public CertificateRequest getCertificateRequest() throws IOException { Vector<SignatureAndHashAlgorithm> serverSigAlgs = null; if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(serverVersion)) { short[] hashAlgorithms = new short[] { HashAlgorithm.sha512, HashAlgorithm.sha384, HashAlgorithm.sha256, HashAlgorithm.sha224, HashAlgorithm.sha1 }; short[] signatureAlgorithms = new short[] { SignatureAlgorithm.rsa }; serverSigAlgs = new Vector<SignatureAndHashAlgorithm>(); for (int i = 0; i < hashAlgorithms.length; ++i) { for (int j = 0; j < signatureAlgorithms.length; ++j) { serverSigAlgs.addElement(new SignatureAndHashAlgorithm(hashAlgorithms[i], signatureAlgorithms[j])); } } } Vector<X500Name> certificateAuthorities = new Vector<X500Name>(); certificateAuthorities.add(DtlsUtils.loadCertificateResource(root.getAbsolutePath()).getSubject()); return new CertificateRequest(new short[] { ClientCertificateType.rsa_sign }, serverSigAlgs, certificateAuthorities); }
public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException { short[] types = certificateRequest.getCertificateTypes(); for (int i = 0; i < types.length; ++i) { switch (types[i]) { case ClientCertificateType.rsa_sign: case ClientCertificateType.dss_sign: case ClientCertificateType.ecdsa_sign: break; default: throw new TlsFatalAlert(AlertDescription.illegal_parameter); } } }
public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException { short[] certificateTypes = certificateRequest.getCertificateTypes(); if (certificateTypes == null || !Arrays.contains(certificateTypes, ClientCertificateType.rsa_sign)) { return null; } SignatureAndHashAlgorithm signatureAndHashAlgorithm = null; Vector<?> sigAlgs = certificateRequest.getSupportedSignatureAlgorithms(); if (sigAlgs != null) { for (int i = 0; i < sigAlgs.size(); ++i) { SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm) sigAlgs.elementAt(i); if (sigAlg.getSignature() == SignatureAlgorithm.rsa) { signatureAndHashAlgorithm = sigAlg; break; } } if (signatureAndHashAlgorithm == null) { return null; } } return DtlsUtils.loadSignerCredentials(context, new String[] { cert.getAbsolutePath(), root.getAbsolutePath() }, key.getAbsolutePath(), signatureAndHashAlgorithm); } };
if (TlsUtils.isTLSv12(context)) TlsUtils.verifySupportedSignatureAlgorithm(state.certificateRequest.getSupportedSignatureAlgorithms(), signatureAlgorithm); hash = prepareFinishHash.getFinalHash(signatureAlgorithm.getHash());
this.certificateRequest = CertificateRequest.parse(getContext(), buf); this.certificateRequest.getSupportedSignatureAlgorithms());
protected byte[] generateCertificateRequest(ServerHandshakeState state, CertificateRequest certificateRequest) throws IOException { ByteArrayOutputStream buf = new ByteArrayOutputStream(); certificateRequest.encode(buf); return buf.toByteArray(); }
protected void processCertificateRequest(ClientHandshakeState state, byte[] body) throws IOException { if (state.authentication == null) { /* * RFC 2246 7.4.4. It is a fatal handshake_failure alert for an anonymous server to * request client identification. */ throw new TlsFatalAlert(AlertDescription.handshake_failure); } ByteArrayInputStream buf = new ByteArrayInputStream(body); state.certificateRequest = CertificateRequest.parse(state.clientContext, buf); TlsProtocol.assertEmpty(buf); state.keyExchange.validateCertificateRequest(state.certificateRequest); }
if (TlsUtils.isTLSv12(getContext())) TlsUtils.verifySupportedSignatureAlgorithm(certificateRequest.getSupportedSignatureAlgorithms(), signatureAlgorithm); hash = prepareFinishHash.getFinalHash(signatureAlgorithm.getHash());
this.certificateRequest = CertificateRequest.parse(getContext(), buf); this.certificateRequest.getSupportedSignatureAlgorithms());
protected byte[] generateCertificateRequest(ServerHandshakeState state, CertificateRequest certificateRequest) throws IOException { ByteArrayOutputStream buf = new ByteArrayOutputStream(); certificateRequest.encode(buf); return buf.toByteArray(); }
protected void processCertificateRequest(ClientHandshakeState state, byte[] body) throws IOException { if (state.authentication == null) { /* * RFC 2246 7.4.4. It is a fatal handshake_failure alert for an anonymous server to * request client identification. */ throw new TlsFatalAlert(AlertDescription.handshake_failure); } ByteArrayInputStream buf = new ByteArrayInputStream(body); state.certificateRequest = CertificateRequest.parse(state.clientContext, buf); TlsProtocol.assertEmpty(buf); state.keyExchange.validateCertificateRequest(state.certificateRequest); }
public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException { short[] types = certificateRequest.getCertificateTypes(); for (int i = 0; i < types.length; ++i) { switch (types[i]) { case ClientCertificateType.rsa_sign: case ClientCertificateType.dss_sign: case ClientCertificateType.ecdsa_sign: break; default: throw new TlsFatalAlert(AlertDescription.illegal_parameter); } } }
public CertificateRequest getCertificateRequest() { Vector<SignatureAndHashAlgorithm> serverSigAlgs = null; if (org.bouncycastle.crypto.tls.TlsUtils.isSignatureAlgorithmsExtensionAllowed(serverVersion)) { short[] hashAlgorithms = new short[] { HashAlgorithm.sha512, HashAlgorithm.sha384, HashAlgorithm.sha256, HashAlgorithm.sha224, HashAlgorithm.sha1 }; short[] signatureAlgorithms = new short[] { algorithmCertificate.getSignatureAlgorithm(), SignatureAlgorithm.ecdsa }; serverSigAlgs = new Vector<SignatureAndHashAlgorithm>(); for (int i = 0; i < hashAlgorithms.length; ++i) { for (int j = 0; j < signatureAlgorithms.length; ++j) { serverSigAlgs.addElement(new SignatureAndHashAlgorithm(hashAlgorithms[i], signatureAlgorithms[j])); } } } return new CertificateRequest(new short[] { algorithmCertificate.getClientCertificate() }, serverSigAlgs, null); }
if (this.certificateRequest != null) if (TlsUtils.isTLSv12(getContext()) != (certificateRequest.getSupportedSignatureAlgorithms() != null)) this.certificateRequest.getSupportedSignatureAlgorithms());
protected void sendCertificateRequestMessage(CertificateRequest certificateRequest) throws IOException { HandshakeMessage message = new HandshakeMessage(HandshakeType.certificate_request); certificateRequest.encode(message); message.writeToRecordStream(); }
public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException { short[] types = certificateRequest.getCertificateTypes(); for (int i = 0; i < types.length; ++i) { switch (types[i]) { case ClientCertificateType.rsa_sign: case ClientCertificateType.dss_sign: case ClientCertificateType.rsa_fixed_dh: case ClientCertificateType.dss_fixed_dh: case ClientCertificateType.ecdsa_sign: break; default: throw new TlsFatalAlert(AlertDescription.illegal_parameter); } } }
public CertificateRequest getCertificateRequest() { Vector<SignatureAndHashAlgorithm> serverSigAlgs = null; if (org.bouncycastle.crypto.tls.TlsUtils.isSignatureAlgorithmsExtensionAllowed(serverVersion)) { short[] hashAlgorithms = new short[] { HashAlgorithm.sha512, HashAlgorithm.sha384, HashAlgorithm.sha256, HashAlgorithm.sha224, HashAlgorithm.sha1 }; short[] signatureAlgorithms = new short[] { algorithmCertificate.getSignatureAlgorithm(), SignatureAlgorithm.ecdsa }; serverSigAlgs = new Vector<SignatureAndHashAlgorithm>(); for (int i = 0; i < hashAlgorithms.length; ++i) { for (int j = 0; j < signatureAlgorithms.length; ++j) { serverSigAlgs.addElement(new SignatureAndHashAlgorithm(hashAlgorithms[i], signatureAlgorithms[j])); } } } return new CertificateRequest(new short[] { algorithmCertificate.getClientCertificate() }, serverSigAlgs, null); }
this.certificateRequest.getSupportedSignatureAlgorithms());
protected void sendCertificateRequestMessage(CertificateRequest certificateRequest) throws IOException { HandshakeMessage message = new HandshakeMessage(HandshakeType.certificate_request); certificateRequest.encode(message); message.writeToRecordStream(); }
public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException { /* * RFC 4492 3. [...] The ECDSA_fixed_ECDH and RSA_fixed_ECDH mechanisms are usable with * ECDH_ECDSA and ECDH_RSA. Their use with ECDHE_ECDSA and ECDHE_RSA is prohibited because * the use of a long-term ECDH client key would jeopardize the forward secrecy property of * these algorithms. */ short[] types = certificateRequest.getCertificateTypes(); for (int i = 0; i < types.length; ++i) { switch (types[i]) { case ClientCertificateType.rsa_sign: case ClientCertificateType.dss_sign: case ClientCertificateType.ecdsa_sign: break; default: throw new TlsFatalAlert(AlertDescription.illegal_parameter); } } }