org.bouncycastle.tls.crypto.impl.LegacyTls13Verifier Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of bctls-fips Show documentation

The Bouncy Castle Java APIs for the TLS, including a JSSE provider. The APIs are designed primarily to be used in conjunction with the BC FIPS provider. The APIs may also be used with other providers although if being used in a FIPS context it is the responsibility of the user to ensure that any other providers used are FIPS certified and used appropriately.

There is a newer version: 2.0.19

Show newest version

package org.bouncycastle.tls.crypto.impl;

import java.io.IOException;
import java.io.OutputStream;

import org.bouncycastle.tls.DigitallySigned;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.SignatureScheme;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.Tls13Verifier;
import org.bouncycastle.tls.crypto.TlsStreamVerifier;
import org.bouncycastle.tls.crypto.TlsVerifier;

public final class LegacyTls13Verifier
    implements TlsVerifier
{
    private final int signatureScheme;
    private final Tls13Verifier tls13Verifier;

    public LegacyTls13Verifier(int signatureScheme, Tls13Verifier tls13Verifier)
    {
        if (!TlsUtils.isValidUint16(signatureScheme))
        {
            throw new IllegalArgumentException("'signatureScheme'");
        }
        if (tls13Verifier == null)
        {
            throw new NullPointerException("'tls13Verifier' cannot be null");
        }

        this.signatureScheme = signatureScheme;
        this.tls13Verifier = tls13Verifier;
    }

    public TlsStreamVerifier getStreamVerifier(DigitallySigned digitallySigned) throws IOException
    {
        SignatureAndHashAlgorithm algorithm = digitallySigned.getAlgorithm();
        if (algorithm == null || SignatureScheme.from(algorithm) != signatureScheme)
        {
            throw new IllegalStateException("Invalid algorithm: " + algorithm);
        }

        final byte[] signature = digitallySigned.getSignature();

        return new TlsStreamVerifier()
        {
            public OutputStream getOutputStream() throws IOException
            {
                return tls13Verifier.getOutputStream();
            }

            public boolean isVerified() throws IOException
            {
                return tls13Verifier.verifySignature(signature);
            }
        };
    }

    public boolean verifyRawSignature(DigitallySigned digitallySigned, byte[] hash) throws IOException
    {
        throw new UnsupportedOperationException();
    }
}