org.eclipse.californium.scandium.dtls

Class ClientHandshaker

java.lang.Object

org.eclipse.californium.scandium.dtls.Handshaker

org.eclipse.californium.scandium.dtls.ClientHandshaker

All Implemented Interfaces:

Destroyable

Direct Known Subclasses:

ResumingClientHandshaker

public class ClientHandshaker
extends Handshaker

ClientHandshaker does the protocol handshaking from the point of view of a client. It is driven by handshake messages as delivered by the parent Handshaker class.

Field Summary

Fields

Modifier and Type	Field and Description
protected CertificateRequest	certificateRequest The server's CertificateRequest.
protected ClientHello	clientHello The client's hello handshake message.
protected ClientKeyExchange	clientKeyExchange The create client key exchange message.
protected byte[]	handshakeHash The hash of all received handshake messages sent in the finished message.
protected ServerNames	indicatedServerNames
protected Integer	maxFragmentLengthCode
protected SignatureAndHashAlgorithm	negotiatedSignatureAndHashAlgorithm
protected boolean	sentClientCertificate Indicates, that a none-empty client certificate is sent.
protected ECDHServerKeyExchange	serverKeyExchange The server's key exchange message
protected static HandshakeState[]	SEVER_CERTIFICATE
protected List<CertificateType>	supportedClientCertificateTypes The certificate types this peer supports for client authentication.
protected List<XECDHECryptography.SupportedGroup>	supportedGroups the supported groups (curves) ordered by preference
protected List<CertificateType>	supportedServerCertificateTypes The certificate types this peer supports for server authentication.
protected List<SignatureAndHashAlgorithm>	supportedSignatureAlgorithms The list of the signature and hash algorithms supported by the client ordered by preference.
protected boolean	truncateCertificatePath

Fields inherited from class org.eclipse.californium.scandium.dtls.Handshaker

advancedPskStore, certificateChain, certificateVerfied, certificateVerifier, clientRandom, connectionIdGenerator, flightNumber, handshakeMessages, isClient, LOGGER, masterSecret, peerCertPath, privateKey, publicKey, reassembledMessage, recordSizeLimit, serverRandom, session, sniEnabled, states, statesIndex, usedProtocol, useKeyUsageVerification, useStateValidation, useTruncatedCertificatePathForVerification

Constructor Summary

Constructors

Constructor and Description
ClientHandshaker(DTLSSession session, RecordLayer recordLayer, ScheduledExecutorService timer, Connection connection, DtlsConnectorConfig config, boolean probe) Creates a new handshaker for negotiating a DTLS session with a server.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	addConnectionId(ClientHello helloMessage)
protected void	addMaxFragmentLength(ClientHello helloMessage)
protected void	addRecordSizeLimit(ClientHello helloMessage) Add record size limit extension, if configured in DtlsConnectorConfig.getRecordSizeLimit().
protected void	addServerNameIndication(ClientHello helloMessage)
protected void	createCertificateMessage(DTLSFlight flight)
protected void	doProcessMessage(HandshakeMessage message) Does the specific processing of a message received from a peer in the course of an ongoing handshake.
protected PskPublicInformation	getPskClientIdentity() Get PSK client identity.
boolean	isProbing() Test, if handshake was started in probing mode.
boolean	isRemovingConnection() Check, if the connection must be removed.
protected static boolean	isSupportedCertificateType(CertificateType certType, List<CertificateType> supportedCertificateTypes) Checks, if the provided certificate type is supported.
protected void	processCertificateVerified() Do the handshaker specific processing of successful verified certificates
protected void	processMasterSecret(SecretKey masterSecret) Do the handshaker specific master secret processing
protected void	receivedHelloVerifyRequest(HelloVerifyRequest message) A HelloVerifyRequest is sent by the server upon the arrival of the client's ClientHello.
protected void	receivedServerHello(ServerHello message) Stores the negotiated security parameters.
void	resetProbing() Reset probing mode, when data is received during.
void	startHandshake() Starts the handshake by sending the first flight to the peer.
protected void	verifyServerHelloExtensions(ServerHello message)

Methods inherited from class org.eclipse.californium.scandium.dtls.Handshaker

addApplicationDataForDeferredProcessing, addRecordsForDeferredProcessing, addSessionListener, applyMasterSecret, calculateKeys, completePendingFlight, createFlight, destroy, ensureUndestroyed, expectChangeCipherSpecMessage, expectMessage, generateRandomSeed, getClientRandom, getConnection, getFailureCause, getHandshakeMessageDigest, getPeerAddress, getReadConnectionId, getServerRandom, getSession, handshakeAborted, handshakeCompleted, handshakeFailed, handshakeFlightRetransmitted, handshakeStarted, hasSessionEstablished, isChangeCipherSpecMessageExpected, isDestroyed, isExpired, isInboundMessageProcessed, isPskRequestPending, processAsyncHandshakeResult, processAsyncPskSecretResult, processCertificateVerificationResult, processMessage, processPskSecretResult, reassembleFragment, removeSessionListener, requestPskSecretResult, sendFlight, sendLastFlight, sessionEstablished, setCurrentReadState, setCurrentWriteState, setFailureCause, setGenerateClusterMacKeys, takeDeferredApplicationData, takeDeferredApplicationData, takeDeferredRecords, verifyCertificate, wrapMessage

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SEVER_CERTIFICATE

protected static HandshakeState[] SEVER_CERTIFICATE

serverKeyExchange

protected ECDHServerKeyExchange serverKeyExchange

The server's key exchange message

Since:

2.3

clientKeyExchange

protected ClientKeyExchange clientKeyExchange

The create client key exchange message.

Since:

2.3

clientHello

protected ClientHello clientHello

The client's hello handshake message. Store it, to add the cookie in the second flight.

supportedGroups

protected final List<XECDHECryptography.SupportedGroup> supportedGroups

the supported groups (curves) ordered by preference

Since:

2.3

maxFragmentLengthCode

protected final Integer maxFragmentLengthCode

truncateCertificatePath

protected final boolean truncateCertificatePath

supportedClientCertificateTypes

protected final List<CertificateType> supportedClientCertificateTypes

The certificate types this peer supports for client authentication.

supportedSignatureAlgorithms

protected final List<SignatureAndHashAlgorithm> supportedSignatureAlgorithms

The list of the signature and hash algorithms supported by the client ordered by preference.

Since:

2.3

supportedServerCertificateTypes

protected final List<CertificateType> supportedServerCertificateTypes

The certificate types this peer supports for server authentication.

certificateRequest

protected CertificateRequest certificateRequest

The server's CertificateRequest. Optional.

sentClientCertificate

protected boolean sentClientCertificate

Indicates, that a none-empty client certificate is sent. If no matching client certificate is available for the request, an empty certificate is sent. That case doesn't use a certificate verify message.

Since:

2.6

handshakeHash

protected byte[] handshakeHash

The hash of all received handshake messages sent in the finished message.

indicatedServerNames

protected ServerNames indicatedServerNames

negotiatedSignatureAndHashAlgorithm

protected SignatureAndHashAlgorithm negotiatedSignatureAndHashAlgorithm

Constructor Detail

ClientHandshaker

public ClientHandshaker(DTLSSession session,
                RecordLayer recordLayer,
                ScheduledExecutorService timer,
                Connection connection,
                DtlsConnectorConfig config,
                boolean probe)

Creates a new handshaker for negotiating a DTLS session with a server.

Parameters:

session - the session to negotiate with the server.

recordLayer - the object to use for sending flights to the peer.

timer - scheduled executor for flight retransmission (since 2.4).

connection - the connection related with the session.

config - the DTLS configuration.

probe - true enable probing for this handshake, false, not probing handshake.

Throws:

IllegalStateException - if the message digest required for computing the FINISHED message hash cannot be instantiated.

NullPointerException - if session, recordLayer, timer or config is null

Method Detail

doProcessMessage

protected void doProcessMessage(HandshakeMessage message)
                         throws HandshakeException,
                                GeneralSecurityException

Description copied from class: Handshaker

Does the specific processing of a message received from a peer in the course of an ongoing handshake. This method does not do anything. Concrete handshaker implementations should override this method in order to prepare the response to the received record.

Specified by:

doProcessMessage in class Handshaker

Parameters:

message - the message received from the peer

Throws:

HandshakeException - if the record's plaintext fragment cannot be parsed into a handshake message or cannot be processed properly

GeneralSecurityException - if the record's ciphertext fragment cannot be decrypted

receivedHelloVerifyRequest

protected void receivedHelloVerifyRequest(HelloVerifyRequest message)
                                   throws HandshakeException

A HelloVerifyRequest is sent by the server upon the arrival of the client's ClientHello. It is sent by the server to prevent flooding of a client. The client answers with the same ClientHello as before with the additional cookie.

Parameters:

message - the server's HelloVerifyRequest.

Throws:

HandshakeException - if the CLIENT_HELLO record cannot be created

receivedServerHello

protected void receivedServerHello(ServerHello message)
                            throws HandshakeException

Stores the negotiated security parameters.

Parameters:

message - the ServerHello message.

Throws:

HandshakeException - if the ServerHello message cannot be processed, e.g. because the server selected an unknown or unsupported cipher suite

verifyServerHelloExtensions

protected void verifyServerHelloExtensions(ServerHello message)
                                    throws HandshakeException

Throws:

HandshakeException

processMasterSecret

protected void processMasterSecret(SecretKey masterSecret)
                            throws HandshakeException

Do the handshaker specific master secret processing Continues process of server hello done when all credentials are available. Prepares all necessary messages (depending on server's previous flight) and sends the next flight.

Specified by:

processMasterSecret in class Handshaker

Parameters:

masterSecret - master secret

Throws:

HandshakeException - if an error occurs

Since:

2.3

processCertificateVerified

protected void processCertificateVerified()
                                   throws HandshakeException

Do the handshaker specific processing of successful verified certificates Continues process of server's certificate when the verification result is available. Prepares all necessary messages (depending on server's previous flight) and sends the next flight.

Specified by:

processCertificateVerified in class Handshaker

Throws:

HandshakeException - if an error occurs

Since:

2.5

createCertificateMessage

protected void createCertificateMessage(DTLSFlight flight)
                                 throws HandshakeException

Throws:

HandshakeException

isSupportedCertificateType

protected static boolean isSupportedCertificateType(CertificateType certType,
                                 List<CertificateType> supportedCertificateTypes)

Checks, if the provided certificate type is supported.

Parameters:

certType - certificate type

supportedCertificateTypes - list of supported certificate type. if null, only CertificateType.X_509 is supported.

Returns:

true, if supported, false otherwise.

startHandshake

public void startHandshake()
                    throws HandshakeException

Description copied from class: Handshaker

Starts the handshake by sending the first flight to the peer.

The particular message to be sent depends on this peer's role in the handshake, i.e. if this end represents the client or server.

Specified by:

startHandshake in class Handshaker

Throws:

HandshakeException - if the message to start the handshake cannot be created and sent using the session's current security parameters.

addRecordSizeLimit

protected void addRecordSizeLimit(ClientHello helloMessage)

Add record size limit extension, if configured in DtlsConnectorConfig.getRecordSizeLimit().

Parameters:

helloMessage - client hello to add RecordSizeLimitExtension.

Since:

2.4

addMaxFragmentLength

protected void addMaxFragmentLength(ClientHello helloMessage)

addConnectionId

protected void addConnectionId(ClientHello helloMessage)

addServerNameIndication

protected void addServerNameIndication(ClientHello helloMessage)

getPskClientIdentity

protected PskPublicInformation getPskClientIdentity()
                                             throws HandshakeException

Get PSK client identity.

Returns:

psk client identity associated with the destination DTLSSession.getPeer()

Throws:

HandshakeException - if no identity is available for the destination

Since:

2.3

isProbing

public boolean isProbing()

Description copied from class: Handshaker

Test, if handshake was started in probing mode. Usually a resuming client handshake removes the session from the connection store with the start. Probing removes the session only with the first data received back.

Overrides:

isProbing in class Handshaker

Returns:

true, if handshake is in probing mode, false, otherwise.

See Also:

ResumingClientHandshaker

resetProbing

public void resetProbing()

Description copied from class: Handshaker

Reset probing mode, when data is received during.

Overrides:

resetProbing in class Handshaker

See Also:

ResumingClientHandshaker

isRemovingConnection

public boolean isRemovingConnection()

Check, if the connection must be removed. The connection must be removed, if Handshaker.handshakeFailed(Throwable) was called, and the connection has no established session. Connections of probing handshakes are not intended to be removed.

Overrides:

isRemovingConnection in class Handshaker

Returns:

true, remove the connection, false, keep it.