Class AbstractTlsClient

    • Field Detail

      • cipherSuites

        protected int[] cipherSuites
      • supportedGroups

        protected java.util.Vector supportedGroups
      • supportedSignatureAlgorithms

        protected java.util.Vector supportedSignatureAlgorithms
      • supportedSignatureAlgorithmsCert

        protected java.util.Vector supportedSignatureAlgorithmsCert
    • Constructor Detail

      • AbstractTlsClient

        public AbstractTlsClient​(TlsCrypto crypto)
    • Method Detail

      • allowUnexpectedServerExtension

        protected boolean allowUnexpectedServerExtension​(java.lang.Integer extensionType,
                                                         byte[] extensionData)
                                                  throws java.io.IOException
        Throws:
        java.io.IOException
      • getNamedGroupRoles

        protected java.util.Vector getNamedGroupRoles()
      • checkForUnexpectedServerExtension

        protected void checkForUnexpectedServerExtension​(java.util.Hashtable serverExtensions,
                                                         java.lang.Integer extensionType)
                                                  throws java.io.IOException
        Throws:
        java.io.IOException
      • getNewConnectionID

        protected byte[] getNewConnectionID()
        RFC 9146 DTLS connection ID.

        The default getClientExtensions() implementation calls this to get the connection_id extension the client will send. As future communication doesn't include the connection IDs length, this should either be fixed-length or include the connection ID's length. (see explanation in RFC 9146 4. "cid:")

        Returns:
        The connection ID to use.
      • getCertificateAuthorities

        protected java.util.Vector getCertificateAuthorities()
      • getProtocolNames

        protected java.util.Vector getProtocolNames()
      • getSNIServerNames

        protected java.util.Vector getSNIServerNames()
      • getSupportedGroups

        protected java.util.Vector getSupportedGroups​(java.util.Vector namedGroupRoles)
        The default getClientExtensions() implementation calls this to determine which named groups to include in the supported_groups extension for the ClientHello.
        Parameters:
        namedGroupRoles - The named group roles for which there should be at least one supported group. By default this is inferred from the offered cipher suites and signature algorithms.
        Returns:
        a Vector of Integer. See NamedGroup for group constants.
      • getSupportedSignatureAlgorithms

        protected java.util.Vector getSupportedSignatureAlgorithms()
      • getSupportedSignatureAlgorithmsCert

        protected java.util.Vector getSupportedSignatureAlgorithmsCert()
      • getTrustedCAIndication

        protected java.util.Vector getTrustedCAIndication()
      • getAllowedClientCertificateTypes

        protected short[] getAllowedClientCertificateTypes()
      • getAllowedServerCertificateTypes

        protected short[] getAllowedServerCertificateTypes()
      • getSessionToResume

        public TlsSession getSessionToResume()
        Description copied from interface: TlsClient
        Return the session this client wants to resume, if any. Note that the peer's certificate chain for the session (if any) may need to be periodically revalidated.
        Specified by:
        getSessionToResume in interface TlsClient
        Returns:
        A TlsSession representing the resumable session to be used for this connection, or null to use a new session.
        See Also:
        SessionParameters.getPeerCertificate()
      • getExternalPSKs

        public java.util.Vector getExternalPSKs()
        Description copied from interface: TlsClient
        Return the external PSKs to offer in the ClientHello. Note that this will only be called when TLS 1.3 or higher is amongst the offered protocol versions.
        Specified by:
        getExternalPSKs in interface TlsClient
        Returns:
        a Vector of TlsPSKExternal instances, or null if none should be offered.
      • getClientExtensions

        public java.util.Hashtable getClientExtensions()
                                                throws java.io.IOException
        Specified by:
        getClientExtensions in interface TlsClient
        Throws:
        java.io.IOException
      • getEarlyKeyShareGroups

        public java.util.Vector getEarlyKeyShareGroups()
        Description copied from interface: TlsClient
        If this client is offering TLS 1.3 or higher, this method may be called to determine for which groups a key share should be included in the initial ClientHello. Groups that were not included in the supported_groups extension (by TlsClient.getClientExtensions() will be ignored. The protocol will then add a suitable key_share extension to the ClientHello extensions.
        Specified by:
        getEarlyKeyShareGroups in interface TlsClient
        Returns:
        a Vector of named group values, possibly empty or null.
      • notifySelectedPSK

        public void notifySelectedPSK​(TlsPSK selectedPSK)
                               throws java.io.IOException
        Specified by:
        notifySelectedPSK in interface TlsClient
        Throws:
        java.io.IOException
      • processServerExtensions

        public void processServerExtensions​(java.util.Hashtable serverExtensions)
                                     throws java.io.IOException
        Description copied from interface: TlsClient
        The TlsClientProtocol implementation validates that any server extensions received correspond to client extensions sent. If further processing of the server extensions is needed, it can be done in this callback. NOTE: This is not called for session resumption handshakes.
        Specified by:
        processServerExtensions in interface TlsClient
        Parameters:
        serverExtensions - (Integer -> byte[])
        Throws:
        java.io.IOException
      • processServerSupplementalData

        public void processServerSupplementalData​(java.util.Vector serverSupplementalData)
                                           throws java.io.IOException
        Specified by:
        processServerSupplementalData in interface TlsClient
        Throws:
        java.io.IOException
      • getClientSupplementalData

        public java.util.Vector getClientSupplementalData()
                                                   throws java.io.IOException
        Specified by:
        getClientSupplementalData in interface TlsClient
        Throws:
        java.io.IOException
      • notifyNewSessionTicket

        public void notifyNewSessionTicket​(NewSessionTicket newSessionTicket)
                                    throws java.io.IOException
        Description copied from interface: TlsClient
        RFC 5077 3.3. NewSessionTicket Handshake Message

        This method will be called (only) when a NewSessionTicket handshake message is received. The ticket is opaque to the client and clients MUST NOT examine the ticket under the assumption that it complies with e.g. RFC 5077 4. Recommended Ticket Construction.

        Specified by:
        notifyNewSessionTicket in interface TlsClient
        Parameters:
        newSessionTicket - The ticket.
        Throws:
        java.io.IOException