jdk-sandbox: src/java.base/share/classes/sun/security/ssl/HandshakeContext.java@25002c4f0145 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
53852 25002c4f0145 8219389: Delegated task created by SSLEngine throws BufferUnderflowException xuelei parents: 53064 diff changeset	2	* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	28	import java.io.IOException;
53852 25002c4f0145 8219389: Delegated task created by SSLEngine throws BufferUnderflowException xuelei parents: 53064 diff changeset	29	import java.nio.BufferOverflowException;
25002c4f0145 8219389: Delegated task created by SSLEngine throws BufferUnderflowException xuelei parents: 53064 diff changeset	30	import java.nio.BufferUnderflowException;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	31	import java.nio.ByteBuffer;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	32	import java.security.AlgorithmConstraints;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	33	import java.security.CryptoPrimitive;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	34	import java.util.AbstractMap.SimpleImmutableEntry;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	35	import java.util.ArrayList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	36	import java.util.Collections;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	37	import java.util.EnumMap;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	38	import java.util.EnumSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	39	import java.util.HashMap;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	40	import java.util.LinkedHashMap;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	41	import java.util.LinkedList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	42	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	43	import java.util.Map;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	44	import java.util.Queue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	45	import javax.crypto.SecretKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	46	import javax.net.ssl.SNIServerName;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	47	import javax.net.ssl.SSLHandshakeException;
52153 3b17277860e7 8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 jnimeh parents: 51407 diff changeset	48	import javax.security.auth.x500.X500Principal;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	49	import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	50	import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	51	import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	52	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
2 90ce3da70b43 Initial load duke parents: diff changeset	53
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	54	abstract class HandshakeContext implements ConnectionContext {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	55	// System properties
2 90ce3da70b43 Initial load duke parents: diff changeset	56
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	57	// By default, disable the unsafe legacy session renegotiation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	58	static final boolean allowUnsafeRenegotiation =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	59	Utilities.getBooleanProperty(
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 715 diff changeset	60	"sun.security.ssl.allowUnsafeRenegotiation", false);
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 715 diff changeset	61
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	62	// For maximum interoperability and backward compatibility, RFC 5746
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	63	// allows server (or client) to accept ClientHello (or ServerHello)
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	64	// message without the secure renegotiation_info extension or SCSV.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	65	//
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	66	// For maximum security, RFC 5746 also allows server (or client) to
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	67	// reject such message with a fatal "handshake_failure" alert.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	68	//
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	69	// By default, allow such legacy hello messages.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	70	static final boolean allowLegacyHelloMessages =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	71	Utilities.getBooleanProperty(
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	72	"sun.security.ssl.allowLegacyHelloMessages", true);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	73
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	74	// registered handshake message actors
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	75	LinkedHashMap<Byte, SSLConsumer> handshakeConsumers;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	76	final HashMap<Byte, HandshakeProducer> handshakeProducers;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	77
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	78	// context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	79	final SSLContextImpl sslContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	80	final TransportContext conContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	81	final SSLConfiguration sslConfig;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	82
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	83	// consolidated parameters
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	84	final List<ProtocolVersion> activeProtocols;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	85	final List<CipherSuite> activeCipherSuites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	86	final AlgorithmConstraints algorithmConstraints;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	87	final ProtocolVersion maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	88
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	89	// output stream
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	90	final HandshakeOutStream handshakeOutput;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	91
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	92	// handshake transcript hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	93	final HandshakeHash handshakeHash;
18283 f842a42076b9 7188658: Add possibility to disable client initiated renegotiation xuelei parents: 16913 diff changeset	94
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	95	// negotiated security parameters
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	96	SSLSessionImpl handshakeSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	97	boolean handshakeFinished;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	98	// boolean isInvalidated;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	99
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	100	boolean kickstartMessageDelivered;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	101
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	102	// Resumption
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	103	boolean isResumption;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	104	SSLSessionImpl resumingSession;
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	105
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	106	final Queue<Map.Entry<Byte, ByteBuffer>> delegatedActions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	107	volatile boolean taskDelegated = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	108	volatile Exception delegatedThrown = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	109
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	110	ProtocolVersion negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	111	CipherSuite negotiatedCipherSuite;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	112	final List<SSLPossession> handshakePossessions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	113	final List<SSLCredentials> handshakeCredentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	114	SSLKeyDerivation handshakeKeyDerivation;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	115	SSLKeyExchange handshakeKeyExchange;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	116	SecretKey baseReadSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	117	SecretKey baseWriteSecret;
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	118
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	119	// protocol version being established
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	120	int clientHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	121	String applicationProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	122
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	123	RandomCookie clientHelloRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	124	RandomCookie serverHelloRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	125	byte[] certRequestContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	126
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	127	////////////////////
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	128	// Extensions
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	129
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	130	// the extensions used in the handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	131	final Map<SSLExtension, SSLExtension.SSLExtensionSpec>
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	132	handshakeExtensions;
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	133
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	134	// MaxFragmentLength
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	135	int maxFragmentLength;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	136
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	137	// SignatureScheme
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	138	List<SignatureScheme> localSupportedSignAlgs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	139	List<SignatureScheme> peerRequestedSignatureSchemes;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	140	List<SignatureScheme> peerRequestedCertSignSchemes;
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 715 diff changeset	141
52153 3b17277860e7 8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 jnimeh parents: 51407 diff changeset	142	// Known authorities
3b17277860e7 8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 jnimeh parents: 51407 diff changeset	143	X500Principal[] peerSupportedAuthorities = null;
3b17277860e7 8210989: RSASSA-PSS certificate cannot be selected for client auth on TLSv1.2 jnimeh parents: 51407 diff changeset	144
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	145	// SupportedGroups
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	146	List<NamedGroup> clientRequestedNamedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	147
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	148	// HelloRetryRequest
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	149	NamedGroup serverSelectedNamedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	150
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	151	// if server name indicator is negotiated
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	152	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	153	// May need a public API for the indication in the future.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	154	List<SNIServerName> requestedServerNames;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	155	SNIServerName negotiatedServerName;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	156
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	157	// OCSP Stapling info
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	158	boolean staplingActive = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	159
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	160	protected HandshakeContext(SSLContextImpl sslContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	161	TransportContext conContext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	162	this.sslContext = sslContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	163	this.conContext = conContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	164	this.sslConfig = (SSLConfiguration)conContext.sslConfig.clone();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	165
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	166	this.activeProtocols = getActiveProtocols(sslConfig.enabledProtocols,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	167	sslConfig.enabledCipherSuites, sslConfig.algorithmConstraints);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	168	if (activeProtocols.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	169	throw new SSLHandshakeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	170	"No appropriate protocol (protocol is disabled or " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	171	"cipher suites are inappropriate)");
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	172	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	173
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	174	ProtocolVersion maximumVersion = ProtocolVersion.NONE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	175	for (ProtocolVersion pv : this.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	176	if (maximumVersion == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	177	pv.compare(maximumVersion) > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	178	maximumVersion = pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	179	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	180	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	181	this.maximumActiveProtocol = maximumVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	182	this.activeCipherSuites = getActiveCipherSuites(this.activeProtocols,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	183	sslConfig.enabledCipherSuites, sslConfig.algorithmConstraints);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	184	if (activeCipherSuites.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	185	throw new SSLHandshakeException("No appropriate cipher suite");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	186	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	187	this.algorithmConstraints =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	188	new SSLAlgorithmConstraints(sslConfig.algorithmConstraints);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	189
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	190	this.handshakeConsumers = new LinkedHashMap<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	191	this.handshakeProducers = new HashMap<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	192	this.handshakeHash = conContext.inputRecord.handshakeHash;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	193	this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	194
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	195	this.handshakeFinished = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	196	this.kickstartMessageDelivered = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	197
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	198	this.delegatedActions = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	199	this.handshakeExtensions = new HashMap<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	200	this.handshakePossessions = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	201	this.handshakeCredentials = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	202	this.requestedServerNames = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	203	this.negotiatedServerName = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	204	this.negotiatedCipherSuite = conContext.cipherSuite;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	205	initialize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	206	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	207
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	208	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	209	* Constructor for PostHandshakeContext
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	210	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	211	HandshakeContext(TransportContext conContext) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	212	this.sslContext = conContext.sslContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	213	this.conContext = conContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	214	this.sslConfig = conContext.sslConfig;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	215
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	216	this.negotiatedProtocol = conContext.protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	217	this.negotiatedCipherSuite = conContext.cipherSuite;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	218	this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	219	this.delegatedActions = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	220
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	221	this.handshakeProducers = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	222	this.handshakeHash = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	223	this.activeProtocols = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	224	this.activeCipherSuites = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	225	this.algorithmConstraints = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	226	this.maximumActiveProtocol = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	227	this.handshakeExtensions = Collections.emptyMap(); // Not in TLS13
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	228	this.handshakePossessions = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	229	this.handshakeCredentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	230	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	231
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	232	// Initialize the non-final class variables.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	233	private void initialize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	234	ProtocolVersion inputHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	235	ProtocolVersion outputHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	236	if (conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	237	inputHelloVersion = conContext.protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	238	outputHelloVersion = conContext.protocolVersion;
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	239	} else {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	240	if (activeProtocols.contains(ProtocolVersion.SSL20Hello)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	241	inputHelloVersion = ProtocolVersion.SSL20Hello;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	242
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	243	// Per TLS 1.3 protocol, implementation MUST NOT send an SSL
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	244	// version 2.0 compatible CLIENT-HELLO.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	245	if (maximumActiveProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	246	outputHelloVersion = maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	247	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	248	outputHelloVersion = ProtocolVersion.SSL20Hello;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	249	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	250	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	251	inputHelloVersion = maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	252	outputHelloVersion = maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	253	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	254	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	255
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	256	conContext.inputRecord.setHelloVersion(inputHelloVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	257	conContext.outputRecord.setHelloVersion(outputHelloVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	258
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	259	if (!conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	260	conContext.protocolVersion = maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	261	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	262	conContext.outputRecord.setVersion(conContext.protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	263	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	264
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	265	private static List<ProtocolVersion> getActiveProtocols(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	266	List<ProtocolVersion> enabledProtocols,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	267	List<CipherSuite> enabledCipherSuites,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	268	AlgorithmConstraints algorithmConstraints) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	269	boolean enabledSSL20Hello = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	270	ArrayList<ProtocolVersion> protocols = new ArrayList<>(4);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	271	for (ProtocolVersion protocol : enabledProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	272	if (!enabledSSL20Hello && protocol == ProtocolVersion.SSL20Hello) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	273	enabledSSL20Hello = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	274	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	275	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	276
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	277	if (!algorithmConstraints.permits(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	278	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	279	protocol.name, null)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	280	// Ignore disabled protocol.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	281	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	282	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	283
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	284	boolean found = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	285	Map<NamedGroupType, Boolean> cachedStatus =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	286	new EnumMap<>(NamedGroupType.class);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	287	for (CipherSuite suite : enabledCipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	288	if (suite.isAvailable() && suite.supports(protocol)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	289	if (isActivatable(suite,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	290	algorithmConstraints, cachedStatus)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	291	protocols.add(protocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	292	found = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	293	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	294	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	295	} else if (SSLLogger.isOn && SSLLogger.isOn("verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	296	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	297	"Ignore unsupported cipher suite: " + suite +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	298	" for " + protocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	299	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	300	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	301
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	302	if (!found && (SSLLogger.isOn) && SSLLogger.isOn("handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	303	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	304	"No available cipher suite for " + protocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	305	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	306	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	307
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	308	if (!protocols.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	309	if (enabledSSL20Hello) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	310	protocols.add(ProtocolVersion.SSL20Hello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	311	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	312	Collections.sort(protocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	313	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	314
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	315	return Collections.unmodifiableList(protocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	316	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	317
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	318	private static List<CipherSuite> getActiveCipherSuites(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	319	List<ProtocolVersion> enabledProtocols,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	320	List<CipherSuite> enabledCipherSuites,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	321	AlgorithmConstraints algorithmConstraints) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	322
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	323	List<CipherSuite> suites = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	324	if (enabledProtocols != null && !enabledProtocols.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	325	Map<NamedGroupType, Boolean> cachedStatus =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	326	new EnumMap<>(NamedGroupType.class);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	327	for (CipherSuite suite : enabledCipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	328	if (!suite.isAvailable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	329	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	330	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	331
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	332	boolean isSupported = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	333	for (ProtocolVersion protocol : enabledProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	334	if (!suite.supports(protocol)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	335	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	336	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	337	if (isActivatable(suite,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	338	algorithmConstraints, cachedStatus)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	339	suites.add(suite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	340	isSupported = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	341	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	342	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	343	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	344
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	345	if (!isSupported &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	346	SSLLogger.isOn && SSLLogger.isOn("verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	347	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	348	"Ignore unsupported cipher suite: " + suite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	349	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	350	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	351	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	352
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	353	return Collections.unmodifiableList(suites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	354	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	355
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	356	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	357	* Parse the handshake record and return the contentType
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	358	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	359	static byte getHandshakeType(TransportContext conContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	360	Plaintext plaintext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	361	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	362	// HandshakeType msg_type; /* handshake type */
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	363	// uint24 length; /* bytes in message */
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	364	// select (HandshakeType) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	365	// ...
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	366	// } body;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	367	// } Handshake;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	368
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	369	if (plaintext.contentType != ContentType.HANDSHAKE.id) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 52153 diff changeset	370	throw conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	371	"Unexpected operation for record: " + plaintext.contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	372	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	373
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	374	if (plaintext.fragment == null \|\| plaintext.fragment.remaining() < 4) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 52153 diff changeset	375	throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	376	"Invalid handshake message: insufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	377	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	378
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	379	byte handshakeType = (byte)Record.getInt8(plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	380	int handshakeLen = Record.getInt24(plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	381	if (handshakeLen != plaintext.fragment.remaining()) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 52153 diff changeset	382	throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	383	"Invalid handshake message: insufficient handshake body");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	384	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	385
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	386	return handshakeType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	387	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	388
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	389	void dispatch(byte handshakeType, Plaintext plaintext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	390	if (conContext.transport.useDelegatedTask()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	391	boolean hasDelegated = !delegatedActions.isEmpty();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	392	if (hasDelegated \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	393	(handshakeType != SSLHandshake.FINISHED.id &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	394	handshakeType != SSLHandshake.KEY_UPDATE.id &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	395	handshakeType != SSLHandshake.NEW_SESSION_TICKET.id)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	396	if (!hasDelegated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	397	taskDelegated = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	398	delegatedThrown = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	399	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	400
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	401	// Clone the fragment for delegated actions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	402	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	403	// The plaintext may share the application buffers. It is
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	404	// fine to use shared buffers if no delegated actions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	405	// However, for delegated actions, the shared buffers may be
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	406	// polluted in application layer before the delegated actions
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	407	// executed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	408	ByteBuffer fragment = ByteBuffer.wrap(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	409	new byte[plaintext.fragment.remaining()]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	410	fragment.put(plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	411	fragment = fragment.rewind();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	412
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	413	delegatedActions.add(new SimpleImmutableEntry<>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	414	handshakeType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	415	fragment
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	416	));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	417	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	418	dispatch(handshakeType, plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	419	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	420	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	421	dispatch(handshakeType, plaintext.fragment);
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	422	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	423	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	424
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	425	void dispatch(byte handshakeType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	426	ByteBuffer fragment) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	427	SSLConsumer consumer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	428	if (handshakeType == SSLHandshake.HELLO_REQUEST.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	429	// For TLS 1.2 and prior versions, the HelloRequest message MAY
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	430	// be sent by the server at any time.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	431	consumer = SSLHandshake.HELLO_REQUEST;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	432	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	433	consumer = handshakeConsumers.get(handshakeType);
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	434	}
2 90ce3da70b43 Initial load duke parents: diff changeset	435
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	436	if (consumer == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 52153 diff changeset	437	throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	438	"Unexpected handshake message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	439	SSLHandshake.nameOf(handshakeType));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	440	}
2 90ce3da70b43 Initial load duke parents: diff changeset	441
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	442	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	443	consumer.consume(this, fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	444	} catch (UnsupportedOperationException unsoe) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 52153 diff changeset	445	throw conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	446	"Unsupported handshake message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	447	SSLHandshake.nameOf(handshakeType), unsoe);
53852 25002c4f0145 8219389: Delegated task created by SSLEngine throws BufferUnderflowException xuelei parents: 53064 diff changeset	448	} catch (BufferUnderflowException \| BufferOverflowException be) {
25002c4f0145 8219389: Delegated task created by SSLEngine throws BufferUnderflowException xuelei parents: 53064 diff changeset	449	throw conContext.fatal(Alert.DECODE_ERROR,
25002c4f0145 8219389: Delegated task created by SSLEngine throws BufferUnderflowException xuelei parents: 53064 diff changeset	450	"Illegal handshake message: " +
25002c4f0145 8219389: Delegated task created by SSLEngine throws BufferUnderflowException xuelei parents: 53064 diff changeset	451	SSLHandshake.nameOf(handshakeType), be);
2 90ce3da70b43 Initial load duke parents: diff changeset	452	}
90ce3da70b43 Initial load duke parents: diff changeset	453
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	454	// update handshake hash after handshake message consumption.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	455	handshakeHash.consume();
2 90ce3da70b43 Initial load duke parents: diff changeset	456	}
90ce3da70b43 Initial load duke parents: diff changeset	457
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	458	abstract void kickstart() throws IOException;
2 90ce3da70b43 Initial load duke parents: diff changeset	459
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	460	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	461	* Check if the given cipher suite is enabled and available within
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	462	* the current active cipher suites.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	463	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	464	* Does not check if the required server certificates are available.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	465	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	466	boolean isNegotiable(CipherSuite cs) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	467	return isNegotiable(activeCipherSuites, cs);
2 90ce3da70b43 Initial load duke parents: diff changeset	468	}
90ce3da70b43 Initial load duke parents: diff changeset	469
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	470	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	471	* Check if the given cipher suite is enabled and available within
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	472	* the proposed cipher suite list.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	473	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	474	* Does not check if the required server certificates are available.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	475	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	476	static final boolean isNegotiable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	477	List<CipherSuite> proposed, CipherSuite cs) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	478	return proposed.contains(cs) && cs.isNegotiable();
2 90ce3da70b43 Initial load duke parents: diff changeset	479	}
90ce3da70b43 Initial load duke parents: diff changeset	480
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	481	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	482	* Check if the given cipher suite is enabled and available within
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	483	* the proposed cipher suite list and specific protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	484	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	485	* Does not check if the required server certificates are available.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	486	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	487	static final boolean isNegotiable(List<CipherSuite> proposed,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	488	ProtocolVersion protocolVersion, CipherSuite cs) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	489	return proposed.contains(cs) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	490	cs.isNegotiable() && cs.supports(protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	491	}
90ce3da70b43 Initial load duke parents: diff changeset	492
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	493	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	494	* Check if the given protocol version is enabled and available.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	495	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	496	boolean isNegotiable(ProtocolVersion protocolVersion) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	497	return activeProtocols.contains(protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	498	}
90ce3da70b43 Initial load duke parents: diff changeset	499
90ce3da70b43 Initial load duke parents: diff changeset	500	/**
90ce3da70b43 Initial load duke parents: diff changeset	501	* Set the active protocol version and propagate it to the SSLSocket
90ce3da70b43 Initial load duke parents: diff changeset	502	* and our handshake streams. Called from ClientHandshaker
90ce3da70b43 Initial load duke parents: diff changeset	503	* and ServerHandshaker with the negotiated protocol version.
90ce3da70b43 Initial load duke parents: diff changeset	504	*/
90ce3da70b43 Initial load duke parents: diff changeset	505	void setVersion(ProtocolVersion protocolVersion) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	506	this.conContext.protocolVersion = protocolVersion;
19823 f0fd09e20528 7188657: There should be a way to reorder the JSSE ciphers xuelei parents: 18554 diff changeset	507	}
f0fd09e20528 7188657: There should be a way to reorder the JSSE ciphers xuelei parents: 18554 diff changeset	508
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	509	private static boolean isActivatable(CipherSuite suite,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	510	AlgorithmConstraints algorithmConstraints,
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	511	Map<NamedGroupType, Boolean> cachedStatus) {
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	512
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	513	if (algorithmConstraints.permits(
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	514	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), suite.name, null)) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	515	if (suite.keyExchange == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	516	// TLS 1.3, no definition of key exchange in cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	517	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	518	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	519
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	520	boolean available;
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	521	NamedGroupType groupType = suite.keyExchange.groupType;
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	522	if (groupType != NAMED_GROUP_NONE) {
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	523	Boolean checkedStatus = cachedStatus.get(groupType);
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	524	if (checkedStatus == null) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	525	available = SupportedGroups.isActivatable(
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	526	algorithmConstraints, groupType);
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	527	cachedStatus.put(groupType, available);
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	528
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	529	if (!available &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	530	SSLLogger.isOn && SSLLogger.isOn("verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	531	SSLLogger.fine("No activated named group");
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	532	}
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	533	} else {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	534	available = checkedStatus;
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	535	}
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	536
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	537	if (!available && SSLLogger.isOn && SSLLogger.isOn("verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	538	SSLLogger.fine(
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	539	"No active named group, ignore " + suite);
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	540	}
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	541	return available;
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	542	} else {
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	543	return true;
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	544	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	545	} else if (SSLLogger.isOn && SSLLogger.isOn("verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	546	SSLLogger.fine("Ignore disabled cipher suite: " + suite);
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	547	}
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	548
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	549	return false;
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	550	}
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	551
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	552	List<SNIServerName> getRequestedServerNames() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	553	if (requestedServerNames == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	554	return Collections.<SNIServerName>emptyList();
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	555	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	556	return requestedServerNames;
2 90ce3da70b43 Initial load duke parents: diff changeset	557	}
90ce3da70b43 Initial load duke parents: diff changeset	558	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	559

author	xuelei
	Wed, 20 Feb 2019 10:20:48 -0800
changeset 53852	25002c4f0145
parent 53064	103ed9569fc8
child 55336	c2398053ee90
child 58678	9cf78a70fa4f
permissions	-rw-r--r--