author | wetmore |
Fri, 11 May 2018 15:53:12 -0700 | |
branch | JDK-8145252-TLS13-branch |
changeset 56542 | 56aaa6cb3693 |
parent 47216 | src/java.base/share/classes/sun/security/ssl/HelloExtension.java@71c04702a3d5 |
child 56559 | a423173d0578 |
permissions | -rw-r--r-- |
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
1 |
/* |
56542 | 2 |
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
4 |
* |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. Oracle designates this |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
8 |
* particular file as subject to the "Classpath" exception as provided |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
10 |
* |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
15 |
* accompanied this code). |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
16 |
* |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
17 |
* You should have received a copy of the GNU General Public License version |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
20 |
* |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
22 |
* or visit www.oracle.com if you need additional information or have any |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
23 |
* questions. |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
24 |
*/ |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
25 |
|
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
26 |
package sun.security.ssl; |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
27 |
|
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
28 |
import java.io.IOException; |
56542 | 29 |
import java.nio.ByteBuffer; |
30 |
import java.text.MessageFormat; |
|
31 |
import java.util.Collection; |
|
32 |
import java.util.Collections; |
|
33 |
import java.util.LinkedList; |
|
34 |
import java.util.Locale; |
|
35 |
import sun.security.ssl.SSLHandshake.HandshakeMessage; |
|
36 |
import sun.security.util.HexDumpEncoder; |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
37 |
|
56542 | 38 |
enum SSLExtension implements SSLStringize { |
39 |
// Extensions defined in RFC 3546 |
|
40 |
CH_SERVER_NAME (0x0000, "server_name", |
|
41 |
SSLHandshake.CLIENT_HELLO, |
|
42 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
43 |
ServerNameExtension.chNetworkProducer, |
|
44 |
ServerNameExtension.chOnLoadConcumer, |
|
45 |
null, |
|
46 |
null, |
|
47 |
ServerNameExtension.chStringize), |
|
48 |
SH_SERVER_NAME (0x0000, "server_name", |
|
49 |
SSLHandshake.SERVER_HELLO, |
|
50 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
51 |
ServerNameExtension.shNetworkProducer, |
|
52 |
ServerNameExtension.shOnLoadConcumer, |
|
53 |
null, |
|
54 |
null, |
|
55 |
ServerNameExtension.shStringize), |
|
56 |
EE_SERVER_NAME (0x0000, "server_name", |
|
57 |
SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
58 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
59 |
ServerNameExtension.eeNetworkProducer, |
|
60 |
ServerNameExtension.eeOnLoadConcumer, |
|
61 |
null, |
|
62 |
null, |
|
63 |
ServerNameExtension.shStringize), |
|
64 |
CH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
65 |
SSLHandshake.CLIENT_HELLO, |
|
66 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
67 |
MaxFragExtension.chNetworkProducer, |
|
68 |
MaxFragExtension.chOnLoadConcumer, |
|
69 |
null, |
|
70 |
null, |
|
71 |
MaxFragExtension.maxFragLenStringize), |
|
72 |
SH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
73 |
SSLHandshake.SERVER_HELLO, |
|
74 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
75 |
MaxFragExtension.shNetworkProducer, |
|
76 |
MaxFragExtension.shOnLoadConcumer, |
|
77 |
null, |
|
78 |
MaxFragExtension.shOnTradeConsumer, |
|
79 |
MaxFragExtension.maxFragLenStringize), |
|
80 |
EE_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
81 |
SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
82 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
83 |
MaxFragExtension.eeNetworkProducer, |
|
84 |
MaxFragExtension.eeOnLoadConcumer, |
|
85 |
null, |
|
86 |
MaxFragExtension.eeOnTradeConsumer, |
|
87 |
MaxFragExtension.maxFragLenStringize), |
|
88 |
CLIENT_CERTIFICATE_URL (0x0002, "client_certificate_url"), |
|
89 |
TRUSTED_CA_KEYS (0x0003, "trusted_ca_keys"), |
|
90 |
TRUNCATED_HMAC (0x0004, "truncated_hmac"), |
|
91 |
||
92 |
CH_STATUS_REQUEST (0x0005, "status_request", |
|
93 |
SSLHandshake.CLIENT_HELLO, |
|
94 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
95 |
CertStatusExtension.chNetworkProducer, |
|
96 |
CertStatusExtension.chOnLoadConsumer, |
|
97 |
null, |
|
98 |
null, |
|
99 |
CertStatusExtension.certStatusReqStringize), |
|
100 |
SH_STATUS_REQUEST (0x0005, "status_request", |
|
101 |
SSLHandshake.SERVER_HELLO, |
|
102 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
103 |
CertStatusExtension.shNetworkProducer, |
|
104 |
CertStatusExtension.shOnLoadConsumer, |
|
105 |
null, |
|
106 |
null, |
|
107 |
CertStatusExtension.certStatusReqStringize), |
|
108 |
||
109 |
CR_STATUS_REQUEST (0x0005, "status_request"), |
|
110 |
CT_STATUS_REQUEST (0x0005, "status_request", |
|
111 |
SSLHandshake.CERTIFICATE, |
|
112 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
113 |
CertStatusExtension.ctNetworkProducer, |
|
114 |
CertStatusExtension.ctOnLoadConsumer, |
|
115 |
null, |
|
116 |
null, |
|
117 |
CertStatusExtension.certStatusRespStringize), |
|
118 |
// extensions defined in RFC 4681 |
|
119 |
USER_MAPPING (0x0006, "user_mapping"), |
|
120 |
||
121 |
// extensions defined in RFC 5878 |
|
122 |
CLIENT_AUTHZ (0x0007, "client_authz"), |
|
123 |
SERVER_AUTHZ (0x0008, "server_authz"), |
|
124 |
||
125 |
// extensions defined in RFC 5081 |
|
126 |
CERT_TYPE (0x0009, "cert_type"), |
|
127 |
||
128 |
// extensions defined in RFC 4492 (ECC) |
|
129 |
CH_SUPPORTED_GROUPS (0x000A, "supported_groups", |
|
130 |
SSLHandshake.CLIENT_HELLO, |
|
131 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
132 |
SupportedGroupsExtension.chNetworkProducer, |
|
133 |
SupportedGroupsExtension.chOnLoadConcumer, |
|
134 |
null, |
|
135 |
null, |
|
136 |
SupportedGroupsExtension.sgsStringize), |
|
137 |
EE_SUPPORTED_GROUPS (0x000A, "supported_groups", |
|
138 |
SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
139 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
140 |
SupportedGroupsExtension.eeNetworkProducer, |
|
141 |
SupportedGroupsExtension.eeOnLoadConcumer, |
|
142 |
null, |
|
143 |
null, |
|
144 |
SupportedGroupsExtension.sgsStringize), |
|
145 |
||
146 |
CH_EC_POINT_FORMATS (0x000B, "ec_point_formats", |
|
147 |
SSLHandshake.CLIENT_HELLO, |
|
148 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
149 |
ECPointFormatsExtension.chNetworkProducer, |
|
150 |
ECPointFormatsExtension.chOnLoadConcumer, |
|
151 |
null, |
|
152 |
null, |
|
153 |
ECPointFormatsExtension.epfStringize), |
|
154 |
SH_EC_POINT_FORMATS (0x000B, "ec_point_formats", |
|
155 |
SSLHandshake.SERVER_HELLO, |
|
156 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
157 |
null, // not use of the producer |
|
158 |
ECPointFormatsExtension.shOnLoadConcumer, |
|
159 |
null, |
|
160 |
null, |
|
161 |
ECPointFormatsExtension.epfStringize), |
|
162 |
||
163 |
// extensions defined in RFC 5054 |
|
164 |
SRP (0x000C, "srp"), |
|
165 |
||
166 |
// extensions defined in RFC 5246 |
|
167 |
CH_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", |
|
168 |
SSLHandshake.CLIENT_HELLO, |
|
169 |
ProtocolVersion.PROTOCOLS_12_13, |
|
170 |
SignatureAlgorithmsExtension.chNetworkProducer, |
|
171 |
SignatureAlgorithmsExtension.chOnLoadConcumer, |
|
172 |
SignatureAlgorithmsExtension.chOnLoadAbsence, |
|
173 |
SignatureAlgorithmsExtension.chOnTradeConsumer, |
|
174 |
SignatureAlgorithmsExtension.ssStringize), |
|
175 |
CR_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", |
|
176 |
SSLHandshake.CERTIFICATE_REQUEST, |
|
177 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
178 |
SignatureAlgorithmsExtension.crNetworkProducer, |
|
179 |
SignatureAlgorithmsExtension.crOnLoadConcumer, |
|
180 |
SignatureAlgorithmsExtension.crOnLoadAbsence, |
|
181 |
SignatureAlgorithmsExtension.crOnTradeConsumer, |
|
182 |
SignatureAlgorithmsExtension.ssStringize), |
|
183 |
||
184 |
CH_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", |
|
185 |
SSLHandshake.CLIENT_HELLO, |
|
186 |
ProtocolVersion.PROTOCOLS_12_13, |
|
187 |
CertSignAlgsExtension.chNetworkProducer, |
|
188 |
CertSignAlgsExtension.chOnLoadConcumer, |
|
189 |
null, |
|
190 |
CertSignAlgsExtension.chOnTradeConsumer, |
|
191 |
CertSignAlgsExtension.ssStringize), |
|
192 |
CR_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", |
|
193 |
SSLHandshake.CERTIFICATE_REQUEST, |
|
194 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
195 |
CertSignAlgsExtension.crNetworkProducer, |
|
196 |
CertSignAlgsExtension.crOnLoadConcumer, |
|
197 |
null, |
|
198 |
CertSignAlgsExtension.crOnTradeConsumer, |
|
199 |
CertSignAlgsExtension.ssStringize), |
|
200 |
||
201 |
// extensions defined in RFC 5764 |
|
202 |
USE_SRTP (0x000E, "use_srtp"), |
|
203 |
||
204 |
// extensions defined in RFC 6520 |
|
205 |
HEARTBEAT (0x000E, "heartbeat"), |
|
206 |
||
207 |
// extension defined in RFC 7301 (ALPN) |
|
208 |
CH_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
209 |
SSLHandshake.CLIENT_HELLO, |
|
210 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
211 |
AlpnExtension.chNetworkProducer, |
|
212 |
AlpnExtension.chOnLoadConcumer, |
|
213 |
AlpnExtension.chOnLoadAbsence, |
|
214 |
null, |
|
215 |
AlpnExtension.alpnStringize), |
|
216 |
SH_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
217 |
SSLHandshake.SERVER_HELLO, |
|
218 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
219 |
AlpnExtension.shNetworkProducer, |
|
220 |
AlpnExtension.shOnLoadConcumer, |
|
221 |
AlpnExtension.shOnLoadAbsence, |
|
222 |
null, |
|
223 |
AlpnExtension.alpnStringize), |
|
224 |
EE_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
225 |
SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
226 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
227 |
AlpnExtension.shNetworkProducer, |
|
228 |
AlpnExtension.shOnLoadConcumer, |
|
229 |
AlpnExtension.shOnLoadAbsence, |
|
230 |
null, |
|
231 |
AlpnExtension.alpnStringize), |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
232 |
|
56542 | 233 |
// extensions defined in RFC 6961 |
234 |
CH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", |
|
235 |
SSLHandshake.CLIENT_HELLO, |
|
236 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
237 |
CertStatusExtension.chV2NetworkProducer, |
|
238 |
CertStatusExtension.chV2OnLoadConsumer, |
|
239 |
null, |
|
240 |
null, |
|
241 |
CertStatusExtension.certStatusReqV2Stringize), |
|
242 |
SH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", |
|
243 |
SSLHandshake.SERVER_HELLO, |
|
244 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
245 |
CertStatusExtension.shV2NetworkProducer, |
|
246 |
CertStatusExtension.shV2OnLoadConsumer, |
|
247 |
null, |
|
248 |
null, |
|
249 |
CertStatusExtension.certStatusReqV2Stringize), |
|
250 |
||
251 |
// extensions defined in RFC 6962 |
|
252 |
SIGNED_CERT_TIMESTAMP (0x0012, "signed_certificate_timestamp"), |
|
253 |
||
254 |
// extensions defined in RFC 7250 |
|
255 |
CLIENT_CERT_TYPE (0x0013, "padding"), |
|
256 |
SERVER_CERT_TYPE (0x0014, "server_certificate_type"), |
|
257 |
||
258 |
// extensions defined in RFC 7685 |
|
259 |
PADDING (0x0015, "client_certificate_type"), |
|
260 |
||
261 |
// extensions defined in RFC 7366 |
|
262 |
ENCRYPT_THEN_MAC (0x0016, "encrypt_then_mac"), |
|
263 |
||
264 |
// extensions defined in RFC 7627 |
|
265 |
CH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", |
|
266 |
SSLHandshake.CLIENT_HELLO, |
|
267 |
ProtocolVersion.PROTOCOLS_10_12, |
|
268 |
ExtendedMasterSecretExtension.chNetworkProducer, |
|
269 |
ExtendedMasterSecretExtension.chOnLoadConcumer, |
|
270 |
ExtendedMasterSecretExtension.chOnLoadAbsence, |
|
271 |
null, |
|
272 |
ExtendedMasterSecretExtension.emsStringize), |
|
273 |
SH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", |
|
274 |
SSLHandshake.SERVER_HELLO, |
|
275 |
ProtocolVersion.PROTOCOLS_10_12, |
|
276 |
ExtendedMasterSecretExtension.shNetworkProducer, |
|
277 |
ExtendedMasterSecretExtension.shOnLoadConcumer, |
|
278 |
ExtendedMasterSecretExtension.shOnLoadAbsence, |
|
279 |
null, |
|
280 |
ExtendedMasterSecretExtension.emsStringize), |
|
281 |
||
282 |
// extensions defined in RFC draft-ietf-tokbind-negotiation |
|
283 |
TOKEN_BINDING (0x0018, "token_binding "), |
|
284 |
||
285 |
// extensions defined in RFC 7924 |
|
286 |
CACHED_INFO (0x0019, "cached_info"), |
|
287 |
||
288 |
// extensions defined in RFC 4507/5077 |
|
289 |
SESSION_TICKET (0x0023, "session_ticket"), |
|
290 |
||
291 |
// extensions defined in TLS 1.3 |
|
292 |
CH_EARLY_DATA (0x002A, "early_data"), |
|
293 |
EE_EARLY_DATA (0x002A, "early_data"), |
|
294 |
NST_EARLY_DATA (0x002A, "early_data"), |
|
295 |
||
296 |
CH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
297 |
SSLHandshake.CLIENT_HELLO, |
|
298 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
299 |
SupportedVersionsExtension.chNetworkProducer, |
|
300 |
SupportedVersionsExtension.chOnLoadConcumer, |
|
301 |
null, |
|
302 |
null, |
|
303 |
SupportedVersionsExtension.chStringize), |
|
304 |
SH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
305 |
SSLHandshake.SERVER_HELLO, |
|
306 |
// and HelloRetryRequest |
|
307 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
308 |
SupportedVersionsExtension.shNetworkProducer, |
|
309 |
SupportedVersionsExtension.shOnLoadConcumer, |
|
310 |
null, |
|
311 |
null, |
|
312 |
SupportedVersionsExtension.shStringize), |
|
313 |
HRR_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
314 |
SSLHandshake.HELLO_RETRY_REQUEST, |
|
315 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
316 |
SupportedVersionsExtension.hrrNetworkProducer, |
|
317 |
SupportedVersionsExtension.hrrOnLoadConcumer, |
|
318 |
null, |
|
319 |
null, |
|
320 |
SupportedVersionsExtension.hrrStringize), |
|
321 |
MH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
322 |
SSLHandshake.MESSAGE_HASH, |
|
323 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
324 |
SupportedVersionsExtension.hrrReproducer, |
|
325 |
null, null, null, |
|
326 |
SupportedVersionsExtension.hrrStringize), |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
327 |
|
56542 | 328 |
CH_COOKIE (0x002C, "cookie", |
329 |
SSLHandshake.CLIENT_HELLO, |
|
330 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
331 |
CookieExtension.chNetworkProducer, |
|
332 |
CookieExtension.chOnLoadConcumer, |
|
333 |
null, |
|
334 |
CookieExtension.chOnTradeConsumer, |
|
335 |
CookieExtension.cookieStringize), |
|
336 |
HRR_COOKIE (0x002C, "cookie", |
|
337 |
SSLHandshake.HELLO_RETRY_REQUEST, |
|
338 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
339 |
CookieExtension.hrrNetworkProducer, |
|
340 |
CookieExtension.hrrOnLoadConcumer, |
|
341 |
null, null, |
|
342 |
CookieExtension.cookieStringize), |
|
343 |
MH_COOKIE (0x002C, "cookie", |
|
344 |
SSLHandshake.MESSAGE_HASH, |
|
345 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
346 |
CookieExtension.hrrNetworkReproducer, |
|
347 |
null, null, null, |
|
348 |
CookieExtension.cookieStringize), |
|
349 |
||
350 |
PSK_KEY_EXCHANGE_MODES (0x002D, "psk_key_exchange_modes", |
|
351 |
SSLHandshake.CLIENT_HELLO, |
|
352 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
353 |
PskKeyExchangeModesExtension.chNetworkProducer, |
|
354 |
PskKeyExchangeModesExtension.chOnLoadConsumer, |
|
355 |
null, null, null), |
|
356 |
CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities"), |
|
357 |
OID_FILTERS (0x0030, "oid_filters"), |
|
358 |
POST_HANDSHAKE_AUTH (0x0030, "post_handshake_auth"), |
|
359 |
||
360 |
CH_KEY_SHARE (0x0033, "key_share", |
|
361 |
SSLHandshake.CLIENT_HELLO, |
|
362 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
363 |
KeyShareExtension.chNetworkProducer, |
|
364 |
KeyShareExtension.chOnLoadConcumer, |
|
365 |
null, null, |
|
366 |
KeyShareExtension.chStringize), |
|
367 |
SH_KEY_SHARE (0x0033, "key_share", |
|
368 |
SSLHandshake.SERVER_HELLO, |
|
369 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
370 |
KeyShareExtension.shNetworkProducer, |
|
371 |
KeyShareExtension.shOnLoadConcumer, |
|
372 |
KeyShareExtension.shOnLoadAbsence, |
|
373 |
null, |
|
374 |
KeyShareExtension.shStringize), |
|
375 |
HRR_KEY_SHARE (0x0033, "key_share", |
|
376 |
SSLHandshake.HELLO_RETRY_REQUEST, |
|
377 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
378 |
KeyShareExtension.hrrNetworkProducer, |
|
379 |
KeyShareExtension.hrrOnLoadConcumer, |
|
380 |
null, null, |
|
381 |
KeyShareExtension.hrrStringize), |
|
382 |
MH_KEY_SHARE (0x0033, "key_share", |
|
383 |
SSLHandshake.MESSAGE_HASH, |
|
384 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
385 |
KeyShareExtension.hrrNetworkReproducer, |
|
386 |
null, null, null, |
|
387 |
KeyShareExtension.hrrStringize), |
|
388 |
||
389 |
// Extensions defined in RFC 5746 |
|
390 |
CH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", |
|
391 |
SSLHandshake.CLIENT_HELLO, |
|
392 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
393 |
RenegoInfoExtension.chNetworkProducer, |
|
394 |
RenegoInfoExtension.chOnLoadConcumer, |
|
395 |
RenegoInfoExtension.chOnLoadAbsence, |
|
396 |
null, |
|
397 |
RenegoInfoExtension.rniStringize), |
|
398 |
SH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", |
|
399 |
SSLHandshake.SERVER_HELLO, |
|
400 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
401 |
RenegoInfoExtension.shNetworkProducer, |
|
402 |
RenegoInfoExtension.shOnLoadConcumer, |
|
403 |
RenegoInfoExtension.shOnLoadAbsence, |
|
404 |
null, |
|
405 |
RenegoInfoExtension.rniStringize), |
|
406 |
||
407 |
// TLS 1.3 PSK extension must be last |
|
408 |
CH_PRE_SHARED_KEY (0x0029, "pre_shared_key", |
|
409 |
SSLHandshake.CLIENT_HELLO, |
|
410 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
411 |
PreSharedKeyExtension.chNetworkProducer, |
|
412 |
PreSharedKeyExtension.chOnLoadConsumer, |
|
413 |
PreSharedKeyExtension.chOnLoadAbsence, |
|
414 |
PreSharedKeyExtension.chOnTradeConsumer, |
|
415 |
null), |
|
416 |
SH_PRE_SHARED_KEY (0x0029, "pre_shared_key", |
|
417 |
SSLHandshake.SERVER_HELLO, |
|
418 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
419 |
PreSharedKeyExtension.shNetworkProducer, |
|
420 |
PreSharedKeyExtension.shOnLoadConsumer, |
|
421 |
PreSharedKeyExtension.shOnLoadAbsence, |
|
422 |
null, null); |
|
423 |
||
424 |
final int id; |
|
425 |
final SSLHandshake handshakeType; |
|
426 |
final String name; |
|
427 |
final ProtocolVersion[] supportedProtocols; |
|
428 |
final HandshakeProducer networkProducer; |
|
429 |
final ExtensionConsumer onLoadConcumer; |
|
430 |
final HandshakeAbsence onLoadAbsence; |
|
431 |
final HandshakeConsumer onTradeConsumer; |
|
432 |
final SSLStringize stringize; |
|
433 |
||
434 |
// known but unsupported extension |
|
435 |
private SSLExtension(int id, String name) { |
|
436 |
this.id = id; |
|
437 |
this.handshakeType = SSLHandshake.NOT_APPLICABLE; |
|
438 |
this.name = name; |
|
439 |
this.supportedProtocols = new ProtocolVersion[0]; |
|
440 |
this.networkProducer = null; |
|
441 |
this.onLoadConcumer = null; |
|
442 |
this.onLoadAbsence = null; |
|
443 |
this.onTradeConsumer = null; |
|
444 |
this.stringize = null; |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
445 |
} |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
446 |
|
56542 | 447 |
// supported extension |
448 |
private SSLExtension(int id, String name, SSLHandshake handshakeType, |
|
449 |
ProtocolVersion[] supportedProtocols, |
|
450 |
HandshakeProducer producer, |
|
451 |
ExtensionConsumer onLoadConcumer, HandshakeAbsence onLoadAbsence, |
|
452 |
HandshakeConsumer onTradeConsumer, SSLStringize stringize) { |
|
453 |
||
454 |
this.id = id; |
|
455 |
this.handshakeType = handshakeType; |
|
456 |
this.name = name; |
|
457 |
this.supportedProtocols = supportedProtocols; |
|
458 |
this.networkProducer = producer; |
|
459 |
this.onLoadConcumer = onLoadConcumer; |
|
460 |
this.onLoadAbsence = onLoadAbsence; |
|
461 |
this.onTradeConsumer = onTradeConsumer; |
|
462 |
this.stringize = stringize; |
|
463 |
} |
|
464 |
||
465 |
static SSLExtension valueOf(SSLHandshake handshakeType, int extensionType) { |
|
466 |
for (SSLExtension ext : SSLExtension.values()) { |
|
467 |
if (ext.id == extensionType && |
|
468 |
ext.handshakeType == handshakeType) { |
|
469 |
return ext; |
|
470 |
} |
|
471 |
} |
|
472 |
||
473 |
return null; |
|
474 |
} |
|
475 |
||
476 |
static boolean isConsumable(int extensionType) { |
|
477 |
for (SSLExtension ext : SSLExtension.values()) { |
|
478 |
if (ext.id == extensionType && |
|
479 |
ext.onLoadConcumer != null) { |
|
480 |
return true; |
|
481 |
} |
|
482 |
} |
|
483 |
||
484 |
return false; |
|
485 |
} |
|
486 |
||
487 |
public byte[] produce(ConnectionContext context, |
|
488 |
HandshakeMessage message) throws IOException { |
|
489 |
if (networkProducer != null) { |
|
490 |
return networkProducer.produce(context, message); |
|
491 |
} else { |
|
492 |
throw new UnsupportedOperationException( |
|
493 |
"Not yet supported extension producing."); |
|
494 |
} |
|
495 |
} |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
496 |
|
56542 | 497 |
public void consumeOnLoad(ConnectionContext context, |
498 |
HandshakeMessage message, ByteBuffer buffer) throws IOException { |
|
499 |
if (onLoadConcumer != null) { |
|
500 |
onLoadConcumer.consume(context, message, buffer); |
|
501 |
} else { |
|
502 |
throw new UnsupportedOperationException( |
|
503 |
"Not yet supported extension loading."); |
|
504 |
} |
|
505 |
} |
|
506 |
||
507 |
public void consumeOnTrade(ConnectionContext context, |
|
508 |
HandshakeMessage message) throws IOException { |
|
509 |
if (onTradeConsumer != null) { |
|
510 |
onTradeConsumer.consume(context, message); |
|
511 |
} else { |
|
512 |
throw new UnsupportedOperationException( |
|
513 |
"Not yet supported extension processing."); |
|
514 |
} |
|
515 |
} |
|
516 |
||
517 |
void absent(ConnectionContext context, |
|
518 |
HandshakeMessage message) throws IOException { |
|
519 |
if (onLoadAbsence != null) { |
|
520 |
onLoadAbsence.absent(context, message); |
|
521 |
} else { |
|
522 |
throw new UnsupportedOperationException( |
|
523 |
"Not yet supported extension absence processing."); |
|
524 |
} |
|
525 |
} |
|
526 |
||
527 |
public boolean isAvailable(ProtocolVersion protocolVersion) { |
|
528 |
/* |
|
529 |
for (ProtocolVersion pv : supportedProtocols) { |
|
530 |
if (pv == protocolVersion) { |
|
531 |
return true; |
|
532 |
} |
|
533 |
} |
|
534 |
*/ |
|
535 |
for (int i = 0; i < supportedProtocols.length; i++) { |
|
536 |
if (supportedProtocols[i] == protocolVersion) { |
|
537 |
return true; |
|
538 |
} |
|
539 |
} |
|
540 |
||
541 |
return false; |
|
542 |
} |
|
543 |
||
544 |
@Override |
|
545 |
public String toString() { |
|
546 |
return name; |
|
547 |
} |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
548 |
|
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
14342
diff
changeset
|
549 |
@Override |
56542 | 550 |
public String toString(ByteBuffer byteBuffer) { |
551 |
MessageFormat messageFormat = new MessageFormat( |
|
552 |
"\"{0} ({1})\": '{'\n" + |
|
553 |
"{2}\n" + |
|
554 |
"'}'", |
|
555 |
Locale.ENGLISH); |
|
556 |
||
557 |
String extData; |
|
558 |
if (stringize == null) { |
|
559 |
HexDumpEncoder hexEncoder = new HexDumpEncoder(); |
|
560 |
String encoded = hexEncoder.encode(byteBuffer.duplicate()); |
|
561 |
extData = encoded; |
|
562 |
} else { |
|
563 |
extData = stringize.toString(byteBuffer); |
|
564 |
} |
|
565 |
||
566 |
Object[] messageFields = { |
|
567 |
this.name, |
|
568 |
this.id, |
|
569 |
Utilities.indent(extData) |
|
570 |
}; |
|
571 |
||
572 |
return messageFormat.format(messageFields); |
|
573 |
} |
|
574 |
||
575 |
////////////////////////////////////////////////////// |
|
576 |
// Nested extension, consumer and producer interfaces. |
|
577 |
||
578 |
static interface ExtensionConsumer { |
|
579 |
void consume(ConnectionContext context, |
|
580 |
HandshakeMessage message, ByteBuffer buffer) throws IOException; |
|
581 |
} |
|
582 |
||
583 |
/** |
|
584 |
* A (transparent) specification of extension data. |
|
585 |
* |
|
586 |
* This interface contains no methods or constants. Its only purpose is to |
|
587 |
* group all extension data. All extension data should implement this |
|
588 |
* interface if the data is expected to handle in the following handshake |
|
589 |
* processes. |
|
590 |
*/ |
|
591 |
static interface SSLExtensionSpec { |
|
592 |
// blank |
|
593 |
} |
|
594 |
||
595 |
// Default enabled client extensions. |
|
596 |
static final class ClientExtensions { |
|
597 |
static final Collection<SSLExtension> defaults; |
|
598 |
||
599 |
static { |
|
600 |
Collection<SSLExtension> extensions = new LinkedList<>(); |
|
601 |
for (SSLExtension extension : SSLExtension.values()) { |
|
602 |
if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) { |
|
603 |
extensions.add(extension); |
|
604 |
} |
|
605 |
} |
|
606 |
||
607 |
// Switch off SNI extention? |
|
608 |
boolean enableExtension = |
|
609 |
Utilities.getBooleanProperty("jsse.enableSNIExtension", true); |
|
610 |
if (!enableExtension) { |
|
611 |
extensions.remove(CH_SERVER_NAME); |
|
612 |
} |
|
613 |
||
614 |
// To switch off the max_fragment_length extension. |
|
615 |
enableExtension = |
|
616 |
Utilities.getBooleanProperty("jsse.enableMFLExtension", false); |
|
617 |
if (!enableExtension) { |
|
618 |
extensions.remove(CH_MAX_FRAGMENT_LENGTH); |
|
619 |
} |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
620 |
|
56542 | 621 |
// enableExtension = Utilities.getBooleanProperty( |
622 |
// "jdk.tls.client.enableStatusRequestExtension", true); |
|
623 |
// if (!enableExtension) { |
|
624 |
// extensions.remove(CH_STATUS_REQUEST); |
|
625 |
// extensions.remove(CR_STATUS_REQUEST); |
|
626 |
// extensions.remove(CT_STATUS_REQUEST); |
|
627 |
// |
|
628 |
// extensions.remove(CH_STATUS_REQUEST_V2); |
|
629 |
// } |
|
630 |
||
631 |
if (!SSLConfiguration.useExtendedMasterSecret) { |
|
632 |
extensions.remove(CH_EXTENDED_MASTER_SECRET); |
|
633 |
} |
|
634 |
||
635 |
defaults = Collections.unmodifiableCollection(extensions); |
|
636 |
} |
|
637 |
} |
|
638 |
||
639 |
// Default enabled server extensions. |
|
640 |
static final class ServerExtensions { |
|
641 |
static final Collection<SSLExtension> defaults; |
|
642 |
||
643 |
static { |
|
644 |
Collection<SSLExtension> extensions = new LinkedList<>(); |
|
645 |
for (SSLExtension extension : SSLExtension.values()) { |
|
646 |
if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) { |
|
647 |
extensions.add(extension); |
|
648 |
} |
|
649 |
} |
|
650 |
||
651 |
/* |
|
652 |
// Switch off SNI extention? |
|
653 |
boolean enableExtension = |
|
654 |
Utilities.getBooleanProperty("jsse.enableSNIExtension", true); |
|
655 |
if (!enableExtension) { |
|
656 |
extensions.remove(CH_SERVER_NAME); |
|
657 |
extensions.remove(SH_SERVER_NAME); |
|
658 |
extensions.remove(EE_SERVER_NAME); |
|
659 |
} |
|
660 |
||
661 |
// To switch off the max_fragment_length extension. |
|
662 |
enableExtension = |
|
663 |
Utilities.getBooleanProperty("jsse.enableMFLExtension", false); |
|
664 |
if (!enableExtension) { |
|
665 |
extensions.remove(CH_MAX_FRAGMENT_LENGTH); |
|
666 |
extensions.remove(SH_MAX_FRAGMENT_LENGTH); |
|
667 |
extensions.remove(EE_MAX_FRAGMENT_LENGTH); |
|
668 |
} |
|
669 |
*/ |
|
670 |
||
671 |
// enableExtension = Utilities.getBooleanProperty( |
|
672 |
// "jdk.tls.server.enableStatusRequestExtension", true); |
|
673 |
// if (!enableExtension) { |
|
674 |
// extensions.remove(CH_STATUS_REQUEST); |
|
675 |
// extensions.remove(SH_STATUS_REQUEST); |
|
676 |
// extensions.remove(CR_STATUS_REQUEST); |
|
677 |
// extensions.remove(CT_STATUS_REQUEST); |
|
678 |
// |
|
679 |
// extensions.remove(SH_STATUS_REQUEST_V2); |
|
680 |
// } |
|
681 |
||
682 |
/* |
|
683 |
if (!SSLConfiguration.useExtendedMasterSecret) { |
|
684 |
extensions.remove(CH_EXTENDED_MASTER_SECRET); |
|
685 |
extensions.remove(SH_EXTENDED_MASTER_SECRET); |
|
686 |
} |
|
687 |
*/ |
|
688 |
defaults = Collections.unmodifiableCollection(extensions); |
|
689 |
} |
|
690 |
} |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
691 |
} |