGroup
for group constants.protected java.util.Vector getSupportedSignatureAlgorithms()
protected java.util.Vector getSupportedSignatureAlgorithmsCert()
protected java.util.Vector getTrustedCAIndication()
public void init(TlsClientContext context)
public ProtocolVersion[] getProtocolVersions()
getProtocolVersions
in interface TlsPeer
public int[] getCipherSuites()
getCipherSuites
in interface TlsPeer
public void notifyHandshakeBeginning() throws java.io.IOException
TlsPeer
notifyHandshakeBeginning
in interface TlsPeer
notifyHandshakeBeginning
in class AbstractTlsPeer
java.io.IOException
public TlsSession getSessionToResume()
TlsClient
getSessionToResume
in interface TlsClient
TlsSession
representing the resumable session to be used for this
connection, or null to use a new session.SessionParameters.getPeerCertificate()
public java.util.Vector getExternalPSKs()
TlsClient
external PSKs
to offer in the ClientHello.
Note that this will only be called when TLS 1.3 or higher is amongst the
offered protocol versions.getExternalPSKs
in interface TlsClient
Vector
of TlsPSKExternal
instances, or null if none
should be offered.public boolean isFallback()
isFallback
in interface TlsClient
public java.util.Hashtable getClientExtensions() throws java.io.IOException
getClientExtensions
in interface TlsClient
java.io.IOException
public java.util.Vector getEarlyKeyShareGroups()
TlsClient
TlsClient.getClientExtensions()
will be ignored. The protocol
will then add a suitable key_share extension to the ClientHello extensions.getEarlyKeyShareGroups
in interface TlsClient
Vector
of named group
values, possibly empty or null.public void notifyServerVersion(ProtocolVersion serverVersion) throws java.io.IOException
notifyServerVersion
in interface TlsClient
java.io.IOException
public void notifySessionToResume(TlsSession session)
TlsClient
TlsClient.getSessionToResume()
or null if that
session was unusable.
NOTE: the actual negotiated session_id is notified by TlsClient.notifySessionID(byte[])
.notifySessionToResume
in interface TlsClient
session
- The TlsSession
representing the resumable session to
be offered for this connection, or null if there is none.TlsClient.notifySessionID(byte[])
public void notifySessionID(byte[] sessionID)
TlsClient
notifySessionID
in interface TlsClient
TlsContext.getSession()
public void notifySelectedCipherSuite(int selectedCipherSuite)
notifySelectedCipherSuite
in interface TlsClient
public void notifySelectedPSK(TlsPSK selectedPSK) throws java.io.IOException
notifySelectedPSK
in interface TlsClient
java.io.IOException
public void processServerExtensions(java.util.Hashtable serverExtensions) throws java.io.IOException
TlsClient
processServerExtensions
in interface TlsClient
serverExtensions
- (Integer -> byte[])java.io.IOException
public void processServerSupplementalData(java.util.Vector serverSupplementalData) throws java.io.IOException
processServerSupplementalData
in interface TlsClient
java.io.IOException
public java.util.Vector getClientSupplementalData() throws java.io.IOException
getClientSupplementalData
in interface TlsClient
java.io.IOException
public void notifyNewSessionTicket(NewSessionTicket newSessionTicket) throws java.io.IOException
TlsClient
This method will be called (only) when a NewSessionTicket handshake message is received. The ticket is opaque to the client and clients MUST NOT examine the ticket under the assumption that it complies with e.g. RFC 5077 4. Recommended Ticket Construction.
notifyNewSessionTicket
in interface TlsClient
newSessionTicket
- The ticket.java.io.IOException