nl.open.jwtdependency.org.bouncycastle.crypto.tls.AbstractTlsContext Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of java-jwt-nodependencies Show documentation
Show all versions of java-jwt-nodependencies Show documentation
This is a drop in replacement for the auth0 java-jwt library (see https://github.com/auth0/java-jwt). This jar makes sure there are no external dependencies (e.g. fasterXml, Apacha Commons) needed. This is useful when deploying to an application server (e.g. tomcat with Alfreso or Pega).
The newest version!
package org.bouncycastle.crypto.tls;
import java.security.SecureRandom;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.prng.DigestRandomGenerator;
import org.bouncycastle.crypto.prng.RandomGenerator;
import org.bouncycastle.util.Times;
abstract class AbstractTlsContext
implements TlsContext
{
private static long counter = Times.nanoTime();
private synchronized static long nextCounterValue()
{
return ++counter;
}
private RandomGenerator nonceRandom;
private SecureRandom secureRandom;
private SecurityParameters securityParameters;
private ProtocolVersion clientVersion = null;
private ProtocolVersion serverVersion = null;
private TlsSession session = null;
private Object userObject = null;
AbstractTlsContext(SecureRandom secureRandom, SecurityParameters securityParameters)
{
Digest d = TlsUtils.createHash(HashAlgorithm.sha256);
byte[] seed = new byte[d.getDigestSize()];
secureRandom.nextBytes(seed);
this.nonceRandom = new DigestRandomGenerator(d);
nonceRandom.addSeedMaterial(nextCounterValue());
nonceRandom.addSeedMaterial(Times.nanoTime());
nonceRandom.addSeedMaterial(seed);
this.secureRandom = secureRandom;
this.securityParameters = securityParameters;
}
public RandomGenerator getNonceRandomGenerator()
{
return nonceRandom;
}
public SecureRandom getSecureRandom()
{
return secureRandom;
}
public SecurityParameters getSecurityParameters()
{
return securityParameters;
}
public ProtocolVersion getClientVersion()
{
return clientVersion;
}
void setClientVersion(ProtocolVersion clientVersion)
{
this.clientVersion = clientVersion;
}
public ProtocolVersion getServerVersion()
{
return serverVersion;
}
void setServerVersion(ProtocolVersion serverVersion)
{
this.serverVersion = serverVersion;
}
public TlsSession getResumableSession()
{
return session;
}
void setResumableSession(TlsSession session)
{
this.session = session;
}
public Object getUserObject()
{
return userObject;
}
public void setUserObject(Object userObject)
{
this.userObject = userObject;
}
public byte[] exportKeyingMaterial(String asciiLabel, byte[] context_value, int length)
{
/*
* TODO[session-hash]
*
* draft-ietf-tls-session-hash-04 5.4. If a client or server chooses to continue with a full
* handshake without the extended master secret extension, [..] the client or server MUST
* NOT export any key material based on the new master secret for any subsequent
* application-level authentication. In particular, it MUST disable [RFC5705] [..].
*/
if (context_value != null && !TlsUtils.isValidUint16(context_value.length))
{
throw new IllegalArgumentException("'context_value' must have length less than 2^16 (or be null)");
}
SecurityParameters sp = getSecurityParameters();
byte[] cr = sp.getClientRandom(), sr = sp.getServerRandom();
int seedLength = cr.length + sr.length;
if (context_value != null)
{
seedLength += (2 + context_value.length);
}
byte[] seed = new byte[seedLength];
int seedPos = 0;
System.arraycopy(cr, 0, seed, seedPos, cr.length);
seedPos += cr.length;
System.arraycopy(sr, 0, seed, seedPos, sr.length);
seedPos += sr.length;
if (context_value != null)
{
TlsUtils.writeUint16(context_value.length, seed, seedPos);
seedPos += 2;
System.arraycopy(context_value, 0, seed, seedPos, context_value.length);
seedPos += context_value.length;
}
if (seedPos != seedLength)
{
throw new IllegalStateException("error in calculation of seed for export");
}
return TlsUtils.PRF(this, sp.getMasterSecret(), asciiLabel, seed, length);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy