Merge remote-tracking branch 'origin/master'

neverdup · May 13, 2019 · ada284f · ada284f
2 parents a5ba457 + f25d440
commit ada284f
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 31 deletions.
diff --git a/pkix/src/main/java/org/bouncycastle/tsp/TimeStampToken.java b/pkix/src/main/java/org/bouncycastle/tsp/TimeStampToken.java
@@ -1,6 +1,5 @@
 package org.bouncycastle.tsp;
 
-import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
@@ -16,14 +15,15 @@
 import org.bouncycastle.asn1.ess.ESSCertIDv2;
 import org.bouncycastle.asn1.ess.SigningCertificate;
 import org.bouncycastle.asn1.ess.SigningCertificateV2;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.tsp.TSTInfo;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.IssuerSerial;
+import org.bouncycastle.cert.X509AttributeCertificateHolder;
+import org.bouncycastle.cert.X509CRLHolder;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cms.CMSException;
 import org.bouncycastle.cms.CMSProcessable;
@@ -79,8 +79,8 @@ public TimeStampToken(CMSSignedData signedData)
         {
             throw new TSPValidationException("ContentInfo object not for a time stamp.");
         }
-        
-        Collection signers = tsToken.getSignerInfos().getSigners();
+
+        Collection<SignerInformation> signers = tsToken.getSignerInfos().getSigners();
 
         if (signers.size() != 1)
         {
@@ -89,7 +89,7 @@ public TimeStampToken(CMSSignedData signedData)
                     + " signers, but it must contain just the TSA signature.");
         }
 
-        tsaSignerInfo = (SignerInformation)signers.iterator().next();
+        tsaSignerInfo = signers.iterator().next();
 
         try
         {
@@ -98,15 +98,16 @@ public TimeStampToken(CMSSignedData signedData)
 
             content.write(bOut);
 
-            ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(bOut.toByteArray()));
+            @SuppressWarnings("resource")
+            ASN1InputStream aIn = new ASN1InputStream(bOut.toByteArray());
 
             this.tstInfo = new TimeStampTokenInfo(TSTInfo.getInstance(aIn.readObject()));
 
-            Attribute   attr = tsaSignerInfo.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
+            Attribute attr = tsaSignerInfo.getSignedAttributes().get(PKCSObjectIdentifiers.id_aa_signingCertificate);
 
             if (attr != null)
             {
-                SigningCertificate    signCert = SigningCertificate.getInstance(attr.getAttrValues().getObjectAt(0));
+                SigningCertificate signCert = SigningCertificate.getInstance(attr.getAttrValues().getObjectAt(0));
 
                 this.certID = new CertID(ESSCertID.getInstance(signCert.getCerts()[0]));
             }
@@ -338,22 +339,6 @@ private class CertID
             this.certID = null;
         }
 
-        public String getHashAlgorithmName()
-        {
-            if (certID != null)
-            {
-                return "SHA-1";
-            }
-            else
-            {
-                if (NISTObjectIdentifiers.id_sha256.equals(certIDv2.getHashAlgorithm().getAlgorithm()))
-                {
-                    return "SHA-256";
-                }
-                return certIDv2.getHashAlgorithm().getAlgorithm().getId();
-            }
-        }
-
         public AlgorithmIdentifier getHashAlgorithm()
         {
             if (certID != null)

diff --git a/tls/src/main/java/org/bouncycastle/tls/DTLSRecordLayer.java b/tls/src/main/java/org/bouncycastle/tls/DTLSRecordLayer.java
@@ -94,6 +94,7 @@ private static void sendDatagram(DatagramSender sender, byte[] record)
     private volatile boolean failed = false;
     // TODO[dtls13] Review the draft/RFC (legacy_record_version) to see if readVersion can be removed
     private volatile ProtocolVersion readVersion = null, writeVersion = null;
+    private volatile boolean inConnection;
     private volatile boolean inHandshake;
     private volatile int plaintextLimit;
     private DTLSEpoch currentEpoch, pendingEpoch;
@@ -135,6 +136,8 @@ void resetAfterHelloVerifyRequestClient()
 
     void resetAfterHelloVerifyRequestServer(long writeRecordSeqNo)
     {
+        this.inConnection = true;
+
         currentEpoch.setSequenceNumber(writeRecordSeqNo);
 
         /*
@@ -363,7 +366,7 @@ public void close()
     {
         if (!closed)
         {
-            if (inHandshake)
+            if (inHandshake && inConnection)
             {
                 warn(AlertDescription.user_canceled, "User canceled handshake");
             }
@@ -375,13 +378,16 @@ void fail(short alertDescription)
     {
         if (!closed)
         {
-            try
-            {
-                raiseAlert(AlertLevel.fatal, alertDescription, null, null);
-            }
-            catch (Exception e)
+            if (inConnection)
             {
-                // Ignore
+                try
+                {
+                    raiseAlert(AlertLevel.fatal, alertDescription, null, null);
+                }
+                catch (Exception e)
+                {
+                    // Ignore
+                }
             }
 
             failed = true;
@@ -712,6 +718,8 @@ private int receiveRecord(byte[] buf, int off, int len, int waitMillis)
         int received = receiveDatagram(buf, off, len, waitMillis);
         if (received >= RECORD_HEADER_LENGTH)
         {
+            this.inConnection = true;
+
             int fragmentLength = TlsUtils.readUint16(buf, off + 11);
             int recordLength = RECORD_HEADER_LENGTH + fragmentLength;
             if (received > recordLength)