org.eclipse.californium.scandium.dtls

Class ResumingClientHandshaker

java.lang.Object

org.eclipse.californium.scandium.dtls.Handshaker

org.eclipse.californium.scandium.dtls.ClientHandshaker

org.eclipse.californium.scandium.dtls.ResumingClientHandshaker

All Implemented Interfaces:

Destroyable

public class ResumingClientHandshaker
extends ClientHandshaker

The resuming client handshaker executes a abbreviated handshake by adding a valid session identifier into its ClientHello message. The message flow is depicted in Figure 2. The new keys will be generated from the master secret established from a previous full handshake.

This implementation offers a probing mode. If a mobile peer doesn't get a ACK or response that may have two different causes:

1. server has lost session (association)
2. connectivity is lost

The second is sometime hard to detect; the peer's state is connected, but effectively it's not working. In that case, after some retransmissions, the peer starts a handshake. Without the probing mode starting a handshake removes on the client the session. If the handshake timesout (though the connection is not working), the peer still requires a new handshake after the connectivity is established again. With probing mode, the handshake starts without removing the session. If some data is received, the session is removed and the handshake gets completed. If no data is received, the peer assumes, that the connectivity is lost (even if it's own state indicates connectivity) and just timesout the request. if the connectivity is established again, just a new request could be send without a handshake.

Field Summary

Fields inherited from class org.eclipse.californium.scandium.dtls.ClientHandshaker

certificateRequest, clientHello, clientKeyExchange, handshakeHash, indicatedServerNames, maxFragmentLengthCode, negotiatedSignatureAndHashAlgorithm, sentClientCertificate, serverKeyExchange, SEVER_CERTIFICATE, supportedClientCertificateTypes, supportedGroups, supportedServerCertificateTypes, supportedSignatureAlgorithms, truncateCertificatePath

Fields inherited from class org.eclipse.californium.scandium.dtls.Handshaker

advancedPskStore, certificateChain, certificateVerfied, certificateVerifier, clientRandom, connectionIdGenerator, flightNumber, handshakeMessages, isClient, LOGGER, masterSecret, peerCertPath, privateKey, publicKey, reassembledMessage, recordSizeLimit, serverRandom, session, sniEnabled, states, statesIndex, usedProtocol, useKeyUsageVerification, useStateValidation, useTruncatedCertificatePathForVerification

Constructor Summary

Constructors

Constructor and Description
ResumingClientHandshaker(DTLSSession session, RecordLayer recordLayer, ScheduledExecutorService timer, Connection connection, DtlsConnectorConfig config, boolean probe) Creates a new handshaker for resuming an existing session with a server.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	doProcessMessage(HandshakeMessage message) Does the specific processing of a message received from a peer in the course of an ongoing handshake.
protected void	receivedServerHello(ServerHello message) Stores the negotiated security parameters.
void	startHandshake() Starts the handshake by sending the first flight to the peer.

Methods inherited from class org.eclipse.californium.scandium.dtls.ClientHandshaker

addConnectionId, addMaxFragmentLength, addRecordSizeLimit, addServerNameIndication, createCertificateMessage, getPskClientIdentity, isProbing, isRemovingConnection, isSupportedCertificateType, processCertificateVerified, processMasterSecret, receivedHelloVerifyRequest, resetProbing, verifyServerHelloExtensions

Methods inherited from class org.eclipse.californium.scandium.dtls.Handshaker

addApplicationDataForDeferredProcessing, addRecordsForDeferredProcessing, addSessionListener, applyMasterSecret, calculateKeys, completePendingFlight, createFlight, destroy, ensureUndestroyed, expectChangeCipherSpecMessage, expectMessage, generateRandomSeed, getClientRandom, getConnection, getFailureCause, getHandshakeMessageDigest, getPeerAddress, getReadConnectionId, getServerRandom, getSession, handshakeAborted, handshakeCompleted, handshakeFailed, handshakeFlightRetransmitted, handshakeStarted, hasSessionEstablished, isChangeCipherSpecMessageExpected, isDestroyed, isExpired, isInboundMessageProcessed, isPskRequestPending, processAsyncHandshakeResult, processAsyncPskSecretResult, processCertificateVerificationResult, processMessage, processPskSecretResult, reassembleFragment, removeSessionListener, requestPskSecretResult, sendFlight, sendLastFlight, sessionEstablished, setCurrentReadState, setCurrentWriteState, setFailureCause, setGenerateClusterMacKeys, takeDeferredApplicationData, takeDeferredApplicationData, takeDeferredRecords, verifyCertificate, wrapMessage

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ResumingClientHandshaker

public ResumingClientHandshaker(DTLSSession session,
                        RecordLayer recordLayer,
                        ScheduledExecutorService timer,
                        Connection connection,
                        DtlsConnectorConfig config,
                        boolean probe)

Creates a new handshaker for resuming an existing session with a server.

Parameters:

session - the session to resume.

recordLayer - the object to use for sending flights to the peer.

timer - scheduled executor for flight retransmission (since 2.4).

connection - the connection related with the session.

config - the DTLS configuration parameters to use for the handshake.

probe - true enable probing for this resumption handshake, false, not probing handshake.

Throws:

IllegalArgumentException - if the given session does not contain an identifier.

IllegalStateException - if the message digest required for computing the FINISHED message hash cannot be instantiated.

NullPointerException - if session, recordLayer or config is null

Method Detail

doProcessMessage

protected void doProcessMessage(HandshakeMessage message)
                         throws HandshakeException,
                                GeneralSecurityException

Description copied from class: Handshaker

Does the specific processing of a message received from a peer in the course of an ongoing handshake. This method does not do anything. Concrete handshaker implementations should override this method in order to prepare the response to the received record.

Overrides:

doProcessMessage in class ClientHandshaker

Parameters:

message - the message received from the peer

Throws:

HandshakeException - if the record's plaintext fragment cannot be parsed into a handshake message or cannot be processed properly

GeneralSecurityException - if the record's ciphertext fragment cannot be decrypted

receivedServerHello

protected void receivedServerHello(ServerHello message)
                            throws HandshakeException

Stores the negotiated security parameters.

Overrides:

receivedServerHello in class ClientHandshaker

Parameters:

message - the ServerHello message.

Throws:

HandshakeException - if the ServerHello message cannot be processed, e.g. because the server selected an unknown or unsupported cipher suite

startHandshake

public void startHandshake()
                    throws HandshakeException

Description copied from class: Handshaker

Starts the handshake by sending the first flight to the peer.

The particular message to be sent depends on this peer's role in the handshake, i.e. if this end represents the client or server.

Overrides:

startHandshake in class ClientHandshaker

Throws:

HandshakeException - if the message to start the handshake cannot be created and sent using the session's current security parameters.