org.bouncycastle.tls.DefaultTlsECConfigVerifier Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of bctls-jdk15on Show documentation

The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.

There is a newer version: 1.70

package org.bouncycastle.tls;

import java.util.Vector;

import org.bouncycastle.tls.crypto.TlsECConfig;

public class DefaultTlsECConfigVerifier
    implements TlsECConfigVerifier
{
    protected int minimumCurveBits;
    protected Vector namedGroups; 

    public DefaultTlsECConfigVerifier(int minimumCurveBits, Vector namedGroups)
    {
        this.minimumCurveBits = Math.max(1, minimumCurveBits);
        this.namedGroups = namedGroups;
    }

    public boolean accept(TlsECConfig ecConfig)
    {
        // NOTE: Any value of ecConfig.pointCompression is acceptable

        int namedGroup = ecConfig.getNamedGroup();
        if (namedGroup < 0)
        {
            return false;
        }

        if (NamedGroup.getCurveBits(namedGroup) < minimumCurveBits)
        {
            return false;
        }

        if (namedGroups != null && !namedGroups.contains(namedGroup))
        {
            /*
             * RFC 4492 4. [...] servers MUST NOT negotiate the use of an ECC cipher suite unless
             * they can complete the handshake while respecting the choice of curves and compression
             * techniques specified by the client.
             */
            return false;
        }

        return true;
    }
}