org.eclipse.californium.scandium.dtls

Class Handshaker

java.lang.Object

org.eclipse.californium.scandium.dtls.Handshaker

All Implemented Interfaces:

Destroyable

Direct Known Subclasses:

ClientHandshaker, ServerHandshaker

public abstract class Handshaker
extends Object
implements Destroyable

A base class for the DTLS handshake protocol. Contains all functionality and fields needed by all types of handshakers.

Field Summary

Fields

Modifier and Type	Field and Description
protected AdvancedPskStore	advancedPskStore Used to retrieve identity/pre-shared-key for a given destination
protected List<X509Certificate>	certificateChain The chain of certificates asserting this handshaker's identity.
protected boolean	certificateIdentityAvailable true, if the certificate identity request has completed, false, otherwise.
protected CertificateProvider	certificateIdentityProvider The handshaker's certificate identity provider.
protected NewAdvancedCertificateVerifier	certificateVerifier The logic in charge of verifying the chain of certificates asserting this handshaker's identity
protected Random	clientRandom
protected ConnectionIdGenerator	connectionIdGenerator The configured connection id length.
protected ExtendedMasterSecretMode	extendedMasterSecretMode Send the extended master secret extension.
protected int	flightNumber The current flight number.
protected List<HandshakeMessage>	handshakeMessages List of handshake messages
protected org.slf4j.Logger	LOGGER
protected boolean	otherPeersCertificateVerified Indicates, that the verification of the other peer's certificate chain public key has finished.
protected PublicKey	otherPeersPublicKey The public key of the other peer May be null, if other peer sends a empty certificate.
protected Object	peerToLog
protected PrivateKey	privateKey The handshaker's private key.
protected PublicKey	publicKey The handshaker's public key.
protected Integer	recordSizeLimit Record size limit.
protected Random	serverRandom
protected boolean	sniEnabled Support Server Name Indication TLS extension.
protected boolean	useTruncatedCertificatePathForVerification Truncate certificate path for validation.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	Handshaker(long initialRecordSequenceNo, int initialMessageSeq, RecordLayer recordLayer, ScheduledExecutorService timer, Connection connection, DtlsConnectorConfig config) Creates a new handshaker for negotiating a DTLS session with a given peer.

Method Summary

Methods

Modifier and Type	Method and Description
void	addApplicationDataForDeferredProcessing(org.eclipse.californium.elements.RawData outgoingMessage) Add outgoing application data for deferred processing.
void	addRecordsOfNextEpochForDeferredProcessing(Record incomingMessage) Add incoming records for deferred processing.
void	addSessionListener(SessionListener listener) Adds a listener to the list of listeners to be notified about session life cycle events.
protected void	applyMasterSecret(SecretKey masterSecret) Applying the key expansion on the master secret generates a large key block to generate the encryption, MAC and IV keys.
protected void	calculateKeys(SecretKey masterSecret) Calculates the encryption key, MAC key and IV from a given master secret.
protected MessageDigest	cloneMessageDigest(MessageDigest md) Clone message digest for second FINISHED message.
void	completePendingFlight() Registers an outbound flight that has not been acknowledged by the peer yet in order to be able to cancel its re-transmission later once it has been acknowledged.
protected void	contextEstablished() Forward session established to registered listeners.
protected Finished	createFinishedMessage(byte[] handshakeHash) Create the FINISHED message for a pending handshake.
DTLSFlight	createFlight() Create new flight with the current getDtlsContext() and the current flightNumber.
void	destroy()
protected abstract void	doProcessMessage(HandshakeMessage message) Does the specific processing of a message received from a peer in the course of an ongoing handshake.
protected void	ensureUndestroyed() Check, if this handshaker has been destroyed.
protected void	expectChangeCipherSpecMessage() Marks this handshaker to expect the peer's CHANGE_CIPHER_SPEC message next.
protected void	expectEcc() Marks this handshaker to expect the peer to calculate some ECC function.
protected void	expectMessage(DTLSMessage message) Check, if message is expected.
protected byte[]	generateMasterSecretSeed() Generate seed for (extended) master secret.
Random	getClientRandom() Get client random.
Connection	getConnection() Gets related connection.
DTLSContext	getDtlsContext() Gets the dtls context this handshaker is used to establish.
Throwable	getFailureCause() Get cause of failure.
protected MessageDigest	getHandshakeMessageDigest() Get message digest for FINISH message.
InetSocketAddress	getPeerAddress() Gets the IP address and port of the peer this handshaker is used to negotiate a session with.
ConnectionId	getReadConnectionId() Get read connection ID for inbound records
ServerNames	getServerNames() Gets the effective server names of DTLSSession.
Random	getServerRandom() Get server random.
DTLSSession	getSession() Gets the session this handshaker is used to establish.
void	handshakeAborted(Throwable cause) Abort handshake.
void	handshakeCompleted() Forward handshake completed to registered listeners.
void	handshakeFailed(Throwable cause) Notifies all registered session listeners about a handshake failure.
void	handshakeFlightRetransmitted(int flight) Notifies all registered session listeners about a handshake retransmit of a flight.
protected void	handshakeStarted() Forward handshake start to registered listeners.
boolean	hasContextEstablished() Checks, if the dtls context is established.
boolean	hasMasterSecret() Checks, if the master secret is available.
protected boolean	hasPendingApiCall() Checks, if a internal API call is pending.
boolean	isChangeCipherSpecMessageExpected() Checks whether the peer's CHANGE_CIPHER_SPEC message is the next message expected in the ongoing handshake.
protected abstract boolean	isClient()
boolean	isDestroyed()
protected boolean	isExpectedStates(HandshakeState[] states) Checks, if the provided states are the currently expected ones.
boolean	isExpired() Test, if handshake is expired according nano realtime.
boolean	isInboundMessageProcessed() Check, if inbound messages are all processed.
boolean	isProbing() Test, if handshake was started in probing mode.
boolean	isPskRequestPending() Check, if psk request is pending.
boolean	isRemovingConnection() Check, if the connection must be removed.
void	processAsyncHandshakeResult(HandshakeResult handshakeResult) Process asynchronous handshake result.
protected abstract void	processCertificateIdentityAvailable() Do the handshaker specific processing of certificate identity.
protected void	processCertificateIdentityResult(CertificateIdentityResult result) Process the certificate identity.
protected void	processCertificateVerificationResult(CertificateVerificationResult certificateVerificationResult) Process certificate verification result.
protected abstract void	processCertificateVerified() Do the handshaker specific processing of successful verified certificates
protected abstract void	processMasterSecret() Do the handshaker specific master secret processing
void	processMessage(Record record) Processes a handshake record received from a peer based on the handshake's current state.
protected void	processPskSecretResult(PskSecretResult pskSecretResult) Process PSK secret result.
protected GenericHandshakeMessage	reassembleFragment(FragmentedHandshakeMessage fragment) Process a received fragmented handshake message.
void	removeSessionListener(SessionListener listener) Removes a listener from the list of listeners to be notified about session life cycle events.
boolean	requestCertificateIdentity(List<X500Principal> issuers, ServerNames serverNames, List<SignatureAndHashAlgorithm> signatureAndHashAlgorithms, List<XECDHECryptography.SupportedGroup> curves) Request the certificate based identity.
protected void	requestPskSecretResult(PskPublicInformation pskIdentity, SecretKey otherSecret, byte[] seed) Request psk secret result for PSK cipher suites.
void	resetProbing() Reset probing mode, when data is received during.
protected void	resumeMasterSecret() Resume master secret from established session.
void	sendFlight(DTLSFlight flight) Send flight.
void	sendLastFlight(DTLSFlight flight) Send last flight.
protected void	setCurrentReadState()
protected void	setCurrentWriteState()
protected void	setCustomArgument(HandshakeResult result) Set custom argument for ApplicationLevelInfoSupplier.
protected void	setExpectedStates(HandshakeState[] states) Sets expected states.
void	setFailureCause(Throwable cause) Set the failure cause.
void	setGenerateClusterMacKeys(boolean enable) Enable to generate keys for cluster MAC.
protected boolean	setOtherPeersSignatureVerified() Set the signature of the other peer to verified.
boolean	supportsConnectionId() Check, if this peer supports cid.
List<org.eclipse.californium.elements.RawData>	takeDeferredApplicationData() Take deferred outgoing application data.
void	takeDeferredApplicationData(Handshaker replacedHandshaker) Take deferred outgoing application data from provided handshaker.
List<Record>	takeDeferredRecordsOfNextEpoch() Take deferred incoming records of next epoch.
void	verifyCertificate(CertificateMessage message) Start validating the X.509 certificate chain provided by the the peer as part of this message, or the raw public key of the message.
protected void	verifyFinished(Finished finished, byte[] handshakeHash) Verify the handshake hash of the FINISHED.
protected void	wrapMessage(DTLSFlight flight, ChangeCipherSpecMessage ccsMessage) Add a change cipher specs message to the flight.
protected void	wrapMessage(DTLSFlight flight, HandshakeMessage handshakeMessage) Add a handshake message to the flight.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGGER

protected final org.slf4j.Logger LOGGER

clientRandom

protected Random clientRandom

serverRandom

protected Random serverRandom

certificateVerifier

protected final NewAdvancedCertificateVerifier certificateVerifier

The logic in charge of verifying the chain of certificates asserting this handshaker's identity

advancedPskStore

protected final AdvancedPskStore advancedPskStore

Used to retrieve identity/pre-shared-key for a given destination

connectionIdGenerator

protected final ConnectionIdGenerator connectionIdGenerator

The configured connection id length. null, not supported, 0 supported but not used.

flightNumber

protected int flightNumber

The current flight number.

recordSizeLimit

protected Integer recordSizeLimit

Record size limit. null, if not used.

Since:

2.4

peerToLog

protected final Object peerToLog

handshakeMessages

protected final List<HandshakeMessage> handshakeMessages

List of handshake messages

certificateIdentityProvider

protected final CertificateProvider certificateIdentityProvider

The handshaker's certificate identity provider.

Since:

3.0

privateKey

protected PrivateKey privateKey

The handshaker's private key. Only available after certificate identity is provided. May be null, if no matching identity is available.

publicKey

protected PublicKey publicKey

The handshaker's public key. Only available after certificate identity is provided. May be null, if no matching identity is available.

certificateChain

protected List<X509Certificate> certificateChain

The chain of certificates asserting this handshaker's identity. Only available after certificate identity is provided. May be null, if no matching identity is available.

otherPeersPublicKey

protected PublicKey otherPeersPublicKey

The public key of the other peer May be null, if other peer sends a empty certificate.

Since:

3.0

otherPeersCertificateVerified

protected boolean otherPeersCertificateVerified

Indicates, that the verification of the other peer's certificate chain public key has finished.

Since:

3.0 (renamed certificateVerfied)

sniEnabled

protected final boolean sniEnabled

Support Server Name Indication TLS extension.

extendedMasterSecretMode

protected final ExtendedMasterSecretMode extendedMasterSecretMode

Send the extended master secret extension.

Since:

3.0

useTruncatedCertificatePathForVerification

protected final boolean useTruncatedCertificatePathForVerification

Truncate certificate path for validation.

certificateIdentityAvailable

protected boolean certificateIdentityAvailable

true, if the certificate identity request has completed, false, otherwise. Gets true, even if no matching identity is available.

Since:

3.0

Constructor Detail

Handshaker

protected Handshaker(long initialRecordSequenceNo,
          int initialMessageSeq,
          RecordLayer recordLayer,
          ScheduledExecutorService timer,
          Connection connection,
          DtlsConnectorConfig config)

Creates a new handshaker for negotiating a DTLS session with a given peer.

Parameters:

initialRecordSequenceNo - the initial record sequence number (since 3.0).

initialMessageSeq - the initial message sequence number to use and expect in the exchange of handshake messages with the peer. This parameter can be used to initialize the message_seq and receive_next_seq counters to a value larger than 0, e.g. if one or more cookie exchange round-trips have been performed with the peer before the handshake starts.

recordLayer - the object to use for sending flights to the peer.

timer - scheduled executor for flight retransmission (since 2.4).

connection - the connection related to this handshaker.

config - the dtls configuration

Throws:

NullPointerException - if any of the provided parameter is null

IllegalArgumentException - if the initial record or message sequence number is negative

Method Detail

isInboundMessageProcessed

public boolean isInboundMessageProcessed()

Check, if inbound messages are all processed.

Returns:

true, all inbound messages are processed, false, some inbound messages are pending.

Since:

2.1

processMessage

public final void processMessage(Record record)
                          throws HandshakeException

Processes a handshake record received from a peer based on the handshake's current state. This method passes the messages into the inboundMessageBuffer and delegates processing of the ordered messages to the doProcessMessage(HandshakeMessage) method. If ChangeCipherSpecMessage is processed, the nextEpochDeferredRecords are passed again to the RecordLayer to get decrypted and processed.

Parameters:

record - the handshake record

Throws:

HandshakeException - if the record's plaintext fragment cannot be parsed into a handshake message or cannot be processed properly

IllegalArgumentException - if the record's epoch differs from the DTLS context's read epoch

isExpectedStates

protected boolean isExpectedStates(HandshakeState[] states)

Checks, if the provided states are the currently expected ones.

Parameters:

states - state to check

Returns:

true, if the provided states are the currently expected ones

Since:

3.0

See Also:

setExpectedStates(HandshakeState[])

setExpectedStates

protected void setExpectedStates(HandshakeState[] states)

Sets expected states. Resets statesIndex.

Parameters:

states - expected states

Since:

3.0

See Also:

isExpectedStates(HandshakeState[]), expectMessage(DTLSMessage)

expectMessage

protected void expectMessage(DTLSMessage message)
                      throws HandshakeException

Check, if message is expected.

Parameters:

message - message to check

Throws:

HandshakeException - if the message is not expected

doProcessMessage

protected abstract void doProcessMessage(HandshakeMessage message)
                                  throws HandshakeException

Does the specific processing of a message received from a peer in the course of an ongoing handshake. This method does not do anything. Concrete handshaker implementations should override this method in order to prepare the response to the received record.

Parameters:

message - the message received from the peer

Throws:

HandshakeException - if the handshake message cannot be processed properly

processAsyncHandshakeResult

public void processAsyncHandshakeResult(HandshakeResult handshakeResult)
                                 throws HandshakeException

Process asynchronous handshake result. MUST not be called from doProcessMessage(HandshakeMessage) implementations! If handshake expects the cipher change message, then process the messages from the inbound buffer.

Parameters:

handshakeResult - asynchronous handshake result

Throws:

HandshakeException - if an error occurs

IllegalStateException - if pskRequestPending or certificateVerificationPending is not pending, or the handshaker isDestroyed().

Since:

2.5

processPskSecretResult

protected void processPskSecretResult(PskSecretResult pskSecretResult)
                               throws HandshakeException

Process PSK secret result.

Parameters:

pskSecretResult - PSK secret result.

Throws:

HandshakeException - if an error occurs

IllegalStateException - if pskRequestPending is not pending, or the handshaker isDestroyed().

Since:

2.3

processMasterSecret

protected abstract void processMasterSecret()
                                     throws HandshakeException

Do the handshaker specific master secret processing

Throws:

HandshakeException - if an error occurs

Since:

2.3

processCertificateVerificationResult

protected void processCertificateVerificationResult(CertificateVerificationResult certificateVerificationResult)
                                             throws HandshakeException

Process certificate verification result.

Parameters:

certificateVerificationResult - certificate verification result

Throws:

HandshakeException - if an error occurred during processing

IllegalStateException - if certificateVerificationPending is not pending, or the handshaker isDestroyed().

Since:

2.5

processCertificateVerified

protected abstract void processCertificateVerified()
                                            throws HandshakeException

Do the handshaker specific processing of successful verified certificates

Throws:

HandshakeException - if an error occurs

Since:

2.5

processCertificateIdentityResult

protected void processCertificateIdentityResult(CertificateIdentityResult result)
                                         throws HandshakeException

Process the certificate identity.

Parameters:

result - certificate identity

Throws:

HandshakeException - if an error occurs

IllegalStateException - if no call is pending (see certificateIdentityPending), or the handshaker isDestroyed().

Since:

3.0

processCertificateIdentityAvailable

protected abstract void processCertificateIdentityAvailable()
                                                     throws HandshakeException

Do the handshaker specific processing of certificate identity.

Throws:

HandshakeException - if an error occurs

Since:

3.0

setCustomArgument

protected void setCustomArgument(HandshakeResult result)

Set custom argument for ApplicationLevelInfoSupplier. A null custom argument will not overwrite a already set one.

Parameters:

result - handshake result with custom argument.

Since:

3.0

hasPendingApiCall

protected boolean hasPendingApiCall()

Checks, if a internal API call is pending. Using AdvancedPskStore or NewAdvancedCertificateVerifier may result in pending API calls. Such API calls are timed out with the current flight and so report as INTERNAL_ERROR alert instead of silently ignore that time out.

Returns:

true, if call is pending, false, if not.

Since:

3.0

setOtherPeersSignatureVerified

protected boolean setOtherPeersSignatureVerified()

Set the signature of the other peer to verified. Sets the DTLSSession.setPeerIdentity(Principal), if the certificate chain or public key of the other peer is also already verified.

Returns:

the value of otherPeersCertificateVerified

Since:

3.0

getHandshakeMessageDigest

protected final MessageDigest getHandshakeMessageDigest()

Get message digest for FINISH message.

Returns:

message digest update with all handshake messages in handshakeMessages

cloneMessageDigest

protected final MessageDigest cloneMessageDigest(MessageDigest md)
                                          throws HandshakeException

Clone message digest for second FINISHED message.

Parameters:

md - message digest

Returns:

cloned message digest

Throws:

HandshakeException - if cloning fails.

Since:

3.0

applyMasterSecret

protected void applyMasterSecret(SecretKey masterSecret)

Applying the key expansion on the master secret generates a large key block to generate the encryption, MAC and IV keys. Also set the master secret to the session for later resumption handshakes. See RFC5246 for further details about the keys.

Parameters:

masterSecret - the master secret.

Since:

2.3

See Also:

masterSecret, calculateKeys(SecretKey)

resumeMasterSecret

protected void resumeMasterSecret()

Resume master secret from established session.

Since:

3.0

See Also:

masterSecret, calculateKeys(SecretKey)

calculateKeys

protected void calculateKeys(SecretKey masterSecret)

Calculates the encryption key, MAC key and IV from a given master secret. First, applies the key expansion to the master secret.

Parameters:

masterSecret - the master secret.

generateMasterSecretSeed

protected byte[] generateMasterSecretSeed()

Generate seed for (extended) master secret.

Returns:

seed

Since:

3.0

requestPskSecretResult

protected void requestPskSecretResult(PskPublicInformation pskIdentity,
                          SecretKey otherSecret,
                          byte[] seed)
                               throws HandshakeException

Request psk secret result for PSK cipher suites. Sets pskRequestPending.

Parameters:

pskIdentity - PSK identity

otherSecret - others secret for ECHDE support. Maybe null.

seed - seed to be used for (extended) master secret.

Throws:

HandshakeException - if an error occurs

NullPointerException - if seed is null

Since:

3.0 (added parameter seed)

setCurrentReadState

protected final void setCurrentReadState()

setCurrentWriteState

protected final void setCurrentWriteState()

createFinishedMessage

protected final Finished createFinishedMessage(byte[] handshakeHash)

Create the FINISHED message for a pending handshake.

Parameters:

handshakeHash - the hash of the handshake messages

Returns:

create FINISHED message

Since:

3.0

verifyFinished

protected final void verifyFinished(Finished finished,
                  byte[] handshakeHash)
                             throws HandshakeException

Verify the handshake hash of the FINISHED.

Parameters:

finished - received FINISHED message.

handshakeHash - the hash of the handshake messages

Throws:

HandshakeException - if the data can not be verified

Since:

3.0

hasMasterSecret

public final boolean hasMasterSecret()

Checks, if the master secret is available.

Returns:

true, if available, false, otherwise.

Since:

3.0

wrapMessage

protected final void wrapMessage(DTLSFlight flight,
               HandshakeMessage handshakeMessage)

Add a handshake message to the flight. Assigns the handshake message sequence number.

Parameters:

flight - the flight to add the messages

handshakeMessage - the handshake message

Since:

3.0 (replaces the wrapMessage(DTLSFlight, DTLSMessage) )

wrapMessage

protected final void wrapMessage(DTLSFlight flight,
               ChangeCipherSpecMessage ccsMessage)

Add a change cipher specs message to the flight.

Parameters:

flight - the flight to add change cipher specs wrapped messages

ccsMessage - the change cipher specs message

Since:

3.0 (replaces the wrapMessage(DTLSFlight, DTLSMessage) )

reassembleFragment

protected GenericHandshakeMessage reassembleFragment(FragmentedHandshakeMessage fragment)
                                              throws HandshakeException

Process a received fragmented handshake message. Checks, if all fragments are available and reassemble the handshake message, if so.

Parameters:

fragment - the fragmented handshake message.

Returns:

the reassembled generic handshake message (if all fragments are available), null, otherwise.

Throws:

HandshakeException - if the reassembling fails

Since:

2.4

isClient

protected abstract boolean isClient()

getServerNames

public final ServerNames getServerNames()

Gets the effective server names of DTLSSession.

Returns:

the effective server names, or null, if disabled or not available.

Since:

3.0

See Also:

sniEnabled

getSession

public final DTLSSession getSession()

Gets the session this handshaker is used to establish.

Returns:

the session

getDtlsContext

public final DTLSContext getDtlsContext()

Gets the dtls context this handshaker is used to establish.

Returns:

the dtls context

Since:

3.0

getPeerAddress

public final InetSocketAddress getPeerAddress()

Gets the IP address and port of the peer this handshaker is used to negotiate a session with.

Returns:

the peer address

getConnection

public final Connection getConnection()

Gets related connection.

Returns:

connection

createFlight

public DTLSFlight createFlight()

Create new flight with the current getDtlsContext() and the current flightNumber.

Returns:

new flight

Since:

2.5

supportsConnectionId

public boolean supportsConnectionId()

Check, if this peer supports cid.

Returns:

true, if the this peer supports cid, false, if not.

Since:

3.0

See Also:

ConnectionId.supportsConnectionId(ConnectionIdGenerator)

getReadConnectionId

public ConnectionId getReadConnectionId()

Get read connection ID for inbound records

Returns:

connection ID for inbound records. null, if connection ID is not supported, a empty connection ID, if connection ID is supported but not used for inbound records.

Since:

2.5

getClientRandom

public Random getClientRandom()

Get client random.

Returns:

client random, or null, if not available.

getServerRandom

public Random getServerRandom()

Get server random.

Returns:

server random, or null, if not available.

addApplicationDataForDeferredProcessing

public void addApplicationDataForDeferredProcessing(org.eclipse.californium.elements.RawData outgoingMessage)

Add outgoing application data for deferred processing.

Parameters:

outgoingMessage - outgoing application data

addRecordsOfNextEpochForDeferredProcessing

public void addRecordsOfNextEpochForDeferredProcessing(Record incomingMessage)

Add incoming records for deferred processing.

Parameters:

incomingMessage - incoming record.

Since:

3.0 (renamed, was addRecordsForDeferredProcessing)

takeDeferredApplicationData

public List<org.eclipse.californium.elements.RawData> takeDeferredApplicationData()

Take deferred outgoing application data.

Returns:

list of application data

takeDeferredRecordsOfNextEpoch

public List<Record> takeDeferredRecordsOfNextEpoch()

Take deferred incoming records of next epoch.

Returns:

list if deferred incoming records

takeDeferredApplicationData

public void takeDeferredApplicationData(Handshaker replacedHandshaker)

Take deferred outgoing application data from provided handshaker.

Parameters:

replacedHandshaker - replaced handshaker to take deferred outgoing application data

completePendingFlight

public void completePendingFlight()

Registers an outbound flight that has not been acknowledged by the peer yet in order to be able to cancel its re-transmission later once it has been acknowledged. The retransmission of a different previous pending flight will be cancelled also.

sendLastFlight

public void sendLastFlight(DTLSFlight flight)

Send last flight. The last flight doesn't need retransmission.

Parameters:

flight - last flight to send

See Also:

sendFlight(DTLSFlight)

sendFlight

public void sendFlight(DTLSFlight flight)

Send flight.

Parameters:

flight - flight to send

See Also:

sendFlight(DTLSFlight)

addSessionListener

public final void addSessionListener(SessionListener listener)

Adds a listener to the list of listeners to be notified about session life cycle events.

Parameters:

listener - The listener to add.

removeSessionListener

public final void removeSessionListener(SessionListener listener)

Removes a listener from the list of listeners to be notified about session life cycle events.

Parameters:

listener - The listener to remove.

handshakeStarted

protected final void handshakeStarted()
                               throws HandshakeException

Forward handshake start to registered listeners.

Throws:

HandshakeException - if thrown by listener

contextEstablished

protected final void contextEstablished()
                                 throws HandshakeException

Forward session established to registered listeners. amendPeerPrincipal().

Throws:

HandshakeException - if thrown by listener

handshakeCompleted

public final void handshakeCompleted()

Forward handshake completed to registered listeners.

handshakeFailed

public final void handshakeFailed(Throwable cause)

Notifies all registered session listeners about a handshake failure. Listeners are intended to remove the connection, if no session is established. If setFailureCause(Throwable) was called before, only calls with the same cause will notify the listeners. If setFailureCause(Throwable) wasn't called before, sets the cause property to the given cause.

Parameters:

cause - The reason for the failure.

See Also:

isRemovingConnection(), handshakeAborted(Throwable)

handshakeAborted

public final void handshakeAborted(Throwable cause)

Abort handshake. Notifies all registered session listeners about a handshake failure. Listeners are intended to keep the connection. If setFailureCause(Throwable) was called before, only calls with the same cause will notify the listeners. If setFailureCause(Throwable) wasn't called before, sets the cause property to the given cause.

Parameters:

cause - The reason for the abort.

Since:

2.1

See Also:

handshakeFailed(Throwable), isRemovingConnection()

hasContextEstablished

public boolean hasContextEstablished()

Checks, if the dtls context is established. Indicates, that the peer has send it's FINISH and is awaiting to receive data or alerts in epoch 1.

Returns:

true, if the dtls context is established, false, otherwise.

Since:

3.0

isProbing

public boolean isProbing()

Test, if handshake was started in probing mode. Usually a resuming client handshake removes the DTLS context from the connection store with the start. Probing removes DTLS context only with the first data received back. If the handshake expires before some data is received back, the original DTLS context is used again.

Returns:

true, if handshake is in probing mode, false, otherwise.

Since:

2.1

See Also:

ResumingClientHandshaker, ClientHandshaker

resetProbing

public void resetProbing()

Reset probing mode, when data is received during.

Since:

2.1

See Also:

ResumingClientHandshaker

isExpired

public boolean isExpired()

Test, if handshake is expired according nano realtime. Used to mitigate deep sleep during handshakes.

Returns:

true, if handshake is expired, mainly during deep sleep, false, if the handshake is still in time.

Since:

2.1

isPskRequestPending

public boolean isPskRequestPending()

Check, if psk request is pending.

Returns:

true, if psk request is pending, false, otherwise.

isRemovingConnection

public boolean isRemovingConnection()

Check, if the connection must be removed. The connection must be removed, if handshakeFailed(Throwable) was called, and the connection has no established session.

Returns:

true, remove the connection, false, keep it.

Since:

2.1

getFailureCause

public Throwable getFailureCause()

Get cause of failure.

Returns:

cause of failure, or null, if the cause is unknown and not set before

See Also:

setFailureCause(Throwable), handshakeFailed(Throwable)

setFailureCause

public void setFailureCause(Throwable cause)

Set the failure cause. In some cases the cleanup of the handshake may consider a different failure as cause. This prevents handshakeFailed(Throwable) to notify listener in that case.

Parameters:

cause - failure cause

See Also:

handshakeFailed(Throwable), getFailureCause()

setGenerateClusterMacKeys

public void setGenerateClusterMacKeys(boolean enable)

Enable to generate keys for cluster MAC.

Parameters:

enable - true, generate keys for cluster MAC, false, otherwise.

Since:

2.5

handshakeFlightRetransmitted

public final void handshakeFlightRetransmitted(int flight)

Notifies all registered session listeners about a handshake retransmit of a flight.

Parameters:

flight - number of retransmitted flight.

isChangeCipherSpecMessageExpected

public final boolean isChangeCipherSpecMessageExpected()

Checks whether the peer's CHANGE_CIPHER_SPEC message is the next message expected in the ongoing handshake.

Returns:

true if the message is expected next.

expectChangeCipherSpecMessage

protected final void expectChangeCipherSpecMessage()

Marks this handshaker to expect the peer's CHANGE_CIPHER_SPEC message next.

expectEcc

protected void expectEcc()

Marks this handshaker to expect the peer to calculate some ECC function. additionalTimeoutForEcc will be added for the next flight in that case.

Since:

3.0

verifyCertificate

public void verifyCertificate(CertificateMessage message)
                       throws HandshakeException

Start validating the X.509 certificate chain provided by the the peer as part of this message, or the raw public key of the message. This method delegates both certificate validation to the NewAdvancedCertificateVerifier. If a asynchronous implementation of NewAdvancedCertificateVerifier is used, the result will be not available after this call, but will be available after the callback of the asynchronous implementation.

Parameters:

message - the certificate message

Throws:

HandshakeException - if any of the checks fails

requestCertificateIdentity

public boolean requestCertificateIdentity(List<X500Principal> issuers,
                                 ServerNames serverNames,
                                 List<SignatureAndHashAlgorithm> signatureAndHashAlgorithms,
                                 List<XECDHECryptography.SupportedGroup> curves)
                                   throws HandshakeException

Request the certificate based identity.

Parameters:

issuers - list of trusted issuers

serverNames - indicated server names

signatureAndHashAlgorithms - list of supported signatures and hash algorithms

curves - ec-curves (supported groups). May be null.

Returns:

true, if the certificate based identity is available, false, if the certificate based identity is requested.

Throws:

HandshakeException - if any of the checks fails

Since:

3.0

destroy

public void destroy()
             throws DestroyFailedException

Specified by:

destroy in interface Destroyable

Throws:

DestroyFailedException

isDestroyed

public boolean isDestroyed()

Specified by:

isDestroyed in interface Destroyable

ensureUndestroyed

protected void ensureUndestroyed()

Check, if this handshaker has been destroyed.

Throws:

IllegalStateException - if the handshake has been destroyed.