BaseTlsManager

class mtf.network_port.tls.managers.base_manager.BaseTlsManager

This class implements common TLS management functionality.

The BaseTlsManager class provides fundamental methods and attributes common to all concrete TLS manager implementations. Its primary purpose is to serve as an interface and utility provider, rather than implementing any actual TLS handshake logic directly.

Subclasses should extend this class to handle specific roles (client or server) and responsibilities (e.g., managing TLS handshakes, processing messages, maintaining session state, etc.).

__init__(connection_config: ConnectionConfig, security_config: SecurityConfig, protocol_config: ProtocolConfig, session_id: str | None = None, finish_with_close_notify: bool = False, respect_client_extensions: bool = True, workflow_xml: str | None = None, stop_trace_after_unexpected: bool | None = True)

set_default_psk_sets_in_java(psk_sets_data: list) → JClass

Creates a Java ArrayList from the given PSK data.

Args:

psk_sets_data (list): A list of tuples, where each tuple contains

(pre_shared_key_identity,pre_shared_key, ticket_age). Each value should be a string. If ticket_age is not provided, it will default to 1.

Returns:

jpype.JClass: A Java ArrayList containing the configured PskSet objects.

Raises:

ValueError: If the psk_sets_data list is empty or any of the

required PSK set data elements are missing or invalid.

get_supported_cipher_suites() → list[str]

Gets the supported cipher suites.

Returns:

list[str]: All supported cipher suite names.

is_cipher_suite_supported(cipher: str | int | bytes) → bool

Checks whether the given cipher suite is supported.

Args:

cipher (Union[str, int, bytes]): The cipher to check.

Returns:

bool: True on success, False otherwise.

Note:

Note

cipher accepts the following:

• a Java enum name (“TLS_RSA_WITH_AES_128_GCM_SHA256”)

• an integer code (0x1301)

• a 2‐byte big‐endian bytes object (b’
  ’)

prepare_ciphers_for_argument(ciphers: str | List[str]) → str

Prepares a string representation of the cipher(s) to be passed as an argument to the TLS-Attacker client.

Args:

ciphers (Union[str, List[str]]): One or a list of ciphers.

Returns:

str: A comma-separated string of cipher names in IANA format.

add_extension(extension_type: TlsExtensionType, value: Any | None = None, status: bool | None = True) → None

Adds a specific TLS extension for the client or server and optionally configures by setting its value and its status.

Args:

extension_type (TlsExtensionType): The type of the TLS extension to add. value (Optional[Any]): The value to set for the extension. Defaults to None. status (Optional[bool]): Enable or disable the extension. Defaults to True.

Note:

Note

If the extension is not supported or an error occurs, it logs an appropriate error message.

set_extension_property(property_name: str, value: Any) → None

Sets the given TLS extension property.

Args:

property_name (str): The name of the property to set. value (Any): The value to set.

send_action(message_types: list[TlsMessage], message_properties: dict = None, with_extensions=True) → None

Dynamically sends a series of TLS messages from/to the server/client during a handshake, with optional properties for each message type.

Args:

message_types (list[TlsMessage]): A list of TlsMessage Enum representing message types to send. message_properties (dict, optional): A dictionary where keys are TlsMessage types

and values are dictionaries of properties to set. Defaults to None.

with_extensions (bool, optional): Whether or not to include extensions. Defaults to True.

Note:

Note

The keys of the property dictionaries are TlsMessage types and the values are dictionaries themselves with property names as keys and their respective values as values.

get_config(message_type: TlsMessage)

Gets the configuration of the given TLS message type.

Args:

message_type (TlsMessage): The TLS message to get the configuration for.

receive_action(message_types: list[TlsMessage]) → None

Dynamically receives a series of TLS/DTLS messages from/to the server/client during a handshake.

Args:

message_types (list[TlsMessage]): A list of TlsMessage enum members

representing the message types to receive.

activate_encryption() → None

Should be implemented by subclasses to handle client/server-specific receive actions.

deactivate_encryption()

Should be implemented by subclasses to handle client/server-specific receive actions.

add_wait_action(delay_ms: int) → None

Adds a wait action to pause execution for a defined period of time. Args:

delay_ms (int): The delay (in ms) to wait.

shutdown() → None

Shuts down the JVM if it is currently running.

get_message_class(msg_type) → Any

Identifies and retrieves the class of a specific message type from the list of exchanged messages.

Args:

msg_type: The type of the message to be matched.

Returns:

list: The matching message classes.

get_messages()

Should be implemented by subclasses to handle client/server-specific received/sent messages.

check_message_class(message) → Any

Maps a specific TLS message type to its corresponding class and initializes it with the provided message data.

Args:

message: The raw message object containing the data to be mapped and processed.

Returns:

TlsMessage: The initialized message class.

xor_finish(xor_position: PositionXorValue, xor_string: str)

Converts a hex string to a signed byte array, applies an XOR position, and stores both as extension properties.

Args:

xor_position (PositionXorValue): The XOR position value. xor_string (str): Hexadecimal string where each byte is two hex characters.