jdk-sandbox: jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java@2ee9017c7597 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
29264 5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	2	* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.io.*;
90ce3da70b43 Initial load duke parents: diff changeset	29	import java.math.BigInteger;
90ce3da70b43 Initial load duke parents: diff changeset	30	import java.security.*;
90ce3da70b43 Initial load duke parents: diff changeset	31	import java.util.*;
90ce3da70b43 Initial load duke parents: diff changeset	32
90ce3da70b43 Initial load duke parents: diff changeset	33	import java.security.interfaces.ECPublicKey;
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	34	import java.security.interfaces.RSAPublicKey;
2 90ce3da70b43 Initial load duke parents: diff changeset	35	import java.security.spec.ECParameterSpec;
90ce3da70b43 Initial load duke parents: diff changeset	36
90ce3da70b43 Initial load duke parents: diff changeset	37	import java.security.cert.X509Certificate;
90ce3da70b43 Initial load duke parents: diff changeset	38	import java.security.cert.CertificateException;
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	39	import java.security.cert.CertificateParsingException;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	40	import java.security.cert.CertPathValidatorException;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	41	import java.security.cert.CertPathValidatorException.Reason;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	42	import java.security.cert.CertPathValidatorException.BasicReason;
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	43	import javax.security.auth.x500.X500Principal;
2 90ce3da70b43 Initial load duke parents: diff changeset	44
90ce3da70b43 Initial load duke parents: diff changeset	45	import javax.crypto.SecretKey;
90ce3da70b43 Initial load duke parents: diff changeset	46
90ce3da70b43 Initial load duke parents: diff changeset	47	import javax.net.ssl.*;
90ce3da70b43 Initial load duke parents: diff changeset	48
90ce3da70b43 Initial load duke parents: diff changeset	49	import sun.security.ssl.HandshakeMessage.*;
90ce3da70b43 Initial load duke parents: diff changeset	50	import static sun.security.ssl.CipherSuite.KeyExchange.*;
90ce3da70b43 Initial load duke parents: diff changeset	51
90ce3da70b43 Initial load duke parents: diff changeset	52	/**
90ce3da70b43 Initial load duke parents: diff changeset	53	* ClientHandshaker does the protocol handshaking from the point
90ce3da70b43 Initial load duke parents: diff changeset	54	* of view of a client. It is driven asychronously by handshake messages
90ce3da70b43 Initial load duke parents: diff changeset	55	* as delivered by the parent Handshaker class, and also uses
90ce3da70b43 Initial load duke parents: diff changeset	56	* common functionality (e.g. key generation) that is provided there.
90ce3da70b43 Initial load duke parents: diff changeset	57	*
90ce3da70b43 Initial load duke parents: diff changeset	58	* @author David Brownell
90ce3da70b43 Initial load duke parents: diff changeset	59	*/
90ce3da70b43 Initial load duke parents: diff changeset	60	final class ClientHandshaker extends Handshaker {
90ce3da70b43 Initial load duke parents: diff changeset	61
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	62	// constants for subject alt names of type DNS and IP
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	63	private static final int ALTNAME_DNS = 2;
2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	64	private static final int ALTNAME_IP = 7;
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	65
2 90ce3da70b43 Initial load duke parents: diff changeset	66	// the server's public key from its certificate.
90ce3da70b43 Initial load duke parents: diff changeset	67	private PublicKey serverKey;
90ce3da70b43 Initial load duke parents: diff changeset	68
90ce3da70b43 Initial load duke parents: diff changeset	69	// the server's ephemeral public key from the server key exchange message
90ce3da70b43 Initial load duke parents: diff changeset	70	// for ECDHE/ECDH_anon and RSA_EXPORT.
90ce3da70b43 Initial load duke parents: diff changeset	71	private PublicKey ephemeralServerKey;
90ce3da70b43 Initial load duke parents: diff changeset	72
90ce3da70b43 Initial load duke parents: diff changeset	73	// server's ephemeral public value for DHE/DH_anon key exchanges
90ce3da70b43 Initial load duke parents: diff changeset	74	private BigInteger serverDH;
90ce3da70b43 Initial load duke parents: diff changeset	75
90ce3da70b43 Initial load duke parents: diff changeset	76	private DHCrypt dh;
90ce3da70b43 Initial load duke parents: diff changeset	77
90ce3da70b43 Initial load duke parents: diff changeset	78	private ECDHCrypt ecdh;
90ce3da70b43 Initial load duke parents: diff changeset	79
90ce3da70b43 Initial load duke parents: diff changeset	80	private CertificateRequest certRequest;
90ce3da70b43 Initial load duke parents: diff changeset	81
90ce3da70b43 Initial load duke parents: diff changeset	82	private boolean serverKeyExchangeReceived;
90ce3da70b43 Initial load duke parents: diff changeset	83
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	84	private final boolean enableStatusRequestExtension =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	85	Debug.getBooleanProperty(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	86	"jdk.tls.client.enableStatusRequestExtension", true);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	87	private boolean staplingActive = false;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	88	private X509Certificate[] deferredCerts;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	89
2 90ce3da70b43 Initial load duke parents: diff changeset	90	/*
90ce3da70b43 Initial load duke parents: diff changeset	91	* The RSA PreMasterSecret needs to know the version of
90ce3da70b43 Initial load duke parents: diff changeset	92	* ClientHello that was used on this handshake. This represents
90ce3da70b43 Initial load duke parents: diff changeset	93	* the "max version" this client is supporting. In the
90ce3da70b43 Initial load duke parents: diff changeset	94	* case of an initial handshake, it's the max version enabled,
90ce3da70b43 Initial load duke parents: diff changeset	95	* but in the case of a resumption attempt, it's the version
90ce3da70b43 Initial load duke parents: diff changeset	96	* of the session we're trying to resume.
90ce3da70b43 Initial load duke parents: diff changeset	97	*/
90ce3da70b43 Initial load duke parents: diff changeset	98	private ProtocolVersion maxProtocolVersion;
90ce3da70b43 Initial load duke parents: diff changeset	99
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	100	// To switch off the SNI extension.
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	101	private static final boolean enableSNIExtension =
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	102	Debug.getBooleanProperty("jsse.enableSNIExtension", true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	103
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	104	/*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	105	* Allow unsafe server certificate change?
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	106	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	107	* Server certificate change during SSL/TLS renegotiation may be considered
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	108	* unsafe, as described in the Triple Handshake attacks:
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	109	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	110	* https://secure-resumption.com/tlsauth.pdf
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	111	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	112	* Endpoint identification (See
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	113	* SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	114	* guarantee that the server certificate change in renegotiation is legal.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	115	* However, endpoing identification is only enabled for HTTPS and LDAP
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	116	* over SSL/TLS by default. It is not enough to protect SSL/TLS
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	117	* connections other than HTTPS and LDAP.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	118	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	119	* The renegotiation indication extension (See RFC 5764) is a pretty
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	120	* strong guarantee that the endpoints on both client and server sides
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	121	* are identical on the same connection. However, the Triple Handshake
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	122	* attacks can bypass this guarantee if there is a session-resumption
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	123	* handshake between the initial full handshake and the renegotiation
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	124	* full handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	125	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	126	* Server certificate change may be unsafe and should be restricted if
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	127	* endpoint identification is not enabled and the previous handshake is
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	128	* a session-resumption abbreviated initial handshake, unless the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	129	* identities represented by both certificates can be regraded as the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	130	* same (See isIdentityEquivalent()).
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	131	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	132	* Considering the compatibility impact and the actual requirements to
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	133	* support server certificate change in practice, the system property,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	134	* jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	135	* server certificate change in renegotiation is allowed or not. The
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	136	* default value of the system property is "false". To mitigate the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	137	* compactibility impact, applications may want to set the system
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	138	* property to "true" at their own risk.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	139	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	140	* If the value of the system property is "false", server certificate
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	141	* change in renegotiation after a session-resumption abbreviated initial
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	142	* handshake is restricted (See isIdentityEquivalent()).
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	143	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	144	* If the system property is set to "true" explicitly, the restriction on
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	145	* server certificate change in renegotiation is disabled.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	146	*/
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	147	private static final boolean allowUnsafeServerCertChange =
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	148	Debug.getBooleanProperty("jdk.tls.allowUnsafeServerCertChange", false);
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	149
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	150	// To switch off the max_fragment_length extension.
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 32032 diff changeset	151	private static final boolean enableMFLExtension =
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	152	Debug.getBooleanProperty("jsse.enableMFLExtension", false);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	153
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	154	private List<SNIServerName> requestedServerNames =
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	155	Collections.<SNIServerName>emptyList();
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	156
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	157	// maximum fragment length
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	158	private int requestedMFLength = -1; // -1: no fragment length limit
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	159
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	160	private boolean serverNamesAccepted = false;
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	161
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	162	private ClientHello initialClientHelloMsg = null; // DTLS only
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	163
2 90ce3da70b43 Initial load duke parents: diff changeset	164	/*
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	165	* the reserved server certificate chain in previous handshaking
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	166	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	167	* The server certificate chain is only reserved if the previous
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	168	* handshake is a session-resumption abbreviated initial handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	169	*/
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	170	private X509Certificate[] reservedServerCerts = null;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	171
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	172	/*
2 90ce3da70b43 Initial load duke parents: diff changeset	173	* Constructors
90ce3da70b43 Initial load duke parents: diff changeset	174	*/
90ce3da70b43 Initial load duke parents: diff changeset	175	ClientHandshaker(SSLSocketImpl socket, SSLContextImpl context,
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	176	ProtocolList enabledProtocols,
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	177	ProtocolVersion activeProtocolVersion,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	178	boolean isInitialHandshake, boolean secureRenegotiation,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	179	byte[] clientVerifyData, byte[] serverVerifyData) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	180
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	181	super(socket, context, enabledProtocols, true, true,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	182	activeProtocolVersion, isInitialHandshake, secureRenegotiation,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	183	clientVerifyData, serverVerifyData);
2 90ce3da70b43 Initial load duke parents: diff changeset	184	}
90ce3da70b43 Initial load duke parents: diff changeset	185
90ce3da70b43 Initial load duke parents: diff changeset	186	ClientHandshaker(SSLEngineImpl engine, SSLContextImpl context,
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	187	ProtocolList enabledProtocols,
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	188	ProtocolVersion activeProtocolVersion,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	189	boolean isInitialHandshake, boolean secureRenegotiation,
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	190	byte[] clientVerifyData, byte[] serverVerifyData,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	191	boolean isDTLS) {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	192
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	193	super(engine, context, enabledProtocols, true, true,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	194	activeProtocolVersion, isInitialHandshake, secureRenegotiation,
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	195	clientVerifyData, serverVerifyData, isDTLS);
2 90ce3da70b43 Initial load duke parents: diff changeset	196	}
90ce3da70b43 Initial load duke parents: diff changeset	197
90ce3da70b43 Initial load duke parents: diff changeset	198	/*
90ce3da70b43 Initial load duke parents: diff changeset	199	* This routine handles all the client side handshake messages, one at
90ce3da70b43 Initial load duke parents: diff changeset	200	* a time. Given the message type (and in some cases the pending cipher
90ce3da70b43 Initial load duke parents: diff changeset	201	* spec) it parses the type-specific message. Then it calls a function
90ce3da70b43 Initial load duke parents: diff changeset	202	* that handles that specific message.
90ce3da70b43 Initial load duke parents: diff changeset	203	*
90ce3da70b43 Initial load duke parents: diff changeset	204	* It updates the state machine (need to verify it) as each message
90ce3da70b43 Initial load duke parents: diff changeset	205	* is processed, and writes responses as needed using the connection
90ce3da70b43 Initial load duke parents: diff changeset	206	* in the constructor.
90ce3da70b43 Initial load duke parents: diff changeset	207	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	208	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	209	void processMessage(byte type, int messageLen) throws IOException {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	210	// check the handshake state
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	211	List<Byte> ignoredOptStates = handshakeState.check(type);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	212
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	213	// If the state machine has skipped over certificate status
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	214	// and stapling was enabled, we need to check the chain immediately
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	215	// because it was deferred, waiting for CertificateStatus.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	216	if (staplingActive && ignoredOptStates.contains(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	217	HandshakeMessage.ht_certificate_status)) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	218	checkServerCerts(deferredCerts);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	219	serverKey = session.getPeerCertificates()[0].getPublicKey();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	220	}
2 90ce3da70b43 Initial load duke parents: diff changeset	221
90ce3da70b43 Initial load duke parents: diff changeset	222	switch (type) {
90ce3da70b43 Initial load duke parents: diff changeset	223	case HandshakeMessage.ht_hello_request:
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	224	HelloRequest helloRequest = new HelloRequest(input);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	225	handshakeState.update(helloRequest, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	226	this.serverHelloRequest(helloRequest);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	227	break;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	228
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	229	case HandshakeMessage.ht_hello_verify_request:
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	230	if (!isDTLS) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	231	throw new SSLProtocolException(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	232	"hello_verify_request is not a SSL/TLS handshake message");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	233	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	234
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	235	HelloVerifyRequest helloVerifyRequest =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	236	new HelloVerifyRequest(input, messageLen);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	237	handshakeState.update(helloVerifyRequest, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	238	this.helloVerifyRequest(helloVerifyRequest);
2 90ce3da70b43 Initial load duke parents: diff changeset	239	break;
90ce3da70b43 Initial load duke parents: diff changeset	240
90ce3da70b43 Initial load duke parents: diff changeset	241	case HandshakeMessage.ht_server_hello:
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	242	ServerHello serverHello = new ServerHello(input, messageLen);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	243	this.serverHello(serverHello);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	244
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	245	// This handshake state update needs the resumingSession value
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	246	// set by serverHello().
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	247	handshakeState.update(serverHello, resumingSession);
2 90ce3da70b43 Initial load duke parents: diff changeset	248	break;
90ce3da70b43 Initial load duke parents: diff changeset	249
90ce3da70b43 Initial load duke parents: diff changeset	250	case HandshakeMessage.ht_certificate:
90ce3da70b43 Initial load duke parents: diff changeset	251	if (keyExchange == K_DH_ANON \|\| keyExchange == K_ECDH_ANON
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	252	\|\| ClientKeyExchangeService.find(keyExchange.name) != null) {
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	253	// No external key exchange provider needs a cert now.
2 90ce3da70b43 Initial load duke parents: diff changeset	254	fatalSE(Alerts.alert_unexpected_message,
90ce3da70b43 Initial load duke parents: diff changeset	255	"unexpected server cert chain");
90ce3da70b43 Initial load duke parents: diff changeset	256	// NOTREACHED
90ce3da70b43 Initial load duke parents: diff changeset	257	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	258	CertificateMsg certificateMsg = new CertificateMsg(input);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	259	handshakeState.update(certificateMsg, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	260	this.serverCertificate(certificateMsg);
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	261	if (!staplingActive) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	262	// If we are not doing stapling, we can set serverKey right
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	263	// away. Otherwise, we will wait until verification of the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	264	// chain has completed after CertificateStatus;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	265	serverKey = session.getPeerCertificates()[0].getPublicKey();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	266	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	267	break;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	268
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	269	case HandshakeMessage.ht_certificate_status:
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	270	CertificateStatus certStatusMsg = new CertificateStatus(input);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	271	handshakeState.update(certStatusMsg, resumingSession);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	272	this.certificateStatus(certStatusMsg);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	273	serverKey = session.getPeerCertificates()[0].getPublicKey();
2 90ce3da70b43 Initial load duke parents: diff changeset	274	break;
90ce3da70b43 Initial load duke parents: diff changeset	275
90ce3da70b43 Initial load duke parents: diff changeset	276	case HandshakeMessage.ht_server_key_exchange:
90ce3da70b43 Initial load duke parents: diff changeset	277	serverKeyExchangeReceived = true;
90ce3da70b43 Initial load duke parents: diff changeset	278	switch (keyExchange) {
90ce3da70b43 Initial load duke parents: diff changeset	279	case K_RSA_EXPORT:
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	280	/**
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	281	* The server key exchange message is sent by the server only
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	282	* when the server certificate message does not contain the
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	283	* proper amount of data to allow the client to exchange a
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	284	* premaster secret, such as when RSA_EXPORT is used and the
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	285	* public key in the server certificate is longer than 512 bits.
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	286	*/
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	287	if (serverKey == null) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	288	throw new SSLProtocolException
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	289	("Server did not send certificate message");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	290	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	291
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	292	if (!(serverKey instanceof RSAPublicKey)) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	293	throw new SSLProtocolException("Protocol violation:" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	294	" the certificate type must be appropriate for the" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	295	" selected cipher suite's key exchange algorithm");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	296	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	297
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	298	if (JsseJce.getRSAKeyLength(serverKey) <= 512) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	299	throw new SSLProtocolException("Protocol violation:" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	300	" server sent a server key exchange message for" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	301	" key exchange " + keyExchange +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	302	" when the public key in the server certificate" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	303	" is less than or equal to 512 bits in length");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	304	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	305
2 90ce3da70b43 Initial load duke parents: diff changeset	306	try {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	307	RSA_ServerKeyExchange rsaSrvKeyExchange =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	308	new RSA_ServerKeyExchange(input);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	309	handshakeState.update(rsaSrvKeyExchange, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	310	this.serverKeyExchange(rsaSrvKeyExchange);
2 90ce3da70b43 Initial load duke parents: diff changeset	311	} catch (GeneralSecurityException e) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	312	throw new SSLException("Server key", e);
2 90ce3da70b43 Initial load duke parents: diff changeset	313	}
90ce3da70b43 Initial load duke parents: diff changeset	314	break;
90ce3da70b43 Initial load duke parents: diff changeset	315	case K_DH_ANON:
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 16071 diff changeset	316	try {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	317	DH_ServerKeyExchange dhSrvKeyExchange =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	318	new DH_ServerKeyExchange(input, protocolVersion);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	319	handshakeState.update(dhSrvKeyExchange, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	320	this.serverKeyExchange(dhSrvKeyExchange);
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 16071 diff changeset	321	} catch (GeneralSecurityException e) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	322	throw new SSLException("Server key", e);
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 16071 diff changeset	323	}
2 90ce3da70b43 Initial load duke parents: diff changeset	324	break;
90ce3da70b43 Initial load duke parents: diff changeset	325	case K_DHE_DSS:
90ce3da70b43 Initial load duke parents: diff changeset	326	case K_DHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	327	try {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	328	DH_ServerKeyExchange dhSrvKeyExchange =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	329	new DH_ServerKeyExchange(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	330	input, serverKey,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	331	clnt_random.random_bytes, svr_random.random_bytes,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	332	messageLen,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	333	localSupportedSignAlgs, protocolVersion);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	334	handshakeState.update(dhSrvKeyExchange, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	335	this.serverKeyExchange(dhSrvKeyExchange);
2 90ce3da70b43 Initial load duke parents: diff changeset	336	} catch (GeneralSecurityException e) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	337	throw new SSLException("Server key", e);
2 90ce3da70b43 Initial load duke parents: diff changeset	338	}
90ce3da70b43 Initial load duke parents: diff changeset	339	break;
90ce3da70b43 Initial load duke parents: diff changeset	340	case K_ECDHE_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	341	case K_ECDHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	342	case K_ECDH_ANON:
90ce3da70b43 Initial load duke parents: diff changeset	343	try {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	344	ECDH_ServerKeyExchange ecdhSrvKeyExchange =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	345	new ECDH_ServerKeyExchange
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	346	(input, serverKey, clnt_random.random_bytes,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	347	svr_random.random_bytes,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	348	localSupportedSignAlgs, protocolVersion);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	349	handshakeState.update(ecdhSrvKeyExchange, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	350	this.serverKeyExchange(ecdhSrvKeyExchange);
2 90ce3da70b43 Initial load duke parents: diff changeset	351	} catch (GeneralSecurityException e) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	352	throw new SSLException("Server key", e);
2 90ce3da70b43 Initial load duke parents: diff changeset	353	}
90ce3da70b43 Initial load duke parents: diff changeset	354	break;
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	355	case K_RSA:
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	356	case K_DH_RSA:
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	357	case K_DH_DSS:
2 90ce3da70b43 Initial load duke parents: diff changeset	358	case K_ECDH_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	359	case K_ECDH_RSA:
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	360	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	361	"Protocol violation: server sent a server key exchange"
29918 3ac7231c0f1a 8075040: Need a test to cover FREAK (BugDB 20647631) igerasim parents: 29390 diff changeset	362	+ " message for key exchange " + keyExchange);
2 90ce3da70b43 Initial load duke parents: diff changeset	363	default:
90ce3da70b43 Initial load duke parents: diff changeset	364	throw new SSLProtocolException(
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	365	"unsupported or unexpected key exchange algorithm = "
2 90ce3da70b43 Initial load duke parents: diff changeset	366	+ keyExchange);
90ce3da70b43 Initial load duke parents: diff changeset	367	}
90ce3da70b43 Initial load duke parents: diff changeset	368	break;
90ce3da70b43 Initial load duke parents: diff changeset	369
90ce3da70b43 Initial load duke parents: diff changeset	370	case HandshakeMessage.ht_certificate_request:
90ce3da70b43 Initial load duke parents: diff changeset	371	// save for later, it's handled by serverHelloDone
90ce3da70b43 Initial load duke parents: diff changeset	372	if ((keyExchange == K_DH_ANON) \|\| (keyExchange == K_ECDH_ANON)) {
90ce3da70b43 Initial load duke parents: diff changeset	373	throw new SSLHandshakeException(
90ce3da70b43 Initial load duke parents: diff changeset	374	"Client authentication requested for "+
90ce3da70b43 Initial load duke parents: diff changeset	375	"anonymous cipher suite.");
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	376	} else if (ClientKeyExchangeService.find(keyExchange.name) != null) {
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	377	// No external key exchange provider needs a cert now.
2 90ce3da70b43 Initial load duke parents: diff changeset	378	throw new SSLHandshakeException(
90ce3da70b43 Initial load duke parents: diff changeset	379	"Client certificate requested for "+
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	380	"external cipher suite: " + keyExchange);
2 90ce3da70b43 Initial load duke parents: diff changeset	381	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	382	certRequest = new CertificateRequest(input, protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	383	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	384	certRequest.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	385	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	386	handshakeState.update(certRequest, resumingSession);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	387
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	388	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	389	Collection<SignatureAndHashAlgorithm> peerSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	390	certRequest.getSignAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	391	if (peerSignAlgs == null \|\| peerSignAlgs.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	392	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	393	"No peer supported signature algorithms");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	394	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	395
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	396	Collection<SignatureAndHashAlgorithm> supportedPeerSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	397	SignatureAndHashAlgorithm.getSupportedAlgorithms(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	398	peerSignAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	399	if (supportedPeerSignAlgs.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	400	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	401	"No supported signature and hash algorithm in common");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	402	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	403
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	404	setPeerSupportedSignAlgs(supportedPeerSignAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	405	session.setPeerSupportedSignatureAlgorithms(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	406	supportedPeerSignAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	407	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	408
2 90ce3da70b43 Initial load duke parents: diff changeset	409	break;
90ce3da70b43 Initial load duke parents: diff changeset	410
90ce3da70b43 Initial load duke parents: diff changeset	411	case HandshakeMessage.ht_server_hello_done:
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	412	ServerHelloDone serverHelloDone = new ServerHelloDone(input);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	413	handshakeState.update(serverHelloDone, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	414	this.serverHelloDone(serverHelloDone);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	415
2 90ce3da70b43 Initial load duke parents: diff changeset	416	break;
90ce3da70b43 Initial load duke parents: diff changeset	417
90ce3da70b43 Initial load duke parents: diff changeset	418	case HandshakeMessage.ht_finished:
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	419	Finished serverFinished =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	420	new Finished(protocolVersion, input, cipherSuite);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	421	handshakeState.update(serverFinished, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	422	this.serverFinished(serverFinished);
28550 003089aca6b9 8057555: Less cryptic cipher suite management ascarpino parents: 27068 diff changeset	423
2 90ce3da70b43 Initial load duke parents: diff changeset	424	break;
90ce3da70b43 Initial load duke parents: diff changeset	425
90ce3da70b43 Initial load duke parents: diff changeset	426	default:
90ce3da70b43 Initial load duke parents: diff changeset	427	throw new SSLProtocolException(
90ce3da70b43 Initial load duke parents: diff changeset	428	"Illegal client handshake msg, " + type);
90ce3da70b43 Initial load duke parents: diff changeset	429	}
90ce3da70b43 Initial load duke parents: diff changeset	430	}
90ce3da70b43 Initial load duke parents: diff changeset	431
90ce3da70b43 Initial load duke parents: diff changeset	432	/*
90ce3da70b43 Initial load duke parents: diff changeset	433	* Used by the server to kickstart negotiations -- this requests a
90ce3da70b43 Initial load duke parents: diff changeset	434	* "client hello" to renegotiate current cipher specs (e.g. maybe lots
90ce3da70b43 Initial load duke parents: diff changeset	435	* of data has been encrypted with the same keys, or the server needs
90ce3da70b43 Initial load duke parents: diff changeset	436	* the client to present a certificate).
90ce3da70b43 Initial load duke parents: diff changeset	437	*/
90ce3da70b43 Initial load duke parents: diff changeset	438	private void serverHelloRequest(HelloRequest mesg) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	439	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	440	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	441	}
90ce3da70b43 Initial load duke parents: diff changeset	442
90ce3da70b43 Initial load duke parents: diff changeset	443	//
90ce3da70b43 Initial load duke parents: diff changeset	444	// Could be (e.g. at connection setup) that we already
90ce3da70b43 Initial load duke parents: diff changeset	445	// sent the "client hello" but the server's not seen it.
90ce3da70b43 Initial load duke parents: diff changeset	446	//
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	447	if (!clientHelloDelivered) {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	448	if (!secureRenegotiation && !allowUnsafeRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	449	// renegotiation is not allowed.
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	450	if (activeProtocolVersion.useTLS10PlusSpec()) {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	451	// response with a no_renegotiation warning,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	452	warningSE(Alerts.alert_no_renegotiation);
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	453
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	454	// invalidate the handshake so that the caller can
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	455	// dispose this object.
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	456	invalidated = true;
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	457
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	458	// If there is still unread block in the handshake
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	459	// input stream, it would be truncated with the disposal
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	460	// and the next handshake message will become incomplete.
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	461	//
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	462	// However, according to SSL/TLS specifications, no more
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	463	// handshake message should immediately follow ClientHello
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	464	// or HelloRequest. So just let it be.
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	465	} else {
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	466	// For SSLv3, send the handshake_failure fatal error.
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	467	// Note that SSLv3 does not define a no_renegotiation
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	468	// alert like TLSv1. However we cannot ignore the message
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	469	// simply, otherwise the other side was waiting for a
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	470	// response that would never come.
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	471	fatalSE(Alerts.alert_handshake_failure,
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	472	"Renegotiation is not allowed");
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	473	}
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	474	} else {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	475	if (!secureRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	476	if (debug != null && Debug.isOn("handshake")) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	477	System.out.println(
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	478	"Warning: continue with insecure renegotiation");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	479	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	480	}
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	481	kickstart();
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	482	}
2 90ce3da70b43 Initial load duke parents: diff changeset	483	}
90ce3da70b43 Initial load duke parents: diff changeset	484	}
90ce3da70b43 Initial load duke parents: diff changeset	485
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	486	private void helloVerifyRequest(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	487	HelloVerifyRequest mesg) throws IOException {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	488
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	489	if (debug != null && Debug.isOn("handshake")) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	490	mesg.print(System.out);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	491	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	492
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	493	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	494	// Note that HelloVerifyRequest.server_version is used solely to
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	495	// indicate packet formatting, and not as part of version negotiation.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	496	// Need not to check version values match for HelloVerifyRequest
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	497	// message.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	498	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	499	initialClientHelloMsg.cookie = mesg.cookie.clone();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	500
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	501	if (debug != null && Debug.isOn("handshake")) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	502	initialClientHelloMsg.print(System.out);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	503	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	504
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	505	// deliver the ClientHello message with cookie
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	506	initialClientHelloMsg.write(output);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	507	handshakeState.update(initialClientHelloMsg, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	508	}
2 90ce3da70b43 Initial load duke parents: diff changeset	509
90ce3da70b43 Initial load duke parents: diff changeset	510	/*
90ce3da70b43 Initial load duke parents: diff changeset	511	* Server chooses session parameters given options created by the
90ce3da70b43 Initial load duke parents: diff changeset	512	* client -- basically, cipher options, session id, and someday a
90ce3da70b43 Initial load duke parents: diff changeset	513	* set of compression options.
90ce3da70b43 Initial load duke parents: diff changeset	514	*
90ce3da70b43 Initial load duke parents: diff changeset	515	* There are two branches of the state machine, decided by the
90ce3da70b43 Initial load duke parents: diff changeset	516	* details of this message. One is the "fast" handshake, where we
90ce3da70b43 Initial load duke parents: diff changeset	517	* can resume the pre-existing session we asked resume. The other
90ce3da70b43 Initial load duke parents: diff changeset	518	* is a more expensive "full" handshake, with key exchange and
90ce3da70b43 Initial load duke parents: diff changeset	519	* probably authentication getting done.
90ce3da70b43 Initial load duke parents: diff changeset	520	*/
90ce3da70b43 Initial load duke parents: diff changeset	521	private void serverHello(ServerHello mesg) throws IOException {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	522	// Dispose the reserved ClientHello message (if exists).
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	523	initialClientHelloMsg = null;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	524
2 90ce3da70b43 Initial load duke parents: diff changeset	525	serverKeyExchangeReceived = false;
90ce3da70b43 Initial load duke parents: diff changeset	526	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	527	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	528	}
90ce3da70b43 Initial load duke parents: diff changeset	529
90ce3da70b43 Initial load duke parents: diff changeset	530	// check if the server selected protocol version is OK for us
90ce3da70b43 Initial load duke parents: diff changeset	531	ProtocolVersion mesgVersion = mesg.protocolVersion;
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	532	if (!isNegotiable(mesgVersion)) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	533	throw new SSLHandshakeException(
8782 1ff0b643b793 7009794: misleading text in SSLHandshakeException exception message xuelei parents: 7990 diff changeset	534	"Server chose " + mesgVersion +
8791 f5106bbf577d 7022855: Export "PKIX" as the standard algorithm name of KeyManagerFactory xuelei parents: 8782 diff changeset	535	", but that protocol version is not enabled or not supported " +
f5106bbf577d 7022855: Export "PKIX" as the standard algorithm name of KeyManagerFactory xuelei parents: 8782 diff changeset	536	"by the client.");
2 90ce3da70b43 Initial load duke parents: diff changeset	537	}
90ce3da70b43 Initial load duke parents: diff changeset	538
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	539	handshakeHash.protocolDetermined(mesgVersion);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	540
2 90ce3da70b43 Initial load duke parents: diff changeset	541	// Set protocolVersion and propagate to SSLSocket and the
90ce3da70b43 Initial load duke parents: diff changeset	542	// Handshake streams
90ce3da70b43 Initial load duke parents: diff changeset	543	setVersion(mesgVersion);
90ce3da70b43 Initial load duke parents: diff changeset	544
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	545	// check the "renegotiation_info" extension
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	546	RenegotiationInfoExtension serverHelloRI = (RenegotiationInfoExtension)
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	547	mesg.extensions.get(ExtensionType.EXT_RENEGOTIATION_INFO);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	548	if (serverHelloRI != null) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	549	if (isInitialHandshake) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	550	// verify the length of the "renegotiated_connection" field
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	551	if (!serverHelloRI.isEmpty()) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	552	// abort the handshake with a fatal handshake_failure alert
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	553	fatalSE(Alerts.alert_handshake_failure,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	554	"The renegotiation_info field is not empty");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	555	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	556
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	557	secureRenegotiation = true;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	558	} else {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	559	// For a legacy renegotiation, the client MUST verify that
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	560	// it does not contain the "renegotiation_info" extension.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	561	if (!secureRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	562	fatalSE(Alerts.alert_handshake_failure,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	563	"Unexpected renegotiation indication extension");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	564	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	565
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	566	// verify the client_verify_data and server_verify_data values
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	567	byte[] verifyData =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	568	new byte[clientVerifyData.length + serverVerifyData.length];
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	569	System.arraycopy(clientVerifyData, 0, verifyData,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	570	0, clientVerifyData.length);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	571	System.arraycopy(serverVerifyData, 0, verifyData,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	572	clientVerifyData.length, serverVerifyData.length);
31695 4d10942c9a7b 8074865: General crypto resilience changes valeriep parents: 31538 diff changeset	573	if (!MessageDigest.isEqual(verifyData,
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	574	serverHelloRI.getRenegotiatedConnection())) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	575	fatalSE(Alerts.alert_handshake_failure,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	576	"Incorrect verify data in ServerHello " +
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	577	"renegotiation_info message");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	578	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	579	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	580	} else {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	581	// no renegotiation indication extension
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	582	if (isInitialHandshake) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	583	if (!allowLegacyHelloMessages) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	584	// abort the handshake with a fatal handshake_failure alert
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	585	fatalSE(Alerts.alert_handshake_failure,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	586	"Failed to negotiate the use of secure renegotiation");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	587	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	588
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	589	secureRenegotiation = false;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	590	if (debug != null && Debug.isOn("handshake")) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	591	System.out.println("Warning: No renegotiation " +
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	592	"indication extension in ServerHello");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	593	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	594	} else {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	595	// For a secure renegotiation, the client must abort the
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	596	// handshake if no "renegotiation_info" extension is present.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	597	if (secureRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	598	fatalSE(Alerts.alert_handshake_failure,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	599	"No renegotiation indication extension");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	600	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	601
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	602	// we have already allowed unsafe renegotation before request
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	603	// the renegotiation.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	604	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	605	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	606
2 90ce3da70b43 Initial load duke parents: diff changeset	607	//
90ce3da70b43 Initial load duke parents: diff changeset	608	// Save server nonce, we always use it to compute connection
90ce3da70b43 Initial load duke parents: diff changeset	609	// keys and it's also used to create the master secret if we're
90ce3da70b43 Initial load duke parents: diff changeset	610	// creating a new session (i.e. in the full handshake).
90ce3da70b43 Initial load duke parents: diff changeset	611	//
90ce3da70b43 Initial load duke parents: diff changeset	612	svr_random = mesg.svr_random;
90ce3da70b43 Initial load duke parents: diff changeset	613
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	614	if (isNegotiable(mesg.cipherSuite) == false) {
2 90ce3da70b43 Initial load duke parents: diff changeset	615	fatalSE(Alerts.alert_illegal_parameter,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	616	"Server selected improper ciphersuite " + mesg.cipherSuite);
2 90ce3da70b43 Initial load duke parents: diff changeset	617	}
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	618
2 90ce3da70b43 Initial load duke parents: diff changeset	619	setCipherSuite(mesg.cipherSuite);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	620	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	621	handshakeHash.setFinishedAlg(cipherSuite.prfAlg.getPRFHashAlg());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	622	}
2 90ce3da70b43 Initial load duke parents: diff changeset	623
90ce3da70b43 Initial load duke parents: diff changeset	624	if (mesg.compression_method != 0) {
90ce3da70b43 Initial load duke parents: diff changeset	625	fatalSE(Alerts.alert_illegal_parameter,
90ce3da70b43 Initial load duke parents: diff changeset	626	"compression type not supported, "
90ce3da70b43 Initial load duke parents: diff changeset	627	+ mesg.compression_method);
90ce3da70b43 Initial load duke parents: diff changeset	628	// NOTREACHED
90ce3da70b43 Initial load duke parents: diff changeset	629	}
90ce3da70b43 Initial load duke parents: diff changeset	630
90ce3da70b43 Initial load duke parents: diff changeset	631	// so far so good, let's look at the session
90ce3da70b43 Initial load duke parents: diff changeset	632	if (session != null) {
90ce3da70b43 Initial load duke parents: diff changeset	633	// we tried to resume, let's see what the server decided
90ce3da70b43 Initial load duke parents: diff changeset	634	if (session.getSessionId().equals(mesg.sessionId)) {
90ce3da70b43 Initial load duke parents: diff changeset	635	// server resumed the session, let's make sure everything
90ce3da70b43 Initial load duke parents: diff changeset	636	// checks out
90ce3da70b43 Initial load duke parents: diff changeset	637
90ce3da70b43 Initial load duke parents: diff changeset	638	// Verify that the session ciphers are unchanged.
90ce3da70b43 Initial load duke parents: diff changeset	639	CipherSuite sessionSuite = session.getSuite();
90ce3da70b43 Initial load duke parents: diff changeset	640	if (cipherSuite != sessionSuite) {
90ce3da70b43 Initial load duke parents: diff changeset	641	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	642	("Server returned wrong cipher suite for session");
90ce3da70b43 Initial load duke parents: diff changeset	643	}
90ce3da70b43 Initial load duke parents: diff changeset	644
90ce3da70b43 Initial load duke parents: diff changeset	645	// verify protocol version match
90ce3da70b43 Initial load duke parents: diff changeset	646	ProtocolVersion sessionVersion = session.getProtocolVersion();
90ce3da70b43 Initial load duke parents: diff changeset	647	if (protocolVersion != sessionVersion) {
90ce3da70b43 Initial load duke parents: diff changeset	648	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	649	("Server resumed session with wrong protocol version");
90ce3da70b43 Initial load duke parents: diff changeset	650	}
90ce3da70b43 Initial load duke parents: diff changeset	651
90ce3da70b43 Initial load duke parents: diff changeset	652	// validate subject identity
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	653	ClientKeyExchangeService p =
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	654	ClientKeyExchangeService.find(sessionSuite.keyExchange.name);
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	655	if (p != null) {
2 90ce3da70b43 Initial load duke parents: diff changeset	656	Principal localPrincipal = session.getLocalPrincipal();
90ce3da70b43 Initial load duke parents: diff changeset	657
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	658	if (p.isRelated(true, getAccSE(), localPrincipal)) {
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	659	if (debug != null && Debug.isOn("session"))
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	660	System.out.println("Subject identity is same");
2 90ce3da70b43 Initial load duke parents: diff changeset	661	} else {
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	662	throw new SSLProtocolException("Server resumed" +
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	663	" session with wrong subject identity or no subject");
2 90ce3da70b43 Initial load duke parents: diff changeset	664	}
90ce3da70b43 Initial load duke parents: diff changeset	665	}
90ce3da70b43 Initial load duke parents: diff changeset	666
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	667	// looks fine; resume it.
2 90ce3da70b43 Initial load duke parents: diff changeset	668	resumingSession = true;
90ce3da70b43 Initial load duke parents: diff changeset	669	calculateConnectionKeys(session.getMasterSecret());
90ce3da70b43 Initial load duke parents: diff changeset	670	if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	671	System.out.println("%% Server resumed " + session);
90ce3da70b43 Initial load duke parents: diff changeset	672	}
90ce3da70b43 Initial load duke parents: diff changeset	673	} else {
90ce3da70b43 Initial load duke parents: diff changeset	674	// we wanted to resume, but the server refused
90ce3da70b43 Initial load duke parents: diff changeset	675	session = null;
90ce3da70b43 Initial load duke parents: diff changeset	676	if (!enableNewSession) {
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	677	throw new SSLException("New session creation is disabled");
2 90ce3da70b43 Initial load duke parents: diff changeset	678	}
90ce3da70b43 Initial load duke parents: diff changeset	679	}
90ce3da70b43 Initial load duke parents: diff changeset	680	}
90ce3da70b43 Initial load duke parents: diff changeset	681
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	682	// check the "max_fragment_length" extension
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	683	MaxFragmentLengthExtension maxFragLenExt = (MaxFragmentLengthExtension)
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	684	mesg.extensions.get(ExtensionType.EXT_MAX_FRAGMENT_LENGTH);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	685	if (maxFragLenExt != null) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	686	if ((requestedMFLength == -1) \|\|
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	687	maxFragLenExt.getMaxFragLen() != requestedMFLength) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	688	// If the client did not request this extension, or the
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	689	// response value is different from the length it requested,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	690	// abort the handshake with a fatal illegal_parameter alert.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	691	fatalSE(Alerts.alert_illegal_parameter,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	692	"Failed to negotiate the max_fragment_length");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	693	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	694	} else if (!resumingSession) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	695	// no "max_fragment_length" extension
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	696	requestedMFLength = -1;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	697	} // Otherwise, using the value negotiated during the original
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	698	// session initiation
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	699
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	700	if (resumingSession && session != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	701	setHandshakeSessionSE(session);
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	702	// Reserve the handshake state if this is a session-resumption
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	703	// abbreviated initial handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	704	if (isInitialHandshake) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	705	session.setAsSessionResumption(true);
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	706	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	707
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	708	return;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	709	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	710
2 90ce3da70b43 Initial load duke parents: diff changeset	711	// check extensions
90ce3da70b43 Initial load duke parents: diff changeset	712	for (HelloExtension ext : mesg.extensions.list()) {
90ce3da70b43 Initial load duke parents: diff changeset	713	ExtensionType type = ext.type;
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	714	if (type == ExtensionType.EXT_SERVER_NAME) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	715	serverNamesAccepted = true;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	716	} else if (type == ExtensionType.EXT_STATUS_REQUEST \|\|
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	717	type == ExtensionType.EXT_STATUS_REQUEST_V2) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	718	// Only enable the stapling feature if the client asserted
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	719	// these extensions.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	720	if (enableStatusRequestExtension) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	721	staplingActive = true;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	722	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	723	fatalSE(Alerts.alert_unexpected_message, "Server set " +
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	724	type + " extension when not requested by client");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	725	}
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	726	} else if ((type != ExtensionType.EXT_ELLIPTIC_CURVES)
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	727	&& (type != ExtensionType.EXT_EC_POINT_FORMATS)
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	728	&& (type != ExtensionType.EXT_SERVER_NAME)
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	729	&& (type != ExtensionType.EXT_RENEGOTIATION_INFO)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	730	&& (type != ExtensionType.EXT_STATUS_REQUEST)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	731	&& (type != ExtensionType.EXT_STATUS_REQUEST_V2)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	732	fatalSE(Alerts.alert_unsupported_extension,
90ce3da70b43 Initial load duke parents: diff changeset	733	"Server sent an unsupported extension: " + type);
90ce3da70b43 Initial load duke parents: diff changeset	734	}
90ce3da70b43 Initial load duke parents: diff changeset	735	}
90ce3da70b43 Initial load duke parents: diff changeset	736
90ce3da70b43 Initial load duke parents: diff changeset	737	// Create a new session, we need to do the full handshake
90ce3da70b43 Initial load duke parents: diff changeset	738	session = new SSLSessionImpl(protocolVersion, cipherSuite,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	739	getLocalSupportedSignAlgs(),
2 90ce3da70b43 Initial load duke parents: diff changeset	740	mesg.sessionId, getHostSE(), getPortSE());
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	741	session.setRequestedServerNames(requestedServerNames);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	742	session.setNegotiatedMaxFragSize(requestedMFLength);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	743	session.setMaximumPacketSize(maximumPacketSize);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	744	setHandshakeSessionSE(session);
2 90ce3da70b43 Initial load duke parents: diff changeset	745	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	746	System.out.println("** " + cipherSuite);
90ce3da70b43 Initial load duke parents: diff changeset	747	}
90ce3da70b43 Initial load duke parents: diff changeset	748	}
90ce3da70b43 Initial load duke parents: diff changeset	749
90ce3da70b43 Initial load duke parents: diff changeset	750	/*
90ce3da70b43 Initial load duke parents: diff changeset	751	* Server's own key was either a signing-only key, or was too
90ce3da70b43 Initial load duke parents: diff changeset	752	* large for export rules ... this message holds an ephemeral
90ce3da70b43 Initial load duke parents: diff changeset	753	* RSA key to use for key exchange.
90ce3da70b43 Initial load duke parents: diff changeset	754	*/
90ce3da70b43 Initial load duke parents: diff changeset	755	private void serverKeyExchange(RSA_ServerKeyExchange mesg)
90ce3da70b43 Initial load duke parents: diff changeset	756	throws IOException, GeneralSecurityException {
90ce3da70b43 Initial load duke parents: diff changeset	757	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	758	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	759	}
90ce3da70b43 Initial load duke parents: diff changeset	760	if (!mesg.verify(serverKey, clnt_random, svr_random)) {
90ce3da70b43 Initial load duke parents: diff changeset	761	fatalSE(Alerts.alert_handshake_failure,
90ce3da70b43 Initial load duke parents: diff changeset	762	"server key exchange invalid");
90ce3da70b43 Initial load duke parents: diff changeset	763	// NOTREACHED
90ce3da70b43 Initial load duke parents: diff changeset	764	}
90ce3da70b43 Initial load duke parents: diff changeset	765	ephemeralServerKey = mesg.getPublicKey();
31712 e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	766
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	767	// check constraints of RSA PublicKey
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	768	if (!algorithmConstraints.permits(
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	769	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), ephemeralServerKey)) {
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	770
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	771	throw new SSLHandshakeException("RSA ServerKeyExchange " +
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	772	"does not comply to algorithm constraints");
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	773	}
2 90ce3da70b43 Initial load duke parents: diff changeset	774	}
90ce3da70b43 Initial load duke parents: diff changeset	775
90ce3da70b43 Initial load duke parents: diff changeset	776	/*
90ce3da70b43 Initial load duke parents: diff changeset	777	* Diffie-Hellman key exchange. We save the server public key and
90ce3da70b43 Initial load duke parents: diff changeset	778	* our own D-H algorithm object so we can defer key calculations
90ce3da70b43 Initial load duke parents: diff changeset	779	* until after we've sent the client key exchange message (which
90ce3da70b43 Initial load duke parents: diff changeset	780	* gives client and server some useful parallelism).
90ce3da70b43 Initial load duke parents: diff changeset	781	*/
90ce3da70b43 Initial load duke parents: diff changeset	782	private void serverKeyExchange(DH_ServerKeyExchange mesg)
90ce3da70b43 Initial load duke parents: diff changeset	783	throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	784	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	785	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	786	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	787	dh = new DHCrypt(mesg.getModulus(), mesg.getBase(),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	788	sslContext.getSecureRandom());
2 90ce3da70b43 Initial load duke parents: diff changeset	789	serverDH = mesg.getServerPublicKey();
31712 e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	790
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	791	// check algorithm constraints
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	792	dh.checkConstraints(algorithmConstraints, serverDH);
2 90ce3da70b43 Initial load duke parents: diff changeset	793	}
90ce3da70b43 Initial load duke parents: diff changeset	794
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	795	private void serverKeyExchange(ECDH_ServerKeyExchange mesg)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	796	throws IOException {
2 90ce3da70b43 Initial load duke parents: diff changeset	797	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	798	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	799	}
90ce3da70b43 Initial load duke parents: diff changeset	800	ECPublicKey key = mesg.getPublicKey();
90ce3da70b43 Initial load duke parents: diff changeset	801	ecdh = new ECDHCrypt(key.getParams(), sslContext.getSecureRandom());
90ce3da70b43 Initial load duke parents: diff changeset	802	ephemeralServerKey = key;
31712 e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	803
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	804	// check constraints of EC PublicKey
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	805	if (!algorithmConstraints.permits(
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	806	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), ephemeralServerKey)) {
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	807
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	808	throw new SSLHandshakeException("ECDH ServerKeyExchange " +
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	809	"does not comply to algorithm constraints");
e4d5230193da 8076328: Enforce key exchange constraints xuelei parents: 31695 diff changeset	810	}
2 90ce3da70b43 Initial load duke parents: diff changeset	811	}
90ce3da70b43 Initial load duke parents: diff changeset	812
90ce3da70b43 Initial load duke parents: diff changeset	813	/*
90ce3da70b43 Initial load duke parents: diff changeset	814	* The server's "Hello Done" message is the client's sign that
90ce3da70b43 Initial load duke parents: diff changeset	815	* it's time to do all the hard work.
90ce3da70b43 Initial load duke parents: diff changeset	816	*/
90ce3da70b43 Initial load duke parents: diff changeset	817	private void serverHelloDone(ServerHelloDone mesg) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	818	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	819	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	820	}
90ce3da70b43 Initial load duke parents: diff changeset	821
90ce3da70b43 Initial load duke parents: diff changeset	822	/*
90ce3da70b43 Initial load duke parents: diff changeset	823	* FIRST ... if requested, send an appropriate Certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	824	* to authenticate the client, and remember the associated private
90ce3da70b43 Initial load duke parents: diff changeset	825	* key to sign the CertificateVerify message.
90ce3da70b43 Initial load duke parents: diff changeset	826	*/
90ce3da70b43 Initial load duke parents: diff changeset	827	PrivateKey signingKey = null;
90ce3da70b43 Initial load duke parents: diff changeset	828
90ce3da70b43 Initial load duke parents: diff changeset	829	if (certRequest != null) {
90ce3da70b43 Initial load duke parents: diff changeset	830	X509ExtendedKeyManager km = sslContext.getX509KeyManager();
90ce3da70b43 Initial load duke parents: diff changeset	831
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7804 diff changeset	832	ArrayList<String> keytypesTmp = new ArrayList<>(4);
2 90ce3da70b43 Initial load duke parents: diff changeset	833
90ce3da70b43 Initial load duke parents: diff changeset	834	for (int i = 0; i < certRequest.types.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	835	String typeName;
90ce3da70b43 Initial load duke parents: diff changeset	836
90ce3da70b43 Initial load duke parents: diff changeset	837	switch (certRequest.types[i]) {
90ce3da70b43 Initial load duke parents: diff changeset	838	case CertificateRequest.cct_rsa_sign:
90ce3da70b43 Initial load duke parents: diff changeset	839	typeName = "RSA";
90ce3da70b43 Initial load duke parents: diff changeset	840	break;
90ce3da70b43 Initial load duke parents: diff changeset	841
90ce3da70b43 Initial load duke parents: diff changeset	842	case CertificateRequest.cct_dss_sign:
90ce3da70b43 Initial load duke parents: diff changeset	843	typeName = "DSA";
90ce3da70b43 Initial load duke parents: diff changeset	844	break;
90ce3da70b43 Initial load duke parents: diff changeset	845
90ce3da70b43 Initial load duke parents: diff changeset	846	case CertificateRequest.cct_ecdsa_sign:
90ce3da70b43 Initial load duke parents: diff changeset	847	// ignore if we do not have EC crypto available
90ce3da70b43 Initial load duke parents: diff changeset	848	typeName = JsseJce.isEcAvailable() ? "EC" : null;
90ce3da70b43 Initial load duke parents: diff changeset	849	break;
90ce3da70b43 Initial load duke parents: diff changeset	850
90ce3da70b43 Initial load duke parents: diff changeset	851	// Fixed DH/ECDH client authentication not supported
90ce3da70b43 Initial load duke parents: diff changeset	852	case CertificateRequest.cct_rsa_fixed_dh:
90ce3da70b43 Initial load duke parents: diff changeset	853	case CertificateRequest.cct_dss_fixed_dh:
90ce3da70b43 Initial load duke parents: diff changeset	854	case CertificateRequest.cct_rsa_fixed_ecdh:
90ce3da70b43 Initial load duke parents: diff changeset	855	case CertificateRequest.cct_ecdsa_fixed_ecdh:
90ce3da70b43 Initial load duke parents: diff changeset	856	// Any other values (currently not used in TLS)
90ce3da70b43 Initial load duke parents: diff changeset	857	case CertificateRequest.cct_rsa_ephemeral_dh:
90ce3da70b43 Initial load duke parents: diff changeset	858	case CertificateRequest.cct_dss_ephemeral_dh:
90ce3da70b43 Initial load duke parents: diff changeset	859	default:
90ce3da70b43 Initial load duke parents: diff changeset	860	typeName = null;
90ce3da70b43 Initial load duke parents: diff changeset	861	break;
90ce3da70b43 Initial load duke parents: diff changeset	862	}
90ce3da70b43 Initial load duke parents: diff changeset	863
90ce3da70b43 Initial load duke parents: diff changeset	864	if ((typeName != null) && (!keytypesTmp.contains(typeName))) {
90ce3da70b43 Initial load duke parents: diff changeset	865	keytypesTmp.add(typeName);
90ce3da70b43 Initial load duke parents: diff changeset	866	}
90ce3da70b43 Initial load duke parents: diff changeset	867	}
90ce3da70b43 Initial load duke parents: diff changeset	868
90ce3da70b43 Initial load duke parents: diff changeset	869	String alias = null;
90ce3da70b43 Initial load duke parents: diff changeset	870	int keytypesTmpSize = keytypesTmp.size();
90ce3da70b43 Initial load duke parents: diff changeset	871	if (keytypesTmpSize != 0) {
31538 0981099a3e54 8130022: Use Java-style array declarations consistently igerasim parents: 30905 diff changeset	872	String[] keytypes =
2 90ce3da70b43 Initial load duke parents: diff changeset	873	keytypesTmp.toArray(new String[keytypesTmpSize]);
90ce3da70b43 Initial load duke parents: diff changeset	874
90ce3da70b43 Initial load duke parents: diff changeset	875	if (conn != null) {
90ce3da70b43 Initial load duke parents: diff changeset	876	alias = km.chooseClientAlias(keytypes,
90ce3da70b43 Initial load duke parents: diff changeset	877	certRequest.getAuthorities(), conn);
90ce3da70b43 Initial load duke parents: diff changeset	878	} else {
90ce3da70b43 Initial load duke parents: diff changeset	879	alias = km.chooseEngineClientAlias(keytypes,
90ce3da70b43 Initial load duke parents: diff changeset	880	certRequest.getAuthorities(), engine);
90ce3da70b43 Initial load duke parents: diff changeset	881	}
90ce3da70b43 Initial load duke parents: diff changeset	882	}
90ce3da70b43 Initial load duke parents: diff changeset	883
90ce3da70b43 Initial load duke parents: diff changeset	884	CertificateMsg m1 = null;
90ce3da70b43 Initial load duke parents: diff changeset	885	if (alias != null) {
90ce3da70b43 Initial load duke parents: diff changeset	886	X509Certificate[] certs = km.getCertificateChain(alias);
90ce3da70b43 Initial load duke parents: diff changeset	887	if ((certs != null) && (certs.length != 0)) {
90ce3da70b43 Initial load duke parents: diff changeset	888	PublicKey publicKey = certs[0].getPublicKey();
90ce3da70b43 Initial load duke parents: diff changeset	889	// for EC, make sure we use a supported named curve
90ce3da70b43 Initial load duke parents: diff changeset	890	if (publicKey instanceof ECPublicKey) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	891	ECParameterSpec params =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	892	((ECPublicKey)publicKey).getParams();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	893	int index =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	894	SupportedEllipticCurvesExtension.getCurveIndex(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	895	params);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	896	if (!SupportedEllipticCurvesExtension.isSupported(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	897	index)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	898	publicKey = null;
90ce3da70b43 Initial load duke parents: diff changeset	899	}
90ce3da70b43 Initial load duke parents: diff changeset	900	}
90ce3da70b43 Initial load duke parents: diff changeset	901	if (publicKey != null) {
90ce3da70b43 Initial load duke parents: diff changeset	902	m1 = new CertificateMsg(certs);
90ce3da70b43 Initial load duke parents: diff changeset	903	signingKey = km.getPrivateKey(alias);
90ce3da70b43 Initial load duke parents: diff changeset	904	session.setLocalPrivateKey(signingKey);
90ce3da70b43 Initial load duke parents: diff changeset	905	session.setLocalCertificates(certs);
90ce3da70b43 Initial load duke parents: diff changeset	906	}
90ce3da70b43 Initial load duke parents: diff changeset	907	}
90ce3da70b43 Initial load duke parents: diff changeset	908	}
90ce3da70b43 Initial load duke parents: diff changeset	909	if (m1 == null) {
90ce3da70b43 Initial load duke parents: diff changeset	910	//
90ce3da70b43 Initial load duke parents: diff changeset	911	// No appropriate cert was found ... report this to the
90ce3da70b43 Initial load duke parents: diff changeset	912	// server. For SSLv3, send the no_certificate alert;
90ce3da70b43 Initial load duke parents: diff changeset	913	// TLS uses an empty cert chain instead.
90ce3da70b43 Initial load duke parents: diff changeset	914	//
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	915	if (protocolVersion.useTLS10PlusSpec()) {
2 90ce3da70b43 Initial load duke parents: diff changeset	916	m1 = new CertificateMsg(new X509Certificate [0]);
90ce3da70b43 Initial load duke parents: diff changeset	917	} else {
90ce3da70b43 Initial load duke parents: diff changeset	918	warningSE(Alerts.alert_no_certificate);
90ce3da70b43 Initial load duke parents: diff changeset	919	}
29264 5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	920	if (debug != null && Debug.isOn("handshake")) {
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	921	System.out.println(
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	922	"Warning: no suitable certificate found - " +
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	923	"continuing without client authentication");
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	924	}
2 90ce3da70b43 Initial load duke parents: diff changeset	925	}
90ce3da70b43 Initial load duke parents: diff changeset	926
90ce3da70b43 Initial load duke parents: diff changeset	927	//
90ce3da70b43 Initial load duke parents: diff changeset	928	// At last ... send any client certificate chain.
90ce3da70b43 Initial load duke parents: diff changeset	929	//
90ce3da70b43 Initial load duke parents: diff changeset	930	if (m1 != null) {
90ce3da70b43 Initial load duke parents: diff changeset	931	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	932	m1.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	933	}
90ce3da70b43 Initial load duke parents: diff changeset	934	m1.write(output);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	935	handshakeState.update(m1, resumingSession);
2 90ce3da70b43 Initial load duke parents: diff changeset	936	}
90ce3da70b43 Initial load duke parents: diff changeset	937	}
90ce3da70b43 Initial load duke parents: diff changeset	938
90ce3da70b43 Initial load duke parents: diff changeset	939	/*
90ce3da70b43 Initial load duke parents: diff changeset	940	* SECOND ... send the client key exchange message. The
90ce3da70b43 Initial load duke parents: diff changeset	941	* procedure used is a function of the cipher suite selected;
90ce3da70b43 Initial load duke parents: diff changeset	942	* one is always needed.
90ce3da70b43 Initial load duke parents: diff changeset	943	*/
90ce3da70b43 Initial load duke parents: diff changeset	944	HandshakeMessage m2;
90ce3da70b43 Initial load duke parents: diff changeset	945
90ce3da70b43 Initial load duke parents: diff changeset	946	switch (keyExchange) {
90ce3da70b43 Initial load duke parents: diff changeset	947
90ce3da70b43 Initial load duke parents: diff changeset	948	case K_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	949	case K_RSA_EXPORT:
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	950	if (serverKey == null) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	951	throw new SSLProtocolException
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	952	("Server did not send certificate message");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	953	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	954
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	955	if (!(serverKey instanceof RSAPublicKey)) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	956	throw new SSLProtocolException
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	957	("Server certificate does not include an RSA key");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	958	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	959
2 90ce3da70b43 Initial load duke parents: diff changeset	960	/*
90ce3da70b43 Initial load duke parents: diff changeset	961	* For RSA key exchange, we randomly generate a new
90ce3da70b43 Initial load duke parents: diff changeset	962	* pre-master secret and encrypt it with the server's
90ce3da70b43 Initial load duke parents: diff changeset	963	* public key. Then we save that pre-master secret
90ce3da70b43 Initial load duke parents: diff changeset	964	* so that we can calculate the keying data later;
90ce3da70b43 Initial load duke parents: diff changeset	965	* it's a performance speedup not to do that until
90ce3da70b43 Initial load duke parents: diff changeset	966	* the client's waiting for the server response, but
90ce3da70b43 Initial load duke parents: diff changeset	967	* more of a speedup for the D-H case.
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	968	*
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	969	* If the RSA_EXPORT scheme is active, when the public
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	970	* key in the server certificate is less than or equal
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	971	* to 512 bits in length, use the cert's public key,
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	972	* otherwise, the ephemeral one.
2 90ce3da70b43 Initial load duke parents: diff changeset	973	*/
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	974	PublicKey key;
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	975	if (keyExchange == K_RSA) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	976	key = serverKey;
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	977	} else { // K_RSA_EXPORT
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	978	if (JsseJce.getRSAKeyLength(serverKey) <= 512) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	979	// extraneous ephemeralServerKey check done
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	980	// above in processMessage()
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	981	key = serverKey;
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	982	} else {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	983	if (ephemeralServerKey == null) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	984	throw new SSLProtocolException("Server did not send" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	985	" a RSA_EXPORT Server Key Exchange message");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	986	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	987	key = ephemeralServerKey;
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	988	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	989	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	990
2 90ce3da70b43 Initial load duke parents: diff changeset	991	m2 = new RSAClientKeyExchange(protocolVersion, maxProtocolVersion,
90ce3da70b43 Initial load duke parents: diff changeset	992	sslContext.getSecureRandom(), key);
90ce3da70b43 Initial load duke parents: diff changeset	993	break;
90ce3da70b43 Initial load duke parents: diff changeset	994	case K_DH_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	995	case K_DH_DSS:
90ce3da70b43 Initial load duke parents: diff changeset	996	/*
90ce3da70b43 Initial load duke parents: diff changeset	997	* For DH Key exchange, we only need to make sure the server
90ce3da70b43 Initial load duke parents: diff changeset	998	* knows our public key, so we calculate the same pre-master
90ce3da70b43 Initial load duke parents: diff changeset	999	* secret.
90ce3da70b43 Initial load duke parents: diff changeset	1000	*
90ce3da70b43 Initial load duke parents: diff changeset	1001	* For certs that had DH keys in them, we send an empty
90ce3da70b43 Initial load duke parents: diff changeset	1002	* handshake message (no key) ... we flag this case by
90ce3da70b43 Initial load duke parents: diff changeset	1003	* passing a null "dhPublic" value.
90ce3da70b43 Initial load duke parents: diff changeset	1004	*
90ce3da70b43 Initial load duke parents: diff changeset	1005	* Otherwise we send ephemeral DH keys, unsigned.
90ce3da70b43 Initial load duke parents: diff changeset	1006	*/
90ce3da70b43 Initial load duke parents: diff changeset	1007	// if (useDH_RSA \|\| useDH_DSS)
90ce3da70b43 Initial load duke parents: diff changeset	1008	m2 = new DHClientKeyExchange();
90ce3da70b43 Initial load duke parents: diff changeset	1009	break;
90ce3da70b43 Initial load duke parents: diff changeset	1010	case K_DHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1011	case K_DHE_DSS:
90ce3da70b43 Initial load duke parents: diff changeset	1012	case K_DH_ANON:
90ce3da70b43 Initial load duke parents: diff changeset	1013	if (dh == null) {
90ce3da70b43 Initial load duke parents: diff changeset	1014	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	1015	("Server did not send a DH Server Key Exchange message");
90ce3da70b43 Initial load duke parents: diff changeset	1016	}
90ce3da70b43 Initial load duke parents: diff changeset	1017	m2 = new DHClientKeyExchange(dh.getPublicKey());
90ce3da70b43 Initial load duke parents: diff changeset	1018	break;
90ce3da70b43 Initial load duke parents: diff changeset	1019	case K_ECDHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1020	case K_ECDHE_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	1021	case K_ECDH_ANON:
90ce3da70b43 Initial load duke parents: diff changeset	1022	if (ecdh == null) {
90ce3da70b43 Initial load duke parents: diff changeset	1023	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	1024	("Server did not send a ECDH Server Key Exchange message");
90ce3da70b43 Initial load duke parents: diff changeset	1025	}
90ce3da70b43 Initial load duke parents: diff changeset	1026	m2 = new ECDHClientKeyExchange(ecdh.getPublicKey());
90ce3da70b43 Initial load duke parents: diff changeset	1027	break;
90ce3da70b43 Initial load duke parents: diff changeset	1028	case K_ECDH_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1029	case K_ECDH_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	1030	if (serverKey == null) {
90ce3da70b43 Initial load duke parents: diff changeset	1031	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	1032	("Server did not send certificate message");
90ce3da70b43 Initial load duke parents: diff changeset	1033	}
90ce3da70b43 Initial load duke parents: diff changeset	1034	if (serverKey instanceof ECPublicKey == false) {
90ce3da70b43 Initial load duke parents: diff changeset	1035	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	1036	("Server certificate does not include an EC key");
90ce3da70b43 Initial load duke parents: diff changeset	1037	}
90ce3da70b43 Initial load duke parents: diff changeset	1038	ECParameterSpec params = ((ECPublicKey)serverKey).getParams();
90ce3da70b43 Initial load duke parents: diff changeset	1039	ecdh = new ECDHCrypt(params, sslContext.getSecureRandom());
90ce3da70b43 Initial load duke parents: diff changeset	1040	m2 = new ECDHClientKeyExchange(ecdh.getPublicKey());
90ce3da70b43 Initial load duke parents: diff changeset	1041	break;
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1042	default:
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1043	ClientKeyExchangeService p =
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1044	ClientKeyExchangeService.find(keyExchange.name);
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1045	if (p == null) {
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1046	// somethings very wrong
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1047	throw new RuntimeException
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1048	("Unsupported key exchange: " + keyExchange);
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1049	}
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1050	String sniHostname = null;
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1051	for (SNIServerName serverName : requestedServerNames) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1052	if (serverName instanceof SNIHostName) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1053	sniHostname = ((SNIHostName) serverName).getAsciiName();
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1054	break;
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1055	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1056	}
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1057
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1058	ClientKeyExchange exMsg = null;
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1059	if (sniHostname != null) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1060	// use first requested SNI hostname
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1061	try {
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1062	exMsg = p.createClientExchange(
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1063	sniHostname, getAccSE(), protocolVersion,
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1064	sslContext.getSecureRandom());
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1065	} catch(IOException e) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1066	if (serverNamesAccepted) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1067	// server accepted requested SNI hostname,
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1068	// so it must be used
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1069	throw e;
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1070	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1071	// fallback to using hostname
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1072	if (debug != null && Debug.isOn("handshake")) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1073	System.out.println(
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1074	"Warning, cannot use Server Name Indication: "
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1075	+ e.getMessage());
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1076	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1077	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1078	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1079
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1080	if (exMsg == null) {
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1081	String hostname = getHostSE();
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1082	if (hostname == null) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1083	throw new IOException("Hostname is required" +
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1084	" to use " + keyExchange + " key exchange");
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1085	}
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1086	exMsg = p.createClientExchange(
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1087	hostname, getAccSE(), protocolVersion,
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1088	sslContext.getSecureRandom());
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1089	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	1090
2 90ce3da70b43 Initial load duke parents: diff changeset	1091	// Record the principals involved in exchange
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1092	session.setPeerPrincipal(exMsg.getPeerPrincipal());
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1093	session.setLocalPrincipal(exMsg.getLocalPrincipal());
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1094	m2 = exMsg;
2 90ce3da70b43 Initial load duke parents: diff changeset	1095	break;
90ce3da70b43 Initial load duke parents: diff changeset	1096	}
90ce3da70b43 Initial load duke parents: diff changeset	1097	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	1098	m2.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	1099	}
90ce3da70b43 Initial load duke parents: diff changeset	1100	m2.write(output);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1101	handshakeState.update(m2, resumingSession);
2 90ce3da70b43 Initial load duke parents: diff changeset	1102
90ce3da70b43 Initial load duke parents: diff changeset	1103	/*
90ce3da70b43 Initial load duke parents: diff changeset	1104	* THIRD, send a "change_cipher_spec" record followed by the
90ce3da70b43 Initial load duke parents: diff changeset	1105	* "Finished" message. We flush the messages we've queued up, to
90ce3da70b43 Initial load duke parents: diff changeset	1106	* get concurrency between client and server. The concurrency is
90ce3da70b43 Initial load duke parents: diff changeset	1107	* useful as we calculate the master secret, which is needed both
90ce3da70b43 Initial load duke parents: diff changeset	1108	* to compute the "Finished" message, and to compute the keys used
90ce3da70b43 Initial load duke parents: diff changeset	1109	* to protect all records following the change_cipher_spec.
90ce3da70b43 Initial load duke parents: diff changeset	1110	*/
90ce3da70b43 Initial load duke parents: diff changeset	1111	output.flush();
90ce3da70b43 Initial load duke parents: diff changeset	1112
90ce3da70b43 Initial load duke parents: diff changeset	1113	/*
90ce3da70b43 Initial load duke parents: diff changeset	1114	* We deferred calculating the master secret and this connection's
90ce3da70b43 Initial load duke parents: diff changeset	1115	* keying data; we do it now. Deferring this calculation is good
90ce3da70b43 Initial load duke parents: diff changeset	1116	* from a performance point of view, since it lets us do it during
90ce3da70b43 Initial load duke parents: diff changeset	1117	* some time that network delays and the server's own calculations
90ce3da70b43 Initial load duke parents: diff changeset	1118	* would otherwise cause to be "dead" in the critical path.
90ce3da70b43 Initial load duke parents: diff changeset	1119	*/
90ce3da70b43 Initial load duke parents: diff changeset	1120	SecretKey preMasterSecret;
90ce3da70b43 Initial load duke parents: diff changeset	1121	switch (keyExchange) {
90ce3da70b43 Initial load duke parents: diff changeset	1122	case K_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1123	case K_RSA_EXPORT:
90ce3da70b43 Initial load duke parents: diff changeset	1124	preMasterSecret = ((RSAClientKeyExchange)m2).preMaster;
90ce3da70b43 Initial load duke parents: diff changeset	1125	break;
90ce3da70b43 Initial load duke parents: diff changeset	1126	case K_DHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1127	case K_DHE_DSS:
90ce3da70b43 Initial load duke parents: diff changeset	1128	case K_DH_ANON:
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 16071 diff changeset	1129	preMasterSecret = dh.getAgreedSecret(serverDH, true);
2 90ce3da70b43 Initial load duke parents: diff changeset	1130	break;
90ce3da70b43 Initial load duke parents: diff changeset	1131	case K_ECDHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1132	case K_ECDHE_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	1133	case K_ECDH_ANON:
90ce3da70b43 Initial load duke parents: diff changeset	1134	preMasterSecret = ecdh.getAgreedSecret(ephemeralServerKey);
90ce3da70b43 Initial load duke parents: diff changeset	1135	break;
90ce3da70b43 Initial load duke parents: diff changeset	1136	case K_ECDH_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1137	case K_ECDH_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	1138	preMasterSecret = ecdh.getAgreedSecret(serverKey);
90ce3da70b43 Initial load duke parents: diff changeset	1139	break;
90ce3da70b43 Initial load duke parents: diff changeset	1140	default:
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1141	if (ClientKeyExchangeService.find(keyExchange.name) != null) {
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1142	preMasterSecret =
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1143	((ClientKeyExchange) m2).clientKeyExchange();
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1144	} else {
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1145	throw new IOException("Internal error: unknown key exchange "
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1146	+ keyExchange);
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: 30904 diff changeset	1147	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1148	}
90ce3da70b43 Initial load duke parents: diff changeset	1149
90ce3da70b43 Initial load duke parents: diff changeset	1150	calculateKeys(preMasterSecret, null);
90ce3da70b43 Initial load duke parents: diff changeset	1151
90ce3da70b43 Initial load duke parents: diff changeset	1152	/*
90ce3da70b43 Initial load duke parents: diff changeset	1153	* FOURTH, if we sent a Certificate, we need to send a signed
90ce3da70b43 Initial load duke parents: diff changeset	1154	* CertificateVerify (unless the key in the client's certificate
90ce3da70b43 Initial load duke parents: diff changeset	1155	* was a Diffie-Hellman key).).
90ce3da70b43 Initial load duke parents: diff changeset	1156	*
90ce3da70b43 Initial load duke parents: diff changeset	1157	* This uses a hash of the previous handshake messages ... either
90ce3da70b43 Initial load duke parents: diff changeset	1158	* a nonfinal one (if the particular implementation supports it)
90ce3da70b43 Initial load duke parents: diff changeset	1159	* or else using the third element in the arrays of hashes being
90ce3da70b43 Initial load duke parents: diff changeset	1160	* computed.
90ce3da70b43 Initial load duke parents: diff changeset	1161	*/
90ce3da70b43 Initial load duke parents: diff changeset	1162	if (signingKey != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1163	CertificateVerify m3;
90ce3da70b43 Initial load duke parents: diff changeset	1164	try {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1165	SignatureAndHashAlgorithm preferableSignatureAlgorithm = null;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1166	if (protocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1167	preferableSignatureAlgorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1168	SignatureAndHashAlgorithm.getPreferableAlgorithm(
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 8791 diff changeset	1169	peerSupportedSignAlgs, signingKey.getAlgorithm(),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 8791 diff changeset	1170	signingKey);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1171
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1172	if (preferableSignatureAlgorithm == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1173	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1174	"No supported signature algorithm");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1175	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1176
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1177	String hashAlg =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1178	SignatureAndHashAlgorithm.getHashAlgorithmName(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1179	preferableSignatureAlgorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1180	if (hashAlg == null \|\| hashAlg.length() == 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1181	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1182	"No supported hash algorithm");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1183	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1184	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1185
2 90ce3da70b43 Initial load duke parents: diff changeset	1186	m3 = new CertificateVerify(protocolVersion, handshakeHash,
90ce3da70b43 Initial load duke parents: diff changeset	1187	signingKey, session.getMasterSecret(),
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1188	sslContext.getSecureRandom(),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1189	preferableSignatureAlgorithm);
2 90ce3da70b43 Initial load duke parents: diff changeset	1190	} catch (GeneralSecurityException e) {
90ce3da70b43 Initial load duke parents: diff changeset	1191	fatalSE(Alerts.alert_handshake_failure,
90ce3da70b43 Initial load duke parents: diff changeset	1192	"Error signing certificate verify", e);
90ce3da70b43 Initial load duke parents: diff changeset	1193	// NOTREACHED, make compiler happy
90ce3da70b43 Initial load duke parents: diff changeset	1194	m3 = null;
90ce3da70b43 Initial load duke parents: diff changeset	1195	}
90ce3da70b43 Initial load duke parents: diff changeset	1196	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	1197	m3.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	1198	}
90ce3da70b43 Initial load duke parents: diff changeset	1199	m3.write(output);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1200	handshakeState.update(m3, resumingSession);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1201	output.flush();
2 90ce3da70b43 Initial load duke parents: diff changeset	1202	}
90ce3da70b43 Initial load duke parents: diff changeset	1203
90ce3da70b43 Initial load duke parents: diff changeset	1204	/*
90ce3da70b43 Initial load duke parents: diff changeset	1205	* OK, that's that!
90ce3da70b43 Initial load duke parents: diff changeset	1206	*/
90ce3da70b43 Initial load duke parents: diff changeset	1207	sendChangeCipherAndFinish(false);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1208
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1209	// expecting the final ChangeCipherSpec and Finished messages
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1210	expectingFinishFlightSE();
2 90ce3da70b43 Initial load duke parents: diff changeset	1211	}
90ce3da70b43 Initial load duke parents: diff changeset	1212
90ce3da70b43 Initial load duke parents: diff changeset	1213
90ce3da70b43 Initial load duke parents: diff changeset	1214	/*
90ce3da70b43 Initial load duke parents: diff changeset	1215	* "Finished" is the last handshake message sent. If we got this
90ce3da70b43 Initial load duke parents: diff changeset	1216	* far, the MAC has been validated post-decryption. We validate
90ce3da70b43 Initial load duke parents: diff changeset	1217	* the two hashes here as an additional sanity check, protecting
90ce3da70b43 Initial load duke parents: diff changeset	1218	* the handshake against various active attacks.
90ce3da70b43 Initial load duke parents: diff changeset	1219	*/
90ce3da70b43 Initial load duke parents: diff changeset	1220	private void serverFinished(Finished mesg) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1221	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	1222	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	1223	}
90ce3da70b43 Initial load duke parents: diff changeset	1224
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1225	boolean verified = mesg.verify(handshakeHash, Finished.SERVER,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1226	session.getMasterSecret());
2 90ce3da70b43 Initial load duke parents: diff changeset	1227
90ce3da70b43 Initial load duke parents: diff changeset	1228	if (!verified) {
90ce3da70b43 Initial load duke parents: diff changeset	1229	fatalSE(Alerts.alert_illegal_parameter,
90ce3da70b43 Initial load duke parents: diff changeset	1230	"server 'finished' message doesn't verify");
90ce3da70b43 Initial load duke parents: diff changeset	1231	// NOTREACHED
90ce3da70b43 Initial load duke parents: diff changeset	1232	}
90ce3da70b43 Initial load duke parents: diff changeset	1233
90ce3da70b43 Initial load duke parents: diff changeset	1234	/*
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1235	* save server verify data for secure renegotiation
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1236	*/
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1237	if (secureRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1238	serverVerifyData = mesg.getVerifyData();
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1239	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1240
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1241	/*
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1242	* Reset the handshake state if this is not an initial handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1243	*/
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1244	if (!isInitialHandshake) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1245	session.setAsSessionResumption(false);
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1246	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1247
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1248	/*
2 90ce3da70b43 Initial load duke parents: diff changeset	1249	* OK, it verified. If we're doing the fast handshake, add that
90ce3da70b43 Initial load duke parents: diff changeset	1250	* "Finished" message to the hash of handshake messages, then send
90ce3da70b43 Initial load duke parents: diff changeset	1251	* our own change_cipher_spec and Finished message for the server
90ce3da70b43 Initial load duke parents: diff changeset	1252	* to verify in turn. These are the last handshake messages.
90ce3da70b43 Initial load duke parents: diff changeset	1253	*
90ce3da70b43 Initial load duke parents: diff changeset	1254	* In any case, update the session cache. We're done handshaking,
90ce3da70b43 Initial load duke parents: diff changeset	1255	* so there are no threats any more associated with partially
90ce3da70b43 Initial load duke parents: diff changeset	1256	* completed handshakes.
90ce3da70b43 Initial load duke parents: diff changeset	1257	*/
90ce3da70b43 Initial load duke parents: diff changeset	1258	if (resumingSession) {
90ce3da70b43 Initial load duke parents: diff changeset	1259	sendChangeCipherAndFinish(true);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1260	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1261	handshakeFinished = true;
2 90ce3da70b43 Initial load duke parents: diff changeset	1262	}
90ce3da70b43 Initial load duke parents: diff changeset	1263	session.setLastAccessedTime(System.currentTimeMillis());
90ce3da70b43 Initial load duke parents: diff changeset	1264
90ce3da70b43 Initial load duke parents: diff changeset	1265	if (!resumingSession) {
90ce3da70b43 Initial load duke parents: diff changeset	1266	if (session.isRejoinable()) {
90ce3da70b43 Initial load duke parents: diff changeset	1267	((SSLSessionContextImpl) sslContext
90ce3da70b43 Initial load duke parents: diff changeset	1268	.engineGetClientSessionContext())
90ce3da70b43 Initial load duke parents: diff changeset	1269	.put(session);
90ce3da70b43 Initial load duke parents: diff changeset	1270	if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	1271	System.out.println("%% Cached client session: " + session);
90ce3da70b43 Initial load duke parents: diff changeset	1272	}
90ce3da70b43 Initial load duke parents: diff changeset	1273	} else if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	1274	System.out.println(
90ce3da70b43 Initial load duke parents: diff changeset	1275	"%% Didn't cache non-resumable client session: "
90ce3da70b43 Initial load duke parents: diff changeset	1276	+ session);
90ce3da70b43 Initial load duke parents: diff changeset	1277	}
90ce3da70b43 Initial load duke parents: diff changeset	1278	}
90ce3da70b43 Initial load duke parents: diff changeset	1279	}
90ce3da70b43 Initial load duke parents: diff changeset	1280
90ce3da70b43 Initial load duke parents: diff changeset	1281
90ce3da70b43 Initial load duke parents: diff changeset	1282	/*
90ce3da70b43 Initial load duke parents: diff changeset	1283	* Send my change-cipher-spec and Finished message ... done as the
90ce3da70b43 Initial load duke parents: diff changeset	1284	* last handshake act in either the short or long sequences. In
90ce3da70b43 Initial load duke parents: diff changeset	1285	* the short one, we've already seen the server's Finished; in the
90ce3da70b43 Initial load duke parents: diff changeset	1286	* long one, we wait for it now.
90ce3da70b43 Initial load duke parents: diff changeset	1287	*/
90ce3da70b43 Initial load duke parents: diff changeset	1288	private void sendChangeCipherAndFinish(boolean finishedTag)
90ce3da70b43 Initial load duke parents: diff changeset	1289	throws IOException {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1290
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1291	// Reload if this message has been reserved.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1292	handshakeHash.reload();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1293
2 90ce3da70b43 Initial load duke parents: diff changeset	1294	Finished mesg = new Finished(protocolVersion, handshakeHash,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1295	Finished.CLIENT, session.getMasterSecret(), cipherSuite);
2 90ce3da70b43 Initial load duke parents: diff changeset	1296
90ce3da70b43 Initial load duke parents: diff changeset	1297	/*
90ce3da70b43 Initial load duke parents: diff changeset	1298	* Send the change_cipher_spec message, then the Finished message
90ce3da70b43 Initial load duke parents: diff changeset	1299	* which we just calculated (and protected using the keys we just
90ce3da70b43 Initial load duke parents: diff changeset	1300	* calculated). Server responds with its Finished message, except
90ce3da70b43 Initial load duke parents: diff changeset	1301	* in the "fast handshake" (resume session) case.
90ce3da70b43 Initial load duke parents: diff changeset	1302	*/
90ce3da70b43 Initial load duke parents: diff changeset	1303	sendChangeCipherSpec(mesg, finishedTag);
90ce3da70b43 Initial load duke parents: diff changeset	1304
90ce3da70b43 Initial load duke parents: diff changeset	1305	/*
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1306	* save client verify data for secure renegotiation
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1307	*/
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1308	if (secureRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1309	clientVerifyData = mesg.getVerifyData();
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1310	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1311	}
90ce3da70b43 Initial load duke parents: diff changeset	1312
90ce3da70b43 Initial load duke parents: diff changeset	1313
90ce3da70b43 Initial load duke parents: diff changeset	1314	/*
90ce3da70b43 Initial load duke parents: diff changeset	1315	* Returns a ClientHello message to kickstart renegotiations
90ce3da70b43 Initial load duke parents: diff changeset	1316	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1317	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1318	HandshakeMessage getKickstartMessage() throws SSLException {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1319	// session ID of the ClientHello message
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1320	SessionId sessionId = SSLSessionImpl.nullSession.getSessionId();
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1321
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1322	// a list of cipher suites sent by the client
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1323	CipherSuiteList cipherSuites = getActiveCipherSuites();
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1324
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1325	// set the max protocol version this client is supporting.
2 90ce3da70b43 Initial load duke parents: diff changeset	1326	maxProtocolVersion = protocolVersion;
90ce3da70b43 Initial load duke parents: diff changeset	1327
90ce3da70b43 Initial load duke parents: diff changeset	1328	//
90ce3da70b43 Initial load duke parents: diff changeset	1329	// Try to resume an existing session. This might be mandatory,
90ce3da70b43 Initial load duke parents: diff changeset	1330	// given certain API options.
90ce3da70b43 Initial load duke parents: diff changeset	1331	//
90ce3da70b43 Initial load duke parents: diff changeset	1332	session = ((SSLSessionContextImpl)sslContext
90ce3da70b43 Initial load duke parents: diff changeset	1333	.engineGetClientSessionContext())
90ce3da70b43 Initial load duke parents: diff changeset	1334	.get(getHostSE(), getPortSE());
90ce3da70b43 Initial load duke parents: diff changeset	1335	if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	1336	if (session != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1337	System.out.println("%% Client cached "
90ce3da70b43 Initial load duke parents: diff changeset	1338	+ session
90ce3da70b43 Initial load duke parents: diff changeset	1339	+ (session.isRejoinable() ? "" : " (not rejoinable)"));
90ce3da70b43 Initial load duke parents: diff changeset	1340	} else {
90ce3da70b43 Initial load duke parents: diff changeset	1341	System.out.println("%% No cached client session");
90ce3da70b43 Initial load duke parents: diff changeset	1342	}
90ce3da70b43 Initial load duke parents: diff changeset	1343	}
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1344	if (session != null) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1345	// If unsafe server certificate change is not allowed, reserve
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1346	// current server certificates if the previous handshake is a
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1347	// session-resumption abbreviated initial handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1348	if (!allowUnsafeServerCertChange && session.isSessionResumption()) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1349	try {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1350	// If existing, peer certificate chain cannot be null.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1351	reservedServerCerts =
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1352	(X509Certificate[])session.getPeerCertificates();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1353	} catch (SSLPeerUnverifiedException puve) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1354	// Maybe not certificate-based, ignore the exception.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1355	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1356	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1357
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1358	if (!session.isRejoinable()) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1359	session = null;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1360	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1361	}
90ce3da70b43 Initial load duke parents: diff changeset	1362
90ce3da70b43 Initial load duke parents: diff changeset	1363	if (session != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1364	CipherSuite sessionSuite = session.getSuite();
90ce3da70b43 Initial load duke parents: diff changeset	1365	ProtocolVersion sessionVersion = session.getProtocolVersion();
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1366	if (isNegotiable(sessionSuite) == false) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1367	if (debug != null && Debug.isOn("session")) {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1368	System.out.println("%% can't resume, unavailable cipher");
2 90ce3da70b43 Initial load duke parents: diff changeset	1369	}
90ce3da70b43 Initial load duke parents: diff changeset	1370	session = null;
90ce3da70b43 Initial load duke parents: diff changeset	1371	}
90ce3da70b43 Initial load duke parents: diff changeset	1372
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1373	if ((session != null) && !isNegotiable(sessionVersion)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1374	if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	1375	System.out.println("%% can't resume, protocol disabled");
90ce3da70b43 Initial load duke parents: diff changeset	1376	}
90ce3da70b43 Initial load duke parents: diff changeset	1377	session = null;
90ce3da70b43 Initial load duke parents: diff changeset	1378	}
90ce3da70b43 Initial load duke parents: diff changeset	1379
90ce3da70b43 Initial load duke parents: diff changeset	1380	if (session != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1381	if (debug != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1382	if (Debug.isOn("handshake") \|\| Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	1383	System.out.println("%% Try resuming " + session
90ce3da70b43 Initial load duke parents: diff changeset	1384	+ " from port " + getLocalPortSE());
90ce3da70b43 Initial load duke parents: diff changeset	1385	}
90ce3da70b43 Initial load duke parents: diff changeset	1386	}
90ce3da70b43 Initial load duke parents: diff changeset	1387
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1388	sessionId = session.getSessionId();
2 90ce3da70b43 Initial load duke parents: diff changeset	1389	maxProtocolVersion = sessionVersion;
90ce3da70b43 Initial load duke parents: diff changeset	1390
90ce3da70b43 Initial load duke parents: diff changeset	1391	// Update SSL version number in underlying SSL socket and
90ce3da70b43 Initial load duke parents: diff changeset	1392	// handshake output stream, so that the output records (at the
90ce3da70b43 Initial load duke parents: diff changeset	1393	// record layer) have the correct version
90ce3da70b43 Initial load duke parents: diff changeset	1394	setVersion(sessionVersion);
90ce3da70b43 Initial load duke parents: diff changeset	1395	}
90ce3da70b43 Initial load duke parents: diff changeset	1396
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1397	/*
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1398	* Force use of the previous session ciphersuite, and
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1399	* add the SCSV if enabled.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1400	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	1401	if (!enableNewSession) {
90ce3da70b43 Initial load duke parents: diff changeset	1402	if (session == null) {
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1403	throw new SSLHandshakeException(
2 90ce3da70b43 Initial load duke parents: diff changeset	1404	"Can't reuse existing SSL client session");
90ce3da70b43 Initial load duke parents: diff changeset	1405	}
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1406
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7804 diff changeset	1407	Collection<CipherSuite> cipherList = new ArrayList<>(2);
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1408	cipherList.add(sessionSuite);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1409	if (!secureRenegotiation &&
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1410	cipherSuites.contains(CipherSuite.C_SCSV)) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1411	cipherList.add(CipherSuite.C_SCSV);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1412	} // otherwise, renegotiation_info extension will be used
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1413
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1414	cipherSuites = new CipherSuiteList(cipherList);
2 90ce3da70b43 Initial load duke parents: diff changeset	1415	}
90ce3da70b43 Initial load duke parents: diff changeset	1416	}
90ce3da70b43 Initial load duke parents: diff changeset	1417
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1418	if (session == null && !enableNewSession) {
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1419	throw new SSLHandshakeException("No existing session to resume");
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1420	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1421
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1422	// exclude SCSV for secure renegotiation
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1423	if (secureRenegotiation && cipherSuites.contains(CipherSuite.C_SCSV)) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1424	Collection<CipherSuite> cipherList =
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7804 diff changeset	1425	new ArrayList<>(cipherSuites.size() - 1);
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1426	for (CipherSuite suite : cipherSuites.collection()) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1427	if (suite != CipherSuite.C_SCSV) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1428	cipherList.add(suite);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1429	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1430	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1431
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1432	cipherSuites = new CipherSuiteList(cipherList);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1433	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1434
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1435	// make sure there is a negotiable cipher suite.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1436	boolean negotiable = false;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1437	for (CipherSuite suite : cipherSuites.collection()) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1438	if (isNegotiable(suite)) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1439	negotiable = true;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1440	break;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1441	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1442	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1443
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1444	if (!negotiable) {
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1445	throw new SSLHandshakeException("No negotiable cipher suite");
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1446	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1447
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1448	// Not a TLS1.2+ handshake
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1449	// For SSLv2Hello, HandshakeHash.reset() will be called, so we
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1450	// cannot call HandshakeHash.protocolDetermined() here. As it does
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1451	// not follow the spec that HandshakeHash.reset() can be only be
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1452	// called before protocolDetermined.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1453	// if (maxProtocolVersion.v < ProtocolVersion.TLS12.v) {
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	1454	// handshakeHash.protocolDetermined(maxProtocolVersion);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1455	// }
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1456
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1457	// create the ClientHello message
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1458	ClientHello clientHelloMessage = new ClientHello(
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1459	sslContext.getSecureRandom(), maxProtocolVersion,
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1460	sessionId, cipherSuites, isDTLS);
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1461
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1462	// add signature_algorithm extension
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1463	if (maxProtocolVersion.useTLS12PlusSpec()) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1464	// we will always send the signature_algorithm extension
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1465	Collection<SignatureAndHashAlgorithm> localSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1466	getLocalSupportedSignAlgs();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1467	if (localSignAlgs.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1468	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1469	"No supported signature algorithm");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1470	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1471
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1472	clientHelloMessage.addSignatureAlgorithmsExtension(localSignAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1473	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1474
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1475	// add server_name extension
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1476	if (enableSNIExtension) {
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1477	if (session != null) {
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1478	requestedServerNames = session.getRequestedServerNames();
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1479	} else {
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1480	requestedServerNames = serverNames;
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1481	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1482
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1483	if (!requestedServerNames.isEmpty()) {
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1484	clientHelloMessage.addSNIExtension(requestedServerNames);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1485	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1486	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1487
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1488	// add max_fragment_length extension
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1489	if (enableMFLExtension) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1490	if (session != null) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1491	// The same extension should be sent for resumption.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1492	requestedMFLength = session.getNegotiatedMaxFragSize();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1493	} else if (maximumPacketSize != 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1494	// Maybe we can calculate the fragment size more accurate
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1495	// by condering the enabled cipher suites in the future.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1496	requestedMFLength = maximumPacketSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1497	if (isDTLS) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1498	requestedMFLength -= DTLSRecord.maxPlaintextPlusSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1499	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1500	requestedMFLength -= SSLRecord.maxPlaintextPlusSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1501	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1502	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1503	// Need no max_fragment_length extension.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1504	requestedMFLength = -1;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1505	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1506
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1507	if ((requestedMFLength > 0) &&
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1508	MaxFragmentLengthExtension.needFragLenNego(requestedMFLength)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1509
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1510	requestedMFLength =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1511	MaxFragmentLengthExtension.getValidMaxFragLen(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1512	requestedMFLength);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1513	clientHelloMessage.addMFLExtension(requestedMFLength);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1514	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1515	requestedMFLength = -1;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1516	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1517	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1518
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1519	// Add status_request and status_request_v2 extensions
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1520	if (enableStatusRequestExtension) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1521	clientHelloMessage.addCertStatusReqListV2Extension();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1522	clientHelloMessage.addCertStatusRequestExtension();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1523	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1524
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1525	// reset the client random cookie
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1526	clnt_random = clientHelloMessage.clnt_random;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1527
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1528	/*
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1529	* need to set the renegotiation_info extension for:
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1530	* 1: secure renegotiation
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1531	* 2: initial handshake and no SCSV in the ClientHello
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1532	* 3: insecure renegotiation and no SCSV in the ClientHello
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1533	*/
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1534	if (secureRenegotiation \|\|
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1535	!cipherSuites.contains(CipherSuite.C_SCSV)) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1536	clientHelloMessage.addRenegotiationInfoExtension(clientVerifyData);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1537	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1538
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1539	if (isDTLS) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1540	// Cookie exchange need to reserve the initial ClientHello message.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1541	initialClientHelloMsg = clientHelloMessage;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1542	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	1543
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1544	return clientHelloMessage;
2 90ce3da70b43 Initial load duke parents: diff changeset	1545	}
90ce3da70b43 Initial load duke parents: diff changeset	1546
90ce3da70b43 Initial load duke parents: diff changeset	1547	/*
90ce3da70b43 Initial load duke parents: diff changeset	1548	* Fault detected during handshake.
90ce3da70b43 Initial load duke parents: diff changeset	1549	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1550	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1551	void handshakeAlert(byte description) throws SSLProtocolException {
90ce3da70b43 Initial load duke parents: diff changeset	1552	String message = Alerts.alertDescription(description);
90ce3da70b43 Initial load duke parents: diff changeset	1553
90ce3da70b43 Initial load duke parents: diff changeset	1554	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	1555	System.out.println("SSL - handshake alert: " + message);
90ce3da70b43 Initial load duke parents: diff changeset	1556	}
90ce3da70b43 Initial load duke parents: diff changeset	1557	throw new SSLProtocolException("handshake alert: " + message);
90ce3da70b43 Initial load duke parents: diff changeset	1558	}
90ce3da70b43 Initial load duke parents: diff changeset	1559
90ce3da70b43 Initial load duke parents: diff changeset	1560	/*
90ce3da70b43 Initial load duke parents: diff changeset	1561	* Unless we are using an anonymous ciphersuite, the server always
90ce3da70b43 Initial load duke parents: diff changeset	1562	* sends a certificate message (for the CipherSuites we currently
90ce3da70b43 Initial load duke parents: diff changeset	1563	* support). The trust manager verifies the chain for us.
90ce3da70b43 Initial load duke parents: diff changeset	1564	*/
90ce3da70b43 Initial load duke parents: diff changeset	1565	private void serverCertificate(CertificateMsg mesg) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1566	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	1567	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	1568	}
90ce3da70b43 Initial load duke parents: diff changeset	1569	X509Certificate[] peerCerts = mesg.getCertificateChain();
90ce3da70b43 Initial load duke parents: diff changeset	1570	if (peerCerts.length == 0) {
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1571	fatalSE(Alerts.alert_bad_certificate, "empty certificate chain");
2 90ce3da70b43 Initial load duke parents: diff changeset	1572	}
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1573
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1574	// Allow server certificate change in client side during renegotiation
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1575	// after a session-resumption abbreviated initial handshake?
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1576	//
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1577	// DO NOT need to check allowUnsafeServerCertChange here. We only
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1578	// reserve server certificates when allowUnsafeServerCertChange is
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1579	// flase.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1580	if (reservedServerCerts != null) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1581	// It is not necessary to check the certificate update if endpoint
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1582	// identification is enabled.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1583	String identityAlg = getEndpointIdentificationAlgorithmSE();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1584	if ((identityAlg == null \|\| identityAlg.length() == 0) &&
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1585	!isIdentityEquivalent(peerCerts[0], reservedServerCerts[0])) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1586
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1587	fatalSE(Alerts.alert_bad_certificate,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1588	"server certificate change is restricted " +
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1589	"during renegotiation");
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1590	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1591	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1592
2 90ce3da70b43 Initial load duke parents: diff changeset	1593	// ask the trust manager to verify the chain
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1594	if (staplingActive) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1595	// Defer the certificate check until after we've received the
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1596	// CertificateStatus message. If that message doesn't come in
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1597	// immediately following this message we will execute the check
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1598	// directly from processMessage before any other SSL/TLS processing.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1599	deferredCerts = peerCerts;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1600	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1601	// We're not doing stapling, so perform the check right now
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1602	checkServerCerts(peerCerts);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1603	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1604	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1605
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1606	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1607	* If certificate status stapling has been enabled, the server will send
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1608	* one or more status messages to the client.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1609	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1610	* @param mesg a {@code CertificateStatus} object built from the data
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1611	* sent by the server.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1612	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1613	* @throws IOException if any parsing errors occur.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1614	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1615	private void certificateStatus(CertificateStatus mesg) throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1616	if (debug != null && Debug.isOn("handshake")) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1617	mesg.print(System.out);
2 90ce3da70b43 Initial load duke parents: diff changeset	1618	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1619
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1620	// Perform the certificate check using the deferred certificates
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1621	// and responses that we have obtained.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1622	session.setStatusResponses(mesg.getResponses());
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1623	checkServerCerts(deferredCerts);
2 90ce3da70b43 Initial load duke parents: diff changeset	1624	}
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1625
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1626	/*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1627	* Whether the certificates can represent the same identity?
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1628	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1629	* The certificates can be used to represent the same identity:
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1630	* 1. If the subject alternative names of IP address are present in
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1631	* both certificates, they should be identical; otherwise,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1632	* 2. if the subject alternative names of DNS name are present in
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1633	* both certificates, they should be identical; otherwise,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1634	* 3. if the subject fields are present in both certificates, the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1635	* certificate subjects and issuers should be identical.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1636	*/
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1637	private static boolean isIdentityEquivalent(X509Certificate thisCert,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1638	X509Certificate prevCert) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1639	if (thisCert.equals(prevCert)) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1640	return true;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1641	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1642
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1643	// check subject alternative names
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1644	Collection<List<?>> thisSubjectAltNames = null;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1645	try {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1646	thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1647	} catch (CertificateParsingException cpe) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1648	if (debug != null && Debug.isOn("handshake")) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1649	System.out.println(
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1650	"Attempt to obtain subjectAltNames extension failed!");
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1651	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1652	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1653
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1654	Collection<List<?>> prevSubjectAltNames = null;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1655	try {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1656	prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1657	} catch (CertificateParsingException cpe) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1658	if (debug != null && Debug.isOn("handshake")) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1659	System.out.println(
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1660	"Attempt to obtain subjectAltNames extension failed!");
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1661	}
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1662	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1663
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1664	if ((thisSubjectAltNames != null) && (prevSubjectAltNames != null)) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1665	// check the iPAddress field in subjectAltName extension
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1666	Collection<String> thisSubAltIPAddrs =
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1667	getSubjectAltNames(thisSubjectAltNames, ALTNAME_IP);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1668	Collection<String> prevSubAltIPAddrs =
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1669	getSubjectAltNames(prevSubjectAltNames, ALTNAME_IP);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1670	if ((thisSubAltIPAddrs != null) && (prevSubAltIPAddrs != null) &&
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1671	(isEquivalent(thisSubAltIPAddrs, prevSubAltIPAddrs))) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1672
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1673	return true;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1674	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1675
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1676	// check the dNSName field in subjectAltName extension
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1677	Collection<String> thisSubAltDnsNames =
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1678	getSubjectAltNames(thisSubjectAltNames, ALTNAME_DNS);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1679	Collection<String> prevSubAltDnsNames =
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1680	getSubjectAltNames(prevSubjectAltNames, ALTNAME_DNS);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1681	if ((thisSubAltDnsNames != null) && (prevSubAltDnsNames != null) &&
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1682	(isEquivalent(thisSubAltDnsNames, prevSubAltDnsNames))) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1683
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1684	return true;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1685	}
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1686	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1687
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1688	// check the certificate subject and issuer
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1689	X500Principal thisSubject = thisCert.getSubjectX500Principal();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1690	X500Principal prevSubject = prevCert.getSubjectX500Principal();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1691	X500Principal thisIssuer = thisCert.getIssuerX500Principal();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1692	X500Principal prevIssuer = prevCert.getIssuerX500Principal();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1693	if (!thisSubject.getName().isEmpty() &&
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1694	!prevSubject.getName().isEmpty() &&
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1695	thisSubject.equals(prevSubject) &&
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1696	thisIssuer.equals(prevIssuer)) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1697	return true;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1698	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1699
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1700	return false;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1701	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1702
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1703	/*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1704	* Returns the subject alternative name of the specified type in the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1705	* subjectAltNames extension of a certificate.
29390 9927a5ff3ded 8072385: Only the first DNSName entry is checked for endpoint identification xuelei parents: 29266 diff changeset	1706	*
9927a5ff3ded 8072385: Only the first DNSName entry is checked for endpoint identification xuelei parents: 29266 diff changeset	1707	* Note that only those subjectAltName types that use String data
9927a5ff3ded 8072385: Only the first DNSName entry is checked for endpoint identification xuelei parents: 29266 diff changeset	1708	* should be passed into this function.
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1709	*/
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1710	private static Collection<String> getSubjectAltNames(
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1711	Collection<List<?>> subjectAltNames, int type) {
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1712
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1713	HashSet<String> subAltDnsNames = null;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1714	for (List<?> subjectAltName : subjectAltNames) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1715	int subjectAltNameType = (Integer)subjectAltName.get(0);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1716	if (subjectAltNameType == type) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1717	String subAltDnsName = (String)subjectAltName.get(1);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1718	if ((subAltDnsName != null) && !subAltDnsName.isEmpty()) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1719	if (subAltDnsNames == null) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1720	subAltDnsNames =
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1721	new HashSet<>(subjectAltNames.size());
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1722	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1723	subAltDnsNames.add(subAltDnsName);
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1724	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1725	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1726	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1727
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1728	return subAltDnsNames;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1729	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1730
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1731	private static boolean isEquivalent(Collection<String> thisSubAltNames,
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1732	Collection<String> prevSubAltNames) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1733
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1734	for (String thisSubAltName : thisSubAltNames) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1735	for (String prevSubAltName : prevSubAltNames) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1736	// Only allow the exactly match. Check no wildcard character.
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1737	if (thisSubAltName.equalsIgnoreCase(prevSubAltName)) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1738	return true;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1739	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1740	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1741	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1742
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1743	return false;
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1744	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1745
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1746	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1747	* Perform client-side checking of server certificates.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1748	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1749	* @param certs an array of {@code X509Certificate} objects presented
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1750	* by the server in the ServerCertificate message.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1751	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1752	* @throws IOException if a failure occurs during validation or
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1753	* the trust manager associated with the {@code SSLContext} is not
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1754	* an {@code X509ExtendedTrustManager}.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1755	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1756	private void checkServerCerts(X509Certificate[] certs)
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1757	throws IOException {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1758	X509TrustManager tm = sslContext.getX509TrustManager();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1759
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1760	// find out the key exchange algorithm used
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1761	// use "RSA" for non-ephemeral "RSA_EXPORT"
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1762	String keyExchangeString;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1763	if (keyExchange == K_RSA_EXPORT && !serverKeyExchangeReceived) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1764	keyExchangeString = K_RSA.name;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1765	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1766	keyExchangeString = keyExchange.name;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1767	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1768
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1769	try {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1770	if (tm instanceof X509ExtendedTrustManager) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1771	if (conn != null) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1772	((X509ExtendedTrustManager)tm).checkServerTrusted(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1773	certs.clone(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1774	keyExchangeString,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1775	conn);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1776	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1777	((X509ExtendedTrustManager)tm).checkServerTrusted(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1778	certs.clone(),
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1779	keyExchangeString,
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1780	engine);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1781	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1782	} else {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1783	// Unlikely to happen, because we have wrapped the old
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1784	// X509TrustManager with the new X509ExtendedTrustManager.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1785	throw new CertificateException(
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1786	"Improper X509TrustManager implementation");
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1787	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1788
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1789	// Once the server certificate chain has been validated, set
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1790	// the certificate chain in the TLS session.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1791	session.setPeerCertificates(certs);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1792	} catch (CertificateException ce) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1793	fatalSE(getCertificateAlert(ce), ce);
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1794	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1795	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1796
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1797	/**
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1798	* When a failure happens during certificate checking from an
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1799	* {@link X509TrustManager}, determine what TLS alert description to use.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1800	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1801	* @param cexc The exception thrown by the {@link X509TrustManager}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1802	*
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1803	* @return A byte value corresponding to a TLS alert description number.
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1804	*/
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1805	private byte getCertificateAlert(CertificateException cexc) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1806	// The specific reason for the failure will determine how to
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1807	// set the alert description value
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1808	byte alertDesc = Alerts.alert_certificate_unknown;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1809
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1810	Throwable baseCause = cexc.getCause();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1811	if (baseCause instanceof CertPathValidatorException) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1812	CertPathValidatorException cpve =
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1813	(CertPathValidatorException)baseCause;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1814	Reason reason = cpve.getReason();
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1815	if (reason == BasicReason.REVOKED) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1816	alertDesc = staplingActive ?
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1817	Alerts.alert_bad_certificate_status_response :
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1818	Alerts.alert_certificate_revoked;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1819	} else if (reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1820	alertDesc = staplingActive ?
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1821	Alerts.alert_bad_certificate_status_response :
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1822	Alerts.alert_certificate_unknown;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1823	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1824	}
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1825
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1826	return alertDesc;
22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1827	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1828	}
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	1829

author	martin
	Tue, 15 Sep 2015 21:56:04 -0700
changeset 32649	2ee9017c7597
parent 32032	22badc53802f
child 33293	14dcba137e73
permissions	-rw-r--r--