Package org.jivesoftware.util.channelbinding

Class TlsServerEndPointChannelBindingProvider

java.lang.Object

org.jivesoftware.util.channelbinding.TlsServerEndPointChannelBindingProvider

All Implemented Interfaces:

ChannelBindingProvider

public class TlsServerEndPointChannelBindingProvider
extends Object
implements ChannelBindingProvider

Implementation of ChannelBindingProvider for the tls-server-end-point channel binding type (RFC 5929). This provider extracts channel binding data from a SSLEngine, using the hash of the server's certificate as specified by RFC 5929. The hash algorithm is chosen based on the certificate's signature algorithm. The channel binding data is always derived from the server certificate, regardless of which side computes it.

See Also:

• RFC 5929: Channel Bindings for TLS

Constructor Summary

Constructors

Constructor	Description
TlsServerEndPointChannelBindingProvider()

Method Summary

Modifier and Type	Method	Description
Optional<byte[]>	getChannelBinding(SSLEngine engine)	Attempts to extract the channel binding data from the provided SSLEngine.
String	getType()	Returns the RFC-defined unique prefix for the channel binding type this provider supports (e.g., "tls-exporter", "tls-server-end-point").

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TlsServerEndPointChannelBindingProvider

public TlsServerEndPointChannelBindingProvider()

Method Details

getType

public String getType()

Description copied from interface: ChannelBindingProvider

Returns the RFC-defined unique prefix for the channel binding type this provider supports (e.g., "tls-exporter", "tls-server-end-point"). Note that these values are case-sensitive and must match exactly as defined in the respective RFCs.

Specified by:

getType in interface ChannelBindingProvider

Returns:

the channel binding type unique prefix (never null or empty)

getChannelBinding

public Optional<byte[]> getChannelBinding(@Nonnull
 SSLEngine engine)

Attempts to extract the channel binding data from the provided SSLEngine. This is typically the hash of the server's certificate. The hash algorithm is chosen based on the certificate's signature algorithm per RFC 5929 §4.1. The tls-server-end-point binding is always derived from the server certificate, regardless of which side computes it. To determine if the local entity is acting in server or client mode, the engine's #getUseClientMode() method is evaluated.

Specified by:

getChannelBinding in interface ChannelBindingProvider

Parameters:

engine - the SSLEngine from which to extract channel binding data (must not be null)

Returns:

an Optional containing the channel binding data, or empty if unavailable or unsupported