org.eclipse.californium.scandium.dtls

Class ResumingClientHandshaker

java.lang.Object

org.eclipse.californium.scandium.dtls.Handshaker

org.eclipse.californium.scandium.dtls.ClientHandshaker

org.eclipse.californium.scandium.dtls.ResumingClientHandshaker

All Implemented Interfaces:

Destroyable

public class ResumingClientHandshaker
extends ClientHandshaker

The resuming client handshaker executes a abbreviated handshake by adding a valid session identifier into its ClientHello message. The message flow is depicted in Figure 2. The new keys will be generated from the master secret established from a previous full handshake.

   Client                                          Server
   ------                                          ------

   ClientHello             -------->                          Flight 1

                                              ServerHello    \
                                       [ChangeCipherSpec]     Flight 2
                           <--------             Finished    /

   [ChangeCipherSpec]                                        \Flight 3
   Finished                -------->                         /
 

If the server denies to resume the session with the provided session id, the handshaker falls back to a full-handshake, depicted in Figure 1, see ClientHandshaker.

This implementation offers a probing mode. If a mobile peer doesn't get a ACK or response that may have two different causes:

1. server has lost session (association)
2. connectivity is lost

The second is sometime hard to detect; the peer's state is connected, but effectively it's not working. In that case, after some retransmissions, the peer starts a handshake. Without the probing mode starting a handshake removes on the client the session. If the handshake timesout (though the connection is not working), the peer still requires a new handshake after the connectivity is established again. With probing mode, the handshake starts without removing the session. If some data is received, the session is removed and the handshake gets completed. If no data is received, the peer assumes, that the connectivity is lost (even if it's own state indicates connectivity) and just timesout the request. If the connectivity is established again, just a new request could be send without a handshake.

Field Summary

Fields inherited from class org.eclipse.californium.scandium.dtls.ClientHandshaker

clientHello, flight5, handshakeHash, INIT, maxFragmentLengthCode, SEVER_CERTIFICATE, supportedClientCertificateTypes, supportedGroups, supportedServerCertificateTypes, supportedSignatureAlgorithms, truncateCertificatePath

Fields inherited from class org.eclipse.californium.scandium.dtls.Handshaker

advancedPskStore, certificateChain, certificateIdentityAvailable, certificateIdentityProvider, certificateVerifier, clientRandom, connectionIdGenerator, extendedMasterSecretMode, flightNumber, handshakeMessages, LOGGER, otherPeersCertificateVerified, otherPeersPublicKey, peerToLog, privateKey, publicKey, recordSizeLimit, serverRandom, sniEnabled, useTruncatedCertificatePathForVerification

Constructor Summary

Constructors

Constructor and Description
ResumingClientHandshaker(DTLSSession session, RecordLayer recordLayer, ScheduledExecutorService timer, Connection connection, DtlsConnectorConfig config, boolean probe) Creates a new handshaker for resuming an existing session with a server.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	doProcessMessage(HandshakeMessage message) Does the specific processing of a message received from a peer in the course of an ongoing handshake.
protected void	receivedServerHello(ServerHello message) Check, if the server want an abbreviated or full handshake.
void	startHandshake()

Methods inherited from class org.eclipse.californium.scandium.dtls.ClientHandshaker

addConnectionId, addMaxFragmentLength, addRecordSizeLimit, addServerNameIndication, completeProcessingServerHelloDone, getPskClientIdentity, isClient, isProbing, isRemovingConnection, isSupportedCertificateType, processCertificateIdentityAvailable, processCertificateVerified, processMasterSecret, receivedHelloVerifyRequest, resetProbing, verifyServerHelloExtensions

Methods inherited from class org.eclipse.californium.scandium.dtls.Handshaker

addApplicationDataForDeferredProcessing, addRecordsOfNextEpochForDeferredProcessing, addSessionListener, applyMasterSecret, calculateKeys, cloneMessageDigest, completePendingFlight, contextEstablished, createFinishedMessage, createFlight, destroy, ensureUndestroyed, expectChangeCipherSpecMessage, expectEcc, expectMessage, generateMasterSecretSeed, getClientRandom, getConnection, getDtlsContext, getFailureCause, getHandshakeMessageDigest, getPeerAddress, getReadConnectionId, getServerNames, getServerRandom, getSession, handshakeAborted, handshakeCompleted, handshakeFailed, handshakeFlightRetransmitted, handshakeStarted, hasContextEstablished, hasMasterSecret, hasPendingApiCall, isChangeCipherSpecMessageExpected, isDestroyed, isExpectedStates, isExpired, isInboundMessageProcessed, isPskRequestPending, processAsyncHandshakeResult, processCertificateIdentityResult, processCertificateVerificationResult, processMessage, processPskSecretResult, reassembleFragment, removeSessionListener, requestCertificateIdentity, requestPskSecretResult, resumeMasterSecret, sendFlight, sendLastFlight, setCurrentReadState, setCurrentWriteState, setCustomArgument, setExpectedStates, setFailureCause, setGenerateClusterMacKeys, setOtherPeersSignatureVerified, supportsConnectionId, takeDeferredApplicationData, takeDeferredApplicationData, takeDeferredRecordsOfNextEpoch, verifyCertificate, verifyFinished, wrapMessage, wrapMessage

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ResumingClientHandshaker

public ResumingClientHandshaker(DTLSSession session,
                        RecordLayer recordLayer,
                        ScheduledExecutorService timer,
                        Connection connection,
                        DtlsConnectorConfig config,
                        boolean probe)

Creates a new handshaker for resuming an existing session with a server.

Parameters:

session - the session to resume.

recordLayer - the object to use for sending flights to the peer.

timer - scheduled executor for flight retransmission (since 2.4).

connection - the connection related with the session.

config - the DTLS configuration parameters to use for the handshake.

probe - true enable probing for this resumption handshake, false, not probing handshake.

Throws:

IllegalArgumentException - if the given session does not contain an identifier.

NullPointerException - if any of the provided parameter is null

Method Detail

doProcessMessage

protected void doProcessMessage(HandshakeMessage message)
                         throws HandshakeException

Description copied from class: Handshaker

Does the specific processing of a message received from a peer in the course of an ongoing handshake. This method does not do anything. Concrete handshaker implementations should override this method in order to prepare the response to the received record.

Overrides:

doProcessMessage in class ClientHandshaker

Parameters:

message - the message received from the peer

Throws:

HandshakeException - if the handshake message cannot be processed properly

receivedServerHello

protected void receivedServerHello(ServerHello message)
                            throws HandshakeException

Check, if the server want an abbreviated or full handshake. Stores the negotiated security parameters.

Overrides:

receivedServerHello in class ClientHandshaker

Parameters:

message - the ServerHello message.

Throws:

HandshakeException - if the ServerHello message cannot be processed, e.g. because the server selected an unknown or unsupported cipher suite

startHandshake

public void startHandshake()
                    throws HandshakeException

Overrides:

startHandshake in class ClientHandshaker

Throws:

HandshakeException