Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  package org.bouncycastle.crypto.tls;
  
  import java.util.Vector;
  
(D)TLS ECDH key exchange (see RFC 4492).
 
 public class TlsECDHKeyExchange extends AbstractTlsKeyExchange
 {
     protected TlsSigner tlsSigner;
     protected int[] namedCurves;
     protected short[] clientECPointFormatsserverECPointFormats;
 
 
 
     public TlsECDHKeyExchange(int keyExchangeVector supportedSignatureAlgorithmsint[] namedCurves,
         short[] clientECPointFormatsshort[] serverECPointFormats)
     {
         super(keyExchangesupportedSignatureAlgorithms);
 
         switch (keyExchange)
         {
         case .:
             this. = new TlsRSASigner();
             break;
         case .:
             this. = new TlsECDSASigner();
             break;
         case .:
         case .:
             this. = null;
             break;
         default:
             throw new IllegalArgumentException("unsupported key exchange algorithm");
         }
 
         this. = namedCurves;
         this. = clientECPointFormats;
         this. = serverECPointFormats;
     }
 
     public void init(TlsContext context)
     {
         super.init(context);
 
         if (this. != null)
         {
             this..init(context);
         }
     }
 
     public void skipServerCredentials() throws IOException
     {
         throw new TlsFatalAlert(.);
     }
 
     public void processServerCertificate(Certificate serverCertificatethrows IOException
     {
         if (serverCertificate.isEmpty())
         {
             throw new TlsFatalAlert(.);
         }
 
         org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0);
 
         SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
         try
         {
             this. = PublicKeyFactory.createKey(keyInfo);
         }
         catch (RuntimeException e)
         {
             throw new TlsFatalAlert(.e);
         }
 
         if ( == null)
         {
             try
             {
                 this. = TlsECCUtils.validateECPublicKey((ECPublicKeyParametersthis.);
             }
             catch (ClassCastException e)
             {
                 throw new TlsFatalAlert(.e);
            }
            TlsUtils.validateKeyUsage(x509Cert.);
        }
        else
        {
            if (!.isValidPublicKey(this.))
            {
                throw new TlsFatalAlert(.);
            }
            TlsUtils.validateKeyUsage(x509Cert.);
        }
        super.processServerCertificate(serverCertificate);
    }
    public boolean requiresServerKeyExchange()
    {
        switch ()
        {
        case .:
        case .:
        case .:
            return true;
        default:
            return false;
        }
    }
    public void validateCertificateRequest(CertificateRequest certificateRequestthrows IOException
    {
        /*
         * RFC 4492 3. [...] The ECDSA_fixed_ECDH and RSA_fixed_ECDH mechanisms are usable with
         * ECDH_ECDSA and ECDH_RSA. Their use with ECDHE_ECDSA and ECDHE_RSA is prohibited because
         * the use of a long-term ECDH client key would jeopardize the forward secrecy property of
         * these algorithms.
         */
        short[] types = certificateRequest.getCertificateTypes();
        for (int i = 0; i < types.length; ++i)
        {
            switch (types[i])
            {
            case .:
            case .:
            case .:
            case .:
            case .:
                break;
            default:
                throw new TlsFatalAlert(.);
            }
        }
    }
    public void processClientCredentials(TlsCredentials clientCredentialsthrows IOException
    {
        if (clientCredentials instanceof TlsAgreementCredentials)
        {
            // TODO Validate client cert has matching parameters (see 'TlsECCUtils.areOnSameCurve')?
            this. = (TlsAgreementCredentials)clientCredentials;
        }
        else if (clientCredentials instanceof TlsSignerCredentials)
        {
            // OK
        }
        else
        {
            throw new TlsFatalAlert(.);
        }
    }
    public void generateClientKeyExchange(OutputStream outputthrows IOException
    {
        if ( == null)
        {
            this. = TlsECCUtils.generateEphemeralClientKeyExchange(.getSecureRandom(),
                .getParameters(), output);
        }
    }
    public void processClientCertificate(Certificate clientCertificatethrows IOException
    {
        // TODO Extract the public key
        // TODO If the certificate is 'fixed', take the public key as ecAgreeClientPublicKey
    }
    public void processClientKeyExchange(InputStream inputthrows IOException
    {
        if ( != null)
        {
            // For ecdsa_fixed_ecdh and rsa_fixed_ecdh, the key arrived in the client certificate
            return;
        }
        byte[] point = TlsUtils.readOpaque8(input);
        ECDomainParameters curve_params = this..getParameters();
        this. = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey(
            curve_paramspoint));
    }
    public byte[] generatePremasterSecret() throws IOException
    {
        if ( != null)
        {
        }
        if ( != null)
        {
            return TlsECCUtils.calculateECDHBasicAgreement();
        }
        throw new TlsFatalAlert(.);
    }
New to GrepCode? Check out our FAQ X