jdk-sandbox: jdk/src/share/classes/sun/security/ssl/HelloExtensions.java@1255eb81cc2f (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
9035 1255eb81cc2f 7033660: Update copyright year to 2011 on any files changed in 2011 ohair parents: 7990 diff changeset	2	* Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1579 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1579 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1579 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1579 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1579 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.io.IOException;
90ce3da70b43 Initial load duke parents: diff changeset	29	import java.io.PrintStream;
90ce3da70b43 Initial load duke parents: diff changeset	30	import java.util.*;
90ce3da70b43 Initial load duke parents: diff changeset	31
90ce3da70b43 Initial load duke parents: diff changeset	32	import java.security.spec.ECParameterSpec;
90ce3da70b43 Initial load duke parents: diff changeset	33
90ce3da70b43 Initial load duke parents: diff changeset	34	import javax.net.ssl.SSLProtocolException;
90ce3da70b43 Initial load duke parents: diff changeset	35
90ce3da70b43 Initial load duke parents: diff changeset	36	/**
90ce3da70b43 Initial load duke parents: diff changeset	37	* This file contains all the classes relevant to TLS Extensions for the
90ce3da70b43 Initial load duke parents: diff changeset	38	* ClientHello and ServerHello messages. The extension mechanism and
90ce3da70b43 Initial load duke parents: diff changeset	39	* several extensions are defined in RFC 3546. Additional extensions are
90ce3da70b43 Initial load duke parents: diff changeset	40	* defined in the ECC RFC 4492.
90ce3da70b43 Initial load duke parents: diff changeset	41	*
90ce3da70b43 Initial load duke parents: diff changeset	42	* Currently, only the two ECC extensions are fully supported.
90ce3da70b43 Initial load duke parents: diff changeset	43	*
90ce3da70b43 Initial load duke parents: diff changeset	44	* The classes contained in this file are:
90ce3da70b43 Initial load duke parents: diff changeset	45	* . HelloExtensions: a List of extensions as used in the client hello
90ce3da70b43 Initial load duke parents: diff changeset	46	* and server hello messages.
90ce3da70b43 Initial load duke parents: diff changeset	47	* . ExtensionType: an enum style class for the extension type
90ce3da70b43 Initial load duke parents: diff changeset	48	* . HelloExtension: abstract base class for all extensions. All subclasses
90ce3da70b43 Initial load duke parents: diff changeset	49	* must be immutable.
90ce3da70b43 Initial load duke parents: diff changeset	50	*
90ce3da70b43 Initial load duke parents: diff changeset	51	* . UnknownExtension: used to represent all parsed extensions that we do not
90ce3da70b43 Initial load duke parents: diff changeset	52	* explicitly support.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	53	* . ServerNameExtension: the server_name extension.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	54	* . SignatureAlgorithmsExtension: the signature_algorithms extension.
2 90ce3da70b43 Initial load duke parents: diff changeset	55	* . SupportedEllipticCurvesExtension: the ECC supported curves extension.
90ce3da70b43 Initial load duke parents: diff changeset	56	* . SupportedEllipticPointFormatsExtension: the ECC supported point formats
90ce3da70b43 Initial load duke parents: diff changeset	57	* (compressed/uncompressed) extension.
90ce3da70b43 Initial load duke parents: diff changeset	58	*
90ce3da70b43 Initial load duke parents: diff changeset	59	* @since 1.6
90ce3da70b43 Initial load duke parents: diff changeset	60	* @author Andreas Sterbenz
90ce3da70b43 Initial load duke parents: diff changeset	61	*/
90ce3da70b43 Initial load duke parents: diff changeset	62	final class HelloExtensions {
90ce3da70b43 Initial load duke parents: diff changeset	63
90ce3da70b43 Initial load duke parents: diff changeset	64	private List<HelloExtension> extensions;
90ce3da70b43 Initial load duke parents: diff changeset	65	private int encodedLength;
90ce3da70b43 Initial load duke parents: diff changeset	66
90ce3da70b43 Initial load duke parents: diff changeset	67	HelloExtensions() {
90ce3da70b43 Initial load duke parents: diff changeset	68	extensions = Collections.emptyList();
90ce3da70b43 Initial load duke parents: diff changeset	69	}
90ce3da70b43 Initial load duke parents: diff changeset	70
90ce3da70b43 Initial load duke parents: diff changeset	71	HelloExtensions(HandshakeInStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	72	int len = s.getInt16();
90ce3da70b43 Initial load duke parents: diff changeset	73	extensions = new ArrayList<HelloExtension>();
90ce3da70b43 Initial load duke parents: diff changeset	74	encodedLength = len + 2;
90ce3da70b43 Initial load duke parents: diff changeset	75	while (len > 0) {
90ce3da70b43 Initial load duke parents: diff changeset	76	int type = s.getInt16();
90ce3da70b43 Initial load duke parents: diff changeset	77	int extlen = s.getInt16();
90ce3da70b43 Initial load duke parents: diff changeset	78	ExtensionType extType = ExtensionType.get(type);
90ce3da70b43 Initial load duke parents: diff changeset	79	HelloExtension extension;
90ce3da70b43 Initial load duke parents: diff changeset	80	if (extType == ExtensionType.EXT_SERVER_NAME) {
90ce3da70b43 Initial load duke parents: diff changeset	81	extension = new ServerNameExtension(s, extlen);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	82	} else if (extType == ExtensionType.EXT_SIGNATURE_ALGORITHMS) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	83	extension = new SignatureAlgorithmsExtension(s, extlen);
2 90ce3da70b43 Initial load duke parents: diff changeset	84	} else if (extType == ExtensionType.EXT_ELLIPTIC_CURVES) {
90ce3da70b43 Initial load duke parents: diff changeset	85	extension = new SupportedEllipticCurvesExtension(s, extlen);
90ce3da70b43 Initial load duke parents: diff changeset	86	} else if (extType == ExtensionType.EXT_EC_POINT_FORMATS) {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	87	extension =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	88	new SupportedEllipticPointFormatsExtension(s, extlen);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	89	} else if (extType == ExtensionType.EXT_RENEGOTIATION_INFO) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	90	extension = new RenegotiationInfoExtension(s, extlen);
2 90ce3da70b43 Initial load duke parents: diff changeset	91	} else {
90ce3da70b43 Initial load duke parents: diff changeset	92	extension = new UnknownExtension(s, extlen, extType);
90ce3da70b43 Initial load duke parents: diff changeset	93	}
90ce3da70b43 Initial load duke parents: diff changeset	94	extensions.add(extension);
90ce3da70b43 Initial load duke parents: diff changeset	95	len -= extlen + 4;
90ce3da70b43 Initial load duke parents: diff changeset	96	}
90ce3da70b43 Initial load duke parents: diff changeset	97	if (len != 0) {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	98	throw new SSLProtocolException(
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	99	"Error parsing extensions: extra data");
2 90ce3da70b43 Initial load duke parents: diff changeset	100	}
90ce3da70b43 Initial load duke parents: diff changeset	101	}
90ce3da70b43 Initial load duke parents: diff changeset	102
90ce3da70b43 Initial load duke parents: diff changeset	103	// Return the List of extensions. Must not be modified by the caller.
90ce3da70b43 Initial load duke parents: diff changeset	104	List<HelloExtension> list() {
90ce3da70b43 Initial load duke parents: diff changeset	105	return extensions;
90ce3da70b43 Initial load duke parents: diff changeset	106	}
90ce3da70b43 Initial load duke parents: diff changeset	107
90ce3da70b43 Initial load duke parents: diff changeset	108	void add(HelloExtension ext) {
90ce3da70b43 Initial load duke parents: diff changeset	109	if (extensions.isEmpty()) {
90ce3da70b43 Initial load duke parents: diff changeset	110	extensions = new ArrayList<HelloExtension>();
90ce3da70b43 Initial load duke parents: diff changeset	111	}
90ce3da70b43 Initial load duke parents: diff changeset	112	extensions.add(ext);
90ce3da70b43 Initial load duke parents: diff changeset	113	encodedLength = -1;
90ce3da70b43 Initial load duke parents: diff changeset	114	}
90ce3da70b43 Initial load duke parents: diff changeset	115
90ce3da70b43 Initial load duke parents: diff changeset	116	HelloExtension get(ExtensionType type) {
90ce3da70b43 Initial load duke parents: diff changeset	117	for (HelloExtension ext : extensions) {
90ce3da70b43 Initial load duke parents: diff changeset	118	if (ext.type == type) {
90ce3da70b43 Initial load duke parents: diff changeset	119	return ext;
90ce3da70b43 Initial load duke parents: diff changeset	120	}
90ce3da70b43 Initial load duke parents: diff changeset	121	}
90ce3da70b43 Initial load duke parents: diff changeset	122	return null;
90ce3da70b43 Initial load duke parents: diff changeset	123	}
90ce3da70b43 Initial load duke parents: diff changeset	124
90ce3da70b43 Initial load duke parents: diff changeset	125	int length() {
90ce3da70b43 Initial load duke parents: diff changeset	126	if (encodedLength >= 0) {
90ce3da70b43 Initial load duke parents: diff changeset	127	return encodedLength;
90ce3da70b43 Initial load duke parents: diff changeset	128	}
90ce3da70b43 Initial load duke parents: diff changeset	129	if (extensions.isEmpty()) {
90ce3da70b43 Initial load duke parents: diff changeset	130	encodedLength = 0;
90ce3da70b43 Initial load duke parents: diff changeset	131	} else {
90ce3da70b43 Initial load duke parents: diff changeset	132	encodedLength = 2;
90ce3da70b43 Initial load duke parents: diff changeset	133	for (HelloExtension ext : extensions) {
90ce3da70b43 Initial load duke parents: diff changeset	134	encodedLength += ext.length();
90ce3da70b43 Initial load duke parents: diff changeset	135	}
90ce3da70b43 Initial load duke parents: diff changeset	136	}
90ce3da70b43 Initial load duke parents: diff changeset	137	return encodedLength;
90ce3da70b43 Initial load duke parents: diff changeset	138	}
90ce3da70b43 Initial load duke parents: diff changeset	139
90ce3da70b43 Initial load duke parents: diff changeset	140	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	141	int length = length();
90ce3da70b43 Initial load duke parents: diff changeset	142	if (length == 0) {
90ce3da70b43 Initial load duke parents: diff changeset	143	return;
90ce3da70b43 Initial load duke parents: diff changeset	144	}
90ce3da70b43 Initial load duke parents: diff changeset	145	s.putInt16(length - 2);
90ce3da70b43 Initial load duke parents: diff changeset	146	for (HelloExtension ext : extensions) {
90ce3da70b43 Initial load duke parents: diff changeset	147	ext.send(s);
90ce3da70b43 Initial load duke parents: diff changeset	148	}
90ce3da70b43 Initial load duke parents: diff changeset	149	}
90ce3da70b43 Initial load duke parents: diff changeset	150
90ce3da70b43 Initial load duke parents: diff changeset	151	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	152	for (HelloExtension ext : extensions) {
90ce3da70b43 Initial load duke parents: diff changeset	153	s.println(ext.toString());
90ce3da70b43 Initial load duke parents: diff changeset	154	}
90ce3da70b43 Initial load duke parents: diff changeset	155	}
90ce3da70b43 Initial load duke parents: diff changeset	156	}
90ce3da70b43 Initial load duke parents: diff changeset	157
90ce3da70b43 Initial load duke parents: diff changeset	158	final class ExtensionType {
90ce3da70b43 Initial load duke parents: diff changeset	159
90ce3da70b43 Initial load duke parents: diff changeset	160	final int id;
90ce3da70b43 Initial load duke parents: diff changeset	161	final String name;
90ce3da70b43 Initial load duke parents: diff changeset	162
90ce3da70b43 Initial load duke parents: diff changeset	163	private ExtensionType(int id, String name) {
90ce3da70b43 Initial load duke parents: diff changeset	164	this.id = id;
90ce3da70b43 Initial load duke parents: diff changeset	165	this.name = name;
90ce3da70b43 Initial load duke parents: diff changeset	166	}
90ce3da70b43 Initial load duke parents: diff changeset	167
90ce3da70b43 Initial load duke parents: diff changeset	168	public String toString() {
90ce3da70b43 Initial load duke parents: diff changeset	169	return name;
90ce3da70b43 Initial load duke parents: diff changeset	170	}
90ce3da70b43 Initial load duke parents: diff changeset	171
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	172	static List<ExtensionType> knownExtensions = new ArrayList<>(9);
2 90ce3da70b43 Initial load duke parents: diff changeset	173
90ce3da70b43 Initial load duke parents: diff changeset	174	static ExtensionType get(int id) {
90ce3da70b43 Initial load duke parents: diff changeset	175	for (ExtensionType ext : knownExtensions) {
90ce3da70b43 Initial load duke parents: diff changeset	176	if (ext.id == id) {
90ce3da70b43 Initial load duke parents: diff changeset	177	return ext;
90ce3da70b43 Initial load duke parents: diff changeset	178	}
90ce3da70b43 Initial load duke parents: diff changeset	179	}
90ce3da70b43 Initial load duke parents: diff changeset	180	return new ExtensionType(id, "type_" + id);
90ce3da70b43 Initial load duke parents: diff changeset	181	}
90ce3da70b43 Initial load duke parents: diff changeset	182
90ce3da70b43 Initial load duke parents: diff changeset	183	private static ExtensionType e(int id, String name) {
90ce3da70b43 Initial load duke parents: diff changeset	184	ExtensionType ext = new ExtensionType(id, name);
90ce3da70b43 Initial load duke parents: diff changeset	185	knownExtensions.add(ext);
90ce3da70b43 Initial load duke parents: diff changeset	186	return ext;
90ce3da70b43 Initial load duke parents: diff changeset	187	}
90ce3da70b43 Initial load duke parents: diff changeset	188
90ce3da70b43 Initial load duke parents: diff changeset	189	// extensions defined in RFC 3546
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	190	final static ExtensionType EXT_SERVER_NAME =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	191	e(0x0000, "server_name"); // IANA registry value: 0
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	192	final static ExtensionType EXT_MAX_FRAGMENT_LENGTH =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	193	e(0x0001, "max_fragment_length"); // IANA registry value: 1
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	194	final static ExtensionType EXT_CLIENT_CERTIFICATE_URL =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	195	e(0x0002, "client_certificate_url"); // IANA registry value: 2
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	196	final static ExtensionType EXT_TRUSTED_CA_KEYS =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	197	e(0x0003, "trusted_ca_keys"); // IANA registry value: 3
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	198	final static ExtensionType EXT_TRUNCATED_HMAC =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	199	e(0x0004, "truncated_hmac"); // IANA registry value: 4
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	200	final static ExtensionType EXT_STATUS_REQUEST =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	201	e(0x0005, "status_request"); // IANA registry value: 5
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	202
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	203	// extensions defined in RFC 4681
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	204	final static ExtensionType EXT_USER_MAPPING =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	205	e(0x0006, "user_mapping"); // IANA registry value: 6
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	206
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	207	// extensions defined in RFC 5081
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	208	final static ExtensionType EXT_CERT_TYPE =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	209	e(0x0009, "cert_type"); // IANA registry value: 9
2 90ce3da70b43 Initial load duke parents: diff changeset	210
90ce3da70b43 Initial load duke parents: diff changeset	211	// extensions defined in RFC 4492 (ECC)
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	212	final static ExtensionType EXT_ELLIPTIC_CURVES =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	213	e(0x000A, "elliptic_curves"); // IANA registry value: 10
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	214	final static ExtensionType EXT_EC_POINT_FORMATS =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	215	e(0x000B, "ec_point_formats"); // IANA registry value: 11
2 90ce3da70b43 Initial load duke parents: diff changeset	216
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	217	// extensions defined in RFC 5054
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	218	final static ExtensionType EXT_SRP =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	219	e(0x000C, "srp"); // IANA registry value: 12
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	220
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	221	// extensions defined in RFC 5246
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	222	final static ExtensionType EXT_SIGNATURE_ALGORITHMS =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	223	e(0x000D, "signature_algorithms"); // IANA registry value: 13
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	224
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	225	// extensions defined in RFC 5746
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	226	final static ExtensionType EXT_RENEGOTIATION_INFO =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	227	e(0xff01, "renegotiation_info"); // IANA registry value: 65281
2 90ce3da70b43 Initial load duke parents: diff changeset	228	}
90ce3da70b43 Initial load duke parents: diff changeset	229
90ce3da70b43 Initial load duke parents: diff changeset	230	abstract class HelloExtension {
90ce3da70b43 Initial load duke parents: diff changeset	231
90ce3da70b43 Initial load duke parents: diff changeset	232	final ExtensionType type;
90ce3da70b43 Initial load duke parents: diff changeset	233
90ce3da70b43 Initial load duke parents: diff changeset	234	HelloExtension(ExtensionType type) {
90ce3da70b43 Initial load duke parents: diff changeset	235	this.type = type;
90ce3da70b43 Initial load duke parents: diff changeset	236	}
90ce3da70b43 Initial load duke parents: diff changeset	237
90ce3da70b43 Initial load duke parents: diff changeset	238	// Length of the encoded extension, including the type and length fields
90ce3da70b43 Initial load duke parents: diff changeset	239	abstract int length();
90ce3da70b43 Initial load duke parents: diff changeset	240
90ce3da70b43 Initial load duke parents: diff changeset	241	abstract void send(HandshakeOutStream s) throws IOException;
90ce3da70b43 Initial load duke parents: diff changeset	242
90ce3da70b43 Initial load duke parents: diff changeset	243	public abstract String toString();
90ce3da70b43 Initial load duke parents: diff changeset	244
90ce3da70b43 Initial load duke parents: diff changeset	245	}
90ce3da70b43 Initial load duke parents: diff changeset	246
90ce3da70b43 Initial load duke parents: diff changeset	247	final class UnknownExtension extends HelloExtension {
90ce3da70b43 Initial load duke parents: diff changeset	248
90ce3da70b43 Initial load duke parents: diff changeset	249	private final byte[] data;
90ce3da70b43 Initial load duke parents: diff changeset	250
90ce3da70b43 Initial load duke parents: diff changeset	251	UnknownExtension(HandshakeInStream s, int len, ExtensionType type)
90ce3da70b43 Initial load duke parents: diff changeset	252	throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	253	super(type);
90ce3da70b43 Initial load duke parents: diff changeset	254	data = new byte[len];
1579 d1ba7534bfc7 6728126: Parsing Extensions in Client Hello message is done in a wrong way xuelei parents: 2 diff changeset	255	// s.read() does not handle 0-length arrays.
d1ba7534bfc7 6728126: Parsing Extensions in Client Hello message is done in a wrong way xuelei parents: 2 diff changeset	256	if (len != 0) {
d1ba7534bfc7 6728126: Parsing Extensions in Client Hello message is done in a wrong way xuelei parents: 2 diff changeset	257	s.read(data);
d1ba7534bfc7 6728126: Parsing Extensions in Client Hello message is done in a wrong way xuelei parents: 2 diff changeset	258	}
2 90ce3da70b43 Initial load duke parents: diff changeset	259	}
90ce3da70b43 Initial load duke parents: diff changeset	260
90ce3da70b43 Initial load duke parents: diff changeset	261	int length() {
90ce3da70b43 Initial load duke parents: diff changeset	262	return 4 + data.length;
90ce3da70b43 Initial load duke parents: diff changeset	263	}
90ce3da70b43 Initial load duke parents: diff changeset	264
90ce3da70b43 Initial load duke parents: diff changeset	265	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	266	s.putInt16(type.id);
90ce3da70b43 Initial load duke parents: diff changeset	267	s.putBytes16(data);
90ce3da70b43 Initial load duke parents: diff changeset	268	}
90ce3da70b43 Initial load duke parents: diff changeset	269
90ce3da70b43 Initial load duke parents: diff changeset	270	public String toString() {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	271	return "Unsupported extension " + type + ", data: " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	272	Debug.toString(data);
2 90ce3da70b43 Initial load duke parents: diff changeset	273	}
90ce3da70b43 Initial load duke parents: diff changeset	274	}
90ce3da70b43 Initial load duke parents: diff changeset	275
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	276	/*
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	277	* [RFC4366] To facilitate secure connections to servers that host multiple
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	278	* 'virtual' servers at a single underlying network address, clients MAY
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	279	* include an extension of type "server_name" in the (extended) client hello.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	280	* The "extension_data" field of this extension SHALL contain "ServerNameList"
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	281	* where:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	282	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	283	* struct {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	284	* NameType name_type;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	285	* select (name_type) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	286	* case host_name: HostName;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	287	* } name;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	288	* } ServerName;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	289	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	290	* enum {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	291	* host_name(0), (255)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	292	* } NameType;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	293	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	294	* opaque HostName<1..2^16-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	295	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	296	* struct {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	297	* ServerName server_name_list<1..2^16-1>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	298	* } ServerNameList;
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	299	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	300	final class ServerNameExtension extends HelloExtension {
90ce3da70b43 Initial load duke parents: diff changeset	301
90ce3da70b43 Initial load duke parents: diff changeset	302	final static int NAME_HOST_NAME = 0;
90ce3da70b43 Initial load duke parents: diff changeset	303
90ce3da70b43 Initial load duke parents: diff changeset	304	private List<ServerName> names;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	305	private int listLength; // ServerNameList length
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	306
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	307	ServerNameExtension(List<String> hostnames) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	308	super(ExtensionType.EXT_SERVER_NAME);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	309
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	310	listLength = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	311	names = new ArrayList<ServerName>(hostnames.size());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	312	for (String hostname : hostnames) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	313	if (hostname != null && hostname.length() != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	314	// we only support DNS hostname now.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	315	ServerName serverName =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	316	new ServerName(NAME_HOST_NAME, hostname);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	317	names.add(serverName);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	318	listLength += serverName.length;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	319	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	320	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	321
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	322	// As we only support DNS hostname now, the hostname list must
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	323	// not contain more than one hostname
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	324	if (names.size() > 1) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	325	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	326	"The ServerNameList MUST NOT contain more than " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	327	"one name of the same name_type");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	328	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	329
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	330	// We only need to add "server_name" extension in ClientHello unless
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	331	// we support SNI in server side in the future. It is possible that
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	332	// the SNI is empty in ServerHello. As we don't support SNI in
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	333	// ServerHello now, we will throw exception for empty list for now.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	334	if (listLength == 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	335	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	336	"The ServerNameList cannot be empty");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	337	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	338	}
2 90ce3da70b43 Initial load duke parents: diff changeset	339
90ce3da70b43 Initial load duke parents: diff changeset	340	ServerNameExtension(HandshakeInStream s, int len)
90ce3da70b43 Initial load duke parents: diff changeset	341	throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	342	super(ExtensionType.EXT_SERVER_NAME);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	343
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	344	int remains = len;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	345	if (len >= 2) { // "server_name" extension in ClientHello
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	346	listLength = s.getInt16(); // ServerNameList length
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	347	if (listLength == 0 \|\| listLength + 2 != len) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	348	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	349	"Invalid " + type + " extension");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	350	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	351
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	352	remains -= 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	353	names = new ArrayList<ServerName>();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	354	while (remains > 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	355	ServerName name = new ServerName(s);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	356	names.add(name);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	357	remains -= name.length;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	358
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	359	// we may need to check the duplicated ServerName type
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	360	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	361	} else if (len == 0) { // "server_name" extension in ServerHello
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	362	listLength = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	363	names = Collections.<ServerName>emptyList();
2 90ce3da70b43 Initial load duke parents: diff changeset	364	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	365
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	366	if (remains != 0) {
2 90ce3da70b43 Initial load duke parents: diff changeset	367	throw new SSLProtocolException("Invalid server_name extension");
90ce3da70b43 Initial load duke parents: diff changeset	368	}
90ce3da70b43 Initial load duke parents: diff changeset	369	}
90ce3da70b43 Initial load duke parents: diff changeset	370
90ce3da70b43 Initial load duke parents: diff changeset	371	static class ServerName {
90ce3da70b43 Initial load duke parents: diff changeset	372	final int length;
90ce3da70b43 Initial load duke parents: diff changeset	373	final int type;
90ce3da70b43 Initial load duke parents: diff changeset	374	final byte[] data;
90ce3da70b43 Initial load duke parents: diff changeset	375	final String hostname;
90ce3da70b43 Initial load duke parents: diff changeset	376
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	377	ServerName(int type, String hostname) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	378	this.type = type; // NameType
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	379	this.hostname = hostname;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	380	this.data = hostname.getBytes("UTF8"); // HostName
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	381	this.length = data.length + 3; // NameType: 1 byte
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	382	// HostName length: 2 bytes
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	383	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	384
2 90ce3da70b43 Initial load duke parents: diff changeset	385	ServerName(HandshakeInStream s) throws IOException {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	386	type = s.getInt8(); // NameType
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	387	data = s.getBytes16(); // HostName (length read in getBytes16)
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	388	length = data.length + 3; // NameType: 1 byte
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	389	// HostName length: 2 bytes
2 90ce3da70b43 Initial load duke parents: diff changeset	390	if (type == NAME_HOST_NAME) {
90ce3da70b43 Initial load duke parents: diff changeset	391	hostname = new String(data, "UTF8");
90ce3da70b43 Initial load duke parents: diff changeset	392	} else {
90ce3da70b43 Initial load duke parents: diff changeset	393	hostname = null;
90ce3da70b43 Initial load duke parents: diff changeset	394	}
90ce3da70b43 Initial load duke parents: diff changeset	395	}
90ce3da70b43 Initial load duke parents: diff changeset	396
90ce3da70b43 Initial load duke parents: diff changeset	397	public String toString() {
90ce3da70b43 Initial load duke parents: diff changeset	398	if (type == NAME_HOST_NAME) {
90ce3da70b43 Initial load duke parents: diff changeset	399	return "host_name: " + hostname;
90ce3da70b43 Initial load duke parents: diff changeset	400	} else {
90ce3da70b43 Initial load duke parents: diff changeset	401	return "unknown-" + type + ": " + Debug.toString(data);
90ce3da70b43 Initial load duke parents: diff changeset	402	}
90ce3da70b43 Initial load duke parents: diff changeset	403	}
90ce3da70b43 Initial load duke parents: diff changeset	404	}
90ce3da70b43 Initial load duke parents: diff changeset	405
90ce3da70b43 Initial load duke parents: diff changeset	406	int length() {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	407	return listLength == 0 ? 4 : 6 + listLength;
2 90ce3da70b43 Initial load duke parents: diff changeset	408	}
90ce3da70b43 Initial load duke parents: diff changeset	409
90ce3da70b43 Initial load duke parents: diff changeset	410	void send(HandshakeOutStream s) throws IOException {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	411	s.putInt16(type.id);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	412	s.putInt16(listLength + 2);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	413	if (listLength != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	414	s.putInt16(listLength);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	415
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	416	for (ServerName name : names) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	417	s.putInt8(name.type); // NameType
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	418	s.putBytes16(name.data); // HostName
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	419	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	420	}
2 90ce3da70b43 Initial load duke parents: diff changeset	421	}
90ce3da70b43 Initial load duke parents: diff changeset	422
90ce3da70b43 Initial load duke parents: diff changeset	423	public String toString() {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	424	StringBuffer buffer = new StringBuffer();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	425	for (ServerName name : names) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	426	buffer.append("[" + name + "]");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	427	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	428
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	429	return "Extension " + type + ", server_name: " + buffer;
2 90ce3da70b43 Initial load duke parents: diff changeset	430	}
90ce3da70b43 Initial load duke parents: diff changeset	431	}
90ce3da70b43 Initial load duke parents: diff changeset	432
90ce3da70b43 Initial load duke parents: diff changeset	433	final class SupportedEllipticCurvesExtension extends HelloExtension {
90ce3da70b43 Initial load duke parents: diff changeset	434
90ce3da70b43 Initial load duke parents: diff changeset	435	// the extension value to send in the ClientHello message
90ce3da70b43 Initial load duke parents: diff changeset	436	static final SupportedEllipticCurvesExtension DEFAULT;
90ce3da70b43 Initial load duke parents: diff changeset	437
90ce3da70b43 Initial load duke parents: diff changeset	438	private static final boolean fips;
90ce3da70b43 Initial load duke parents: diff changeset	439
90ce3da70b43 Initial load duke parents: diff changeset	440	static {
90ce3da70b43 Initial load duke parents: diff changeset	441	int[] ids;
90ce3da70b43 Initial load duke parents: diff changeset	442	fips = SunJSSE.isFIPS();
90ce3da70b43 Initial load duke parents: diff changeset	443	if (fips == false) {
90ce3da70b43 Initial load duke parents: diff changeset	444	ids = new int[] {
90ce3da70b43 Initial load duke parents: diff changeset	445	// NIST curves first
90ce3da70b43 Initial load duke parents: diff changeset	446	// prefer NIST P-256, rest in order of increasing key length
90ce3da70b43 Initial load duke parents: diff changeset	447	23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
90ce3da70b43 Initial load duke parents: diff changeset	448	// non-NIST curves
90ce3da70b43 Initial load duke parents: diff changeset	449	15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
90ce3da70b43 Initial load duke parents: diff changeset	450	};
90ce3da70b43 Initial load duke parents: diff changeset	451	} else {
90ce3da70b43 Initial load duke parents: diff changeset	452	ids = new int[] {
90ce3da70b43 Initial load duke parents: diff changeset	453	// same as above, but allow only NIST curves in FIPS mode
90ce3da70b43 Initial load duke parents: diff changeset	454	23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
90ce3da70b43 Initial load duke parents: diff changeset	455	};
90ce3da70b43 Initial load duke parents: diff changeset	456	}
90ce3da70b43 Initial load duke parents: diff changeset	457	DEFAULT = new SupportedEllipticCurvesExtension(ids);
90ce3da70b43 Initial load duke parents: diff changeset	458	}
90ce3da70b43 Initial load duke parents: diff changeset	459
90ce3da70b43 Initial load duke parents: diff changeset	460	private final int[] curveIds;
90ce3da70b43 Initial load duke parents: diff changeset	461
90ce3da70b43 Initial load duke parents: diff changeset	462	private SupportedEllipticCurvesExtension(int[] curveIds) {
90ce3da70b43 Initial load duke parents: diff changeset	463	super(ExtensionType.EXT_ELLIPTIC_CURVES);
90ce3da70b43 Initial load duke parents: diff changeset	464	this.curveIds = curveIds;
90ce3da70b43 Initial load duke parents: diff changeset	465	}
90ce3da70b43 Initial load duke parents: diff changeset	466
90ce3da70b43 Initial load duke parents: diff changeset	467	SupportedEllipticCurvesExtension(HandshakeInStream s, int len)
90ce3da70b43 Initial load duke parents: diff changeset	468	throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	469	super(ExtensionType.EXT_ELLIPTIC_CURVES);
90ce3da70b43 Initial load duke parents: diff changeset	470	int k = s.getInt16();
90ce3da70b43 Initial load duke parents: diff changeset	471	if (((len & 1) != 0) \|\| (k + 2 != len)) {
90ce3da70b43 Initial load duke parents: diff changeset	472	throw new SSLProtocolException("Invalid " + type + " extension");
90ce3da70b43 Initial load duke parents: diff changeset	473	}
90ce3da70b43 Initial load duke parents: diff changeset	474	curveIds = new int[k >> 1];
90ce3da70b43 Initial load duke parents: diff changeset	475	for (int i = 0; i < curveIds.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	476	curveIds[i] = s.getInt16();
90ce3da70b43 Initial load duke parents: diff changeset	477	}
90ce3da70b43 Initial load duke parents: diff changeset	478	}
90ce3da70b43 Initial load duke parents: diff changeset	479
90ce3da70b43 Initial load duke parents: diff changeset	480	boolean contains(int index) {
90ce3da70b43 Initial load duke parents: diff changeset	481	for (int curveId : curveIds) {
90ce3da70b43 Initial load duke parents: diff changeset	482	if (index == curveId) {
90ce3da70b43 Initial load duke parents: diff changeset	483	return true;
90ce3da70b43 Initial load duke parents: diff changeset	484	}
90ce3da70b43 Initial load duke parents: diff changeset	485	}
90ce3da70b43 Initial load duke parents: diff changeset	486	return false;
90ce3da70b43 Initial load duke parents: diff changeset	487	}
90ce3da70b43 Initial load duke parents: diff changeset	488
90ce3da70b43 Initial load duke parents: diff changeset	489	// Return a reference to the internal curveIds array.
90ce3da70b43 Initial load duke parents: diff changeset	490	// The caller must NOT modify the contents.
90ce3da70b43 Initial load duke parents: diff changeset	491	int[] curveIds() {
90ce3da70b43 Initial load duke parents: diff changeset	492	return curveIds;
90ce3da70b43 Initial load duke parents: diff changeset	493	}
90ce3da70b43 Initial load duke parents: diff changeset	494
90ce3da70b43 Initial load duke parents: diff changeset	495	int length() {
90ce3da70b43 Initial load duke parents: diff changeset	496	return 6 + (curveIds.length << 1);
90ce3da70b43 Initial load duke parents: diff changeset	497	}
90ce3da70b43 Initial load duke parents: diff changeset	498
90ce3da70b43 Initial load duke parents: diff changeset	499	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	500	s.putInt16(type.id);
90ce3da70b43 Initial load duke parents: diff changeset	501	int k = curveIds.length << 1;
90ce3da70b43 Initial load duke parents: diff changeset	502	s.putInt16(k + 2);
90ce3da70b43 Initial load duke parents: diff changeset	503	s.putInt16(k);
90ce3da70b43 Initial load duke parents: diff changeset	504	for (int curveId : curveIds) {
90ce3da70b43 Initial load duke parents: diff changeset	505	s.putInt16(curveId);
90ce3da70b43 Initial load duke parents: diff changeset	506	}
90ce3da70b43 Initial load duke parents: diff changeset	507	}
90ce3da70b43 Initial load duke parents: diff changeset	508
90ce3da70b43 Initial load duke parents: diff changeset	509	public String toString() {
90ce3da70b43 Initial load duke parents: diff changeset	510	StringBuilder sb = new StringBuilder();
90ce3da70b43 Initial load duke parents: diff changeset	511	sb.append("Extension " + type + ", curve names: {");
90ce3da70b43 Initial load duke parents: diff changeset	512	boolean first = true;
90ce3da70b43 Initial load duke parents: diff changeset	513	for (int curveId : curveIds) {
90ce3da70b43 Initial load duke parents: diff changeset	514	if (first) {
90ce3da70b43 Initial load duke parents: diff changeset	515	first = false;
90ce3da70b43 Initial load duke parents: diff changeset	516	} else {
90ce3da70b43 Initial load duke parents: diff changeset	517	sb.append(", ");
90ce3da70b43 Initial load duke parents: diff changeset	518	}
90ce3da70b43 Initial load duke parents: diff changeset	519	// first check if it is a known named curve, then try other cases.
90ce3da70b43 Initial load duke parents: diff changeset	520	String oid = getCurveOid(curveId);
90ce3da70b43 Initial load duke parents: diff changeset	521	if (oid != null) {
90ce3da70b43 Initial load duke parents: diff changeset	522	ECParameterSpec spec = JsseJce.getECParameterSpec(oid);
90ce3da70b43 Initial load duke parents: diff changeset	523	// this toString() output will look nice for the current
90ce3da70b43 Initial load duke parents: diff changeset	524	// implementation of the ECParameterSpec class in the Sun
90ce3da70b43 Initial load duke parents: diff changeset	525	// provider, but may not look good for other implementations.
90ce3da70b43 Initial load duke parents: diff changeset	526	if (spec != null) {
90ce3da70b43 Initial load duke parents: diff changeset	527	sb.append(spec.toString().split(" ")[0]);
90ce3da70b43 Initial load duke parents: diff changeset	528	} else {
90ce3da70b43 Initial load duke parents: diff changeset	529	sb.append(oid);
90ce3da70b43 Initial load duke parents: diff changeset	530	}
90ce3da70b43 Initial load duke parents: diff changeset	531	} else if (curveId == ARBITRARY_PRIME) {
90ce3da70b43 Initial load duke parents: diff changeset	532	sb.append("arbitrary_explicit_prime_curves");
90ce3da70b43 Initial load duke parents: diff changeset	533	} else if (curveId == ARBITRARY_CHAR2) {
90ce3da70b43 Initial load duke parents: diff changeset	534	sb.append("arbitrary_explicit_char2_curves");
90ce3da70b43 Initial load duke parents: diff changeset	535	} else {
90ce3da70b43 Initial load duke parents: diff changeset	536	sb.append("unknown curve " + curveId);
90ce3da70b43 Initial load duke parents: diff changeset	537	}
90ce3da70b43 Initial load duke parents: diff changeset	538	}
90ce3da70b43 Initial load duke parents: diff changeset	539	sb.append("}");
90ce3da70b43 Initial load duke parents: diff changeset	540	return sb.toString();
90ce3da70b43 Initial load duke parents: diff changeset	541	}
90ce3da70b43 Initial load duke parents: diff changeset	542
90ce3da70b43 Initial load duke parents: diff changeset	543	// Test whether we support the curve with the given index.
90ce3da70b43 Initial load duke parents: diff changeset	544	static boolean isSupported(int index) {
90ce3da70b43 Initial load duke parents: diff changeset	545	if ((index <= 0) \|\| (index >= NAMED_CURVE_OID_TABLE.length)) {
90ce3da70b43 Initial load duke parents: diff changeset	546	return false;
90ce3da70b43 Initial load duke parents: diff changeset	547	}
90ce3da70b43 Initial load duke parents: diff changeset	548	if (fips == false) {
90ce3da70b43 Initial load duke parents: diff changeset	549	// in non-FIPS mode, we support all valid indices
90ce3da70b43 Initial load duke parents: diff changeset	550	return true;
90ce3da70b43 Initial load duke parents: diff changeset	551	}
90ce3da70b43 Initial load duke parents: diff changeset	552	return DEFAULT.contains(index);
90ce3da70b43 Initial load duke parents: diff changeset	553	}
90ce3da70b43 Initial load duke parents: diff changeset	554
90ce3da70b43 Initial load duke parents: diff changeset	555	static int getCurveIndex(ECParameterSpec params) {
90ce3da70b43 Initial load duke parents: diff changeset	556	String oid = JsseJce.getNamedCurveOid(params);
90ce3da70b43 Initial load duke parents: diff changeset	557	if (oid == null) {
90ce3da70b43 Initial load duke parents: diff changeset	558	return -1;
90ce3da70b43 Initial load duke parents: diff changeset	559	}
90ce3da70b43 Initial load duke parents: diff changeset	560	Integer n = curveIndices.get(oid);
90ce3da70b43 Initial load duke parents: diff changeset	561	return (n == null) ? -1 : n;
90ce3da70b43 Initial load duke parents: diff changeset	562	}
90ce3da70b43 Initial load duke parents: diff changeset	563
90ce3da70b43 Initial load duke parents: diff changeset	564	static String getCurveOid(int index) {
90ce3da70b43 Initial load duke parents: diff changeset	565	if ((index > 0) && (index < NAMED_CURVE_OID_TABLE.length)) {
90ce3da70b43 Initial load duke parents: diff changeset	566	return NAMED_CURVE_OID_TABLE[index];
90ce3da70b43 Initial load duke parents: diff changeset	567	}
90ce3da70b43 Initial load duke parents: diff changeset	568	return null;
90ce3da70b43 Initial load duke parents: diff changeset	569	}
90ce3da70b43 Initial load duke parents: diff changeset	570
90ce3da70b43 Initial load duke parents: diff changeset	571	private final static int ARBITRARY_PRIME = 0xff01;
90ce3da70b43 Initial load duke parents: diff changeset	572	private final static int ARBITRARY_CHAR2 = 0xff02;
90ce3da70b43 Initial load duke parents: diff changeset	573
90ce3da70b43 Initial load duke parents: diff changeset	574	// See sun.security.ec.NamedCurve for the OIDs
90ce3da70b43 Initial load duke parents: diff changeset	575	private final static String[] NAMED_CURVE_OID_TABLE = new String[] {
90ce3da70b43 Initial load duke parents: diff changeset	576	null, // (0) unused
90ce3da70b43 Initial load duke parents: diff changeset	577	"1.3.132.0.1", // (1) sect163k1, NIST K-163
90ce3da70b43 Initial load duke parents: diff changeset	578	"1.3.132.0.2", // (2) sect163r1
90ce3da70b43 Initial load duke parents: diff changeset	579	"1.3.132.0.15", // (3) sect163r2, NIST B-163
90ce3da70b43 Initial load duke parents: diff changeset	580	"1.3.132.0.24", // (4) sect193r1
90ce3da70b43 Initial load duke parents: diff changeset	581	"1.3.132.0.25", // (5) sect193r2
90ce3da70b43 Initial load duke parents: diff changeset	582	"1.3.132.0.26", // (6) sect233k1, NIST K-233
90ce3da70b43 Initial load duke parents: diff changeset	583	"1.3.132.0.27", // (7) sect233r1, NIST B-233
90ce3da70b43 Initial load duke parents: diff changeset	584	"1.3.132.0.3", // (8) sect239k1
90ce3da70b43 Initial load duke parents: diff changeset	585	"1.3.132.0.16", // (9) sect283k1, NIST K-283
90ce3da70b43 Initial load duke parents: diff changeset	586	"1.3.132.0.17", // (10) sect283r1, NIST B-283
90ce3da70b43 Initial load duke parents: diff changeset	587	"1.3.132.0.36", // (11) sect409k1, NIST K-409
90ce3da70b43 Initial load duke parents: diff changeset	588	"1.3.132.0.37", // (12) sect409r1, NIST B-409
90ce3da70b43 Initial load duke parents: diff changeset	589	"1.3.132.0.38", // (13) sect571k1, NIST K-571
90ce3da70b43 Initial load duke parents: diff changeset	590	"1.3.132.0.39", // (14) sect571r1, NIST B-571
90ce3da70b43 Initial load duke parents: diff changeset	591	"1.3.132.0.9", // (15) secp160k1
90ce3da70b43 Initial load duke parents: diff changeset	592	"1.3.132.0.8", // (16) secp160r1
90ce3da70b43 Initial load duke parents: diff changeset	593	"1.3.132.0.30", // (17) secp160r2
90ce3da70b43 Initial load duke parents: diff changeset	594	"1.3.132.0.31", // (18) secp192k1
90ce3da70b43 Initial load duke parents: diff changeset	595	"1.2.840.10045.3.1.1", // (19) secp192r1, NIST P-192
90ce3da70b43 Initial load duke parents: diff changeset	596	"1.3.132.0.32", // (20) secp224k1
90ce3da70b43 Initial load duke parents: diff changeset	597	"1.3.132.0.33", // (21) secp224r1, NIST P-224
90ce3da70b43 Initial load duke parents: diff changeset	598	"1.3.132.0.10", // (22) secp256k1
90ce3da70b43 Initial load duke parents: diff changeset	599	"1.2.840.10045.3.1.7", // (23) secp256r1, NIST P-256
90ce3da70b43 Initial load duke parents: diff changeset	600	"1.3.132.0.34", // (24) secp384r1, NIST P-384
90ce3da70b43 Initial load duke parents: diff changeset	601	"1.3.132.0.35", // (25) secp521r1, NIST P-521
90ce3da70b43 Initial load duke parents: diff changeset	602	};
90ce3da70b43 Initial load duke parents: diff changeset	603
90ce3da70b43 Initial load duke parents: diff changeset	604	private final static Map<String,Integer> curveIndices;
90ce3da70b43 Initial load duke parents: diff changeset	605
90ce3da70b43 Initial load duke parents: diff changeset	606	static {
90ce3da70b43 Initial load duke parents: diff changeset	607	curveIndices = new HashMap<String,Integer>();
90ce3da70b43 Initial load duke parents: diff changeset	608	for (int i = 1; i < NAMED_CURVE_OID_TABLE.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	609	curveIndices.put(NAMED_CURVE_OID_TABLE[i], i);
90ce3da70b43 Initial load duke parents: diff changeset	610	}
90ce3da70b43 Initial load duke parents: diff changeset	611	}
90ce3da70b43 Initial load duke parents: diff changeset	612
90ce3da70b43 Initial load duke parents: diff changeset	613	}
90ce3da70b43 Initial load duke parents: diff changeset	614
90ce3da70b43 Initial load duke parents: diff changeset	615	final class SupportedEllipticPointFormatsExtension extends HelloExtension {
90ce3da70b43 Initial load duke parents: diff changeset	616
90ce3da70b43 Initial load duke parents: diff changeset	617	final static int FMT_UNCOMPRESSED = 0;
90ce3da70b43 Initial load duke parents: diff changeset	618	final static int FMT_ANSIX962_COMPRESSED_PRIME = 1;
90ce3da70b43 Initial load duke parents: diff changeset	619	final static int FMT_ANSIX962_COMPRESSED_CHAR2 = 2;
90ce3da70b43 Initial load duke parents: diff changeset	620
90ce3da70b43 Initial load duke parents: diff changeset	621	static final HelloExtension DEFAULT =
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	622	new SupportedEllipticPointFormatsExtension(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	623	new byte[] {FMT_UNCOMPRESSED});
2 90ce3da70b43 Initial load duke parents: diff changeset	624
90ce3da70b43 Initial load duke parents: diff changeset	625	private final byte[] formats;
90ce3da70b43 Initial load duke parents: diff changeset	626
90ce3da70b43 Initial load duke parents: diff changeset	627	private SupportedEllipticPointFormatsExtension(byte[] formats) {
90ce3da70b43 Initial load duke parents: diff changeset	628	super(ExtensionType.EXT_EC_POINT_FORMATS);
90ce3da70b43 Initial load duke parents: diff changeset	629	this.formats = formats;
90ce3da70b43 Initial load duke parents: diff changeset	630	}
90ce3da70b43 Initial load duke parents: diff changeset	631
90ce3da70b43 Initial load duke parents: diff changeset	632	SupportedEllipticPointFormatsExtension(HandshakeInStream s, int len)
90ce3da70b43 Initial load duke parents: diff changeset	633	throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	634	super(ExtensionType.EXT_EC_POINT_FORMATS);
90ce3da70b43 Initial load duke parents: diff changeset	635	formats = s.getBytes8();
90ce3da70b43 Initial load duke parents: diff changeset	636	// RFC 4492 says uncompressed points must always be supported.
90ce3da70b43 Initial load duke parents: diff changeset	637	// Check just to make sure.
90ce3da70b43 Initial load duke parents: diff changeset	638	boolean uncompressed = false;
90ce3da70b43 Initial load duke parents: diff changeset	639	for (int format : formats) {
90ce3da70b43 Initial load duke parents: diff changeset	640	if (format == FMT_UNCOMPRESSED) {
90ce3da70b43 Initial load duke parents: diff changeset	641	uncompressed = true;
90ce3da70b43 Initial load duke parents: diff changeset	642	break;
90ce3da70b43 Initial load duke parents: diff changeset	643	}
90ce3da70b43 Initial load duke parents: diff changeset	644	}
90ce3da70b43 Initial load duke parents: diff changeset	645	if (uncompressed == false) {
90ce3da70b43 Initial load duke parents: diff changeset	646	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	647	("Peer does not support uncompressed points");
90ce3da70b43 Initial load duke parents: diff changeset	648	}
90ce3da70b43 Initial load duke parents: diff changeset	649	}
90ce3da70b43 Initial load duke parents: diff changeset	650
90ce3da70b43 Initial load duke parents: diff changeset	651	int length() {
90ce3da70b43 Initial load duke parents: diff changeset	652	return 5 + formats.length;
90ce3da70b43 Initial load duke parents: diff changeset	653	}
90ce3da70b43 Initial load duke parents: diff changeset	654
90ce3da70b43 Initial load duke parents: diff changeset	655	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	656	s.putInt16(type.id);
90ce3da70b43 Initial load duke parents: diff changeset	657	s.putInt16(formats.length + 1);
90ce3da70b43 Initial load duke parents: diff changeset	658	s.putBytes8(formats);
90ce3da70b43 Initial load duke parents: diff changeset	659	}
90ce3da70b43 Initial load duke parents: diff changeset	660
90ce3da70b43 Initial load duke parents: diff changeset	661	private static String toString(byte format) {
90ce3da70b43 Initial load duke parents: diff changeset	662	int f = format & 0xff;
90ce3da70b43 Initial load duke parents: diff changeset	663	switch (f) {
90ce3da70b43 Initial load duke parents: diff changeset	664	case FMT_UNCOMPRESSED:
90ce3da70b43 Initial load duke parents: diff changeset	665	return "uncompressed";
90ce3da70b43 Initial load duke parents: diff changeset	666	case FMT_ANSIX962_COMPRESSED_PRIME:
90ce3da70b43 Initial load duke parents: diff changeset	667	return "ansiX962_compressed_prime";
90ce3da70b43 Initial load duke parents: diff changeset	668	case FMT_ANSIX962_COMPRESSED_CHAR2:
90ce3da70b43 Initial load duke parents: diff changeset	669	return "ansiX962_compressed_char2";
90ce3da70b43 Initial load duke parents: diff changeset	670	default:
90ce3da70b43 Initial load duke parents: diff changeset	671	return "unknown-" + f;
90ce3da70b43 Initial load duke parents: diff changeset	672	}
90ce3da70b43 Initial load duke parents: diff changeset	673	}
90ce3da70b43 Initial load duke parents: diff changeset	674
90ce3da70b43 Initial load duke parents: diff changeset	675	public String toString() {
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	676	List<String> list = new ArrayList<>();
2 90ce3da70b43 Initial load duke parents: diff changeset	677	for (byte format : formats) {
90ce3da70b43 Initial load duke parents: diff changeset	678	list.add(toString(format));
90ce3da70b43 Initial load duke parents: diff changeset	679	}
90ce3da70b43 Initial load duke parents: diff changeset	680	return "Extension " + type + ", formats: " + list;
90ce3da70b43 Initial load duke parents: diff changeset	681	}
90ce3da70b43 Initial load duke parents: diff changeset	682	}
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	683
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	684	/*
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	685	* For secure renegotiation, RFC5746 defines a new TLS extension,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	686	* "renegotiation_info" (with extension type 0xff01), which contains a
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	687	* cryptographic binding to the enclosing TLS connection (if any) for
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	688	* which the renegotiation is being performed. The "extension data"
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	689	* field of this extension contains a "RenegotiationInfo" structure:
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	690	*
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	691	* struct {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	692	* opaque renegotiated_connection<0..255>;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	693	* } RenegotiationInfo;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	694	*/
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	695	final class RenegotiationInfoExtension extends HelloExtension {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	696	private final byte[] renegotiated_connection;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	697
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	698	RenegotiationInfoExtension(byte[] clientVerifyData,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	699	byte[] serverVerifyData) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	700	super(ExtensionType.EXT_RENEGOTIATION_INFO);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	701
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	702	if (clientVerifyData.length != 0) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	703	renegotiated_connection =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	704	new byte[clientVerifyData.length + serverVerifyData.length];
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	705	System.arraycopy(clientVerifyData, 0, renegotiated_connection,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	706	0, clientVerifyData.length);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	707
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	708	if (serverVerifyData.length != 0) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	709	System.arraycopy(serverVerifyData, 0, renegotiated_connection,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	710	clientVerifyData.length, serverVerifyData.length);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	711	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	712	} else {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	713	// ignore both the client and server verify data.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	714	renegotiated_connection = new byte[0];
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	715	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	716	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	717
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	718	RenegotiationInfoExtension(HandshakeInStream s, int len)
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	719	throws IOException {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	720	super(ExtensionType.EXT_RENEGOTIATION_INFO);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	721
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	722	// check the extension length
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	723	if (len < 1) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	724	throw new SSLProtocolException("Invalid " + type + " extension");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	725	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	726
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	727	int renegoInfoDataLen = s.getInt8();
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	728	if (renegoInfoDataLen + 1 != len) { // + 1 = the byte we just read
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	729	throw new SSLProtocolException("Invalid " + type + " extension");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	730	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	731
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	732	renegotiated_connection = new byte[renegoInfoDataLen];
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	733	if (renegoInfoDataLen != 0) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	734	s.read(renegotiated_connection, 0, renegoInfoDataLen);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	735	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	736	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	737
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	738
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	739	// Length of the encoded extension, including the type and length fields
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	740	int length() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	741	return 5 + renegotiated_connection.length;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	742	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	743
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	744	void send(HandshakeOutStream s) throws IOException {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	745	s.putInt16(type.id);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	746	s.putInt16(renegotiated_connection.length + 1);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	747	s.putBytes8(renegotiated_connection);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	748	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	749
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	750	boolean isEmpty() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	751	return renegotiated_connection.length == 0;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	752	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	753
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	754	byte[] getRenegotiatedConnection() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	755	return renegotiated_connection;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	756	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	757
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	758	public String toString() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	759	return "Extension " + type + ", renegotiated_connection: " +
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	760	(renegotiated_connection.length == 0 ? "<empty>" :
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	761	Debug.toString(renegotiated_connection));
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	762	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	763
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	764	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	765
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	766	/*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	767	* [RFC5246] The client uses the "signature_algorithms" extension to
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	768	* indicate to the server which signature/hash algorithm pairs may be
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	769	* used in digital signatures. The "extension_data" field of this
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	770	* extension contains a "supported_signature_algorithms" value.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	771	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	772	* enum {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	773	* none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	774	* sha512(6), (255)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	775	* } HashAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	776	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	777	* enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	778	* SignatureAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	779	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	780	* struct {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	781	* HashAlgorithm hash;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	782	* SignatureAlgorithm signature;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	783	* } SignatureAndHashAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	784	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	785	* SignatureAndHashAlgorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	786	* supported_signature_algorithms<2..2^16-2>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	787	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	788	final class SignatureAlgorithmsExtension extends HelloExtension {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	789
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	790	private Collection<SignatureAndHashAlgorithm> algorithms;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	791	private int algorithmsLen; // length of supported_signature_algorithms
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	792
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	793	SignatureAlgorithmsExtension(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	794	Collection<SignatureAndHashAlgorithm> signAlgs) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	795
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	796	super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	797
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	798	algorithms = new ArrayList<SignatureAndHashAlgorithm>(signAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	799	algorithmsLen =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	800	SignatureAndHashAlgorithm.sizeInRecord() * algorithms.size();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	801	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	802
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	803	SignatureAlgorithmsExtension(HandshakeInStream s, int len)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	804	throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	805	super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	806
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	807	algorithmsLen = s.getInt16();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	808	if (algorithmsLen == 0 \|\| algorithmsLen + 2 != len) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	809	throw new SSLProtocolException("Invalid " + type + " extension");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	810	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	811
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	812	algorithms = new ArrayList<SignatureAndHashAlgorithm>();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	813	int remains = algorithmsLen;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	814	int sequence = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	815	while (remains > 1) { // needs at least two bytes
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	816	int hash = s.getInt8(); // hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	817	int signature = s.getInt8(); // signature algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	818
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	819	SignatureAndHashAlgorithm algorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	820	SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	821	algorithms.add(algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	822	remains -= 2; // one byte for hash, one byte for signature
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	823	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	824
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	825	if (remains != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	826	throw new SSLProtocolException("Invalid server_name extension");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	827	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	828	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	829
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	830	Collection<SignatureAndHashAlgorithm> getSignAlgorithms() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	831	return algorithms;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	832	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	833
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	834	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	835	int length() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	836	return 6 + algorithmsLen;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	837	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	838
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	839	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	840	void send(HandshakeOutStream s) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	841	s.putInt16(type.id);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	842	s.putInt16(algorithmsLen + 2);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	843	s.putInt16(algorithmsLen);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	844
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	845	for (SignatureAndHashAlgorithm algorithm : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	846	s.putInt8(algorithm.getHashValue()); // HashAlgorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	847	s.putInt8(algorithm.getSignatureValue()); // SignatureAlgorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	848	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	849	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	850
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	851	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	852	public String toString() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	853	StringBuffer buffer = new StringBuffer();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	854	boolean opened = false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	855	for (SignatureAndHashAlgorithm signAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	856	if (opened) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	857	buffer.append(", " + signAlg.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	858	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	859	buffer.append(signAlg.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	860	opened = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	861	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	862	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	863
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	864	return "Extension " + type + ", signature_algorithms: " + buffer;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	865	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 6856 diff changeset	866	}

author	ohair
	Wed, 06 Apr 2011 22:06:11 -0700
changeset 9035	1255eb81cc2f
parent 7990	57019dc81b66
child 14194	971f46db533d
permissions	-rw-r--r--