org.eclipse.californium.scandium.dtls

Class CertificateMessage

java.lang.Object

org.eclipse.californium.scandium.dtls.AbstractMessage

org.eclipse.californium.scandium.dtls.HandshakeMessage

org.eclipse.californium.scandium.dtls.CertificateMessage

All Implemented Interfaces:

DTLSMessage

public final class CertificateMessage
extends HandshakeMessage

The server MUST send a Certificate message whenever the agreed-upon key exchange method uses certificates for authentication. This message will always immediately follow the ServerHello message. For details see RFC 5246.

Field Summary

Fields inherited from class org.eclipse.californium.scandium.dtls.HandshakeMessage

FRAGMENT_LENGTH_BITS, FRAGMENT_OFFSET_BITS, MESSAGE_HEADER_LENGTH_BYTES, MESSAGE_LENGTH_BITS, MESSAGE_SEQ_BITS, MESSAGE_TYPE_BITS

Constructor Summary

Constructors

Constructor and Description
CertificateMessage(byte[] rawPublicKeyBytes, InetSocketAddress peerAddress) Creates a CERTIFICATE message containing a raw public key.
CertificateMessage(List<X509Certificate> certificateChain, InetSocketAddress peerAddress) Creates a CERTIFICATE message containing a certificate chain.
CertificateMessage(List<X509Certificate> certificateChain, List<X500Principal> certificateAuthorities, InetSocketAddress peerAddress) Creates a CERTIFICATE message containing a certificate chain.
CertificateMessage(PublicKey publicKey, InetSocketAddress peerAddress) Creates a CERTIFICATE message containing a raw public key.

Method Summary

Methods

Modifier and Type	Method and Description
byte[]	fragmentToByteArray() The serialization of the handshake body (without the handshake header).
static CertificateMessage	fromReader(org.eclipse.californium.elements.util.DatagramReader reader, CertificateType certificateType, InetSocketAddress peerAddress) Creates a certificate message from its binary encoding.
CertPath	getCertificateChain() Gets the certificate chain provided by the peer.
int	getMessageLength() Must be implemented by each subclass.
HandshakeType	getMessageType() Returns the type of the handshake message.
PublicKey	getPublicKey() Gets the public key contained in this message.
boolean	isEmpty() Is empty certificate message.
String	toString()

Methods inherited from class org.eclipse.californium.scandium.dtls.HandshakeMessage

fragmentChanged, fromByteArray, fromGenericHandshakeMessage, getContentType, getFragmentLength, getFragmentOffset, getMessageSeq, getNextHandshakeMessage, getRawMessage, setMessageSeq, setNextHandshakeMessage, size, toByteArray, writeTo

Methods inherited from class org.eclipse.californium.scandium.dtls.AbstractMessage

getPeer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

CertificateMessage

public CertificateMessage(List<X509Certificate> certificateChain,
                  InetSocketAddress peerAddress)

Creates a CERTIFICATE message containing a certificate chain.

Parameters:

certificateChain - the certificate chain with the (first certificate must be the server's)

peerAddress - the IP address and port of the peer this message has been received from or should be sent to

Throws:

NullPointerException - if the certificate chain is null (use an array of length zero to create an empty message)

IllegalArgumentException - if the certificate chain contains any non-X.509 certificates or does not form a valid chain of certification.

CertificateMessage

public CertificateMessage(List<X509Certificate> certificateChain,
                  List<X500Principal> certificateAuthorities,
                  InetSocketAddress peerAddress)

Creates a CERTIFICATE message containing a certificate chain.

Parameters:

certificateChain - the certificate chain with the (first certificate must be the server's)

certificateAuthorities - the certificate authorities to truncate chain. Maybe null or empty.

peerAddress - the IP address and port of the peer this message has been received from or should be sent to

Throws:

NullPointerException - if the certificate chain is null (use an array of length zero to create an empty message)

IllegalArgumentException - if the certificate chain contains any non-X.509 certificates or does not form a valid chain of certification.

Since:

2.1

CertificateMessage

public CertificateMessage(PublicKey publicKey,
                  InetSocketAddress peerAddress)

Creates a CERTIFICATE message containing a raw public key.

Parameters:

publicKey - the public key

peerAddress - the IP address and port of the peer this message has been received from or should be sent to

Since:

2.4

CertificateMessage

public CertificateMessage(byte[] rawPublicKeyBytes,
                  InetSocketAddress peerAddress)

Creates a CERTIFICATE message containing a raw public key.

Parameters:

rawPublicKeyBytes - the raw public key (SubjectPublicKeyInfo)

peerAddress - the IP address and port of the peer this message has been received from or should be sent to

Throws:

NullPointerException - if the raw public key byte array is null (use an array of length zero to create an empty message)

Method Detail

getMessageType

public HandshakeType getMessageType()

Description copied from class: HandshakeMessage

Returns the type of the handshake message. See HandshakeType.

Specified by:

getMessageType in class HandshakeMessage

Returns:

the HandshakeType.

getMessageLength

public int getMessageLength()

Description copied from class: HandshakeMessage

Must be implemented by each subclass. The length is given in bytes and only includes the length of the subclass' specific fields (not the handshake message header).

Specified by:

getMessageLength in class HandshakeMessage

Returns:

the length of the message in bytes.

toString

public String toString()

Overrides:

toString in class HandshakeMessage

getCertificateChain

public CertPath getCertificateChain()

Gets the certificate chain provided by the peer. This method only provides a result if the peer uses X.509 certificates. In that case the returned array contains the peer's public key certificate at position 0.

Returns:

the certificate chain or null if RawPublicKeys are used

isEmpty

public boolean isEmpty()

Is empty certificate message. If a server requests a client certificate, but the client has no proper certificate, the client respond with an empty certificate message.

Returns:

true, if certificate message contains no certificates, false, otherwise.

Since:

2.5

fragmentToByteArray

public byte[] fragmentToByteArray()

Description copied from class: HandshakeMessage

The serialization of the handshake body (without the handshake header). Must be implemented by each subclass. Except the ClientHello, the fragments are considered to be not modified. If a modification is required, call HandshakeMessage.fragmentChanged().

Specified by:

fragmentToByteArray in class HandshakeMessage

Returns:

the raw byte representation of the handshake body.

fromReader

public static CertificateMessage fromReader(org.eclipse.californium.elements.util.DatagramReader reader,
                            CertificateType certificateType,
                            InetSocketAddress peerAddress)
                                     throws HandshakeException

Creates a certificate message from its binary encoding.

Parameters:

reader - reader for the binary encoding of the message.

certificateType - negotiated type of certificate the certificate message contains.

peerAddress - The IP address and port of the peer that sent the message.

Returns:

The certificate message.

Throws:

HandshakeException - if the binary encoding could not be parsed.

IllegalArgumentException - if the certificate type is not supported.

getPublicKey

public PublicKey getPublicKey()

Gets the public key contained in this message. The key is either extracted from the certificate chain contained in the message or is instantiated from the RawPublicKey bytes from the message.

Returns:

the peer's public key