using System;
using System.Collections;
using System.IO;
using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.Utilities.IO;
namespace Org.BouncyCastle.Tls
{
public sealed class ClientHello
{
private readonly ProtocolVersion m_version;
private readonly byte[] m_random;
private readonly byte[] m_sessionID;
private readonly byte[] m_cookie;
private readonly int[] m_cipherSuites;
private readonly IDictionary m_extensions;
public ClientHello(ProtocolVersion version, byte[] random, byte[] sessionID, byte[] cookie,
int[] cipherSuites, IDictionary extensions)
{
this.m_version = version;
this.m_random = random;
this.m_sessionID = sessionID;
this.m_cookie = cookie;
this.m_cipherSuites = cipherSuites;
this.m_extensions = extensions;
}
public int[] CipherSuites
{
get { return m_cipherSuites; }
}
public byte[] Cookie
{
get { return m_cookie; }
}
public IDictionary Extensions
{
get { return m_extensions; }
}
public byte[] Random
{
get { return m_random; }
}
public byte[] SessionID
{
get { return m_sessionID; }
}
public ProtocolVersion Version
{
get { return m_version; }
}
/// Encode this to a .
/// the of the current connection.
/// the to encode to.
///
public void Encode(TlsContext context, Stream output)
{
TlsUtilities.WriteVersion(m_version, output);
output.Write(m_random, 0, m_random.Length);
TlsUtilities.WriteOpaque8(m_sessionID, output);
if (null != m_cookie)
{
TlsUtilities.WriteOpaque8(m_cookie, output);
}
TlsUtilities.WriteUint16ArrayWithUint16Length(m_cipherSuites, output);
TlsUtilities.WriteUint8ArrayWithUint8Length(new short[]{ CompressionMethod.cls_null }, output);
TlsProtocol.WriteExtensions(output, m_extensions);
}
/// Parse a from a .
/// the to parse from.
/// for DTLS this should be non-null; the input is copied to this
/// , minus the cookie field.
/// a object.
///
public static ClientHello Parse(MemoryStream messageInput, Stream dtlsOutput)
{
try
{
return ImplParse(messageInput, dtlsOutput);
}
catch (TlsFatalAlert e)
{
throw e;
}
catch (IOException e)
{
throw new TlsFatalAlert(AlertDescription.decode_error, e);
}
}
///
private static ClientHello ImplParse(MemoryStream messageInput, Stream dtlsOutput)
{
Stream input = messageInput;
if (null != dtlsOutput)
{
input = new TeeInputStream(input, dtlsOutput);
}
ProtocolVersion clientVersion = TlsUtilities.ReadVersion(input);
byte[] random = TlsUtilities.ReadFully(32, input);
byte[] sessionID = TlsUtilities.ReadOpaque8(input, 0, 32);
byte[] cookie = null;
if (null != dtlsOutput)
{
/*
* RFC 6347 This specification increases the cookie size limit to 255 bytes for greater
* future flexibility. The limit remains 32 for previous versions of DTLS.
*/
int maxCookieLength = ProtocolVersion.DTLSv12.IsEqualOrEarlierVersionOf(clientVersion) ? 255 : 32;
cookie = TlsUtilities.ReadOpaque8(messageInput, 0, maxCookieLength);
}
int cipher_suites_length = TlsUtilities.ReadUint16(input);
if (cipher_suites_length < 2 || (cipher_suites_length & 1) != 0
|| (int)(messageInput.Length - messageInput.Position) < cipher_suites_length)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
/*
* NOTE: "If the session_id field is not empty (implying a session resumption request) this
* vector must include at least the cipher_suite from that session."
*/
int[] cipherSuites = TlsUtilities.ReadUint16Array(cipher_suites_length / 2, input);
short[] compressionMethods = TlsUtilities.ReadUint8ArrayWithUint8Length(input, 1);
if (!Arrays.Contains(compressionMethods, CompressionMethod.cls_null))
throw new TlsFatalAlert(AlertDescription.handshake_failure);
/*
* NOTE: Can't use TlsProtocol.ReadExtensions directly because TeeInputStream a) won't have
* 'Length' or 'Position' properties in the FIPS provider, b) isn't a MemoryStream.
*/
IDictionary extensions = null;
if (messageInput.Position < messageInput.Length)
{
byte[] extBytes = TlsUtilities.ReadOpaque16(input);
TlsProtocol.AssertEmpty(messageInput);
extensions = TlsProtocol.ReadExtensionsDataClientHello(extBytes);
}
return new ClientHello(clientVersion, random, sessionID, cookie, cipherSuites, extensions);
}
}
}