android-platform-libcore/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CertificateRequest.java

/*
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

package org.apache.harmony.xnet.provider.jsse;

import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;

/**
 *
 * Represents certificate request message
 * @see <a href="http://www.ietf.org/rfc/rfc2246.txt">TLS 1.0 spec., 7.4.4.
 * Certificate request</a>
 */
public class CertificateRequest extends Message {

    /**
     * Client certificate types as defined in
     * TLS 1.0 spec., 7.4.4. Certificate request
     */
    public static final byte RSA_SIGN = 1;
    public static final byte DSS_SIGN = 2;
    public static final byte RSA_FIXED_DH = 3;
    public static final byte DSS_FIXED_DH = 4;

    /**
     * Requested certificate types
     */
    final byte[] certificate_types;

    /**
     * Certificate authorities
     */
    final X500Principal[] certificate_authorities;

    /**
     * Requested certificate types as Strings
     * ("RSA", "DSA", "DH_RSA" or "DH_DSA")
     */
    private String[] types;

    /**
     * Encoded form of certificate authorities
     */
    private byte[][] encoded_principals;

    /**
     * Creates outbound message
     *
     * @param certificate_types
     * @param accepted - array of certificate authority certificates
     */
    public CertificateRequest(byte[] certificate_types,
                              X509Certificate[] accepted) {

        if (accepted == null) {
            fatalAlert(AlertProtocol.INTERNAL_ERROR,
                    "CertificateRequest: array of certificate authority certificates is null");
        }
        this.certificate_types = certificate_types;

        int totalPrincipalsLength = 0;
        certificate_authorities = new X500Principal[accepted.length];
        encoded_principals = new byte[accepted.length][];
        for (int i = 0; i < accepted.length; i++) {
            certificate_authorities[i] = accepted[i].getIssuerX500Principal();
            encoded_principals[i] = certificate_authorities[i].getEncoded();
            totalPrincipalsLength += encoded_principals[i].length + 2;
        }

        length = 3 + certificate_types.length + totalPrincipalsLength;
    }

    /**
     * Creates inbound message
     *
     * @param in
     * @param length
     * @throws IOException
     */
    public CertificateRequest(HandshakeIODataStream in, int length)
            throws IOException {
        int size = in.readUint8();
        certificate_types = new byte[size];
        in.read(certificate_types, 0, size);
        size = in.readUint16();
        int totalPrincipalsLength = 0;
        int principalLength = 0;
        Vector<X500Principal> principals = new Vector<X500Principal>();
        while (totalPrincipalsLength < size) {
            principalLength = in.readUint16(); // encoded X500Principal size
            principals.add(new X500Principal(in));
            totalPrincipalsLength += 2;
            totalPrincipalsLength += principalLength;
        }
        certificate_authorities = new X500Principal[principals.size()];
        for (int i = 0; i < certificate_authorities.length; i++) {
            certificate_authorities[i] = principals.elementAt(i);
        }
        this.length = 3 + certificate_types.length + totalPrincipalsLength;
        if (this.length != length) {
            fatalAlert(AlertProtocol.DECODE_ERROR,
                    "DECODE ERROR: incorrect CertificateRequest");
        }

    }

    /**
     * Sends message
     *
     * @param out
     */
    @Override
    public void send(HandshakeIODataStream out) {

        out.writeUint8(certificate_types.length);
        for (int i = 0; i < certificate_types.length; i++) {
            out.write(certificate_types[i]);
        }
        int authoritiesLength = 0;
        for (int i = 0; i < certificate_authorities.length; i++) {
            authoritiesLength += encoded_principals[i].length +2;
        }
        out.writeUint16(authoritiesLength);
        for (int i = 0; i < certificate_authorities.length; i++) {
            out.writeUint16(encoded_principals[i].length);
            out.write(encoded_principals[i]);
        }
    }

    /**
     * Returns message type
     *
     * @return
     */
    @Override
    public int getType() {
        return Handshake.CERTIFICATE_REQUEST;
    }

    /**
     * Returns requested certificate types as array of strings
     */
    public String[] getTypesAsString() {
        if (types == null) {
            types = new String[certificate_types.length];
            for (int i = 0; i < types.length; i++) {
                switch (certificate_types[i]) {
                case 1:
                    types[i] = "RSA";
                    break;
                case 2:
                    types[i] = "DSA";
                    break;
                case 3:
                    types[i] = "DH_RSA";
                    break;
                case 4:
                    types[i] = "DH_DSA";
                    break;
                default:
                    fatalAlert(AlertProtocol.DECODE_ERROR,
                            "DECODE ERROR: incorrect CertificateRequest");
                }
            }
        }
        return types;
    }

}