jdk-sandbox: src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java@56aaa6cb3693 (annotated)

14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	1	/*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	4	*
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	10	*
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	15	* accompanied this code).
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	16	*
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	20	*
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	23	* questions.
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	24	*/
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	25
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	26	package sun.security.ssl;
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	27
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	28	import java.io.IOException;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	29	import java.nio.ByteBuffer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	30	import java.text.MessageFormat;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	31	import java.util.LinkedList;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	32	import java.util.List;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	33	import java.util.Locale;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	34	import javax.net.ssl.SSLProtocolException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	35	import sun.security.ssl.SSLExtension.ExtensionConsumer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	36	import sun.security.ssl.SSLExtension.SSLExtensionSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	37	import sun.security.ssl.SSLHandshake.HandshakeMessage;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	38
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	39	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	40	* Pack of the "signature_algorithms" extensions [RFC 5246].
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	41	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	42	final class SignatureAlgorithmsExtension {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	43	static final HandshakeProducer chNetworkProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	44	new CHSignatureSchemesProducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	45	static final ExtensionConsumer chOnLoadConcumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	46	new CHSignatureSchemesConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	47	static final HandshakeAbsence chOnLoadAbsence =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	48	new CHSignatureSchemesAbsence();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	49	static final HandshakeConsumer chOnTradeConsumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	50	new CHSignatureSchemesUpdate();
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	51
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	52	static final HandshakeProducer crNetworkProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	53	new CRSignatureSchemesProducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	54	static final ExtensionConsumer crOnLoadConcumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	55	new CRSignatureSchemesConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	56	static final HandshakeAbsence crOnLoadAbsence =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	57	new CRSignatureSchemesAbsence();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	58	static final HandshakeConsumer crOnTradeConsumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	59	new CRSignatureSchemesUpdate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	60
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	61	static final SSLStringize ssStringize =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	62	new SignatureSchemesStringize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	63
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	64	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	65	* The "signature_algorithms" extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	66	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	67	static final class SignatureSchemesSpec implements SSLExtensionSpec {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	68	final int[] signatureSchemes;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	69
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	70	SignatureSchemesSpec(List<SignatureScheme> schemes) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	71	if (schemes != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	72	signatureSchemes = new int[schemes.size()];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	73	int i = 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	74	for (SignatureScheme scheme : schemes) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	75	signatureSchemes[i++] = scheme.id;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	76	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	77	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	78	this.signatureSchemes = new int[0];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	79	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	80	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	81
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	82	SignatureSchemesSpec(ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	83	if (buffer.remaining() < 2) { // 2: the length of the list
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	84	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	85	"Invalid signature_algorithms: insufficient data");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	86	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	87
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	88	byte[] algs = Record.getBytes16(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	89	if (buffer.hasRemaining()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	90	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	91	"Invalid signature_algorithms: unknown extra data");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	92	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	93
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	94	if (algs == null \|\| algs.length == 0 \|\| (algs.length & 0x01) != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	95	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	96	"Invalid signature_algorithms: incomplete data");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	97	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	98
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	99	int[] schemes = new int[algs.length / 2];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	100	for (int i = 0, j = 0; i < algs.length;) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	101	byte hash = algs[i++];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	102	byte sign = algs[i++];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	103	schemes[j++] = ((hash & 0xFF) << 8) \| (sign & 0xFF);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	104	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	105
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	106	this.signatureSchemes = schemes;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	107	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	108
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	109	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	110	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	111	MessageFormat messageFormat = new MessageFormat(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	112	"\"signature schemes\": '['{0}']'", Locale.ENGLISH);
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	113
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	114	if (signatureSchemes == null \|\| signatureSchemes.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	115	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	116	"<no supported signature schemes specified>"
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	117	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	118	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	119	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	120	StringBuilder builder = new StringBuilder(512);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	121	boolean isFirst = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	122	for (int pv : signatureSchemes) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	123	if (isFirst) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	124	isFirst = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	125	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	126	builder.append(", ");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	127	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	128
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	129	builder.append(SignatureScheme.nameOf(pv));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	130	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	131
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	132	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	133	builder.toString()
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	134	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	135
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	136	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	137	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	138	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	139	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	140
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	141	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	142	class SignatureSchemesStringize implements SSLStringize {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	143	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	144	public String toString(ByteBuffer buffer) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	145	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	146	return (new SignatureSchemesSpec(buffer)).toString();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	147	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	148	// For debug logging only, so please swallow exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	149	return ioe.getMessage();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	150	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	151	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	152	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	153
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	154	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	155	* Network data producer of a "signature_algorithms" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	156	* the ClientHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	157	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	158	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	159	class CHSignatureSchemesProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	160	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	161	private CHSignatureSchemesProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	162	// blank
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	163	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	164
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	165	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	166	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	167	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	168	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	169	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	170
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	171	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	172	if (!chc.sslConfig.isAvailable(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	173	SSLExtension.CH_SIGNATURE_ALGORITHMS)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	174	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	175	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	176	"Ignore unavailable signature_algorithms extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	177	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	178	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	179	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	180
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	181	// Produce the extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	182	if (chc.localSupportedSignAlgs == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	183	chc.localSupportedSignAlgs =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	184	SignatureScheme.getSupportedAlgorithms(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	185	chc.algorithmConstraints, chc.activeProtocols);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	186	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	187
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	188	int vectorLen = SignatureScheme.sizeInRecord() *
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	189	chc.localSupportedSignAlgs.size();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	190	byte[] extData = new byte[vectorLen + 2];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	191	ByteBuffer m = ByteBuffer.wrap(extData);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	192	Record.putInt16(m, vectorLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	193	for (SignatureScheme ss : chc.localSupportedSignAlgs) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	194	Record.putInt16(m, ss.id);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	195	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	196
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	197	// Update the context.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	198	chc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	199	SSLExtension.CH_SIGNATURE_ALGORITHMS,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	200	new SignatureSchemesSpec(chc.localSupportedSignAlgs));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	201
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	202	return extData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	203	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	204	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	205
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	206	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	207	* Network data consumer of a "signature_algorithms" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	208	* the ClientHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	209	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	210	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	211	class CHSignatureSchemesConsumer implements ExtensionConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	212	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	213	private CHSignatureSchemesConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	214	// blank
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	215	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	216
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	217	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	218	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	219	HandshakeMessage message, ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	220	// The comsuming happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	221	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	222
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	223	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	224	if (!shc.sslConfig.isAvailable(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	225	SSLExtension.CH_SIGNATURE_ALGORITHMS)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	226	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	227	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	228	"Ignore unavailable signature_algorithms extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	229	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	230	return; // ignore the extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	231	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	232
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	233	// Parse the extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	234	SignatureSchemesSpec spec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	235	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	236	spec = new SignatureSchemesSpec(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	237	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	238	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	239	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	240	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	241
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	242	// Update the context.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	243	shc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	244	SSLExtension.CH_SIGNATURE_ALGORITHMS, spec);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	245
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	246	// No impact on session resumption.
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	247	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	248	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	249
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	250	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	251	* After session creation consuming of a "signature_algorithms"
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	252	* extension in the ClientHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	253	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	254	private static final class CHSignatureSchemesUpdate
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	255	implements HandshakeConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	256	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	257	private CHSignatureSchemesUpdate() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	258	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	259	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	260
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	261	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	262	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	263	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	264	// The comsuming happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	265	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	266
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	267	SignatureSchemesSpec spec =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	268	(SignatureSchemesSpec)shc.handshakeExtensions.get(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	269	SSLExtension.CH_SIGNATURE_ALGORITHMS);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	270	if (spec == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	271	// Ignore, no "signature_algorithms" extension requested.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	272	return;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	273	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	274
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	275	// update the context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	276	List<SignatureScheme> shemes =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	277	SignatureScheme.getSupportedAlgorithms(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	278	shc.algorithmConstraints, shc.negotiatedProtocol,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	279	spec.signatureSchemes);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	280	shc.peerRequestedSignatureSchemes = shemes;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	281
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	282	// If no "signature_algorithms_cert" extension is present, then
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	283	// the "signature_algorithms" extension also applies to
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	284	// signatures appearing in certificates.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	285	SignatureSchemesSpec certSpec =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	286	(SignatureSchemesSpec)shc.handshakeExtensions.get(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	287	SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	288	if (certSpec == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	289	shc.peerRequestedCertSignSchemes = shemes;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	290	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	291
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	292	shc.handshakeSession.setPeerSupportedSignatureAlgorithms(shemes);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	293
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	294	if (!shc.isResumption && shc.negotiatedProtocol.useTLS13PlusSpec()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	295	if (shc.sslConfig.clientAuthType !=
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	296	ClientAuthType.CLIENT_AUTH_NONE) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	297	shc.handshakeProducers.putIfAbsent(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	298	SSLHandshake.CERTIFICATE_REQUEST.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	299	SSLHandshake.CERTIFICATE_REQUEST);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	300	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	301	shc.handshakeProducers.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	302	SSLHandshake.CERTIFICATE.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	303	SSLHandshake.CERTIFICATE);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	304	shc.handshakeProducers.putIfAbsent(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	305	SSLHandshake.CERTIFICATE_VERIFY.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	306	SSLHandshake.CERTIFICATE_VERIFY);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	307	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	308	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	309	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	310
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	311	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	312	* The absence processing if a "signature_algorithms" extension is
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	313	* not present in the ClientHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	314	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	315	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	316	class CHSignatureSchemesAbsence implements HandshakeAbsence {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	317	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	318	public void absent(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	319	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	320	// The comsuming happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	321	ServerHandshakeContext shc = (ServerHandshakeContext)context;
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	322
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	323	// This is a mandatory extension for certificate authentication
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	324	// in TLS 1.3.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	325	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	326	// We may support the server authentication other than X.509
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	327	// certificate later.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	328	if (shc.negotiatedProtocol.useTLS13PlusSpec()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	329	shc.conContext.fatal(Alert.MISSING_EXTENSION,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	330	"No mandatory signature_algorithms extension in the " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	331	"received CertificateRequest handshake message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	332	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	333	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	334	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	335
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	336	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	337	* Network data producer of a "signature_algorithms" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	338	* the CertificateRequest handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	339	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	340	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	341	class CRSignatureSchemesProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	342	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	343	private CRSignatureSchemesProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	344	// blank
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	345	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	346
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	347	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	348	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	349	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	350	// The producing happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	351	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	352
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	353	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	354	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	355	// Note that this is a mandatory extension for CertificateRequest
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	356	// handshake message in TLS 1.3.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	357	if (!shc.sslConfig.isAvailable(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	358	SSLExtension.CR_SIGNATURE_ALGORITHMS)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	359	shc.conContext.fatal(Alert.MISSING_EXTENSION,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	360	"No available signature_algorithms extension " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	361	"for client certificate authentication");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	362	return null; // make the compiler happy
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	363	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	364
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	365	// Produce the extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	366	if (shc.localSupportedSignAlgs == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	367	shc.localSupportedSignAlgs =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	368	SignatureScheme.getSupportedAlgorithms(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	369	shc.algorithmConstraints, shc.activeProtocols);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	370	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	371
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	372	int vectorLen = SignatureScheme.sizeInRecord() *
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	373	shc.localSupportedSignAlgs.size();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	374	byte[] extData = new byte[vectorLen + 2];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	375	ByteBuffer m = ByteBuffer.wrap(extData);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	376	Record.putInt16(m, vectorLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	377	for (SignatureScheme ss : shc.localSupportedSignAlgs) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	378	Record.putInt16(m, ss.id);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	379	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	380
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	381	// Update the context.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	382	shc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	383	SSLExtension.CR_SIGNATURE_ALGORITHMS,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	384	new SignatureSchemesSpec(shc.localSupportedSignAlgs));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	385
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	386	return extData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	387	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	388	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	389
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	390	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	391	* Network data consumer of a "signature_algorithms" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	392	* the CertificateRequest handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	393	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	394	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	395	class CRSignatureSchemesConsumer implements ExtensionConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	396	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	397	private CRSignatureSchemesConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	398	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	399	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	400	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	401	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	402	HandshakeMessage message, ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	403	// The comsuming happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	404	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	405
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	406	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	407	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	408	// Note that this is a mandatory extension for CertificateRequest
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	409	// handshake message in TLS 1.3.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	410	if (!chc.sslConfig.isAvailable(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	411	SSLExtension.CR_SIGNATURE_ALGORITHMS)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	412	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	413	"No available signature_algorithms extension " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	414	"for client certificate authentication");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	415	return; // make the compiler happy
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	416	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	417
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	418	// Parse the extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	419	SignatureSchemesSpec spec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	420	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	421	spec = new SignatureSchemesSpec(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	422	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	423	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	424	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	425	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	426
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	427	List<SignatureScheme> knownSignatureSchemes = new LinkedList<>();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	428	for (int id : spec.signatureSchemes) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	429	SignatureScheme ss = SignatureScheme.valueOf(id);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	430	if (ss != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	431	knownSignatureSchemes.add(ss);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	432	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	433	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	434
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	435	// Update the context.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	436	// chc.peerRequestedSignatureSchemes = knownSignatureSchemes;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	437	chc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	438	SSLExtension.CR_SIGNATURE_ALGORITHMS, spec);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	439
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	440	// No impact on session resumption.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	441	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	442	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	443
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	444	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	445	* After session creation consuming of a "signature_algorithms"
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	446	* extension in the CertificateRequest handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	447	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	448	private static final class CRSignatureSchemesUpdate
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	449	implements HandshakeConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	450	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	451	private CRSignatureSchemesUpdate() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	452	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	453	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	454
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	455	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	456	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	457	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	458	// The comsuming happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	459	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	460
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	461	SignatureSchemesSpec spec =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	462	(SignatureSchemesSpec)chc.handshakeExtensions.get(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	463	SSLExtension.CR_SIGNATURE_ALGORITHMS);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	464	if (spec == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	465	// Ignore, no "signature_algorithms" extension requested.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	466	return;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	467	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	468
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	469	// update the context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	470	List<SignatureScheme> shemes =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	471	SignatureScheme.getSupportedAlgorithms(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	472	chc.algorithmConstraints, chc.negotiatedProtocol,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	473	spec.signatureSchemes);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	474	chc.peerRequestedSignatureSchemes = shemes;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	475
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	476	// If no "signature_algorithms_cert" extension is present, then
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	477	// the "signature_algorithms" extension also applies to
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	478	// signatures appearing in certificates.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	479	SignatureSchemesSpec certSpec =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	480	(SignatureSchemesSpec)chc.handshakeExtensions.get(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	481	SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	482	if (certSpec == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	483	chc.peerRequestedCertSignSchemes = shemes;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	484	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	485
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	486	chc.handshakeSession.setPeerSupportedSignatureAlgorithms(shemes);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	487	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	488	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	489
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	490	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	491	* The absence processing if a "signature_algorithms" extension is
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	492	* not present in the CertificateRequest handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	493	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	494	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	495	class CRSignatureSchemesAbsence implements HandshakeAbsence {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	496	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	497	public void absent(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	498	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	499	// The comsuming happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	500	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	501
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	502	// This is a mandatory extension for CertificateRequest handshake
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	503	// message in TLS 1.3.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	504	chc.conContext.fatal(Alert.MISSING_EXTENSION,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	505	"No mandatory signature_algorithms extension in the " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	506	"received CertificateRequest handshake message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	507	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	508	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	509	}

author	wetmore
	Fri, 11 May 2018 15:53:12 -0700
branch	JDK-8145252-TLS13-branch
changeset 56542	56aaa6cb3693
parent 47216	71c04702a3d5
child 56584	a0f3377c58c7
permissions	-rw-r--r--