From 45f5835e8b38429ec4c29ce9e4becc7650cdf3b5 Mon Sep 17 00:00:00 2001 From: Inthirakumaaran Date: Tue, 28 Nov 2017 10:47:54 +0530 Subject: [PATCH 1/5] added Token binding Extension --- bc-java.iml | 13 ++++ .../bouncycastle/tls/AbstractTlsClient.java | 4 ++ .../org/bouncycastle/tls/ExporterLabel.java | 5 ++ .../tls/NegotiatedTokenBinding.java | 62 ++++++++++++++++ .../bouncycastle/tls/SecurityParameters.java | 9 +++ .../bouncycastle/tls/SessionParameters.java | 1 + .../bouncycastle/tls/TlsClientProtocol.java | 7 ++ .../bouncycastle/tls/TlsExtensionsUtils.java | 31 ++++++++ .../org/bouncycastle/tls/TlsProtocol.java | 13 ++++ .../java/org/bouncycastle/tls/TlsUtils.java | 15 ++++ .../tls/TokenBindingExtension.java | 72 +++++++++++++++++++ 11 files changed, 232 insertions(+) create mode 100644 bc-java.iml create mode 100644 tls/src/main/java/org/bouncycastle/tls/NegotiatedTokenBinding.java create mode 100644 tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java diff --git a/bc-java.iml b/bc-java.iml new file mode 100644 index 0000000000..a743e4f4f5 --- /dev/null +++ b/bc-java.iml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + \ No newline at end of file diff --git a/tls/src/main/java/org/bouncycastle/tls/AbstractTlsClient.java b/tls/src/main/java/org/bouncycastle/tls/AbstractTlsClient.java index e384ee46a6..7909cc9f69 100644 --- a/tls/src/main/java/org/bouncycastle/tls/AbstractTlsClient.java +++ b/tls/src/main/java/org/bouncycastle/tls/AbstractTlsClient.java @@ -228,6 +228,10 @@ public Hashtable getClientExtensions() TlsExtensionsUtils.addSupportedGroupsExtension(clientExtensions, supportedGroups); } + //add TokenBinding Extension + TokenBindingExtension tokenBindingExtension =new TokenBindingExtension(); + TlsExtensionsUtils.addTokenBindingExtension(clientExtensions,tokenBindingExtension); + return clientExtensions; } diff --git a/tls/src/main/java/org/bouncycastle/tls/ExporterLabel.java b/tls/src/main/java/org/bouncycastle/tls/ExporterLabel.java index 7141172d32..0c47b4e9ae 100644 --- a/tls/src/main/java/org/bouncycastle/tls/ExporterLabel.java +++ b/tls/src/main/java/org/bouncycastle/tls/ExporterLabel.java @@ -33,4 +33,9 @@ public class ExporterLabel * draft-ietf-tls-session-hash-04 */ public static final String extended_master_secret = "extended master secret"; + + /* + * draft-ietf-tokbind-protocol-16 + */ + public static final String token_binding = "EXPORTER-Token-Binding"; } diff --git a/tls/src/main/java/org/bouncycastle/tls/NegotiatedTokenBinding.java b/tls/src/main/java/org/bouncycastle/tls/NegotiatedTokenBinding.java new file mode 100644 index 0000000000..3c1d99ee28 --- /dev/null +++ b/tls/src/main/java/org/bouncycastle/tls/NegotiatedTokenBinding.java @@ -0,0 +1,62 @@ +package org.bouncycastle.tls; + +public class NegotiatedTokenBinding { + + String selectedKeyParameter; + + public byte[] exportKeyingMaterial; + + public byte[] getExportKeyingMaterial() { + return exportKeyingMaterial; + } + + public void setExportKeyingMaterial(byte[] exportKeyingMaterial) { + this.exportKeyingMaterial = exportKeyingMaterial; + } + + public int MajorProtocolVerison=0; + public int MinorProtocolVerison=13; + + public String getSelectedKeyParameter() { + return selectedKeyParameter; + } + + public void setSelectedKeyParameter(String selectedKeyParameter) { + this.selectedKeyParameter = selectedKeyParameter; + } + + public int getMajorProtocolVerison() { + return MajorProtocolVerison; + } + + public void setMajorProtocolVerison(int majorProtocolVerison) { + MajorProtocolVerison = majorProtocolVerison; + } + + public int getMinorProtocolVerison() { + return MinorProtocolVerison; + } + + public void setMinorProtocolVerison(int minorProtocolVerison) { + MinorProtocolVerison = minorProtocolVerison; + } + + public NegotiatedTokenBinding decode(int[] serverdata) throws TlsFatalAlert { + + if(serverdata.length !=4){ + throw new TlsFatalAlert(AlertDescription.unsupported_extension); + } + this.setMajorProtocolVerison(serverdata[0]); + this.setMinorProtocolVerison(serverdata[1]); + if(serverdata[3]==0){ + this.setSelectedKeyParameter("rsa2048_pcks15"); + }else if (serverdata[3]==1){ + this.setSelectedKeyParameter("rsa2048_pss"); + }else if (serverdata[3]==2){ + this.setSelectedKeyParameter("rsa2048_ecdsap256"); + }else{ + throw new TlsFatalAlert(AlertDescription.unsupported_extension); + } + return this; + } +} diff --git a/tls/src/main/java/org/bouncycastle/tls/SecurityParameters.java b/tls/src/main/java/org/bouncycastle/tls/SecurityParameters.java index e5e524419e..fd0d445c4f 100644 --- a/tls/src/main/java/org/bouncycastle/tls/SecurityParameters.java +++ b/tls/src/main/java/org/bouncycastle/tls/SecurityParameters.java @@ -20,6 +20,7 @@ public class SecurityParameters boolean encryptThenMAC = false; boolean extendedMasterSecret = false; boolean truncatedHMac = false; + NegotiatedTokenBinding negotiatedTokenBinding =null; void clear() { @@ -132,4 +133,12 @@ public boolean isTruncatedHMac() { return truncatedHMac; } + + public NegotiatedTokenBinding getNegotiatedTokenBinding() { + return negotiatedTokenBinding; + } + + public void setNegotiatedTokenBinding(NegotiatedTokenBinding negotiatedTokenBinding) { + this.negotiatedTokenBinding = negotiatedTokenBinding; + } } diff --git a/tls/src/main/java/org/bouncycastle/tls/SessionParameters.java b/tls/src/main/java/org/bouncycastle/tls/SessionParameters.java index baf82ec4a3..66dbf44a78 100644 --- a/tls/src/main/java/org/bouncycastle/tls/SessionParameters.java +++ b/tls/src/main/java/org/bouncycastle/tls/SessionParameters.java @@ -21,6 +21,7 @@ public static final class Builder private byte[] pskIdentity = null; private byte[] srpIdentity = null; private byte[] encodedServerExtensions = null; + private NegotiatedTokenBinding negotiatedTokenBinding=null; public Builder() { diff --git a/tls/src/main/java/org/bouncycastle/tls/TlsClientProtocol.java b/tls/src/main/java/org/bouncycastle/tls/TlsClientProtocol.java index 8fcd7e603b..39b06271f9 100644 --- a/tls/src/main/java/org/bouncycastle/tls/TlsClientProtocol.java +++ b/tls/src/main/java/org/bouncycastle/tls/TlsClientProtocol.java @@ -386,6 +386,12 @@ protected void handleHandshakeMessage(short type, ByteArrayInputStream buf) establishMasterSecret(getContext(), keyExchange); + if (this.securityParameters.negotiatedTokenBinding != null && this.securityParameters.masterSecret != + null ){ + this.securityParameters.negotiatedTokenBinding.setExportKeyingMaterial(this.tlsClientContext + .exportKeyingMaterial(ExporterLabel.token_binding,null,32)); + } + recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher()); if (credentialedSigner != null) @@ -776,6 +782,7 @@ protected void receiveServerHelloMessage(ByteArrayInputStream buf) sessionServerExtensions, AlertDescription.illegal_parameter); this.securityParameters.truncatedHMac = TlsExtensionsUtils.hasTruncatedHMacExtension(sessionServerExtensions); + this.securityParameters.negotiatedTokenBinding=processTokenBindingExtension(sessionServerExtensions); /* * TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in diff --git a/tls/src/main/java/org/bouncycastle/tls/TlsExtensionsUtils.java b/tls/src/main/java/org/bouncycastle/tls/TlsExtensionsUtils.java index 8ddd225348..326c59032d 100644 --- a/tls/src/main/java/org/bouncycastle/tls/TlsExtensionsUtils.java +++ b/tls/src/main/java/org/bouncycastle/tls/TlsExtensionsUtils.java @@ -23,6 +23,7 @@ public class TlsExtensionsUtils public static final Integer EXT_supported_groups = Integers.valueOf(ExtensionType.supported_groups); public static final Integer EXT_truncated_hmac = Integers.valueOf(ExtensionType.truncated_hmac); public static final Integer EXT_trusted_ca_keys = Integers.valueOf(ExtensionType.trusted_ca_keys); + public static final Integer EXT_token_binding = Integers.valueOf(ExtensionType.DRAFT_token_binding); public static Hashtable ensureExtensionsInitialised(Hashtable extensions) { @@ -119,6 +120,12 @@ public static void addTrustedCAKeysExtensionServer(Hashtable extensions) extensions.put(EXT_trusted_ca_keys, createTrustedCAKeysExtensionServer()); } + public static void addTokenBindingExtension(Hashtable extensions, TokenBindingExtension tokenBindingExtension) + throws IOException { + extensions.put(EXT_token_binding, createTokenBindingExtension(tokenBindingExtension)); + } + + public static short[] getClientCertificateTypeExtensionClient(Hashtable extensions) throws IOException { @@ -195,6 +202,13 @@ public static Vector getTrustedCAKeysExtensionClient(Hashtable extensions) return extensionData == null ? null : readTrustedCAKeysExtensionClient(extensionData); } + public static NegotiatedTokenBinding getTokenBindingExtension(Hashtable extensions) + throws IOException + { + byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_token_binding); + return extensionData == null ? null : readTokenBindingExtension(extensionData); + } + public static boolean hasClientCertificateURLExtension(Hashtable extensions) throws IOException { byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_client_certificate_url); @@ -225,6 +239,15 @@ public static boolean hasTrustedCAKeysExtensionServer(Hashtable extensions) thro return extensionData == null ? false : readTrustedCAKeysExtensionServer(extensionData); } + private static byte[] createTokenBindingExtension(TokenBindingExtension tokenBindingExtension) throws IOException { + if (tokenBindingExtension == null) { + throw new TlsFatalAlert(AlertDescription.internal_error); + } + ByteArrayOutputStream buf = new ByteArrayOutputStream(); + tokenBindingExtension.encode(buf); + return buf.toByteArray(); + } + public static byte[] createCertificateTypeExtensionClient(short[] certificateTypes) throws IOException { if (certificateTypes == null || certificateTypes.length < 1 || certificateTypes.length > 255) @@ -366,6 +389,14 @@ public static byte[] createTrustedCAKeysExtensionServer() return createEmptyExtensionData(); } + public static NegotiatedTokenBinding readTokenBindingExtension(byte[] extensionData) + throws IOException { + int[] serverData = TlsUtils.decodeUint8ArrayWithUint16Length(extensionData); + NegotiatedTokenBinding tokenBinding = new NegotiatedTokenBinding(); + tokenBinding.decode(serverData); + return tokenBinding; + } + private static boolean readEmptyExtensionData(byte[] extensionData) throws IOException { if (extensionData == null) diff --git a/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java b/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java index 9b37f0c279..bf89edb4a7 100644 --- a/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java +++ b/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java @@ -1189,6 +1189,19 @@ protected void refuseRenegotiation() throws IOException raiseAlertWarning(AlertDescription.no_renegotiation, "Renegotiation not supported"); } + protected NegotiatedTokenBinding processTokenBindingExtension(Hashtable serverExtensions) throws IOException { + NegotiatedTokenBinding tokenBinding = TlsExtensionsUtils.getTokenBindingExtension(serverExtensions); + if (tokenBinding != null) { + if (tokenBinding.getMajorProtocolVerison() > TokenBindingExtension.getMajorProtocolVerison()) { + throw new TlsFatalAlert(AlertDescription.unsupported_extension); + } + if (tokenBinding.getMinorProtocolVerison() > TokenBindingExtension.getMinorProtocolVerison()) { + throw new TlsFatalAlert(AlertDescription.unsupported_extension); + } + } + return tokenBinding; + } + /** * Make sure the InputStream 'buf' now empty. Fail otherwise. * diff --git a/tls/src/main/java/org/bouncycastle/tls/TlsUtils.java b/tls/src/main/java/org/bouncycastle/tls/TlsUtils.java index f850757e0d..f2cf065c56 100644 --- a/tls/src/main/java/org/bouncycastle/tls/TlsUtils.java +++ b/tls/src/main/java/org/bouncycastle/tls/TlsUtils.java @@ -450,6 +450,21 @@ public static short[] decodeUint8ArrayWithUint8Length(byte[] buf) throws IOExcep return uints; } + public static int[] decodeUint8ArrayWithUint16Length(byte[] buf) throws IOException + { + if (buf == null) + { + throw new IllegalArgumentException("'buf' cannot be null"); + } + + int[] uints = new int[buf.length]; + for (int i = 0; i < buf.length; ++i) + { + uints[i] = readUint8(buf, i ); + } + return uints; + } + public static byte[] encodeOpaque8(byte[] buf) throws IOException { diff --git a/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java b/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java new file mode 100644 index 0000000000..d240240293 --- /dev/null +++ b/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java @@ -0,0 +1,72 @@ +package org.bouncycastle.tls; + +import org.bouncycastle.util.io.Streams; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + + +public class TokenBindingExtension { + + public static final Integer rsa2048_pcks15 = 0; + public static final Integer rsa2048_pss = 1; + public static final Integer rsa2048_ecdsap256 = 2; + + List TokenBindingKeyParameters = new ArrayList(); + + private static int MajorProtocolVerison=0; + + public static int getMajorProtocolVerison() { + return MajorProtocolVerison; + } + + public static int getMinorProtocolVerison() { + return MinorProtocolVerison; + } + + private static int MinorProtocolVerison=13; + + public static void setMajorProtocolVerison(int majorProtocolVerison) { + MajorProtocolVerison = majorProtocolVerison; + } + + public static void setMinorProtocolVerison(int minorProtocolVerison) { + MinorProtocolVerison = minorProtocolVerison; + } + + public void addTokenbindingKeyParameters(int parameter){ + TokenBindingKeyParameters.add(parameter); + } + + public List getTokenBindingKeyParameters() { + if (TokenBindingKeyParameters.size() <1){ + TokenBindingKeyParameters.add(rsa2048_pcks15); + } + Collections.sort(TokenBindingKeyParameters,Collections.reverseOrder()); + return TokenBindingKeyParameters; + } + + public void encode (OutputStream output) throws IOException { + ByteArrayOutputStream buf = new ByteArrayOutputStream(); + + TlsUtils.checkUint8(MajorProtocolVerison); + TlsUtils.checkUint8(MinorProtocolVerison); + TlsUtils.writeUint8(MajorProtocolVerison,output); + TlsUtils.writeUint8(MinorProtocolVerison,output); + + for (Integer param : this.getTokenBindingKeyParameters()){ + TlsUtils.checkUint8(param); + TlsUtils.writeUint8(param,buf); + } + + TlsUtils.checkUint8(buf.size()); + TlsUtils.writeUint8(buf.size(), output); + Streams.writeBufTo(buf, output); + + } + +} \ No newline at end of file From 00474f05af7d65525e66fb5dbd8e68243951512a Mon Sep 17 00:00:00 2001 From: Inthirakumaaran Date: Tue, 28 Nov 2017 10:53:15 +0530 Subject: [PATCH 2/5] format code --- tls/src/main/java/org/bouncycastle/tls/SessionParameters.java | 1 - .../main/java/org/bouncycastle/tls/TokenBindingExtension.java | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/tls/src/main/java/org/bouncycastle/tls/SessionParameters.java b/tls/src/main/java/org/bouncycastle/tls/SessionParameters.java index 66dbf44a78..baf82ec4a3 100644 --- a/tls/src/main/java/org/bouncycastle/tls/SessionParameters.java +++ b/tls/src/main/java/org/bouncycastle/tls/SessionParameters.java @@ -21,7 +21,6 @@ public static final class Builder private byte[] pskIdentity = null; private byte[] srpIdentity = null; private byte[] encodedServerExtensions = null; - private NegotiatedTokenBinding negotiatedTokenBinding=null; public Builder() { diff --git a/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java b/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java index d240240293..5f2ef2190e 100644 --- a/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java +++ b/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java @@ -69,4 +69,4 @@ public void encode (OutputStream output) throws IOException { } -} \ No newline at end of file +} From a8aa50b560e23afaf73e4ee1e12414237bdb8971 Mon Sep 17 00:00:00 2001 From: Inthirakumaaran Date: Tue, 28 Nov 2017 11:01:01 +0530 Subject: [PATCH 3/5] .iml file deleted --- bc-java.iml | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 bc-java.iml diff --git a/bc-java.iml b/bc-java.iml deleted file mode 100644 index a743e4f4f5..0000000000 --- a/bc-java.iml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - - - - - \ No newline at end of file From f3c698ceef8af9769ad7aad26c4e816ad2348a21 Mon Sep 17 00:00:00 2001 From: Inthirakumaaran Date: Wed, 20 Dec 2017 15:18:57 +0530 Subject: [PATCH 4/5] class comments added --- .../tls/NegotiatedTokenBinding.java | 28 +++++++++++-------- .../org/bouncycastle/tls/TlsProtocol.java | 7 +++++ .../tls/TokenBindingExtension.java | 24 ++++++++-------- 3 files changed, 37 insertions(+), 22 deletions(-) diff --git a/tls/src/main/java/org/bouncycastle/tls/NegotiatedTokenBinding.java b/tls/src/main/java/org/bouncycastle/tls/NegotiatedTokenBinding.java index 3c1d99ee28..c17e6fb1fb 100644 --- a/tls/src/main/java/org/bouncycastle/tls/NegotiatedTokenBinding.java +++ b/tls/src/main/java/org/bouncycastle/tls/NegotiatedTokenBinding.java @@ -1,8 +1,14 @@ package org.bouncycastle.tls; +/** + * This class captures the negotiated parameters from the TLS handshake + */ public class NegotiatedTokenBinding { - String selectedKeyParameter; + private String selectedKeyParameter; + protected String RSA2048_PCKS15 = "rsa2048_pcks15"; + protected String RSA2048_PSS = "rsa2048_pss"; + protected String RSA2048_ECDSAP256 = "rsa2048_ecdsap256"; public byte[] exportKeyingMaterial; @@ -14,8 +20,8 @@ public void setExportKeyingMaterial(byte[] exportKeyingMaterial) { this.exportKeyingMaterial = exportKeyingMaterial; } - public int MajorProtocolVerison=0; - public int MinorProtocolVerison=13; + public int MajorProtocolVerison = 0; + public int MinorProtocolVerison = 13; public String getSelectedKeyParameter() { return selectedKeyParameter; @@ -43,18 +49,18 @@ public void setMinorProtocolVerison(int minorProtocolVerison) { public NegotiatedTokenBinding decode(int[] serverdata) throws TlsFatalAlert { - if(serverdata.length !=4){ + if (serverdata.length != 4) { throw new TlsFatalAlert(AlertDescription.unsupported_extension); } this.setMajorProtocolVerison(serverdata[0]); this.setMinorProtocolVerison(serverdata[1]); - if(serverdata[3]==0){ - this.setSelectedKeyParameter("rsa2048_pcks15"); - }else if (serverdata[3]==1){ - this.setSelectedKeyParameter("rsa2048_pss"); - }else if (serverdata[3]==2){ - this.setSelectedKeyParameter("rsa2048_ecdsap256"); - }else{ + if (serverdata[3] == 0) { + this.setSelectedKeyParameter(RSA2048_PCKS15); + } else if (serverdata[3] == 1) { + this.setSelectedKeyParameter(RSA2048_PSS); + } else if (serverdata[3] == 2) { + this.setSelectedKeyParameter(RSA2048_ECDSAP256); + } else { throw new TlsFatalAlert(AlertDescription.unsupported_extension); } return this; diff --git a/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java b/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java index bf89edb4a7..c2b435020d 100644 --- a/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java +++ b/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java @@ -1189,6 +1189,13 @@ protected void refuseRenegotiation() throws IOException raiseAlertWarning(AlertDescription.no_renegotiation, "Renegotiation not supported"); } + /** + * This method creates NegotiatedTokenBindingClass and checks the negotiated parameters. + * + * @param serverExtensions + * @return + * @throws IOException + */ protected NegotiatedTokenBinding processTokenBindingExtension(Hashtable serverExtensions) throws IOException { NegotiatedTokenBinding tokenBinding = TlsExtensionsUtils.getTokenBindingExtension(serverExtensions); if (tokenBinding != null) { diff --git a/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java b/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java index 5f2ef2190e..9ec7295609 100644 --- a/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java +++ b/tls/src/main/java/org/bouncycastle/tls/TokenBindingExtension.java @@ -9,7 +9,9 @@ import java.util.Collections; import java.util.List; - +/** + * Token binding (draft) extension to TLS + */ public class TokenBindingExtension { public static final Integer rsa2048_pcks15 = 0; @@ -18,7 +20,7 @@ public class TokenBindingExtension { List TokenBindingKeyParameters = new ArrayList(); - private static int MajorProtocolVerison=0; + private static int MajorProtocolVerison = 0; public static int getMajorProtocolVerison() { return MajorProtocolVerison; @@ -28,7 +30,7 @@ public static int getMinorProtocolVerison() { return MinorProtocolVerison; } - private static int MinorProtocolVerison=13; + private static int MinorProtocolVerison = 13; public static void setMajorProtocolVerison(int majorProtocolVerison) { MajorProtocolVerison = majorProtocolVerison; @@ -38,29 +40,29 @@ public static void setMinorProtocolVerison(int minorProtocolVerison) { MinorProtocolVerison = minorProtocolVerison; } - public void addTokenbindingKeyParameters(int parameter){ + public void addTokenbindingKeyParameters(int parameter) { TokenBindingKeyParameters.add(parameter); } public List getTokenBindingKeyParameters() { - if (TokenBindingKeyParameters.size() <1){ + if (TokenBindingKeyParameters.size() < 1) { TokenBindingKeyParameters.add(rsa2048_pcks15); } - Collections.sort(TokenBindingKeyParameters,Collections.reverseOrder()); + Collections.sort(TokenBindingKeyParameters, Collections.reverseOrder()); return TokenBindingKeyParameters; } - public void encode (OutputStream output) throws IOException { + public void encode(OutputStream output) throws IOException { ByteArrayOutputStream buf = new ByteArrayOutputStream(); TlsUtils.checkUint8(MajorProtocolVerison); TlsUtils.checkUint8(MinorProtocolVerison); - TlsUtils.writeUint8(MajorProtocolVerison,output); - TlsUtils.writeUint8(MinorProtocolVerison,output); + TlsUtils.writeUint8(MajorProtocolVerison, output); + TlsUtils.writeUint8(MinorProtocolVerison, output); - for (Integer param : this.getTokenBindingKeyParameters()){ + for (Integer param : this.getTokenBindingKeyParameters()) { TlsUtils.checkUint8(param); - TlsUtils.writeUint8(param,buf); + TlsUtils.writeUint8(param, buf); } TlsUtils.checkUint8(buf.size()); From da549a4ce21341c7af40195e66b9a645c20cd229 Mon Sep 17 00:00:00 2001 From: Inthirakumaaran Date: Wed, 20 Dec 2017 15:22:13 +0530 Subject: [PATCH 5/5] fixed requested change --- tls/src/main/java/org/bouncycastle/tls/AbstractTlsClient.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tls/src/main/java/org/bouncycastle/tls/AbstractTlsClient.java b/tls/src/main/java/org/bouncycastle/tls/AbstractTlsClient.java index 7909cc9f69..5cfcf1516e 100644 --- a/tls/src/main/java/org/bouncycastle/tls/AbstractTlsClient.java +++ b/tls/src/main/java/org/bouncycastle/tls/AbstractTlsClient.java @@ -229,8 +229,8 @@ public Hashtable getClientExtensions() } //add TokenBinding Extension - TokenBindingExtension tokenBindingExtension =new TokenBindingExtension(); - TlsExtensionsUtils.addTokenBindingExtension(clientExtensions,tokenBindingExtension); + TokenBindingExtension tokenBindingExtension = new TokenBindingExtension(); + TlsExtensionsUtils.addTokenBindingExtension(clientExtensions, tokenBindingExtension); return clientExtensions; }