public void processServerCertificate(Certificate serverCertificate) throws IOException {
if (serverCertificate.isEmpty()) {
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
org.ripple.bouncycastle.asn1.x509.Certificate x509Cert = serverCertificate.getCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.getSubjectPublicKeyInfo();
try {
this.serverPublicKey = PublicKeyFactory.createKey(keyInfo);
} catch (RuntimeException e) {
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
if (tlsSigner == null) {
try {
this.dhAgreePublicKey =
TlsDHUtils.validateDHPublicKey((DHPublicKeyParameters) this.serverPublicKey);
this.dhParameters = validateDHParameters(dhAgreePublicKey.getParameters());
} catch (ClassCastException e) {
throw new TlsFatalAlert(AlertDescription.certificate_unknown, e);
}
TlsUtils.validateKeyUsage(x509Cert, KeyUsage.keyAgreement);
} else {
if (!tlsSigner.isValidPublicKey(this.serverPublicKey)) {
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
TlsUtils.validateKeyUsage(x509Cert, KeyUsage.digitalSignature);
}
super.processServerCertificate(serverCertificate);
}
public void processClientKeyExchange(InputStream input) throws IOException {
if (dhAgreePublicKey != null) {
// For dss_fixed_dh and rsa_fixed_dh, the key arrived in the client certificate
return;
}
BigInteger Yc = TlsDHUtils.readDHParameter(input);
this.dhAgreePublicKey =
TlsDHUtils.validateDHPublicKey(new DHPublicKeyParameters(Yc, dhParameters));
}
