using System; using System.IO; using Org.BouncyCastle.Tls.Crypto; namespace Org.BouncyCastle.Tls { /// Base class for a TLS client or server. public abstract class AbstractTlsPeer : TlsPeer { private readonly TlsCrypto m_crypto; private volatile TlsCloseable m_closeHandle; protected AbstractTlsPeer(TlsCrypto crypto) { this.m_crypto = crypto; } /// Get the values that are supported by this peer. /// /// WARNING: Mixing DTLS and TLS versions in the returned array is currently NOT supported. Use a separate /// (sub-)class for each case. /// /// an array of supported values. protected virtual ProtocolVersion[] GetSupportedVersions() { // TODO[tls13] Enable TLSv13 by default in due course return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10); } protected abstract int[] GetSupportedCipherSuites(); /// public virtual void Cancel() { TlsCloseable closeHandle = this.m_closeHandle; if (null != closeHandle) { closeHandle.Close(); } } public virtual TlsCrypto Crypto { get { return m_crypto; } } public virtual void NotifyCloseHandle(TlsCloseable closeHandle) { this.m_closeHandle = closeHandle; } public abstract ProtocolVersion[] GetProtocolVersions(); public abstract int[] GetCipherSuites(); /// public virtual void NotifyHandshakeBeginning() { } public virtual int GetHandshakeTimeoutMillis() { return 0; } public virtual bool AllowLegacyResumption() { return false; } public virtual int GetMaxCertificateChainLength() { return 10; } public virtual int GetMaxHandshakeMessageSize() { return 32768; } public virtual short[] GetPskKeyExchangeModes() { return new short[]{ PskKeyExchangeMode.psk_dhe_ke, PskKeyExchangeMode.psk_ke }; } public virtual bool RequiresCloseNotify() { return true; } public virtual bool RequiresExtendedMasterSecret() { return false; } public virtual bool ShouldCheckSigAlgOfPeerCerts() { return true; } public virtual bool ShouldUseExtendedMasterSecret() { return true; } public virtual bool ShouldUseExtendedPadding() { return false; } public virtual bool ShouldUseGmtUnixTime() { /* * draft-mathewson-no-gmtunixtime-00 2. For the reasons we discuss above, we recommend that * TLS implementors MUST by default set the entire value the ClientHello.Random and * ServerHello.Random fields, including gmt_unix_time, to a cryptographically random * sequence. */ return false; } /// public virtual void NotifySecureRenegotiation(bool secureRenegotiation) { if (!secureRenegotiation) throw new TlsFatalAlert(AlertDescription.handshake_failure); } /// public virtual TlsKeyExchangeFactory GetKeyExchangeFactory() { return new DefaultTlsKeyExchangeFactory(); } public virtual void NotifyAlertRaised(short alertLevel, short alertDescription, string message, Exception cause) { } public virtual void NotifyAlertReceived(short alertLevel, short alertDescription) { } /// public virtual void NotifyHandshakeComplete() { } public virtual TlsHeartbeat GetHeartbeat() { return null; } public virtual short GetHeartbeatPolicy() { return HeartbeatMode.peer_not_allowed_to_send; } } }