Socket socket = new Socket(<server IP>, SERVER_PORT); TlsClientProtocol tlsClientProtocol = new TlsClientProtocol( socket.getInputStream(), socket.getOutputStream()); tlsClientProtocol.connect(new DefaultTlsClient() { public TlsAuthentication getAuthentication() throws IOException { return new ServerOnlyTlsAuthentication() { public void notifyServerCertificate(Certificate serverCertificate) throws IOException { validateCertificate(serverCertificate); } }; } }); String message = new BufferedReader( new InputStreamReader(tlsClientProtocol.getInputStream())).readLine();
@Override public void shutdown() { try { handleEvent(Event.STREAM_CLOSE, Direction.IN); } catch (Exception e) { s_logger.info("[ignored]" + "failure handling close event for bso input stream: " + e.getLocalizedMessage()); } try { handleEvent(Event.STREAM_CLOSE, Direction.OUT); } catch (Exception e) { s_logger.info("[ignored]" + "failure handling close event for bso output stream: " + e.getLocalizedMessage()); } try { if (bcoSslSocket != null) bcoSslSocket.close(); } catch (Exception e) { s_logger.info("[ignored]" + "failure handling close event for bso socket: " + e.getLocalizedMessage()); } try { socket.close(); } catch (Exception e) { s_logger.info("[ignored]" + "failure handling close event for socket: " + e.getLocalizedMessage()); } }
bcoSslSocket = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), secureRandom); bcoSslSocket.connect(new DefaultTlsClient() { @Override public TlsAuthentication getAuthentication() throws IOException { InputStream sis = bcoSslSocket.getInputStream(); source.setInputStream(sis); OutputStream sos = bcoSslSocket.getOutputStream(); sink.setOutputStream(sos);
private void writeHandshakeFragment(Message message, int fragment_offset, int fragment_length) throws IOException { RecordLayerBuffer fragment = new RecordLayerBuffer(MESSAGE_HEADER_LENGTH + fragment_length); TlsUtils.writeUint8(message.getType(), fragment); TlsUtils.writeUint24(message.getBody().length, fragment); TlsUtils.writeUint16(message.getSeq(), fragment); TlsUtils.writeUint24(fragment_offset, fragment); TlsUtils.writeUint24(fragment_length, fragment); fragment.write(message.getBody(), fragment_offset, fragment_length); fragment.sendToRecordLayer(recordLayer); }
static byte[] calculateKeyBlock(TlsContext context, int size) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); byte[] seed = concat(securityParameters.getServerRandom(), securityParameters.getClientRandom()); if (isSSL(context)) { return calculateKeyBlock_SSL(master_secret, seed, size); } return PRF(context, master_secret, ExporterLabel.key_expansion, seed, size); }
static byte[] calculateVerifyData(TlsContext context, String asciiLabel, byte[] handshakeHash) { if (isSSL(context)) { return handshakeHash; } SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); int verify_data_length = securityParameters.getVerifyDataLength(); return PRF(context, master_secret, asciiLabel, handshakeHash, verify_data_length); }
void init(TlsContext context) { this.readCipher = new TlsNullCipher(context); this.writeCipher = this.readCipher; this.handshakeHash = new DeferredHash(); this.handshakeHash.init(context); setPlaintextLimit(DEFAULT_PLAINTEXT_LIMIT); }
byte[] receiveMessageBody(short msg_type) throws IOException { Message message = receiveMessage(); if (message.getType() != msg_type) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } return message.getBody(); }
protected void sendNewSessionTicketMessage(NewSessionTicket newSessionTicket) throws IOException { if (newSessionTicket == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } HandshakeMessage message = new HandshakeMessage(HandshakeType.session_ticket); newSessionTicket.encode(message); message.writeToRecordStream(); }
protected void refuseRenegotiation() throws IOException { /* * RFC 5746 4.5 SSLv3 clients that refuse renegotiation SHOULD use a fatal * handshake_failure alert. */ if (TlsUtils.isSSL(getContext())) { throw new TlsFatalAlert(AlertDescription.handshake_failure); } raiseAlertWarning(AlertDescription.no_renegotiation, "Renegotiation not supported"); }
public void processServerCredentials(TlsCredentials serverCredentials) throws IOException { if (!(serverCredentials instanceof TlsEncryptionCredentials)) { throw new TlsFatalAlert(AlertDescription.internal_error); } processServerCertificate(serverCredentials.getCertificate()); this.serverCredentials = (TlsEncryptionCredentials)serverCredentials; }
public void processServerCredentials(TlsCredentials serverCredentials) throws IOException { if (!(serverCredentials instanceof TlsSignerCredentials)) { throw new TlsFatalAlert(AlertDescription.internal_error); } processServerCertificate(serverCredentials.getCertificate()); this.serverCredentials = (TlsSignerCredentials)serverCredentials; }
public void notifyServerVersion(ProtocolVersion serverVersion) throws IOException { if (!getMinimumVersion().isEqualOrEarlierVersionOf(serverVersion)) { throw new TlsFatalAlert(AlertDescription.protocol_version); } }
protected byte[] createVerifyData(boolean isServer) { TlsContext context = getContext(); String asciiLabel = isServer ? ExporterLabel.server_finished : ExporterLabel.client_finished; byte[] sslSender = isServer ? TlsUtils.SSL_SERVER : TlsUtils.SSL_CLIENT; byte[] hash = getCurrentPRFHash(context, recordStream.getHandshakeHash(), sslSender); return TlsUtils.calculateVerifyData(context, asciiLabel, hash); }
public static Digest createHash(SignatureAndHashAlgorithm signatureAndHashAlgorithm) { return signatureAndHashAlgorithm == null ? new CombinedHash() : createHash(signatureAndHashAlgorithm.getHash()); }
public static DHParameters receiveDHParameters(TlsDHVerifier dhVerifier, InputStream input) throws IOException { DHParameters dhParameters = readDHParameters(input); if (!dhVerifier.accept(dhParameters)) { throw new TlsFatalAlert(AlertDescription.insufficient_security); } return dhParameters; }
public static void checkUint16(int i) throws IOException { if (!isValidUint16(i)) { throw new TlsFatalAlert(AlertDescription.internal_error); } }
public static byte[] createSRPExtension(byte[] identity) throws IOException { if (identity == null) { throw new TlsFatalAlert(AlertDescription.internal_error); } return TlsUtils.encodeOpaque8(identity); }
private void writeHandshakeFragment(Message message, int fragment_offset, int fragment_length) throws IOException { RecordLayerBuffer fragment = new RecordLayerBuffer(12 + fragment_length); TlsUtils.writeUint8(message.getType(), fragment); TlsUtils.writeUint24(message.getBody().length, fragment); TlsUtils.writeUint16(message.getSeq(), fragment); TlsUtils.writeUint24(fragment_offset, fragment); TlsUtils.writeUint24(fragment_length, fragment); fragment.write(message.getBody(), fragment_offset, fragment_length); fragment.sendToRecordLayer(recordLayer); }
void init(TlsContext context) { this.readCipher = new TlsNullCipher(context); this.writeCipher = this.readCipher; this.handshakeHash = new DeferredHash(); this.handshakeHash.init(context); setPlaintextLimit(DEFAULT_PLAINTEXT_LIMIT); }