1 files changed, 0 insertions, 218 deletions

diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
deleted file mode 100644
index 2662fda..0000000
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsDHKeyExchange.java
+++ /dev/null
@@ -1,218 +0,0 @@
-package org.bouncycastle.crypto.tls;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.DHParameters;
-import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
-import org.bouncycastle.crypto.params.DHPublicKeyParameters;
-import org.bouncycastle.crypto.util.PublicKeyFactory;
-
-/**
- * (D)TLS DH key exchange.
- */
-public class TlsDHKeyExchange
-    extends AbstractTlsKeyExchange
-{
-    protected TlsSigner tlsSigner;
-    protected DHParameters dhParameters;
-
-    protected AsymmetricKeyParameter serverPublicKey;
-    protected TlsAgreementCredentials agreementCredentials;
-
-    protected DHPrivateKeyParameters dhAgreePrivateKey;
-    protected DHPublicKeyParameters dhAgreePublicKey;
-
-    public TlsDHKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, DHParameters dhParameters)
-    {
-        super(keyExchange, supportedSignatureAlgorithms);
-
-        switch (keyExchange)
-        {
-        case KeyExchangeAlgorithm.DH_RSA:
-        case KeyExchangeAlgorithm.DH_DSS:
-            this.tlsSigner = null;
-            break;
-        case KeyExchangeAlgorithm.DHE_RSA:
-            this.tlsSigner = new TlsRSASigner();
-            break;
-        case KeyExchangeAlgorithm.DHE_DSS:
-            this.tlsSigner = new TlsDSSSigner();
-            break;
-        default:
-            throw new IllegalArgumentException("unsupported key exchange algorithm");
-        }
-
-        this.dhParameters = dhParameters;
-    }
-
-    public void init(TlsContext context)
-    {
-        super.init(context);
-
-        if (this.tlsSigner != null)
-        {
-            this.tlsSigner.init(context);
-        }
-    }
-
-    public void skipServerCredentials()
-        throws IOException
-    {
-        throw new TlsFatalAlert(AlertDescription.unexpected_message);
-    }
-
-    public void processServerCertificate(Certificate serverCertificate)
-        throws IOException
-    {
-        if (serverCertificate.isEmpty())
-        {
-            throw new TlsFatalAlert(AlertDescription.bad_certificate);
-        }
-
-        org.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0);
-
-        SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
-        try
-        {
-            this.serverPublicKey = PublicKeyFactory.createKey(keyInfo);
-        }
-        catch (RuntimeException e)
-        {
-            throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
-        }
-
-        if (tlsSigner == null)
-        {
-            try
-            {
-                this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey((DHPublicKeyParameters)this.serverPublicKey);
-            }
-            catch (ClassCastException e)
-            {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
-            }
-
-            TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyAgreement);
-        }
-        else
-        {
-            if (!tlsSigner.isValidPublicKey(this.serverPublicKey))
-            {
-                throw new TlsFatalAlert(AlertDescription.certificate_unknown);
-            }
-
-            TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature);
-        }
-
-        super.processServerCertificate(serverCertificate);
-    }
-
-    public boolean requiresServerKeyExchange()
-    {
-        switch (keyExchange)
-        {
-        case KeyExchangeAlgorithm.DHE_DSS:
-        case KeyExchangeAlgorithm.DHE_RSA:
-        case KeyExchangeAlgorithm.DH_anon:
-            return true;
-        default:
-            return false;
-        }
-    }
-
-    public void validateCertificateRequest(CertificateRequest certificateRequest)
-        throws IOException
-    {
-        short[] types = certificateRequest.getCertificateTypes();
-        for (int i = 0; i < types.length; ++i)
-        {
-            switch (types[i])
-            {
-            case ClientCertificateType.rsa_sign:
-            case ClientCertificateType.dss_sign:
-            case ClientCertificateType.rsa_fixed_dh:
-            case ClientCertificateType.dss_fixed_dh:
-            case ClientCertificateType.ecdsa_sign:
-                break;
-            default:
-                throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
-        }
-    }
-
-    public void processClientCredentials(TlsCredentials clientCredentials)
-        throws IOException
-    {
-        if (clientCredentials instanceof TlsAgreementCredentials)
-        {
-            // TODO Validate client cert has matching parameters (see 'areCompatibleParameters')?
-
-            this.agreementCredentials = (TlsAgreementCredentials)clientCredentials;
-        }
-        else if (clientCredentials instanceof TlsSignerCredentials)
-        {
-            // OK
-        }
-        else
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-    }
-
-    public void generateClientKeyExchange(OutputStream output)
-        throws IOException
-    {
-        /*
-         * RFC 2246 7.4.7.2 If the client certificate already contains a suitable Diffie-Hellman
-         * key, then Yc is implicit and does not need to be sent again. In this case, the Client Key
-         * Exchange message will be sent, but will be empty.
-         */
-        if (agreementCredentials == null)
-        {
-            this.dhAgreePrivateKey = TlsDHUtils.generateEphemeralClientKeyExchange(context.getSecureRandom(),
-                dhParameters, output);
-        }
-    }
-
-    public void processClientCertificate(Certificate clientCertificate) throws IOException
-    {
-        // TODO Extract the public key
-        // TODO If the certificate is 'fixed', take the public key as dhAgreeClientPublicKey
-    }
-
-    public void processClientKeyExchange(InputStream input) throws IOException
-    {
-        if (dhAgreePublicKey != null)
-        {
-            // For dss_fixed_dh and rsa_fixed_dh, the key arrived in the client certificate
-            return;
-        }
-
-        BigInteger Yc = TlsDHUtils.readDHParameter(input);
-        
-        this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(new DHPublicKeyParameters(Yc, dhParameters));
-    }
-
-    public byte[] generatePremasterSecret()
-        throws IOException
-    {
-        if (agreementCredentials != null)
-        {
-            return agreementCredentials.generateAgreement(dhAgreePublicKey);
-        }
-
-        if (dhAgreePrivateKey != null)
-        {
-            return TlsDHUtils.calculateDHBasicAgreement(dhAgreePublicKey, dhAgreePrivateKey);
-        }
-
-        throw new TlsFatalAlert(AlertDescription.internal_error);
-    }
-}