summaryrefslogtreecommitdiffstats
path: root/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsServer.java
diff options
context:
space:
mode:
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsServer.java')
-rw-r--r--bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsServer.java143
1 files changed, 143 insertions, 0 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsServer.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsServer.java
new file mode 100644
index 0000000..3aa47e8
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/test/MockTlsServer.java
@@ -0,0 +1,143 @@
+package org.bouncycastle.crypto.tls.test;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Vector;
+
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.crypto.tls.AlertDescription;
+import org.bouncycastle.crypto.tls.AlertLevel;
+import org.bouncycastle.crypto.tls.CertificateRequest;
+import org.bouncycastle.crypto.tls.CipherSuite;
+import org.bouncycastle.crypto.tls.ClientCertificateType;
+import org.bouncycastle.crypto.tls.DefaultTlsServer;
+import org.bouncycastle.crypto.tls.ProtocolVersion;
+import org.bouncycastle.crypto.tls.SignatureAlgorithm;
+import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
+import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
+import org.bouncycastle.crypto.tls.TlsSignerCredentials;
+import org.bouncycastle.crypto.tls.TlsUtils;
+import org.bouncycastle.util.Arrays;
+
+class MockTlsServer
+ extends DefaultTlsServer
+{
+ public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
+ {
+ PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+ out.println("TLS server raised alert: " + AlertLevel.getText(alertLevel)
+ + ", " + AlertDescription.getText(alertDescription));
+ if (message != null)
+ {
+ out.println("> " + message);
+ }
+ if (cause != null)
+ {
+ cause.printStackTrace(out);
+ }
+ }
+
+ public void notifyAlertReceived(short alertLevel, short alertDescription)
+ {
+ PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
+ out.println("TLS server received alert: " + AlertLevel.getText(alertLevel)
+ + ", " + AlertDescription.getText(alertDescription));
+ }
+
+ protected int[] getCipherSuites()
+ {
+ return Arrays.concatenate(super.getCipherSuites(),
+ new int[]
+ {
+ CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+ CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
+ CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
+ CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
+ CipherSuite.TLS_RSA_WITH_SALSA20_SHA1,
+ });
+ }
+
+ protected ProtocolVersion getMaximumVersion()
+ {
+ return ProtocolVersion.TLSv12;
+ }
+
+ public ProtocolVersion getServerVersion() throws IOException
+ {
+ ProtocolVersion serverVersion = super.getServerVersion();
+
+ System.out.println("TLS server negotiated " + serverVersion);
+
+ return serverVersion;
+ }
+
+ public CertificateRequest getCertificateRequest() throws IOException
+ {
+ short[] certificateTypes = new short[]{ ClientCertificateType.rsa_sign,
+ ClientCertificateType.dss_sign, ClientCertificateType.ecdsa_sign };
+
+ Vector serverSigAlgs = null;
+ if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(serverVersion))
+ {
+ serverSigAlgs = TlsUtils.getDefaultSupportedSignatureAlgorithms();
+ }
+
+ Vector certificateAuthorities = new Vector();
+ certificateAuthorities.add(TlsTestUtils.loadCertificateResource("x509-ca.pem").getSubject());
+
+ return new CertificateRequest(certificateTypes, serverSigAlgs, certificateAuthorities);
+ }
+
+ public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate)
+ throws IOException
+ {
+ Certificate[] chain = clientCertificate.getCertificateList();
+ System.out.println("TLS server received client certificate chain of length " + chain.length);
+ for (int i = 0; i != chain.length; i++)
+ {
+ Certificate entry = chain[i];
+ // TODO Create fingerprint based on certificate signature algorithm digest
+ System.out.println(" fingerprint:SHA-256 " + TlsTestUtils.fingerprint(entry) + " ("
+ + entry.getSubject() + ")");
+ }
+ }
+
+ protected TlsEncryptionCredentials getRSAEncryptionCredentials()
+ throws IOException
+ {
+ return TlsTestUtils.loadEncryptionCredentials(context, new String[]{"x509-server.pem", "x509-ca.pem"},
+ "x509-server-key.pem");
+ }
+
+ protected TlsSignerCredentials getRSASignerCredentials()
+ throws IOException
+ {
+ /*
+ * TODO Note that this code fails to provide default value for the client supported
+ * algorithms if it wasn't sent.
+ */
+ SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
+ Vector sigAlgs = supportedSignatureAlgorithms;
+ if (sigAlgs != null)
+ {
+ for (int i = 0; i < sigAlgs.size(); ++i)
+ {
+ SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm)
+ sigAlgs.elementAt(i);
+ if (sigAlg.getSignature() == SignatureAlgorithm.rsa)
+ {
+ signatureAndHashAlgorithm = sigAlg;
+ break;
+ }
+ }
+
+ if (signatureAndHashAlgorithm == null)
+ {
+ return null;
+ }
+ }
+
+ return TlsTestUtils.loadSignerCredentials(context, new String[]{"x509-server.pem", "x509-ca.pem"},
+ "x509-server-key.pem", signatureAndHashAlgorithm);
+ }
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 08:16:45 +0000