1adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project/* 2adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Licensed to the Apache Software Foundation (ASF) under one or more 3adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * contributor license agreements. See the NOTICE file distributed with 4adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * this work for additional information regarding copyright ownership. 5adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * The ASF licenses this file to You under the Apache License, Version 2.0 6adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * (the "License"); you may not use this file except in compliance with 7adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the License. You may obtain a copy of the License at 8adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 9adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * http://www.apache.org/licenses/LICENSE-2.0 10adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 11adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Unless required by applicable law or agreed to in writing, software 12adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * distributed under the License is distributed on an "AS IS" BASIS, 13adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * See the License for the specific language governing permissions and 15adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * limitations under the License. 16adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 17adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 1838375a4d0b3d34e2babbd2f6a013976c7c439696Kenny Rootpackage org.conscrypt; 19adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 20adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.io.IOException; 21adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.cert.CertificateEncodingException; 22adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.cert.CertificateException; 23adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.cert.CertificateFactory; 24adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.cert.X509Certificate; 252feeee4119506ed1511942f80fc2f7eb431afab7Elliott Hughesimport java.util.ArrayList; 26adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 27adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project/** 28adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Represents server/client certificate message 29adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @see <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 30adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 1.0 spec., 7.4.2. Server certificate; 7.4.6. Client certificate</a> 31f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 32adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 33adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectpublic class CertificateMessage extends Message { 34adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 35adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 36adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Certificates 37adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 38adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project X509Certificate[] certs; 39adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 40adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 41adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Certificates in encoded form 42adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 43adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project byte[][] encoded_certs; 44adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 45adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 46adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Creates inbound message 47f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 48adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param in 49adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param length 50adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws IOException 51adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 522feeee4119506ed1511942f80fc2f7eb431afab7Elliott Hughes public CertificateMessage(HandshakeIODataStream in, int length) throws IOException { 53adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project int l = in.readUint24(); // total_length 54adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (l == 0) { // message contais no certificates 55adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (length != 3) { // no more bytes after total_length 56adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project fatalAlert(AlertProtocol.DECODE_ERROR, 57adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project "DECODE ERROR: incorrect CertificateMessage"); 58adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 59adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project certs = new X509Certificate[0]; 60adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project encoded_certs = new byte[0][0]; 61adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project this.length = 3; 62adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return; 63adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 64adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project CertificateFactory cf; 65adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 66adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project cf = CertificateFactory.getInstance("X509"); 67adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (CertificateException e) { 68adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR", e); 69adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return; 70adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 712feeee4119506ed1511942f80fc2f7eb431afab7Elliott Hughes ArrayList<X509Certificate> certsList = new ArrayList<X509Certificate>(); 72adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project int size = 0; 73adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project int enc_size = 0; 74adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project while (l > 0) { 75adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project size = in.readUint24(); 76adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project l -= 3; 77adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 782feeee4119506ed1511942f80fc2f7eb431afab7Elliott Hughes certsList.add((X509Certificate) cf.generateCertificate(in)); 79adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (CertificateException e) { 80adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project fatalAlert(AlertProtocol.DECODE_ERROR, "DECODE ERROR", e); 81adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 82adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project l -= size; 83adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project enc_size += size; 84adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 852feeee4119506ed1511942f80fc2f7eb431afab7Elliott Hughes certs = certsList.toArray(new X509Certificate[certsList.size()]); 86adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project this.length = 3 + 3 * certs.length + enc_size; 87adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (this.length != length) { 882feeee4119506ed1511942f80fc2f7eb431afab7Elliott Hughes fatalAlert(AlertProtocol.DECODE_ERROR, "DECODE ERROR: incorrect CertificateMessage"); 89adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 90adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 91adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 92adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 93adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Creates outbound message 94f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 95adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param certs 96adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 97adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public CertificateMessage(X509Certificate[] certs) { 98adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (certs == null) { 99adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project this.certs = new X509Certificate[0]; 100adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project encoded_certs = new byte[0][0]; 101adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project length = 3; 102adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return; 103adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 104adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project this.certs = certs; 105adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (encoded_certs == null) { 106adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project encoded_certs = new byte[certs.length][]; 107adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project for (int i = 0; i < certs.length; i++) { 108adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 109adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project encoded_certs[i] = certs[i].getEncoded(); 110adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (CertificateEncodingException e) { 111adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR", 112adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project e); 113adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 114adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 115adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 116adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project length = 3 + 3 * encoded_certs.length; 117adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project for (int i = 0; i < encoded_certs.length; i++) { 118adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project length += encoded_certs[i].length; 119adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 120adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 121adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 122adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 123adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Sends message 124f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 125adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param out 126adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 127f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson @Override 128adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public void send(HandshakeIODataStream out) { 129adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 130adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project int total_length = 0; 131adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (encoded_certs == null) { 132adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project encoded_certs = new byte[certs.length][]; 133adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project for (int i = 0; i < certs.length; i++) { 134adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 135adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project encoded_certs[i] = certs[i].getEncoded(); 136adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (CertificateEncodingException e) { 137adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR", 138adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project e); 139adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 140adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 141adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 142adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project total_length = 3 * encoded_certs.length; 143adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project for (int i = 0; i < encoded_certs.length; i++) { 144adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project total_length += encoded_certs[i].length; 145adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 146adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project out.writeUint24(total_length); 147adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project for (int i = 0; i < encoded_certs.length; i++) { 148adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project out.writeUint24(encoded_certs[i].length); 149adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project out.write(encoded_certs[i]); 150adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 151adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 152adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 153adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 154b7eec62f6db198a76b67d7915b03e59189c6df4fBrian Carlstrom public String getAuthType() { 155b7eec62f6db198a76b67d7915b03e59189c6df4fBrian Carlstrom return certs[0].getPublicKey().getAlgorithm(); 156b7eec62f6db198a76b67d7915b03e59189c6df4fBrian Carlstrom } 157b7eec62f6db198a76b67d7915b03e59189c6df4fBrian Carlstrom 158adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 159adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns message type 160adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 161f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson @Override 162adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public int getType() { 163adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return Handshake.CERTIFICATE; 164adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 165adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 166adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project} 167