protected TlsSignerCredentials getRSASignerCredentials() throws IOException {
/*
* TODO Note that this code fails to provide default value for the client supported
* algorithms if it wasn't sent.
*/
SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
Vector sigAlgs = supportedSignatureAlgorithms;
if (sigAlgs != null) {
for (int i = 0; i < sigAlgs.size(); ++i) {
SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm) sigAlgs.elementAt(i);
if (sigAlg.getSignature() == SignatureAlgorithm.rsa) {
signatureAndHashAlgorithm = sigAlg;
break;
}
}
if (signatureAndHashAlgorithm == null) {
return null;
}
}
return TlsTestUtils.loadSignerCredentials(
context,
new String[] {"x509-server.pem", "x509-ca.pem"},
"x509-server-key.pem",
signatureAndHashAlgorithm);
}
public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate)
throws IOException {
Certificate[] chain = clientCertificate.getCertificateList();
System.out.println("TLS server received client certificate chain of length " + chain.length);
for (int i = 0; i != chain.length; i++) {
Certificate entry = chain[i];
// TODO Create fingerprint based on certificate signature algorithm digest
System.out.println(
" fingerprint:SHA-256 "
+ TlsTestUtils.fingerprint(entry)
+ " ("
+ entry.getSubject()
+ ")");
}
}
protected TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOException {
return TlsTestUtils.loadEncryptionCredentials(
context, new String[] {"x509-server.pem", "x509-ca.pem"}, "x509-server-key.pem");
}
