| /* |
| * Copyright (C) 2020 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.internal.net.ipsec.ike.message; |
| |
| import static com.android.internal.net.ipsec.ike.message.IkeCertPayload.CERT_ENCODING_LEN; |
| import static com.android.internal.net.ipsec.ike.message.IkeCertPayload.CertificateEncoding; |
| |
| import android.net.ipsec.ike.exceptions.IkeProtocolException; |
| |
| import java.nio.ByteBuffer; |
| |
| /** |
| * This class represents a Certificate Request Payload |
| * |
| * <p>A Certificate Request Payload provides suggestion for an end certificate to select. Receiver |
| * of this payload is allowed to send an alternate. It is possible that there is a preferred CA sent |
| * in the IkeCertReqPayload, but an alternate is still acceptable. |
| * |
| * <p>IKE library will always ignore this payload since only one end certificate can be configured |
| * by users. |
| * |
| * @see <a href="https://tools.ietf.org/html/rfc7296#section-3.8">RFC 7296, Internet Key Exchange |
| * Protocol Version 2 (IKEv2)</a> |
| */ |
| public class IkeCertReqPayload extends IkePayload { |
| /** Certificate encoding type */ |
| @CertificateEncoding public final int certEncodingType; |
| /** Concatenated list of SHA-1 hashes of CAs' Subject Public Key Info */ |
| public final byte[] caSubjectPublicKeyInforHashes; |
| |
| /** |
| * Construct an instance of IkeCertReqPayload from decoding an inbound IKE packet. |
| * |
| * <p>NegativeArraySizeException and BufferUnderflowException will be caught in {@link |
| * IkeMessage} |
| * |
| * @param critical indicates if this payload is critical. Ignored in supported payload as |
| * instructed by the RFC 7296. |
| * @param payloadBody payload body in byte array |
| * @throws IkeProtocolException if there is any error |
| */ |
| public IkeCertReqPayload(boolean critical, byte[] payloadBody) throws IkeProtocolException { |
| super(PAYLOAD_TYPE_CERT_REQUEST, critical); |
| |
| ByteBuffer inputBuffer = ByteBuffer.wrap(payloadBody); |
| certEncodingType = Byte.toUnsignedInt(inputBuffer.get()); |
| caSubjectPublicKeyInforHashes = new byte[inputBuffer.remaining()]; |
| inputBuffer.get(caSubjectPublicKeyInforHashes); |
| } |
| |
| /** |
| * Encode Certificate Request Payload to ByteBuffer. |
| * |
| * @param nextPayload type of payload that follows this payload. |
| * @param byteBuffer destination ByteBuffer that stores encoded payload. |
| */ |
| @Override |
| protected void encodeToByteBuffer(@PayloadType int nextPayload, ByteBuffer byteBuffer) { |
| encodePayloadHeaderToByteBuffer(nextPayload, getPayloadLength(), byteBuffer); |
| |
| byteBuffer.put((byte) certEncodingType).put(caSubjectPublicKeyInforHashes); |
| } |
| |
| /** |
| * Get entire payload length. |
| * |
| * @return entire payload length. |
| */ |
| @Override |
| protected int getPayloadLength() { |
| return GENERIC_HEADER_LENGTH + CERT_ENCODING_LEN + caSubjectPublicKeyInforHashes.length; |
| } |
| |
| /** |
| * Return the payload type as a String. |
| * |
| * @return the payload type as a String. |
| */ |
| @Override |
| public String getTypeString() { |
| return "CertReq"; |
| } |
| } |