• Home
• com.mobius-software.iot
• dtls-async-client
• 1.0.19
• source code
• AsyncDtlsServer.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.mobius.software.iot.dal.crypto.AsyncDtlsServer Maven / Gradle / Ivy

package com.mobius.software.iot.dal.crypto;

/**
 * Mobius Software LTD
 * Copyright 2018, Mobius Software LTD
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.util.Vector;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.crypto.tls.AlertDescription;
import org.bouncycastle.crypto.tls.AlertLevel;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.bouncycastle.crypto.tls.ClientCertificateType;
import org.bouncycastle.crypto.tls.DefaultTlsServer;
import org.bouncycastle.crypto.tls.HashAlgorithm;
import org.bouncycastle.crypto.tls.ProtocolVersion;
import org.bouncycastle.crypto.tls.SignatureAlgorithm;
import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
import org.bouncycastle.crypto.tls.TlsKeyExchange;
import org.bouncycastle.crypto.tls.TlsServerContext;
import org.bouncycastle.crypto.tls.TlsSignerCredentials;
import org.bouncycastle.crypto.tls.TlsUtils;

public class AsyncDtlsServer extends DefaultTlsServer 
{
    private static final Logger logger = LogManager.getLogger(AsyncDtlsServer.class);
    private CertificateData certificateData;
    private org.bouncycastle.crypto.tls.Certificate clientCertificate=null;
    
    private KeyStore keystore;
    private String keystorePassword;
    private String alias=null;
    
    public AsyncDtlsServer(KeyStore keystore,String keystorePassword)
    {    	
    	this.keystore=keystore;
    	this.keystorePassword=keystorePassword;
    }

    public AsyncDtlsServer(KeyStore keystore,String keystorePassword,String alias)
    {
    	this.keystore=keystore;
    	this.keystorePassword=keystorePassword;
    	this.alias=alias;
    }
    
    @Override
    protected int[] getCipherSuites()
    {
        return new int[]
        {
        	//default allowed cipher suites
            CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
            CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
            CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
            CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
            CipherSuite.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
            CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
            CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
            CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
            CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
            CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
            CipherSuite.TLS_RSA_WITH_AES_256_GCM_SHA384,
            CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,
            CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256,
            CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256,
            CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA,
            CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
            //this one is required for eclipse org implementation of DTLS , with enabled ECC
            CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
        };
    }
    
    public void initServer(TlsServerContext context) throws KeyStoreException,UnrecoverableKeyException,NoSuchAlgorithmException,CertificateEncodingException,IOException
    {
    	super.init(context);
    	this.certificateData=new CertificateData(keystore, keystorePassword, context, false, alias);	
    }
    
    public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause) 
    {
    	if(alertLevel==AlertLevel.fatal)
    		logger.error("DTLS raised error alert " + AlertDescription.getText(alertDescription),cause);
    	else
    		logger.warn("DTLS raised warning alert " + AlertDescription.getText(alertDescription));        
    }

    public void notifyAlertReceived(short alertLevel, short alertDescription) 
    {
    	if(alertLevel==AlertLevel.fatal)
    		logger.error("DTLS received error alert " + AlertDescription.getText(alertDescription));
    	else
    		logger.warn("DTLS received warning alert " + AlertDescription.getText(alertDescription)); 
    }

    public CertificateRequest getCertificateRequest() throws IOException 
    {
        Vector serverSigAlgs = null;

        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(serverVersion)) 
        {
            short[] hashAlgorithms = new short[] { HashAlgorithm.sha512, HashAlgorithm.sha384, HashAlgorithm.sha256, HashAlgorithm.sha224, HashAlgorithm.sha1 };
            short[] signatureAlgorithms = new short[] { SignatureAlgorithm.rsa };

            serverSigAlgs = new Vector();
            for (int i = 0; i < hashAlgorithms.length; ++i) {
                for (int j = 0; j < signatureAlgorithms.length; ++j)
                    serverSigAlgs.addElement(new SignatureAndHashAlgorithm(hashAlgorithms[i], signatureAlgorithms[j]));                
            }
        }

        Vector certificateAuthorities = new Vector();
        return new CertificateRequest(new short[] { ClientCertificateType.rsa_sign }, serverSigAlgs,certificateAuthorities);
    }

    public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate) throws IOException {
    	this.clientCertificate=clientCertificate;
    }

    public ProtocolVersion getMaximumVersion() 
    {
        return ProtocolVersion.DTLSv12;
    }

    public ProtocolVersion getMinimumVersion() 
    {
        return ProtocolVersion.DTLSv10;
    }

    public TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOException {
        return certificateData.getEncryptionCredentials();
    }

    public TlsSignerCredentials getRSASignerCredentials() throws IOException 
    {
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
        Vector sigAlgs = supportedSignatureAlgorithms;
        if (sigAlgs != null) 
        {
            for (int i = 0; i < sigAlgs.size(); ++i) 
            {
                SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm) sigAlgs.elementAt(i);
                if (sigAlg.getSignature() == SignatureAlgorithm.rsa) 
                {
                    signatureAndHashAlgorithm = sigAlg;
                    break;
                }
            }

            if (signatureAndHashAlgorithm == null)
                return null;            
        }
        
        return certificateData.getSignerCredentials(signatureAndHashAlgorithm);
    }

    public TlsSignerCredentials getDSASignerCredentials() throws IOException 
    {
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
        Vector sigAlgs = supportedSignatureAlgorithms;
        if (sigAlgs != null) 
        {
            for (int i = 0; i < sigAlgs.size(); ++i) 
            {
                SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm) sigAlgs.elementAt(i);
                if (sigAlg.getSignature() == SignatureAlgorithm.dsa) 
                {
                    signatureAndHashAlgorithm = sigAlg;
                    break;
                }
            }

            if (signatureAndHashAlgorithm == null)
                return null;            
        }
        
        return certificateData.getSignerCredentials(signatureAndHashAlgorithm);
    }
    
    public TlsSignerCredentials getECDSASignerCredentials() throws IOException 
    {
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
        Vector sigAlgs = supportedSignatureAlgorithms;
        if (sigAlgs != null) 
        {
            for (int i = 0; i < sigAlgs.size(); ++i) 
            {
                SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm) sigAlgs.elementAt(i);
                if (sigAlg.getSignature() == SignatureAlgorithm.ecdsa) 
                {
                    signatureAndHashAlgorithm = sigAlg;
                    break;
                }
            }

            if (signatureAndHashAlgorithm == null)
                return null;            
        }
        
        return certificateData.getSignerCredentials(signatureAndHashAlgorithm);
    }
    
	public org.bouncycastle.crypto.tls.Certificate getClientCertificate() 
	{
		return clientCertificate;
	}
	
	@Override
	protected TlsKeyExchange createDHEKeyExchange(int keyExchange)
    {
        return new AsyncTlsDHEKeyExchange(keyExchange, supportedSignatureAlgorithms, getDHParameters());
    }

	@Override
	protected TlsKeyExchange createECDHEKeyExchange(int keyExchange)
    {
        return new AsyncTlsECDHEKeyExchange(keyExchange, supportedSignatureAlgorithms, namedCurves, clientECPointFormats,serverECPointFormats);
    }
}