/*

 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

package sun.security.ssl;

import java.io.IOException;

import java.nio.ByteBuffer;

import java.text.MessageFormat;

import java.util.Locale;

import javax.net.ssl.SSLProtocolException;

import static sun.security.ssl.SSLExtension.CH_SUPPORTED_VERSIONS;

import sun.security.ssl.SSLExtension.ExtensionConsumer;

import static sun.security.ssl.SSLExtension.HRR_SUPPORTED_VERSIONS;

import static sun.security.ssl.SSLExtension.SH_SUPPORTED_VERSIONS;

import sun.security.ssl.SSLExtension.SSLExtensionSpec;

import sun.security.ssl.SSLHandshake.HandshakeMessage;

/**

 * Pack of the "supported_versions" extensions.

 */

final class SupportedVersionsExtension {

    static final HandshakeProducer chNetworkProducer =

            new CHSupportedVersionsProducer();

    static final ExtensionConsumer chOnLoadConsumer =

            new CHSupportedVersionsConsumer();

    static final HandshakeProducer shNetworkProducer =

            new SHSupportedVersionsProducer();

    static final ExtensionConsumer shOnLoadConsumer =

            new SHSupportedVersionsConsumer();

    static final HandshakeProducer hrrNetworkProducer =

            new HRRSupportedVersionsProducer();

    static final ExtensionConsumer hrrOnLoadConsumer =

            new HRRSupportedVersionsConsumer();

    static final HandshakeProducer hrrReproducer =

            new HRRSupportedVersionsReproducer();

    /**

     * The "supported_versions" extension in ClientHello.

     */

    static final class CHSupportedVersionsSpec implements SSLExtensionSpec {

        final int[] requestedProtocols;

        private CHSupportedVersionsSpec(int[] requestedProtocols) {

            this.requestedProtocols = requestedProtocols;

        }

        private CHSupportedVersionsSpec(ByteBuffer m) throws IOException  {

            if (m.remaining() < 3) {        //  1: the length of the list

                                            // +2: one version at least

                throw new SSLProtocolException(

                    "Invalid supported_versions extension: insufficient data");

            }

            byte[] vbs = Record.getBytes8(m);   // Get the version bytes.

            if (m.hasRemaining()) {

                throw new SSLProtocolException(

                    "Invalid supported_versions extension: unknown extra data");

            }

            if (vbs == null || vbs.length == 0 || (vbs.length & 0x01) != 0) {

                throw new SSLProtocolException(

                    "Invalid supported_versions extension: incomplete data");

            }

            int[] protocols = new int[vbs.length >> 1];

            for (int i = 0, j = 0; i < vbs.length;) {

                byte major = vbs[i++];

                byte minor = vbs[i++];

                protocols[j++] = ((major & 0xFF) << 8) | (minor & 0xFF);

            }

            this.requestedProtocols = protocols;

        }

        @Override

        public String toString() {

            MessageFormat messageFormat = new MessageFormat(

                "\"versions\": '['{0}']'", Locale.ENGLISH);

            if (requestedProtocols == null || requestedProtocols.length == 0) {

                Object[] messageFields = {

                        "<no supported version specified>"

                    };

                return messageFormat.format(messageFields);

            } else {

                StringBuilder builder = new StringBuilder(512);

                boolean isFirst = true;

                for (int pv : requestedProtocols) {

                    if (isFirst) {

                        isFirst = false;

                    } else {

                        builder.append(", ");

                    }

                    builder.append(ProtocolVersion.nameOf(pv));

                }

                Object[] messageFields = {

                        builder.toString()

                    };

                return messageFormat.format(messageFields);

            }

        }

    }

    private static final

        @Override

        public String toString(ByteBuffer buffer) {

            try {

                return (new CHSupportedVersionsSpec(buffer)).toString();

            } catch (IOException ioe) {

                // For debug logging only, so please swallow exceptions.

                return ioe.getMessage();

            }

        }

    }

    /**

     * Network data producer of a "supported_versions" extension in ClientHello.

     */

    private static final

            class CHSupportedVersionsProducer implements HandshakeProducer {

        // Prevent instantiation of this class.

        private CHSupportedVersionsProducer() {

            // blank

        }

        @Override

        public byte[] produce(ConnectionContext context,

                HandshakeMessage message) throws IOException {

            // The producing happens in client side only.

            ClientHandshakeContext chc = (ClientHandshakeContext)context;

            // Is it a supported and enabled extension?

            if (!chc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) {

                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

                    SSLLogger.fine(

                        "Ignore unavailable extension: " +

                        CH_SUPPORTED_VERSIONS.name);

                }

                return null;

            }

            // Produce the extension.

            //

            // The activated protocols are used as the supported versions.

            int[] protocols = new int[chc.activeProtocols.size()];

            int verLen = protocols.length * 2;

            byte[] extData = new byte[verLen + 1];      // 1: versions length

            extData[0] = (byte)(verLen & 0xFF);

            int i = 0, j = 1;

            for (ProtocolVersion pv : chc.activeProtocols) {

                protocols[i++] = pv.id;

                extData[j++] = pv.major;

                extData[j++] = pv.minor;

            }

            // Update the context.

            chc.handshakeExtensions.put(CH_SUPPORTED_VERSIONS,

                    new CHSupportedVersionsSpec(protocols));

            return extData;

        }

    }

    /**

     * Network data consumer of a "supported_versions" extension in ClientHello.

     */

    private static final

            class CHSupportedVersionsConsumer implements ExtensionConsumer {

        // Prevent instantiation of this class.

        private CHSupportedVersionsConsumer() {

            // blank

        }

        @Override

        public void consume(ConnectionContext context,

            HandshakeMessage message, ByteBuffer buffer) throws IOException {

            // The consuming happens in server side only.

            ServerHandshakeContext shc = (ServerHandshakeContext)context;

            // Is it a supported and enabled extension?

            if (!shc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) {

                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

                    SSLLogger.fine(

                        "Ignore unavailable extension: " +

                        CH_SUPPORTED_VERSIONS.name);

                }

                return;     // ignore the extension

            }

            // Parse the extension.

            CHSupportedVersionsSpec spec;

            try {

                spec = new CHSupportedVersionsSpec(buffer);

            } catch (IOException ioe) {

                shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);

                return;     // fatal() always throws, make the compiler happy.

            }

            // Update the context.

            shc.handshakeExtensions.put(CH_SUPPORTED_VERSIONS, spec);

            // No impact on session resumption.

            //

            // Note that the protocol version negotiation happens before the

            // session resumption negotiation.  And the session resumption

            // negotiation depends on the negotiated protocol version.

        }

    }

    /**

     * The "supported_versions" extension in ServerHello and HelloRetryRequest.

     */

    static final class SHSupportedVersionsSpec implements SSLExtensionSpec {

        final int selectedVersion;

        private SHSupportedVersionsSpec(ProtocolVersion selectedVersion) {

            this.selectedVersion = selectedVersion.id;

        }

        private SHSupportedVersionsSpec(ByteBuffer m) throws IOException  {

            if (m.remaining() != 2) {       // 2: the selected version

                throw new SSLProtocolException(

                    "Invalid supported_versions: insufficient data");

            }

            byte major = m.get();

            byte minor = m.get();

            this.selectedVersion = ((major & 0xFF) << 8) | (minor & 0xFF);

        }

        @Override

        public String toString() {

            MessageFormat messageFormat = new MessageFormat(

                "\"selected version\": '['{0}']'", Locale.ENGLISH);

            Object[] messageFields = {

                    ProtocolVersion.nameOf(selectedVersion)

                };

            return messageFormat.format(messageFields);

        }

    }

    private static final

        @Override

        public String toString(ByteBuffer buffer) {

            try {

                return (new SHSupportedVersionsSpec(buffer)).toString();

            } catch (IOException ioe) {

                // For debug logging only, so please swallow exceptions.

                return ioe.getMessage();

            }

        }

    }

    /**

     * Network data producer of a "supported_versions" extension in ServerHello.

     */

    private static final

            class SHSupportedVersionsProducer implements HandshakeProducer {

        // Prevent instantiation of this class.

        private SHSupportedVersionsProducer() {

            // blank

        }

        @Override

        public byte[] produce(ConnectionContext context,

                HandshakeMessage message) throws IOException {

            // The producing happens in server side only.

            ServerHandshakeContext shc = (ServerHandshakeContext)context;

            // In response to supported_versions request only

            CHSupportedVersionsSpec svs = (CHSupportedVersionsSpec)

                    shc.handshakeExtensions.get(CH_SUPPORTED_VERSIONS);

            if (svs == null) {

                // Unlikely, no key_share extension requested.

                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

                    SSLLogger.warning(

                            "Ignore unavailable supported_versions extension");

                }

                return null;

            }

            // Is it a supported and enabled extension?

            if (!shc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) {

                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

                    SSLLogger.fine(

                        "Ignore unavailable extension: " +

                        SH_SUPPORTED_VERSIONS.name);

                }

                return null;

            }

            // Produce the extension.

            byte[] extData = new byte[2];

            extData[0] = shc.negotiatedProtocol.major;

            extData[1] = shc.negotiatedProtocol.minor;

            // Update the context.

            shc.handshakeExtensions.put(SH_SUPPORTED_VERSIONS,

                    new SHSupportedVersionsSpec(shc.negotiatedProtocol));

            return extData;

        }

    }

    /**

     * Network data consumer of a "supported_versions" extension in ServerHello.

     */

    private static final

            class SHSupportedVersionsConsumer implements ExtensionConsumer {

        // Prevent instantiation of this class.

        private SHSupportedVersionsConsumer() {

            // blank

        }

        @Override

        public void consume(ConnectionContext context,

            HandshakeMessage message, ByteBuffer buffer) throws IOException {

            // The consuming happens in client side only.

            ClientHandshakeContext chc = (ClientHandshakeContext)context;

            // Is it a supported and enabled extension?

            if (!chc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) {

                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

                    SSLLogger.fine(

                        "Ignore unavailable extension: " +

                        SH_SUPPORTED_VERSIONS.name);

                }

                return;     // ignore the extension

            }

            // Parse the extension.

            SHSupportedVersionsSpec spec;

            try {

                spec = new SHSupportedVersionsSpec(buffer);

            } catch (IOException ioe) {

                chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);

                return;     // fatal() always throws, make the compiler happy.

            }

            // Update the context.

            chc.handshakeExtensions.put(SH_SUPPORTED_VERSIONS, spec);

            // No impact on session resumption.

            //

            // Note that the protocol version negotiation happens before the

            // session resumption negotiation.  And the session resumption

            // negotiation depends on the negotiated protocol version.

        }

    }

    /**

     * Network data producer of a "supported_versions" extension in

     * HelloRetryRequest.

     */

    private static final

            class HRRSupportedVersionsProducer implements HandshakeProducer {

        // Prevent instantiation of this class.

        private HRRSupportedVersionsProducer() {

            // blank

        }

        @Override

        public byte[] produce(ConnectionContext context,

                HandshakeMessage message) throws IOException {

            // The producing happens in server side only.

            ServerHandshakeContext shc = (ServerHandshakeContext)context;

            // Is it a supported and enabled extension?

            if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {

                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

                    SSLLogger.fine(

                        "Ignore unavailable extension: " +

                        HRR_SUPPORTED_VERSIONS.name);

                }

                return null;

            }

            // Produce the extension.

            byte[] extData = new byte[2];

            extData[0] = shc.negotiatedProtocol.major;

            extData[1] = shc.negotiatedProtocol.minor;

            // Update the context.

            shc.handshakeExtensions.put(HRR_SUPPORTED_VERSIONS,

                    new SHSupportedVersionsSpec(shc.negotiatedProtocol));

            return extData;

        }

    }

    /**

     * Network data consumer of a "supported_versions" extension in

     * HelloRetryRequest.

     */

    private static final

            class HRRSupportedVersionsConsumer implements ExtensionConsumer {

        // Prevent instantiation of this class.

        private HRRSupportedVersionsConsumer() {

            // blank

        }

        @Override

        public void consume(ConnectionContext context,

            HandshakeMessage message, ByteBuffer buffer) throws IOException {

            // The consuming happens in client side only.

            ClientHandshakeContext chc = (ClientHandshakeContext)context;

            // Is it a supported and enabled extension?

            if (!chc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {

                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

                    SSLLogger.fine(

                        "Ignore unavailable extension: " +

                        HRR_SUPPORTED_VERSIONS.name);

                }

                return;     // ignore the extension

            }

            // Parse the extension.

            SHSupportedVersionsSpec spec;

            try {

                spec = new SHSupportedVersionsSpec(buffer);

            } catch (IOException ioe) {

                chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);

                return;     // fatal() always throws, make the compiler happy.

            }

            // Update the context.

            chc.handshakeExtensions.put(HRR_SUPPORTED_VERSIONS, spec);

            // No impact on session resumption.

            //

            // Note that the protocol version negotiation happens before the

            // session resumption negotiation.  And the session resumption

            // negotiation depends on the negotiated protocol version.

        }

    }

    /**

     * Network data producer of a "supported_versions" extension for stateless

     * HelloRetryRequest reconstruction.

     */

    private static final

            class HRRSupportedVersionsReproducer implements HandshakeProducer {

        // Prevent instantiation of this class.

        private HRRSupportedVersionsReproducer() {

            // blank

        }

        @Override

        public byte[] produce(ConnectionContext context,

                HandshakeMessage message) throws IOException {

            // The producing happens in server side only.

            ServerHandshakeContext shc = (ServerHandshakeContext)context;

            // Is it a supported and enabled extension?

            if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {

                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

                    SSLLogger.fine(

                        "[Reprocude] Ignore unavailable extension: " +

                        HRR_SUPPORTED_VERSIONS.name);

                }

                return null;

            }

            // Produce the extension.

            byte[] extData = new byte[2];

            extData[0] = shc.negotiatedProtocol.major;

            extData[1] = shc.negotiatedProtocol.minor;

            return extData;

        }

    }

}