org.bouncycastle.crypto.tls.test.MockTlsClient Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcprov-jdk14 Show documentation
Show all versions of bcprov-jdk14 Show documentation
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.4.
package org.bouncycastle.crypto.tls.test;
import java.io.IOException;
import java.io.PrintStream;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.crypto.tls.AlertLevel;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.ClientCertificateType;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.MaxFragmentLength;
import org.bouncycastle.crypto.tls.ProtocolVersion;
import org.bouncycastle.crypto.tls.SignatureAlgorithm;
import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsCredentials;
import org.bouncycastle.crypto.tls.TlsExtensionsUtils;
import org.bouncycastle.crypto.tls.TlsSession;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;
class MockTlsClient
extends DefaultTlsClient
{
TlsSession session;
MockTlsClient(TlsSession session)
{
this.session = session;
}
public TlsSession getSessionToResume()
{
return this.session;
}
public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Exception cause)
{
PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
out.println("TLS client raised alert (AlertLevel." + alertLevel + ", AlertDescription." + alertDescription
+ ")");
if (message != null)
{
out.println("> " + message);
}
if (cause != null)
{
cause.printStackTrace(out);
}
}
public void notifyAlertReceived(short alertLevel, short alertDescription)
{
PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
out.println("TLS client received alert (AlertLevel." + alertLevel + ", AlertDescription."
+ alertDescription + ")");
}
// public int[] getCipherSuites()
// {
// return Arrays.concatenate(super.getCipherSuites(),
// new int[]
// {
// CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
// CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
// CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
// CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
// CipherSuite.TLS_RSA_WITH_SALSA20_SHA1,
// });
// }
public Hashtable getClientExtensions() throws IOException
{
Hashtable clientExtensions = TlsExtensionsUtils.ensureExtensionsInitialised(super.getClientExtensions());
TlsExtensionsUtils.addEncryptThenMACExtension(clientExtensions);
TlsExtensionsUtils.addMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
TlsExtensionsUtils.addTruncatedHMacExtension(clientExtensions);
return clientExtensions;
}
public void notifyServerVersion(ProtocolVersion serverVersion) throws IOException
{
super.notifyServerVersion(serverVersion);
System.out.println("TLS client negotiated " + serverVersion);
}
public TlsAuthentication getAuthentication()
throws IOException
{
return new TlsAuthentication()
{
public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate serverCertificate)
throws IOException
{
Certificate[] chain = serverCertificate.getCertificateList();
System.out.println("TLS client received server certificate chain of length " + chain.length);
for (int i = 0; i != chain.length; i++)
{
Certificate entry = chain[i];
// TODO Create fingerprint based on certificate signature algorithm digest
System.out.println(" fingerprint:SHA-256 " + TlsTestUtils.fingerprint(entry) + " ("
+ entry.getSubject() + ")");
}
}
public TlsCredentials getClientCredentials(CertificateRequest certificateRequest)
throws IOException
{
short[] certificateTypes = certificateRequest.getCertificateTypes();
if (certificateTypes == null || !Arrays.contains(certificateTypes, ClientCertificateType.rsa_sign))
{
return null;
}
SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
Vector sigAlgs = certificateRequest.getSupportedSignatureAlgorithms();
if (sigAlgs != null)
{
for (int i = 0; i < sigAlgs.size(); ++i)
{
SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm)
sigAlgs.elementAt(i);
if (sigAlg.getSignature() == SignatureAlgorithm.rsa)
{
signatureAndHashAlgorithm = sigAlg;
break;
}
}
if (signatureAndHashAlgorithm == null)
{
return null;
}
}
return TlsTestUtils.loadSignerCredentials(context, new String[] { "x509-client.pem", "x509-ca.pem" },
"x509-client-key.pem", signatureAndHashAlgorithm);
}
};
}
public void notifyHandshakeComplete() throws IOException
{
super.notifyHandshakeComplete();
TlsSession newSession = context.getResumableSession();
if (newSession != null)
{
byte[] newSessionID = newSession.getSessionID();
String hex = Hex.toHexString(newSessionID);
if (this.session != null && Arrays.areEqual(this.session.getSessionID(), newSessionID))
{
System.out.println("Resumed session: " + hex);
}
else
{
System.out.println("Established session: " + hex);
}
this.session = newSession;
}
}
}