All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.tls.crypto.impl.AbstractTlsSecret Maven / Gradle / Ivy

Go to download

The Bouncy Castle Java APIs for the TLS, including a JSSE provider. The APIs are designed primarily to be used in conjunction with the BC LTS provider but may also be used with other providers providing cryptographic services.

There is a newer version: 2.73.7
Show newest version
package org.bouncycastle.tls.crypto.impl;

import java.io.IOException;

import org.bouncycastle.tls.crypto.TlsEncryptor;
import org.bouncycastle.tls.crypto.TlsHMAC;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;

/**
 * Base class for a TlsSecret implementation which captures common code and fields.
 */
public abstract class AbstractTlsSecret
    implements TlsSecret
{
    protected static byte[] copyData(AbstractTlsSecret other)
    {
        return other.copyData();
    }

    protected byte[] data;

    /**
     * Base constructor.
     *
     * @param data the byte[] making up the secret value.
     */
    protected AbstractTlsSecret(byte[] data)
    {
        this.data = data;
    }

    protected void checkAlive()
    {
        if (data == null)
        {
            throw new IllegalStateException("Secret has already been extracted or destroyed");
        }
    }

    protected abstract AbstractTlsCrypto getCrypto();

    public synchronized byte[] calculateHMAC(int cryptoHashAlgorithm, byte[] buf, int off, int len)
    {
        checkAlive();

        TlsHMAC hmac = getCrypto().createHMACForHash(cryptoHashAlgorithm);
        hmac.setKey(data, 0, data.length);
        hmac.update(buf, off, len);
        return hmac.calculateMAC();
    }

    public synchronized void destroy()
    {
        if (data != null)
        {
            // TODO Is there a way to ensure the data is really overwritten?
            Arrays.fill(data, (byte)0);
            this.data = null;
        }
    }

    public synchronized byte[] encrypt(TlsEncryptor encryptor) throws IOException
    {
        checkAlive();

        return encryptor.encrypt(data, 0, data.length);
    }

    public synchronized byte[] extract()
    {
        checkAlive();

        byte[] result = data;
        this.data = null;
        return result;
    }

    public synchronized boolean isAlive()
    {
        return null != data;
    }

    synchronized byte[] copyData()
    {
        return Arrays.clone(data);
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy