net.luminis.tls.handshake.TlsServerEngineFactory Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of agent15 Show documentation
Show all versions of agent15 Show documentation
A (partial) TLS 1.3 implementation in Java, suitable and intended for use in a QUIC implementation.
/*
* Copyright © 2019, 2020, 2021, 2022, 2023 Peter Doornbosch
*
* This file is part of Agent15, an implementation of TLS 1.3 in Java.
*
* Agent15 is free software: you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your option)
* any later version.
*
* Agent15 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
* more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see serverCertificates;
private PrivateKey certificateKey;
private TlsSessionRegistry tlsSessionRegistry = new TlsSessionRegistryImpl();
public TlsServerEngineFactory(InputStream certificateFile, InputStream certificateKeyFile) throws IOException, CertificateException, InvalidKeySpecException {
this.serverCertificates = readCertificates(certificateFile);
this.certificateKey = readPrivateKey(certificateKeyFile);
}
public TlsServerEngine createServerEngine(ServerMessageSender serverMessageSender, TlsStatusEventHandler tlsStatusHandler) {
TlsServerEngine tlsServerEngine = new TlsServerEngine(serverCertificates, certificateKey, serverMessageSender, tlsStatusHandler, tlsSessionRegistry);
tlsServerEngine.addSupportedCiphers(List.of(TlsConstants.CipherSuite.TLS_AES_128_GCM_SHA256));
return tlsServerEngine;
}
private static List readCertificates(InputStream file) throws IOException, CertificateException {
String fileContent = new String(InputStreamCompat.readAllBytes(file), Charset.defaultCharset());
String[] chunks = fileContent.split("-----END CERTIFICATE-----\n");
List certs = new ArrayList<>();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
for (int i = 0; i < chunks.length; i++) {
if (chunks[i].startsWith("-----BEGIN CERTIFICATE-----")) {
String encodedCertificate = chunks[i]
.replace("-----BEGIN CERTIFICATE-----", "")
.replaceAll(System.lineSeparator(), "")
.replace("-----END CERTIFICATE-----", "");
Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(encodedCertificate)));
certs.add((X509Certificate) certificate);
}
}
return certs;
}
private RSAPrivateKey readPrivateKey(InputStream file) throws IOException, InvalidKeySpecException {
String key = new String(InputStreamCompat.readAllBytes(file), Charset.defaultCharset());
String privateKeyPEM = key
.replace("-----BEGIN PRIVATE KEY-----", "")
.replaceAll(System.lineSeparator(), "")
.replace("-----END PRIVATE KEY-----", "");
byte[] encoded = Base64.getMimeDecoder().decode(privateKeyPEM);
try {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
return (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Missing key algorithm RSA");
}
}
}