Module tech.kwik.agent15

Package net.luminis.tls.engine.impl

Class TlsServerEngineImpl

java.lang.Object

net.luminis.tls.engine.impl.TlsEngineImpl

net.luminis.tls.engine.impl.TlsServerEngineImpl

All Implemented Interfaces:

MessageProcessor, ServerMessageProcessor, TlsEngine, TlsServerEngine, TrafficSecrets

public class TlsServerEngineImpl
extends TlsEngineImpl
implements TlsServerEngine, ServerMessageProcessor

Field Summary

Fields

Modifier and Type	Field	Description
protected TlsStatusEventHandler	statusHandler

Fields inherited from class net.luminis.tls.engine.impl.TlsEngineImpl

algorithmMapping, privateKey, publicKey, state

Constructor Summary

Constructors

Constructor	Description
TlsServerEngineImpl(java.security.cert.X509Certificate serverCertificate, java.security.PrivateKey certificateKey, ServerMessageSender serverMessageSender, TlsStatusEventHandler tlsStatusHandler, TlsSessionRegistry tlsSessionRegistry)
TlsServerEngineImpl(java.util.List<java.security.cert.X509Certificate> certificates, java.security.PrivateKey certificateKey, ServerMessageSender serverMessageSender, TlsStatusEventHandler tlsStatusHandler, TlsSessionRegistry tlsSessionRegistry)

Method Summary

Modifier and Type	Method	Description
void	addServerExtensions(Extension extension)	Adds extension to the list of extensions to be included in the EncryptedExtensions message.
void	addSupportedCiphers(java.util.List<TlsConstants.CipherSuite> cipherSuites)	Adds ciphers to the list of the symmetric cipher options supported by the server (specifically the record protection algorithm (including secret key length) and a hash to be used with HKDF), in descending order of server preference.
TlsConstants.CipherSuite	getSelectedCipher()	Get the selected (negotiated) cipher suite.
java.util.List<Extension>	getServerExtensions()	Returns the list of extensions actually included in the EncryptedExtensions message.
void	received(ClientHello clientHello, ProtectionKeysType protectedBy)
void	received(FinishedMessage clientFinished, ProtectionKeysType protectedBy)
void	setSelectedApplicationLayerProtocol(java.lang.String applicationProtocol)	Sets the negotiated application layer protocol.
void	setServerMessageSender(ServerMessageSender serverMessageSender)	Sets the callback used for sending server messages (to the client).
void	setSessionData(byte[] additionalSessionData)	Set (other layer's) session data for this session.
void	setSessionDataVerificationCallback(java.util.function.Function<java.nio.ByteBuffer,java.lang.Boolean> callback)	Set the callback that is called before a session is (successfully) resumed.
void	setStatusHandler(TlsStatusEventHandler statusHandler)	Sets the callback used for notifying the status of the TLS connection.
protected boolean	validateBinder(ClientHelloPreSharedKeyExtension.PskBinderEntry pskBinderEntry, int binderPosition, ClientHello clientHello)

Methods inherited from class net.luminis.tls.engine.impl.TlsEngineImpl

computeFinishedVerifyData, computeSignature, generateKeys, getClientApplicationTrafficSecret, getClientEarlyTrafficSecret, getClientHandshakeTrafficSecret, getServerApplicationTrafficSecret, getServerHandshakeTrafficSecret, getSignatureAlgorithm, hashLength, keyLength, recognizedExtension

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.luminis.tls.engine.ServerMessageProcessor

received, received, received, received, received, received

Methods inherited from interface net.luminis.tls.engine.TrafficSecrets

getClientApplicationTrafficSecret, getClientEarlyTrafficSecret, getClientHandshakeTrafficSecret, getServerApplicationTrafficSecret, getServerHandshakeTrafficSecret

Field Detail

statusHandler

protected TlsStatusEventHandler statusHandler

Constructor Detail

TlsServerEngineImpl

public TlsServerEngineImpl(java.util.List<java.security.cert.X509Certificate> certificates,
                           java.security.PrivateKey certificateKey,
                           ServerMessageSender serverMessageSender,
                           TlsStatusEventHandler tlsStatusHandler,
                           TlsSessionRegistry tlsSessionRegistry)

TlsServerEngineImpl

public TlsServerEngineImpl(java.security.cert.X509Certificate serverCertificate,
                           java.security.PrivateKey certificateKey,
                           ServerMessageSender serverMessageSender,
                           TlsStatusEventHandler tlsStatusHandler,
                           TlsSessionRegistry tlsSessionRegistry)

Method Detail

received

public void received(ClientHello clientHello,
                     ProtectionKeysType protectedBy)
              throws TlsProtocolException,
                     java.io.IOException

Specified by:

received in interface MessageProcessor

Specified by:

received in interface TlsServerEngine

Throws:

TlsProtocolException

java.io.IOException

received

public void received(FinishedMessage clientFinished,
                     ProtectionKeysType protectedBy)
              throws TlsProtocolException,
                     java.io.IOException

Specified by:

received in interface MessageProcessor

Specified by:

received in interface TlsServerEngine

Throws:

TlsProtocolException

java.io.IOException

validateBinder

protected boolean validateBinder(ClientHelloPreSharedKeyExtension.PskBinderEntry pskBinderEntry,
                                 int binderPosition,
                                 ClientHello clientHello)

addSupportedCiphers

public void addSupportedCiphers(java.util.List<TlsConstants.CipherSuite> cipherSuites)

Description copied from interface: TlsServerEngine

Adds ciphers to the list of the symmetric cipher options supported by the server (specifically the record protection algorithm (including secret key length) and a hash to be used with HKDF), in descending order of server preference. By default, the server supports TLS_AES_128_GCM_SHA256.

Specified by:

addSupportedCiphers in interface TlsServerEngine

setServerMessageSender

public void setServerMessageSender(ServerMessageSender serverMessageSender)

Description copied from interface: TlsServerEngine

Sets the callback used for sending server messages (to the client).

Specified by:

setServerMessageSender in interface TlsServerEngine

setStatusHandler

public void setStatusHandler(TlsStatusEventHandler statusHandler)

Description copied from interface: TlsServerEngine

Sets the callback used for notifying the status of the TLS connection.

Specified by:

setStatusHandler in interface TlsServerEngine

getSelectedCipher

public TlsConstants.CipherSuite getSelectedCipher()

Description copied from interface: TlsServerEngine

Get the selected (negotiated) cipher suite.

Specified by:

getSelectedCipher in interface TlsServerEngine

Specified by:

getSelectedCipher in class TlsEngineImpl

Returns:

getServerExtensions

public java.util.List<Extension> getServerExtensions()

Description copied from interface: TlsServerEngine

Returns the list of extensions actually included in the EncryptedExtensions message.

Specified by:

getServerExtensions in interface TlsServerEngine

Returns:

addServerExtensions

public void addServerExtensions(Extension extension)

Description copied from interface: TlsServerEngine

Adds extension to the list of extensions to be included in the EncryptedExtensions message.

Specified by:

addServerExtensions in interface TlsServerEngine

setSelectedApplicationLayerProtocol

public void setSelectedApplicationLayerProtocol(java.lang.String applicationProtocol)

Description copied from interface: TlsServerEngine

Sets the negotiated application layer protocol.

Specified by:

setSelectedApplicationLayerProtocol in interface TlsServerEngine

setSessionData

public void setSessionData(byte[] additionalSessionData)

Set (other layer's) session data for this session. When this session is resumed (with a session ticket), this data will be provided to the session data verification callback, which enables the application layer to accept or deny the session resumption based on the data stored in the session. For example, with QUIC this is used to store the QUIC version in the session data, so when the session is resumed, the QUIC layer can verify the same QUIC version is used.

Specified by:

setSessionData in interface TlsServerEngine

Parameters:

additionalSessionData -

setSessionDataVerificationCallback

public void setSessionDataVerificationCallback(java.util.function.Function<java.nio.ByteBuffer,java.lang.Boolean> callback)

Set the callback that is called before a session is (successfully) resumed. If there is no data associated with the session, the callback is not called and verification is assumed to be successful, i.e. the session will be resumed.

Specified by:

setSessionDataVerificationCallback in interface TlsServerEngine

Parameters:

callback - the callback that is called with the stored session data; when the callback returns false the session will not be resumed.