jdk-sandbox: jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java@2b2609379881 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
28565 48712ca501c1 8044860: Vectors and fixed length fields should be verified for allowed sizes. jnimeh parents: 27957 diff changeset	2	* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.io.*;
90ce3da70b43 Initial load duke parents: diff changeset	29	import java.math.BigInteger;
90ce3da70b43 Initial load duke parents: diff changeset	30	import java.security.*;
90ce3da70b43 Initial load duke parents: diff changeset	31	import java.security.interfaces.*;
90ce3da70b43 Initial load duke parents: diff changeset	32	import java.security.spec.*;
90ce3da70b43 Initial load duke parents: diff changeset	33	import java.security.cert.*;
90ce3da70b43 Initial load duke parents: diff changeset	34	import java.security.cert.Certificate;
90ce3da70b43 Initial load duke parents: diff changeset	35	import java.util.*;
90ce3da70b43 Initial load duke parents: diff changeset	36	import java.util.concurrent.ConcurrentHashMap;
90ce3da70b43 Initial load duke parents: diff changeset	37
90ce3da70b43 Initial load duke parents: diff changeset	38	import java.lang.reflect.*;
90ce3da70b43 Initial load duke parents: diff changeset	39
90ce3da70b43 Initial load duke parents: diff changeset	40	import javax.security.auth.x500.X500Principal;
90ce3da70b43 Initial load duke parents: diff changeset	41
90ce3da70b43 Initial load duke parents: diff changeset	42	import javax.crypto.KeyGenerator;
90ce3da70b43 Initial load duke parents: diff changeset	43	import javax.crypto.SecretKey;
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	44	import javax.crypto.spec.DHPublicKeySpec;
2 90ce3da70b43 Initial load duke parents: diff changeset	45
90ce3da70b43 Initial load duke parents: diff changeset	46	import javax.net.ssl.*;
90ce3da70b43 Initial load duke parents: diff changeset	47
90ce3da70b43 Initial load duke parents: diff changeset	48	import sun.security.internal.spec.TlsPrfParameterSpec;
90ce3da70b43 Initial load duke parents: diff changeset	49	import sun.security.ssl.CipherSuite.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	50	import static sun.security.ssl.CipherSuite.PRF.*;
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	51	import sun.security.util.KeyUtil;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	52	import sun.security.provider.certpath.OCSPResponse;
2 90ce3da70b43 Initial load duke parents: diff changeset	53
90ce3da70b43 Initial load duke parents: diff changeset	54	/**
90ce3da70b43 Initial load duke parents: diff changeset	55	* Many data structures are involved in the handshake messages. These
90ce3da70b43 Initial load duke parents: diff changeset	56	* classes are used as structures, with public data members. They are
90ce3da70b43 Initial load duke parents: diff changeset	57	* not visible outside the SSL package.
90ce3da70b43 Initial load duke parents: diff changeset	58	*
90ce3da70b43 Initial load duke parents: diff changeset	59	* Handshake messages all have a common header format, and they are all
90ce3da70b43 Initial load duke parents: diff changeset	60	* encoded in a "handshake data" SSL record substream. The base class
90ce3da70b43 Initial load duke parents: diff changeset	61	* here (HandshakeMessage) provides a common framework and records the
90ce3da70b43 Initial load duke parents: diff changeset	62	* SSL record type of the particular handshake message.
90ce3da70b43 Initial load duke parents: diff changeset	63	*
90ce3da70b43 Initial load duke parents: diff changeset	64	* This file contains subclasses for all the basic handshake messages.
90ce3da70b43 Initial load duke parents: diff changeset	65	* All handshake messages know how to encode and decode themselves on
90ce3da70b43 Initial load duke parents: diff changeset	66	* SSL streams; this facilitates using the same code on SSL client and
90ce3da70b43 Initial load duke parents: diff changeset	67	* server sides, although they don't send and receive the same messages.
90ce3da70b43 Initial load duke parents: diff changeset	68	*
90ce3da70b43 Initial load duke parents: diff changeset	69	* Messages also know how to print themselves, which is quite handy
90ce3da70b43 Initial load duke parents: diff changeset	70	* for debugging. They always identify their type, and can optionally
90ce3da70b43 Initial load duke parents: diff changeset	71	* dump all of their content.
90ce3da70b43 Initial load duke parents: diff changeset	72	*
90ce3da70b43 Initial load duke parents: diff changeset	73	* @author David Brownell
90ce3da70b43 Initial load duke parents: diff changeset	74	*/
4236 02f52c723b79 6894643: Separate out dependency on Kerberos vinnie parents: 2 diff changeset	75	public abstract class HandshakeMessage {
2 90ce3da70b43 Initial load duke parents: diff changeset	76
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	77	/* Class and subclass dynamic debugging support */
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	78	public static final Debug debug = Debug.getInstance("ssl");
2 90ce3da70b43 Initial load duke parents: diff changeset	79
90ce3da70b43 Initial load duke parents: diff changeset	80	// enum HandshakeType:
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	81	static final byte ht_hello_request = 0; // RFC 5246
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	82	static final byte ht_client_hello = 1; // RFC 5246
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	83	static final byte ht_server_hello = 2; // RFC 5246
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	84	static final byte ht_hello_verify_request = 3; // RFC 6347
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	85	static final byte ht_new_session_ticket = 4; // RFC 4507
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	86
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	87	static final byte ht_certificate = 11; // RFC 5246
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	88	static final byte ht_server_key_exchange = 12; // RFC 5246
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	89	static final byte ht_certificate_request = 13; // RFC 5246
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	90	static final byte ht_server_hello_done = 14; // RFC 5246
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	91	static final byte ht_certificate_verify = 15; // RFC 5246
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	92	static final byte ht_client_key_exchange = 16; // RFC 5246
2 90ce3da70b43 Initial load duke parents: diff changeset	93
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	94	static final byte ht_finished = 20; // RFC 5246
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	95	static final byte ht_certificate_url = 21; // RFC 6066
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	96	static final byte ht_certificate_status = 22; // RFC 6066
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	97	static final byte ht_supplemental_data = 23; // RFC 4680
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	98
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	99	static final byte ht_not_applicable = -1; // N/A
2 90ce3da70b43 Initial load duke parents: diff changeset	100
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	101	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	102	* SSL 3.0 MAC padding constants.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	103	* Also used by CertificateVerify and Finished during the handshake.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	104	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	105	static final byte[] MD5_pad1 = genPad(0x36, 48);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	106	static final byte[] MD5_pad2 = genPad(0x5c, 48);
2 90ce3da70b43 Initial load duke parents: diff changeset	107
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	108	static final byte[] SHA_pad1 = genPad(0x36, 40);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	109	static final byte[] SHA_pad2 = genPad(0x5c, 40);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	110
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	111	// default constructor
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	112	HandshakeMessage() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	113	}
2 90ce3da70b43 Initial load duke parents: diff changeset	114
90ce3da70b43 Initial load duke parents: diff changeset	115	/**
90ce3da70b43 Initial load duke parents: diff changeset	116	* Utility method to convert a BigInteger to a byte array in unsigned
90ce3da70b43 Initial load duke parents: diff changeset	117	* format as needed in the handshake messages. BigInteger uses
90ce3da70b43 Initial load duke parents: diff changeset	118	* 2's complement format, i.e. it prepends an extra zero if the MSB
90ce3da70b43 Initial load duke parents: diff changeset	119	* is set. We remove that.
90ce3da70b43 Initial load duke parents: diff changeset	120	*/
90ce3da70b43 Initial load duke parents: diff changeset	121	static byte[] toByteArray(BigInteger bi) {
90ce3da70b43 Initial load duke parents: diff changeset	122	byte[] b = bi.toByteArray();
90ce3da70b43 Initial load duke parents: diff changeset	123	if ((b.length > 1) && (b[0] == 0)) {
90ce3da70b43 Initial load duke parents: diff changeset	124	int n = b.length - 1;
90ce3da70b43 Initial load duke parents: diff changeset	125	byte[] newarray = new byte[n];
90ce3da70b43 Initial load duke parents: diff changeset	126	System.arraycopy(b, 1, newarray, 0, n);
90ce3da70b43 Initial load duke parents: diff changeset	127	b = newarray;
90ce3da70b43 Initial load duke parents: diff changeset	128	}
90ce3da70b43 Initial load duke parents: diff changeset	129	return b;
90ce3da70b43 Initial load duke parents: diff changeset	130	}
90ce3da70b43 Initial load duke parents: diff changeset	131
90ce3da70b43 Initial load duke parents: diff changeset	132	private static byte[] genPad(int b, int count) {
90ce3da70b43 Initial load duke parents: diff changeset	133	byte[] padding = new byte[count];
90ce3da70b43 Initial load duke parents: diff changeset	134	Arrays.fill(padding, (byte)b);
90ce3da70b43 Initial load duke parents: diff changeset	135	return padding;
90ce3da70b43 Initial load duke parents: diff changeset	136	}
90ce3da70b43 Initial load duke parents: diff changeset	137
90ce3da70b43 Initial load duke parents: diff changeset	138	/*
90ce3da70b43 Initial load duke parents: diff changeset	139	* Write a handshake message on the (handshake) output stream.
90ce3da70b43 Initial load duke parents: diff changeset	140	* This is just a four byte header followed by the data.
90ce3da70b43 Initial load duke parents: diff changeset	141	*
90ce3da70b43 Initial load duke parents: diff changeset	142	* NOTE that huge messages -- notably, ones with huge cert
90ce3da70b43 Initial load duke parents: diff changeset	143	* chains -- are handled correctly.
90ce3da70b43 Initial load duke parents: diff changeset	144	*/
90ce3da70b43 Initial load duke parents: diff changeset	145	final void write(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	146	int len = messageLength();
14004 611031f93e76 7200295: CertificateRequest message is wrapping when using large numbers of Certs xuelei parents: 10336 diff changeset	147	if (len >= Record.OVERFLOW_OF_INT24) {
2 90ce3da70b43 Initial load duke parents: diff changeset	148	throw new SSLException("Handshake message too big"
90ce3da70b43 Initial load duke parents: diff changeset	149	+ ", type = " + messageType() + ", len = " + len);
90ce3da70b43 Initial load duke parents: diff changeset	150	}
90ce3da70b43 Initial load duke parents: diff changeset	151	s.write(messageType());
90ce3da70b43 Initial load duke parents: diff changeset	152	s.putInt24(len);
90ce3da70b43 Initial load duke parents: diff changeset	153	send(s);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	154	s.complete();
2 90ce3da70b43 Initial load duke parents: diff changeset	155	}
90ce3da70b43 Initial load duke parents: diff changeset	156
90ce3da70b43 Initial load duke parents: diff changeset	157	/*
90ce3da70b43 Initial load duke parents: diff changeset	158	* Subclasses implement these methods so those kinds of
90ce3da70b43 Initial load duke parents: diff changeset	159	* messages can be emitted. Base class delegates to subclass.
90ce3da70b43 Initial load duke parents: diff changeset	160	*/
90ce3da70b43 Initial load duke parents: diff changeset	161	abstract int messageType();
90ce3da70b43 Initial load duke parents: diff changeset	162	abstract int messageLength();
90ce3da70b43 Initial load duke parents: diff changeset	163	abstract void send(HandshakeOutStream s) throws IOException;
90ce3da70b43 Initial load duke parents: diff changeset	164
90ce3da70b43 Initial load duke parents: diff changeset	165	/*
90ce3da70b43 Initial load duke parents: diff changeset	166	* Write a descriptive message on the output stream; for debugging.
90ce3da70b43 Initial load duke parents: diff changeset	167	*/
90ce3da70b43 Initial load duke parents: diff changeset	168	abstract void print(PrintStream p) throws IOException;
90ce3da70b43 Initial load duke parents: diff changeset	169
90ce3da70b43 Initial load duke parents: diff changeset	170	//
90ce3da70b43 Initial load duke parents: diff changeset	171	// NOTE: the rest of these classes are nested within this one, and are
90ce3da70b43 Initial load duke parents: diff changeset	172	// imported by other classes in this package. There are a few other
90ce3da70b43 Initial load duke parents: diff changeset	173	// handshake message classes, not neatly nested here because of current
90ce3da70b43 Initial load duke parents: diff changeset	174	// licensing requirement for native (RSA) methods. They belong here,
90ce3da70b43 Initial load duke parents: diff changeset	175	// but those native methods complicate things a lot!
90ce3da70b43 Initial load duke parents: diff changeset	176	//
90ce3da70b43 Initial load duke parents: diff changeset	177
90ce3da70b43 Initial load duke parents: diff changeset	178
90ce3da70b43 Initial load duke parents: diff changeset	179	/*
90ce3da70b43 Initial load duke parents: diff changeset	180	* HelloRequest ... SERVER --> CLIENT
90ce3da70b43 Initial load duke parents: diff changeset	181	*
90ce3da70b43 Initial load duke parents: diff changeset	182	* Server can ask the client to initiate a new handshake, e.g. to change
90ce3da70b43 Initial load duke parents: diff changeset	183	* session parameters after a connection has been (re)established.
90ce3da70b43 Initial load duke parents: diff changeset	184	*/
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	185	static final class HelloRequest extends HandshakeMessage {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	186	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	187	int messageType() { return ht_hello_request; }
90ce3da70b43 Initial load duke parents: diff changeset	188
90ce3da70b43 Initial load duke parents: diff changeset	189	HelloRequest() { }
90ce3da70b43 Initial load duke parents: diff changeset	190
90ce3da70b43 Initial load duke parents: diff changeset	191	HelloRequest(HandshakeInStream in) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	192	{
90ce3da70b43 Initial load duke parents: diff changeset	193	// nothing in this message
90ce3da70b43 Initial load duke parents: diff changeset	194	}
90ce3da70b43 Initial load duke parents: diff changeset	195
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	196	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	197	int messageLength() { return 0; }
90ce3da70b43 Initial load duke parents: diff changeset	198
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	199	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	200	void send(HandshakeOutStream out) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	201	{
90ce3da70b43 Initial load duke parents: diff changeset	202	// nothing in this messaage
90ce3da70b43 Initial load duke parents: diff changeset	203	}
90ce3da70b43 Initial load duke parents: diff changeset	204
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	205	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	206	void print(PrintStream out) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	207	{
90ce3da70b43 Initial load duke parents: diff changeset	208	out.println("*** HelloRequest (empty)");
90ce3da70b43 Initial load duke parents: diff changeset	209	}
90ce3da70b43 Initial load duke parents: diff changeset	210
90ce3da70b43 Initial load duke parents: diff changeset	211	}
90ce3da70b43 Initial load duke parents: diff changeset	212
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	213	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	214	* HelloVerifyRequest ... SERVER --> CLIENT [DTLS only]
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	215	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	216	* The definition of HelloVerifyRequest is as follows:
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	217	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	218	* struct {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	219	* ProtocolVersion server_version;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	220	* opaque cookie<0..2^8-1>;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	221	* } HelloVerifyRequest;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	222	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	223	* For DTLS protocols, once the client has transmitted the ClientHello message,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	224	* it expects to see a HelloVerifyRequest from the server. However, if the
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	225	* server's message is lost, the client knows that either the ClientHello or
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	226	* the HelloVerifyRequest has been lost and retransmits. [RFC 6347]
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	227	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	228	static final class HelloVerifyRequest extends HandshakeMessage {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	229	ProtocolVersion protocolVersion;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	230	byte[] cookie; // 1 to 2^8 - 1 bytes
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	231
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	232	HelloVerifyRequest(HelloCookieManager helloCookieManager,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	233	ClientHello clientHelloMsg) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	234
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	235	this.protocolVersion = clientHelloMsg.protocolVersion;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	236	this.cookie = helloCookieManager.getCookie(clientHelloMsg);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	237	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	238
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	239	HelloVerifyRequest(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	240	HandshakeInStream input, int messageLength) throws IOException {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	241
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	242	this.protocolVersion =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	243	ProtocolVersion.valueOf(input.getInt8(), input.getInt8());
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	244	this.cookie = input.getBytes8();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	245
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	246	// Is it a valid cookie?
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	247	HelloCookieManager.checkCookie(protocolVersion, cookie);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	248	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	249
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	250	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	251	int messageType() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	252	return ht_hello_verify_request;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	253	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	254
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	255	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	256	int messageLength() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	257	return 2 + cookie.length; // 2: the length of protocolVersion
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	258	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	259
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	260	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	261	void send(HandshakeOutStream hos) throws IOException {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	262	hos.putInt8(protocolVersion.major);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	263	hos.putInt8(protocolVersion.minor);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	264	hos.putBytes8(cookie);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	265	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	266
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	267	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	268	void print(PrintStream out) throws IOException {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	269	out.println("*** HelloVerifyRequest");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	270	if (debug != null && Debug.isOn("verbose")) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	271	out.println("server_version: " + protocolVersion);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	272	Debug.println(out, "cookie", cookie);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	273	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	274	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	275	}
2 90ce3da70b43 Initial load duke parents: diff changeset	276
90ce3da70b43 Initial load duke parents: diff changeset	277	/*
90ce3da70b43 Initial load duke parents: diff changeset	278	* ClientHello ... CLIENT --> SERVER
90ce3da70b43 Initial load duke parents: diff changeset	279	*
90ce3da70b43 Initial load duke parents: diff changeset	280	* Client initiates handshake by telling server what it wants, and what it
90ce3da70b43 Initial load duke parents: diff changeset	281	* can support (prioritized by what's first in the ciphe suite list).
90ce3da70b43 Initial load duke parents: diff changeset	282	*
90ce3da70b43 Initial load duke parents: diff changeset	283	* By RFC2246:7.4.1.2 it's explicitly anticipated that this message
90ce3da70b43 Initial load duke parents: diff changeset	284	* will have more data added at the end ... e.g. what CAs the client trusts.
90ce3da70b43 Initial load duke parents: diff changeset	285	* Until we know how to parse it, we will just read what we know
90ce3da70b43 Initial load duke parents: diff changeset	286	* about, and let our caller handle the jumps over unknown data.
90ce3da70b43 Initial load duke parents: diff changeset	287	*/
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	288	static final class ClientHello extends HandshakeMessage {
2 90ce3da70b43 Initial load duke parents: diff changeset	289
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	290	ProtocolVersion protocolVersion;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	291	RandomCookie clnt_random;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	292	SessionId sessionId;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	293	byte[] cookie; // DTLS only
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	294	private CipherSuiteList cipherSuites;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	295	private final boolean isDTLS;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	296	byte[] compression_methods;
2 90ce3da70b43 Initial load duke parents: diff changeset	297
90ce3da70b43 Initial load duke parents: diff changeset	298	HelloExtensions extensions = new HelloExtensions();
90ce3da70b43 Initial load duke parents: diff changeset	299
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	300	private static final byte[] NULL_COMPRESSION = new byte[] {0};
2 90ce3da70b43 Initial load duke parents: diff changeset	301
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	302	ClientHello(SecureRandom generator, ProtocolVersion protocolVersion,
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	303	SessionId sessionId, CipherSuiteList cipherSuites,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	304	boolean isDTLS) {
2 90ce3da70b43 Initial load duke parents: diff changeset	305
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	306	this.isDTLS = isDTLS;
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	307	this.protocolVersion = protocolVersion;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	308	this.sessionId = sessionId;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	309	this.cipherSuites = cipherSuites;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	310	if (isDTLS) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	311	this.cookie = new byte[0];
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	312	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	313	this.cookie = null;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	314	}
2 90ce3da70b43 Initial load duke parents: diff changeset	315
90ce3da70b43 Initial load duke parents: diff changeset	316	if (cipherSuites.containsEC()) {
90ce3da70b43 Initial load duke parents: diff changeset	317	extensions.add(SupportedEllipticCurvesExtension.DEFAULT);
90ce3da70b43 Initial load duke parents: diff changeset	318	extensions.add(SupportedEllipticPointFormatsExtension.DEFAULT);
90ce3da70b43 Initial load duke parents: diff changeset	319	}
90ce3da70b43 Initial load duke parents: diff changeset	320
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	321	clnt_random = new RandomCookie(generator);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	322	compression_methods = NULL_COMPRESSION;
2 90ce3da70b43 Initial load duke parents: diff changeset	323	}
90ce3da70b43 Initial load duke parents: diff changeset	324
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	325	ClientHello(HandshakeInStream s,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	326	int messageLength, boolean isDTLS) throws IOException {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	327
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	328	this.isDTLS = isDTLS;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	329
2 90ce3da70b43 Initial load duke parents: diff changeset	330	protocolVersion = ProtocolVersion.valueOf(s.getInt8(), s.getInt8());
90ce3da70b43 Initial load duke parents: diff changeset	331	clnt_random = new RandomCookie(s);
90ce3da70b43 Initial load duke parents: diff changeset	332	sessionId = new SessionId(s.getBytes8());
28565 48712ca501c1 8044860: Vectors and fixed length fields should be verified for allowed sizes. jnimeh parents: 27957 diff changeset	333	sessionId.checkLength(protocolVersion);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	334	if (isDTLS) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	335	cookie = s.getBytes8();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	336	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	337	cookie = null;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	338	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	339
2 90ce3da70b43 Initial load duke parents: diff changeset	340	cipherSuites = new CipherSuiteList(s);
90ce3da70b43 Initial load duke parents: diff changeset	341	compression_methods = s.getBytes8();
90ce3da70b43 Initial load duke parents: diff changeset	342	if (messageLength() != messageLength) {
90ce3da70b43 Initial load duke parents: diff changeset	343	extensions = new HelloExtensions(s);
90ce3da70b43 Initial load duke parents: diff changeset	344	}
90ce3da70b43 Initial load duke parents: diff changeset	345	}
90ce3da70b43 Initial load duke parents: diff changeset	346
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	347	CipherSuiteList getCipherSuites() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	348	return cipherSuites;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	349	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	350
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	351	// add renegotiation_info extension
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	352	void addRenegotiationInfoExtension(byte[] clientVerifyData) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	353	HelloExtension renegotiationInfo = new RenegotiationInfoExtension(
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	354	clientVerifyData, new byte[0]);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	355	extensions.add(renegotiationInfo);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	356	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	357
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	358	// add server_name extension
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 14004 diff changeset	359	void addSNIExtension(List<SNIServerName> serverNames) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	360	try {
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 14004 diff changeset	361	extensions.add(new ServerNameExtension(serverNames));
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	362	} catch (IOException ioe) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	363	// ignore the exception and return
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	364	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	365	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	366
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	367	// add signature_algorithm extension
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	368	void addSignatureAlgorithmsExtension(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	369	Collection<SignatureAndHashAlgorithm> algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	370	HelloExtension signatureAlgorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	371	new SignatureAlgorithmsExtension(algorithms);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	372	extensions.add(signatureAlgorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	373	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	374
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	375	void addMFLExtension(int maximumPacketSize) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	376	HelloExtension maxFragmentLength =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	377	new MaxFragmentLengthExtension(maximumPacketSize);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	378	extensions.add(maxFragmentLength);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	379	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	380
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	381	void updateHelloCookie(MessageDigest cookieDigest) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	382	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	383	// Just use HandshakeOutStream to compute the hello verify cookie.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	384	// Not actually used to output handshake message records.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	385	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	386	HandshakeOutStream hos = new HandshakeOutStream(null);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	387
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	388	try {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	389	send(hos, false); // Do not count hello verify cookie.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	390	} catch (IOException ioe) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	391	// unlikely to happen
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	392	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	393
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	394	cookieDigest.update(hos.toByteArray());
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	395	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	396
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	397	// Add status_request extension type
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	398	void addCertStatusRequestExtension() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	399	extensions.add(new CertStatusReqExtension(StatusRequestType.OCSP,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	400	new OCSPStatusRequest()));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	401	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	402
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	403	// Add status_request_v2 extension type
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	404	void addCertStatusReqListV2Extension() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	405	// Create a default OCSPStatusRequest that we can use for both
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	406	// OCSP_MULTI and OCSP request list items.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	407	OCSPStatusRequest osr = new OCSPStatusRequest();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	408	List<CertStatusReqItemV2> itemList = new ArrayList<>(2);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	409	itemList.add(new CertStatusReqItemV2(StatusRequestType.OCSP_MULTI,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	410	osr));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	411	itemList.add(new CertStatusReqItemV2(StatusRequestType.OCSP, osr));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	412	extensions.add(new CertStatusReqListV2Extension(itemList));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	413	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	414
34380 2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension vinnie parents: 32649 diff changeset	415	// add application_layer_protocol_negotiation extension
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension vinnie parents: 32649 diff changeset	416	void addALPNExtension(String[] applicationProtocols) throws SSLException {
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension vinnie parents: 32649 diff changeset	417	extensions.add(new ALPNExtension(applicationProtocols));
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension vinnie parents: 32649 diff changeset	418	}
2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension vinnie parents: 32649 diff changeset	419
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	420	@Override
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	421	int messageType() { return ht_client_hello; }
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	422
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	423	@Override
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	424	int messageLength() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	425	/*
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	426	* Add fixed size parts of each field...
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	427	* version + random + session + cipher + compress
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	428	*/
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	429	return (2 + 32 + 1 + 2 + 1
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	430	+ sessionId.length() /* ... + variable parts */
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	431	+ (isDTLS ? (1 + cookie.length) : 0)
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	432	+ (cipherSuites.size() * 2)
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	433	+ compression_methods.length)
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	434	+ extensions.length();
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	435	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	436
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	437	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	438	void send(HandshakeOutStream s) throws IOException {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	439	send(s, true); // Count hello verify cookie.
2 90ce3da70b43 Initial load duke parents: diff changeset	440	}
90ce3da70b43 Initial load duke parents: diff changeset	441
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	442	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	443	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	444	s.println("*** ClientHello, " + protocolVersion);
90ce3da70b43 Initial load duke parents: diff changeset	445
90ce3da70b43 Initial load duke parents: diff changeset	446	if (debug != null && Debug.isOn("verbose")) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	447	s.print("RandomCookie: ");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	448	clnt_random.print(s);
2 90ce3da70b43 Initial load duke parents: diff changeset	449
90ce3da70b43 Initial load duke parents: diff changeset	450	s.print("Session ID: ");
90ce3da70b43 Initial load duke parents: diff changeset	451	s.println(sessionId);
90ce3da70b43 Initial load duke parents: diff changeset	452
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	453	if (isDTLS) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	454	Debug.println(s, "cookie", cookie);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	455	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	456
2 90ce3da70b43 Initial load duke parents: diff changeset	457	s.println("Cipher Suites: " + cipherSuites);
90ce3da70b43 Initial load duke parents: diff changeset	458
90ce3da70b43 Initial load duke parents: diff changeset	459	Debug.println(s, "Compression Methods", compression_methods);
90ce3da70b43 Initial load duke parents: diff changeset	460	extensions.print(s);
90ce3da70b43 Initial load duke parents: diff changeset	461	s.println("***");
90ce3da70b43 Initial load duke parents: diff changeset	462	}
90ce3da70b43 Initial load duke parents: diff changeset	463	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	464
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	465	private void send(HandshakeOutStream s,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	466	boolean computeCookie) throws IOException {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	467	s.putInt8(protocolVersion.major);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	468	s.putInt8(protocolVersion.minor);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	469	clnt_random.send(s);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	470	s.putBytes8(sessionId.getId());
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	471	if (isDTLS && computeCookie) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	472	s.putBytes8(cookie);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	473	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	474	cipherSuites.send(s);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	475	s.putBytes8(compression_methods);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	476	extensions.send(s);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	477	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	478
2 90ce3da70b43 Initial load duke parents: diff changeset	479	}
90ce3da70b43 Initial load duke parents: diff changeset	480
90ce3da70b43 Initial load duke parents: diff changeset	481	/*
90ce3da70b43 Initial load duke parents: diff changeset	482	* ServerHello ... SERVER --> CLIENT
90ce3da70b43 Initial load duke parents: diff changeset	483	*
90ce3da70b43 Initial load duke parents: diff changeset	484	* Server chooses protocol options from among those it supports and the
90ce3da70b43 Initial load duke parents: diff changeset	485	* client supports. Then it sends the basic session descriptive parameters
90ce3da70b43 Initial load duke parents: diff changeset	486	* back to the client.
90ce3da70b43 Initial load duke parents: diff changeset	487	*/
90ce3da70b43 Initial load duke parents: diff changeset	488	static final
90ce3da70b43 Initial load duke parents: diff changeset	489	class ServerHello extends HandshakeMessage
90ce3da70b43 Initial load duke parents: diff changeset	490	{
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	491	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	492	int messageType() { return ht_server_hello; }
90ce3da70b43 Initial load duke parents: diff changeset	493
90ce3da70b43 Initial load duke parents: diff changeset	494	ProtocolVersion protocolVersion;
90ce3da70b43 Initial load duke parents: diff changeset	495	RandomCookie svr_random;
90ce3da70b43 Initial load duke parents: diff changeset	496	SessionId sessionId;
90ce3da70b43 Initial load duke parents: diff changeset	497	CipherSuite cipherSuite;
90ce3da70b43 Initial load duke parents: diff changeset	498	byte compression_method;
90ce3da70b43 Initial load duke parents: diff changeset	499	HelloExtensions extensions = new HelloExtensions();
90ce3da70b43 Initial load duke parents: diff changeset	500
90ce3da70b43 Initial load duke parents: diff changeset	501	ServerHello() {
90ce3da70b43 Initial load duke parents: diff changeset	502	// empty
90ce3da70b43 Initial load duke parents: diff changeset	503	}
90ce3da70b43 Initial load duke parents: diff changeset	504
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	505	ServerHello(HandshakeInStream input, int messageLength)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	506	throws IOException {
2 90ce3da70b43 Initial load duke parents: diff changeset	507	protocolVersion = ProtocolVersion.valueOf(input.getInt8(),
90ce3da70b43 Initial load duke parents: diff changeset	508	input.getInt8());
90ce3da70b43 Initial load duke parents: diff changeset	509	svr_random = new RandomCookie(input);
90ce3da70b43 Initial load duke parents: diff changeset	510	sessionId = new SessionId(input.getBytes8());
28565 48712ca501c1 8044860: Vectors and fixed length fields should be verified for allowed sizes. jnimeh parents: 27957 diff changeset	511	sessionId.checkLength(protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	512	cipherSuite = CipherSuite.valueOf(input.getInt8(), input.getInt8());
90ce3da70b43 Initial load duke parents: diff changeset	513	compression_method = (byte)input.getInt8();
90ce3da70b43 Initial load duke parents: diff changeset	514	if (messageLength() != messageLength) {
90ce3da70b43 Initial load duke parents: diff changeset	515	extensions = new HelloExtensions(input);
90ce3da70b43 Initial load duke parents: diff changeset	516	}
90ce3da70b43 Initial load duke parents: diff changeset	517	}
90ce3da70b43 Initial load duke parents: diff changeset	518
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	519	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	520	int messageLength()
90ce3da70b43 Initial load duke parents: diff changeset	521	{
90ce3da70b43 Initial load duke parents: diff changeset	522	// almost fixed size, except session ID and extensions:
90ce3da70b43 Initial load duke parents: diff changeset	523	// major + minor = 2
90ce3da70b43 Initial load duke parents: diff changeset	524	// random = 32
90ce3da70b43 Initial load duke parents: diff changeset	525	// session ID len field = 1
90ce3da70b43 Initial load duke parents: diff changeset	526	// cipher suite + compression = 3
90ce3da70b43 Initial load duke parents: diff changeset	527	// extensions: if present, 2 + length of extensions
90ce3da70b43 Initial load duke parents: diff changeset	528	return 38 + sessionId.length() + extensions.length();
90ce3da70b43 Initial load duke parents: diff changeset	529	}
90ce3da70b43 Initial load duke parents: diff changeset	530
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	531	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	532	void send(HandshakeOutStream s) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	533	{
90ce3da70b43 Initial load duke parents: diff changeset	534	s.putInt8(protocolVersion.major);
90ce3da70b43 Initial load duke parents: diff changeset	535	s.putInt8(protocolVersion.minor);
90ce3da70b43 Initial load duke parents: diff changeset	536	svr_random.send(s);
90ce3da70b43 Initial load duke parents: diff changeset	537	s.putBytes8(sessionId.getId());
90ce3da70b43 Initial load duke parents: diff changeset	538	s.putInt8(cipherSuite.id >> 8);
90ce3da70b43 Initial load duke parents: diff changeset	539	s.putInt8(cipherSuite.id & 0xff);
90ce3da70b43 Initial load duke parents: diff changeset	540	s.putInt8(compression_method);
90ce3da70b43 Initial load duke parents: diff changeset	541	extensions.send(s);
90ce3da70b43 Initial load duke parents: diff changeset	542	}
90ce3da70b43 Initial load duke parents: diff changeset	543
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	544	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	545	void print(PrintStream s) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	546	{
90ce3da70b43 Initial load duke parents: diff changeset	547	s.println("*** ServerHello, " + protocolVersion);
90ce3da70b43 Initial load duke parents: diff changeset	548
90ce3da70b43 Initial load duke parents: diff changeset	549	if (debug != null && Debug.isOn("verbose")) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	550	s.print("RandomCookie: ");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	551	svr_random.print(s);
2 90ce3da70b43 Initial load duke parents: diff changeset	552
90ce3da70b43 Initial load duke parents: diff changeset	553	s.print("Session ID: ");
90ce3da70b43 Initial load duke parents: diff changeset	554	s.println(sessionId);
90ce3da70b43 Initial load duke parents: diff changeset	555
90ce3da70b43 Initial load duke parents: diff changeset	556	s.println("Cipher Suite: " + cipherSuite);
90ce3da70b43 Initial load duke parents: diff changeset	557	s.println("Compression Method: " + compression_method);
90ce3da70b43 Initial load duke parents: diff changeset	558	extensions.print(s);
90ce3da70b43 Initial load duke parents: diff changeset	559	s.println("***");
90ce3da70b43 Initial load duke parents: diff changeset	560	}
90ce3da70b43 Initial load duke parents: diff changeset	561	}
90ce3da70b43 Initial load duke parents: diff changeset	562	}
90ce3da70b43 Initial load duke parents: diff changeset	563
90ce3da70b43 Initial load duke parents: diff changeset	564
90ce3da70b43 Initial load duke parents: diff changeset	565	/*
90ce3da70b43 Initial load duke parents: diff changeset	566	* CertificateMsg ... send by both CLIENT and SERVER
90ce3da70b43 Initial load duke parents: diff changeset	567	*
90ce3da70b43 Initial load duke parents: diff changeset	568	* Each end of a connection may need to pass its certificate chain to
90ce3da70b43 Initial load duke parents: diff changeset	569	* the other end. Such chains are intended to validate an identity with
90ce3da70b43 Initial load duke parents: diff changeset	570	* reference to some certifying authority. Examples include companies
90ce3da70b43 Initial load duke parents: diff changeset	571	* like Verisign, or financial institutions. There's some control over
90ce3da70b43 Initial load duke parents: diff changeset	572	* the certifying authorities which are sent.
90ce3da70b43 Initial load duke parents: diff changeset	573	*
90ce3da70b43 Initial load duke parents: diff changeset	574	* NOTE: that these messages might be huge, taking many handshake records.
90ce3da70b43 Initial load duke parents: diff changeset	575	* Up to 2^48 bytes of certificate may be sent, in records of at most 2^14
90ce3da70b43 Initial load duke parents: diff changeset	576	* bytes each ... up to 2^32 records sent on the output stream.
90ce3da70b43 Initial load duke parents: diff changeset	577	*/
90ce3da70b43 Initial load duke parents: diff changeset	578	static final
90ce3da70b43 Initial load duke parents: diff changeset	579	class CertificateMsg extends HandshakeMessage
90ce3da70b43 Initial load duke parents: diff changeset	580	{
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	581	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	582	int messageType() { return ht_certificate; }
90ce3da70b43 Initial load duke parents: diff changeset	583
90ce3da70b43 Initial load duke parents: diff changeset	584	private X509Certificate[] chain;
90ce3da70b43 Initial load duke parents: diff changeset	585
90ce3da70b43 Initial load duke parents: diff changeset	586	private List<byte[]> encodedChain;
90ce3da70b43 Initial load duke parents: diff changeset	587
90ce3da70b43 Initial load duke parents: diff changeset	588	private int messageLength;
90ce3da70b43 Initial load duke parents: diff changeset	589
90ce3da70b43 Initial load duke parents: diff changeset	590	CertificateMsg(X509Certificate[] certs) {
90ce3da70b43 Initial load duke parents: diff changeset	591	chain = certs;
90ce3da70b43 Initial load duke parents: diff changeset	592	}
90ce3da70b43 Initial load duke parents: diff changeset	593
90ce3da70b43 Initial load duke parents: diff changeset	594	CertificateMsg(HandshakeInStream input) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	595	int chainLen = input.getInt24();
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	596	List<Certificate> v = new ArrayList<>(4);
2 90ce3da70b43 Initial load duke parents: diff changeset	597
90ce3da70b43 Initial load duke parents: diff changeset	598	CertificateFactory cf = null;
90ce3da70b43 Initial load duke parents: diff changeset	599	while (chainLen > 0) {
90ce3da70b43 Initial load duke parents: diff changeset	600	byte[] cert = input.getBytes24();
90ce3da70b43 Initial load duke parents: diff changeset	601	chainLen -= (3 + cert.length);
90ce3da70b43 Initial load duke parents: diff changeset	602	try {
90ce3da70b43 Initial load duke parents: diff changeset	603	if (cf == null) {
90ce3da70b43 Initial load duke parents: diff changeset	604	cf = CertificateFactory.getInstance("X.509");
90ce3da70b43 Initial load duke parents: diff changeset	605	}
90ce3da70b43 Initial load duke parents: diff changeset	606	v.add(cf.generateCertificate(new ByteArrayInputStream(cert)));
90ce3da70b43 Initial load duke parents: diff changeset	607	} catch (CertificateException e) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	608	throw (SSLProtocolException)new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	609	e.getMessage()).initCause(e);
2 90ce3da70b43 Initial load duke parents: diff changeset	610	}
90ce3da70b43 Initial load duke parents: diff changeset	611	}
90ce3da70b43 Initial load duke parents: diff changeset	612
90ce3da70b43 Initial load duke parents: diff changeset	613	chain = v.toArray(new X509Certificate[v.size()]);
90ce3da70b43 Initial load duke parents: diff changeset	614	}
90ce3da70b43 Initial load duke parents: diff changeset	615
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	616	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	617	int messageLength() {
90ce3da70b43 Initial load duke parents: diff changeset	618	if (encodedChain == null) {
90ce3da70b43 Initial load duke parents: diff changeset	619	messageLength = 3;
90ce3da70b43 Initial load duke parents: diff changeset	620	encodedChain = new ArrayList<byte[]>(chain.length);
90ce3da70b43 Initial load duke parents: diff changeset	621	try {
90ce3da70b43 Initial load duke parents: diff changeset	622	for (X509Certificate cert : chain) {
90ce3da70b43 Initial load duke parents: diff changeset	623	byte[] b = cert.getEncoded();
90ce3da70b43 Initial load duke parents: diff changeset	624	encodedChain.add(b);
90ce3da70b43 Initial load duke parents: diff changeset	625	messageLength += b.length + 3;
90ce3da70b43 Initial load duke parents: diff changeset	626	}
90ce3da70b43 Initial load duke parents: diff changeset	627	} catch (CertificateEncodingException e) {
90ce3da70b43 Initial load duke parents: diff changeset	628	encodedChain = null;
90ce3da70b43 Initial load duke parents: diff changeset	629	throw new RuntimeException("Could not encode certificates", e);
90ce3da70b43 Initial load duke parents: diff changeset	630	}
90ce3da70b43 Initial load duke parents: diff changeset	631	}
90ce3da70b43 Initial load duke parents: diff changeset	632	return messageLength;
90ce3da70b43 Initial load duke parents: diff changeset	633	}
90ce3da70b43 Initial load duke parents: diff changeset	634
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	635	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	636	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	637	s.putInt24(messageLength() - 3);
90ce3da70b43 Initial load duke parents: diff changeset	638	for (byte[] b : encodedChain) {
90ce3da70b43 Initial load duke parents: diff changeset	639	s.putBytes24(b);
90ce3da70b43 Initial load duke parents: diff changeset	640	}
90ce3da70b43 Initial load duke parents: diff changeset	641	}
90ce3da70b43 Initial load duke parents: diff changeset	642
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	643	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	644	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	645	s.println("*** Certificate chain");
90ce3da70b43 Initial load duke parents: diff changeset	646
29264 5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28565 diff changeset	647	if (chain.length == 0) {
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28565 diff changeset	648	s.println("<Empty>");
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28565 diff changeset	649	} else if (debug != null && Debug.isOn("verbose")) {
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28565 diff changeset	650	for (int i = 0; i < chain.length; i++) {
2 90ce3da70b43 Initial load duke parents: diff changeset	651	s.println("chain [" + i + "] = " + chain[i]);
29264 5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28565 diff changeset	652	}
2 90ce3da70b43 Initial load duke parents: diff changeset	653	}
29264 5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28565 diff changeset	654	s.println("***");
2 90ce3da70b43 Initial load duke parents: diff changeset	655	}
90ce3da70b43 Initial load duke parents: diff changeset	656
90ce3da70b43 Initial load duke parents: diff changeset	657	X509Certificate[] getCertificateChain() {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	658	return chain.clone();
2 90ce3da70b43 Initial load duke parents: diff changeset	659	}
90ce3da70b43 Initial load duke parents: diff changeset	660	}
90ce3da70b43 Initial load duke parents: diff changeset	661
90ce3da70b43 Initial load duke parents: diff changeset	662	/*
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	663	* CertificateStatus ... SERVER --> CLIENT
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	664	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	665	* When a ClientHello asserting the status_request or status_request_v2
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	666	* extensions is accepted by the server, it will fetch and return one
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	667	* or more status responses in this handshake message.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	668	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	669	* NOTE: Like the Certificate handshake message, this can potentially
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	670	* be a very large message both due to the size of multiple status
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	671	* responses and the certificate chains that are often attached to them.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	672	* Up to 2^24 bytes of status responses may be sent, possibly fragmented
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	673	* over multiple TLS records.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	674	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	675	static final class CertificateStatus extends HandshakeMessage
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	676	{
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	677	private final StatusRequestType statusType;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	678	private int encodedResponsesLen;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	679	private int messageLength = -1;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	680	private List<byte[]> encodedResponses;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	681
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	682	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	683	int messageType() { return ht_certificate_status; }
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	684
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	685	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	686	* Create a CertificateStatus message from the certificates and their
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	687	* respective OCSP responses
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	688	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	689	* @param type an indication of the type of response (OCSP or OCSP_MULTI)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	690	* @param responses a {@code List} of OCSP responses in DER-encoded form.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	691	* For the OCSP type, only the first entry in the response list is
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	692	* used, and must correspond to the end-entity certificate sent to the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	693	* peer. Zero-length or null values for the response data are not
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	694	* allowed for the OCSP type. For the OCSP_MULTI type, each entry in
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	695	* the list should match its corresponding certificate sent in the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	696	* Server Certificate message. Where an OCSP response does not exist,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	697	* either a zero-length array or a null value should be used.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	698	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	699	* @throws SSLException if an unsupported StatusRequestType or invalid
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	700	* OCSP response data is provided.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	701	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	702	CertificateStatus(StatusRequestType type, X509Certificate[] chain,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	703	Map<X509Certificate, byte[]> responses) throws SSLException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	704	statusType = type;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	705	encodedResponsesLen = 0;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	706	encodedResponses = new ArrayList<>(chain.length);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	707
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	708	Objects.requireNonNull(chain, "Null chain not allowed");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	709	Objects.requireNonNull(responses, "Null responses not allowed");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	710
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	711	if (statusType == StatusRequestType.OCSP) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	712	// Just get the response for the end-entity certificate
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	713	byte[] respDER = responses.get(chain[0]);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	714	if (respDER != null && respDER.length > 0) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	715	encodedResponses.add(respDER);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	716	encodedResponsesLen = 3 + respDER.length;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	717	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	718	throw new SSLHandshakeException("Zero-length or null " +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	719	"OCSP Response");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	720	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	721	} else if (statusType == StatusRequestType.OCSP_MULTI) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	722	for (X509Certificate cert : chain) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	723	byte[] respDER = responses.get(cert);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	724	if (respDER != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	725	encodedResponses.add(respDER);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	726	encodedResponsesLen += (respDER.length + 3);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	727	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	728	// If we cannot find a response for a given certificate
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	729	// then use a zero-length placeholder.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	730	encodedResponses.add(new byte[0]);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	731	encodedResponsesLen += 3;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	732	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	733	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	734	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	735	throw new SSLHandshakeException("Unsupported StatusResponseType: " +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	736	statusType);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	737	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	738	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	739
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	740	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	741	* Decode the CertificateStatus handshake message coming from a
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	742	* {@code HandshakeInputStream}.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	743	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	744	* @param input the {@code HandshakeInputStream} containing the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	745	* CertificateStatus message bytes.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	746	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	747	* @throws SSLHandshakeException if a zero-length response is found in the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	748	* OCSP response type, or an unsupported response type is detected.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	749	* @throws IOException if a decoding error occurs.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	750	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	751	CertificateStatus(HandshakeInStream input) throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	752	encodedResponsesLen = 0;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	753	encodedResponses = new ArrayList<>();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	754
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	755	statusType = StatusRequestType.get(input.getInt8());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	756	if (statusType == StatusRequestType.OCSP) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	757	byte[] respDER = input.getBytes24();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	758	// Convert the incoming bytes to a OCSPResponse strucutre
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	759	if (respDER.length > 0) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	760	encodedResponses.add(respDER);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	761	encodedResponsesLen = 3 + respDER.length;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	762	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	763	throw new SSLHandshakeException("Zero-length OCSP Response");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	764	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	765	} else if (statusType == StatusRequestType.OCSP_MULTI) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	766	int respListLen = input.getInt24();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	767	encodedResponsesLen = respListLen;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	768
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	769	// Add each OCSP reponse into the array list in the order
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	770	// we receive them off the wire. A zero-length array is
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	771	// allowed for ocsp_multi, and means that a response for
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	772	// a given certificate is not available.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	773	while (respListLen > 0) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	774	byte[] respDER = input.getBytes24();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	775	encodedResponses.add(respDER);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	776	respListLen -= (respDER.length + 3);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	777	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	778
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	779	if (respListLen != 0) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	780	throw new SSLHandshakeException(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	781	"Bad OCSP response list length");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	782	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	783	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	784	throw new SSLHandshakeException("Unsupported StatusResponseType: " +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	785	statusType);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	786	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	787	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	788
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	789	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	790	* Get the length of the CertificateStatus message.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	791	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	792	* @return the length of the message in bytes.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	793	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	794	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	795	int messageLength() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	796	int len = 1; // Length + Status type
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	797
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	798	if (messageLength == -1) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	799	if (statusType == StatusRequestType.OCSP) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	800	len += encodedResponsesLen;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	801	} else if (statusType == StatusRequestType.OCSP_MULTI) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	802	len += 3 + encodedResponsesLen;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	803	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	804	messageLength = len;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	805	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	806
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	807	return messageLength;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	808	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	809
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	810	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	811	* Encode the CertificateStatus handshake message and place it on a
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	812	* {@code HandshakeOutputStream}.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	813	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	814	* @param s the HandshakeOutputStream that will the message bytes.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	815	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	816	* @throws IOException if an encoding error occurs.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	817	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	818	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	819	void send(HandshakeOutStream s) throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	820	s.putInt8(statusType.id);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	821	if (statusType == StatusRequestType.OCSP) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	822	s.putBytes24(encodedResponses.get(0));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	823	} else if (statusType == StatusRequestType.OCSP_MULTI) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	824	s.putInt24(encodedResponsesLen);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	825	for (byte[] respBytes : encodedResponses) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	826	if (respBytes != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	827	s.putBytes24(respBytes);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	828	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	829	s.putBytes24(null);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	830	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	831	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	832	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	833	// It is highly unlikely that we will fall into this section of
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	834	// the code.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	835	throw new SSLHandshakeException("Unsupported status_type: " +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	836	statusType.id);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	837	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	838	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	839
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	840	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	841	* Display a human-readable representation of the CertificateStatus message.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	842	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	843	* @param s the PrintStream used to display the message data.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	844	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	845	* @throws IOException if any errors occur while parsing the OCSP response
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	846	* bytes into a readable form.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	847	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	848	@Override
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	849	void print(PrintStream s) throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	850	s.println("*** CertificateStatus");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	851	if (debug != null && Debug.isOn("verbose")) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	852	s.println("Type: " + statusType);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	853	if (statusType == StatusRequestType.OCSP) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	854	OCSPResponse oResp = new OCSPResponse(encodedResponses.get(0));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	855	s.println(oResp);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	856	} else if (statusType == StatusRequestType.OCSP_MULTI) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	857	int numResponses = encodedResponses.size();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	858	s.println(numResponses +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	859	(numResponses == 1 ? " entry:" : " entries:"));
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	860	for (byte[] respDER : encodedResponses) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	861	if (respDER.length > 0) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	862	OCSPResponse oResp = new OCSPResponse(respDER);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	863	s.println(oResp);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	864	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	865	s.println("<Zero-length entry>");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	866	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	867	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	868	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	869	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	870	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	871
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	872	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	873	* Get the type of CertificateStatus message
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	874	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	875	* @return the {@code StatusRequestType} for this CertificateStatus
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	876	* message.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	877	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	878	StatusRequestType getType() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	879	return statusType;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	880	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	881
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	882	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	883	* Get the list of non-zero length OCSP responses.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	884	* The responses returned in this list can be used to map to
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	885	* {@code X509Certificate} objects provided by the peer and
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	886	* provided to a {@code PKIXRevocationChecker}.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	887	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	888	* @return an unmodifiable List of zero or more byte arrays, each one
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	889	* consisting of a single status response.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	890	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	891	List<byte[]> getResponses() {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	892	return Collections.unmodifiableList(encodedResponses);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	893	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	894	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	895
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31695 diff changeset	896	/*
2 90ce3da70b43 Initial load duke parents: diff changeset	897	* ServerKeyExchange ... SERVER --> CLIENT
90ce3da70b43 Initial load duke parents: diff changeset	898	*
90ce3da70b43 Initial load duke parents: diff changeset	899	* The cipher suite selected, when combined with the certificate exchanged,
90ce3da70b43 Initial load duke parents: diff changeset	900	* implies one of several different kinds of key exchange. Most current
90ce3da70b43 Initial load duke parents: diff changeset	901	* cipher suites require the server to send more than its certificate.
90ce3da70b43 Initial load duke parents: diff changeset	902	*
90ce3da70b43 Initial load duke parents: diff changeset	903	* The primary exceptions are when a server sends an encryption-capable
90ce3da70b43 Initial load duke parents: diff changeset	904	* RSA public key in its cert, to be used with RSA (or RSA_export) key
90ce3da70b43 Initial load duke parents: diff changeset	905	* exchange; and when a server sends its Diffie-Hellman cert. Those kinds
90ce3da70b43 Initial load duke parents: diff changeset	906	* of key exchange do not require a ServerKeyExchange message.
90ce3da70b43 Initial load duke parents: diff changeset	907	*
90ce3da70b43 Initial load duke parents: diff changeset	908	* Key exchange can be viewed as having three modes, which are explicit
90ce3da70b43 Initial load duke parents: diff changeset	909	* for the Diffie-Hellman flavors and poorly specified for RSA ones:
90ce3da70b43 Initial load duke parents: diff changeset	910	*
90ce3da70b43 Initial load duke parents: diff changeset	911	* - "Ephemeral" keys. Here, a "temporary" key is allocated by the
90ce3da70b43 Initial load duke parents: diff changeset	912	* server, and signed. Diffie-Hellman keys signed using RSA or
90ce3da70b43 Initial load duke parents: diff changeset	913	* DSS are ephemeral (DHE flavor). RSA keys get used to do the same
90ce3da70b43 Initial load duke parents: diff changeset	914	* thing, to cut the key size down to 512 bits (export restrictions)
90ce3da70b43 Initial load duke parents: diff changeset	915	* or for signing-only RSA certificates.
90ce3da70b43 Initial load duke parents: diff changeset	916	*
90ce3da70b43 Initial load duke parents: diff changeset	917	* - Anonymity. Here no server certificate is sent, only the public
90ce3da70b43 Initial load duke parents: diff changeset	918	* key of the server. This case is subject to man-in-the-middle
90ce3da70b43 Initial load duke parents: diff changeset	919	* attacks. This can be done with Diffie-Hellman keys (DH_anon) or
90ce3da70b43 Initial load duke parents: diff changeset	920	* with RSA keys, but is only used in SSLv3 for DH_anon.
90ce3da70b43 Initial load duke parents: diff changeset	921	*
90ce3da70b43 Initial load duke parents: diff changeset	922	* - "Normal" case. Here a server certificate is sent, and the public
90ce3da70b43 Initial load duke parents: diff changeset	923	* key there is used directly in exchanging the premaster secret.
90ce3da70b43 Initial load duke parents: diff changeset	924	* For example, Diffie-Hellman "DH" flavor, and any RSA flavor with
90ce3da70b43 Initial load duke parents: diff changeset	925	* only 512 bit keys.
90ce3da70b43 Initial load duke parents: diff changeset	926	*
90ce3da70b43 Initial load duke parents: diff changeset	927	* If a server certificate is sent, there is no anonymity. However,
90ce3da70b43 Initial load duke parents: diff changeset	928	* when a certificate is sent, ephemeral keys may still be used to
90ce3da70b43 Initial load duke parents: diff changeset	929	* exchange the premaster secret. That's how RSA_EXPORT often works,
90ce3da70b43 Initial load duke parents: diff changeset	930	* as well as how the DHE_* flavors work.
90ce3da70b43 Initial load duke parents: diff changeset	931	*/
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	932	abstract static class ServerKeyExchange extends HandshakeMessage
2 90ce3da70b43 Initial load duke parents: diff changeset	933	{
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	934	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	935	int messageType() { return ht_server_key_exchange; }
90ce3da70b43 Initial load duke parents: diff changeset	936	}
90ce3da70b43 Initial load duke parents: diff changeset	937
90ce3da70b43 Initial load duke parents: diff changeset	938
90ce3da70b43 Initial load duke parents: diff changeset	939	/*
90ce3da70b43 Initial load duke parents: diff changeset	940	* Using RSA for Key Exchange: exchange a session key that's not as big
90ce3da70b43 Initial load duke parents: diff changeset	941	* as the signing-only key. Used for export applications, since exported
90ce3da70b43 Initial load duke parents: diff changeset	942	* RSA encryption keys can't be bigger than 512 bytes.
90ce3da70b43 Initial load duke parents: diff changeset	943	*
90ce3da70b43 Initial load duke parents: diff changeset	944	* This is never used when keys are 512 bits or smaller, and isn't used
90ce3da70b43 Initial load duke parents: diff changeset	945	* on "US Domestic" ciphers in any case.
90ce3da70b43 Initial load duke parents: diff changeset	946	*/
90ce3da70b43 Initial load duke parents: diff changeset	947	static final
90ce3da70b43 Initial load duke parents: diff changeset	948	class RSA_ServerKeyExchange extends ServerKeyExchange
90ce3da70b43 Initial load duke parents: diff changeset	949	{
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	950	private byte[] rsa_modulus; // 1 to 2^16 - 1 bytes
0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	951	private byte[] rsa_exponent; // 1 to 2^16 - 1 bytes
2 90ce3da70b43 Initial load duke parents: diff changeset	952
90ce3da70b43 Initial load duke parents: diff changeset	953	private Signature signature;
90ce3da70b43 Initial load duke parents: diff changeset	954	private byte[] signatureBytes;
90ce3da70b43 Initial load duke parents: diff changeset	955
90ce3da70b43 Initial load duke parents: diff changeset	956	/*
90ce3da70b43 Initial load duke parents: diff changeset	957	* Hash the nonces and the ephemeral RSA public key.
90ce3da70b43 Initial load duke parents: diff changeset	958	*/
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	959	private void updateSignature(byte[] clntNonce, byte[] svrNonce)
2 90ce3da70b43 Initial load duke parents: diff changeset	960	throws SignatureException {
90ce3da70b43 Initial load duke parents: diff changeset	961	int tmp;
90ce3da70b43 Initial load duke parents: diff changeset	962
90ce3da70b43 Initial load duke parents: diff changeset	963	signature.update(clntNonce);
90ce3da70b43 Initial load duke parents: diff changeset	964	signature.update(svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	965
90ce3da70b43 Initial load duke parents: diff changeset	966	tmp = rsa_modulus.length;
90ce3da70b43 Initial load duke parents: diff changeset	967	signature.update((byte)(tmp >> 8));
90ce3da70b43 Initial load duke parents: diff changeset	968	signature.update((byte)(tmp & 0x0ff));
90ce3da70b43 Initial load duke parents: diff changeset	969	signature.update(rsa_modulus);
90ce3da70b43 Initial load duke parents: diff changeset	970
90ce3da70b43 Initial load duke parents: diff changeset	971	tmp = rsa_exponent.length;
90ce3da70b43 Initial load duke parents: diff changeset	972	signature.update((byte)(tmp >> 8));
90ce3da70b43 Initial load duke parents: diff changeset	973	signature.update((byte)(tmp & 0x0ff));
90ce3da70b43 Initial load duke parents: diff changeset	974	signature.update(rsa_exponent);
90ce3da70b43 Initial load duke parents: diff changeset	975	}
90ce3da70b43 Initial load duke parents: diff changeset	976
90ce3da70b43 Initial load duke parents: diff changeset	977
90ce3da70b43 Initial load duke parents: diff changeset	978	/*
90ce3da70b43 Initial load duke parents: diff changeset	979	* Construct an RSA server key exchange message, using data
90ce3da70b43 Initial load duke parents: diff changeset	980	* known _only_ to the server.
90ce3da70b43 Initial load duke parents: diff changeset	981	*
90ce3da70b43 Initial load duke parents: diff changeset	982	* The client knows the public key corresponding to this private
90ce3da70b43 Initial load duke parents: diff changeset	983	* key, from the Certificate message sent previously. To comply
90ce3da70b43 Initial load duke parents: diff changeset	984	* with US export regulations we use short RSA keys ... either
90ce3da70b43 Initial load duke parents: diff changeset	985	* long term ones in the server's X509 cert, or else ephemeral
90ce3da70b43 Initial load duke parents: diff changeset	986	* ones sent using this message.
90ce3da70b43 Initial load duke parents: diff changeset	987	*/
90ce3da70b43 Initial load duke parents: diff changeset	988	RSA_ServerKeyExchange(PublicKey ephemeralKey, PrivateKey privateKey,
90ce3da70b43 Initial load duke parents: diff changeset	989	RandomCookie clntNonce, RandomCookie svrNonce, SecureRandom sr)
90ce3da70b43 Initial load duke parents: diff changeset	990	throws GeneralSecurityException {
90ce3da70b43 Initial load duke parents: diff changeset	991	RSAPublicKeySpec rsaKey = JsseJce.getRSAPublicKeySpec(ephemeralKey);
90ce3da70b43 Initial load duke parents: diff changeset	992	rsa_modulus = toByteArray(rsaKey.getModulus());
90ce3da70b43 Initial load duke parents: diff changeset	993	rsa_exponent = toByteArray(rsaKey.getPublicExponent());
90ce3da70b43 Initial load duke parents: diff changeset	994	signature = RSASignature.getInstance();
90ce3da70b43 Initial load duke parents: diff changeset	995	signature.initSign(privateKey, sr);
90ce3da70b43 Initial load duke parents: diff changeset	996	updateSignature(clntNonce.random_bytes, svrNonce.random_bytes);
90ce3da70b43 Initial load duke parents: diff changeset	997	signatureBytes = signature.sign();
90ce3da70b43 Initial load duke parents: diff changeset	998	}
90ce3da70b43 Initial load duke parents: diff changeset	999
90ce3da70b43 Initial load duke parents: diff changeset	1000
90ce3da70b43 Initial load duke parents: diff changeset	1001	/*
90ce3da70b43 Initial load duke parents: diff changeset	1002	* Parse an RSA server key exchange message, using data known
90ce3da70b43 Initial load duke parents: diff changeset	1003	* to the client (and, in some situations, eavesdroppers).
90ce3da70b43 Initial load duke parents: diff changeset	1004	*/
90ce3da70b43 Initial load duke parents: diff changeset	1005	RSA_ServerKeyExchange(HandshakeInStream input)
90ce3da70b43 Initial load duke parents: diff changeset	1006	throws IOException, NoSuchAlgorithmException {
90ce3da70b43 Initial load duke parents: diff changeset	1007	signature = RSASignature.getInstance();
90ce3da70b43 Initial load duke parents: diff changeset	1008	rsa_modulus = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1009	rsa_exponent = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1010	signatureBytes = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1011	}
90ce3da70b43 Initial load duke parents: diff changeset	1012
90ce3da70b43 Initial load duke parents: diff changeset	1013	/*
90ce3da70b43 Initial load duke parents: diff changeset	1014	* Get the ephemeral RSA public key that will be used in this
90ce3da70b43 Initial load duke parents: diff changeset	1015	* SSL connection.
90ce3da70b43 Initial load duke parents: diff changeset	1016	*/
90ce3da70b43 Initial load duke parents: diff changeset	1017	PublicKey getPublicKey() {
90ce3da70b43 Initial load duke parents: diff changeset	1018	try {
90ce3da70b43 Initial load duke parents: diff changeset	1019	KeyFactory kfac = JsseJce.getKeyFactory("RSA");
90ce3da70b43 Initial load duke parents: diff changeset	1020	// modulus and exponent are always positive
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1021	RSAPublicKeySpec kspec = new RSAPublicKeySpec(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1022	new BigInteger(1, rsa_modulus),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1023	new BigInteger(1, rsa_exponent));
2 90ce3da70b43 Initial load duke parents: diff changeset	1024	return kfac.generatePublic(kspec);
90ce3da70b43 Initial load duke parents: diff changeset	1025	} catch (Exception e) {
90ce3da70b43 Initial load duke parents: diff changeset	1026	throw new RuntimeException(e);
90ce3da70b43 Initial load duke parents: diff changeset	1027	}
90ce3da70b43 Initial load duke parents: diff changeset	1028	}
90ce3da70b43 Initial load duke parents: diff changeset	1029
90ce3da70b43 Initial load duke parents: diff changeset	1030	/*
90ce3da70b43 Initial load duke parents: diff changeset	1031	* Verify the signed temporary key using the hashes computed
90ce3da70b43 Initial load duke parents: diff changeset	1032	* from it and the two nonces. This is called by clients
90ce3da70b43 Initial load duke parents: diff changeset	1033	* with "exportable" RSA flavors.
90ce3da70b43 Initial load duke parents: diff changeset	1034	*/
90ce3da70b43 Initial load duke parents: diff changeset	1035	boolean verify(PublicKey certifiedKey, RandomCookie clntNonce,
90ce3da70b43 Initial load duke parents: diff changeset	1036	RandomCookie svrNonce) throws GeneralSecurityException {
90ce3da70b43 Initial load duke parents: diff changeset	1037	signature.initVerify(certifiedKey);
90ce3da70b43 Initial load duke parents: diff changeset	1038	updateSignature(clntNonce.random_bytes, svrNonce.random_bytes);
90ce3da70b43 Initial load duke parents: diff changeset	1039	return signature.verify(signatureBytes);
90ce3da70b43 Initial load duke parents: diff changeset	1040	}
90ce3da70b43 Initial load duke parents: diff changeset	1041
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1042	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1043	int messageLength() {
90ce3da70b43 Initial load duke parents: diff changeset	1044	return 6 + rsa_modulus.length + rsa_exponent.length
90ce3da70b43 Initial load duke parents: diff changeset	1045	+ signatureBytes.length;
90ce3da70b43 Initial load duke parents: diff changeset	1046	}
90ce3da70b43 Initial load duke parents: diff changeset	1047
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1048	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1049	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1050	s.putBytes16(rsa_modulus);
90ce3da70b43 Initial load duke parents: diff changeset	1051	s.putBytes16(rsa_exponent);
90ce3da70b43 Initial load duke parents: diff changeset	1052	s.putBytes16(signatureBytes);
90ce3da70b43 Initial load duke parents: diff changeset	1053	}
90ce3da70b43 Initial load duke parents: diff changeset	1054
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1055	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1056	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1057	s.println("*** RSA ServerKeyExchange");
90ce3da70b43 Initial load duke parents: diff changeset	1058
90ce3da70b43 Initial load duke parents: diff changeset	1059	if (debug != null && Debug.isOn("verbose")) {
90ce3da70b43 Initial load duke parents: diff changeset	1060	Debug.println(s, "RSA Modulus", rsa_modulus);
90ce3da70b43 Initial load duke parents: diff changeset	1061	Debug.println(s, "RSA Public Exponent", rsa_exponent);
90ce3da70b43 Initial load duke parents: diff changeset	1062	}
90ce3da70b43 Initial load duke parents: diff changeset	1063	}
90ce3da70b43 Initial load duke parents: diff changeset	1064	}
90ce3da70b43 Initial load duke parents: diff changeset	1065
90ce3da70b43 Initial load duke parents: diff changeset	1066
90ce3da70b43 Initial load duke parents: diff changeset	1067	/*
90ce3da70b43 Initial load duke parents: diff changeset	1068	* Using Diffie-Hellman algorithm for key exchange. All we really need to
90ce3da70b43 Initial load duke parents: diff changeset	1069	* do is securely get Diffie-Hellman keys (using the same P, G parameters)
90ce3da70b43 Initial load duke parents: diff changeset	1070	* to our peer, then we automatically have a shared secret without need
90ce3da70b43 Initial load duke parents: diff changeset	1071	* to exchange any more data. (D-H only solutions, such as SKIP, could
90ce3da70b43 Initial load duke parents: diff changeset	1072	* eliminate key exchange negotiations and get faster connection setup.
90ce3da70b43 Initial load duke parents: diff changeset	1073	* But they still need a signature algorithm like DSS/DSA to support the
90ce3da70b43 Initial load duke parents: diff changeset	1074	* trusted distribution of keys without relying on unscalable physical
90ce3da70b43 Initial load duke parents: diff changeset	1075	* key distribution systems.)
90ce3da70b43 Initial load duke parents: diff changeset	1076	*
90ce3da70b43 Initial load duke parents: diff changeset	1077	* This class supports several DH-based key exchange algorithms, though
90ce3da70b43 Initial load duke parents: diff changeset	1078	* perhaps eventually each deserves its own class. Notably, this has
90ce3da70b43 Initial load duke parents: diff changeset	1079	* basic support for DH_anon and its DHE_DSS and DHE_RSA signed variants.
90ce3da70b43 Initial load duke parents: diff changeset	1080	*/
90ce3da70b43 Initial load duke parents: diff changeset	1081	static final
90ce3da70b43 Initial load duke parents: diff changeset	1082	class DH_ServerKeyExchange extends ServerKeyExchange
90ce3da70b43 Initial load duke parents: diff changeset	1083	{
90ce3da70b43 Initial load duke parents: diff changeset	1084	// Fix message encoding, see 4348279
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	1085	private static final boolean dhKeyExchangeFix =
2 90ce3da70b43 Initial load duke parents: diff changeset	1086	Debug.getBooleanProperty("com.sun.net.ssl.dhKeyExchangeFix", true);
90ce3da70b43 Initial load duke parents: diff changeset	1087
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1088	private byte[] dh_p; // 1 to 2^16 - 1 bytes
0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1089	private byte[] dh_g; // 1 to 2^16 - 1 bytes
0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1090	private byte[] dh_Ys; // 1 to 2^16 - 1 bytes
2 90ce3da70b43 Initial load duke parents: diff changeset	1091
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1092	private byte[] signature;
2 90ce3da70b43 Initial load duke parents: diff changeset	1093
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1094	// protocol version being established using this ServerKeyExchange message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1095	ProtocolVersion protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1096
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1097	// the preferable signature algorithm used by this ServerKeyExchange message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1098	private SignatureAndHashAlgorithm preferableSignatureAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1099
2 90ce3da70b43 Initial load duke parents: diff changeset	1100	/*
90ce3da70b43 Initial load duke parents: diff changeset	1101	* Construct from initialized DH key object, for DH_anon
90ce3da70b43 Initial load duke parents: diff changeset	1102	* key exchange.
90ce3da70b43 Initial load duke parents: diff changeset	1103	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1104	DH_ServerKeyExchange(DHCrypt obj, ProtocolVersion protocolVersion) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1105	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1106	this.preferableSignatureAlgorithm = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1107
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1108	// The DH key has been validated in the constructor of DHCrypt.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1109	setValues(obj);
2 90ce3da70b43 Initial load duke parents: diff changeset	1110	signature = null;
90ce3da70b43 Initial load duke parents: diff changeset	1111	}
90ce3da70b43 Initial load duke parents: diff changeset	1112
90ce3da70b43 Initial load duke parents: diff changeset	1113	/*
90ce3da70b43 Initial load duke parents: diff changeset	1114	* Construct from initialized DH key object and the key associated
90ce3da70b43 Initial load duke parents: diff changeset	1115	* with the cert chain which was sent ... for DHE_DSS and DHE_RSA
90ce3da70b43 Initial load duke parents: diff changeset	1116	* key exchange. (Constructor called by server.)
90ce3da70b43 Initial load duke parents: diff changeset	1117	*/
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1118	DH_ServerKeyExchange(DHCrypt obj, PrivateKey key, byte[] clntNonce,
0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1119	byte[] svrNonce, SecureRandom sr,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1120	SignatureAndHashAlgorithm signAlgorithm,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1121	ProtocolVersion protocolVersion) throws GeneralSecurityException {
2 90ce3da70b43 Initial load duke parents: diff changeset	1122
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1123	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1124
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1125	// The DH key has been validated in the constructor of DHCrypt.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1126	setValues(obj);
2 90ce3da70b43 Initial load duke parents: diff changeset	1127
90ce3da70b43 Initial load duke parents: diff changeset	1128	Signature sig;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1129	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1130	this.preferableSignatureAlgorithm = signAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1131	sig = JsseJce.getSignature(signAlgorithm.getAlgorithmName());
2 90ce3da70b43 Initial load duke parents: diff changeset	1132	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1133	this.preferableSignatureAlgorithm = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1134	if (key.getAlgorithm().equals("DSA")) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1135	sig = JsseJce.getSignature(JsseJce.SIGNATURE_DSA);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1136	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1137	sig = RSASignature.getInstance();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1138	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1139	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1140
2 90ce3da70b43 Initial load duke parents: diff changeset	1141	sig.initSign(key, sr);
90ce3da70b43 Initial load duke parents: diff changeset	1142	updateSignature(sig, clntNonce, svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	1143	signature = sig.sign();
90ce3da70b43 Initial load duke parents: diff changeset	1144	}
90ce3da70b43 Initial load duke parents: diff changeset	1145
90ce3da70b43 Initial load duke parents: diff changeset	1146	/*
90ce3da70b43 Initial load duke parents: diff changeset	1147	* Construct a DH_ServerKeyExchange message from an input
90ce3da70b43 Initial load duke parents: diff changeset	1148	* stream, as if sent from server to client for use with
90ce3da70b43 Initial load duke parents: diff changeset	1149	* DH_anon key exchange
90ce3da70b43 Initial load duke parents: diff changeset	1150	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1151	DH_ServerKeyExchange(HandshakeInStream input,
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1152	ProtocolVersion protocolVersion)
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1153	throws IOException, GeneralSecurityException {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1154
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1155	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1156	this.preferableSignatureAlgorithm = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1157
2 90ce3da70b43 Initial load duke parents: diff changeset	1158	dh_p = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1159	dh_g = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1160	dh_Ys = input.getBytes16();
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1161	KeyUtil.validate(new DHPublicKeySpec(new BigInteger(1, dh_Ys),
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1162	new BigInteger(1, dh_p),
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1163	new BigInteger(1, dh_g)));
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1164
2 90ce3da70b43 Initial load duke parents: diff changeset	1165	signature = null;
90ce3da70b43 Initial load duke parents: diff changeset	1166	}
90ce3da70b43 Initial load duke parents: diff changeset	1167
90ce3da70b43 Initial load duke parents: diff changeset	1168	/*
90ce3da70b43 Initial load duke parents: diff changeset	1169	* Construct a DH_ServerKeyExchange message from an input stream
90ce3da70b43 Initial load duke parents: diff changeset	1170	* and a certificate, as if sent from server to client for use with
90ce3da70b43 Initial load duke parents: diff changeset	1171	* DHE_DSS or DHE_RSA key exchange. (Called by client.)
90ce3da70b43 Initial load duke parents: diff changeset	1172	*/
90ce3da70b43 Initial load duke parents: diff changeset	1173	DH_ServerKeyExchange(HandshakeInStream input, PublicKey publicKey,
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1174	byte[] clntNonce, byte[] svrNonce, int messageSize,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1175	Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1176	ProtocolVersion protocolVersion)
2 90ce3da70b43 Initial load duke parents: diff changeset	1177	throws IOException, GeneralSecurityException {
90ce3da70b43 Initial load duke parents: diff changeset	1178
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1179	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1180
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1181	// read params: ServerDHParams
2 90ce3da70b43 Initial load duke parents: diff changeset	1182	dh_p = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1183	dh_g = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1184	dh_Ys = input.getBytes16();
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1185	KeyUtil.validate(new DHPublicKeySpec(new BigInteger(1, dh_Ys),
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1186	new BigInteger(1, dh_p),
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	1187	new BigInteger(1, dh_g)));
2 90ce3da70b43 Initial load duke parents: diff changeset	1188
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1189	// read the signature and hash algorithm
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1190	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1191	int hash = input.getInt8(); // hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1192	int signature = input.getInt8(); // signature algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1193
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1194	preferableSignatureAlgorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1195	SignatureAndHashAlgorithm.valueOf(hash, signature, 0);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1196
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1197	// Is it a local supported signature algorithm?
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1198	if (!localSupportedSignAlgs.contains(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1199	preferableSignatureAlgorithm)) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1200	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1201	"Unsupported SignatureAndHashAlgorithm in " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1202	"ServerKeyExchange message");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1203	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1204	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1205	this.preferableSignatureAlgorithm = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1206	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1207
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1208	// read the signature
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1209	byte[] signature;
2 90ce3da70b43 Initial load duke parents: diff changeset	1210	if (dhKeyExchangeFix) {
90ce3da70b43 Initial load duke parents: diff changeset	1211	signature = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1212	} else {
90ce3da70b43 Initial load duke parents: diff changeset	1213	messageSize -= (dh_p.length + 2);
90ce3da70b43 Initial load duke parents: diff changeset	1214	messageSize -= (dh_g.length + 2);
90ce3da70b43 Initial load duke parents: diff changeset	1215	messageSize -= (dh_Ys.length + 2);
90ce3da70b43 Initial load duke parents: diff changeset	1216
90ce3da70b43 Initial load duke parents: diff changeset	1217	signature = new byte[messageSize];
90ce3da70b43 Initial load duke parents: diff changeset	1218	input.read(signature);
90ce3da70b43 Initial load duke parents: diff changeset	1219	}
90ce3da70b43 Initial load duke parents: diff changeset	1220
90ce3da70b43 Initial load duke parents: diff changeset	1221	Signature sig;
90ce3da70b43 Initial load duke parents: diff changeset	1222	String algorithm = publicKey.getAlgorithm();
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1223	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1224	sig = JsseJce.getSignature(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1225	preferableSignatureAlgorithm.getAlgorithmName());
2 90ce3da70b43 Initial load duke parents: diff changeset	1226	} else {
10336 0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1227	switch (algorithm) {
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1228	case "DSA":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1229	sig = JsseJce.getSignature(JsseJce.SIGNATURE_DSA);
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1230	break;
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1231	case "RSA":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1232	sig = RSASignature.getInstance();
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1233	break;
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1234	default:
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1235	throw new SSLKeyException("neither an RSA or a DSA key");
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1236	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1237	}
90ce3da70b43 Initial load duke parents: diff changeset	1238
90ce3da70b43 Initial load duke parents: diff changeset	1239	sig.initVerify(publicKey);
90ce3da70b43 Initial load duke parents: diff changeset	1240	updateSignature(sig, clntNonce, svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	1241
90ce3da70b43 Initial load duke parents: diff changeset	1242	if (sig.verify(signature) == false ) {
90ce3da70b43 Initial load duke parents: diff changeset	1243	throw new SSLKeyException("Server D-H key verification failed");
90ce3da70b43 Initial load duke parents: diff changeset	1244	}
90ce3da70b43 Initial load duke parents: diff changeset	1245	}
90ce3da70b43 Initial load duke parents: diff changeset	1246
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1247	/* Return the Diffie-Hellman modulus */
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1248	BigInteger getModulus() {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1249	return new BigInteger(1, dh_p);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1250	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1251
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1252	/* Return the Diffie-Hellman base/generator */
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1253	BigInteger getBase() {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1254	return new BigInteger(1, dh_g);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1255	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1256
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1257	/* Return the server's Diffie-Hellman public key */
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1258	BigInteger getServerPublicKey() {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1259	return new BigInteger(1, dh_Ys);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1260	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1261
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1262	/*
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1263	* Update sig with nonces and Diffie-Hellman public key.
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1264	*/
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1265	private void updateSignature(Signature sig, byte[] clntNonce,
0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1266	byte[] svrNonce) throws SignatureException {
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1267	int tmp;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1268
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1269	sig.update(clntNonce);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1270	sig.update(svrNonce);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1271
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1272	tmp = dh_p.length;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1273	sig.update((byte)(tmp >> 8));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1274	sig.update((byte)(tmp & 0x0ff));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1275	sig.update(dh_p);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1276
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1277	tmp = dh_g.length;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1278	sig.update((byte)(tmp >> 8));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1279	sig.update((byte)(tmp & 0x0ff));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1280	sig.update(dh_g);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1281
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1282	tmp = dh_Ys.length;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1283	sig.update((byte)(tmp >> 8));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1284	sig.update((byte)(tmp & 0x0ff));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1285	sig.update(dh_Ys);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1286	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1287
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1288	private void setValues(DHCrypt obj) {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1289	dh_p = toByteArray(obj.getModulus());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1290	dh_g = toByteArray(obj.getBase());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1291	dh_Ys = toByteArray(obj.getPublicKey());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1292	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1293
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1294	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1295	int messageLength() {
90ce3da70b43 Initial load duke parents: diff changeset	1296	int temp = 6; // overhead for p, g, y(s) values.
90ce3da70b43 Initial load duke parents: diff changeset	1297
90ce3da70b43 Initial load duke parents: diff changeset	1298	temp += dh_p.length;
90ce3da70b43 Initial load duke parents: diff changeset	1299	temp += dh_g.length;
90ce3da70b43 Initial load duke parents: diff changeset	1300	temp += dh_Ys.length;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1301
2 90ce3da70b43 Initial load duke parents: diff changeset	1302	if (signature != null) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1303	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1304	temp += SignatureAndHashAlgorithm.sizeInRecord();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1305	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1306
2 90ce3da70b43 Initial load duke parents: diff changeset	1307	temp += signature.length;
90ce3da70b43 Initial load duke parents: diff changeset	1308	if (dhKeyExchangeFix) {
90ce3da70b43 Initial load duke parents: diff changeset	1309	temp += 2;
90ce3da70b43 Initial load duke parents: diff changeset	1310	}
90ce3da70b43 Initial load duke parents: diff changeset	1311	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1312
2 90ce3da70b43 Initial load duke parents: diff changeset	1313	return temp;
90ce3da70b43 Initial load duke parents: diff changeset	1314	}
90ce3da70b43 Initial load duke parents: diff changeset	1315
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1316	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1317	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1318	s.putBytes16(dh_p);
90ce3da70b43 Initial load duke parents: diff changeset	1319	s.putBytes16(dh_g);
90ce3da70b43 Initial load duke parents: diff changeset	1320	s.putBytes16(dh_Ys);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1321
2 90ce3da70b43 Initial load duke parents: diff changeset	1322	if (signature != null) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1323	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1324	s.putInt8(preferableSignatureAlgorithm.getHashValue());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1325	s.putInt8(preferableSignatureAlgorithm.getSignatureValue());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1326	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1327
2 90ce3da70b43 Initial load duke parents: diff changeset	1328	if (dhKeyExchangeFix) {
90ce3da70b43 Initial load duke parents: diff changeset	1329	s.putBytes16(signature);
90ce3da70b43 Initial load duke parents: diff changeset	1330	} else {
90ce3da70b43 Initial load duke parents: diff changeset	1331	s.write(signature);
90ce3da70b43 Initial load duke parents: diff changeset	1332	}
90ce3da70b43 Initial load duke parents: diff changeset	1333	}
90ce3da70b43 Initial load duke parents: diff changeset	1334	}
90ce3da70b43 Initial load duke parents: diff changeset	1335
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1336	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1337	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1338	s.println("*** Diffie-Hellman ServerKeyExchange");
90ce3da70b43 Initial load duke parents: diff changeset	1339
90ce3da70b43 Initial load duke parents: diff changeset	1340	if (debug != null && Debug.isOn("verbose")) {
90ce3da70b43 Initial load duke parents: diff changeset	1341	Debug.println(s, "DH Modulus", dh_p);
90ce3da70b43 Initial load duke parents: diff changeset	1342	Debug.println(s, "DH Base", dh_g);
90ce3da70b43 Initial load duke parents: diff changeset	1343	Debug.println(s, "Server DH Public Key", dh_Ys);
90ce3da70b43 Initial load duke parents: diff changeset	1344
90ce3da70b43 Initial load duke parents: diff changeset	1345	if (signature == null) {
90ce3da70b43 Initial load duke parents: diff changeset	1346	s.println("Anonymous");
90ce3da70b43 Initial load duke parents: diff changeset	1347	} else {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1348	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1349	s.println("Signature Algorithm " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1350	preferableSignatureAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1351	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1352
2 90ce3da70b43 Initial load duke parents: diff changeset	1353	s.println("Signed with a DSA or RSA public key");
90ce3da70b43 Initial load duke parents: diff changeset	1354	}
90ce3da70b43 Initial load duke parents: diff changeset	1355	}
90ce3da70b43 Initial load duke parents: diff changeset	1356	}
90ce3da70b43 Initial load duke parents: diff changeset	1357	}
90ce3da70b43 Initial load duke parents: diff changeset	1358
90ce3da70b43 Initial load duke parents: diff changeset	1359	/*
90ce3da70b43 Initial load duke parents: diff changeset	1360	* ECDH server key exchange message. Sent by the server for ECDHE and ECDH_anon
90ce3da70b43 Initial load duke parents: diff changeset	1361	* ciphersuites to communicate its ephemeral public key (including the
90ce3da70b43 Initial load duke parents: diff changeset	1362	* EC domain parameters).
90ce3da70b43 Initial load duke parents: diff changeset	1363	*
90ce3da70b43 Initial load duke parents: diff changeset	1364	* We support named curves only, no explicitly encoded curves.
90ce3da70b43 Initial load duke parents: diff changeset	1365	*/
90ce3da70b43 Initial load duke parents: diff changeset	1366	static final
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1367	class ECDH_ServerKeyExchange extends ServerKeyExchange {
2 90ce3da70b43 Initial load duke parents: diff changeset	1368
90ce3da70b43 Initial load duke parents: diff changeset	1369	// constants for ECCurveType
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	1370	private static final int CURVE_EXPLICIT_PRIME = 1;
2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	1371	private static final int CURVE_EXPLICIT_CHAR2 = 2;
2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	1372	private static final int CURVE_NAMED_CURVE = 3;
2 90ce3da70b43 Initial load duke parents: diff changeset	1373
90ce3da70b43 Initial load duke parents: diff changeset	1374	// id of the curve we are using
90ce3da70b43 Initial load duke parents: diff changeset	1375	private int curveId;
90ce3da70b43 Initial load duke parents: diff changeset	1376	// encoded public point
90ce3da70b43 Initial load duke parents: diff changeset	1377	private byte[] pointBytes;
90ce3da70b43 Initial load duke parents: diff changeset	1378
90ce3da70b43 Initial load duke parents: diff changeset	1379	// signature bytes (or null if anonymous)
90ce3da70b43 Initial load duke parents: diff changeset	1380	private byte[] signatureBytes;
90ce3da70b43 Initial load duke parents: diff changeset	1381
90ce3da70b43 Initial load duke parents: diff changeset	1382	// public key object encapsulated in this message
90ce3da70b43 Initial load duke parents: diff changeset	1383	private ECPublicKey publicKey;
90ce3da70b43 Initial load duke parents: diff changeset	1384
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1385	// protocol version being established using this ServerKeyExchange message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1386	ProtocolVersion protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1387
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1388	// the preferable signature algorithm used by this ServerKeyExchange message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1389	private SignatureAndHashAlgorithm preferableSignatureAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1390
2 90ce3da70b43 Initial load duke parents: diff changeset	1391	ECDH_ServerKeyExchange(ECDHCrypt obj, PrivateKey privateKey,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1392	byte[] clntNonce, byte[] svrNonce, SecureRandom sr,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1393	SignatureAndHashAlgorithm signAlgorithm,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1394	ProtocolVersion protocolVersion) throws GeneralSecurityException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1395
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1396	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1397
2 90ce3da70b43 Initial load duke parents: diff changeset	1398	publicKey = (ECPublicKey)obj.getPublicKey();
90ce3da70b43 Initial load duke parents: diff changeset	1399	ECParameterSpec params = publicKey.getParams();
90ce3da70b43 Initial load duke parents: diff changeset	1400	ECPoint point = publicKey.getW();
90ce3da70b43 Initial load duke parents: diff changeset	1401	pointBytes = JsseJce.encodePoint(point, params.getCurve());
90ce3da70b43 Initial load duke parents: diff changeset	1402	curveId = SupportedEllipticCurvesExtension.getCurveIndex(params);
90ce3da70b43 Initial load duke parents: diff changeset	1403
90ce3da70b43 Initial load duke parents: diff changeset	1404	if (privateKey == null) {
90ce3da70b43 Initial load duke parents: diff changeset	1405	// ECDH_anon
90ce3da70b43 Initial load duke parents: diff changeset	1406	return;
90ce3da70b43 Initial load duke parents: diff changeset	1407	}
90ce3da70b43 Initial load duke parents: diff changeset	1408
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1409	Signature sig;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1410	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1411	this.preferableSignatureAlgorithm = signAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1412	sig = JsseJce.getSignature(signAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1413	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1414	sig = getSignature(privateKey.getAlgorithm());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1415	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1416	sig.initSign(privateKey); // where is the SecureRandom?
2 90ce3da70b43 Initial load duke parents: diff changeset	1417
90ce3da70b43 Initial load duke parents: diff changeset	1418	updateSignature(sig, clntNonce, svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	1419	signatureBytes = sig.sign();
90ce3da70b43 Initial load duke parents: diff changeset	1420	}
90ce3da70b43 Initial load duke parents: diff changeset	1421
90ce3da70b43 Initial load duke parents: diff changeset	1422	/*
90ce3da70b43 Initial load duke parents: diff changeset	1423	* Parse an ECDH server key exchange message.
90ce3da70b43 Initial load duke parents: diff changeset	1424	*/
90ce3da70b43 Initial load duke parents: diff changeset	1425	ECDH_ServerKeyExchange(HandshakeInStream input, PublicKey signingKey,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1426	byte[] clntNonce, byte[] svrNonce,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1427	Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1428	ProtocolVersion protocolVersion)
2 90ce3da70b43 Initial load duke parents: diff changeset	1429	throws IOException, GeneralSecurityException {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1430
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1431	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1432
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1433	// read params: ServerECDHParams
2 90ce3da70b43 Initial load duke parents: diff changeset	1434	int curveType = input.getInt8();
90ce3da70b43 Initial load duke parents: diff changeset	1435	ECParameterSpec parameters;
90ce3da70b43 Initial load duke parents: diff changeset	1436	// These parsing errors should never occur as we negotiated
90ce3da70b43 Initial load duke parents: diff changeset	1437	// the supported curves during the exchange of the Hello messages.
90ce3da70b43 Initial load duke parents: diff changeset	1438	if (curveType == CURVE_NAMED_CURVE) {
90ce3da70b43 Initial load duke parents: diff changeset	1439	curveId = input.getInt16();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1440	if (SupportedEllipticCurvesExtension.isSupported(curveId)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1441	== false) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1442	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1443	"Unsupported curveId: " + curveId);
2 90ce3da70b43 Initial load duke parents: diff changeset	1444	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1445	String curveOid =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1446	SupportedEllipticCurvesExtension.getCurveOid(curveId);
2 90ce3da70b43 Initial load duke parents: diff changeset	1447	if (curveOid == null) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1448	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1449	"Unknown named curve: " + curveId);
2 90ce3da70b43 Initial load duke parents: diff changeset	1450	}
90ce3da70b43 Initial load duke parents: diff changeset	1451	parameters = JsseJce.getECParameterSpec(curveOid);
90ce3da70b43 Initial load duke parents: diff changeset	1452	if (parameters == null) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1453	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1454	"Unsupported curve: " + curveOid);
2 90ce3da70b43 Initial load duke parents: diff changeset	1455	}
90ce3da70b43 Initial load duke parents: diff changeset	1456	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1457	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1458	"Unsupported ECCurveType: " + curveType);
2 90ce3da70b43 Initial load duke parents: diff changeset	1459	}
90ce3da70b43 Initial load duke parents: diff changeset	1460	pointBytes = input.getBytes8();
90ce3da70b43 Initial load duke parents: diff changeset	1461
90ce3da70b43 Initial load duke parents: diff changeset	1462	ECPoint point = JsseJce.decodePoint(pointBytes, parameters.getCurve());
90ce3da70b43 Initial load duke parents: diff changeset	1463	KeyFactory factory = JsseJce.getKeyFactory("EC");
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1464	publicKey = (ECPublicKey)factory.generatePublic(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1465	new ECPublicKeySpec(point, parameters));
2 90ce3da70b43 Initial load duke parents: diff changeset	1466
90ce3da70b43 Initial load duke parents: diff changeset	1467	if (signingKey == null) {
90ce3da70b43 Initial load duke parents: diff changeset	1468	// ECDH_anon
90ce3da70b43 Initial load duke parents: diff changeset	1469	return;
90ce3da70b43 Initial load duke parents: diff changeset	1470	}
90ce3da70b43 Initial load duke parents: diff changeset	1471
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1472	// read the signature and hash algorithm
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1473	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1474	int hash = input.getInt8(); // hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1475	int signature = input.getInt8(); // signature algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1476
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1477	preferableSignatureAlgorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1478	SignatureAndHashAlgorithm.valueOf(hash, signature, 0);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1479
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1480	// Is it a local supported signature algorithm?
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1481	if (!localSupportedSignAlgs.contains(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1482	preferableSignatureAlgorithm)) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1483	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1484	"Unsupported SignatureAndHashAlgorithm in " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1485	"ServerKeyExchange message");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1486	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1487	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1488
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1489	// read the signature
2 90ce3da70b43 Initial load duke parents: diff changeset	1490	signatureBytes = input.getBytes16();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1491
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1492	// verify the signature
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1493	Signature sig;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1494	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1495	sig = JsseJce.getSignature(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1496	preferableSignatureAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1497	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1498	sig = getSignature(signingKey.getAlgorithm());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1499	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1500	sig.initVerify(signingKey);
90ce3da70b43 Initial load duke parents: diff changeset	1501
90ce3da70b43 Initial load duke parents: diff changeset	1502	updateSignature(sig, clntNonce, svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	1503
90ce3da70b43 Initial load duke parents: diff changeset	1504	if (sig.verify(signatureBytes) == false ) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1505	throw new SSLKeyException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1506	"Invalid signature on ECDH server key exchange message");
2 90ce3da70b43 Initial load duke parents: diff changeset	1507	}
90ce3da70b43 Initial load duke parents: diff changeset	1508	}
90ce3da70b43 Initial load duke parents: diff changeset	1509
90ce3da70b43 Initial load duke parents: diff changeset	1510	/*
90ce3da70b43 Initial load duke parents: diff changeset	1511	* Get the ephemeral EC public key encapsulated in this message.
90ce3da70b43 Initial load duke parents: diff changeset	1512	*/
90ce3da70b43 Initial load duke parents: diff changeset	1513	ECPublicKey getPublicKey() {
90ce3da70b43 Initial load duke parents: diff changeset	1514	return publicKey;
90ce3da70b43 Initial load duke parents: diff changeset	1515	}
90ce3da70b43 Initial load duke parents: diff changeset	1516
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1517	private static Signature getSignature(String keyAlgorithm)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1518	throws NoSuchAlgorithmException {
10336 0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1519	switch (keyAlgorithm) {
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1520	case "EC":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1521	return JsseJce.getSignature(JsseJce.SIGNATURE_ECDSA);
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1522	case "RSA":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1523	return RSASignature.getInstance();
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1524	default:
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1525	throw new NoSuchAlgorithmException("neither an RSA or a EC key");
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1526	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1527	}
90ce3da70b43 Initial load duke parents: diff changeset	1528
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1529	private void updateSignature(Signature sig, byte[] clntNonce,
0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1530	byte[] svrNonce) throws SignatureException {
2 90ce3da70b43 Initial load duke parents: diff changeset	1531	sig.update(clntNonce);
90ce3da70b43 Initial load duke parents: diff changeset	1532	sig.update(svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	1533
90ce3da70b43 Initial load duke parents: diff changeset	1534	sig.update((byte)CURVE_NAMED_CURVE);
90ce3da70b43 Initial load duke parents: diff changeset	1535	sig.update((byte)(curveId >> 8));
90ce3da70b43 Initial load duke parents: diff changeset	1536	sig.update((byte)curveId);
90ce3da70b43 Initial load duke parents: diff changeset	1537	sig.update((byte)pointBytes.length);
90ce3da70b43 Initial load duke parents: diff changeset	1538	sig.update(pointBytes);
90ce3da70b43 Initial load duke parents: diff changeset	1539	}
90ce3da70b43 Initial load duke parents: diff changeset	1540
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1541	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1542	int messageLength() {
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1543	int sigLen = 0;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1544	if (signatureBytes != null) {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1545	sigLen = 2 + signatureBytes.length;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1546	if (protocolVersion.useTLS12PlusSpec()) {
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1547	sigLen += SignatureAndHashAlgorithm.sizeInRecord();
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1548	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1549	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1550
2 90ce3da70b43 Initial load duke parents: diff changeset	1551	return 4 + pointBytes.length + sigLen;
90ce3da70b43 Initial load duke parents: diff changeset	1552	}
90ce3da70b43 Initial load duke parents: diff changeset	1553
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1554	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1555	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1556	s.putInt8(CURVE_NAMED_CURVE);
90ce3da70b43 Initial load duke parents: diff changeset	1557	s.putInt16(curveId);
90ce3da70b43 Initial load duke parents: diff changeset	1558	s.putBytes8(pointBytes);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1559
2 90ce3da70b43 Initial load duke parents: diff changeset	1560	if (signatureBytes != null) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1561	if (protocolVersion.useTLS12PlusSpec()) {
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1562	s.putInt8(preferableSignatureAlgorithm.getHashValue());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1563	s.putInt8(preferableSignatureAlgorithm.getSignatureValue());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1564	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1565
2 90ce3da70b43 Initial load duke parents: diff changeset	1566	s.putBytes16(signatureBytes);
90ce3da70b43 Initial load duke parents: diff changeset	1567	}
90ce3da70b43 Initial load duke parents: diff changeset	1568	}
90ce3da70b43 Initial load duke parents: diff changeset	1569
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1570	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1571	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1572	s.println("*** ECDH ServerKeyExchange");
90ce3da70b43 Initial load duke parents: diff changeset	1573
90ce3da70b43 Initial load duke parents: diff changeset	1574	if (debug != null && Debug.isOn("verbose")) {
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1575	if (signatureBytes == null) {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1576	s.println("Anonymous");
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1577	} else {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1578	if (protocolVersion.useTLS12PlusSpec()) {
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1579	s.println("Signature Algorithm " +
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1580	preferableSignatureAlgorithm.getAlgorithmName());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1581	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1582	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1583
2 90ce3da70b43 Initial load duke parents: diff changeset	1584	s.println("Server key: " + publicKey);
90ce3da70b43 Initial load duke parents: diff changeset	1585	}
90ce3da70b43 Initial load duke parents: diff changeset	1586	}
90ce3da70b43 Initial load duke parents: diff changeset	1587	}
90ce3da70b43 Initial load duke parents: diff changeset	1588
90ce3da70b43 Initial load duke parents: diff changeset	1589	static final class DistinguishedName {
90ce3da70b43 Initial load duke parents: diff changeset	1590
90ce3da70b43 Initial load duke parents: diff changeset	1591	/*
90ce3da70b43 Initial load duke parents: diff changeset	1592	* DER encoded distinguished name.
90ce3da70b43 Initial load duke parents: diff changeset	1593	* TLS requires that its not longer than 65535 bytes.
90ce3da70b43 Initial load duke parents: diff changeset	1594	*/
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1595	byte[] name;
2 90ce3da70b43 Initial load duke parents: diff changeset	1596
90ce3da70b43 Initial load duke parents: diff changeset	1597	DistinguishedName(HandshakeInStream input) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1598	name = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1599	}
90ce3da70b43 Initial load duke parents: diff changeset	1600
90ce3da70b43 Initial load duke parents: diff changeset	1601	DistinguishedName(X500Principal dn) {
90ce3da70b43 Initial load duke parents: diff changeset	1602	name = dn.getEncoded();
90ce3da70b43 Initial load duke parents: diff changeset	1603	}
90ce3da70b43 Initial load duke parents: diff changeset	1604
90ce3da70b43 Initial load duke parents: diff changeset	1605	X500Principal getX500Principal() throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1606	try {
90ce3da70b43 Initial load duke parents: diff changeset	1607	return new X500Principal(name);
90ce3da70b43 Initial load duke parents: diff changeset	1608	} catch (IllegalArgumentException e) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1609	throw (SSLProtocolException)new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1610	e.getMessage()).initCause(e);
2 90ce3da70b43 Initial load duke parents: diff changeset	1611	}
90ce3da70b43 Initial load duke parents: diff changeset	1612	}
90ce3da70b43 Initial load duke parents: diff changeset	1613
90ce3da70b43 Initial load duke parents: diff changeset	1614	int length() {
90ce3da70b43 Initial load duke parents: diff changeset	1615	return 2 + name.length;
90ce3da70b43 Initial load duke parents: diff changeset	1616	}
90ce3da70b43 Initial load duke parents: diff changeset	1617
90ce3da70b43 Initial load duke parents: diff changeset	1618	void send(HandshakeOutStream output) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1619	output.putBytes16(name);
90ce3da70b43 Initial load duke parents: diff changeset	1620	}
90ce3da70b43 Initial load duke parents: diff changeset	1621
90ce3da70b43 Initial load duke parents: diff changeset	1622	void print(PrintStream output) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1623	X500Principal principal = new X500Principal(name);
90ce3da70b43 Initial load duke parents: diff changeset	1624	output.println("<" + principal.toString() + ">");
90ce3da70b43 Initial load duke parents: diff changeset	1625	}
90ce3da70b43 Initial load duke parents: diff changeset	1626	}
90ce3da70b43 Initial load duke parents: diff changeset	1627
90ce3da70b43 Initial load duke parents: diff changeset	1628	/*
90ce3da70b43 Initial load duke parents: diff changeset	1629	* CertificateRequest ... SERVER --> CLIENT
90ce3da70b43 Initial load duke parents: diff changeset	1630	*
90ce3da70b43 Initial load duke parents: diff changeset	1631	* Authenticated servers may ask clients to authenticate themselves
90ce3da70b43 Initial load duke parents: diff changeset	1632	* in turn, using this message.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1633	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1634	* Prior to TLS 1.2, the structure of the message is defined as:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1635	* struct {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1636	* ClientCertificateType certificate_types<1..2^8-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1637	* DistinguishedName certificate_authorities<0..2^16-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1638	* } CertificateRequest;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1639	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1640	* In TLS 1.2, the structure is changed to:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1641	* struct {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1642	* ClientCertificateType certificate_types<1..2^8-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1643	* SignatureAndHashAlgorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1644	* supported_signature_algorithms<2^16-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1645	* DistinguishedName certificate_authorities<0..2^16-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1646	* } CertificateRequest;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1647	*
2 90ce3da70b43 Initial load duke parents: diff changeset	1648	*/
90ce3da70b43 Initial load duke parents: diff changeset	1649	static final
90ce3da70b43 Initial load duke parents: diff changeset	1650	class CertificateRequest extends HandshakeMessage
90ce3da70b43 Initial load duke parents: diff changeset	1651	{
90ce3da70b43 Initial load duke parents: diff changeset	1652	// enum ClientCertificateType
90ce3da70b43 Initial load duke parents: diff changeset	1653	static final int cct_rsa_sign = 1;
90ce3da70b43 Initial load duke parents: diff changeset	1654	static final int cct_dss_sign = 2;
90ce3da70b43 Initial load duke parents: diff changeset	1655	static final int cct_rsa_fixed_dh = 3;
90ce3da70b43 Initial load duke parents: diff changeset	1656	static final int cct_dss_fixed_dh = 4;
90ce3da70b43 Initial load duke parents: diff changeset	1657
90ce3da70b43 Initial load duke parents: diff changeset	1658	// The existance of these two values is a bug in the SSL specification.
90ce3da70b43 Initial load duke parents: diff changeset	1659	// They are never used in the protocol.
90ce3da70b43 Initial load duke parents: diff changeset	1660	static final int cct_rsa_ephemeral_dh = 5;
90ce3da70b43 Initial load duke parents: diff changeset	1661	static final int cct_dss_ephemeral_dh = 6;
90ce3da70b43 Initial load duke parents: diff changeset	1662
90ce3da70b43 Initial load duke parents: diff changeset	1663	// From RFC 4492 (ECC)
90ce3da70b43 Initial load duke parents: diff changeset	1664	static final int cct_ecdsa_sign = 64;
90ce3da70b43 Initial load duke parents: diff changeset	1665	static final int cct_rsa_fixed_ecdh = 65;
90ce3da70b43 Initial load duke parents: diff changeset	1666	static final int cct_ecdsa_fixed_ecdh = 66;
90ce3da70b43 Initial load duke parents: diff changeset	1667
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	1668	private static final byte[] TYPES_NO_ECC = { cct_rsa_sign, cct_dss_sign };
2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	1669	private static final byte[] TYPES_ECC =
2 90ce3da70b43 Initial load duke parents: diff changeset	1670	{ cct_rsa_sign, cct_dss_sign, cct_ecdsa_sign };
90ce3da70b43 Initial load duke parents: diff changeset	1671
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1672	byte[] types; // 1 to 255 types
0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1673	DistinguishedName[] authorities; // 3 to 2^16 - 1
2 90ce3da70b43 Initial load duke parents: diff changeset	1674	// ... "3" because that's the smallest DER-encoded X500 DN
90ce3da70b43 Initial load duke parents: diff changeset	1675
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1676	// protocol version being established using this CertificateRequest message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1677	ProtocolVersion protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1678
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1679	// supported_signature_algorithms for TLS 1.2 or later
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1680	private Collection<SignatureAndHashAlgorithm> algorithms;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1681
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1682	// length of supported_signature_algorithms
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1683	private int algorithmsLen;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1684
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	1685	CertificateRequest(X509Certificate[] ca, KeyExchange keyExchange,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1686	Collection<SignatureAndHashAlgorithm> signAlgs,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1687	ProtocolVersion protocolVersion) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1688
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1689	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1690
2 90ce3da70b43 Initial load duke parents: diff changeset	1691	// always use X500Principal
90ce3da70b43 Initial load duke parents: diff changeset	1692	authorities = new DistinguishedName[ca.length];
90ce3da70b43 Initial load duke parents: diff changeset	1693	for (int i = 0; i < ca.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	1694	X500Principal x500Principal = ca[i].getSubjectX500Principal();
90ce3da70b43 Initial load duke parents: diff changeset	1695	authorities[i] = new DistinguishedName(x500Principal);
90ce3da70b43 Initial load duke parents: diff changeset	1696	}
90ce3da70b43 Initial load duke parents: diff changeset	1697	// we support RSA, DSS, and ECDSA client authentication and they
90ce3da70b43 Initial load duke parents: diff changeset	1698	// can be used with all ciphersuites. If this changes, the code
90ce3da70b43 Initial load duke parents: diff changeset	1699	// needs to be adapted to take keyExchange into account.
90ce3da70b43 Initial load duke parents: diff changeset	1700	// We only request ECDSA client auth if we have ECC crypto available.
90ce3da70b43 Initial load duke parents: diff changeset	1701	this.types = JsseJce.isEcAvailable() ? TYPES_ECC : TYPES_NO_ECC;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1702
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1703	// Use supported_signature_algorithms for TLS 1.2 or later.
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1704	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1705	if (signAlgs == null \|\| signAlgs.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1706	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1707	"No supported signature algorithms");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1708	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1709
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1710	algorithms = new ArrayList<SignatureAndHashAlgorithm>(signAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1711	algorithmsLen =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1712	SignatureAndHashAlgorithm.sizeInRecord() * algorithms.size();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1713	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1714	algorithms = new ArrayList<SignatureAndHashAlgorithm>();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1715	algorithmsLen = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1716	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1717	}
90ce3da70b43 Initial load duke parents: diff changeset	1718
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1719	CertificateRequest(HandshakeInStream input,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1720	ProtocolVersion protocolVersion) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1721
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1722	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1723
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1724	// Read the certificate_types.
2 90ce3da70b43 Initial load duke parents: diff changeset	1725	types = input.getBytes8();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1726
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1727	// Read the supported_signature_algorithms for TLS 1.2 or later.
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1728	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1729	algorithmsLen = input.getInt16();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1730	if (algorithmsLen < 2) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1731	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1732	"Invalid supported_signature_algorithms field");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1733	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1734
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1735	algorithms = new ArrayList<SignatureAndHashAlgorithm>();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1736	int remains = algorithmsLen;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1737	int sequence = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1738	while (remains > 1) { // needs at least two bytes
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1739	int hash = input.getInt8(); // hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1740	int signature = input.getInt8(); // signature algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1741
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1742	SignatureAndHashAlgorithm algorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1743	SignatureAndHashAlgorithm.valueOf(hash, signature,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1744	++sequence);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1745	algorithms.add(algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1746	remains -= 2; // one byte for hash, one byte for signature
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1747	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1748
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1749	if (remains != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1750	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1751	"Invalid supported_signature_algorithms field");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1752	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1753	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1754	algorithms = new ArrayList<SignatureAndHashAlgorithm>();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1755	algorithmsLen = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1756	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1757
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1758	// read the certificate_authorities
2 90ce3da70b43 Initial load duke parents: diff changeset	1759	int len = input.getInt16();
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	1760	ArrayList<DistinguishedName> v = new ArrayList<>();
2 90ce3da70b43 Initial load duke parents: diff changeset	1761	while (len >= 3) {
90ce3da70b43 Initial load duke parents: diff changeset	1762	DistinguishedName dn = new DistinguishedName(input);
90ce3da70b43 Initial load duke parents: diff changeset	1763	v.add(dn);
90ce3da70b43 Initial load duke parents: diff changeset	1764	len -= dn.length();
90ce3da70b43 Initial load duke parents: diff changeset	1765	}
90ce3da70b43 Initial load duke parents: diff changeset	1766
90ce3da70b43 Initial load duke parents: diff changeset	1767	if (len != 0) {
90ce3da70b43 Initial load duke parents: diff changeset	1768	throw new SSLProtocolException("Bad CertificateRequest DN length");
90ce3da70b43 Initial load duke parents: diff changeset	1769	}
90ce3da70b43 Initial load duke parents: diff changeset	1770
90ce3da70b43 Initial load duke parents: diff changeset	1771	authorities = v.toArray(new DistinguishedName[v.size()]);
90ce3da70b43 Initial load duke parents: diff changeset	1772	}
90ce3da70b43 Initial load duke parents: diff changeset	1773
90ce3da70b43 Initial load duke parents: diff changeset	1774	X500Principal[] getAuthorities() throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1775	X500Principal[] ret = new X500Principal[authorities.length];
90ce3da70b43 Initial load duke parents: diff changeset	1776	for (int i = 0; i < authorities.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	1777	ret[i] = authorities[i].getX500Principal();
90ce3da70b43 Initial load duke parents: diff changeset	1778	}
90ce3da70b43 Initial load duke parents: diff changeset	1779	return ret;
90ce3da70b43 Initial load duke parents: diff changeset	1780	}
90ce3da70b43 Initial load duke parents: diff changeset	1781
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1782	Collection<SignatureAndHashAlgorithm> getSignAlgorithms() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1783	return algorithms;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1784	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1785
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1786	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1787	int messageType() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1788	return ht_certificate_request;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1789	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1790
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1791	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1792	int messageLength() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1793	int len = 1 + types.length + 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1794
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1795	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1796	len += algorithmsLen + 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1797	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1798
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1799	for (int i = 0; i < authorities.length; i++) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1800	len += authorities[i].length();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1801	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1802
2 90ce3da70b43 Initial load duke parents: diff changeset	1803	return len;
90ce3da70b43 Initial load duke parents: diff changeset	1804	}
90ce3da70b43 Initial load duke parents: diff changeset	1805
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1806	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1807	void send(HandshakeOutStream output) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1808	// put certificate_types
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1809	output.putBytes8(types);
2 90ce3da70b43 Initial load duke parents: diff changeset	1810
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1811	// put supported_signature_algorithms
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1812	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1813	output.putInt16(algorithmsLen);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1814	for (SignatureAndHashAlgorithm algorithm : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1815	output.putInt8(algorithm.getHashValue()); // hash
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1816	output.putInt8(algorithm.getSignatureValue()); // signature
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1817	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1818	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1819
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1820	// put certificate_authorities
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1821	int len = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1822	for (int i = 0; i < authorities.length; i++) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1823	len += authorities[i].length();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1824	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1825
90ce3da70b43 Initial load duke parents: diff changeset	1826	output.putInt16(len);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1827	for (int i = 0; i < authorities.length; i++) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1828	authorities[i].send(output);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1829	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1830	}
90ce3da70b43 Initial load duke parents: diff changeset	1831
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1832	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1833	void print(PrintStream s) throws IOException {
2 90ce3da70b43 Initial load duke parents: diff changeset	1834	s.println("*** CertificateRequest");
90ce3da70b43 Initial load duke parents: diff changeset	1835
90ce3da70b43 Initial load duke parents: diff changeset	1836	if (debug != null && Debug.isOn("verbose")) {
90ce3da70b43 Initial load duke parents: diff changeset	1837	s.print("Cert Types: ");
90ce3da70b43 Initial load duke parents: diff changeset	1838	for (int i = 0; i < types.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	1839	switch (types[i]) {
90ce3da70b43 Initial load duke parents: diff changeset	1840	case cct_rsa_sign:
90ce3da70b43 Initial load duke parents: diff changeset	1841	s.print("RSA"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1842	case cct_dss_sign:
90ce3da70b43 Initial load duke parents: diff changeset	1843	s.print("DSS"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1844	case cct_rsa_fixed_dh:
90ce3da70b43 Initial load duke parents: diff changeset	1845	s.print("Fixed DH (RSA sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1846	case cct_dss_fixed_dh:
90ce3da70b43 Initial load duke parents: diff changeset	1847	s.print("Fixed DH (DSS sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1848	case cct_rsa_ephemeral_dh:
90ce3da70b43 Initial load duke parents: diff changeset	1849	s.print("Ephemeral DH (RSA sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1850	case cct_dss_ephemeral_dh:
90ce3da70b43 Initial load duke parents: diff changeset	1851	s.print("Ephemeral DH (DSS sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1852	case cct_ecdsa_sign:
90ce3da70b43 Initial load duke parents: diff changeset	1853	s.print("ECDSA"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1854	case cct_rsa_fixed_ecdh:
90ce3da70b43 Initial load duke parents: diff changeset	1855	s.print("Fixed ECDH (RSA sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1856	case cct_ecdsa_fixed_ecdh:
90ce3da70b43 Initial load duke parents: diff changeset	1857	s.print("Fixed ECDH (ECDSA sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1858	default:
90ce3da70b43 Initial load duke parents: diff changeset	1859	s.print("Type-" + (types[i] & 0xff)); break;
90ce3da70b43 Initial load duke parents: diff changeset	1860	}
90ce3da70b43 Initial load duke parents: diff changeset	1861	if (i != types.length - 1) {
90ce3da70b43 Initial load duke parents: diff changeset	1862	s.print(", ");
90ce3da70b43 Initial load duke parents: diff changeset	1863	}
90ce3da70b43 Initial load duke parents: diff changeset	1864	}
90ce3da70b43 Initial load duke parents: diff changeset	1865	s.println();
90ce3da70b43 Initial load duke parents: diff changeset	1866
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1867	if (protocolVersion.useTLS12PlusSpec()) {
24969 afa6934dd8e8 8041679: Replace uses of StringBuffer with StringBuilder within core library classes psandoz parents: 16100 diff changeset	1868	StringBuilder sb = new StringBuilder();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1869	boolean opened = false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1870	for (SignatureAndHashAlgorithm signAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1871	if (opened) {
27957 24b4e6082f19 8055723: Replace concat String to append in StringBuilder parameters (dev) weijun parents: 27804 diff changeset	1872	sb.append(", ").append(signAlg.getAlgorithmName());
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1873	} else {
24969 afa6934dd8e8 8041679: Replace uses of StringBuffer with StringBuilder within core library classes psandoz parents: 16100 diff changeset	1874	sb.append(signAlg.getAlgorithmName());
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1875	opened = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1876	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1877	}
24969 afa6934dd8e8 8041679: Replace uses of StringBuffer with StringBuilder within core library classes psandoz parents: 16100 diff changeset	1878	s.println("Supported Signature Algorithms: " + sb);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1879	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1880
2 90ce3da70b43 Initial load duke parents: diff changeset	1881	s.println("Cert Authorities:");
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1882	if (authorities.length == 0) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1883	s.println("<Empty>");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1884	} else {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1885	for (int i = 0; i < authorities.length; i++) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1886	authorities[i].print(s);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1887	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1888	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1889	}
90ce3da70b43 Initial load duke parents: diff changeset	1890	}
90ce3da70b43 Initial load duke parents: diff changeset	1891	}
90ce3da70b43 Initial load duke parents: diff changeset	1892
90ce3da70b43 Initial load duke parents: diff changeset	1893
90ce3da70b43 Initial load duke parents: diff changeset	1894	/*
90ce3da70b43 Initial load duke parents: diff changeset	1895	* ServerHelloDone ... SERVER --> CLIENT
90ce3da70b43 Initial load duke parents: diff changeset	1896	*
90ce3da70b43 Initial load duke parents: diff changeset	1897	* When server's done sending its messages in response to the client's
90ce3da70b43 Initial load duke parents: diff changeset	1898	* "hello" (e.g. its own hello, certificate, key exchange message, perhaps
90ce3da70b43 Initial load duke parents: diff changeset	1899	* client certificate request) it sends this message to flag that it's
90ce3da70b43 Initial load duke parents: diff changeset	1900	* done that part of the handshake.
90ce3da70b43 Initial load duke parents: diff changeset	1901	*/
90ce3da70b43 Initial load duke parents: diff changeset	1902	static final
90ce3da70b43 Initial load duke parents: diff changeset	1903	class ServerHelloDone extends HandshakeMessage
90ce3da70b43 Initial load duke parents: diff changeset	1904	{
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1905	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1906	int messageType() { return ht_server_hello_done; }
90ce3da70b43 Initial load duke parents: diff changeset	1907
90ce3da70b43 Initial load duke parents: diff changeset	1908	ServerHelloDone() { }
90ce3da70b43 Initial load duke parents: diff changeset	1909
90ce3da70b43 Initial load duke parents: diff changeset	1910	ServerHelloDone(HandshakeInStream input)
90ce3da70b43 Initial load duke parents: diff changeset	1911	{
90ce3da70b43 Initial load duke parents: diff changeset	1912	// nothing to do
90ce3da70b43 Initial load duke parents: diff changeset	1913	}
90ce3da70b43 Initial load duke parents: diff changeset	1914
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1915	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1916	int messageLength()
90ce3da70b43 Initial load duke parents: diff changeset	1917	{
90ce3da70b43 Initial load duke parents: diff changeset	1918	return 0;
90ce3da70b43 Initial load duke parents: diff changeset	1919	}
90ce3da70b43 Initial load duke parents: diff changeset	1920
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1921	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1922	void send(HandshakeOutStream s) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	1923	{
90ce3da70b43 Initial load duke parents: diff changeset	1924	// nothing to send
90ce3da70b43 Initial load duke parents: diff changeset	1925	}
90ce3da70b43 Initial load duke parents: diff changeset	1926
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1927	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1928	void print(PrintStream s) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	1929	{
90ce3da70b43 Initial load duke parents: diff changeset	1930	s.println("*** ServerHelloDone");
90ce3da70b43 Initial load duke parents: diff changeset	1931	}
90ce3da70b43 Initial load duke parents: diff changeset	1932	}
90ce3da70b43 Initial load duke parents: diff changeset	1933
90ce3da70b43 Initial load duke parents: diff changeset	1934
90ce3da70b43 Initial load duke parents: diff changeset	1935	/*
90ce3da70b43 Initial load duke parents: diff changeset	1936	* CertificateVerify ... CLIENT --> SERVER
90ce3da70b43 Initial load duke parents: diff changeset	1937	*
90ce3da70b43 Initial load duke parents: diff changeset	1938	* Sent after client sends signature-capable certificates (e.g. not
90ce3da70b43 Initial load duke parents: diff changeset	1939	* Diffie-Hellman) to verify.
90ce3da70b43 Initial load duke parents: diff changeset	1940	*/
90ce3da70b43 Initial load duke parents: diff changeset	1941	static final class CertificateVerify extends HandshakeMessage {
90ce3da70b43 Initial load duke parents: diff changeset	1942
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1943	// the signature bytes
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1944	private byte[] signature;
2 90ce3da70b43 Initial load duke parents: diff changeset	1945
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1946	// protocol version being established using this ServerKeyExchange message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1947	ProtocolVersion protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1948
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1949	// the preferable signature algorithm used by this CertificateVerify message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1950	private SignatureAndHashAlgorithm preferableSignatureAlgorithm = null;
2 90ce3da70b43 Initial load duke parents: diff changeset	1951
90ce3da70b43 Initial load duke parents: diff changeset	1952	/*
90ce3da70b43 Initial load duke parents: diff changeset	1953	* Create an RSA or DSA signed certificate verify message.
90ce3da70b43 Initial load duke parents: diff changeset	1954	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1955	CertificateVerify(ProtocolVersion protocolVersion,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1956	HandshakeHash handshakeHash, PrivateKey privateKey,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1957	SecretKey masterSecret, SecureRandom sr,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1958	SignatureAndHashAlgorithm signAlgorithm)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1959	throws GeneralSecurityException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1960
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1961	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1962
2 90ce3da70b43 Initial load duke parents: diff changeset	1963	String algorithm = privateKey.getAlgorithm();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1964	Signature sig = null;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1965	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1966	this.preferableSignatureAlgorithm = signAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1967	sig = JsseJce.getSignature(signAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1968	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1969	sig = getSignature(protocolVersion, algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1970	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1971	sig.initSign(privateKey, sr);
90ce3da70b43 Initial load duke parents: diff changeset	1972	updateSignature(sig, protocolVersion, handshakeHash, algorithm,
90ce3da70b43 Initial load duke parents: diff changeset	1973	masterSecret);
90ce3da70b43 Initial load duke parents: diff changeset	1974	signature = sig.sign();
90ce3da70b43 Initial load duke parents: diff changeset	1975	}
90ce3da70b43 Initial load duke parents: diff changeset	1976
90ce3da70b43 Initial load duke parents: diff changeset	1977	//
90ce3da70b43 Initial load duke parents: diff changeset	1978	// Unmarshal the signed data from the input stream.
90ce3da70b43 Initial load duke parents: diff changeset	1979	//
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1980	CertificateVerify(HandshakeInStream input,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1981	Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1982	ProtocolVersion protocolVersion) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1983
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1984	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1985
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1986	// read the signature and hash algorithm
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	1987	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1988	int hashAlg = input.getInt8(); // hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1989	int signAlg = input.getInt8(); // signature algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1990
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1991	preferableSignatureAlgorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1992	SignatureAndHashAlgorithm.valueOf(hashAlg, signAlg, 0);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1993
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1994	// Is it a local supported signature algorithm?
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1995	if (!localSupportedSignAlgs.contains(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1996	preferableSignatureAlgorithm)) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1997	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1998	"Unsupported SignatureAndHashAlgorithm in " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1999	"ServerKeyExchange message");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2000	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2001	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2002
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2003	// read the signature
2 90ce3da70b43 Initial load duke parents: diff changeset	2004	signature = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	2005	}
90ce3da70b43 Initial load duke parents: diff changeset	2006
90ce3da70b43 Initial load duke parents: diff changeset	2007	/*
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2008	* Get the preferable signature algorithm used by this message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2009	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2010	SignatureAndHashAlgorithm getPreferableSignatureAlgorithm() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2011	return preferableSignatureAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2012	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2013
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2014	/*
2 90ce3da70b43 Initial load duke parents: diff changeset	2015	* Verify a certificate verify message. Return the result of verification,
90ce3da70b43 Initial load duke parents: diff changeset	2016	* if there is a problem throw a GeneralSecurityException.
90ce3da70b43 Initial load duke parents: diff changeset	2017	*/
90ce3da70b43 Initial load duke parents: diff changeset	2018	boolean verify(ProtocolVersion protocolVersion,
90ce3da70b43 Initial load duke parents: diff changeset	2019	HandshakeHash handshakeHash, PublicKey publicKey,
90ce3da70b43 Initial load duke parents: diff changeset	2020	SecretKey masterSecret) throws GeneralSecurityException {
90ce3da70b43 Initial load duke parents: diff changeset	2021	String algorithm = publicKey.getAlgorithm();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2022	Signature sig = null;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2023	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2024	sig = JsseJce.getSignature(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2025	preferableSignatureAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2026	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2027	sig = getSignature(protocolVersion, algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2028	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2029	sig.initVerify(publicKey);
90ce3da70b43 Initial load duke parents: diff changeset	2030	updateSignature(sig, protocolVersion, handshakeHash, algorithm,
90ce3da70b43 Initial load duke parents: diff changeset	2031	masterSecret);
90ce3da70b43 Initial load duke parents: diff changeset	2032	return sig.verify(signature);
90ce3da70b43 Initial load duke parents: diff changeset	2033	}
90ce3da70b43 Initial load duke parents: diff changeset	2034
90ce3da70b43 Initial load duke parents: diff changeset	2035	/*
90ce3da70b43 Initial load duke parents: diff changeset	2036	* Get the Signature object appropriate for verification using the
90ce3da70b43 Initial load duke parents: diff changeset	2037	* given signature algorithm and protocol version.
90ce3da70b43 Initial load duke parents: diff changeset	2038	*/
90ce3da70b43 Initial load duke parents: diff changeset	2039	private static Signature getSignature(ProtocolVersion protocolVersion,
90ce3da70b43 Initial load duke parents: diff changeset	2040	String algorithm) throws GeneralSecurityException {
10336 0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2041	switch (algorithm) {
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2042	case "RSA":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2043	return RSASignature.getInternalInstance();
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2044	case "DSA":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2045	return JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA);
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2046	case "EC":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2047	return JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA);
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2048	default:
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2049	throw new SignatureException("Unrecognized algorithm: "
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2050	+ algorithm);
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	2051	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2052	}
90ce3da70b43 Initial load duke parents: diff changeset	2053
90ce3da70b43 Initial load duke parents: diff changeset	2054	/*
90ce3da70b43 Initial load duke parents: diff changeset	2055	* Update the Signature with the data appropriate for the given
90ce3da70b43 Initial load duke parents: diff changeset	2056	* signature algorithm and protocol version so that the object is
90ce3da70b43 Initial load duke parents: diff changeset	2057	* ready for signing or verifying.
90ce3da70b43 Initial load duke parents: diff changeset	2058	*/
90ce3da70b43 Initial load duke parents: diff changeset	2059	private static void updateSignature(Signature sig,
90ce3da70b43 Initial load duke parents: diff changeset	2060	ProtocolVersion protocolVersion,
90ce3da70b43 Initial load duke parents: diff changeset	2061	HandshakeHash handshakeHash, String algorithm, SecretKey masterKey)
90ce3da70b43 Initial load duke parents: diff changeset	2062	throws SignatureException {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2063
2 90ce3da70b43 Initial load duke parents: diff changeset	2064	if (algorithm.equals("RSA")) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2065	if (!protocolVersion.useTLS12PlusSpec()) { // TLS1.1-
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2066	MessageDigest md5Clone = handshakeHash.getMD5Clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2067	MessageDigest shaClone = handshakeHash.getSHAClone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2068
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2069	if (!protocolVersion.useTLS10PlusSpec()) { // SSLv3
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2070	updateDigest(md5Clone, MD5_pad1, MD5_pad2, masterKey);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2071	updateDigest(shaClone, SHA_pad1, SHA_pad2, masterKey);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2072	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2073
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2074	// The signature must be an instance of RSASignature, need
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2075	// to use these hashes directly.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2076	RSASignature.setHashes(sig, md5Clone, shaClone);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2077	} else { // TLS1.2+
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2078	sig.update(handshakeHash.getAllHandshakeMessages());
2 90ce3da70b43 Initial load duke parents: diff changeset	2079	}
90ce3da70b43 Initial load duke parents: diff changeset	2080	} else { // DSA, ECDSA
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2081	if (!protocolVersion.useTLS12PlusSpec()) { // TLS1.1-
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2082	MessageDigest shaClone = handshakeHash.getSHAClone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2083
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2084	if (!protocolVersion.useTLS10PlusSpec()) { // SSLv3
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2085	updateDigest(shaClone, SHA_pad1, SHA_pad2, masterKey);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2086	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2087
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2088	sig.update(shaClone.digest());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2089	} else { // TLS1.2+
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2090	sig.update(handshakeHash.getAllHandshakeMessages());
2 90ce3da70b43 Initial load duke parents: diff changeset	2091	}
90ce3da70b43 Initial load duke parents: diff changeset	2092	}
90ce3da70b43 Initial load duke parents: diff changeset	2093	}
90ce3da70b43 Initial load duke parents: diff changeset	2094
90ce3da70b43 Initial load duke parents: diff changeset	2095	/*
90ce3da70b43 Initial load duke parents: diff changeset	2096	* Update the MessageDigest for SSLv3 certificate verify or finished
90ce3da70b43 Initial load duke parents: diff changeset	2097	* message calculation. The digest must already have been updated with
90ce3da70b43 Initial load duke parents: diff changeset	2098	* all preceding handshake messages.
90ce3da70b43 Initial load duke parents: diff changeset	2099	* Used by the Finished class as well.
90ce3da70b43 Initial load duke parents: diff changeset	2100	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2101	private static void updateDigest(MessageDigest md,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2102	byte[] pad1, byte[] pad2,
2 90ce3da70b43 Initial load duke parents: diff changeset	2103	SecretKey masterSecret) {
90ce3da70b43 Initial load duke parents: diff changeset	2104	// Digest the key bytes if available.
90ce3da70b43 Initial load duke parents: diff changeset	2105	// Otherwise (sensitive key), try digesting the key directly.
90ce3da70b43 Initial load duke parents: diff changeset	2106	// That is currently only implemented in SunPKCS11 using a private
90ce3da70b43 Initial load duke parents: diff changeset	2107	// reflection API, so we avoid that if possible.
90ce3da70b43 Initial load duke parents: diff changeset	2108	byte[] keyBytes = "RAW".equals(masterSecret.getFormat())
90ce3da70b43 Initial load duke parents: diff changeset	2109	? masterSecret.getEncoded() : null;
90ce3da70b43 Initial load duke parents: diff changeset	2110	if (keyBytes != null) {
90ce3da70b43 Initial load duke parents: diff changeset	2111	md.update(keyBytes);
90ce3da70b43 Initial load duke parents: diff changeset	2112	} else {
90ce3da70b43 Initial load duke parents: diff changeset	2113	digestKey(md, masterSecret);
90ce3da70b43 Initial load duke parents: diff changeset	2114	}
90ce3da70b43 Initial load duke parents: diff changeset	2115	md.update(pad1);
90ce3da70b43 Initial load duke parents: diff changeset	2116	byte[] temp = md.digest();
90ce3da70b43 Initial load duke parents: diff changeset	2117
90ce3da70b43 Initial load duke parents: diff changeset	2118	if (keyBytes != null) {
90ce3da70b43 Initial load duke parents: diff changeset	2119	md.update(keyBytes);
90ce3da70b43 Initial load duke parents: diff changeset	2120	} else {
90ce3da70b43 Initial load duke parents: diff changeset	2121	digestKey(md, masterSecret);
90ce3da70b43 Initial load duke parents: diff changeset	2122	}
90ce3da70b43 Initial load duke parents: diff changeset	2123	md.update(pad2);
90ce3da70b43 Initial load duke parents: diff changeset	2124	md.update(temp);
90ce3da70b43 Initial load duke parents: diff changeset	2125	}
90ce3da70b43 Initial load duke parents: diff changeset	2126
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	2127	private static final Class<?> delegate;
2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	2128	private static final Field spiField;
2 90ce3da70b43 Initial load duke parents: diff changeset	2129
90ce3da70b43 Initial load duke parents: diff changeset	2130	static {
90ce3da70b43 Initial load duke parents: diff changeset	2131	try {
90ce3da70b43 Initial load duke parents: diff changeset	2132	delegate = Class.forName("java.security.MessageDigest$Delegate");
90ce3da70b43 Initial load duke parents: diff changeset	2133	spiField = delegate.getDeclaredField("digestSpi");
90ce3da70b43 Initial load duke parents: diff changeset	2134	} catch (Exception e) {
90ce3da70b43 Initial load duke parents: diff changeset	2135	throw new RuntimeException("Reflection failed", e);
90ce3da70b43 Initial load duke parents: diff changeset	2136	}
90ce3da70b43 Initial load duke parents: diff changeset	2137	makeAccessible(spiField);
90ce3da70b43 Initial load duke parents: diff changeset	2138	}
90ce3da70b43 Initial load duke parents: diff changeset	2139
90ce3da70b43 Initial load duke parents: diff changeset	2140	private static void makeAccessible(final AccessibleObject o) {
90ce3da70b43 Initial load duke parents: diff changeset	2141	AccessController.doPrivileged(new PrivilegedAction<Object>() {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	2142	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	2143	public Object run() {
90ce3da70b43 Initial load duke parents: diff changeset	2144	o.setAccessible(true);
90ce3da70b43 Initial load duke parents: diff changeset	2145	return null;
90ce3da70b43 Initial load duke parents: diff changeset	2146	}
90ce3da70b43 Initial load duke parents: diff changeset	2147	});
90ce3da70b43 Initial load duke parents: diff changeset	2148	}
90ce3da70b43 Initial load duke parents: diff changeset	2149
90ce3da70b43 Initial load duke parents: diff changeset	2150	// ConcurrentHashMap does not allow null values, use this marker object
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	2151	private static final Object NULL_OBJECT = new Object();
2 90ce3da70b43 Initial load duke parents: diff changeset	2152
90ce3da70b43 Initial load duke parents: diff changeset	2153	// cache Method objects per Spi class
90ce3da70b43 Initial load duke parents: diff changeset	2154	// Note that this will prevent the Spi classes from being GC'd. We assume
90ce3da70b43 Initial load duke parents: diff changeset	2155	// that is not a problem.
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	2156	private static final Map<Class<?>,Object> methodCache =
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	2157	new ConcurrentHashMap<>();
2 90ce3da70b43 Initial load duke parents: diff changeset	2158
90ce3da70b43 Initial load duke parents: diff changeset	2159	private static void digestKey(MessageDigest md, SecretKey key) {
90ce3da70b43 Initial load duke parents: diff changeset	2160	try {
90ce3da70b43 Initial load duke parents: diff changeset	2161	// Verify that md is implemented via MessageDigestSpi, not
90ce3da70b43 Initial load duke parents: diff changeset	2162	// via JDK 1.1 style MessageDigest subclassing.
90ce3da70b43 Initial load duke parents: diff changeset	2163	if (md.getClass() != delegate) {
90ce3da70b43 Initial load duke parents: diff changeset	2164	throw new Exception("Digest is not a MessageDigestSpi");
90ce3da70b43 Initial load duke parents: diff changeset	2165	}
90ce3da70b43 Initial load duke parents: diff changeset	2166	MessageDigestSpi spi = (MessageDigestSpi)spiField.get(md);
90ce3da70b43 Initial load duke parents: diff changeset	2167	Class<?> clazz = spi.getClass();
90ce3da70b43 Initial load duke parents: diff changeset	2168	Object r = methodCache.get(clazz);
90ce3da70b43 Initial load duke parents: diff changeset	2169	if (r == null) {
90ce3da70b43 Initial load duke parents: diff changeset	2170	try {
90ce3da70b43 Initial load duke parents: diff changeset	2171	r = clazz.getDeclaredMethod("implUpdate", SecretKey.class);
90ce3da70b43 Initial load duke parents: diff changeset	2172	makeAccessible((Method)r);
90ce3da70b43 Initial load duke parents: diff changeset	2173	} catch (NoSuchMethodException e) {
90ce3da70b43 Initial load duke parents: diff changeset	2174	r = NULL_OBJECT;
90ce3da70b43 Initial load duke parents: diff changeset	2175	}
90ce3da70b43 Initial load duke parents: diff changeset	2176	methodCache.put(clazz, r);
90ce3da70b43 Initial load duke parents: diff changeset	2177	}
90ce3da70b43 Initial load duke parents: diff changeset	2178	if (r == NULL_OBJECT) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2179	throw new Exception(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2180	"Digest does not support implUpdate(SecretKey)");
2 90ce3da70b43 Initial load duke parents: diff changeset	2181	}
90ce3da70b43 Initial load duke parents: diff changeset	2182	Method update = (Method)r;
90ce3da70b43 Initial load duke parents: diff changeset	2183	update.invoke(spi, key);
90ce3da70b43 Initial load duke parents: diff changeset	2184	} catch (Exception e) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2185	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2186	"Could not obtain encoded key and "
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2187	+ "MessageDigest cannot digest key", e);
2 90ce3da70b43 Initial load duke parents: diff changeset	2188	}
90ce3da70b43 Initial load duke parents: diff changeset	2189	}
90ce3da70b43 Initial load duke parents: diff changeset	2190
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2191	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2192	int messageType() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2193	return ht_certificate_verify;
2 90ce3da70b43 Initial load duke parents: diff changeset	2194	}
90ce3da70b43 Initial load duke parents: diff changeset	2195
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2196	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2197	int messageLength() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2198	int temp = 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2199
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2200	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2201	temp += SignatureAndHashAlgorithm.sizeInRecord();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2202	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2203
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2204	return temp + signature.length;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2205	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2206
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2207	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	2208	void send(HandshakeOutStream s) throws IOException {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2209	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2210	s.putInt8(preferableSignatureAlgorithm.getHashValue());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2211	s.putInt8(preferableSignatureAlgorithm.getSignatureValue());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2212	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2213
2 90ce3da70b43 Initial load duke parents: diff changeset	2214	s.putBytes16(signature);
90ce3da70b43 Initial load duke parents: diff changeset	2215	}
90ce3da70b43 Initial load duke parents: diff changeset	2216
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2217	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	2218	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	2219	s.println("*** CertificateVerify");
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2220
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2221	if (debug != null && Debug.isOn("verbose")) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2222	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2223	s.println("Signature Algorithm " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2224	preferableSignatureAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2225	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2226	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2227	}
90ce3da70b43 Initial load duke parents: diff changeset	2228	}
90ce3da70b43 Initial load duke parents: diff changeset	2229
90ce3da70b43 Initial load duke parents: diff changeset	2230
90ce3da70b43 Initial load duke parents: diff changeset	2231	/*
90ce3da70b43 Initial load duke parents: diff changeset	2232	* FINISHED ... sent by both CLIENT and SERVER
90ce3da70b43 Initial load duke parents: diff changeset	2233	*
90ce3da70b43 Initial load duke parents: diff changeset	2234	* This is the FINISHED message as defined in the SSL and TLS protocols.
90ce3da70b43 Initial load duke parents: diff changeset	2235	* Both protocols define this handshake message slightly differently.
90ce3da70b43 Initial load duke parents: diff changeset	2236	* This class supports both formats.
90ce3da70b43 Initial load duke parents: diff changeset	2237	*
90ce3da70b43 Initial load duke parents: diff changeset	2238	* When handshaking is finished, each side sends a "change_cipher_spec"
90ce3da70b43 Initial load duke parents: diff changeset	2239	* record, then immediately sends a "finished" handshake message prepared
90ce3da70b43 Initial load duke parents: diff changeset	2240	* according to the newly adopted cipher spec.
90ce3da70b43 Initial load duke parents: diff changeset	2241	*
90ce3da70b43 Initial load duke parents: diff changeset	2242	* NOTE that until this is sent, no application data may be passed, unless
90ce3da70b43 Initial load duke parents: diff changeset	2243	* some non-default cipher suite has already been set up on this connection
90ce3da70b43 Initial load duke parents: diff changeset	2244	* connection (e.g. a previous handshake arranged one).
90ce3da70b43 Initial load duke parents: diff changeset	2245	*/
90ce3da70b43 Initial load duke parents: diff changeset	2246	static final class Finished extends HandshakeMessage {
90ce3da70b43 Initial load duke parents: diff changeset	2247
90ce3da70b43 Initial load duke parents: diff changeset	2248	// constant for a Finished message sent by the client
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	2249	static final int CLIENT = 1;
2 90ce3da70b43 Initial load duke parents: diff changeset	2250
90ce3da70b43 Initial load duke parents: diff changeset	2251	// constant for a Finished message sent by the server
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	2252	static final int SERVER = 2;
2 90ce3da70b43 Initial load duke parents: diff changeset	2253
90ce3da70b43 Initial load duke parents: diff changeset	2254	// enum Sender: "CLNT" and "SRVR"
90ce3da70b43 Initial load duke parents: diff changeset	2255	private static final byte[] SSL_CLIENT = { 0x43, 0x4C, 0x4E, 0x54 };
90ce3da70b43 Initial load duke parents: diff changeset	2256	private static final byte[] SSL_SERVER = { 0x53, 0x52, 0x56, 0x52 };
90ce3da70b43 Initial load duke parents: diff changeset	2257
90ce3da70b43 Initial load duke parents: diff changeset	2258	/*
90ce3da70b43 Initial load duke parents: diff changeset	2259	* Contents of the finished message ("checksum"). For TLS, it
90ce3da70b43 Initial load duke parents: diff changeset	2260	* is 12 bytes long, for SSLv3 36 bytes.
90ce3da70b43 Initial load duke parents: diff changeset	2261	*/
90ce3da70b43 Initial load duke parents: diff changeset	2262	private byte[] verifyData;
90ce3da70b43 Initial load duke parents: diff changeset	2263
90ce3da70b43 Initial load duke parents: diff changeset	2264	/*
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2265	* Current cipher suite we are negotiating. TLS 1.2 has
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2266	* ciphersuite-defined PRF algorithms.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2267	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2268	private ProtocolVersion protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2269	private CipherSuite cipherSuite;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2270
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2271	/*
2 90ce3da70b43 Initial load duke parents: diff changeset	2272	* Create a finished message to send to the remote peer.
90ce3da70b43 Initial load duke parents: diff changeset	2273	*/
90ce3da70b43 Initial load duke parents: diff changeset	2274	Finished(ProtocolVersion protocolVersion, HandshakeHash handshakeHash,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2275	int sender, SecretKey master, CipherSuite cipherSuite) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2276	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2277	this.cipherSuite = cipherSuite;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2278	verifyData = getFinished(handshakeHash, sender, master);
2 90ce3da70b43 Initial load duke parents: diff changeset	2279	}
90ce3da70b43 Initial load duke parents: diff changeset	2280
90ce3da70b43 Initial load duke parents: diff changeset	2281	/*
90ce3da70b43 Initial load duke parents: diff changeset	2282	* Constructor that reads FINISHED message from stream.
90ce3da70b43 Initial load duke parents: diff changeset	2283	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2284	Finished(ProtocolVersion protocolVersion, HandshakeInStream input,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2285	CipherSuite cipherSuite) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2286	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2287	this.cipherSuite = cipherSuite;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2288	int msgLen = protocolVersion.useTLS10PlusSpec() ? 12 : 36;
2 90ce3da70b43 Initial load duke parents: diff changeset	2289	verifyData = new byte[msgLen];
90ce3da70b43 Initial load duke parents: diff changeset	2290	input.read(verifyData);
90ce3da70b43 Initial load duke parents: diff changeset	2291	}
90ce3da70b43 Initial load duke parents: diff changeset	2292
90ce3da70b43 Initial load duke parents: diff changeset	2293	/*
90ce3da70b43 Initial load duke parents: diff changeset	2294	* Verify that the hashes here are what would have been produced
90ce3da70b43 Initial load duke parents: diff changeset	2295	* according to a given set of inputs. This is used to ensure that
90ce3da70b43 Initial load duke parents: diff changeset	2296	* both client and server are fully in sync, and that the handshake
90ce3da70b43 Initial load duke parents: diff changeset	2297	* computations have been successful.
90ce3da70b43 Initial load duke parents: diff changeset	2298	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2299	boolean verify(HandshakeHash handshakeHash, int sender, SecretKey master) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2300	byte[] myFinished = getFinished(handshakeHash, sender, master);
31695 4d10942c9a7b 8074865: General crypto resilience changes valeriep parents: 31538 diff changeset	2301	return MessageDigest.isEqual(myFinished, verifyData);
2 90ce3da70b43 Initial load duke parents: diff changeset	2302	}
90ce3da70b43 Initial load duke parents: diff changeset	2303
90ce3da70b43 Initial load duke parents: diff changeset	2304	/*
90ce3da70b43 Initial load duke parents: diff changeset	2305	* Perform the actual finished message calculation.
90ce3da70b43 Initial load duke parents: diff changeset	2306	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2307	private byte[] getFinished(HandshakeHash handshakeHash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2308	int sender, SecretKey masterKey) {
2 90ce3da70b43 Initial load duke parents: diff changeset	2309	byte[] sslLabel;
90ce3da70b43 Initial load duke parents: diff changeset	2310	String tlsLabel;
90ce3da70b43 Initial load duke parents: diff changeset	2311	if (sender == CLIENT) {
90ce3da70b43 Initial load duke parents: diff changeset	2312	sslLabel = SSL_CLIENT;
90ce3da70b43 Initial load duke parents: diff changeset	2313	tlsLabel = "client finished";
90ce3da70b43 Initial load duke parents: diff changeset	2314	} else if (sender == SERVER) {
90ce3da70b43 Initial load duke parents: diff changeset	2315	sslLabel = SSL_SERVER;
90ce3da70b43 Initial load duke parents: diff changeset	2316	tlsLabel = "server finished";
90ce3da70b43 Initial load duke parents: diff changeset	2317	} else {
90ce3da70b43 Initial load duke parents: diff changeset	2318	throw new RuntimeException("Invalid sender: " + sender);
90ce3da70b43 Initial load duke parents: diff changeset	2319	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2320
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2321	if (protocolVersion.useTLS10PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2322	// TLS 1.0+
2 90ce3da70b43 Initial load duke parents: diff changeset	2323	try {
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30904 diff changeset	2324	byte[] seed;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2325	String prfAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2326	PRF prf;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2327
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2328	// Get the KeyGenerator alg and calculate the seed.
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2329	if (protocolVersion.useTLS12PlusSpec()) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2330	// TLS 1.2+ or DTLS 1.2+
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2331	seed = handshakeHash.getFinishedHash();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2332
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2333	prfAlg = "SunTls12Prf";
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2334	prf = cipherSuite.prfAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2335	} else {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29264 diff changeset	2336	// TLS 1.0/1.1, DTLS 1.0
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2337	MessageDigest md5Clone = handshakeHash.getMD5Clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2338	MessageDigest shaClone = handshakeHash.getSHAClone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2339	seed = new byte[36];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2340	md5Clone.digest(seed, 0, 16);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2341	shaClone.digest(seed, 16, 20);
2 90ce3da70b43 Initial load duke parents: diff changeset	2342
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2343	prfAlg = "SunTlsPrf";
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2344	prf = P_NONE;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2345	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2346
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2347	String prfHashAlg = prf.getPRFHashAlg();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2348	int prfHashLength = prf.getPRFHashLength();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2349	int prfBlockSize = prf.getPRFBlockSize();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2350
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2351	/*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2352	* RFC 5246/7.4.9 says that finished messages can
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2353	* be ciphersuite-specific in both length/PRF hash
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2354	* algorithm. If we ever run across a different
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2355	* length, this call will need to be updated.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2356	*/
27804 4659e70271c4 8066617: Suppress deprecation warnings in java.base module darcy parents: 25859 diff changeset	2357	@SuppressWarnings("deprecation")
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2358	TlsPrfParameterSpec spec = new TlsPrfParameterSpec(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2359	masterKey, tlsLabel, seed, 12,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2360	prfHashAlg, prfHashLength, prfBlockSize);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2361
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2362	KeyGenerator kg = JsseJce.getKeyGenerator(prfAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2363	kg.init(spec);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2364	SecretKey prfKey = kg.generateKey();
2 90ce3da70b43 Initial load duke parents: diff changeset	2365	if ("RAW".equals(prfKey.getFormat()) == false) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2366	throw new ProviderException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2367	"Invalid PRF output, format must be RAW");
2 90ce3da70b43 Initial load duke parents: diff changeset	2368	}
90ce3da70b43 Initial load duke parents: diff changeset	2369	byte[] finished = prfKey.getEncoded();
90ce3da70b43 Initial load duke parents: diff changeset	2370	return finished;
90ce3da70b43 Initial load duke parents: diff changeset	2371	} catch (GeneralSecurityException e) {
90ce3da70b43 Initial load duke parents: diff changeset	2372	throw new RuntimeException("PRF failed", e);
90ce3da70b43 Initial load duke parents: diff changeset	2373	}
90ce3da70b43 Initial load duke parents: diff changeset	2374	} else {
90ce3da70b43 Initial load duke parents: diff changeset	2375	// SSLv3
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2376	MessageDigest md5Clone = handshakeHash.getMD5Clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	2377	MessageDigest shaClone = handshakeHash.getSHAClone();
2 90ce3da70b43 Initial load duke parents: diff changeset	2378	updateDigest(md5Clone, sslLabel, MD5_pad1, MD5_pad2, masterKey);
90ce3da70b43 Initial load duke parents: diff changeset	2379	updateDigest(shaClone, sslLabel, SHA_pad1, SHA_pad2, masterKey);
90ce3da70b43 Initial load duke parents: diff changeset	2380	byte[] finished = new byte[36];
90ce3da70b43 Initial load duke parents: diff changeset	2381	try {
90ce3da70b43 Initial load duke parents: diff changeset	2382	md5Clone.digest(finished, 0, 16);
90ce3da70b43 Initial load duke parents: diff changeset	2383	shaClone.digest(finished, 16, 20);
90ce3da70b43 Initial load duke parents: diff changeset	2384	} catch (DigestException e) {
90ce3da70b43 Initial load duke parents: diff changeset	2385	// cannot occur
90ce3da70b43 Initial load duke parents: diff changeset	2386	throw new RuntimeException("Digest failed", e);
90ce3da70b43 Initial load duke parents: diff changeset	2387	}
90ce3da70b43 Initial load duke parents: diff changeset	2388	return finished;
90ce3da70b43 Initial load duke parents: diff changeset	2389	}
90ce3da70b43 Initial load duke parents: diff changeset	2390	}
90ce3da70b43 Initial load duke parents: diff changeset	2391
90ce3da70b43 Initial load duke parents: diff changeset	2392	/*
90ce3da70b43 Initial load duke parents: diff changeset	2393	* Update the MessageDigest for SSLv3 finished message calculation.
90ce3da70b43 Initial load duke parents: diff changeset	2394	* The digest must already have been updated with all preceding handshake
90ce3da70b43 Initial load duke parents: diff changeset	2395	* messages. This operation is almost identical to the certificate verify
90ce3da70b43 Initial load duke parents: diff changeset	2396	* hash, reuse that code.
90ce3da70b43 Initial load duke parents: diff changeset	2397	*/
90ce3da70b43 Initial load duke parents: diff changeset	2398	private static void updateDigest(MessageDigest md, byte[] sender,
90ce3da70b43 Initial load duke parents: diff changeset	2399	byte[] pad1, byte[] pad2, SecretKey masterSecret) {
90ce3da70b43 Initial load duke parents: diff changeset	2400	md.update(sender);
90ce3da70b43 Initial load duke parents: diff changeset	2401	CertificateVerify.updateDigest(md, pad1, pad2, masterSecret);
90ce3da70b43 Initial load duke parents: diff changeset	2402	}
90ce3da70b43 Initial load duke parents: diff changeset	2403
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2404	// get the verify_data of the finished message
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2405	byte[] getVerifyData() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2406	return verifyData;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2407	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2408
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2409	@Override
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2410	int messageType() { return ht_finished; }
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2411
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2412	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	2413	int messageLength() {
90ce3da70b43 Initial load duke parents: diff changeset	2414	return verifyData.length;
90ce3da70b43 Initial load duke parents: diff changeset	2415	}
90ce3da70b43 Initial load duke parents: diff changeset	2416
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2417	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	2418	void send(HandshakeOutStream out) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	2419	out.write(verifyData);
90ce3da70b43 Initial load duke parents: diff changeset	2420	}
90ce3da70b43 Initial load duke parents: diff changeset	2421
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2422	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	2423	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	2424	s.println("*** Finished");
90ce3da70b43 Initial load duke parents: diff changeset	2425	if (debug != null && Debug.isOn("verbose")) {
90ce3da70b43 Initial load duke parents: diff changeset	2426	Debug.println(s, "verify_data", verifyData);
90ce3da70b43 Initial load duke parents: diff changeset	2427	s.println("***");
90ce3da70b43 Initial load duke parents: diff changeset	2428	}
90ce3da70b43 Initial load duke parents: diff changeset	2429	}
90ce3da70b43 Initial load duke parents: diff changeset	2430	}
90ce3da70b43 Initial load duke parents: diff changeset	2431
90ce3da70b43 Initial load duke parents: diff changeset	2432	//
90ce3da70b43 Initial load duke parents: diff changeset	2433	// END of nested classes
90ce3da70b43 Initial load duke parents: diff changeset	2434	//
90ce3da70b43 Initial load duke parents: diff changeset	2435
90ce3da70b43 Initial load duke parents: diff changeset	2436	}

author	vinnie
	Wed, 02 Dec 2015 03:37:29 +0000
changeset 34380	2b2609379881
parent 32649	2ee9017c7597
child 35298	9f93cbce8c44
permissions	-rw-r--r--