All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.tls.SecurityParameters Maven / Gradle / Ivy

Go to download

The Bouncy Castle Java APIs for the TLS, including a JSSE provider. The APIs are designed primarily to be used in conjunction with the BC LTS provider but may also be used with other providers providing cryptographic services.

There is a newer version: 2.73.7
Show newest version
package org.bouncycastle.tls;

import java.util.Vector;

import org.bouncycastle.tls.crypto.CryptoHashAlgorithm;
import org.bouncycastle.tls.crypto.TlsSecret;

/**
 * Carrier class for general security parameters.
 */
public class SecurityParameters
{
    int entity = -1;
    boolean resumedSession = false;
    boolean renegotiating = false;
    boolean secureRenegotiation = false;
    int cipherSuite = CipherSuite.TLS_NULL_WITH_NULL_NULL;
    short maxFragmentLength = -1;
    int prfAlgorithm = -1;
    int prfCryptoHashAlgorithm = -1;
    short prfHashAlgorithm = -1;
    int prfHashLength = -1;
    int verifyDataLength = -1;
    TlsSecret baseKeyClient = null;
    TlsSecret baseKeyServer = null;
    TlsSecret earlyExporterMasterSecret = null;
    TlsSecret earlySecret = null;
    TlsSecret exporterMasterSecret = null;
    TlsSecret handshakeSecret = null;
    TlsSecret masterSecret = null;
    TlsSecret trafficSecretClient = null;
    TlsSecret trafficSecretServer = null;
    byte[] clientRandom = null;
    byte[] serverRandom = null;
    byte[] sessionHash = null;
    byte[] sessionID = null;
    byte[] pskIdentity = null;
    byte[] srpIdentity = null;
    byte[] tlsServerEndPoint = null;
    byte[] tlsUnique = null;
    boolean encryptThenMAC = false;
    boolean extendedMasterSecret = false;
    boolean extendedPadding = false;
    boolean truncatedHMac = false;
    ProtocolName applicationProtocol = null;
    boolean applicationProtocolSet = false;
    short[] clientCertTypes = null;
    Vector clientServerNames = null;
    Vector clientSigAlgs = null;
    Vector clientSigAlgsCert = null;
    int[] clientSupportedGroups = null;
    Vector serverSigAlgs = null;
    Vector serverSigAlgsCert = null;
    int[] serverSupportedGroups = null;
    int keyExchangeAlgorithm = -1;
    Certificate localCertificate = null;
    Certificate peerCertificate = null;
    ProtocolVersion negotiatedVersion = null;
    int statusRequestVersion = 0;
    short clientCertificateType = CertificateType.X509;
    short serverCertificateType = CertificateType.X509;

    // TODO[tls-ops] Investigate whether we can handle verify data using TlsSecret
    byte[] localVerifyData = null;
    byte[] peerVerifyData = null;

    /** Connection ID we use during communication to the peer. */
    byte[] connectionIDLocal;
    /** Connection ID our peer uses for communication to us. */
    byte[] connectionIDPeer;

    void clear()
    {
        this.sessionHash = null;
        this.sessionID = null;
        this.clientCertTypes = null;
        this.clientServerNames = null;
        this.clientSigAlgs = null;
        this.clientSigAlgsCert = null;
        this.clientSupportedGroups = null;
        this.serverSigAlgs = null;
        this.serverSigAlgsCert = null;
        this.serverSupportedGroups = null;
        this.statusRequestVersion = 0;

        this.baseKeyClient = clearSecret(baseKeyClient);
        this.baseKeyServer = clearSecret(baseKeyServer);
        this.earlyExporterMasterSecret = clearSecret(earlyExporterMasterSecret);
        this.earlySecret = clearSecret(earlySecret);
        this.exporterMasterSecret = clearSecret(exporterMasterSecret);
        this.handshakeSecret = clearSecret(handshakeSecret);
        this.masterSecret = clearSecret(masterSecret);
    }

    /**
     * @return {@link ConnectionEnd}
     */
    public int getEntity()
    {
        return entity;
    }

    public boolean isResumedSession()
    {
        return resumedSession;
    }

    public boolean isRenegotiating()
    {
        return renegotiating;
    }

    public boolean isSecureRenegotiation()
    {
        return secureRenegotiation;
    }

    /**
     * @return {@link CipherSuite}
     */
    public int getCipherSuite()
    {
        return cipherSuite;
    }

    public short[] getClientCertTypes()
    {
        return clientCertTypes;
    }

    public Vector getClientServerNames()
    {
        return clientServerNames;
    }

    public Vector getClientSigAlgs()
    {
        return clientSigAlgs;
    }

    public Vector getClientSigAlgsCert()
    {
        return clientSigAlgsCert;
    }

    public int[] getClientSupportedGroups()
    {
        return clientSupportedGroups;
    }

    public byte[] getConnectionIDLocal()
    {
        return connectionIDLocal;
    }

    public byte[] getConnectionIDPeer()
    {
        return connectionIDPeer;
    }

    public Vector getServerSigAlgs()
    {
        return serverSigAlgs;
    }

    public Vector getServerSigAlgsCert()
    {
        return serverSigAlgsCert;
    }

    public int[] getServerSupportedGroups()
    {
        return serverSupportedGroups;
    }

    /**
     * @return {@link CompressionMethod}
     * 
     * @deprecated Will be removed. Use constant CompressionMethod._null instead.
     */
    public short getCompressionAlgorithm()
    {
        return CompressionMethod._null;
    }

    /**
     * @return {@link MaxFragmentLength}, or -1 if none
     */
    public short getMaxFragmentLength()
    {
        return maxFragmentLength;
    }

    /**
     * @deprecated Use {@link #getPRFAlgorithm()} instead.
     */
    public int getPrfAlgorithm()
    {
        return prfAlgorithm;
    }

    /**
     * @return {@link PRFAlgorithm}
     */
    public int getPRFAlgorithm()
    {
        return prfAlgorithm;
    }

    /**
     * @return {@link CryptoHashAlgorithm} for the current {@link PRFAlgorithm}
     */
    public int getPRFCryptoHashAlgorithm()
    {
        return prfCryptoHashAlgorithm;
    }

    /**
     * @return {@link HashAlgorithm} for the current {@link PRFAlgorithm}
     * 
     * @deprecated Use {@link #getPRFCryptoHashAlgorithm()} instead.
     */
    public short getPRFHashAlgorithm()
    {
        return prfHashAlgorithm;
    }

    public int getPRFHashLength()
    {
        return prfHashLength;
    }

    public int getVerifyDataLength()
    {
        return verifyDataLength;
    }

    public TlsSecret getBaseKeyClient()
    {
        return baseKeyClient;
    }

    public TlsSecret getBaseKeyServer()
    {
        return baseKeyServer;
    }

    public TlsSecret getEarlyExporterMasterSecret()
    {
        return earlyExporterMasterSecret;
    }

    public TlsSecret getEarlySecret()
    {
        return earlySecret;
    }

    public TlsSecret getExporterMasterSecret()
    {
        return exporterMasterSecret;
    }

    public TlsSecret getHandshakeSecret()
    {
        return handshakeSecret;
    }

    public TlsSecret getMasterSecret()
    {
        return masterSecret;
    }

    public TlsSecret getTrafficSecretClient()
    {
        return trafficSecretClient;
    }

    public TlsSecret getTrafficSecretServer()
    {
        return trafficSecretServer;
    }

    public byte[] getClientRandom()
    {
        return clientRandom;
    }

    public byte[] getServerRandom()
    {
        return serverRandom;
    }

    public byte[] getSessionHash()
    {
        return sessionHash;
    }

    public byte[] getSessionID()
    {
        return sessionID;
    }

    public byte[] getPSKIdentity()
    {
        return pskIdentity;
    }

    public byte[] getSRPIdentity()
    {
        return srpIdentity;
    }

    public byte[] getTLSServerEndPoint()
    {
        return tlsServerEndPoint;
    }

    public byte[] getTLSUnique()
    {
        return tlsUnique;
    }

    public boolean isEncryptThenMAC()
    {
        return encryptThenMAC;
    }

    public boolean isExtendedMasterSecret()
    {
        return extendedMasterSecret;
    }

    public boolean isExtendedPadding()
    {
        return extendedPadding;
    }

    public boolean isTruncatedHMac()
    {
        return truncatedHMac;
    }

    public ProtocolName getApplicationProtocol()
    {
        return applicationProtocol;
    }

    public boolean isApplicationProtocolSet()
    {
        return applicationProtocolSet;
    }

    public byte[] getLocalVerifyData()
    {
        return localVerifyData;
    }

    public byte[] getPeerVerifyData()
    {
        return peerVerifyData;
    }

    public int getKeyExchangeAlgorithm()
    {
        return keyExchangeAlgorithm;
    }

    public Certificate getLocalCertificate()
    {
        return localCertificate;
    }

    public Certificate getPeerCertificate()
    {
        return peerCertificate;
    }

    public ProtocolVersion getNegotiatedVersion()
    {
        return negotiatedVersion;
    }

    public int getStatusRequestVersion()
    {
        return statusRequestVersion;
    }

    public short getClientCertificateType()
    {
        return clientCertificateType;
    }

    public short getServerCertificateType()
    {
        return serverCertificateType;
    }

    private static TlsSecret clearSecret(TlsSecret secret)
    {
        if (null != secret)
        {
            secret.destroy();
        }
        return null;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy