Class AbstractTlsServer

    • Field Detail

      • cipherSuites

        protected int[] cipherSuites
      • offeredCipherSuites

        protected int[] offeredCipherSuites
      • clientExtensions

        protected java.util.Hashtable clientExtensions
      • encryptThenMACOffered

        protected boolean encryptThenMACOffered
      • maxFragmentLengthOffered

        protected short maxFragmentLengthOffered
      • truncatedHMacOffered

        protected boolean truncatedHMacOffered
      • clientSentECPointFormats

        protected boolean clientSentECPointFormats
      • statusRequestV2

        protected java.util.Vector statusRequestV2
      • trustedCAKeys

        protected java.util.Vector trustedCAKeys
      • selectedCipherSuite

        protected int selectedCipherSuite
      • clientProtocolNames

        protected java.util.Vector clientProtocolNames
      • selectedProtocolName

        protected ProtocolName selectedProtocolName
      • serverExtensions

        protected final java.util.Hashtable serverExtensions
    • Constructor Detail

      • AbstractTlsServer

        public AbstractTlsServer​(TlsCrypto crypto)
    • Method Detail

      • allowCertificateStatus

        protected boolean allowCertificateStatus()
      • allowEncryptThenMAC

        protected boolean allowEncryptThenMAC()
      • allowMultiCertStatus

        protected boolean allowMultiCertStatus()
      • allowTruncatedHMac

        protected boolean allowTruncatedHMac()
      • allowTrustedCAIndication

        protected boolean allowTrustedCAIndication()
      • checkServerExtensions

        protected java.util.Hashtable checkServerExtensions()
        Deprecated.
        Use 'serverExtensions' directly, it is now never null
      • getDetailMessageNoCipherSuite

        protected java.lang.String getDetailMessageNoCipherSuite()
      • getMaximumDefaultCurveBits

        protected int getMaximumDefaultCurveBits()
      • getMaximumDefaultFiniteFieldBits

        protected int getMaximumDefaultFiniteFieldBits()
      • getMaximumNegotiableCurveBits

        protected int getMaximumNegotiableCurveBits()
      • getMaximumNegotiableFiniteFieldBits

        protected int getMaximumNegotiableFiniteFieldBits()
      • getProtocolNames

        protected java.util.Vector getProtocolNames()
      • isSelectableCipherSuite

        protected boolean isSelectableCipherSuite​(int cipherSuite,
                                                  int availCurveBits,
                                                  int availFiniteFieldBits,
                                                  java.util.Vector sigAlgs)
      • preferLocalCipherSuites

        protected boolean preferLocalCipherSuites()
      • selectCipherSuite

        protected boolean selectCipherSuite​(int cipherSuite)
                                     throws java.io.IOException
        Throws:
        java.io.IOException
      • selectDH

        protected int selectDH​(int minimumFiniteFieldBits)
      • selectDHDefault

        protected int selectDHDefault​(int minimumFiniteFieldBits)
      • selectECDH

        protected int selectECDH​(int minimumCurveBits)
      • selectECDHDefault

        protected int selectECDHDefault​(int minimumCurveBits)
      • selectProtocolName

        protected ProtocolName selectProtocolName()
                                           throws java.io.IOException
        Throws:
        java.io.IOException
      • selectProtocolName

        protected ProtocolName selectProtocolName​(java.util.Vector clientProtocolNames,
                                                  java.util.Vector serverProtocolNames)
      • shouldSelectProtocolNameEarly

        protected boolean shouldSelectProtocolNameEarly()
      • preferLocalClientCertificateTypes

        protected boolean preferLocalClientCertificateTypes()
      • getAllowedClientCertificateTypes

        protected short[] getAllowedClientCertificateTypes()
      • getNewConnectionID

        protected byte[] getNewConnectionID()
        RFC 9146 DTLS connection ID.

        This method will be called if a connection_id extension was sent by the client. If the return value is non-null, the server will send this connection ID to the client to use in future packets. As future communication doesn't include the connection IDs length, this should either be fixed-length or include the connection ID's length. (see explanation in RFC 9146 4. "cid:")

        Returns:
        The connection ID to use.
      • getSessionToResume

        public TlsSession getSessionToResume​(byte[] sessionID)
        Description copied from interface: TlsServer
        Return the specified session, if available. Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.
        Specified by:
        getSessionToResume in interface TlsServer
        Parameters:
        sessionID - the ID of the session to resume.
        Returns:
        A TlsSession with the specified session ID, or null.
        See Also:
        SessionParameters.getPeerCertificate()
      • getExternalPSK

        public TlsPSKExternal getExternalPSK​(java.util.Vector identities)
        Description copied from interface: TlsServer
        WARNING: EXPERIMENTAL FEATURE, UNSTABLE API Return the external PSK to select from the ClientHello. Note that this will only be called when TLS 1.3 or higher is amongst the offered protocol versions, and one or more PSKs are actually offered.
        Specified by:
        getExternalPSK in interface TlsServer
        Parameters:
        identities - a Vector of PskIdentity instances.
        Returns:
        the TlsPSKExternal corresponding to the selected identity, or null to not select any.
      • notifyFallback

        public void notifyFallback​(boolean isFallback)
                            throws java.io.IOException
        Specified by:
        notifyFallback in interface TlsServer
        Throws:
        java.io.IOException
      • notifyOfferedCipherSuites

        public void notifyOfferedCipherSuites​(int[] offeredCipherSuites)
                                       throws java.io.IOException
        Specified by:
        notifyOfferedCipherSuites in interface TlsServer
        Throws:
        java.io.IOException
      • processClientExtensions

        public void processClientExtensions​(java.util.Hashtable clientExtensions)
                                     throws java.io.IOException
        Specified by:
        processClientExtensions in interface TlsServer
        Throws:
        java.io.IOException
      • getSupportedGroups

        public int[] getSupportedGroups()
                                 throws java.io.IOException
        Specified by:
        getSupportedGroups in interface TlsServer
        Throws:
        java.io.IOException
      • getSelectedCipherSuite

        public int getSelectedCipherSuite()
                                   throws java.io.IOException
        Specified by:
        getSelectedCipherSuite in interface TlsServer
        Throws:
        java.io.IOException
      • getServerExtensions

        public java.util.Hashtable getServerExtensions()
                                                throws java.io.IOException
        Specified by:
        getServerExtensions in interface TlsServer
        Throws:
        java.io.IOException
      • getServerExtensionsForConnection

        public void getServerExtensionsForConnection​(java.util.Hashtable serverExtensions)
                                              throws java.io.IOException
        Specified by:
        getServerExtensionsForConnection in interface TlsServer
        Throws:
        java.io.IOException
      • getServerSupplementalData

        public java.util.Vector getServerSupplementalData()
                                                   throws java.io.IOException
        Specified by:
        getServerSupplementalData in interface TlsServer
        Throws:
        java.io.IOException
      • getCertificateStatus

        public CertificateStatus getCertificateStatus()
                                               throws java.io.IOException
        Description copied from interface: TlsServer
        This method will be called (only) if the server included an extension of type "status_request" with empty "extension_data" in the extended server hello. See RFC 3546 3.6. Certificate Status Request. If a non-null CertificateStatus is returned, it is sent to the client as a handshake message of type "certificate_status".
        Specified by:
        getCertificateStatus in interface TlsServer
        Returns:
        A CertificateStatus to be sent to the client (or null for none).
        Throws:
        java.io.IOException
      • processClientSupplementalData

        public void processClientSupplementalData​(java.util.Vector clientSupplementalData)
                                           throws java.io.IOException
        Specified by:
        processClientSupplementalData in interface TlsServer
        Throws:
        java.io.IOException
      • notifyClientCertificate

        public void notifyClientCertificate​(Certificate clientCertificate)
                                     throws java.io.IOException
        Description copied from interface: TlsServer
        Called by the protocol handler to report the client certificate, only if TlsServer.getCertificateRequest() returned non-null. Note: this method is responsible for certificate verification and validation.
        Specified by:
        notifyClientCertificate in interface TlsServer
        Parameters:
        clientCertificate - the effective client certificate (may be an empty chain).
        Throws:
        java.io.IOException
      • getNewSessionTicket

        public NewSessionTicket getNewSessionTicket()
                                             throws java.io.IOException
        Description copied from interface: TlsServer
        RFC 5077 3.3. NewSessionTicket Handshake Message.

        This method will be called (only) if a NewSessionTicket extension was sent by the server. See RFC 5077 4. Recommended Ticket Construction for recommended format and protection.

        Specified by:
        getNewSessionTicket in interface TlsServer
        Returns:
        The ticket.
        Throws:
        java.io.IOException