TlsProtocol (Bouncy Castle Library 1.57 API Specification)

java.lang.Object
- org.bouncycastle.crypto.tls.TlsProtocol

Direct Known Subclasses:: TlsClientProtocol, TlsServerProtocol

public abstract class TlsProtocol
extends java.lang.Object

Field Summary

Fields
Modifier and Type	Field and Description
`protected static short`	`ADS_MODE_0_N`
`protected static short`	`ADS_MODE_0_N_FIRSTONLY`
`protected static short`	`ADS_MODE_1_Nsub1`
`protected boolean`	`allowCertificateStatus`
`protected boolean`	`blocking`
`protected java.util.Hashtable`	`clientExtensions`
`protected short`	`connection_state`
`protected static short`	`CS_CERTIFICATE_REQUEST`
`protected static short`	`CS_CERTIFICATE_STATUS`
`protected static short`	`CS_CERTIFICATE_VERIFY`
`protected static short`	`CS_CLIENT_CERTIFICATE`
`protected static short`	`CS_CLIENT_FINISHED`
`protected static short`	`CS_CLIENT_HELLO`
`protected static short`	`CS_CLIENT_KEY_EXCHANGE`
`protected static short`	`CS_CLIENT_SUPPLEMENTAL_DATA`
`protected static short`	`CS_END`
`protected static short`	`CS_SERVER_CERTIFICATE`
`protected static short`	`CS_SERVER_FINISHED`
`protected static short`	`CS_SERVER_HELLO`
`protected static short`	`CS_SERVER_HELLO_DONE`
`protected static short`	`CS_SERVER_KEY_EXCHANGE`
`protected static short`	`CS_SERVER_SESSION_TICKET`
`protected static short`	`CS_SERVER_SUPPLEMENTAL_DATA`
`protected static short`	`CS_START`
`protected boolean`	`expectSessionTicket`
`protected static java.lang.Integer`	`EXT_RenegotiationInfo`
`protected static java.lang.Integer`	`EXT_SessionTicket`
`protected ByteQueueInputStream`	`inputBuffers`
`protected int[]`	`offeredCipherSuites`
`protected short[]`	`offeredCompressionMethods`
`protected ByteQueueOutputStream`	`outputBuffer`
`protected Certificate`	`peerCertificate`
`protected boolean`	`receivedChangeCipherSpec`
`protected boolean`	`resumedSession`
`protected boolean`	`secure_renegotiation`
`protected java.security.SecureRandom`	`secureRandom`
`protected SecurityParameters`	`securityParameters`
`protected java.util.Hashtable`	`serverExtensions`
`protected SessionParameters`	`sessionParameters`
`protected TlsSession`	`tlsSession`

Constructor Summary

Constructors
Constructor and Description
`TlsProtocol(java.io.InputStream input, java.io.OutputStream output, java.security.SecureRandom secureRandom)`
`TlsProtocol(java.security.SecureRandom secureRandom)`

Method Summary

Methods
Modifier and Type	Method and Description
`protected int`	`applicationDataAvailable()`
`protected void`	`applyMaxFragmentLengthExtension()`
`protected static void`	`assertEmpty(java.io.ByteArrayInputStream buf)` Make sure the InputStream 'buf' now empty.
`protected void`	`blockForHandshake()`
`protected void`	`checkReceivedChangeCipherSpec(boolean expected)`
`protected void`	`cleanupHandshake()`
`void`	`close()` Closes this connection.
`void`	`closeInput()` Should be called in non-blocking mode when the input data reaches EOF.
`protected void`	`completeHandshake()`
`protected static byte[]`	`createRandomBlock(boolean useGMTUnixTime, RandomGenerator randomGenerator)`
`protected static byte[]`	`createRenegotiationInfo(byte[] renegotiated_connection)`
`protected byte[]`	`createVerifyData(boolean isServer)`
`protected static void`	`establishMasterSecret(TlsContext context, TlsKeyExchange keyExchange)`
`protected void`	`failWithError(short alertLevel, short alertDescription, java.lang.String message, java.lang.Throwable cause)` Terminate this connection with an alert.
`protected void`	`flush()`
`int`	`getAvailableInputBytes()` Gets the amount of received application data.
`int`	`getAvailableOutputBytes()` Gets the amount of encrypted data available to be sent.
`protected abstract TlsContext`	`getContext()`
`protected static byte[]`	`getCurrentPRFHash(TlsContext context, TlsHandshakeHash handshakeHash, byte[] sslSender)` 'sender' only relevant to SSLv3
`java.io.InputStream`	`getInputStream()`
`java.io.OutputStream`	`getOutputStream()`
`protected abstract TlsPeer`	`getPeer()`
`protected static int`	`getPRFAlgorithm(TlsContext context, int ciphersuite)`
`protected void`	`handleChangeCipherSpecMessage()`
`protected void`	`handleClose(boolean user_canceled)`
`protected abstract void`	`handleHandshakeMessage(short type, java.io.ByteArrayInputStream buf)`
`protected void`	`handleWarningMessage(short description)`
`protected void`	`invalidateSession()`
`boolean`	`isClosed()`
`void`	`offerInput(byte[] input)` Offer input from an arbitrary source.
`void`	`offerOutput(byte[] buffer, int offset, int length)` Offer output from an arbitrary source.
`protected void`	`processFinishedMessage(java.io.ByteArrayInputStream buf)`
`protected short`	`processMaxFragmentLengthExtension(java.util.Hashtable clientExtensions, java.util.Hashtable serverExtensions, short alertDescription)`
`protected void`	`processRecord(short protocol, byte[] buf, int off, int len)`
`protected void`	`raiseAlert(short alertLevel, short alertDescription, java.lang.String message, java.lang.Throwable cause)`
`protected void`	`raiseWarning(short alertDescription, java.lang.String message)`
`protected int`	`readApplicationData(byte[] buf, int offset, int len)` Read data from the network.
`protected static java.util.Hashtable`	`readExtensions(java.io.ByteArrayInputStream input)`
`int`	`readInput(byte[] buffer, int offset, int length)` Retrieves received application data.
`int`	`readOutput(byte[] buffer, int offset, int length)` Retrieves encrypted data to be sent.
`protected static java.util.Vector`	`readSupplementalDataMessage(java.io.ByteArrayInputStream input)`
`protected void`	`refuseRenegotiation()`
`protected void`	`safeCheckRecordHeader(byte[] recordHeader)`
`protected void`	`safeReadRecord()`
`protected void`	`safeWriteRecord(short type, byte[] buf, int offset, int len)`
`protected void`	`sendCertificateMessage(Certificate certificate)`
`protected void`	`sendChangeCipherSpecMessage()`
`protected void`	`sendFinishedMessage()`
`protected void`	`sendSupplementalDataMessage(java.util.Vector supplementalData)`
`protected void`	`setAppDataSplitMode(int appDataSplitMode)`
`protected void`	`writeData(byte[] buf, int offset, int len)` Send some application data to the remote system.
`protected static void`	`writeExtensions(java.io.OutputStream output, java.util.Hashtable extensions)`
`protected void`	`writeHandshakeMessage(byte[] buf, int off, int len)`
`protected static void`	`writeSelectedExtensions(java.io.OutputStream output, java.util.Hashtable extensions, boolean selectEmpty)`
`protected static void`	`writeSupplementalData(java.io.OutputStream output, java.util.Vector supplementalData)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

EXT_RenegotiationInfo

protected static final java.lang.Integer EXT_RenegotiationInfo

EXT_SessionTicket

protected static final java.lang.Integer EXT_SessionTicket

CS_START
```
protected static final short CS_START
```
See Also:
Constant Field Values

CS_CLIENT_HELLO

protected static final short CS_CLIENT_HELLO

See Also:: Constant Field Values

CS_SERVER_HELLO

protected static final short CS_SERVER_HELLO

See Also:: Constant Field Values

CS_SERVER_SUPPLEMENTAL_DATA

protected static final short CS_SERVER_SUPPLEMENTAL_DATA

See Also:: Constant Field Values

CS_SERVER_CERTIFICATE

protected static final short CS_SERVER_CERTIFICATE

See Also:: Constant Field Values

CS_CERTIFICATE_STATUS

protected static final short CS_CERTIFICATE_STATUS

See Also:: Constant Field Values

CS_SERVER_KEY_EXCHANGE

protected static final short CS_SERVER_KEY_EXCHANGE

See Also:: Constant Field Values

CS_CERTIFICATE_REQUEST

protected static final short CS_CERTIFICATE_REQUEST

See Also:: Constant Field Values

CS_SERVER_HELLO_DONE

protected static final short CS_SERVER_HELLO_DONE

See Also:: Constant Field Values

CS_CLIENT_SUPPLEMENTAL_DATA

protected static final short CS_CLIENT_SUPPLEMENTAL_DATA

See Also:: Constant Field Values

CS_CLIENT_CERTIFICATE

protected static final short CS_CLIENT_CERTIFICATE

See Also:: Constant Field Values

CS_CLIENT_KEY_EXCHANGE

protected static final short CS_CLIENT_KEY_EXCHANGE

See Also:: Constant Field Values

CS_CERTIFICATE_VERIFY

protected static final short CS_CERTIFICATE_VERIFY

See Also:: Constant Field Values

CS_CLIENT_FINISHED

protected static final short CS_CLIENT_FINISHED

See Also:: Constant Field Values

CS_SERVER_SESSION_TICKET

protected static final short CS_SERVER_SESSION_TICKET

See Also:: Constant Field Values

CS_SERVER_FINISHED

protected static final short CS_SERVER_FINISHED

See Also:: Constant Field Values

CS_END
```
protected static final short CS_END
```
See Also:
Constant Field Values

ADS_MODE_1_Nsub1

protected static final short ADS_MODE_1_Nsub1

See Also:: Constant Field Values

ADS_MODE_0_N

protected static final short ADS_MODE_0_N

See Also:: Constant Field Values

ADS_MODE_0_N_FIRSTONLY

protected static final short ADS_MODE_0_N_FIRSTONLY

See Also:: Constant Field Values

secureRandom

protected java.security.SecureRandom secureRandom

tlsSession
```
protected TlsSession tlsSession
```

sessionParameters

protected SessionParameters sessionParameters

securityParameters

protected SecurityParameters securityParameters

peerCertificate
```
protected Certificate peerCertificate
```

offeredCipherSuites
```
protected int[] offeredCipherSuites
```

offeredCompressionMethods

protected short[] offeredCompressionMethods

clientExtensions

protected java.util.Hashtable clientExtensions

serverExtensions

protected java.util.Hashtable serverExtensions

connection_state
```
protected short connection_state
```

resumedSession
```
protected boolean resumedSession
```

receivedChangeCipherSpec

protected boolean receivedChangeCipherSpec

secure_renegotiation
```
protected boolean secure_renegotiation
```

allowCertificateStatus

protected boolean allowCertificateStatus

expectSessionTicket
```
protected boolean expectSessionTicket
```

blocking
```
protected boolean blocking
```

inputBuffers

protected ByteQueueInputStream inputBuffers

outputBuffer

protected ByteQueueOutputStream outputBuffer

Constructor Detail

TlsProtocol

public TlsProtocol(java.io.InputStream input,
           java.io.OutputStream output,
           java.security.SecureRandom secureRandom)

TlsProtocol

public TlsProtocol(java.security.SecureRandom secureRandom)

Method Detail

getContext

protected abstract TlsContext getContext()

getPeer
```
protected abstract TlsPeer getPeer()
```

handleChangeCipherSpecMessage

protected void handleChangeCipherSpecMessage()
                                      throws java.io.IOException

Throws:: java.io.IOException

handleHandshakeMessage

protected abstract void handleHandshakeMessage(short type,
                          java.io.ByteArrayInputStream buf)
                                        throws java.io.IOException

Throws:: java.io.IOException

handleWarningMessage

protected void handleWarningMessage(short description)
                             throws java.io.IOException

Throws:: java.io.IOException

applyMaxFragmentLengthExtension

protected void applyMaxFragmentLengthExtension()
                                        throws java.io.IOException

Throws:: java.io.IOException

checkReceivedChangeCipherSpec

protected void checkReceivedChangeCipherSpec(boolean expected)
                                      throws java.io.IOException

Throws:: java.io.IOException

cleanupHandshake
```
protected void cleanupHandshake()
```

blockForHandshake

protected void blockForHandshake()
                          throws java.io.IOException

Throws:: java.io.IOException

completeHandshake

protected void completeHandshake()
                          throws java.io.IOException

Throws:: java.io.IOException

processRecord

protected void processRecord(short protocol,
                 byte[] buf,
                 int off,
                 int len)
                      throws java.io.IOException

Throws:: java.io.IOException

applicationDataAvailable

protected int applicationDataAvailable()

readApplicationData
```
protected int readApplicationData(byte[] buf,
                      int offset,
                      int len)
                           throws java.io.IOException
```
Read data from the network. The method will return immediately, if there is still some data left in the buffer, or block until some application data has been read from the network.

Parameters:
buf - The buffer where the data will be copied to.
offset - The position where the data will be placed in the buffer.
len - The maximum number of bytes to read.

Returns:
The number of bytes read.

Throws:

java.io.IOException - If something goes wrong during reading data.

safeCheckRecordHeader

protected void safeCheckRecordHeader(byte[] recordHeader)
                              throws java.io.IOException

Throws:: java.io.IOException

safeReadRecord

protected void safeReadRecord()
                       throws java.io.IOException

Throws:: java.io.IOException

safeWriteRecord

protected void safeWriteRecord(short type,
                   byte[] buf,
                   int offset,
                   int len)
                        throws java.io.IOException

Throws:: java.io.IOException

writeData
```
protected void writeData(byte[] buf,
             int offset,
             int len)
                  throws java.io.IOException
```
Send some application data to the remote system.
The method will handle fragmentation internally.

Parameters:
buf - The buffer with the data.
offset - The position in the buffer where the data is placed.
len - The length of the data.

Throws:

java.io.IOException - If something goes wrong during sending.

setAppDataSplitMode

protected void setAppDataSplitMode(int appDataSplitMode)

writeHandshakeMessage

protected void writeHandshakeMessage(byte[] buf,
                         int off,
                         int len)
                              throws java.io.IOException

Throws:: java.io.IOException

getOutputStream
```
public java.io.OutputStream getOutputStream()
```
Returns:
An OutputStream which can be used to send data. Only allowed in blocking mode.

getInputStream
```
public java.io.InputStream getInputStream()
```
Returns:
An InputStream which can be used to read data. Only allowed in blocking mode.

closeInput
```
public void closeInput()
                throws java.io.IOException
```
Should be called in non-blocking mode when the input data reaches EOF.

Throws:

java.io.IOException

offerInput
```
public void offerInput(byte[] input)
                throws java.io.IOException
```
Offer input from an arbitrary source. Only allowed in non-blocking mode.

After this method returns, the input buffer is "owned" by this object. Other code must not attempt to do anything with it.

This method will decrypt and process all records that are fully available. If only part of a record is available, the buffer will be retained until the remainder of the record is offered.

If any records containing application data were processed, the decrypted data can be obtained using readInput(byte[], int, int). If any records containing protocol data were processed, a response may have been generated. You should always check to see if there is any available output after calling this method by calling getAvailableOutputBytes().

Parameters:
input - The input buffer to offer

Throws:

java.io.IOException - If an error occurs while decrypting or processing a record

getAvailableInputBytes
```
public int getAvailableInputBytes()
```
Gets the amount of received application data. A call to readInput(byte[], int, int) is guaranteed to be able to return at least this much data.

Only allowed in non-blocking mode.

Returns:
The number of bytes of available application data

readInput
```
public int readInput(byte[] buffer,
            int offset,
            int length)
```
Retrieves received application data. Use getAvailableInputBytes() to check how much application data is currently available. This method functions similarly to InputStream.read(byte[], int, int), except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

Only allowed in non-blocking mode.

Parameters:
buffer - The buffer to hold the application data
offset - The start offset in the buffer at which the data is written
length - The maximum number of bytes to read

Returns:
The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.

offerOutput
```
public void offerOutput(byte[] buffer,
               int offset,
               int length)
                 throws java.io.IOException
```
Offer output from an arbitrary source. Only allowed in non-blocking mode.

After this method returns, the specified section of the buffer will have been processed. Use readOutput(byte[], int, int) to get the bytes to transmit to the other peer.

This method must not be called until after the handshake is complete! Attempting to call it before the handshake is complete will result in an exception.

Parameters:
buffer - The buffer containing application data to encrypt
offset - The offset at which to begin reading data
length - The number of bytes of data to read

Throws:

java.io.IOException - If an error occurs encrypting the data, or the handshake is not complete

getAvailableOutputBytes
```
public int getAvailableOutputBytes()
```
Gets the amount of encrypted data available to be sent. A call to readOutput(byte[], int, int) is guaranteed to be able to return at least this much data.

Only allowed in non-blocking mode.

Returns:
The number of bytes of available encrypted data

readOutput
```
public int readOutput(byte[] buffer,
             int offset,
             int length)
```
Retrieves encrypted data to be sent. Use getAvailableOutputBytes() to check how much encrypted data is currently available. This method functions similarly to InputStream.read(byte[], int, int), except that it never blocks. If no data is available, nothing will be copied and zero will be returned.

Only allowed in non-blocking mode.

Parameters:
buffer - The buffer to hold the encrypted data
offset - The start offset in the buffer at which the data is written
length - The maximum number of bytes to read

Returns:
The total number of bytes copied to the buffer. May be less than the length specified if the length was greater than the amount of available data.

failWithError
```
protected void failWithError(short alertLevel,
                 short alertDescription,
                 java.lang.String message,
                 java.lang.Throwable cause)
                      throws java.io.IOException
```
Terminate this connection with an alert. Can be used for normal closure too.

Parameters:
alertLevel - See AlertLevel for values.
alertDescription - See AlertDescription for values.

Throws:

java.io.IOException - If alert was fatal.

invalidateSession
```
protected void invalidateSession()
```

processFinishedMessage

protected void processFinishedMessage(java.io.ByteArrayInputStream buf)
                               throws java.io.IOException

Throws:: java.io.IOException

raiseAlert

protected void raiseAlert(short alertLevel,
              short alertDescription,
              java.lang.String message,
              java.lang.Throwable cause)
                   throws java.io.IOException

Throws:: java.io.IOException

raiseWarning

protected void raiseWarning(short alertDescription,
                java.lang.String message)
                     throws java.io.IOException

Throws:: java.io.IOException

sendCertificateMessage

protected void sendCertificateMessage(Certificate certificate)
                               throws java.io.IOException

Throws:: java.io.IOException

sendChangeCipherSpecMessage

protected void sendChangeCipherSpecMessage()
                                    throws java.io.IOException

Throws:: java.io.IOException

sendFinishedMessage

protected void sendFinishedMessage()
                            throws java.io.IOException

Throws:: java.io.IOException

sendSupplementalDataMessage

protected void sendSupplementalDataMessage(java.util.Vector supplementalData)
                                    throws java.io.IOException

Throws:: java.io.IOException

createVerifyData

protected byte[] createVerifyData(boolean isServer)

close
```
public void close()
           throws java.io.IOException
```
Closes this connection.

Throws:

java.io.IOException - If something goes wrong during closing.

handleClose

protected void handleClose(boolean user_canceled)
                    throws java.io.IOException

Throws:: java.io.IOException

flush

protected void flush()
              throws java.io.IOException

Throws:: java.io.IOException

isClosed
```
public boolean isClosed()
```

processMaxFragmentLengthExtension

protected short processMaxFragmentLengthExtension(java.util.Hashtable clientExtensions,
                                      java.util.Hashtable serverExtensions,
                                      short alertDescription)
                                           throws java.io.IOException

Throws:: java.io.IOException

refuseRenegotiation

protected void refuseRenegotiation()
                            throws java.io.IOException

Throws:: java.io.IOException

assertEmpty
```
protected static void assertEmpty(java.io.ByteArrayInputStream buf)
                           throws java.io.IOException
```
Make sure the InputStream 'buf' now empty. Fail otherwise.

Parameters:
buf - The InputStream to check.

Throws:

java.io.IOException - If 'buf' is not empty.

createRandomBlock

protected static byte[] createRandomBlock(boolean useGMTUnixTime,
                       RandomGenerator randomGenerator)

createRenegotiationInfo

protected static byte[] createRenegotiationInfo(byte[] renegotiated_connection)
                                         throws java.io.IOException

Throws:: java.io.IOException

establishMasterSecret

protected static void establishMasterSecret(TlsContext context,
                         TlsKeyExchange keyExchange)
                                     throws java.io.IOException

Throws:: java.io.IOException

getCurrentPRFHash

protected static byte[] getCurrentPRFHash(TlsContext context,
                       TlsHandshakeHash handshakeHash,
                       byte[] sslSender)

'sender' only relevant to SSLv3

readExtensions

protected static java.util.Hashtable readExtensions(java.io.ByteArrayInputStream input)
                                             throws java.io.IOException

Throws:: java.io.IOException

readSupplementalDataMessage

protected static java.util.Vector readSupplementalDataMessage(java.io.ByteArrayInputStream input)
                                                       throws java.io.IOException

Throws:: java.io.IOException

writeExtensions

protected static void writeExtensions(java.io.OutputStream output,
                   java.util.Hashtable extensions)
                               throws java.io.IOException

Throws:: java.io.IOException

writeSelectedExtensions

protected static void writeSelectedExtensions(java.io.OutputStream output,
                           java.util.Hashtable extensions,
                           boolean selectEmpty)
                                       throws java.io.IOException

Throws:: java.io.IOException

writeSupplementalData

protected static void writeSupplementalData(java.io.OutputStream output,
                         java.util.Vector supplementalData)
                                     throws java.io.IOException

Throws:: java.io.IOException

getPRFAlgorithm

protected static int getPRFAlgorithm(TlsContext context,
                  int ciphersuite)
                              throws java.io.IOException

Throws:: java.io.IOException

Class TlsProtocol

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

EXT_RenegotiationInfo

EXT_SessionTicket

CS_START

CS_CLIENT_HELLO

CS_SERVER_HELLO

CS_SERVER_SUPPLEMENTAL_DATA

CS_SERVER_CERTIFICATE

CS_CERTIFICATE_STATUS

CS_SERVER_KEY_EXCHANGE

CS_CERTIFICATE_REQUEST

CS_SERVER_HELLO_DONE

CS_CLIENT_SUPPLEMENTAL_DATA

CS_CLIENT_CERTIFICATE

CS_CLIENT_KEY_EXCHANGE

CS_CERTIFICATE_VERIFY

CS_CLIENT_FINISHED

CS_SERVER_SESSION_TICKET

CS_SERVER_FINISHED

CS_END

ADS_MODE_1_Nsub1

ADS_MODE_0_N

ADS_MODE_0_N_FIRSTONLY

secureRandom

tlsSession

sessionParameters

securityParameters

peerCertificate

offeredCipherSuites

offeredCompressionMethods

clientExtensions

serverExtensions

connection_state

resumedSession

receivedChangeCipherSpec

secure_renegotiation

allowCertificateStatus

expectSessionTicket

blocking

inputBuffers

outputBuffer

Constructor Detail

TlsProtocol

TlsProtocol

Method Detail

getContext

getPeer

handleChangeCipherSpecMessage

handleHandshakeMessage

handleWarningMessage

applyMaxFragmentLengthExtension

checkReceivedChangeCipherSpec

cleanupHandshake

blockForHandshake

completeHandshake

processRecord

applicationDataAvailable

readApplicationData

safeCheckRecordHeader

safeReadRecord

safeWriteRecord

writeData

setAppDataSplitMode

writeHandshakeMessage

getOutputStream

getInputStream

closeInput

offerInput

getAvailableInputBytes

readInput

offerOutput

getAvailableOutputBytes

readOutput

failWithError

invalidateSession