jdk-sandbox: jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java@5705356edc61 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
29264 5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	2	* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.io.*;
90ce3da70b43 Initial load duke parents: diff changeset	29	import java.math.BigInteger;
90ce3da70b43 Initial load duke parents: diff changeset	30	import java.security.*;
90ce3da70b43 Initial load duke parents: diff changeset	31	import java.util.*;
90ce3da70b43 Initial load duke parents: diff changeset	32
90ce3da70b43 Initial load duke parents: diff changeset	33	import java.security.interfaces.ECPublicKey;
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	34	import java.security.interfaces.RSAPublicKey;
2 90ce3da70b43 Initial load duke parents: diff changeset	35	import java.security.spec.ECParameterSpec;
90ce3da70b43 Initial load duke parents: diff changeset	36
90ce3da70b43 Initial load duke parents: diff changeset	37	import java.security.cert.X509Certificate;
90ce3da70b43 Initial load duke parents: diff changeset	38	import java.security.cert.CertificateException;
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	39	import java.security.cert.CertificateParsingException;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	40	import javax.security.auth.x500.X500Principal;
2 90ce3da70b43 Initial load duke parents: diff changeset	41
90ce3da70b43 Initial load duke parents: diff changeset	42	import javax.crypto.SecretKey;
90ce3da70b43 Initial load duke parents: diff changeset	43	import javax.crypto.spec.SecretKeySpec;
90ce3da70b43 Initial load duke parents: diff changeset	44
90ce3da70b43 Initial load duke parents: diff changeset	45	import javax.net.ssl.*;
90ce3da70b43 Initial load duke parents: diff changeset	46
90ce3da70b43 Initial load duke parents: diff changeset	47	import javax.security.auth.Subject;
90ce3da70b43 Initial load duke parents: diff changeset	48
90ce3da70b43 Initial load duke parents: diff changeset	49	import sun.security.ssl.HandshakeMessage.*;
90ce3da70b43 Initial load duke parents: diff changeset	50	import static sun.security.ssl.CipherSuite.KeyExchange.*;
90ce3da70b43 Initial load duke parents: diff changeset	51
90ce3da70b43 Initial load duke parents: diff changeset	52	/**
90ce3da70b43 Initial load duke parents: diff changeset	53	* ClientHandshaker does the protocol handshaking from the point
90ce3da70b43 Initial load duke parents: diff changeset	54	* of view of a client. It is driven asychronously by handshake messages
90ce3da70b43 Initial load duke parents: diff changeset	55	* as delivered by the parent Handshaker class, and also uses
90ce3da70b43 Initial load duke parents: diff changeset	56	* common functionality (e.g. key generation) that is provided there.
90ce3da70b43 Initial load duke parents: diff changeset	57	*
90ce3da70b43 Initial load duke parents: diff changeset	58	* @author David Brownell
90ce3da70b43 Initial load duke parents: diff changeset	59	*/
90ce3da70b43 Initial load duke parents: diff changeset	60	final class ClientHandshaker extends Handshaker {
90ce3da70b43 Initial load duke parents: diff changeset	61
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	62	// constants for subject alt names of type DNS and IP
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	63	private final static int ALTNAME_DNS = 2;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	64	private final static int ALTNAME_IP = 7;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	65
2 90ce3da70b43 Initial load duke parents: diff changeset	66	// the server's public key from its certificate.
90ce3da70b43 Initial load duke parents: diff changeset	67	private PublicKey serverKey;
90ce3da70b43 Initial load duke parents: diff changeset	68
90ce3da70b43 Initial load duke parents: diff changeset	69	// the server's ephemeral public key from the server key exchange message
90ce3da70b43 Initial load duke parents: diff changeset	70	// for ECDHE/ECDH_anon and RSA_EXPORT.
90ce3da70b43 Initial load duke parents: diff changeset	71	private PublicKey ephemeralServerKey;
90ce3da70b43 Initial load duke parents: diff changeset	72
90ce3da70b43 Initial load duke parents: diff changeset	73	// server's ephemeral public value for DHE/DH_anon key exchanges
90ce3da70b43 Initial load duke parents: diff changeset	74	private BigInteger serverDH;
90ce3da70b43 Initial load duke parents: diff changeset	75
90ce3da70b43 Initial load duke parents: diff changeset	76	private DHCrypt dh;
90ce3da70b43 Initial load duke parents: diff changeset	77
90ce3da70b43 Initial load duke parents: diff changeset	78	private ECDHCrypt ecdh;
90ce3da70b43 Initial load duke parents: diff changeset	79
90ce3da70b43 Initial load duke parents: diff changeset	80	private CertificateRequest certRequest;
90ce3da70b43 Initial load duke parents: diff changeset	81
90ce3da70b43 Initial load duke parents: diff changeset	82	private boolean serverKeyExchangeReceived;
90ce3da70b43 Initial load duke parents: diff changeset	83
90ce3da70b43 Initial load duke parents: diff changeset	84	/*
90ce3da70b43 Initial load duke parents: diff changeset	85	* The RSA PreMasterSecret needs to know the version of
90ce3da70b43 Initial load duke parents: diff changeset	86	* ClientHello that was used on this handshake. This represents
90ce3da70b43 Initial load duke parents: diff changeset	87	* the "max version" this client is supporting. In the
90ce3da70b43 Initial load duke parents: diff changeset	88	* case of an initial handshake, it's the max version enabled,
90ce3da70b43 Initial load duke parents: diff changeset	89	* but in the case of a resumption attempt, it's the version
90ce3da70b43 Initial load duke parents: diff changeset	90	* of the session we're trying to resume.
90ce3da70b43 Initial load duke parents: diff changeset	91	*/
90ce3da70b43 Initial load duke parents: diff changeset	92	private ProtocolVersion maxProtocolVersion;
90ce3da70b43 Initial load duke parents: diff changeset	93
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	94	// To switch off the SNI extension.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	95	private final static boolean enableSNIExtension =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	96	Debug.getBooleanProperty("jsse.enableSNIExtension", true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	97
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	98	/*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	99	* Allow unsafe server certificate change?
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	100	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	101	* Server certificate change during SSL/TLS renegotiation may be considered
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	102	* unsafe, as described in the Triple Handshake attacks:
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	103	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	104	* https://secure-resumption.com/tlsauth.pdf
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	105	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	106	* Endpoint identification (See
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	107	* SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	108	* guarantee that the server certificate change in renegotiation is legal.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	109	* However, endpoing identification is only enabled for HTTPS and LDAP
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	110	* over SSL/TLS by default. It is not enough to protect SSL/TLS
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	111	* connections other than HTTPS and LDAP.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	112	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	113	* The renegotiation indication extension (See RFC 5764) is a pretty
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	114	* strong guarantee that the endpoints on both client and server sides
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	115	* are identical on the same connection. However, the Triple Handshake
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	116	* attacks can bypass this guarantee if there is a session-resumption
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	117	* handshake between the initial full handshake and the renegotiation
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	118	* full handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	119	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	120	* Server certificate change may be unsafe and should be restricted if
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	121	* endpoint identification is not enabled and the previous handshake is
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	122	* a session-resumption abbreviated initial handshake, unless the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	123	* identities represented by both certificates can be regraded as the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	124	* same (See isIdentityEquivalent()).
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	125	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	126	* Considering the compatibility impact and the actual requirements to
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	127	* support server certificate change in practice, the system property,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	128	* jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	129	* server certificate change in renegotiation is allowed or not. The
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	130	* default value of the system property is "false". To mitigate the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	131	* compactibility impact, applications may want to set the system
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	132	* property to "true" at their own risk.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	133	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	134	* If the value of the system property is "false", server certificate
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	135	* change in renegotiation after a session-resumption abbreviated initial
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	136	* handshake is restricted (See isIdentityEquivalent()).
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	137	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	138	* If the system property is set to "true" explicitly, the restriction on
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	139	* server certificate change in renegotiation is disabled.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	140	*/
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	141	private final static boolean allowUnsafeServerCertChange =
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	142	Debug.getBooleanProperty("jdk.tls.allowUnsafeServerCertChange", false);
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	143
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	144	private List<SNIServerName> requestedServerNames =
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	145	Collections.<SNIServerName>emptyList();
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	146
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	147	private boolean serverNamesAccepted = false;
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	148
2 90ce3da70b43 Initial load duke parents: diff changeset	149	/*
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	150	* the reserved server certificate chain in previous handshaking
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	151	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	152	* The server certificate chain is only reserved if the previous
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	153	* handshake is a session-resumption abbreviated initial handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	154	*/
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	155	private X509Certificate[] reservedServerCerts = null;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	156
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	157	/*
2 90ce3da70b43 Initial load duke parents: diff changeset	158	* Constructors
90ce3da70b43 Initial load duke parents: diff changeset	159	*/
90ce3da70b43 Initial load duke parents: diff changeset	160	ClientHandshaker(SSLSocketImpl socket, SSLContextImpl context,
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	161	ProtocolList enabledProtocols,
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	162	ProtocolVersion activeProtocolVersion,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	163	boolean isInitialHandshake, boolean secureRenegotiation,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	164	byte[] clientVerifyData, byte[] serverVerifyData) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	165
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	166	super(socket, context, enabledProtocols, true, true,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	167	activeProtocolVersion, isInitialHandshake, secureRenegotiation,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	168	clientVerifyData, serverVerifyData);
2 90ce3da70b43 Initial load duke parents: diff changeset	169	}
90ce3da70b43 Initial load duke parents: diff changeset	170
90ce3da70b43 Initial load duke parents: diff changeset	171	ClientHandshaker(SSLEngineImpl engine, SSLContextImpl context,
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	172	ProtocolList enabledProtocols,
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	173	ProtocolVersion activeProtocolVersion,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	174	boolean isInitialHandshake, boolean secureRenegotiation,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	175	byte[] clientVerifyData, byte[] serverVerifyData) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	176
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	177	super(engine, context, enabledProtocols, true, true,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	178	activeProtocolVersion, isInitialHandshake, secureRenegotiation,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	179	clientVerifyData, serverVerifyData);
2 90ce3da70b43 Initial load duke parents: diff changeset	180	}
90ce3da70b43 Initial load duke parents: diff changeset	181
90ce3da70b43 Initial load duke parents: diff changeset	182	/*
90ce3da70b43 Initial load duke parents: diff changeset	183	* This routine handles all the client side handshake messages, one at
90ce3da70b43 Initial load duke parents: diff changeset	184	* a time. Given the message type (and in some cases the pending cipher
90ce3da70b43 Initial load duke parents: diff changeset	185	* spec) it parses the type-specific message. Then it calls a function
90ce3da70b43 Initial load duke parents: diff changeset	186	* that handles that specific message.
90ce3da70b43 Initial load duke parents: diff changeset	187	*
90ce3da70b43 Initial load duke parents: diff changeset	188	* It updates the state machine (need to verify it) as each message
90ce3da70b43 Initial load duke parents: diff changeset	189	* is processed, and writes responses as needed using the connection
90ce3da70b43 Initial load duke parents: diff changeset	190	* in the constructor.
90ce3da70b43 Initial load duke parents: diff changeset	191	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	192	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	193	void processMessage(byte type, int messageLen) throws IOException {
16071 8b0a4953189c 7192393: Better Checking of order of TLS Messages xuelei parents: 11521 diff changeset	194	if (state >= type
8b0a4953189c 7192393: Better Checking of order of TLS Messages xuelei parents: 11521 diff changeset	195	&& (type != HandshakeMessage.ht_hello_request)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	196	throw new SSLProtocolException(
90ce3da70b43 Initial load duke parents: diff changeset	197	"Handshake message sequence violation, " + type);
90ce3da70b43 Initial load duke parents: diff changeset	198	}
90ce3da70b43 Initial load duke parents: diff changeset	199
90ce3da70b43 Initial load duke parents: diff changeset	200	switch (type) {
90ce3da70b43 Initial load duke parents: diff changeset	201	case HandshakeMessage.ht_hello_request:
90ce3da70b43 Initial load duke parents: diff changeset	202	this.serverHelloRequest(new HelloRequest(input));
90ce3da70b43 Initial load duke parents: diff changeset	203	break;
90ce3da70b43 Initial load duke parents: diff changeset	204
90ce3da70b43 Initial load duke parents: diff changeset	205	case HandshakeMessage.ht_server_hello:
90ce3da70b43 Initial load duke parents: diff changeset	206	this.serverHello(new ServerHello(input, messageLen));
90ce3da70b43 Initial load duke parents: diff changeset	207	break;
90ce3da70b43 Initial load duke parents: diff changeset	208
90ce3da70b43 Initial load duke parents: diff changeset	209	case HandshakeMessage.ht_certificate:
90ce3da70b43 Initial load duke parents: diff changeset	210	if (keyExchange == K_DH_ANON \|\| keyExchange == K_ECDH_ANON
90ce3da70b43 Initial load duke parents: diff changeset	211	\|\| keyExchange == K_KRB5 \|\| keyExchange == K_KRB5_EXPORT) {
90ce3da70b43 Initial load duke parents: diff changeset	212	fatalSE(Alerts.alert_unexpected_message,
90ce3da70b43 Initial load duke parents: diff changeset	213	"unexpected server cert chain");
90ce3da70b43 Initial load duke parents: diff changeset	214	// NOTREACHED
90ce3da70b43 Initial load duke parents: diff changeset	215	}
90ce3da70b43 Initial load duke parents: diff changeset	216	this.serverCertificate(new CertificateMsg(input));
90ce3da70b43 Initial load duke parents: diff changeset	217	serverKey =
90ce3da70b43 Initial load duke parents: diff changeset	218	session.getPeerCertificates()[0].getPublicKey();
90ce3da70b43 Initial load duke parents: diff changeset	219	break;
90ce3da70b43 Initial load duke parents: diff changeset	220
90ce3da70b43 Initial load duke parents: diff changeset	221	case HandshakeMessage.ht_server_key_exchange:
90ce3da70b43 Initial load duke parents: diff changeset	222	serverKeyExchangeReceived = true;
90ce3da70b43 Initial load duke parents: diff changeset	223	switch (keyExchange) {
90ce3da70b43 Initial load duke parents: diff changeset	224	case K_RSA_EXPORT:
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	225	/**
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	226	* The server key exchange message is sent by the server only
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	227	* when the server certificate message does not contain the
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	228	* proper amount of data to allow the client to exchange a
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	229	* premaster secret, such as when RSA_EXPORT is used and the
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	230	* public key in the server certificate is longer than 512 bits.
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	231	*/
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	232	if (serverKey == null) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	233	throw new SSLProtocolException
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	234	("Server did not send certificate message");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	235	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	236
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	237	if (!(serverKey instanceof RSAPublicKey)) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	238	throw new SSLProtocolException("Protocol violation:" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	239	" the certificate type must be appropriate for the" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	240	" selected cipher suite's key exchange algorithm");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	241	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	242
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	243	if (JsseJce.getRSAKeyLength(serverKey) <= 512) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	244	throw new SSLProtocolException("Protocol violation:" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	245	" server sent a server key exchange message for" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	246	" key exchange " + keyExchange +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	247	" when the public key in the server certificate" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	248	" is less than or equal to 512 bits in length");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	249	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	250
2 90ce3da70b43 Initial load duke parents: diff changeset	251	try {
90ce3da70b43 Initial load duke parents: diff changeset	252	this.serverKeyExchange(new RSA_ServerKeyExchange(input));
90ce3da70b43 Initial load duke parents: diff changeset	253	} catch (GeneralSecurityException e) {
90ce3da70b43 Initial load duke parents: diff changeset	254	throwSSLException("Server key", e);
90ce3da70b43 Initial load duke parents: diff changeset	255	}
90ce3da70b43 Initial load duke parents: diff changeset	256	break;
90ce3da70b43 Initial load duke parents: diff changeset	257	case K_DH_ANON:
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 16071 diff changeset	258	try {
0e6266b88242 7192392: Better validation of client keys xuelei parents: 16071 diff changeset	259	this.serverKeyExchange(new DH_ServerKeyExchange(
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	260	input, protocolVersion));
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 16071 diff changeset	261	} catch (GeneralSecurityException e) {
0e6266b88242 7192392: Better validation of client keys xuelei parents: 16071 diff changeset	262	throwSSLException("Server key", e);
0e6266b88242 7192392: Better validation of client keys xuelei parents: 16071 diff changeset	263	}
2 90ce3da70b43 Initial load duke parents: diff changeset	264	break;
90ce3da70b43 Initial load duke parents: diff changeset	265	case K_DHE_DSS:
90ce3da70b43 Initial load duke parents: diff changeset	266	case K_DHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	267	try {
90ce3da70b43 Initial load duke parents: diff changeset	268	this.serverKeyExchange(new DH_ServerKeyExchange(
90ce3da70b43 Initial load duke parents: diff changeset	269	input, serverKey,
90ce3da70b43 Initial load duke parents: diff changeset	270	clnt_random.random_bytes, svr_random.random_bytes,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	271	messageLen,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	272	localSupportedSignAlgs, protocolVersion));
2 90ce3da70b43 Initial load duke parents: diff changeset	273	} catch (GeneralSecurityException e) {
90ce3da70b43 Initial load duke parents: diff changeset	274	throwSSLException("Server key", e);
90ce3da70b43 Initial load duke parents: diff changeset	275	}
90ce3da70b43 Initial load duke parents: diff changeset	276	break;
90ce3da70b43 Initial load duke parents: diff changeset	277	case K_ECDHE_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	278	case K_ECDHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	279	case K_ECDH_ANON:
90ce3da70b43 Initial load duke parents: diff changeset	280	try {
90ce3da70b43 Initial load duke parents: diff changeset	281	this.serverKeyExchange(new ECDH_ServerKeyExchange
90ce3da70b43 Initial load duke parents: diff changeset	282	(input, serverKey, clnt_random.random_bytes,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	283	svr_random.random_bytes,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	284	localSupportedSignAlgs, protocolVersion));
2 90ce3da70b43 Initial load duke parents: diff changeset	285	} catch (GeneralSecurityException e) {
90ce3da70b43 Initial load duke parents: diff changeset	286	throwSSLException("Server key", e);
90ce3da70b43 Initial load duke parents: diff changeset	287	}
90ce3da70b43 Initial load duke parents: diff changeset	288	break;
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	289	case K_RSA:
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	290	case K_DH_RSA:
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	291	case K_DH_DSS:
2 90ce3da70b43 Initial load duke parents: diff changeset	292	case K_ECDH_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	293	case K_ECDH_RSA:
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	294	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	295	"Protocol violation: server sent a server key exchange"
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	296	+ "message for key exchange " + keyExchange);
2 90ce3da70b43 Initial load duke parents: diff changeset	297	case K_KRB5:
90ce3da70b43 Initial load duke parents: diff changeset	298	case K_KRB5_EXPORT:
90ce3da70b43 Initial load duke parents: diff changeset	299	throw new SSLProtocolException(
90ce3da70b43 Initial load duke parents: diff changeset	300	"unexpected receipt of server key exchange algorithm");
90ce3da70b43 Initial load duke parents: diff changeset	301	default:
90ce3da70b43 Initial load duke parents: diff changeset	302	throw new SSLProtocolException(
90ce3da70b43 Initial load duke parents: diff changeset	303	"unsupported key exchange algorithm = "
90ce3da70b43 Initial load duke parents: diff changeset	304	+ keyExchange);
90ce3da70b43 Initial load duke parents: diff changeset	305	}
90ce3da70b43 Initial load duke parents: diff changeset	306	break;
90ce3da70b43 Initial load duke parents: diff changeset	307
90ce3da70b43 Initial load duke parents: diff changeset	308	case HandshakeMessage.ht_certificate_request:
90ce3da70b43 Initial load duke parents: diff changeset	309	// save for later, it's handled by serverHelloDone
90ce3da70b43 Initial load duke parents: diff changeset	310	if ((keyExchange == K_DH_ANON) \|\| (keyExchange == K_ECDH_ANON)) {
90ce3da70b43 Initial load duke parents: diff changeset	311	throw new SSLHandshakeException(
90ce3da70b43 Initial load duke parents: diff changeset	312	"Client authentication requested for "+
90ce3da70b43 Initial load duke parents: diff changeset	313	"anonymous cipher suite.");
90ce3da70b43 Initial load duke parents: diff changeset	314	} else if (keyExchange == K_KRB5 \|\| keyExchange == K_KRB5_EXPORT) {
90ce3da70b43 Initial load duke parents: diff changeset	315	throw new SSLHandshakeException(
90ce3da70b43 Initial load duke parents: diff changeset	316	"Client certificate requested for "+
90ce3da70b43 Initial load duke parents: diff changeset	317	"kerberos cipher suite.");
90ce3da70b43 Initial load duke parents: diff changeset	318	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	319	certRequest = new CertificateRequest(input, protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	320	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	321	certRequest.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	322	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	323
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	324	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	325	Collection<SignatureAndHashAlgorithm> peerSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	326	certRequest.getSignAlgorithms();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	327	if (peerSignAlgs == null \|\| peerSignAlgs.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	328	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	329	"No peer supported signature algorithms");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	330	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	331
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	332	Collection<SignatureAndHashAlgorithm> supportedPeerSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	333	SignatureAndHashAlgorithm.getSupportedAlgorithms(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	334	peerSignAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	335	if (supportedPeerSignAlgs.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	336	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	337	"No supported signature and hash algorithm in common");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	338	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	339
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	340	setPeerSupportedSignAlgs(supportedPeerSignAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	341	session.setPeerSupportedSignatureAlgorithms(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	342	supportedPeerSignAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	343	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	344
2 90ce3da70b43 Initial load duke parents: diff changeset	345	break;
90ce3da70b43 Initial load duke parents: diff changeset	346
90ce3da70b43 Initial load duke parents: diff changeset	347	case HandshakeMessage.ht_server_hello_done:
90ce3da70b43 Initial load duke parents: diff changeset	348	this.serverHelloDone(new ServerHelloDone(input));
90ce3da70b43 Initial load duke parents: diff changeset	349	break;
90ce3da70b43 Initial load duke parents: diff changeset	350
90ce3da70b43 Initial load duke parents: diff changeset	351	case HandshakeMessage.ht_finished:
28550 003089aca6b9 8057555: Less cryptic cipher suite management ascarpino parents: 27068 diff changeset	352	// A ChangeCipherSpec record must have been received prior to
003089aca6b9 8057555: Less cryptic cipher suite management ascarpino parents: 27068 diff changeset	353	// reception of the Finished message (RFC 5246, 7.4.9).
003089aca6b9 8057555: Less cryptic cipher suite management ascarpino parents: 27068 diff changeset	354	if (!receivedChangeCipherSpec()) {
003089aca6b9 8057555: Less cryptic cipher suite management ascarpino parents: 27068 diff changeset	355	fatalSE(Alerts.alert_handshake_failure,
003089aca6b9 8057555: Less cryptic cipher suite management ascarpino parents: 27068 diff changeset	356	"Received Finished message before ChangeCipherSpec");
003089aca6b9 8057555: Less cryptic cipher suite management ascarpino parents: 27068 diff changeset	357	}
003089aca6b9 8057555: Less cryptic cipher suite management ascarpino parents: 27068 diff changeset	358
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	359	this.serverFinished(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	360	new Finished(protocolVersion, input, cipherSuite));
2 90ce3da70b43 Initial load duke parents: diff changeset	361	break;
90ce3da70b43 Initial load duke parents: diff changeset	362
90ce3da70b43 Initial load duke parents: diff changeset	363	default:
90ce3da70b43 Initial load duke parents: diff changeset	364	throw new SSLProtocolException(
90ce3da70b43 Initial load duke parents: diff changeset	365	"Illegal client handshake msg, " + type);
90ce3da70b43 Initial load duke parents: diff changeset	366	}
90ce3da70b43 Initial load duke parents: diff changeset	367
90ce3da70b43 Initial load duke parents: diff changeset	368	//
90ce3da70b43 Initial load duke parents: diff changeset	369	// Move state machine forward if the message handling
90ce3da70b43 Initial load duke parents: diff changeset	370	// code didn't already do so
90ce3da70b43 Initial load duke parents: diff changeset	371	//
90ce3da70b43 Initial load duke parents: diff changeset	372	if (state < type) {
90ce3da70b43 Initial load duke parents: diff changeset	373	state = type;
90ce3da70b43 Initial load duke parents: diff changeset	374	}
90ce3da70b43 Initial load duke parents: diff changeset	375	}
90ce3da70b43 Initial load duke parents: diff changeset	376
90ce3da70b43 Initial load duke parents: diff changeset	377	/*
90ce3da70b43 Initial load duke parents: diff changeset	378	* Used by the server to kickstart negotiations -- this requests a
90ce3da70b43 Initial load duke parents: diff changeset	379	* "client hello" to renegotiate current cipher specs (e.g. maybe lots
90ce3da70b43 Initial load duke parents: diff changeset	380	* of data has been encrypted with the same keys, or the server needs
90ce3da70b43 Initial load duke parents: diff changeset	381	* the client to present a certificate).
90ce3da70b43 Initial load duke parents: diff changeset	382	*/
90ce3da70b43 Initial load duke parents: diff changeset	383	private void serverHelloRequest(HelloRequest mesg) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	384	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	385	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	386	}
90ce3da70b43 Initial load duke parents: diff changeset	387
90ce3da70b43 Initial load duke parents: diff changeset	388	//
90ce3da70b43 Initial load duke parents: diff changeset	389	// Could be (e.g. at connection setup) that we already
90ce3da70b43 Initial load duke parents: diff changeset	390	// sent the "client hello" but the server's not seen it.
90ce3da70b43 Initial load duke parents: diff changeset	391	//
90ce3da70b43 Initial load duke parents: diff changeset	392	if (state < HandshakeMessage.ht_client_hello) {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	393	if (!secureRenegotiation && !allowUnsafeRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	394	// renegotiation is not allowed.
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	395	if (activeProtocolVersion.v >= ProtocolVersion.TLS10.v) {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	396	// response with a no_renegotiation warning,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	397	warningSE(Alerts.alert_no_renegotiation);
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	398
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	399	// invalidate the handshake so that the caller can
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	400	// dispose this object.
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	401	invalidated = true;
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	402
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	403	// If there is still unread block in the handshake
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	404	// input stream, it would be truncated with the disposal
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	405	// and the next handshake message will become incomplete.
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	406	//
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	407	// However, according to SSL/TLS specifications, no more
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	408	// handshake message should immediately follow ClientHello
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	409	// or HelloRequest. So just let it be.
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	410	} else {
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	411	// For SSLv3, send the handshake_failure fatal error.
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	412	// Note that SSLv3 does not define a no_renegotiation
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	413	// alert like TLSv1. However we cannot ignore the message
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	414	// simply, otherwise the other side was waiting for a
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	415	// response that would never come.
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	416	fatalSE(Alerts.alert_handshake_failure,
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	417	"Renegotiation is not allowed");
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	418	}
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	419	} else {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	420	if (!secureRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	421	if (debug != null && Debug.isOn("handshake")) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	422	System.out.println(
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	423	"Warning: continue with insecure renegotiation");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	424	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	425	}
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	426	kickstart();
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 4236 diff changeset	427	}
2 90ce3da70b43 Initial load duke parents: diff changeset	428	}
90ce3da70b43 Initial load duke parents: diff changeset	429	}
90ce3da70b43 Initial load duke parents: diff changeset	430
90ce3da70b43 Initial load duke parents: diff changeset	431
90ce3da70b43 Initial load duke parents: diff changeset	432	/*
90ce3da70b43 Initial load duke parents: diff changeset	433	* Server chooses session parameters given options created by the
90ce3da70b43 Initial load duke parents: diff changeset	434	* client -- basically, cipher options, session id, and someday a
90ce3da70b43 Initial load duke parents: diff changeset	435	* set of compression options.
90ce3da70b43 Initial load duke parents: diff changeset	436	*
90ce3da70b43 Initial load duke parents: diff changeset	437	* There are two branches of the state machine, decided by the
90ce3da70b43 Initial load duke parents: diff changeset	438	* details of this message. One is the "fast" handshake, where we
90ce3da70b43 Initial load duke parents: diff changeset	439	* can resume the pre-existing session we asked resume. The other
90ce3da70b43 Initial load duke parents: diff changeset	440	* is a more expensive "full" handshake, with key exchange and
90ce3da70b43 Initial load duke parents: diff changeset	441	* probably authentication getting done.
90ce3da70b43 Initial load duke parents: diff changeset	442	*/
90ce3da70b43 Initial load duke parents: diff changeset	443	private void serverHello(ServerHello mesg) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	444	serverKeyExchangeReceived = false;
90ce3da70b43 Initial load duke parents: diff changeset	445	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	446	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	447	}
90ce3da70b43 Initial load duke parents: diff changeset	448
90ce3da70b43 Initial load duke parents: diff changeset	449	// check if the server selected protocol version is OK for us
90ce3da70b43 Initial load duke parents: diff changeset	450	ProtocolVersion mesgVersion = mesg.protocolVersion;
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	451	if (!isNegotiable(mesgVersion)) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	452	throw new SSLHandshakeException(
8782 1ff0b643b793 7009794: misleading text in SSLHandshakeException exception message xuelei parents: 7990 diff changeset	453	"Server chose " + mesgVersion +
8791 f5106bbf577d 7022855: Export "PKIX" as the standard algorithm name of KeyManagerFactory xuelei parents: 8782 diff changeset	454	", but that protocol version is not enabled or not supported " +
f5106bbf577d 7022855: Export "PKIX" as the standard algorithm name of KeyManagerFactory xuelei parents: 8782 diff changeset	455	"by the client.");
2 90ce3da70b43 Initial load duke parents: diff changeset	456	}
90ce3da70b43 Initial load duke parents: diff changeset	457
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	458	handshakeHash.protocolDetermined(mesgVersion);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	459
2 90ce3da70b43 Initial load duke parents: diff changeset	460	// Set protocolVersion and propagate to SSLSocket and the
90ce3da70b43 Initial load duke parents: diff changeset	461	// Handshake streams
90ce3da70b43 Initial load duke parents: diff changeset	462	setVersion(mesgVersion);
90ce3da70b43 Initial load duke parents: diff changeset	463
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	464	// check the "renegotiation_info" extension
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	465	RenegotiationInfoExtension serverHelloRI = (RenegotiationInfoExtension)
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	466	mesg.extensions.get(ExtensionType.EXT_RENEGOTIATION_INFO);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	467	if (serverHelloRI != null) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	468	if (isInitialHandshake) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	469	// verify the length of the "renegotiated_connection" field
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	470	if (!serverHelloRI.isEmpty()) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	471	// abort the handshake with a fatal handshake_failure alert
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	472	fatalSE(Alerts.alert_handshake_failure,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	473	"The renegotiation_info field is not empty");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	474	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	475
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	476	secureRenegotiation = true;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	477	} else {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	478	// For a legacy renegotiation, the client MUST verify that
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	479	// it does not contain the "renegotiation_info" extension.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	480	if (!secureRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	481	fatalSE(Alerts.alert_handshake_failure,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	482	"Unexpected renegotiation indication extension");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	483	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	484
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	485	// verify the client_verify_data and server_verify_data values
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	486	byte[] verifyData =
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	487	new byte[clientVerifyData.length + serverVerifyData.length];
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	488	System.arraycopy(clientVerifyData, 0, verifyData,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	489	0, clientVerifyData.length);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	490	System.arraycopy(serverVerifyData, 0, verifyData,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	491	clientVerifyData.length, serverVerifyData.length);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	492	if (!Arrays.equals(verifyData,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	493	serverHelloRI.getRenegotiatedConnection())) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	494	fatalSE(Alerts.alert_handshake_failure,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	495	"Incorrect verify data in ServerHello " +
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	496	"renegotiation_info message");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	497	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	498	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	499	} else {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	500	// no renegotiation indication extension
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	501	if (isInitialHandshake) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	502	if (!allowLegacyHelloMessages) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	503	// abort the handshake with a fatal handshake_failure alert
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	504	fatalSE(Alerts.alert_handshake_failure,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	505	"Failed to negotiate the use of secure renegotiation");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	506	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	507
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	508	secureRenegotiation = false;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	509	if (debug != null && Debug.isOn("handshake")) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	510	System.out.println("Warning: No renegotiation " +
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	511	"indication extension in ServerHello");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	512	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	513	} else {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	514	// For a secure renegotiation, the client must abort the
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	515	// handshake if no "renegotiation_info" extension is present.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	516	if (secureRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	517	fatalSE(Alerts.alert_handshake_failure,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	518	"No renegotiation indication extension");
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	519	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	520
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	521	// we have already allowed unsafe renegotation before request
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	522	// the renegotiation.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	523	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	524	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	525
2 90ce3da70b43 Initial load duke parents: diff changeset	526	//
90ce3da70b43 Initial load duke parents: diff changeset	527	// Save server nonce, we always use it to compute connection
90ce3da70b43 Initial load duke parents: diff changeset	528	// keys and it's also used to create the master secret if we're
90ce3da70b43 Initial load duke parents: diff changeset	529	// creating a new session (i.e. in the full handshake).
90ce3da70b43 Initial load duke parents: diff changeset	530	//
90ce3da70b43 Initial load duke parents: diff changeset	531	svr_random = mesg.svr_random;
90ce3da70b43 Initial load duke parents: diff changeset	532
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	533	if (isNegotiable(mesg.cipherSuite) == false) {
2 90ce3da70b43 Initial load duke parents: diff changeset	534	fatalSE(Alerts.alert_illegal_parameter,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	535	"Server selected improper ciphersuite " + mesg.cipherSuite);
2 90ce3da70b43 Initial load duke parents: diff changeset	536	}
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	537
2 90ce3da70b43 Initial load duke parents: diff changeset	538	setCipherSuite(mesg.cipherSuite);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	539	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	540	handshakeHash.setFinishedAlg(cipherSuite.prfAlg.getPRFHashAlg());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	541	}
2 90ce3da70b43 Initial load duke parents: diff changeset	542
90ce3da70b43 Initial load duke parents: diff changeset	543	if (mesg.compression_method != 0) {
90ce3da70b43 Initial load duke parents: diff changeset	544	fatalSE(Alerts.alert_illegal_parameter,
90ce3da70b43 Initial load duke parents: diff changeset	545	"compression type not supported, "
90ce3da70b43 Initial load duke parents: diff changeset	546	+ mesg.compression_method);
90ce3da70b43 Initial load duke parents: diff changeset	547	// NOTREACHED
90ce3da70b43 Initial load duke parents: diff changeset	548	}
90ce3da70b43 Initial load duke parents: diff changeset	549
90ce3da70b43 Initial load duke parents: diff changeset	550	// so far so good, let's look at the session
90ce3da70b43 Initial load duke parents: diff changeset	551	if (session != null) {
90ce3da70b43 Initial load duke parents: diff changeset	552	// we tried to resume, let's see what the server decided
90ce3da70b43 Initial load duke parents: diff changeset	553	if (session.getSessionId().equals(mesg.sessionId)) {
90ce3da70b43 Initial load duke parents: diff changeset	554	// server resumed the session, let's make sure everything
90ce3da70b43 Initial load duke parents: diff changeset	555	// checks out
90ce3da70b43 Initial load duke parents: diff changeset	556
90ce3da70b43 Initial load duke parents: diff changeset	557	// Verify that the session ciphers are unchanged.
90ce3da70b43 Initial load duke parents: diff changeset	558	CipherSuite sessionSuite = session.getSuite();
90ce3da70b43 Initial load duke parents: diff changeset	559	if (cipherSuite != sessionSuite) {
90ce3da70b43 Initial load duke parents: diff changeset	560	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	561	("Server returned wrong cipher suite for session");
90ce3da70b43 Initial load duke parents: diff changeset	562	}
90ce3da70b43 Initial load duke parents: diff changeset	563
90ce3da70b43 Initial load duke parents: diff changeset	564	// verify protocol version match
90ce3da70b43 Initial load duke parents: diff changeset	565	ProtocolVersion sessionVersion = session.getProtocolVersion();
90ce3da70b43 Initial load duke parents: diff changeset	566	if (protocolVersion != sessionVersion) {
90ce3da70b43 Initial load duke parents: diff changeset	567	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	568	("Server resumed session with wrong protocol version");
90ce3da70b43 Initial load duke parents: diff changeset	569	}
90ce3da70b43 Initial load duke parents: diff changeset	570
90ce3da70b43 Initial load duke parents: diff changeset	571	// validate subject identity
90ce3da70b43 Initial load duke parents: diff changeset	572	if (sessionSuite.keyExchange == K_KRB5 \|\|
90ce3da70b43 Initial load duke parents: diff changeset	573	sessionSuite.keyExchange == K_KRB5_EXPORT) {
90ce3da70b43 Initial load duke parents: diff changeset	574	Principal localPrincipal = session.getLocalPrincipal();
90ce3da70b43 Initial load duke parents: diff changeset	575
90ce3da70b43 Initial load duke parents: diff changeset	576	Subject subject = null;
90ce3da70b43 Initial load duke parents: diff changeset	577	try {
90ce3da70b43 Initial load duke parents: diff changeset	578	subject = AccessController.doPrivileged(
90ce3da70b43 Initial load duke parents: diff changeset	579	new PrivilegedExceptionAction<Subject>() {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	580	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	581	public Subject run() throws Exception {
4236 02f52c723b79 6894643: Separate out dependency on Kerberos vinnie parents: 2942 diff changeset	582	return Krb5Helper.getClientSubject(getAccSE());
2 90ce3da70b43 Initial load duke parents: diff changeset	583	}});
90ce3da70b43 Initial load duke parents: diff changeset	584	} catch (PrivilegedActionException e) {
90ce3da70b43 Initial load duke parents: diff changeset	585	subject = null;
90ce3da70b43 Initial load duke parents: diff changeset	586	if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	587	System.out.println("Attempt to obtain" +
90ce3da70b43 Initial load duke parents: diff changeset	588	" subject failed!");
90ce3da70b43 Initial load duke parents: diff changeset	589	}
90ce3da70b43 Initial load duke parents: diff changeset	590	}
90ce3da70b43 Initial load duke parents: diff changeset	591
90ce3da70b43 Initial load duke parents: diff changeset	592	if (subject != null) {
4236 02f52c723b79 6894643: Separate out dependency on Kerberos vinnie parents: 2942 diff changeset	593	// Eliminate dependency on KerberosPrincipal
02f52c723b79 6894643: Separate out dependency on Kerberos vinnie parents: 2942 diff changeset	594	Set<Principal> principals =
02f52c723b79 6894643: Separate out dependency on Kerberos vinnie parents: 2942 diff changeset	595	subject.getPrincipals(Principal.class);
2 90ce3da70b43 Initial load duke parents: diff changeset	596	if (!principals.contains(localPrincipal)) {
90ce3da70b43 Initial load duke parents: diff changeset	597	throw new SSLProtocolException("Server resumed" +
90ce3da70b43 Initial load duke parents: diff changeset	598	" session with wrong subject identity");
90ce3da70b43 Initial load duke parents: diff changeset	599	} else {
90ce3da70b43 Initial load duke parents: diff changeset	600	if (debug != null && Debug.isOn("session"))
90ce3da70b43 Initial load duke parents: diff changeset	601	System.out.println("Subject identity is same");
90ce3da70b43 Initial load duke parents: diff changeset	602	}
90ce3da70b43 Initial load duke parents: diff changeset	603	} else {
90ce3da70b43 Initial load duke parents: diff changeset	604	if (debug != null && Debug.isOn("session"))
90ce3da70b43 Initial load duke parents: diff changeset	605	System.out.println("Kerberos credentials are not" +
90ce3da70b43 Initial load duke parents: diff changeset	606	" present in the current Subject; check if " +
90ce3da70b43 Initial load duke parents: diff changeset	607	" javax.security.auth.useSubjectAsCreds" +
90ce3da70b43 Initial load duke parents: diff changeset	608	" system property has been set to false");
90ce3da70b43 Initial load duke parents: diff changeset	609	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	610	("Server resumed session with no subject");
90ce3da70b43 Initial load duke parents: diff changeset	611	}
90ce3da70b43 Initial load duke parents: diff changeset	612	}
90ce3da70b43 Initial load duke parents: diff changeset	613
90ce3da70b43 Initial load duke parents: diff changeset	614	// looks fine; resume it, and update the state machine.
90ce3da70b43 Initial load duke parents: diff changeset	615	resumingSession = true;
90ce3da70b43 Initial load duke parents: diff changeset	616	state = HandshakeMessage.ht_finished - 1;
90ce3da70b43 Initial load duke parents: diff changeset	617	calculateConnectionKeys(session.getMasterSecret());
90ce3da70b43 Initial load duke parents: diff changeset	618	if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	619	System.out.println("%% Server resumed " + session);
90ce3da70b43 Initial load duke parents: diff changeset	620	}
90ce3da70b43 Initial load duke parents: diff changeset	621	} else {
90ce3da70b43 Initial load duke parents: diff changeset	622	// we wanted to resume, but the server refused
90ce3da70b43 Initial load duke parents: diff changeset	623	session = null;
90ce3da70b43 Initial load duke parents: diff changeset	624	if (!enableNewSession) {
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	625	throw new SSLException("New session creation is disabled");
2 90ce3da70b43 Initial load duke parents: diff changeset	626	}
90ce3da70b43 Initial load duke parents: diff changeset	627	}
90ce3da70b43 Initial load duke parents: diff changeset	628	}
90ce3da70b43 Initial load duke parents: diff changeset	629
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	630	if (resumingSession && session != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	631	setHandshakeSessionSE(session);
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	632	// Reserve the handshake state if this is a session-resumption
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	633	// abbreviated initial handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	634	if (isInitialHandshake) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	635	session.setAsSessionResumption(true);
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	636	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	637
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	638	return;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	639	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	640
2 90ce3da70b43 Initial load duke parents: diff changeset	641	// check extensions
90ce3da70b43 Initial load duke parents: diff changeset	642	for (HelloExtension ext : mesg.extensions.list()) {
90ce3da70b43 Initial load duke parents: diff changeset	643	ExtensionType type = ext.type;
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	644	if (type == ExtensionType.EXT_SERVER_NAME) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	645	serverNamesAccepted = true;
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	646	} else if ((type != ExtensionType.EXT_ELLIPTIC_CURVES)
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	647	&& (type != ExtensionType.EXT_EC_POINT_FORMATS)
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	648	&& (type != ExtensionType.EXT_SERVER_NAME)
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	649	&& (type != ExtensionType.EXT_RENEGOTIATION_INFO)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	650	fatalSE(Alerts.alert_unsupported_extension,
90ce3da70b43 Initial load duke parents: diff changeset	651	"Server sent an unsupported extension: " + type);
90ce3da70b43 Initial load duke parents: diff changeset	652	}
90ce3da70b43 Initial load duke parents: diff changeset	653	}
90ce3da70b43 Initial load duke parents: diff changeset	654
90ce3da70b43 Initial load duke parents: diff changeset	655	// Create a new session, we need to do the full handshake
90ce3da70b43 Initial load duke parents: diff changeset	656	session = new SSLSessionImpl(protocolVersion, cipherSuite,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	657	getLocalSupportedSignAlgs(),
2 90ce3da70b43 Initial load duke parents: diff changeset	658	mesg.sessionId, getHostSE(), getPortSE());
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	659	session.setRequestedServerNames(requestedServerNames);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	660	setHandshakeSessionSE(session);
2 90ce3da70b43 Initial load duke parents: diff changeset	661	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	662	System.out.println("** " + cipherSuite);
90ce3da70b43 Initial load duke parents: diff changeset	663	}
90ce3da70b43 Initial load duke parents: diff changeset	664	}
90ce3da70b43 Initial load duke parents: diff changeset	665
90ce3da70b43 Initial load duke parents: diff changeset	666	/*
90ce3da70b43 Initial load duke parents: diff changeset	667	* Server's own key was either a signing-only key, or was too
90ce3da70b43 Initial load duke parents: diff changeset	668	* large for export rules ... this message holds an ephemeral
90ce3da70b43 Initial load duke parents: diff changeset	669	* RSA key to use for key exchange.
90ce3da70b43 Initial load duke parents: diff changeset	670	*/
90ce3da70b43 Initial load duke parents: diff changeset	671	private void serverKeyExchange(RSA_ServerKeyExchange mesg)
90ce3da70b43 Initial load duke parents: diff changeset	672	throws IOException, GeneralSecurityException {
90ce3da70b43 Initial load duke parents: diff changeset	673	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	674	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	675	}
90ce3da70b43 Initial load duke parents: diff changeset	676	if (!mesg.verify(serverKey, clnt_random, svr_random)) {
90ce3da70b43 Initial load duke parents: diff changeset	677	fatalSE(Alerts.alert_handshake_failure,
90ce3da70b43 Initial load duke parents: diff changeset	678	"server key exchange invalid");
90ce3da70b43 Initial load duke parents: diff changeset	679	// NOTREACHED
90ce3da70b43 Initial load duke parents: diff changeset	680	}
90ce3da70b43 Initial load duke parents: diff changeset	681	ephemeralServerKey = mesg.getPublicKey();
90ce3da70b43 Initial load duke parents: diff changeset	682	}
90ce3da70b43 Initial load duke parents: diff changeset	683
90ce3da70b43 Initial load duke parents: diff changeset	684
90ce3da70b43 Initial load duke parents: diff changeset	685	/*
90ce3da70b43 Initial load duke parents: diff changeset	686	* Diffie-Hellman key exchange. We save the server public key and
90ce3da70b43 Initial load duke parents: diff changeset	687	* our own D-H algorithm object so we can defer key calculations
90ce3da70b43 Initial load duke parents: diff changeset	688	* until after we've sent the client key exchange message (which
90ce3da70b43 Initial load duke parents: diff changeset	689	* gives client and server some useful parallelism).
90ce3da70b43 Initial load duke parents: diff changeset	690	*/
90ce3da70b43 Initial load duke parents: diff changeset	691	private void serverKeyExchange(DH_ServerKeyExchange mesg)
90ce3da70b43 Initial load duke parents: diff changeset	692	throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	693	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	694	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	695	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	696	dh = new DHCrypt(mesg.getModulus(), mesg.getBase(),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	697	sslContext.getSecureRandom());
2 90ce3da70b43 Initial load duke parents: diff changeset	698	serverDH = mesg.getServerPublicKey();
90ce3da70b43 Initial load duke parents: diff changeset	699	}
90ce3da70b43 Initial load duke parents: diff changeset	700
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	701	private void serverKeyExchange(ECDH_ServerKeyExchange mesg)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	702	throws IOException {
2 90ce3da70b43 Initial load duke parents: diff changeset	703	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	704	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	705	}
90ce3da70b43 Initial load duke parents: diff changeset	706	ECPublicKey key = mesg.getPublicKey();
90ce3da70b43 Initial load duke parents: diff changeset	707	ecdh = new ECDHCrypt(key.getParams(), sslContext.getSecureRandom());
90ce3da70b43 Initial load duke parents: diff changeset	708	ephemeralServerKey = key;
90ce3da70b43 Initial load duke parents: diff changeset	709	}
90ce3da70b43 Initial load duke parents: diff changeset	710
90ce3da70b43 Initial load duke parents: diff changeset	711	/*
90ce3da70b43 Initial load duke parents: diff changeset	712	* The server's "Hello Done" message is the client's sign that
90ce3da70b43 Initial load duke parents: diff changeset	713	* it's time to do all the hard work.
90ce3da70b43 Initial load duke parents: diff changeset	714	*/
90ce3da70b43 Initial load duke parents: diff changeset	715	private void serverHelloDone(ServerHelloDone mesg) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	716	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	717	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	718	}
90ce3da70b43 Initial load duke parents: diff changeset	719	/*
90ce3da70b43 Initial load duke parents: diff changeset	720	* Always make sure the input has been digested before we
90ce3da70b43 Initial load duke parents: diff changeset	721	* start emitting data, to ensure the hashes are correctly
90ce3da70b43 Initial load duke parents: diff changeset	722	* computed for the Finished and CertificateVerify messages
90ce3da70b43 Initial load duke parents: diff changeset	723	* which we send (here).
90ce3da70b43 Initial load duke parents: diff changeset	724	*/
90ce3da70b43 Initial load duke parents: diff changeset	725	input.digestNow();
90ce3da70b43 Initial load duke parents: diff changeset	726
90ce3da70b43 Initial load duke parents: diff changeset	727	/*
90ce3da70b43 Initial load duke parents: diff changeset	728	* FIRST ... if requested, send an appropriate Certificate chain
90ce3da70b43 Initial load duke parents: diff changeset	729	* to authenticate the client, and remember the associated private
90ce3da70b43 Initial load duke parents: diff changeset	730	* key to sign the CertificateVerify message.
90ce3da70b43 Initial load duke parents: diff changeset	731	*/
90ce3da70b43 Initial load duke parents: diff changeset	732	PrivateKey signingKey = null;
90ce3da70b43 Initial load duke parents: diff changeset	733
90ce3da70b43 Initial load duke parents: diff changeset	734	if (certRequest != null) {
90ce3da70b43 Initial load duke parents: diff changeset	735	X509ExtendedKeyManager km = sslContext.getX509KeyManager();
90ce3da70b43 Initial load duke parents: diff changeset	736
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7804 diff changeset	737	ArrayList<String> keytypesTmp = new ArrayList<>(4);
2 90ce3da70b43 Initial load duke parents: diff changeset	738
90ce3da70b43 Initial load duke parents: diff changeset	739	for (int i = 0; i < certRequest.types.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	740	String typeName;
90ce3da70b43 Initial load duke parents: diff changeset	741
90ce3da70b43 Initial load duke parents: diff changeset	742	switch (certRequest.types[i]) {
90ce3da70b43 Initial load duke parents: diff changeset	743	case CertificateRequest.cct_rsa_sign:
90ce3da70b43 Initial load duke parents: diff changeset	744	typeName = "RSA";
90ce3da70b43 Initial load duke parents: diff changeset	745	break;
90ce3da70b43 Initial load duke parents: diff changeset	746
90ce3da70b43 Initial load duke parents: diff changeset	747	case CertificateRequest.cct_dss_sign:
90ce3da70b43 Initial load duke parents: diff changeset	748	typeName = "DSA";
90ce3da70b43 Initial load duke parents: diff changeset	749	break;
90ce3da70b43 Initial load duke parents: diff changeset	750
90ce3da70b43 Initial load duke parents: diff changeset	751	case CertificateRequest.cct_ecdsa_sign:
90ce3da70b43 Initial load duke parents: diff changeset	752	// ignore if we do not have EC crypto available
90ce3da70b43 Initial load duke parents: diff changeset	753	typeName = JsseJce.isEcAvailable() ? "EC" : null;
90ce3da70b43 Initial load duke parents: diff changeset	754	break;
90ce3da70b43 Initial load duke parents: diff changeset	755
90ce3da70b43 Initial load duke parents: diff changeset	756	// Fixed DH/ECDH client authentication not supported
90ce3da70b43 Initial load duke parents: diff changeset	757	case CertificateRequest.cct_rsa_fixed_dh:
90ce3da70b43 Initial load duke parents: diff changeset	758	case CertificateRequest.cct_dss_fixed_dh:
90ce3da70b43 Initial load duke parents: diff changeset	759	case CertificateRequest.cct_rsa_fixed_ecdh:
90ce3da70b43 Initial load duke parents: diff changeset	760	case CertificateRequest.cct_ecdsa_fixed_ecdh:
90ce3da70b43 Initial load duke parents: diff changeset	761	// Any other values (currently not used in TLS)
90ce3da70b43 Initial load duke parents: diff changeset	762	case CertificateRequest.cct_rsa_ephemeral_dh:
90ce3da70b43 Initial load duke parents: diff changeset	763	case CertificateRequest.cct_dss_ephemeral_dh:
90ce3da70b43 Initial load duke parents: diff changeset	764	default:
90ce3da70b43 Initial load duke parents: diff changeset	765	typeName = null;
90ce3da70b43 Initial load duke parents: diff changeset	766	break;
90ce3da70b43 Initial load duke parents: diff changeset	767	}
90ce3da70b43 Initial load duke parents: diff changeset	768
90ce3da70b43 Initial load duke parents: diff changeset	769	if ((typeName != null) && (!keytypesTmp.contains(typeName))) {
90ce3da70b43 Initial load duke parents: diff changeset	770	keytypesTmp.add(typeName);
90ce3da70b43 Initial load duke parents: diff changeset	771	}
90ce3da70b43 Initial load duke parents: diff changeset	772	}
90ce3da70b43 Initial load duke parents: diff changeset	773
90ce3da70b43 Initial load duke parents: diff changeset	774	String alias = null;
90ce3da70b43 Initial load duke parents: diff changeset	775	int keytypesTmpSize = keytypesTmp.size();
90ce3da70b43 Initial load duke parents: diff changeset	776	if (keytypesTmpSize != 0) {
90ce3da70b43 Initial load duke parents: diff changeset	777	String keytypes[] =
90ce3da70b43 Initial load duke parents: diff changeset	778	keytypesTmp.toArray(new String[keytypesTmpSize]);
90ce3da70b43 Initial load duke parents: diff changeset	779
90ce3da70b43 Initial load duke parents: diff changeset	780	if (conn != null) {
90ce3da70b43 Initial load duke parents: diff changeset	781	alias = km.chooseClientAlias(keytypes,
90ce3da70b43 Initial load duke parents: diff changeset	782	certRequest.getAuthorities(), conn);
90ce3da70b43 Initial load duke parents: diff changeset	783	} else {
90ce3da70b43 Initial load duke parents: diff changeset	784	alias = km.chooseEngineClientAlias(keytypes,
90ce3da70b43 Initial load duke parents: diff changeset	785	certRequest.getAuthorities(), engine);
90ce3da70b43 Initial load duke parents: diff changeset	786	}
90ce3da70b43 Initial load duke parents: diff changeset	787	}
90ce3da70b43 Initial load duke parents: diff changeset	788
90ce3da70b43 Initial load duke parents: diff changeset	789	CertificateMsg m1 = null;
90ce3da70b43 Initial load duke parents: diff changeset	790	if (alias != null) {
90ce3da70b43 Initial load duke parents: diff changeset	791	X509Certificate[] certs = km.getCertificateChain(alias);
90ce3da70b43 Initial load duke parents: diff changeset	792	if ((certs != null) && (certs.length != 0)) {
90ce3da70b43 Initial load duke parents: diff changeset	793	PublicKey publicKey = certs[0].getPublicKey();
90ce3da70b43 Initial load duke parents: diff changeset	794	// for EC, make sure we use a supported named curve
90ce3da70b43 Initial load duke parents: diff changeset	795	if (publicKey instanceof ECPublicKey) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	796	ECParameterSpec params =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	797	((ECPublicKey)publicKey).getParams();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	798	int index =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	799	SupportedEllipticCurvesExtension.getCurveIndex(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	800	params);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	801	if (!SupportedEllipticCurvesExtension.isSupported(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	802	index)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	803	publicKey = null;
90ce3da70b43 Initial load duke parents: diff changeset	804	}
90ce3da70b43 Initial load duke parents: diff changeset	805	}
90ce3da70b43 Initial load duke parents: diff changeset	806	if (publicKey != null) {
90ce3da70b43 Initial load duke parents: diff changeset	807	m1 = new CertificateMsg(certs);
90ce3da70b43 Initial load duke parents: diff changeset	808	signingKey = km.getPrivateKey(alias);
90ce3da70b43 Initial load duke parents: diff changeset	809	session.setLocalPrivateKey(signingKey);
90ce3da70b43 Initial load duke parents: diff changeset	810	session.setLocalCertificates(certs);
90ce3da70b43 Initial load duke parents: diff changeset	811	}
90ce3da70b43 Initial load duke parents: diff changeset	812	}
90ce3da70b43 Initial load duke parents: diff changeset	813	}
90ce3da70b43 Initial load duke parents: diff changeset	814	if (m1 == null) {
90ce3da70b43 Initial load duke parents: diff changeset	815	//
90ce3da70b43 Initial load duke parents: diff changeset	816	// No appropriate cert was found ... report this to the
90ce3da70b43 Initial load duke parents: diff changeset	817	// server. For SSLv3, send the no_certificate alert;
90ce3da70b43 Initial load duke parents: diff changeset	818	// TLS uses an empty cert chain instead.
90ce3da70b43 Initial load duke parents: diff changeset	819	//
90ce3da70b43 Initial load duke parents: diff changeset	820	if (protocolVersion.v >= ProtocolVersion.TLS10.v) {
90ce3da70b43 Initial load duke parents: diff changeset	821	m1 = new CertificateMsg(new X509Certificate [0]);
90ce3da70b43 Initial load duke parents: diff changeset	822	} else {
90ce3da70b43 Initial load duke parents: diff changeset	823	warningSE(Alerts.alert_no_certificate);
90ce3da70b43 Initial load duke parents: diff changeset	824	}
29264 5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	825	if (debug != null && Debug.isOn("handshake")) {
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	826	System.out.println(
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	827	"Warning: no suitable certificate found - " +
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	828	"continuing without client authentication");
5172066a2da6 8054037: Improve tracing for java.security.debug=certpath juh parents: 28550 diff changeset	829	}
2 90ce3da70b43 Initial load duke parents: diff changeset	830	}
90ce3da70b43 Initial load duke parents: diff changeset	831
90ce3da70b43 Initial load duke parents: diff changeset	832	//
90ce3da70b43 Initial load duke parents: diff changeset	833	// At last ... send any client certificate chain.
90ce3da70b43 Initial load duke parents: diff changeset	834	//
90ce3da70b43 Initial load duke parents: diff changeset	835	if (m1 != null) {
90ce3da70b43 Initial load duke parents: diff changeset	836	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	837	m1.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	838	}
90ce3da70b43 Initial load duke parents: diff changeset	839	m1.write(output);
90ce3da70b43 Initial load duke parents: diff changeset	840	}
90ce3da70b43 Initial load duke parents: diff changeset	841	}
90ce3da70b43 Initial load duke parents: diff changeset	842
90ce3da70b43 Initial load duke parents: diff changeset	843	/*
90ce3da70b43 Initial load duke parents: diff changeset	844	* SECOND ... send the client key exchange message. The
90ce3da70b43 Initial load duke parents: diff changeset	845	* procedure used is a function of the cipher suite selected;
90ce3da70b43 Initial load duke parents: diff changeset	846	* one is always needed.
90ce3da70b43 Initial load duke parents: diff changeset	847	*/
90ce3da70b43 Initial load duke parents: diff changeset	848	HandshakeMessage m2;
90ce3da70b43 Initial load duke parents: diff changeset	849
90ce3da70b43 Initial load duke parents: diff changeset	850	switch (keyExchange) {
90ce3da70b43 Initial load duke parents: diff changeset	851
90ce3da70b43 Initial load duke parents: diff changeset	852	case K_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	853	case K_RSA_EXPORT:
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	854	if (serverKey == null) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	855	throw new SSLProtocolException
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	856	("Server did not send certificate message");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	857	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	858
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	859	if (!(serverKey instanceof RSAPublicKey)) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	860	throw new SSLProtocolException
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	861	("Server certificate does not include an RSA key");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	862	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	863
2 90ce3da70b43 Initial load duke parents: diff changeset	864	/*
90ce3da70b43 Initial load duke parents: diff changeset	865	* For RSA key exchange, we randomly generate a new
90ce3da70b43 Initial load duke parents: diff changeset	866	* pre-master secret and encrypt it with the server's
90ce3da70b43 Initial load duke parents: diff changeset	867	* public key. Then we save that pre-master secret
90ce3da70b43 Initial load duke parents: diff changeset	868	* so that we can calculate the keying data later;
90ce3da70b43 Initial load duke parents: diff changeset	869	* it's a performance speedup not to do that until
90ce3da70b43 Initial load duke parents: diff changeset	870	* the client's waiting for the server response, but
90ce3da70b43 Initial load duke parents: diff changeset	871	* more of a speedup for the D-H case.
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	872	*
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	873	* If the RSA_EXPORT scheme is active, when the public
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	874	* key in the server certificate is less than or equal
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	875	* to 512 bits in length, use the cert's public key,
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	876	* otherwise, the ephemeral one.
2 90ce3da70b43 Initial load duke parents: diff changeset	877	*/
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	878	PublicKey key;
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	879	if (keyExchange == K_RSA) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	880	key = serverKey;
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	881	} else { // K_RSA_EXPORT
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	882	if (JsseJce.getRSAKeyLength(serverKey) <= 512) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	883	// extraneous ephemeralServerKey check done
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	884	// above in processMessage()
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	885	key = serverKey;
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	886	} else {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	887	if (ephemeralServerKey == null) {
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	888	throw new SSLProtocolException("Server did not send" +
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	889	" a RSA_EXPORT Server Key Exchange message");
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	890	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	891	key = ephemeralServerKey;
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	892	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	893	}
80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	894
2 90ce3da70b43 Initial load duke parents: diff changeset	895	m2 = new RSAClientKeyExchange(protocolVersion, maxProtocolVersion,
90ce3da70b43 Initial load duke parents: diff changeset	896	sslContext.getSecureRandom(), key);
90ce3da70b43 Initial load duke parents: diff changeset	897	break;
90ce3da70b43 Initial load duke parents: diff changeset	898	case K_DH_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	899	case K_DH_DSS:
90ce3da70b43 Initial load duke parents: diff changeset	900	/*
90ce3da70b43 Initial load duke parents: diff changeset	901	* For DH Key exchange, we only need to make sure the server
90ce3da70b43 Initial load duke parents: diff changeset	902	* knows our public key, so we calculate the same pre-master
90ce3da70b43 Initial load duke parents: diff changeset	903	* secret.
90ce3da70b43 Initial load duke parents: diff changeset	904	*
90ce3da70b43 Initial load duke parents: diff changeset	905	* For certs that had DH keys in them, we send an empty
90ce3da70b43 Initial load duke parents: diff changeset	906	* handshake message (no key) ... we flag this case by
90ce3da70b43 Initial load duke parents: diff changeset	907	* passing a null "dhPublic" value.
90ce3da70b43 Initial load duke parents: diff changeset	908	*
90ce3da70b43 Initial load duke parents: diff changeset	909	* Otherwise we send ephemeral DH keys, unsigned.
90ce3da70b43 Initial load duke parents: diff changeset	910	*/
90ce3da70b43 Initial load duke parents: diff changeset	911	// if (useDH_RSA \|\| useDH_DSS)
90ce3da70b43 Initial load duke parents: diff changeset	912	m2 = new DHClientKeyExchange();
90ce3da70b43 Initial load duke parents: diff changeset	913	break;
90ce3da70b43 Initial load duke parents: diff changeset	914	case K_DHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	915	case K_DHE_DSS:
90ce3da70b43 Initial load duke parents: diff changeset	916	case K_DH_ANON:
90ce3da70b43 Initial load duke parents: diff changeset	917	if (dh == null) {
90ce3da70b43 Initial load duke parents: diff changeset	918	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	919	("Server did not send a DH Server Key Exchange message");
90ce3da70b43 Initial load duke parents: diff changeset	920	}
90ce3da70b43 Initial load duke parents: diff changeset	921	m2 = new DHClientKeyExchange(dh.getPublicKey());
90ce3da70b43 Initial load duke parents: diff changeset	922	break;
90ce3da70b43 Initial load duke parents: diff changeset	923	case K_ECDHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	924	case K_ECDHE_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	925	case K_ECDH_ANON:
90ce3da70b43 Initial load duke parents: diff changeset	926	if (ecdh == null) {
90ce3da70b43 Initial load duke parents: diff changeset	927	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	928	("Server did not send a ECDH Server Key Exchange message");
90ce3da70b43 Initial load duke parents: diff changeset	929	}
90ce3da70b43 Initial load duke parents: diff changeset	930	m2 = new ECDHClientKeyExchange(ecdh.getPublicKey());
90ce3da70b43 Initial load duke parents: diff changeset	931	break;
90ce3da70b43 Initial load duke parents: diff changeset	932	case K_ECDH_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	933	case K_ECDH_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	934	if (serverKey == null) {
90ce3da70b43 Initial load duke parents: diff changeset	935	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	936	("Server did not send certificate message");
90ce3da70b43 Initial load duke parents: diff changeset	937	}
90ce3da70b43 Initial load duke parents: diff changeset	938	if (serverKey instanceof ECPublicKey == false) {
90ce3da70b43 Initial load duke parents: diff changeset	939	throw new SSLProtocolException
90ce3da70b43 Initial load duke parents: diff changeset	940	("Server certificate does not include an EC key");
90ce3da70b43 Initial load duke parents: diff changeset	941	}
90ce3da70b43 Initial load duke parents: diff changeset	942	ECParameterSpec params = ((ECPublicKey)serverKey).getParams();
90ce3da70b43 Initial load duke parents: diff changeset	943	ecdh = new ECDHCrypt(params, sslContext.getSecureRandom());
90ce3da70b43 Initial load duke parents: diff changeset	944	m2 = new ECDHClientKeyExchange(ecdh.getPublicKey());
90ce3da70b43 Initial load duke parents: diff changeset	945	break;
90ce3da70b43 Initial load duke parents: diff changeset	946	case K_KRB5:
90ce3da70b43 Initial load duke parents: diff changeset	947	case K_KRB5_EXPORT:
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	948	String sniHostname = null;
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	949	for (SNIServerName serverName : requestedServerNames) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	950	if (serverName instanceof SNIHostName) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	951	sniHostname = ((SNIHostName) serverName).getAsciiName();
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	952	break;
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	953	}
2 90ce3da70b43 Initial load duke parents: diff changeset	954	}
20499 4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	955
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	956	KerberosClientKeyExchange kerberosMsg = null;
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	957	if (sniHostname != null) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	958	// use first requested SNI hostname
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	959	try {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	960	kerberosMsg = new KerberosClientKeyExchange(
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	961	sniHostname, getAccSE(), protocolVersion,
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	962	sslContext.getSecureRandom());
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	963	} catch(IOException e) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	964	if (serverNamesAccepted) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	965	// server accepted requested SNI hostname,
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	966	// so it must be used
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	967	throw e;
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	968	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	969	// fallback to using hostname
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	970	if (debug != null && Debug.isOn("handshake")) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	971	System.out.println(
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	972	"Warning, cannot use Server Name Indication: "
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	973	+ e.getMessage());
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	974	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	975	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	976	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	977
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	978	if (kerberosMsg == null) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	979	String hostname = getHostSE();
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	980	if (hostname == null) {
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	981	throw new IOException("Hostname is required" +
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	982	" to use Kerberos cipher suites");
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	983	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	984	kerberosMsg = new KerberosClientKeyExchange(
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	985	hostname, getAccSE(), protocolVersion,
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	986	sslContext.getSecureRandom());
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	987	}
4aa3d51ec41b 8025123: SNI support in Kerberos cipher suites xuelei parents: 16100 diff changeset	988
2 90ce3da70b43 Initial load duke parents: diff changeset	989	// Record the principals involved in exchange
90ce3da70b43 Initial load duke parents: diff changeset	990	session.setPeerPrincipal(kerberosMsg.getPeerPrincipal());
90ce3da70b43 Initial load duke parents: diff changeset	991	session.setLocalPrincipal(kerberosMsg.getLocalPrincipal());
90ce3da70b43 Initial load duke parents: diff changeset	992	m2 = kerberosMsg;
90ce3da70b43 Initial load duke parents: diff changeset	993	break;
90ce3da70b43 Initial load duke parents: diff changeset	994	default:
90ce3da70b43 Initial load duke parents: diff changeset	995	// somethings very wrong
90ce3da70b43 Initial load duke parents: diff changeset	996	throw new RuntimeException
90ce3da70b43 Initial load duke parents: diff changeset	997	("Unsupported key exchange: " + keyExchange);
90ce3da70b43 Initial load duke parents: diff changeset	998	}
90ce3da70b43 Initial load duke parents: diff changeset	999	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	1000	m2.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	1001	}
90ce3da70b43 Initial load duke parents: diff changeset	1002	m2.write(output);
90ce3da70b43 Initial load duke parents: diff changeset	1003
90ce3da70b43 Initial load duke parents: diff changeset	1004
90ce3da70b43 Initial load duke parents: diff changeset	1005	/*
90ce3da70b43 Initial load duke parents: diff changeset	1006	* THIRD, send a "change_cipher_spec" record followed by the
90ce3da70b43 Initial load duke parents: diff changeset	1007	* "Finished" message. We flush the messages we've queued up, to
90ce3da70b43 Initial load duke parents: diff changeset	1008	* get concurrency between client and server. The concurrency is
90ce3da70b43 Initial load duke parents: diff changeset	1009	* useful as we calculate the master secret, which is needed both
90ce3da70b43 Initial load duke parents: diff changeset	1010	* to compute the "Finished" message, and to compute the keys used
90ce3da70b43 Initial load duke parents: diff changeset	1011	* to protect all records following the change_cipher_spec.
90ce3da70b43 Initial load duke parents: diff changeset	1012	*/
90ce3da70b43 Initial load duke parents: diff changeset	1013
90ce3da70b43 Initial load duke parents: diff changeset	1014	output.doHashes();
90ce3da70b43 Initial load duke parents: diff changeset	1015	output.flush();
90ce3da70b43 Initial load duke parents: diff changeset	1016
90ce3da70b43 Initial load duke parents: diff changeset	1017	/*
90ce3da70b43 Initial load duke parents: diff changeset	1018	* We deferred calculating the master secret and this connection's
90ce3da70b43 Initial load duke parents: diff changeset	1019	* keying data; we do it now. Deferring this calculation is good
90ce3da70b43 Initial load duke parents: diff changeset	1020	* from a performance point of view, since it lets us do it during
90ce3da70b43 Initial load duke parents: diff changeset	1021	* some time that network delays and the server's own calculations
90ce3da70b43 Initial load duke parents: diff changeset	1022	* would otherwise cause to be "dead" in the critical path.
90ce3da70b43 Initial load duke parents: diff changeset	1023	*/
90ce3da70b43 Initial load duke parents: diff changeset	1024	SecretKey preMasterSecret;
90ce3da70b43 Initial load duke parents: diff changeset	1025	switch (keyExchange) {
90ce3da70b43 Initial load duke parents: diff changeset	1026	case K_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1027	case K_RSA_EXPORT:
90ce3da70b43 Initial load duke parents: diff changeset	1028	preMasterSecret = ((RSAClientKeyExchange)m2).preMaster;
90ce3da70b43 Initial load duke parents: diff changeset	1029	break;
90ce3da70b43 Initial load duke parents: diff changeset	1030	case K_KRB5:
90ce3da70b43 Initial load duke parents: diff changeset	1031	case K_KRB5_EXPORT:
90ce3da70b43 Initial load duke parents: diff changeset	1032	byte[] secretBytes =
4236 02f52c723b79 6894643: Separate out dependency on Kerberos vinnie parents: 2942 diff changeset	1033	((KerberosClientKeyExchange)m2).getUnencryptedPreMasterSecret();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1034	preMasterSecret = new SecretKeySpec(secretBytes,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1035	"TlsPremasterSecret");
2 90ce3da70b43 Initial load duke parents: diff changeset	1036	break;
90ce3da70b43 Initial load duke parents: diff changeset	1037	case K_DHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1038	case K_DHE_DSS:
90ce3da70b43 Initial load duke parents: diff changeset	1039	case K_DH_ANON:
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 16071 diff changeset	1040	preMasterSecret = dh.getAgreedSecret(serverDH, true);
2 90ce3da70b43 Initial load duke parents: diff changeset	1041	break;
90ce3da70b43 Initial load duke parents: diff changeset	1042	case K_ECDHE_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1043	case K_ECDHE_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	1044	case K_ECDH_ANON:
90ce3da70b43 Initial load duke parents: diff changeset	1045	preMasterSecret = ecdh.getAgreedSecret(ephemeralServerKey);
90ce3da70b43 Initial load duke parents: diff changeset	1046	break;
90ce3da70b43 Initial load duke parents: diff changeset	1047	case K_ECDH_RSA:
90ce3da70b43 Initial load duke parents: diff changeset	1048	case K_ECDH_ECDSA:
90ce3da70b43 Initial load duke parents: diff changeset	1049	preMasterSecret = ecdh.getAgreedSecret(serverKey);
90ce3da70b43 Initial load duke parents: diff changeset	1050	break;
90ce3da70b43 Initial load duke parents: diff changeset	1051	default:
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1052	throw new IOException("Internal error: unknown key exchange "
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1053	+ keyExchange);
2 90ce3da70b43 Initial load duke parents: diff changeset	1054	}
90ce3da70b43 Initial load duke parents: diff changeset	1055
90ce3da70b43 Initial load duke parents: diff changeset	1056	calculateKeys(preMasterSecret, null);
90ce3da70b43 Initial load duke parents: diff changeset	1057
90ce3da70b43 Initial load duke parents: diff changeset	1058	/*
90ce3da70b43 Initial load duke parents: diff changeset	1059	* FOURTH, if we sent a Certificate, we need to send a signed
90ce3da70b43 Initial load duke parents: diff changeset	1060	* CertificateVerify (unless the key in the client's certificate
90ce3da70b43 Initial load duke parents: diff changeset	1061	* was a Diffie-Hellman key).).
90ce3da70b43 Initial load duke parents: diff changeset	1062	*
90ce3da70b43 Initial load duke parents: diff changeset	1063	* This uses a hash of the previous handshake messages ... either
90ce3da70b43 Initial load duke parents: diff changeset	1064	* a nonfinal one (if the particular implementation supports it)
90ce3da70b43 Initial load duke parents: diff changeset	1065	* or else using the third element in the arrays of hashes being
90ce3da70b43 Initial load duke parents: diff changeset	1066	* computed.
90ce3da70b43 Initial load duke parents: diff changeset	1067	*/
90ce3da70b43 Initial load duke parents: diff changeset	1068	if (signingKey != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1069	CertificateVerify m3;
90ce3da70b43 Initial load duke parents: diff changeset	1070	try {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1071	SignatureAndHashAlgorithm preferableSignatureAlgorithm = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1072	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1073	preferableSignatureAlgorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1074	SignatureAndHashAlgorithm.getPreferableAlgorithm(
11521 d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 8791 diff changeset	1075	peerSupportedSignAlgs, signingKey.getAlgorithm(),
d7698e6c5f51 7106773: 512 bits RSA key cannot work with SHA384 and SHA512 xuelei parents: 8791 diff changeset	1076	signingKey);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1077
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1078	if (preferableSignatureAlgorithm == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1079	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1080	"No supported signature algorithm");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1081	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1082
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1083	String hashAlg =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1084	SignatureAndHashAlgorithm.getHashAlgorithmName(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1085	preferableSignatureAlgorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1086	if (hashAlg == null \|\| hashAlg.length() == 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1087	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1088	"No supported hash algorithm");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1089	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1090	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1091
2 90ce3da70b43 Initial load duke parents: diff changeset	1092	m3 = new CertificateVerify(protocolVersion, handshakeHash,
90ce3da70b43 Initial load duke parents: diff changeset	1093	signingKey, session.getMasterSecret(),
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1094	sslContext.getSecureRandom(),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1095	preferableSignatureAlgorithm);
2 90ce3da70b43 Initial load duke parents: diff changeset	1096	} catch (GeneralSecurityException e) {
90ce3da70b43 Initial load duke parents: diff changeset	1097	fatalSE(Alerts.alert_handshake_failure,
90ce3da70b43 Initial load duke parents: diff changeset	1098	"Error signing certificate verify", e);
90ce3da70b43 Initial load duke parents: diff changeset	1099	// NOTREACHED, make compiler happy
90ce3da70b43 Initial load duke parents: diff changeset	1100	m3 = null;
90ce3da70b43 Initial load duke parents: diff changeset	1101	}
90ce3da70b43 Initial load duke parents: diff changeset	1102	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	1103	m3.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	1104	}
90ce3da70b43 Initial load duke parents: diff changeset	1105	m3.write(output);
90ce3da70b43 Initial load duke parents: diff changeset	1106	output.doHashes();
90ce3da70b43 Initial load duke parents: diff changeset	1107	}
90ce3da70b43 Initial load duke parents: diff changeset	1108
90ce3da70b43 Initial load duke parents: diff changeset	1109	/*
90ce3da70b43 Initial load duke parents: diff changeset	1110	* OK, that's that!
90ce3da70b43 Initial load duke parents: diff changeset	1111	*/
90ce3da70b43 Initial load duke parents: diff changeset	1112	sendChangeCipherAndFinish(false);
90ce3da70b43 Initial load duke parents: diff changeset	1113	}
90ce3da70b43 Initial load duke parents: diff changeset	1114
90ce3da70b43 Initial load duke parents: diff changeset	1115
90ce3da70b43 Initial load duke parents: diff changeset	1116	/*
90ce3da70b43 Initial load duke parents: diff changeset	1117	* "Finished" is the last handshake message sent. If we got this
90ce3da70b43 Initial load duke parents: diff changeset	1118	* far, the MAC has been validated post-decryption. We validate
90ce3da70b43 Initial load duke parents: diff changeset	1119	* the two hashes here as an additional sanity check, protecting
90ce3da70b43 Initial load duke parents: diff changeset	1120	* the handshake against various active attacks.
90ce3da70b43 Initial load duke parents: diff changeset	1121	*/
90ce3da70b43 Initial load duke parents: diff changeset	1122	private void serverFinished(Finished mesg) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1123	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	1124	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	1125	}
90ce3da70b43 Initial load duke parents: diff changeset	1126
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1127	boolean verified = mesg.verify(handshakeHash, Finished.SERVER,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1128	session.getMasterSecret());
2 90ce3da70b43 Initial load duke parents: diff changeset	1129
90ce3da70b43 Initial load duke parents: diff changeset	1130	if (!verified) {
90ce3da70b43 Initial load duke parents: diff changeset	1131	fatalSE(Alerts.alert_illegal_parameter,
90ce3da70b43 Initial load duke parents: diff changeset	1132	"server 'finished' message doesn't verify");
90ce3da70b43 Initial load duke parents: diff changeset	1133	// NOTREACHED
90ce3da70b43 Initial load duke parents: diff changeset	1134	}
90ce3da70b43 Initial load duke parents: diff changeset	1135
90ce3da70b43 Initial load duke parents: diff changeset	1136	/*
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1137	* save server verify data for secure renegotiation
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1138	*/
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1139	if (secureRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1140	serverVerifyData = mesg.getVerifyData();
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1141	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1142
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1143	/*
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1144	* Reset the handshake state if this is not an initial handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1145	*/
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1146	if (!isInitialHandshake) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1147	session.setAsSessionResumption(false);
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1148	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1149
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1150	/*
2 90ce3da70b43 Initial load duke parents: diff changeset	1151	* OK, it verified. If we're doing the fast handshake, add that
90ce3da70b43 Initial load duke parents: diff changeset	1152	* "Finished" message to the hash of handshake messages, then send
90ce3da70b43 Initial load duke parents: diff changeset	1153	* our own change_cipher_spec and Finished message for the server
90ce3da70b43 Initial load duke parents: diff changeset	1154	* to verify in turn. These are the last handshake messages.
90ce3da70b43 Initial load duke parents: diff changeset	1155	*
90ce3da70b43 Initial load duke parents: diff changeset	1156	* In any case, update the session cache. We're done handshaking,
90ce3da70b43 Initial load duke parents: diff changeset	1157	* so there are no threats any more associated with partially
90ce3da70b43 Initial load duke parents: diff changeset	1158	* completed handshakes.
90ce3da70b43 Initial load duke parents: diff changeset	1159	*/
90ce3da70b43 Initial load duke parents: diff changeset	1160	if (resumingSession) {
90ce3da70b43 Initial load duke parents: diff changeset	1161	input.digestNow();
90ce3da70b43 Initial load duke parents: diff changeset	1162	sendChangeCipherAndFinish(true);
90ce3da70b43 Initial load duke parents: diff changeset	1163	}
90ce3da70b43 Initial load duke parents: diff changeset	1164	session.setLastAccessedTime(System.currentTimeMillis());
90ce3da70b43 Initial load duke parents: diff changeset	1165
90ce3da70b43 Initial load duke parents: diff changeset	1166	if (!resumingSession) {
90ce3da70b43 Initial load duke parents: diff changeset	1167	if (session.isRejoinable()) {
90ce3da70b43 Initial load duke parents: diff changeset	1168	((SSLSessionContextImpl) sslContext
90ce3da70b43 Initial load duke parents: diff changeset	1169	.engineGetClientSessionContext())
90ce3da70b43 Initial load duke parents: diff changeset	1170	.put(session);
90ce3da70b43 Initial load duke parents: diff changeset	1171	if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	1172	System.out.println("%% Cached client session: " + session);
90ce3da70b43 Initial load duke parents: diff changeset	1173	}
90ce3da70b43 Initial load duke parents: diff changeset	1174	} else if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	1175	System.out.println(
90ce3da70b43 Initial load duke parents: diff changeset	1176	"%% Didn't cache non-resumable client session: "
90ce3da70b43 Initial load duke parents: diff changeset	1177	+ session);
90ce3da70b43 Initial load duke parents: diff changeset	1178	}
90ce3da70b43 Initial load duke parents: diff changeset	1179	}
90ce3da70b43 Initial load duke parents: diff changeset	1180	}
90ce3da70b43 Initial load duke parents: diff changeset	1181
90ce3da70b43 Initial load duke parents: diff changeset	1182
90ce3da70b43 Initial load duke parents: diff changeset	1183	/*
90ce3da70b43 Initial load duke parents: diff changeset	1184	* Send my change-cipher-spec and Finished message ... done as the
90ce3da70b43 Initial load duke parents: diff changeset	1185	* last handshake act in either the short or long sequences. In
90ce3da70b43 Initial load duke parents: diff changeset	1186	* the short one, we've already seen the server's Finished; in the
90ce3da70b43 Initial load duke parents: diff changeset	1187	* long one, we wait for it now.
90ce3da70b43 Initial load duke parents: diff changeset	1188	*/
90ce3da70b43 Initial load duke parents: diff changeset	1189	private void sendChangeCipherAndFinish(boolean finishedTag)
90ce3da70b43 Initial load duke parents: diff changeset	1190	throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1191	Finished mesg = new Finished(protocolVersion, handshakeHash,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1192	Finished.CLIENT, session.getMasterSecret(), cipherSuite);
2 90ce3da70b43 Initial load duke parents: diff changeset	1193
90ce3da70b43 Initial load duke parents: diff changeset	1194	/*
90ce3da70b43 Initial load duke parents: diff changeset	1195	* Send the change_cipher_spec message, then the Finished message
90ce3da70b43 Initial load duke parents: diff changeset	1196	* which we just calculated (and protected using the keys we just
90ce3da70b43 Initial load duke parents: diff changeset	1197	* calculated). Server responds with its Finished message, except
90ce3da70b43 Initial load duke parents: diff changeset	1198	* in the "fast handshake" (resume session) case.
90ce3da70b43 Initial load duke parents: diff changeset	1199	*/
90ce3da70b43 Initial load duke parents: diff changeset	1200	sendChangeCipherSpec(mesg, finishedTag);
90ce3da70b43 Initial load duke parents: diff changeset	1201
90ce3da70b43 Initial load duke parents: diff changeset	1202	/*
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1203	* save client verify data for secure renegotiation
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1204	*/
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1205	if (secureRenegotiation) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1206	clientVerifyData = mesg.getVerifyData();
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1207	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1208
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1209	/*
2 90ce3da70b43 Initial load duke parents: diff changeset	1210	* Update state machine so server MUST send 'finished' next.
90ce3da70b43 Initial load duke parents: diff changeset	1211	* (In "long" handshake case; in short case, we're responding
90ce3da70b43 Initial load duke parents: diff changeset	1212	* to its message.)
90ce3da70b43 Initial load duke parents: diff changeset	1213	*/
90ce3da70b43 Initial load duke parents: diff changeset	1214	state = HandshakeMessage.ht_finished - 1;
90ce3da70b43 Initial load duke parents: diff changeset	1215	}
90ce3da70b43 Initial load duke parents: diff changeset	1216
90ce3da70b43 Initial load duke parents: diff changeset	1217
90ce3da70b43 Initial load duke parents: diff changeset	1218	/*
90ce3da70b43 Initial load duke parents: diff changeset	1219	* Returns a ClientHello message to kickstart renegotiations
90ce3da70b43 Initial load duke parents: diff changeset	1220	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1221	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1222	HandshakeMessage getKickstartMessage() throws SSLException {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1223	// session ID of the ClientHello message
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1224	SessionId sessionId = SSLSessionImpl.nullSession.getSessionId();
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1225
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1226	// a list of cipher suites sent by the client
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1227	CipherSuiteList cipherSuites = getActiveCipherSuites();
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1228
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1229	// set the max protocol version this client is supporting.
2 90ce3da70b43 Initial load duke parents: diff changeset	1230	maxProtocolVersion = protocolVersion;
90ce3da70b43 Initial load duke parents: diff changeset	1231
90ce3da70b43 Initial load duke parents: diff changeset	1232	//
90ce3da70b43 Initial load duke parents: diff changeset	1233	// Try to resume an existing session. This might be mandatory,
90ce3da70b43 Initial load duke parents: diff changeset	1234	// given certain API options.
90ce3da70b43 Initial load duke parents: diff changeset	1235	//
90ce3da70b43 Initial load duke parents: diff changeset	1236	session = ((SSLSessionContextImpl)sslContext
90ce3da70b43 Initial load duke parents: diff changeset	1237	.engineGetClientSessionContext())
90ce3da70b43 Initial load duke parents: diff changeset	1238	.get(getHostSE(), getPortSE());
90ce3da70b43 Initial load duke parents: diff changeset	1239	if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	1240	if (session != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1241	System.out.println("%% Client cached "
90ce3da70b43 Initial load duke parents: diff changeset	1242	+ session
90ce3da70b43 Initial load duke parents: diff changeset	1243	+ (session.isRejoinable() ? "" : " (not rejoinable)"));
90ce3da70b43 Initial load duke parents: diff changeset	1244	} else {
90ce3da70b43 Initial load duke parents: diff changeset	1245	System.out.println("%% No cached client session");
90ce3da70b43 Initial load duke parents: diff changeset	1246	}
90ce3da70b43 Initial load duke parents: diff changeset	1247	}
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1248	if (session != null) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1249	// If unsafe server certificate change is not allowed, reserve
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1250	// current server certificates if the previous handshake is a
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1251	// session-resumption abbreviated initial handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1252	if (!allowUnsafeServerCertChange && session.isSessionResumption()) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1253	try {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1254	// If existing, peer certificate chain cannot be null.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1255	reservedServerCerts =
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1256	(X509Certificate[])session.getPeerCertificates();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1257	} catch (SSLPeerUnverifiedException puve) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1258	// Maybe not certificate-based, ignore the exception.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1259	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1260	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1261
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1262	if (!session.isRejoinable()) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1263	session = null;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1264	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1265	}
90ce3da70b43 Initial load duke parents: diff changeset	1266
90ce3da70b43 Initial load duke parents: diff changeset	1267	if (session != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1268	CipherSuite sessionSuite = session.getSuite();
90ce3da70b43 Initial load duke parents: diff changeset	1269	ProtocolVersion sessionVersion = session.getProtocolVersion();
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1270	if (isNegotiable(sessionSuite) == false) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1271	if (debug != null && Debug.isOn("session")) {
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1272	System.out.println("%% can't resume, unavailable cipher");
2 90ce3da70b43 Initial load duke parents: diff changeset	1273	}
90ce3da70b43 Initial load duke parents: diff changeset	1274	session = null;
90ce3da70b43 Initial load duke parents: diff changeset	1275	}
90ce3da70b43 Initial load duke parents: diff changeset	1276
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1277	if ((session != null) && !isNegotiable(sessionVersion)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1278	if (debug != null && Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	1279	System.out.println("%% can't resume, protocol disabled");
90ce3da70b43 Initial load duke parents: diff changeset	1280	}
90ce3da70b43 Initial load duke parents: diff changeset	1281	session = null;
90ce3da70b43 Initial load duke parents: diff changeset	1282	}
90ce3da70b43 Initial load duke parents: diff changeset	1283
90ce3da70b43 Initial load duke parents: diff changeset	1284	if (session != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1285	if (debug != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1286	if (Debug.isOn("handshake") \|\| Debug.isOn("session")) {
90ce3da70b43 Initial load duke parents: diff changeset	1287	System.out.println("%% Try resuming " + session
90ce3da70b43 Initial load duke parents: diff changeset	1288	+ " from port " + getLocalPortSE());
90ce3da70b43 Initial load duke parents: diff changeset	1289	}
90ce3da70b43 Initial load duke parents: diff changeset	1290	}
90ce3da70b43 Initial load duke parents: diff changeset	1291
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1292	sessionId = session.getSessionId();
2 90ce3da70b43 Initial load duke parents: diff changeset	1293	maxProtocolVersion = sessionVersion;
90ce3da70b43 Initial load duke parents: diff changeset	1294
90ce3da70b43 Initial load duke parents: diff changeset	1295	// Update SSL version number in underlying SSL socket and
90ce3da70b43 Initial load duke parents: diff changeset	1296	// handshake output stream, so that the output records (at the
90ce3da70b43 Initial load duke parents: diff changeset	1297	// record layer) have the correct version
90ce3da70b43 Initial load duke parents: diff changeset	1298	setVersion(sessionVersion);
90ce3da70b43 Initial load duke parents: diff changeset	1299	}
90ce3da70b43 Initial load duke parents: diff changeset	1300
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1301	/*
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1302	* Force use of the previous session ciphersuite, and
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1303	* add the SCSV if enabled.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1304	*/
2 90ce3da70b43 Initial load duke parents: diff changeset	1305	if (!enableNewSession) {
90ce3da70b43 Initial load duke parents: diff changeset	1306	if (session == null) {
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1307	throw new SSLHandshakeException(
2 90ce3da70b43 Initial load duke parents: diff changeset	1308	"Can't reuse existing SSL client session");
90ce3da70b43 Initial load duke parents: diff changeset	1309	}
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1310
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7804 diff changeset	1311	Collection<CipherSuite> cipherList = new ArrayList<>(2);
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1312	cipherList.add(sessionSuite);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1313	if (!secureRenegotiation &&
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1314	cipherSuites.contains(CipherSuite.C_SCSV)) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1315	cipherList.add(CipherSuite.C_SCSV);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1316	} // otherwise, renegotiation_info extension will be used
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1317
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1318	cipherSuites = new CipherSuiteList(cipherList);
2 90ce3da70b43 Initial load duke parents: diff changeset	1319	}
90ce3da70b43 Initial load duke parents: diff changeset	1320	}
90ce3da70b43 Initial load duke parents: diff changeset	1321
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1322	if (session == null && !enableNewSession) {
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1323	throw new SSLHandshakeException("No existing session to resume");
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1324	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1325
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1326	// exclude SCSV for secure renegotiation
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1327	if (secureRenegotiation && cipherSuites.contains(CipherSuite.C_SCSV)) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1328	Collection<CipherSuite> cipherList =
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7804 diff changeset	1329	new ArrayList<>(cipherSuites.size() - 1);
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1330	for (CipherSuite suite : cipherSuites.collection()) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1331	if (suite != CipherSuite.C_SCSV) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1332	cipherList.add(suite);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1333	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1334	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1335
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1336	cipherSuites = new CipherSuiteList(cipherList);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1337	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1338
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1339	// make sure there is a negotiable cipher suite.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1340	boolean negotiable = false;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1341	for (CipherSuite suite : cipherSuites.collection()) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1342	if (isNegotiable(suite)) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1343	negotiable = true;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1344	break;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1345	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1346	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1347
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1348	if (!negotiable) {
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1349	throw new SSLHandshakeException("No negotiable cipher suite");
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1350	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1351
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1352	// Not a TLS1.2+ handshake
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1353	// For SSLv2Hello, HandshakeHash.reset() will be called, so we
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1354	// cannot call HandshakeHash.protocolDetermined() here. As it does
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1355	// not follow the spec that HandshakeHash.reset() can be only be
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1356	// called before protocolDetermined.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1357	// if (maxProtocolVersion.v < ProtocolVersion.TLS12.v) {
7804 c59149ba3780 6996367: improve HandshakeHash weijun parents: 7043 diff changeset	1358	// handshakeHash.protocolDetermined(maxProtocolVersion);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1359	// }
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1360
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1361	// create the ClientHello message
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1362	ClientHello clientHelloMessage = new ClientHello(
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1363	sslContext.getSecureRandom(), maxProtocolVersion,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1364	sessionId, cipherSuites);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1365
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1366	// add signature_algorithm extension
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1367	if (maxProtocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1368	// we will always send the signature_algorithm extension
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1369	Collection<SignatureAndHashAlgorithm> localSignAlgs =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1370	getLocalSupportedSignAlgs();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1371	if (localSignAlgs.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1372	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1373	"No supported signature algorithm");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1374	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1375
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1376	clientHelloMessage.addSignatureAlgorithmsExtension(localSignAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1377	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1378
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1379	// add server_name extension
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1380	if (enableSNIExtension) {
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1381	if (session != null) {
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1382	requestedServerNames = session.getRequestedServerNames();
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1383	} else {
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1384	requestedServerNames = serverNames;
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1385	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1386
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1387	if (!requestedServerNames.isEmpty()) {
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 11521 diff changeset	1388	clientHelloMessage.addSNIExtension(requestedServerNames);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1389	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1390	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1391
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1392	// reset the client random cookie
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1393	clnt_random = clientHelloMessage.clnt_random;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1394
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1395	/*
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1396	* need to set the renegotiation_info extension for:
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1397	* 1: secure renegotiation
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1398	* 2: initial handshake and no SCSV in the ClientHello
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1399	* 3: insecure renegotiation and no SCSV in the ClientHello
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1400	*/
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1401	if (secureRenegotiation \|\|
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1402	!cipherSuites.contains(CipherSuite.C_SCSV)) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1403	clientHelloMessage.addRenegotiationInfoExtension(clientVerifyData);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1404	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1405
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	1406	return clientHelloMessage;
2 90ce3da70b43 Initial load duke parents: diff changeset	1407	}
90ce3da70b43 Initial load duke parents: diff changeset	1408
90ce3da70b43 Initial load duke parents: diff changeset	1409	/*
90ce3da70b43 Initial load duke parents: diff changeset	1410	* Fault detected during handshake.
90ce3da70b43 Initial load duke parents: diff changeset	1411	*/
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1412	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1413	void handshakeAlert(byte description) throws SSLProtocolException {
90ce3da70b43 Initial load duke parents: diff changeset	1414	String message = Alerts.alertDescription(description);
90ce3da70b43 Initial load duke parents: diff changeset	1415
90ce3da70b43 Initial load duke parents: diff changeset	1416	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	1417	System.out.println("SSL - handshake alert: " + message);
90ce3da70b43 Initial load duke parents: diff changeset	1418	}
90ce3da70b43 Initial load duke parents: diff changeset	1419	throw new SSLProtocolException("handshake alert: " + message);
90ce3da70b43 Initial load duke parents: diff changeset	1420	}
90ce3da70b43 Initial load duke parents: diff changeset	1421
90ce3da70b43 Initial load duke parents: diff changeset	1422	/*
90ce3da70b43 Initial load duke parents: diff changeset	1423	* Unless we are using an anonymous ciphersuite, the server always
90ce3da70b43 Initial load duke parents: diff changeset	1424	* sends a certificate message (for the CipherSuites we currently
90ce3da70b43 Initial load duke parents: diff changeset	1425	* support). The trust manager verifies the chain for us.
90ce3da70b43 Initial load duke parents: diff changeset	1426	*/
90ce3da70b43 Initial load duke parents: diff changeset	1427	private void serverCertificate(CertificateMsg mesg) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1428	if (debug != null && Debug.isOn("handshake")) {
90ce3da70b43 Initial load duke parents: diff changeset	1429	mesg.print(System.out);
90ce3da70b43 Initial load duke parents: diff changeset	1430	}
90ce3da70b43 Initial load duke parents: diff changeset	1431	X509Certificate[] peerCerts = mesg.getCertificateChain();
90ce3da70b43 Initial load duke parents: diff changeset	1432	if (peerCerts.length == 0) {
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1433	fatalSE(Alerts.alert_bad_certificate, "empty certificate chain");
2 90ce3da70b43 Initial load duke parents: diff changeset	1434	}
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1435
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1436	// Allow server certificate change in client side during renegotiation
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1437	// after a session-resumption abbreviated initial handshake?
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1438	//
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1439	// DO NOT need to check allowUnsafeServerCertChange here. We only
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1440	// reserve server certificates when allowUnsafeServerCertChange is
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1441	// flase.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1442	if (reservedServerCerts != null) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1443	// It is not necessary to check the certificate update if endpoint
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1444	// identification is enabled.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1445	String identityAlg = getEndpointIdentificationAlgorithmSE();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1446	if ((identityAlg == null \|\| identityAlg.length() == 0) &&
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1447	!isIdentityEquivalent(peerCerts[0], reservedServerCerts[0])) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1448
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1449	fatalSE(Alerts.alert_bad_certificate,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1450	"server certificate change is restricted " +
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1451	"during renegotiation");
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1452	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1453	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1454
2 90ce3da70b43 Initial load duke parents: diff changeset	1455	// ask the trust manager to verify the chain
90ce3da70b43 Initial load duke parents: diff changeset	1456	X509TrustManager tm = sslContext.getX509TrustManager();
90ce3da70b43 Initial load duke parents: diff changeset	1457	try {
90ce3da70b43 Initial load duke parents: diff changeset	1458	// find out the key exchange algorithm used
90ce3da70b43 Initial load duke parents: diff changeset	1459	// use "RSA" for non-ephemeral "RSA_EXPORT"
90ce3da70b43 Initial load duke parents: diff changeset	1460	String keyExchangeString;
90ce3da70b43 Initial load duke parents: diff changeset	1461	if (keyExchange == K_RSA_EXPORT && !serverKeyExchangeReceived) {
90ce3da70b43 Initial load duke parents: diff changeset	1462	keyExchangeString = K_RSA.name;
90ce3da70b43 Initial load duke parents: diff changeset	1463	} else {
90ce3da70b43 Initial load duke parents: diff changeset	1464	keyExchangeString = keyExchange.name;
90ce3da70b43 Initial load duke parents: diff changeset	1465	}
90ce3da70b43 Initial load duke parents: diff changeset	1466
90ce3da70b43 Initial load duke parents: diff changeset	1467	if (tm instanceof X509ExtendedTrustManager) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1468	if (conn != null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1469	((X509ExtendedTrustManager)tm).checkServerTrusted(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1470	peerCerts.clone(),
2 90ce3da70b43 Initial load duke parents: diff changeset	1471	keyExchangeString,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1472	conn);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1473	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1474	((X509ExtendedTrustManager)tm).checkServerTrusted(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1475	peerCerts.clone(),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1476	keyExchangeString,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1477	engine);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1478	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1479	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1480	// Unlikely to happen, because we have wrapped the old
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1481	// X509TrustManager with the new X509ExtendedTrustManager.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1482	throw new CertificateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1483	"Improper X509TrustManager implementation");
2 90ce3da70b43 Initial load duke parents: diff changeset	1484	}
90ce3da70b43 Initial load duke parents: diff changeset	1485	} catch (CertificateException e) {
90ce3da70b43 Initial load duke parents: diff changeset	1486	// This will throw an exception, so include the original error.
90ce3da70b43 Initial load duke parents: diff changeset	1487	fatalSE(Alerts.alert_certificate_unknown, e);
90ce3da70b43 Initial load duke parents: diff changeset	1488	}
90ce3da70b43 Initial load duke parents: diff changeset	1489	session.setPeerCertificates(peerCerts);
90ce3da70b43 Initial load duke parents: diff changeset	1490	}
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1491
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1492	/*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1493	* Whether the certificates can represent the same identity?
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1494	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1495	* The certificates can be used to represent the same identity:
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1496	* 1. If the subject alternative names of IP address are present in
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1497	* both certificates, they should be identical; otherwise,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1498	* 2. if the subject alternative names of DNS name are present in
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1499	* both certificates, they should be identical; otherwise,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1500	* 3. if the subject fields are present in both certificates, the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1501	* certificate subjects and issuers should be identical.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1502	*/
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1503	private static boolean isIdentityEquivalent(X509Certificate thisCert,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1504	X509Certificate prevCert) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1505	if (thisCert.equals(prevCert)) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1506	return true;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1507	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1508
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1509	// check subject alternative names
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1510	Collection<List<?>> thisSubjectAltNames = null;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1511	try {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1512	thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1513	} catch (CertificateParsingException cpe) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1514	if (debug != null && Debug.isOn("handshake")) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1515	System.out.println(
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1516	"Attempt to obtain subjectAltNames extension failed!");
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1517	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1518	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1519
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1520	Collection<List<?>> prevSubjectAltNames = null;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1521	try {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1522	prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1523	} catch (CertificateParsingException cpe) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1524	if (debug != null && Debug.isOn("handshake")) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1525	System.out.println(
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1526	"Attempt to obtain subjectAltNames extension failed!");
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1527	}
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1528	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1529
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1530	if ((thisSubjectAltNames != null) && (prevSubjectAltNames != null)) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1531	// check the iPAddress field in subjectAltName extension
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1532	Collection<String> thisSubAltIPAddrs =
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1533	getSubjectAltNames(thisSubjectAltNames, ALTNAME_IP);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1534	Collection<String> prevSubAltIPAddrs =
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1535	getSubjectAltNames(prevSubjectAltNames, ALTNAME_IP);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1536	if ((thisSubAltIPAddrs != null) && (prevSubAltIPAddrs != null) &&
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1537	(isEquivalent(thisSubAltIPAddrs, prevSubAltIPAddrs))) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1538
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1539	return true;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1540	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1541
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1542	// check the dNSName field in subjectAltName extension
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1543	Collection<String> thisSubAltDnsNames =
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1544	getSubjectAltNames(thisSubjectAltNames, ALTNAME_DNS);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1545	Collection<String> prevSubAltDnsNames =
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1546	getSubjectAltNames(prevSubjectAltNames, ALTNAME_DNS);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1547	if ((thisSubAltDnsNames != null) && (prevSubAltDnsNames != null) &&
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1548	(isEquivalent(thisSubAltDnsNames, prevSubAltDnsNames))) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1549
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1550	return true;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1551	}
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1552	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1553
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1554	// check the certificate subject and issuer
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1555	X500Principal thisSubject = thisCert.getSubjectX500Principal();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1556	X500Principal prevSubject = prevCert.getSubjectX500Principal();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1557	X500Principal thisIssuer = thisCert.getIssuerX500Principal();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1558	X500Principal prevIssuer = prevCert.getIssuerX500Principal();
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1559	if (!thisSubject.getName().isEmpty() &&
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1560	!prevSubject.getName().isEmpty() &&
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1561	thisSubject.equals(prevSubject) &&
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1562	thisIssuer.equals(prevIssuer)) {
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1563	return true;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1564	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1565
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1566	return false;
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1567	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1568
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1569	/*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1570	* Returns the subject alternative name of the specified type in the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1571	* subjectAltNames extension of a certificate.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1572	*/
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1573	private static Collection<String> getSubjectAltNames(
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1574	Collection<List<?>> subjectAltNames, int type) {
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1575
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1576	HashSet<String> subAltDnsNames = null;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1577	for (List<?> subjectAltName : subjectAltNames) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1578	int subjectAltNameType = (Integer)subjectAltName.get(0);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1579	if (subjectAltNameType == type) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1580	String subAltDnsName = (String)subjectAltName.get(1);
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1581	if ((subAltDnsName != null) && !subAltDnsName.isEmpty()) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1582	if (subAltDnsNames == null) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1583	subAltDnsNames =
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1584	new HashSet<>(subjectAltNames.size());
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1585	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1586	subAltDnsNames.add(subAltDnsName);
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1587	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1588	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1589	}
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1590
29266 5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1591	return subAltDnsNames;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1592	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1593
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1594	private static boolean isEquivalent(Collection<String> thisSubAltNames,
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1595	Collection<String> prevSubAltNames) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1596
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1597	for (String thisSubAltName : thisSubAltNames) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1598	for (String prevSubAltName : prevSubAltNames) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1599	// Only allow the exactly match. Check no wildcard character.
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1600	if (thisSubAltName.equalsIgnoreCase(prevSubAltName)) {
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1601	return true;
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1602	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1603	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1604	}
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1605
5705356edc61 8050371: More MessageDigest tests xuelei parents: 29264 diff changeset	1606	return false;
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	1607	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1608	}

author	xuelei
	Wed, 04 Mar 2015 08:10:23 +0000
changeset 29266	5705356edc61
parent 29264	5172066a2da6
child 29390	9927a5ff3ded
permissions	-rw-r--r--