package org.bouncycastle.crypto.tls; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Hashtable; import org.bouncycastle.util.Arrays; public final class SessionParameters { public static final class Builder { private int cipherSuite = -1; private short compressionAlgorithm = -1; private byte[] masterSecret = null; private Certificate peerCertificate = null; private byte[] pskIdentity = null; private byte[] srpIdentity = null; private byte[] encodedServerExtensions = null; public Builder() { } public SessionParameters build() { validate(this.cipherSuite >= 0, "cipherSuite"); validate(this.compressionAlgorithm >= 0, "compressionAlgorithm"); validate(this.masterSecret != null, "masterSecret"); return new SessionParameters(cipherSuite, compressionAlgorithm, masterSecret, peerCertificate, pskIdentity, srpIdentity, encodedServerExtensions); } public Builder setCipherSuite(int cipherSuite) { this.cipherSuite = cipherSuite; return this; } public Builder setCompressionAlgorithm(short compressionAlgorithm) { this.compressionAlgorithm = compressionAlgorithm; return this; } public Builder setMasterSecret(byte[] masterSecret) { this.masterSecret = masterSecret; return this; } public Builder setPeerCertificate(Certificate peerCertificate) { this.peerCertificate = peerCertificate; return this; } /** * @deprecated Use {@link #setPSKIdentity(byte[])) */ public Builder setPskIdentity(byte[] pskIdentity) { this.pskIdentity = pskIdentity; return this; } public Builder setPSKIdentity(byte[] pskIdentity) { this.pskIdentity = pskIdentity; return this; } public Builder setSRPIdentity(byte[] srpIdentity) { this.srpIdentity = srpIdentity; return this; } public Builder setServerExtensions(Hashtable serverExtensions) throws IOException { if (serverExtensions == null) { encodedServerExtensions = null; } else { ByteArrayOutputStream buf = new ByteArrayOutputStream(); TlsProtocol.writeExtensions(buf, serverExtensions); encodedServerExtensions = buf.toByteArray(); } return this; } private void validate(boolean condition, String parameter) { if (!condition) { throw new IllegalStateException("Required session parameter '" + parameter + "' not configured"); } } } private int cipherSuite; private short compressionAlgorithm; private byte[] masterSecret; private Certificate peerCertificate; private byte[] pskIdentity = null; private byte[] srpIdentity = null; private byte[] encodedServerExtensions; private SessionParameters(int cipherSuite, short compressionAlgorithm, byte[] masterSecret, Certificate peerCertificate, byte[] pskIdentity, byte[] srpIdentity, byte[] encodedServerExtensions) { this.cipherSuite = cipherSuite; this.compressionAlgorithm = compressionAlgorithm; this.masterSecret = Arrays.clone(masterSecret); this.peerCertificate = peerCertificate; this.pskIdentity = Arrays.clone(pskIdentity); this.srpIdentity = Arrays.clone(srpIdentity); this.encodedServerExtensions = encodedServerExtensions; } public void clear() { if (this.masterSecret != null) { Arrays.fill(this.masterSecret, (byte)0); } } public SessionParameters copy() { return new SessionParameters(cipherSuite, compressionAlgorithm, masterSecret, peerCertificate, pskIdentity, srpIdentity, encodedServerExtensions); } public int getCipherSuite() { return cipherSuite; } public short getCompressionAlgorithm() { return compressionAlgorithm; } public byte[] getMasterSecret() { return masterSecret; } public Certificate getPeerCertificate() { return peerCertificate; } /** * @deprecated Use {@link #getPSKIdentity()) */ public byte[] getPskIdentity() { return pskIdentity; } public byte[] getPSKIdentity() { return pskIdentity; } public byte[] getSRPIdentity() { return srpIdentity; } public Hashtable readServerExtensions() throws IOException { if (encodedServerExtensions == null) { return null; } ByteArrayInputStream buf = new ByteArrayInputStream(encodedServerExtensions); return TlsProtocol.readExtensions(buf); } }