author | wetmore |
Fri, 11 May 2018 15:53:12 -0700 | |
branch | JDK-8145252-TLS13-branch |
changeset 56542 | 56aaa6cb3693 |
parent 47216 | 71c04702a3d5 |
child 56573 | 4a53dd94403e |
permissions | -rw-r--r-- |
2 | 1 |
/* |
56542 | 2 |
* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.ssl; |
|
27 |
||
28555 | 28 |
import java.security.CryptoPrimitive; |
56542 | 29 |
import java.util.ArrayList; |
30 |
import java.util.Collections; |
|
31 |
import java.util.EnumSet; |
|
32 |
import java.util.List; |
|
28555 | 33 |
|
2 | 34 |
/** |
56542 | 35 |
* Enum for an SSL/TLS/DTLS protocol version. |
2 | 36 |
* |
37 |
* @author Andreas Sterbenz |
|
38 |
* @since 1.4.1 |
|
39 |
*/ |
|
56542 | 40 |
enum ProtocolVersion { |
41 |
// TLS13 (0x0304, "TLSv1.3", false), |
|
42 |
TLS13 (SSLConfiguration.tls13VN, "TLSv1.3", false), |
|
43 |
TLS12 (0x0303, "TLSv1.2", false), |
|
44 |
TLS11 (0x0302, "TLSv1.1", false), |
|
45 |
TLS10 (0x0301, "TLSv1", false), |
|
46 |
SSL30 (0x0300, "SSLv3", false), |
|
47 |
SSL20Hello (0x0002, "SSLv2Hello", false), |
|
48 |
||
49 |
DTLS13 (0xFEFC, "DTLSv1.3", true), |
|
50 |
DTLS12 (0xFEFD, "DTLSv1.2", true), |
|
51 |
DTLS10 (0xFEFF, "DTLSv1.0", true), |
|
52 |
||
53 |
// Dummy protocol version value for invalid SSLSession |
|
54 |
NONE (-1, "NONE", false); |
|
55 |
||
56 |
||
57 |
final int id; |
|
58 |
final String name; |
|
59 |
final boolean isDTLS; |
|
60 |
final byte major; |
|
61 |
final byte minor; |
|
62 |
final boolean isAvailable; |
|
2 | 63 |
|
7039 | 64 |
// The limit of maximum protocol version |
32649
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
30904
diff
changeset
|
65 |
static final int LIMIT_MAX_VALUE = 0xFFFF; |
7039 | 66 |
|
7043 | 67 |
// The limit of minimum protocol version |
32649
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
30904
diff
changeset
|
68 |
static final int LIMIT_MIN_VALUE = 0x0000; |
7043 | 69 |
|
56542 | 70 |
// (D)TLS ProtocolVersion array for TLS 1.0 and previous versions. |
71 |
static final ProtocolVersion[] PROTOCOLS_TO_10 = new ProtocolVersion[] { |
|
72 |
TLS10, SSL30 |
|
73 |
}; |
|
2 | 74 |
|
56542 | 75 |
// (D)TLS ProtocolVersion array for TLS 1.1/DTLS 1.0 and previous versions. |
76 |
static final ProtocolVersion[] PROTOCOLS_TO_11 = new ProtocolVersion[] { |
|
77 |
TLS11, TLS10, SSL30, DTLS10 |
|
78 |
}; |
|
2 | 79 |
|
56542 | 80 |
// (D)TLS ProtocolVersion array for (D)TLS 1.2 and previous versions. |
81 |
static final ProtocolVersion[] PROTOCOLS_TO_12 = new ProtocolVersion[] { |
|
82 |
TLS12, TLS11, TLS10, SSL30, DTLS12, DTLS10 |
|
83 |
}; |
|
2 | 84 |
|
56542 | 85 |
// (D)TLS ProtocolVersion array for (D)TLS 1.3 and previous versions. |
86 |
static final ProtocolVersion[] PROTOCOLS_TO_13 = new ProtocolVersion[] { |
|
87 |
TLS13, TLS12, TLS11, TLS10, SSL30, DTLS13, DTLS12, DTLS10 |
|
88 |
}; |
|
2 | 89 |
|
56542 | 90 |
// No protocol version specified. |
91 |
static final ProtocolVersion[] PROTOCOLS_OF_NONE = new ProtocolVersion[] { |
|
92 |
NONE |
|
93 |
}; |
|
2 | 94 |
|
56542 | 95 |
// (D)TLS ProtocolVersion array for (D)TLS 1.3. |
96 |
static final ProtocolVersion[] PROTOCOLS_OF_30 = new ProtocolVersion[] { |
|
97 |
SSL30 |
|
98 |
}; |
|
7039 | 99 |
|
56542 | 100 |
// (D)TLS ProtocolVersion array for TLS 1.1/DTSL 1.0. |
101 |
static final ProtocolVersion[] PROTOCOLS_OF_11 = new ProtocolVersion[] { |
|
102 |
TLS11, DTLS10 |
|
103 |
}; |
|
104 |
||
105 |
// (D)TLS ProtocolVersion array for (D)TLS 1.2. |
|
106 |
static final ProtocolVersion[] PROTOCOLS_OF_12 = new ProtocolVersion[] { |
|
107 |
TLS12, DTLS12 |
|
108 |
}; |
|
30904 | 109 |
|
56542 | 110 |
// (D)TLS ProtocolVersion array for (D)TLS 1.3. |
111 |
static final ProtocolVersion[] PROTOCOLS_OF_13 = new ProtocolVersion[] { |
|
112 |
TLS13, DTLS13 |
|
113 |
}; |
|
30904 | 114 |
|
56542 | 115 |
// (D)TLS ProtocolVersion array for TSL 1.0/1.1 and DTLS 1.0. |
116 |
static final ProtocolVersion[] PROTOCOLS_10_11 = new ProtocolVersion[] { |
|
117 |
TLS11, TLS10, DTLS10 |
|
118 |
}; |
|
30904 | 119 |
|
56542 | 120 |
// (D)TLS ProtocolVersion array for TSL 1.1/1.2 and DTLS 1.0/1.2. |
121 |
static final ProtocolVersion[] PROTOCOLS_11_12 = new ProtocolVersion[] { |
|
122 |
TLS12, TLS11, DTLS12, DTLS10 |
|
123 |
}; |
|
2 | 124 |
|
56542 | 125 |
// (D)TLS ProtocolVersion array for TSL 1.2/1.3 and DTLS 1.2/1.3. |
126 |
static final ProtocolVersion[] PROTOCOLS_12_13 = new ProtocolVersion[] { |
|
127 |
TLS13, TLS12, DTLS13, DTLS12 |
|
128 |
}; |
|
2 | 129 |
|
56542 | 130 |
// (D)TLS ProtocolVersion array for TSL 1.0/1.1/1.2 and DTLS 1.0/1.2. |
131 |
static final ProtocolVersion[] PROTOCOLS_10_12 = new ProtocolVersion[] { |
|
132 |
TLS12, TLS11, TLS10, DTLS12, DTLS10 |
|
133 |
}; |
|
30904 | 134 |
|
56542 | 135 |
// Empty ProtocolVersion array |
136 |
static final ProtocolVersion[] PROTOCOLS_EMPTY = new ProtocolVersion[0]; |
|
2 | 137 |
|
56542 | 138 |
private ProtocolVersion(int id, String name, boolean isDTLS) { |
139 |
this.id = id; |
|
140 |
this.name = name; |
|
141 |
this.isDTLS = isDTLS; |
|
142 |
this.major = (byte)((id >>> 8) & 0xFF); |
|
143 |
this.minor = (byte)(id & 0xFF); |
|
2 | 144 |
|
56542 | 145 |
this.isAvailable = SSLAlgorithmConstraints.DEFAULT_SSL_ONLY.permits( |
146 |
EnumSet.<CryptoPrimitive>of(CryptoPrimitive.KEY_AGREEMENT), |
|
147 |
name, null); |
|
148 |
} |
|
28555 | 149 |
|
56542 | 150 |
/** |
151 |
* Return a ProtocolVersion with the specified major and minor |
|
152 |
* version numbers. |
|
153 |
*/ |
|
154 |
static ProtocolVersion valueOf(byte major, byte minor) { |
|
155 |
for (ProtocolVersion pv : ProtocolVersion.values()) { |
|
156 |
if ((pv.major == major) && (pv.minor == minor)) { |
|
157 |
return pv; |
|
158 |
} |
|
159 |
} |
|
2 | 160 |
|
56542 | 161 |
return null; |
162 |
} |
|
2 | 163 |
|
56542 | 164 |
/** |
165 |
* Return a ProtocolVersion with the specified version number. |
|
166 |
*/ |
|
167 |
static ProtocolVersion valueOf(int id) { |
|
168 |
for (ProtocolVersion pv : ProtocolVersion.values()) { |
|
169 |
if (pv.id == id) { |
|
170 |
return pv; |
|
171 |
} |
|
172 |
} |
|
28555 | 173 |
|
56542 | 174 |
return null; |
175 |
} |
|
176 |
||
177 |
/** |
|
178 |
* Return name of a (D)TLS protocol specified by major and |
|
179 |
* minor version numbers. |
|
180 |
*/ |
|
181 |
static String nameOf(byte major, byte minor) { |
|
182 |
for (ProtocolVersion pv : ProtocolVersion.values()) { |
|
183 |
if ((pv.major == major) && (pv.minor == minor)) { |
|
184 |
return pv.name; |
|
28555 | 185 |
} |
186 |
} |
|
187 |
||
56542 | 188 |
return "(D)TLS-" + major + "." + minor; |
189 |
} |
|
190 |
||
191 |
/** |
|
192 |
* Return name of a (D)TLS protocol specified by a protocol number. |
|
193 |
*/ |
|
194 |
static String nameOf(int id) { |
|
195 |
return nameOf((byte)((id >>> 8) & 0xFF), (byte)(id & 0xFF)); |
|
196 |
} |
|
197 |
||
198 |
/** |
|
199 |
* Return a ProtocolVersion for the given (D)TLS protocol name. |
|
200 |
*/ |
|
201 |
static ProtocolVersion nameOf(String name) { |
|
202 |
for (ProtocolVersion pv : ProtocolVersion.values()) { |
|
203 |
if (pv.name.equals(name)) { |
|
204 |
return pv; |
|
205 |
} |
|
206 |
} |
|
207 |
||
208 |
return null; |
|
28555 | 209 |
} |
210 |
||
56542 | 211 |
/** |
212 |
* Return true if the specific (D)TLS protocol is negotiable. |
|
213 |
*/ |
|
214 |
static boolean isNegotiable( |
|
215 |
byte major, byte minor, boolean isDTLS, boolean allowSSL20Hello) { |
|
216 |
||
217 |
int v = ((major & 0xFF) << 8) | (minor & 0xFF); |
|
218 |
if (isDTLS) { |
|
219 |
return v <= DTLS10.id; |
|
220 |
} else { |
|
221 |
if (v < SSL30.id) { |
|
222 |
if (!allowSSL20Hello || (v != SSL20Hello.id)) { |
|
223 |
return false; |
|
224 |
} |
|
225 |
} |
|
226 |
} |
|
227 |
||
228 |
return true; |
|
229 |
} |
|
230 |
||
231 |
/** |
|
232 |
* Get names of a list of ProtocolVersion objects. |
|
233 |
*/ |
|
234 |
static String[] toStringArray(List<ProtocolVersion> protocolVersions) { |
|
235 |
if ((protocolVersions != null) && !protocolVersions.isEmpty()) { |
|
236 |
String[] protocolNames = new String[protocolVersions.size()]; |
|
237 |
int i = 0; |
|
238 |
for (ProtocolVersion pv : protocolVersions) { |
|
239 |
protocolNames[i++] = pv.name; |
|
240 |
} |
|
241 |
||
242 |
return protocolNames; |
|
243 |
} |
|
244 |
||
245 |
return new String[0]; |
|
2 | 246 |
} |
247 |
||
56542 | 248 |
/** |
249 |
* Get names of a list of protocol version identifiers. |
|
250 |
*/ |
|
251 |
static String[] toStringArray(int[] protocolVersions) { |
|
252 |
if ((protocolVersions != null) && protocolVersions.length != 0) { |
|
253 |
String[] protocolNames = new String[protocolVersions.length]; |
|
254 |
int i = 0; |
|
255 |
for (int pv : protocolVersions) { |
|
256 |
protocolNames[i++] = ProtocolVersion.nameOf(pv); |
|
257 |
} |
|
258 |
||
259 |
return protocolNames; |
|
260 |
} |
|
261 |
||
262 |
return new String[0]; |
|
263 |
} |
|
264 |
||
265 |
/** |
|
266 |
* Get a list of ProtocolVersion objects of an array protocol |
|
267 |
* version names. |
|
268 |
*/ |
|
269 |
static List<ProtocolVersion> namesOf(String[] protocolNames) { |
|
270 |
if (protocolNames == null || protocolNames.length == 0) { |
|
271 |
return Collections.emptyList(); |
|
272 |
} |
|
273 |
||
274 |
if ((protocolNames != null) && (protocolNames.length != 0)) { |
|
275 |
List<ProtocolVersion> pvs = new ArrayList<>(protocolNames.length); |
|
276 |
for (String pn : protocolNames) { |
|
277 |
ProtocolVersion pv = ProtocolVersion.nameOf(pn); |
|
278 |
if (pv == null) { |
|
279 |
throw new IllegalArgumentException( |
|
280 |
"Unsupported protocol" + pn); |
|
281 |
} |
|
282 |
||
283 |
pvs.add(pv); |
|
284 |
} |
|
285 |
||
286 |
return Collections.unmodifiableList(pvs); |
|
287 |
} |
|
288 |
||
289 |
return Collections.<ProtocolVersion>emptyList(); |
|
290 |
} |
|
291 |
||
292 |
/** |
|
293 |
* Return true if the specific protocol version name is |
|
294 |
* of (D)TLS 1.2 or newer version. |
|
295 |
*/ |
|
296 |
static boolean useTLS12PlusSpec(String name) { |
|
297 |
ProtocolVersion pv = ProtocolVersion.nameOf(name); |
|
298 |
if (pv != null && pv != NONE) { |
|
299 |
return pv.isDTLS ? (pv.id <= DTLS12.id) : (pv.id >= TLS12.id); |
|
300 |
} |
|
301 |
||
302 |
return false; |
|
303 |
} |
|
304 |
||
305 |
/** |
|
306 |
* Compares this object with the specified ProtocolVersion. |
|
307 |
* |
|
308 |
* @see java.lang.Comparable |
|
309 |
*/ |
|
310 |
int compare(ProtocolVersion that) { |
|
311 |
if (this == that) { |
|
312 |
return 0; |
|
313 |
} |
|
314 |
||
315 |
if (this == ProtocolVersion.NONE) { |
|
316 |
return -1; |
|
317 |
} else if (that == ProtocolVersion.NONE) { |
|
318 |
return 1; |
|
319 |
} |
|
320 |
||
321 |
if (isDTLS) { |
|
322 |
return that.id - this.id; |
|
2 | 323 |
} else { |
56542 | 324 |
return this.id - that.id; |
2 | 325 |
} |
326 |
} |
|
327 |
||
328 |
/** |
|
56542 | 329 |
* Return true if this ProtocolVersion object is of (D)TLS 1.3 or |
330 |
* newer version. |
|
2 | 331 |
*/ |
56542 | 332 |
boolean useTLS13PlusSpec() { |
333 |
return isDTLS ? (this.id <= DTLS13.id) : (this.id >= TLS13.id); |
|
2 | 334 |
} |
335 |
||
336 |
/** |
|
56542 | 337 |
* Return true if this ProtocolVersion object is of (D)TLS 1.2 or |
338 |
* newer version. |
|
2 | 339 |
*/ |
56542 | 340 |
boolean useTLS12PlusSpec() { |
341 |
return isDTLS ? (this.id <= DTLS12.id) : (this.id >= TLS12.id); |
|
2 | 342 |
} |
343 |
||
7039 | 344 |
/** |
56542 | 345 |
* Return true if this ProtocolVersion object is of |
346 |
* TLS 1.1/DTLS 1.0 or newer version. |
|
7039 | 347 |
*/ |
56542 | 348 |
boolean useTLS11PlusSpec() { |
349 |
return isDTLS ? true : (this.id >= TLS11.id); |
|
350 |
} |
|
30904 | 351 |
|
56542 | 352 |
/** |
353 |
* Return true if this ProtocolVersion object is of TLS 1.0 or |
|
354 |
* newer version. |
|
355 |
*/ |
|
356 |
boolean useTLS10PlusSpec() { |
|
357 |
return isDTLS ? true : (this.id >= TLS10.id); |
|
30904 | 358 |
} |
359 |
||
360 |
/** |
|
56542 | 361 |
* Return true if this ProtocolVersion object is of TLS 1.0 or |
362 |
* newer version. |
|
30904 | 363 |
*/ |
56542 | 364 |
static boolean useTLS10PlusSpec(int id, boolean isDTLS) { |
365 |
return isDTLS ? true : (id >= TLS10.id); |
|
366 |
} |
|
367 |
||
368 |
/** |
|
369 |
* Return true if this ProtocolVersion object is of TLS 1.3 or |
|
370 |
* newer version. |
|
371 |
*/ |
|
372 |
static boolean useTLS13PlusSpec(int id, boolean isDTLS) { |
|
373 |
return isDTLS ? (id <= DTLS13.id) : (id >= TLS13.id); |
|
30904 | 374 |
} |
375 |
||
376 |
/** |
|
56542 | 377 |
* Select the lower of that suggested protocol version and |
378 |
* the highest of the listed protocol versions. |
|
379 |
* |
|
380 |
* @param listedVersions the listed protocol version |
|
381 |
* @param suggestedVersion the suggested protocol version |
|
30904 | 382 |
*/ |
56542 | 383 |
static ProtocolVersion selectedFrom( |
384 |
List<ProtocolVersion> listedVersions, int suggestedVersion) { |
|
385 |
ProtocolVersion selectedVersion = ProtocolVersion.NONE; |
|
386 |
for (ProtocolVersion pv : listedVersions) { |
|
387 |
if (pv.id == suggestedVersion) { |
|
388 |
return pv; |
|
389 |
} else if (pv.isDTLS) { |
|
390 |
if (pv.id > suggestedVersion && pv.id < selectedVersion.id) { |
|
391 |
selectedVersion = pv; |
|
392 |
} |
|
393 |
} else { |
|
394 |
if (pv.id < suggestedVersion && pv.id > selectedVersion.id) { |
|
395 |
selectedVersion = pv; |
|
396 |
} |
|
30904 | 397 |
} |
398 |
} |
|
399 |
||
56542 | 400 |
return selectedVersion; |
7039 | 401 |
} |
2 | 402 |
} |