iaik.security.ssl.ExtensionList
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
public class ExtensionList
This class represents a TLS ExtensionList.
Extensions to the TLS protocol have been introduced by RFC 4366 (TLS extensions). and are incorporated into the upcoming TLS 1.2 protocol.
A TLS client that wishes to use some extensions creates an ExtensionList and sends it to the server within an extended ClientHello message:
struct {
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSuite cipher_suites<2..2^16-1>;
CompressionMethod compression_methods<1..2^8-1>;
Extension client_hello_extension_list<0..2^16-1>;
} ClientHello;
The server parses the ExtensionList from the client and responds with an
extended ServerHello message if he wants to enable any of the extensions
suggested by the client:
struct {
ProtocolVersion server_version;
Random random;
SessionID session_id;
CipherSuite cipher_suite;
CompressionMethod compression_method;
Extension server_hello_extension_list<0..2^16-1>;
} ServerHello;
struct {
ExtensionType extension_type;
opaque extension_data<0..2^16-1>;
} Extension;
Each extension is identified by its extension type. The value of the
extension is represented as opaque extension data. Currently the following
extensions are implemented by iSaSiLk:
Server Name Indication (server_name)
(0)
Maximum Fragment Length Negotiation (
max_fragment_length) (1)
Client Certificate URLs (
client_certificate_url) (2)
Trusted CA Indication (
trusted_ca_keys) (3)
Truncated HMAC (truncated_hmac) (4)
Certificate Status Request (
status_request) (5)
Supported Elliptic Curves (
elliptic_curves) (10)Supported Groups (supported_groups) (10)
Supported Point Formats (
ec_point formats) (11)
Session Ticket (session_ticket) (35)
Signature Algorithm (
signature_algorithms) (13)
Extended Master Secret (
extended_master_secret) (23)
Application-Layer Protocol Negotiation
Extension (application_layer_protocol_negotiation) (16)
Signature Algorithms Cert (
signature_algorithms_cert) (50)
Supported Versions (TLS 1.3) (
supported_versions) (43)
KeyShare (TLS 1.3) (key_share) (51)
Certificate Authorities (TLS 1.3) (
certificate_authorities) (47)
Psk KeyExchange Modes(TLS 1.3) (
psk_key_exchange_modes) (45)
Post Handshake Auth (TLS 1.3) (
post_handshake_auth) (49)
renegotiation_info (65281)*
cookie (TLS 1.3) (43)*
pre_shared_key (TLS 1.3) (41)*
Extensions that shall be enabled:
// create new ExtensionList ExtensionList extensions = new ExtensionList(); ... // add extensions as required extensions.addExtension(...); ... // pass the ExtensionList to the SSLClient/ServerContext SSLContext context = ...; context.setExtensions(extensions);Extension configuration may differ on client and server side. When configuring, for instance, a server_name extension, the client-side
ServerNameListServerNameList, the server-side ExtensionList only
has to contain an empty ServerNameList.
When setting an ExtensionList
for an SSLClient/ServerContext the configuration of all of its
extensions shall be already finished. Any extension configuration that is
done after the ExtensionList has been set for the SSLContext is not
recognized.
Each iSaSiLk Extension maybe classified as
criticalnot critical. The critical flag is not defined by
the TLS specification, it is only used by iSaSiLk. On the client side it
decides whether to abort (critical = true) the handshake if the
client has sent some particular extension in his ClientHello, but the server
does not include an extension of the same type in his ServerHello. On the
server side critical decides whether to abort (
critical = true) the handshake if the client did not sent an
expected extension.
Default: true (client-side), false (server-side)
Depending on the particular Extension in use, the critical flag
may have some additional, extension-specific meaning.
When parsing an ExtensionList received from the peer, iSaSiLk creates an
UnknownExtension for any extension of unknown (i.e.
unsupported) type.
renegotiation_info, cookie and
pre_shared_key extensions is not publicly accessible. All
processing is done automatically and internally by the library.
Extension,
UnknownExtension| Constructor Summary | |
|---|---|
ExtensionList()
Default Constructor. |
|
ExtensionList(Extension[] extensions)
Creates an ExtensionList for the given extensions. |
|
| Method Summary | |
|---|---|
boolean |
addExtension(Extension e)
Adds an extension to this ExtensionList. |
java.lang.Object |
clone()
Gets a clone of this Extension. |
int |
countExtensions()
Gets the number of extensions included in this ExtensionList. |
Extension |
getExtension(ExtensionType type)
Gets a particular extension, specified by its type. |
java.util.Enumeration |
getExtensionTypes()
Gets an Enumeration containing the types of the Extensions contained in this ExtensionList. |
boolean |
hasExtensions()
Checks, if there are any extensions included in this ExtensionList. |
boolean |
hasUnsupportedExtensions()
Asks whether unsupported extensions are included in this ExtensionList. |
java.util.Enumeration |
listExtensions()
Returns an enumeration of all extensions included in this ExtensionList. |
java.util.Enumeration |
listUnsupportedExtensions()
Gets an enumeration of all unsupported extensions contained in this ExtensionList. |
void |
removeAllExtensions()
Removes all extensions currently included in this ExtensionList. |
boolean |
removeExtension(ExtensionType type)
Removes an extension, identified by its type. |
void |
setAllCritical(boolean critical)
Sets the critical state of all included extensions to true or
false. |
static void |
setDefaultCriticalValue(ExtensionType type,
boolean critical)
Sets the default critical value for the extension of the given type. |
static void |
setDefaultCriticalValue(ExtensionType type,
boolean isClient,
boolean critical)
Sets the server- or client-specific default critical value for the extension of the given type. |
java.lang.String |
toString()
Gets a string that represents the contents of the ExtensionList. |
java.lang.String |
toString(boolean detailed)
Gets a string that represents the contents of the ExtensionList. |
| Methods inherited from class java.lang.Object |
|---|
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
| Constructor Detail |
|---|
public ExtensionList()
ExtensionList object to be
supplied with TLS Extensions. Use method
addExtension to add extensions to the
list.
public ExtensionList(Extension[] extensions)
extensions - the extensions for this ExtensionList| Method Detail |
|---|
public static final void setDefaultCriticalValue(ExtensionType type,
boolean critical)
type - the type of the extension.critical - whether the extension of the given type shall be marked as
critical by default or as non critical
java.lang.IllegalArgumentException - if the default critical value of the specified extension cannot
be set (either because the extension of the given type is not
supported or it is not allowed to set the default critical value)
public static final void setDefaultCriticalValue(ExtensionType type,
boolean isClient,
boolean critical)
type - the type of the extension.isClient - whether the critical value shall be applied to a client side
extension of the given type, or to the server side extension of
this typecritical - whether the extension of the given type shall be marked as
critical by default or as non critical
java.lang.IllegalArgumentException - if the default critical value of the specified extension cannot
be set (either because the extension of the given type is not
supported or it is not allowed to set the default critical valuepublic boolean addExtension(Extension e)
e - the extension to to be added
true, if an extension with the same type has been
replaced, or false if there has yet not been included
any extension with the same type
java.lang.NullPointerException - if the given extension is nullpublic boolean removeExtension(ExtensionType type)
type - the type of the extension to be removed
true if the extension successfully has been removed,
false otherwisepublic void removeAllExtensions()
public java.util.Enumeration listExtensions()
The enumeration returned by this method will contain an
UnknownExtension
public boolean hasExtensions()
true if there are extensions included,
false if notpublic int countExtensions()
public java.util.Enumeration listUnsupportedExtensions()
UnknownExtension) contained in this
ExtensionList; the enumeration maybe empty if no unsupported
extensions are includedpublic boolean hasUnsupportedExtensions()
true if unsupported extensions are included
false if no unsupported extensions are includedpublic void setAllCritical(boolean critical)
true or
false.
critical - true if all extensions shall be set to
critical; false if they shall be set to not
critical;public Extension getExtension(ExtensionType type)
If the extension type is unknown, an UnknownExtension is returned.
type - the type of the extension
null if no extension with the given
type is included in this ExtensionListpublic java.util.Enumeration getExtensionTypes()
public java.lang.Object clone()
clone in class java.lang.Objectpublic java.lang.String toString()
toString in class java.lang.Objectpublic java.lang.String toString(boolean detailed)
detailed - true to include the contents of the extensions
false to only dump the extension types
|
This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note). | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
iSaSiLk 6.0, (c) 2002 IAIK, (c) 2003 - 2015 SIC