com.ongres.scram.common.util

Class TlsServerEndpoint

java.lang.Object

com.ongres.scram.common.util.TlsServerEndpoint

public final class TlsServerEndpoint
extends Object

Utilitiy for extracting the "tls-server-end-point" channel binding data.

Field Summary

Fields

Modifier and Type	Field and Description
static String	TLS_SERVER_END_POINT The "tls-server-end-point" Channel Binding Type.

Method Summary

Modifier and Type	Method and Description
static byte[]	getChannelBindingData(@NotNull X509Certificate serverCert) The hash of the TLS server's certificate [RFC5280] as it appears, octet for octet, in the server's Certificate message.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TLS_SERVER_END_POINT

public static final String TLS_SERVER_END_POINT

The "tls-server-end-point" Channel Binding Type.

See Also:

Constant Field Values

Method Detail

getChannelBindingData

public static byte[] getChannelBindingData(@NotNull
                                           @NotNull X509Certificate serverCert)
                                    throws CertificateEncodingException

The hash of the TLS server's certificate [RFC5280] as it appears, octet for octet, in the server's Certificate message. Note that the Certificate message contains a certificate_list, in which the first element is the server's certificate.

The TLS server's certificate bytes need to be hashed with SHA-256 if its signature algorithm is MD5 or SHA-1 as per RFC 5929 (https://tools.ietf.org/html/rfc5929#section-4.1). If something else is used, the same hash as the signature algorithm is used.

Parameters:

serverCert - the TLS server's peer certificate

Returns:

the hash of the TLS server's peer certificate

Throws:

CertificateEncodingException - if an encoding error occurs.