jdk-sandbox: src/java.base/share/classes/sun/security/ssl/SSLKeyExchange.java@56aaa6cb3693 (annotated)

30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	1	/*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2	* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	4	*
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	10	*
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	15	* accompanied this code).
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	16	*
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	20	*
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	23	* questions.
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	24	*/
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	25
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	26	package sun.security.ssl;
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	27
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	28	import java.io.IOException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	29	import java.util.AbstractMap.SimpleImmutableEntry;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	30	import java.util.Arrays;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	31	import java.util.HashMap;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	32	import java.util.Map;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	33	import sun.security.ssl.DHKeyExchange.DHEPossession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	34	import sun.security.ssl.ECDHKeyExchange.ECDHEPossession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	35	import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	36	import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	37	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	38	import sun.security.ssl.X509Authentication.X509Possession;
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	39
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	40	final class SSLKeyExchange implements SSLKeyAgreement {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	41	private final SSLAuthentication authentication;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	42	private final SSLKeyAgreement keyAgreement;
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	43
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	44	SSLKeyExchange(X509Authentication authentication,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	45	SSLKeyAgreement keyAgreement) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	46	this.authentication = authentication;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	47	this.keyAgreement = keyAgreement;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	48	}
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	49
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	50	SSLPossession[] createPossessions(HandshakeContext context) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	51	// authentication
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	52	SSLPossession authPossession = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	53	if (authentication != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	54	authPossession = authentication.createPossession(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	55	if (authPossession == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	56	return new SSLPossession[0];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	57	} else if (context instanceof ServerHandshakeContext) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	58	// The authentication information may be used further for
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	59	// key agreement parameters negotiation.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	60	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	61	shc.interimAuthn = authPossession;
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	62	}
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	63	}
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	64
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	65	// key agreement
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	66	SSLPossession kaPossession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	67	if (keyAgreement == T12KeyAgreement.RSA_EXPORT) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	68	// a special case
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	69	X509Possession x509Possession = (X509Possession)authPossession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	70	if (JsseJce.getRSAKeyLength(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	71	x509Possession.popCerts[0].getPublicKey()) > 512) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	72	kaPossession = keyAgreement.createPossession(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	73
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	74	if (kaPossession == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	75	return new SSLPossession[0];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	76	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	77	return authentication != null ?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	78	new SSLPossession[] {authPossession, kaPossession} :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	79	new SSLPossession[] {kaPossession};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	80	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	81	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	82	return authentication != null ?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	83	new SSLPossession[] {authPossession} :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	84	new SSLPossession[0];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	85	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	86	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	87	kaPossession = keyAgreement.createPossession(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	88	if (kaPossession == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	89	// special cases
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	90	if (keyAgreement == T12KeyAgreement.RSA \|\|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	91	keyAgreement == T12KeyAgreement.ECDH) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	92	return authentication != null ?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	93	new SSLPossession[] {authPossession} :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	94	new SSLPossession[0];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	95	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	96	return new SSLPossession[0];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	97	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	98	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	99	return authentication != null ?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	100	new SSLPossession[] {authPossession, kaPossession} :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	101	new SSLPossession[] {kaPossession};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	102	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	103	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	104	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	105
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	106	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	107	public SSLPossession createPossession(HandshakeContext handshakeContext) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	108	// Please call createPossessions() so that the SSLAuthentication
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	109	// is counted.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	110	throw new UnsupportedOperationException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	111	"SSLKeyExchange.createPossessions() should be used instead");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	112	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	113
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	114	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	115	public SSLKeyDerivation createKeyDerivation(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	116	HandshakeContext handshakeContext) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	117	return keyAgreement.createKeyDerivation(handshakeContext);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	118	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	119
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	120	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	121	public SSLHandshake[] getRelatedHandshakers(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	122	HandshakeContext handshakeContext) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	123	SSLHandshake[] auHandshakes;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	124	if (authentication != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	125	auHandshakes =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	126	authentication.getRelatedHandshakers(handshakeContext);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	127	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	128	auHandshakes = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	129	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	130
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	131	SSLHandshake[] kaHandshakes =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	132	keyAgreement.getRelatedHandshakers(handshakeContext);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	133
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	134	if (auHandshakes == null \|\| auHandshakes.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	135	return kaHandshakes;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	136	} else if (kaHandshakes == null \|\| kaHandshakes.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	137	return auHandshakes;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	138	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	139	SSLHandshake[] producers = Arrays.copyOf(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	140	auHandshakes, auHandshakes.length + kaHandshakes.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	141	System.arraycopy(kaHandshakes, 0,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	142	producers, auHandshakes.length, kaHandshakes.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	143	return producers;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	144	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	145	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	146
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	147	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	148	public Map.Entry<Byte, HandshakeProducer>[] getHandshakeProducers(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	149	HandshakeContext handshakeContext) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	150	Map.Entry<Byte, HandshakeProducer>[] auProducers;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	151	if (authentication != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	152	auProducers =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	153	authentication.getHandshakeProducers(handshakeContext);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	154	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	155	auProducers = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	156	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	157
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	158	Map.Entry<Byte, HandshakeProducer>[] kaProducers =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	159	keyAgreement.getHandshakeProducers(handshakeContext);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	160
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	161	if (auProducers == null \|\| auProducers.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	162	return kaProducers;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	163	} else if (kaProducers == null \|\| kaProducers.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	164	return auProducers;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	165	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	166	Map.Entry<Byte, HandshakeProducer>[] producers = Arrays.copyOf(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	167	auProducers, auProducers.length + kaProducers.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	168	System.arraycopy(kaProducers, 0,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	169	producers, auProducers.length, kaProducers.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	170	return producers;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	171	}
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	172	}
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	173
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	174	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	175	public Map.Entry<Byte, SSLConsumer>[] getHandshakeConsumers(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	176	HandshakeContext handshakeContext) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	177	Map.Entry<Byte, SSLConsumer>[] auConsumers;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	178	if (authentication != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	179	auConsumers =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	180	authentication.getHandshakeConsumers(handshakeContext);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	181	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	182	auConsumers = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	183	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	184
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	185	Map.Entry<Byte, SSLConsumer>[] kaConsumers =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	186	keyAgreement.getHandshakeConsumers(handshakeContext);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	187
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	188	if (auConsumers == null \|\| auConsumers.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	189	return kaConsumers;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	190	} else if (kaConsumers == null \|\| kaConsumers.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	191	return auConsumers;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	192	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	193	Map.Entry<Byte, SSLConsumer>[] producers = Arrays.copyOf(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	194	auConsumers, auConsumers.length + kaConsumers.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	195	System.arraycopy(kaConsumers, 0,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	196	producers, auConsumers.length, kaConsumers.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	197	return producers;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	198	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	199	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	200
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	201	// SSL 3.0 - (D)TLS 1.2
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	202	static SSLKeyExchange valueOf(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	203	CipherSuite.KeyExchange keyExchange) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	204	if (keyExchange == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	205	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	206	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	207
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	208	switch (keyExchange) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	209	case K_RSA:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	210	return SSLKeyExRSA.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	211	case K_RSA_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	212	return SSLKeyExRSAExport.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	213	case K_DHE_DSS:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	214	return SSLKeyExDHEDSS.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	215	case K_DHE_DSS_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	216	return SSLKeyExDHEDSSExport.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	217	case K_DHE_RSA:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	218	return SSLKeyExDHERSA.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	219	case K_DHE_RSA_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	220	return SSLKeyExDHERSAExport.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	221	case K_DH_ANON:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	222	return SSLKeyExDHANON.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	223	case K_DH_ANON_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	224	return SSLKeyExDHANONExport.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	225	case K_ECDH_ECDSA:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	226	return SSLKeyExECDHECDSA.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	227	case K_ECDH_RSA:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	228	return SSLKeyExECDHRSA.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	229	case K_ECDHE_ECDSA:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	230	return SSLKeyExECDHEECDSA.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	231	case K_ECDHE_RSA:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	232	return SSLKeyExECDHERSA.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	233	case K_ECDH_ANON:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	234	return SSLKeyExECDHANON.KE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	235	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	236
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	237	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	238	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	239
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	240	// TLS 1.3
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	241	static SSLKeyExchange valueOf(NamedGroup namedGroup) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	242	SSLKeyAgreement ka = T13KeyAgreement.valueOf(namedGroup);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	243	if (ka != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	244	return new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	245	null, T13KeyAgreement.valueOf(namedGroup));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	246	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	247
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	248	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	249	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	250
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	251	private static class SSLKeyExRSA {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	252	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	253	X509Authentication.RSA, T12KeyAgreement.RSA);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	254	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	255
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	256	private static class SSLKeyExRSAExport {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	257	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	258	X509Authentication.RSA, T12KeyAgreement.RSA_EXPORT);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	259	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	260
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	261	private static class SSLKeyExDHEDSS {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	262	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	263	X509Authentication.DSA, T12KeyAgreement.DHE);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	264	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	265
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	266	private static class SSLKeyExDHEDSSExport {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	267	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	268	X509Authentication.DSA, T12KeyAgreement.DHE_EXPORT);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	269	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	270
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	271	private static class SSLKeyExDHERSA {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	272	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	273	X509Authentication.RSA, T12KeyAgreement.DHE);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	274	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	275
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	276	private static class SSLKeyExDHERSAExport {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	277	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	278	X509Authentication.RSA, T12KeyAgreement.DHE_EXPORT);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	279	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	280
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	281	private static class SSLKeyExDHANON {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	282	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	283	null, T12KeyAgreement.DHE);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	284	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	285
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	286	private static class SSLKeyExDHANONExport {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	287	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	288	null, T12KeyAgreement.DHE_EXPORT);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	289	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	290
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	291	private static class SSLKeyExECDHECDSA {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	292	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	293	X509Authentication.EC, T12KeyAgreement.ECDH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	294	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	295
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	296	private static class SSLKeyExECDHRSA {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	297	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	298	X509Authentication.EC, T12KeyAgreement.ECDH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	299	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	300
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	301	private static class SSLKeyExECDHEECDSA {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	302	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	303	X509Authentication.EC, T12KeyAgreement.ECDHE);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	304	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	305
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	306	private static class SSLKeyExECDHERSA {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	307	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	308	X509Authentication.RSA, T12KeyAgreement.ECDHE);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	309	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	310
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	311	private static class SSLKeyExECDHANON {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	312	private static SSLKeyExchange KE = new SSLKeyExchange(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	313	null, T12KeyAgreement.ECDHE);
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	314	}
bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	315
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	316	private enum T12KeyAgreement implements SSLKeyAgreement {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	317	RSA ("rsa", null,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	318	RSAKeyExchange.kaGenerator),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	319	RSA_EXPORT ("rsa_export", RSAKeyExchange.poGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	320	RSAKeyExchange.kaGenerator),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	321	DHE ("dhe", DHKeyExchange.poGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	322	DHKeyExchange.kaGenerator),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	323	DHE_EXPORT ("dhe_export", DHKeyExchange.poExportableGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	324	DHKeyExchange.kaGenerator),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	325	ECDH ("ecdh", null,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	326	ECDHKeyExchange.ecdhKAGenerator),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	327	ECDHE ("ecdhe", ECDHKeyExchange.poGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	328	ECDHKeyExchange.ecdheKAGenerator);
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	329
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	330	final String name;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	331	final SSLPossessionGenerator possessionGenerator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	332	final SSLKeyAgreementGenerator keyAgreementGenerator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	333
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	334	T12KeyAgreement(String name,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	335	SSLPossessionGenerator possessionGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	336	SSLKeyAgreementGenerator keyAgreementGenerator) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	337	this.name = name;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	338	this.possessionGenerator = possessionGenerator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	339	this.keyAgreementGenerator = keyAgreementGenerator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	340	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	341
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	342	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	343	public SSLPossession createPossession(HandshakeContext context) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	344	if (possessionGenerator != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	345	return possessionGenerator.createPossession(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	346	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	347
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	348	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	349	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	350
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	351	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	352	public SSLKeyDerivation createKeyDerivation(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	353	HandshakeContext context) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	354	return keyAgreementGenerator.createKeyDerivation(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	355	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	356
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	357	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	358	public SSLHandshake[] getRelatedHandshakers(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	359	HandshakeContext handshakeContext) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	360	if (!handshakeContext.negotiatedProtocol.useTLS13PlusSpec()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	361	if (this.possessionGenerator != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	362	return new SSLHandshake[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	363	SSLHandshake.SERVER_KEY_EXCHANGE
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	364	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	365	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	366	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	367
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	368	return new SSLHandshake[0];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	369	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	370
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	371	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	372	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	373	public Map.Entry<Byte, HandshakeProducer>[] getHandshakeProducers(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	374	HandshakeContext handshakeContext) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	375	if (handshakeContext.negotiatedProtocol.useTLS13PlusSpec()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	376	return (Map.Entry<Byte, HandshakeProducer>[])(new Map.Entry[0]);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	377	}
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	378
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	379	if (handshakeContext.sslConfig.isClientMode) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	380	switch (this) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	381	case RSA:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	382	case RSA_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	383	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	384	HandshakeProducer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	385	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	386	SSLHandshake.CLIENT_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	387	RSAClientKeyExchange.rsaHandshakeProducer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	388	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	389	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	390
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	391	case DHE:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	392	case DHE_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	393	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	394	HandshakeProducer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	395	new SimpleImmutableEntry<Byte, HandshakeProducer>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	396	SSLHandshake.CLIENT_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	397	DHClientKeyExchange.dhHandshakeProducer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	398	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	399	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	400
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	401	case ECDH:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	402	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	403	HandshakeProducer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	404	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	405	SSLHandshake.CLIENT_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	406	ECDHClientKeyExchange.ecdhHandshakeProducer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	407	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	408	});
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	409
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	410	case ECDHE:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	411	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	412	HandshakeProducer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	413	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	414	SSLHandshake.CLIENT_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	415	ECDHClientKeyExchange.ecdheHandshakeProducer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	416	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	417	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	418	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	419	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	420	switch (this) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	421	case RSA_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	422	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	423	HandshakeProducer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	424	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	425	SSLHandshake.SERVER_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	426	RSAServerKeyExchange.rsaHandshakeProducer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	427	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	428	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	429
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	430	case DHE:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	431	case DHE_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	432	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	433	HandshakeProducer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	434	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	435	SSLHandshake.SERVER_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	436	DHServerKeyExchange.dhHandshakeProducer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	437	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	438	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	439
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	440	case ECDHE:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	441	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	442	HandshakeProducer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	443	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	444	SSLHandshake.SERVER_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	445	ECDHServerKeyExchange.ecdheHandshakeProducer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	446	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	447	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	448	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	449	}
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	450
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	451	return (Map.Entry<Byte, HandshakeProducer>[])(new Map.Entry[0]);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	452	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	453
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	454	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	455	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	456	public Map.Entry<Byte, SSLConsumer>[] getHandshakeConsumers(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	457	HandshakeContext handshakeContext) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	458	if (handshakeContext.negotiatedProtocol.useTLS13PlusSpec()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	459	return (Map.Entry<Byte, SSLConsumer>[])(new Map.Entry[0]);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	460	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	461
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	462	if (handshakeContext.sslConfig.isClientMode) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	463	switch (this) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	464	case RSA_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	465	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	466	SSLConsumer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	467	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	468	SSLHandshake.SERVER_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	469	RSAServerKeyExchange.rsaHandshakeConsumer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	470	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	471	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	472
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	473	case DHE:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	474	case DHE_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	475	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	476	SSLConsumer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	477	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	478	SSLHandshake.SERVER_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	479	DHServerKeyExchange.dhHandshakeConsumer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	480	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	481	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	482
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	483	case ECDHE:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	484	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	485	SSLConsumer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	486	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	487	SSLHandshake.SERVER_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	488	ECDHServerKeyExchange.ecdheHandshakeConsumer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	489	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	490	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	491	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	492	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	493	switch (this) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	494	case RSA:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	495	case RSA_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	496	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	497	SSLConsumer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	498	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	499	SSLHandshake.CLIENT_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	500	RSAClientKeyExchange.rsaHandshakeConsumer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	501	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	502	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	503
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	504	case DHE:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	505	case DHE_EXPORT:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	506	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	507	SSLConsumer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	508	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	509	SSLHandshake.CLIENT_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	510	DHClientKeyExchange.dhHandshakeConsumer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	511	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	512	});
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	513
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	514	case ECDH:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	515	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	516	SSLConsumer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	517	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	518	SSLHandshake.CLIENT_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	519	ECDHClientKeyExchange.ecdhHandshakeConsumer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	520	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	521	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	522
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	523	case ECDHE:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	524	return (Map.Entry<Byte,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	525	SSLConsumer>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	526	new SimpleImmutableEntry<>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	527	SSLHandshake.CLIENT_KEY_EXCHANGE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	528	ECDHClientKeyExchange.ecdheHandshakeConsumer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	529	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	530	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	531	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	532	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	533
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	534	return (Map.Entry<Byte, SSLConsumer>[])(new Map.Entry[0]);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	535	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	536	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	537
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	538	private static final class T13KeyAgreement implements SSLKeyAgreement {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	539	private final NamedGroup namedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	540	static final Map<NamedGroup, T13KeyAgreement>
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	541	supportedKeyShares = new HashMap<>();
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	542
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	543	static {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	544	for (NamedGroup namedGroup :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	545	SupportedGroups.supportedNamedGroups) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	546	supportedKeyShares.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	547	namedGroup, new T13KeyAgreement(namedGroup));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	548	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	549	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	550
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	551	private T13KeyAgreement(NamedGroup namedGroup) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	552	this.namedGroup = namedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	553	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	554
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	555	static T13KeyAgreement valueOf(NamedGroup namedGroup) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	556	return supportedKeyShares.get(namedGroup);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	557	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	558
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	559	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	560	public SSLPossession createPossession(HandshakeContext hc) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	561	if (namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	562	return new ECDHEPossession(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	563	namedGroup, hc.sslContext.getSecureRandom());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	564	} else if (namedGroup.type == NamedGroupType.NAMED_GROUP_FFDHE) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	565	return new DHEPossession(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	566	namedGroup, hc.sslContext.getSecureRandom());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	567	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	568
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	569	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	570	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	571
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	572	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	573	public SSLKeyDerivation createKeyDerivation(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	574	HandshakeContext hc) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	575	if (namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	576	return ECDHKeyExchange.ecdheKAGenerator.createKeyDerivation(hc);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	577	} else if (namedGroup.type == NamedGroupType.NAMED_GROUP_FFDHE) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	578	return DHKeyExchange.kaGenerator.createKeyDerivation(hc);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	579	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	580
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	581	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	582	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	583	}
30905 bba6fefdd660 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine weijun parents: diff changeset	584	}

author	wetmore
	Fri, 11 May 2018 15:53:12 -0700
branch	JDK-8145252-TLS13-branch
changeset 56542	56aaa6cb3693
parent 47216	src/java.base/share/classes/sun/security/ssl/ClientKeyExchangeService.java@71c04702a3d5
child 56589	bafd8be2f970
child 56801	76025c6c6e29
permissions	-rw-r--r--