case KeyExchangeAlgorithm.DH_DSS: case KeyExchangeAlgorithm.DH_RSA: return createDHKeyExchange(keyExchangeAlgorithm); return createDHEKeyExchange(keyExchangeAlgorithm); return createECDHKeyExchange(keyExchangeAlgorithm); return createECDHEKeyExchange(keyExchangeAlgorithm); return createRSAKeyExchange();
protected TlsKeyExchange createDHKeyExchange(int keyExchange) { return new TlsDHKeyExchange(keyExchange, supportedSignatureAlgorithms, getDHParameters()); }
public TlsCredentials getCredentials() throws IOException { int keyExchangeAlgorithm = TlsUtils.getKeyExchangeAlgorithm(selectedCipherSuite); switch (keyExchangeAlgorithm) { case KeyExchangeAlgorithm.DHE_DSS: return getDSASignerCredentials(); case KeyExchangeAlgorithm.DH_anon: case KeyExchangeAlgorithm.ECDH_anon: return null; case KeyExchangeAlgorithm.ECDHE_ECDSA: return getECDSASignerCredentials(); case KeyExchangeAlgorithm.DHE_RSA: case KeyExchangeAlgorithm.ECDHE_RSA: return getRSASignerCredentials(); case KeyExchangeAlgorithm.RSA: return getRSAEncryptionCredentials(); default: /* Note: internal error here; selected a key exchange we don't implement! */ throw new TlsFatalAlert(AlertDescription.internal_error); } }
super.processClientExtensions(clientExtensions); return; super.processClientExtensions(clientExtensions);
@SuppressWarnings("rawtypes") @Override public void processClientExtensions(Hashtable newClientExtensions) throws IOException { super.processClientExtensions(newClientExtensions); // set to some reasonable default value int chosenProfile = SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_80; UseSRTPData clientSrtpData = TlsSRTPUtils.getUseSRTPExtension(newClientExtensions); for (int profile : clientSrtpData.getProtectionProfiles()) { switch (profile) { case SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_32: case SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_80: case SRTPProtectionProfile.SRTP_NULL_HMAC_SHA1_32: case SRTPProtectionProfile.SRTP_NULL_HMAC_SHA1_80: chosenProfile = profile; break; default: } } // server chooses a mutually supported SRTP protection profile // http://tools.ietf.org/html/draft-ietf-avt-dtls-srtp-07#section-4.1.2 int[] protectionProfiles = { chosenProfile }; // server agrees to use the MKI offered by the client serverSrtpData = new UseSRTPData(protectionProfiles, clientSrtpData.getMki()); }
case CipherSuite.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384: case CipherSuite.TLS_DH_DSS_WITH_SEED_CBC_SHA: return createDHKeyExchange(KeyExchangeAlgorithm.DH_DSS); case CipherSuite.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384: case CipherSuite.TLS_DH_RSA_WITH_SEED_CBC_SHA: return createDHKeyExchange(KeyExchangeAlgorithm.DH_RSA); case CipherSuite.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384: case CipherSuite.TLS_DHE_DSS_WITH_SEED_CBC_SHA: return createDHEKeyExchange(KeyExchangeAlgorithm.DHE_DSS); case CipherSuite.TLS_DHE_RSA_WITH_SALSA20_SHA1: case CipherSuite.TLS_DHE_RSA_WITH_SEED_CBC_SHA: return createDHEKeyExchange(KeyExchangeAlgorithm.DHE_RSA); case CipherSuite.TLS_ECDH_ECDSA_WITH_NULL_SHA: case CipherSuite.TLS_ECDH_ECDSA_WITH_RC4_128_SHA: return createECDHKeyExchange(KeyExchangeAlgorithm.ECDH_ECDSA); case CipherSuite.TLS_ECDH_RSA_WITH_NULL_SHA: case CipherSuite.TLS_ECDH_RSA_WITH_RC4_128_SHA: return createECDHKeyExchange(KeyExchangeAlgorithm.ECDH_RSA); case CipherSuite.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1: return createECDHEKeyExchange(KeyExchangeAlgorithm.ECDHE_ECDSA); case CipherSuite.TLS_ECDHE_RSA_WITH_RC4_128_SHA:
case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA: case CipherSuite.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA: return getDSASignerCredentials(); case CipherSuite.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: case CipherSuite.TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1: return getECDSASignerCredentials(); case CipherSuite.TLS_RSA_WITH_RC4_128_SHA: case CipherSuite.TLS_RSA_WITH_SEED_CBC_SHA: return getRSAEncryptionCredentials(); case CipherSuite.TLS_ECDHE_RSA_WITH_RC4_128_SHA: case CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1: return getRSASignerCredentials();
protected TlsKeyExchange createDHEKeyExchange(int keyExchange) { return new TlsDHEKeyExchange(keyExchange, supportedSignatureAlgorithms, null, getDHParameters()); }
@SuppressWarnings("rawtypes") @Override public void processClientExtensions(Hashtable newClientExtensions) throws IOException { super.processClientExtensions(newClientExtensions); // set to some reasonable default value int chosenProfile = SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_80; UseSRTPData clientSrtpData = TlsSRTPUtils.getUseSRTPExtension(newClientExtensions); for (int profile : clientSrtpData.getProtectionProfiles()) { switch (profile) { case SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_32: case SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_80: case SRTPProtectionProfile.SRTP_NULL_HMAC_SHA1_32: case SRTPProtectionProfile.SRTP_NULL_HMAC_SHA1_80: chosenProfile = profile; break; default: } } // server chooses a mutually supported SRTP protection profile // http://tools.ietf.org/html/draft-ietf-avt-dtls-srtp-07#section-4.1.2 int[] protectionProfiles = { chosenProfile }; // server agrees to use the MKI offered by the client serverSrtpData = new UseSRTPData(protectionProfiles, clientSrtpData.getMki()); }
protected TlsKeyExchange createDHEKeyExchange(int keyExchange) { return new TlsDHEKeyExchange(keyExchange, supportedSignatureAlgorithms, getDHParameters()); }
protected TlsKeyExchange createDHKeyExchange(int keyExchange) { return new TlsDHKeyExchange(keyExchange, supportedSignatureAlgorithms, null, getDHParameters()); }