Class TlsProtocol

    • Field Detail

      • EXT_RenegotiationInfo

        protected static final java.lang.Integer EXT_RenegotiationInfo
      • EXT_SessionTicket

        protected static final java.lang.Integer EXT_SessionTicket
      • CS_SERVER_SUPPLEMENTAL_DATA

        protected static final short CS_SERVER_SUPPLEMENTAL_DATA
        See Also:
        Constant Field Values
      • CS_SERVER_CERTIFICATE

        protected static final short CS_SERVER_CERTIFICATE
        See Also:
        Constant Field Values
      • CS_CERTIFICATE_STATUS

        protected static final short CS_CERTIFICATE_STATUS
        See Also:
        Constant Field Values
      • CS_SERVER_KEY_EXCHANGE

        protected static final short CS_SERVER_KEY_EXCHANGE
        See Also:
        Constant Field Values
      • CS_CERTIFICATE_REQUEST

        protected static final short CS_CERTIFICATE_REQUEST
        See Also:
        Constant Field Values
      • CS_SERVER_HELLO_DONE

        protected static final short CS_SERVER_HELLO_DONE
        See Also:
        Constant Field Values
      • CS_CLIENT_SUPPLEMENTAL_DATA

        protected static final short CS_CLIENT_SUPPLEMENTAL_DATA
        See Also:
        Constant Field Values
      • CS_CLIENT_CERTIFICATE

        protected static final short CS_CLIENT_CERTIFICATE
        See Also:
        Constant Field Values
      • CS_CLIENT_KEY_EXCHANGE

        protected static final short CS_CLIENT_KEY_EXCHANGE
        See Also:
        Constant Field Values
      • CS_CERTIFICATE_VERIFY

        protected static final short CS_CERTIFICATE_VERIFY
        See Also:
        Constant Field Values
      • CS_SERVER_SESSION_TICKET

        protected static final short CS_SERVER_SESSION_TICKET
        See Also:
        Constant Field Values
      • ADS_MODE_0_N_FIRSTONLY

        protected static final short ADS_MODE_0_N_FIRSTONLY
        See Also:
        Constant Field Values
      • offeredCipherSuites

        protected int[] offeredCipherSuites
      • clientExtensions

        protected java.util.Hashtable clientExtensions
      • serverExtensions

        protected java.util.Hashtable serverExtensions
      • connection_state

        protected short connection_state
      • resumedSession

        protected boolean resumedSession
      • receivedChangeCipherSpec

        protected boolean receivedChangeCipherSpec
      • allowCertificateStatus

        protected boolean allowCertificateStatus
      • expectSessionTicket

        protected boolean expectSessionTicket
      • blocking

        protected boolean blocking
    • Constructor Detail

      • TlsProtocol

        protected TlsProtocol()
      • TlsProtocol

        protected TlsProtocol​(java.io.InputStream input,
                              java.io.OutputStream output)
    • Method Detail

      • resumeHandshake

        public void resumeHandshake()
                             throws java.io.IOException
        Throws:
        java.io.IOException
      • closeConnection

        protected void closeConnection()
                                throws java.io.IOException
        Throws:
        java.io.IOException
      • getContext

        protected abstract TlsContext getContext()
      • getPeer

        protected abstract TlsPeer getPeer()
      • getRenegotiationPolicy

        protected int getRenegotiationPolicy()
      • handleAlertMessage

        protected void handleAlertMessage​(short alertLevel,
                                          short alertDescription)
                                   throws java.io.IOException
        Throws:
        java.io.IOException
      • handleAlertWarningMessage

        protected void handleAlertWarningMessage​(short alertDescription)
                                          throws java.io.IOException
        Throws:
        java.io.IOException
      • handleChangeCipherSpecMessage

        protected void handleChangeCipherSpecMessage()
                                              throws java.io.IOException
        Throws:
        java.io.IOException
      • handleClose

        protected void handleClose​(boolean user_canceled)
                            throws java.io.IOException
        Throws:
        java.io.IOException
      • handleException

        protected void handleException​(short alertDescription,
                                       java.lang.String message,
                                       java.lang.Throwable e)
                                throws java.io.IOException
        Throws:
        java.io.IOException
      • handleFailure

        protected void handleFailure()
                              throws java.io.IOException
        Throws:
        java.io.IOException
      • handleHandshakeMessage

        protected abstract void handleHandshakeMessage​(short type,
                                                       java.io.ByteArrayInputStream buf)
                                                throws java.io.IOException
        Throws:
        java.io.IOException
      • handleRenegotiation

        protected boolean handleRenegotiation()
                                       throws java.io.IOException
        Throws:
        java.io.IOException
      • applyMaxFragmentLengthExtension

        protected void applyMaxFragmentLengthExtension()
                                                throws java.io.IOException
        Throws:
        java.io.IOException
      • checkReceivedChangeCipherSpec

        protected void checkReceivedChangeCipherSpec​(boolean expected)
                                              throws java.io.IOException
        Throws:
        java.io.IOException
      • blockForHandshake

        protected void blockForHandshake()
                                  throws java.io.IOException
        Throws:
        java.io.IOException
      • beginHandshake

        protected void beginHandshake​(boolean renegotiation)
                               throws java.io.IOException
        Throws:
        java.io.IOException
      • cleanupHandshake

        protected void cleanupHandshake()
      • completeHandshake

        protected void completeHandshake()
                                  throws java.io.IOException
        Throws:
        java.io.IOException
      • processRecord

        protected void processRecord​(short protocol,
                                     byte[] buf,
                                     int off,
                                     int len)
                              throws java.io.IOException
        Throws:
        java.io.IOException
      • applicationDataAvailable

        public int applicationDataAvailable()
      • readApplicationData

        public int readApplicationData​(byte[] buf,
                                       int offset,
                                       int len)
                                throws java.io.IOException
        Read data from the network. The method will return immediately, if there is still some data left in the buffer, or block until some application data has been read from the network.
        Parameters:
        buf - The buffer where the data will be copied to.
        offset - The position where the data will be placed in the buffer.
        len - The maximum number of bytes to read.
        Returns:
        The number of bytes read.
        Throws:
        java.io.IOException - If something goes wrong during reading data.
      • safePreviewRecordHeader

        protected RecordPreview safePreviewRecordHeader​(byte[] recordHeader)
                                                 throws java.io.IOException
        Throws:
        java.io.IOException
      • safeReadRecord

        protected void safeReadRecord()
                               throws java.io.IOException
        Throws:
        java.io.IOException
      • safeReadFullRecord

        protected boolean safeReadFullRecord​(byte[] input,
                                             int inputOff,
                                             int inputLen)
                                      throws java.io.IOException
        Throws:
        java.io.IOException
      • safeWriteRecord

        protected void safeWriteRecord​(short type,
                                       byte[] buf,
                                       int offset,
                                       int len)
                                throws java.io.IOException
        Throws:
        java.io.IOException
      • writeApplicationData

        public void writeApplicationData​(byte[] buf,
                                         int offset,
                                         int len)
                                  throws java.io.IOException
        Write some application data. Fragmentation is handled internally. Usable in both blocking/non-blocking modes.

        In blocking mode, the output will be automatically sent via the underlying transport. In non-blocking mode, call readOutput(byte[], int, int) to get the output bytes to send to the peer.

        This method must not be called until after the initial handshake is complete. Attempting to call it earlier will result in an IllegalStateException.
        Parameters:
        buf - The buffer containing application data to send
        offset - The offset at which the application data begins
        len - The number of bytes of application data
        Throws:
        java.lang.IllegalStateException - If called before the initial handshake has completed.
        java.io.IOException - If connection is already closed, or for encryption or transport errors.
      • getAppDataSplitMode

        public int getAppDataSplitMode()
      • setAppDataSplitMode

        public void setAppDataSplitMode​(int appDataSplitMode)
      • isResumableHandshake

        public boolean isResumableHandshake()
      • setResumableHandshake

        public void setResumableHandshake​(boolean resumableHandshake)
      • writeHandshakeMessage

        protected void writeHandshakeMessage​(byte[] buf,
                                             int off,
                                             int len)
                                      throws java.io.IOException
        Throws:
        java.io.IOException
      • getOutputStream

        public java.io.OutputStream getOutputStream()
        Returns:
        An OutputStream which can be used to send data. Only allowed in blocking mode.
      • getInputStream

        public java.io.InputStream getInputStream()
        Returns:
        An InputStream which can be used to read data. Only allowed in blocking mode.
      • closeInput

        public void closeInput()
                        throws java.io.IOException
        Should be called in non-blocking mode when the input data reaches EOF.
        Throws:
        java.io.IOException
      • previewInputRecord

        public RecordPreview previewInputRecord​(byte[] recordHeader)
                                         throws java.io.IOException
        Throws:
        java.io.IOException
      • previewOutputRecord

        public RecordPreview previewOutputRecord​(int applicationDataSize)
                                          throws java.io.IOException
        Throws:
        java.io.IOException
      • offerInput

        public void offerInput​(byte[] input)
                        throws java.io.IOException
        Equivalent to offerInput(input, 0, input.length)
        Parameters:
        input - The input buffer to offer
        Throws:
        java.io.IOException - If an error occurs while decrypting or processing a record
        See Also:
        offerInput(byte[], int, int)
      • offerInput

        public void offerInput​(byte[] input,
                               int inputOff,
                               int inputLen)
                        throws java.io.IOException
        Offer input from an arbitrary source. Only allowed in non-blocking mode.

        This method will decrypt and process all records that are fully available. If only part of a record is available, the buffer will be retained until the remainder of the record is offered.

        If any records containing application data were processed, the decrypted data can be obtained using readInput(byte[], int, int). If any records containing protocol data were processed, a response may have been generated. You should always check to see if there is any available output after calling this method by calling getAvailableOutputBytes().
        Parameters:
        input - The input buffer to offer
        inputOff - The offset within the input buffer that input begins
        inputLen - The number of bytes of input being offered
        Throws:
        java.io.IOException - If an error occurs while decrypting or processing a record
      • getApplicationDataLimit

        public int getApplicationDataLimit()
      • getAvailableInputBytes

        public int getAvailableInputBytes()
        Gets the amount of received application data. A call to readInput(byte[], int, int) is guaranteed to be able to return at least this much data.

        Only allowed in non-blocking mode.
        Returns:
        The number of bytes of available application data
      • readInput

        public int readInput​(byte[] buffer,
                             int offset,
                             int length)
        Retrieves received application data. Use getAvailableInputBytes() to check how much application data is currently available. This method functions similarly to InputStream.read(byte[], int, int), except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

        Only allowed in non-blocking mode.
        Parameters:
        buffer - The buffer to hold the application data
        offset - The start offset in the buffer at which the data is written
        length - The maximum number of bytes to read
        Returns:
        The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.
      • getAvailableOutputBytes

        public int getAvailableOutputBytes()
        Gets the amount of encrypted data available to be sent. A call to readOutput(byte[], int, int) is guaranteed to be able to return at least this much data.

        Only allowed in non-blocking mode.
        Returns:
        The number of bytes of available encrypted data
      • readOutput

        public int readOutput​(byte[] buffer,
                              int offset,
                              int length)
        Retrieves encrypted data to be sent. Use getAvailableOutputBytes() to check how much encrypted data is currently available. This method functions similarly to InputStream.read(byte[], int, int), except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

        Only allowed in non-blocking mode.
        Parameters:
        buffer - The buffer to hold the encrypted data
        offset - The start offset in the buffer at which the data is written
        length - The maximum number of bytes to read
        Returns:
        The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.
      • invalidateSession

        protected void invalidateSession()
      • processFinishedMessage

        protected void processFinishedMessage​(java.io.ByteArrayInputStream buf)
                                       throws java.io.IOException
        Throws:
        java.io.IOException
      • raiseAlertFatal

        protected void raiseAlertFatal​(short alertDescription,
                                       java.lang.String message,
                                       java.lang.Throwable cause)
                                throws java.io.IOException
        Throws:
        java.io.IOException
      • raiseAlertWarning

        protected void raiseAlertWarning​(short alertDescription,
                                         java.lang.String message)
                                  throws java.io.IOException
        Throws:
        java.io.IOException
      • sendCertificateMessage

        protected void sendCertificateMessage​(Certificate certificate,
                                              java.io.OutputStream endPointHash)
                                       throws java.io.IOException
        Throws:
        java.io.IOException
      • sendChangeCipherSpecMessage

        protected void sendChangeCipherSpecMessage()
                                            throws java.io.IOException
        Throws:
        java.io.IOException
      • sendFinishedMessage

        protected void sendFinishedMessage()
                                    throws java.io.IOException
        Throws:
        java.io.IOException
      • sendSupplementalDataMessage

        protected void sendSupplementalDataMessage​(java.util.Vector supplementalData)
                                            throws java.io.IOException
        Throws:
        java.io.IOException
      • createVerifyData

        protected byte[] createVerifyData​(boolean isServer)
      • close

        public void close()
                   throws java.io.IOException
        Closes this connection.
        Specified by:
        close in interface TlsCloseable
        Throws:
        java.io.IOException - If something goes wrong during closing.
      • flush

        public void flush()
                   throws java.io.IOException
        Throws:
        java.io.IOException
      • isClosed

        public boolean isClosed()
      • isHandshaking

        public boolean isHandshaking()
      • processMaxFragmentLengthExtension

        protected short processMaxFragmentLengthExtension​(java.util.Hashtable clientExtensions,
                                                          java.util.Hashtable serverExtensions,
                                                          short alertDescription)
                                                   throws java.io.IOException
        Throws:
        java.io.IOException
      • refuseRenegotiation

        protected void refuseRenegotiation()
                                    throws java.io.IOException
        Throws:
        java.io.IOException
      • assertEmpty

        protected static void assertEmpty​(java.io.ByteArrayInputStream buf)
                                   throws java.io.IOException
        Make sure the InputStream 'buf' now empty. Fail otherwise.
        Parameters:
        buf - The InputStream to check.
        Throws:
        java.io.IOException - If 'buf' is not empty.
      • createRandomBlock

        protected static byte[] createRandomBlock​(boolean useGMTUnixTime,
                                                  TlsContext context)
      • createRenegotiationInfo

        protected static byte[] createRenegotiationInfo​(byte[] renegotiated_connection)
                                                 throws java.io.IOException
        Throws:
        java.io.IOException
      • establishMasterSecret

        protected static void establishMasterSecret​(TlsContext context,
                                                    TlsKeyExchange keyExchange)
                                             throws java.io.IOException
        Throws:
        java.io.IOException
      • readExtensions

        protected static java.util.Hashtable readExtensions​(java.io.ByteArrayInputStream input)
                                                     throws java.io.IOException
        Throws:
        java.io.IOException
      • readExtensionsData

        protected static java.util.Hashtable readExtensionsData​(byte[] extBytes)
                                                         throws java.io.IOException
        Throws:
        java.io.IOException
      • readSupplementalDataMessage

        protected static java.util.Vector readSupplementalDataMessage​(java.io.ByteArrayInputStream input)
                                                               throws java.io.IOException
        Throws:
        java.io.IOException
      • validateCredentials

        protected static TlsCredentials validateCredentials​(TlsCredentials credentials)
                                                     throws java.io.IOException
        Throws:
        java.io.IOException
      • writeExtensions

        protected static void writeExtensions​(java.io.OutputStream output,
                                              java.util.Hashtable extensions)
                                       throws java.io.IOException
        Throws:
        java.io.IOException
      • writeSelectedExtensions

        protected static void writeSelectedExtensions​(java.io.OutputStream output,
                                                      java.util.Hashtable extensions,
                                                      boolean selectEmpty)
                                               throws java.io.IOException
        Throws:
        java.io.IOException
      • writeSupplementalData

        protected static void writeSupplementalData​(java.io.OutputStream output,
                                                    java.util.Vector supplementalData)
                                             throws java.io.IOException
        Throws:
        java.io.IOException
      • getPRFAlgorithm

        protected static int getPRFAlgorithm​(TlsContext context,
                                             int cipherSuite)
                                      throws java.io.IOException
        Throws:
        java.io.IOException