jdk-sandbox: src/java.base/share/classes/sun/security/ssl/CertificateMessage.java@68fa3d4026ea (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.ByteArrayInputStream;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.PublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.security.cert.CertPathValidatorException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.security.cert.CertPathValidatorException.BasicReason;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.security.cert.CertPathValidatorException.Reason;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.security.cert.CertificateEncodingException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.security.cert.CertificateException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.security.cert.CertificateFactory;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import java.security.cert.CertificateParsingException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import java.security.cert.X509Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import java.util.ArrayList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import java.util.Collection;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import java.util.Collections;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	import java.util.HashSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	import java.util.LinkedList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	import javax.net.ssl.SSLEngine;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	import javax.net.ssl.SSLException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	import javax.net.ssl.SSLProtocolException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	import javax.net.ssl.SSLSocket;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	import javax.net.ssl.X509ExtendedTrustManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	import javax.net.ssl.X509TrustManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	import javax.security.auth.x500.X500Principal;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	import sun.security.ssl.ClientHello.ClientHelloMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	import sun.security.ssl.X509Authentication.X509Credentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	import sun.security.ssl.X509Authentication.X509Possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	* Pack of the CertificateMessage handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	final class CertificateMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	static final SSLConsumer t12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	new T12CertificateConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	static final HandshakeProducer t12HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	new T12CertificateProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	static final SSLConsumer t13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	new T13CertificateConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	static final HandshakeProducer t13HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	new T13CertificateProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	* The Certificate handshake message for TLS 1.2 and previous
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	* SSL/TLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	* In server mode, the certificate handshake message is sent whenever the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	* agreed-upon key exchange method uses certificates for authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	* In client mode, this message is only sent if the server requests a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	* certificate for client authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	* opaque ASN.1Cert<1..2^24-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	* SSL 3.0:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	* struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	* ASN.1Cert certificate_list<1..2^24-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	* } Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	* Note: For SSL 3.0 client authentication, if no suitable certificate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	* is available, the client should send a no_certificate alert instead.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	* This alert is only a warning; however, the server may respond with
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	* a fatal handshake failure alert if client authentication is required.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	* TLS 1.0/1.1/1.2:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	* struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	* ASN.1Cert certificate_list<0..2^24-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	* } Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	static final class T12CertificateMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	final List<byte[]> encodedCertChain;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	T12CertificateMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	X509Certificate[] certChain) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	List<byte[]> encodedCerts = new ArrayList<>(certChain.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	for (X509Certificate cert : certChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	encodedCerts.add(cert.getEncoded());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	} catch (CertificateEncodingException cee) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	handshakeContext.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	"Could not encode certificate (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	cert.getSubjectX500Principal() + ")", cee);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	this.encodedCertChain = encodedCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	T12CertificateMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	int listLen = Record.getInt24(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	if (listLen > m.remaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	"Error parsing certificate message:no sufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	if (listLen > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	List<byte[]> encodedCerts = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	while (listLen > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	byte[] encodedCert = Record.getBytes24(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	listLen -= (3 + encodedCert.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	encodedCerts.add(encodedCert);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	this.encodedCertChain = encodedCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	this.encodedCertChain = Collections.emptyList();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	return SSLHandshake.CERTIFICATE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	int msgLen = 3;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	for (byte[] encodedCert : encodedCertChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	msgLen += (encodedCert.length + 3);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	return msgLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	int listLen = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	for (byte[] encodedCert : encodedCertChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	listLen += (encodedCert.length + 3);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	hos.putInt24(listLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	for (byte[] encodedCert : encodedCertChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	hos.putBytes24(encodedCert);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	if (encodedCertChain.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	return "\"Certificates\": <empty list>";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	Object[] x509Certs = new Object[encodedCertChain.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	for (byte[] encodedCert : encodedCertChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	Object obj;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	obj = (X509Certificate)cf.generateCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	new ByteArrayInputStream(encodedCert));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	obj = encodedCert;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	x509Certs[i++] = obj;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	// no X.509 certificate factory service
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	for (byte[] encodedCert : encodedCertChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	x509Certs[i++] = encodedCert;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	"\"Certificates\": [\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	"]",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	SSLLogger.toString(x509Certs)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	* The "Certificate" handshake message producer for TLS 1.2 and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	* previous SSL/TLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	class T12CertificateProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	private T12CertificateProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	// The producing happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	return onProduceCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	(ClientHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	return onProduceCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	(ServerHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	private byte[] onProduceCertificate(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	SSLHandshake.HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	for (SSLPossession possession : shc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	if (x509Possession == null) { // unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	"No expected X.509 certificate for server authentication");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	return null; // make the compiler happy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	shc.handshakeSession.setLocalPrivateKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	shc.handshakeSession.setLocalCertificates(x509Possession.popCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	T12CertificateMessage cm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	new T12CertificateMessage(shc, x509Possession.popCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	"Produced server Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	cm.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	private byte[] onProduceCertificate(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	SSLHandshake.HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	for (SSLPossession possession : chc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	// Report to the server if no appropriate cert was found. For
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	// SSL 3.0, send a no_certificate alert; TLS 1.0/1.1/1.2 uses
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	// an empty cert chain instead.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	if (x509Possession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	if (chc.negotiatedProtocol.useTLS10PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	"No X.509 certificate for client authentication, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	"use empty Certificate message instead");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	x509Possession =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	new X509Possession(null, new X509Certificate[0]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	"No X.509 certificate for client authentication, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	"send a no_certificate alert");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	chc.conContext.warning(Alert.NO_CERTIFICATE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	chc.handshakeSession.setLocalPrivateKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	if (x509Possession.popCerts != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	x509Possession.popCerts.length != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	chc.handshakeSession.setLocalCertificates(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	x509Possession.popCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	chc.handshakeSession.setLocalCertificates(null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	T12CertificateMessage cm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	new T12CertificateMessage(chc, x509Possession.popCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	"Produced client Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	cm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	* The "Certificate" handshake message consumer for TLS 1.2 and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	* previous SSL/TLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	class T12CertificateConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	private T12CertificateConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	// The consuming happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	// clean up this consumer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	hc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	T12CertificateMessage cm = new T12CertificateMessage(hc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	"Consuming server Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	onCertificate((ClientHandshakeContext)context, cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	"Consuming client Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	onCertificate((ServerHandshakeContext)context, cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	private void onCertificate(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	T12CertificateMessage certificateMessage )throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	List<byte[]> encodedCerts = certificateMessage.encodedCertChain;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	if (encodedCerts == null \|\| encodedCerts.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	if (shc.sslConfig.clientAuthType !=
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	ClientAuthType.CLIENT_AUTH_REQUESTED) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	// unexpected or require client authentication
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	shc.conContext.fatal(Alert.BAD_CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	"Empty server certificate chain");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	X509Certificate[] x509Certs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	new X509Certificate[encodedCerts.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	for (byte[] encodedCert : encodedCerts) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	x509Certs[i++] = (X509Certificate)cf.generateCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	new ByteArrayInputStream(encodedCert));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	shc.conContext.fatal(Alert.BAD_CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	"Failed to parse server certificates", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	checkClientCerts(shc, x509Certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	shc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	new X509Credentials(x509Certs[0].getPublicKey(), x509Certs));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	shc.handshakeSession.setPeerCertificates(x509Certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	private void onCertificate(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	T12CertificateMessage certificateMessage) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	List<byte[]> encodedCerts = certificateMessage.encodedCertChain;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	if (encodedCerts == null \|\| encodedCerts.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	chc.conContext.fatal(Alert.BAD_CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	"Empty server certificate chain");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	X509Certificate[] x509Certs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	new X509Certificate[encodedCerts.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	for (byte[] encodedCert : encodedCerts) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	x509Certs[i++] = (X509Certificate)cf.generateCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	new ByteArrayInputStream(encodedCert));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	chc.conContext.fatal(Alert.BAD_CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	"Failed to parse server certificates", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	// Allow server certificate change in client side during
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432	// renegotiation after a session-resumption abbreviated
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	// initial handshake?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	// DO NOT need to check allowUnsafeServerCertChange here. We only
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	// reserve server certificates when allowUnsafeServerCertChange is
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	// false.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	if (chc.reservedServerCerts != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	!chc.handshakeSession.useExtendedMasterSecret) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	// It is not necessary to check the certificate update if
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	// endpoint identification is enabled.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	String identityAlg = chc.sslConfig.identificationProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	if ((identityAlg == null \|\| identityAlg.length() == 0) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	!isIdentityEquivalent(x509Certs[0],
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	chc.reservedServerCerts[0])) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	chc.conContext.fatal(Alert.BAD_CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	"server certificate change is restricted " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	"during renegotiation");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	// ask the trust manager to verify the chain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	if (chc.staplingActive) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	// Defer the certificate check until after we've received the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	// CertificateStatus message. If that message doesn't come in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	// immediately following this message we will execute the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	// check from CertificateStatus' absent handler.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	chc.deferredCerts = x509Certs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	// We're not doing stapling, so perform the check right now
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461	checkServerCerts(chc, x509Certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	chc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	new X509Credentials(x509Certs[0].getPublicKey(), x509Certs));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	chc.handshakeSession.setPeerCertificates(x509Certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	* Whether the certificates can represent the same identity?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	* The certificates can be used to represent the same identity:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	* 1. If the subject alternative names of IP address are present
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477	* in both certificates, they should be identical; otherwise,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	* 2. if the subject alternative names of DNS name are present in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	* both certificates, they should be identical; otherwise,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	* 3. if the subject fields are present in both certificates, the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	* certificate subjects and issuers should be identical.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	private static boolean isIdentityEquivalent(X509Certificate thisCert,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	X509Certificate prevCert) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	if (thisCert.equals(prevCert)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489	// check subject alternative names
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	Collection<List<?>> thisSubjectAltNames = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493	} catch (CertificateParsingException cpe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	"Attempt to obtain subjectAltNames extension failed!");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	Collection<List<?>> prevSubjectAltNames = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	} catch (CertificateParsingException cpe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	"Attempt to obtain subjectAltNames extension failed!");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	if (thisSubjectAltNames != null && prevSubjectAltNames != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	// check the iPAddress field in subjectAltName extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513	// 7: subject alternative name of type IP.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	Collection<String> thisSubAltIPAddrs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	getSubjectAltNames(thisSubjectAltNames, 7);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516	Collection<String> prevSubAltIPAddrs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517	getSubjectAltNames(prevSubjectAltNames, 7);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	if (thisSubAltIPAddrs != null && prevSubAltIPAddrs != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	isEquivalent(thisSubAltIPAddrs, prevSubAltIPAddrs)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	// check the dNSName field in subjectAltName extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	// 2: subject alternative name of type IP.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	Collection<String> thisSubAltDnsNames =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	getSubjectAltNames(thisSubjectAltNames, 2);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	Collection<String> prevSubAltDnsNames =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	getSubjectAltNames(prevSubjectAltNames, 2);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	if (thisSubAltDnsNames != null && prevSubAltDnsNames != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	isEquivalent(thisSubAltDnsNames, prevSubAltDnsNames)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	// check the certificate subject and issuer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	X500Principal thisSubject = thisCert.getSubjectX500Principal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	X500Principal prevSubject = prevCert.getSubjectX500Principal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	X500Principal thisIssuer = thisCert.getIssuerX500Principal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	X500Principal prevIssuer = prevCert.getIssuerX500Principal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	return (!thisSubject.getName().isEmpty() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	!prevSubject.getName().isEmpty() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	thisSubject.equals(prevSubject) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	thisIssuer.equals(prevIssuer));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	* Returns the subject alternative name of the specified type in the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	* subjectAltNames extension of a certificate.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	* Note that only those subjectAltName types that use String data
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	* should be passed into this function.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	private static Collection<String> getSubjectAltNames(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	Collection<List<?>> subjectAltNames, int type) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556	HashSet<String> subAltDnsNames = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	for (List<?> subjectAltName : subjectAltNames) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	int subjectAltNameType = (Integer)subjectAltName.get(0);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	if (subjectAltNameType == type) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	String subAltDnsName = (String)subjectAltName.get(1);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	if ((subAltDnsName != null) && !subAltDnsName.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	if (subAltDnsNames == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563	subAltDnsNames =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	new HashSet<>(subjectAltNames.size());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	subAltDnsNames.add(subAltDnsName);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	return subAltDnsNames;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574	private static boolean isEquivalent(Collection<String> thisSubAltNames,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575	Collection<String> prevSubAltNames) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576	for (String thisSubAltName : thisSubAltNames) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	for (String prevSubAltName : prevSubAltNames) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	// Only allow the exactly match. No wildcard character
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	// checking.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	if (thisSubAltName.equalsIgnoreCase(prevSubAltName)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	588
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590	* Perform client-side checking of server certificates.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592	* @param certs an array of {@code X509Certificate} objects presented
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	* by the server in the ServerCertificate message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595	* @throws IOException if a failure occurs during validation or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	* the trust manager associated with the {@code SSLContext} is not
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	* an {@code X509ExtendedTrustManager}.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599	static void checkServerCerts(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	X509Certificate[] certs) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602	X509TrustManager tm = chc.sslContext.getX509TrustManager();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604	// find out the key exchange algorithm used
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605	// use "RSA" for non-ephemeral "RSA_EXPORT"
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606	String keyExchangeString;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	if (chc.negotiatedCipherSuite.keyExchange ==
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	CipherSuite.KeyExchange.K_RSA_EXPORT \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609	chc.negotiatedCipherSuite.keyExchange ==
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	CipherSuite.KeyExchange.K_DHE_RSA_EXPORT) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611	keyExchangeString = CipherSuite.KeyExchange.K_RSA.name;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	keyExchangeString = chc.negotiatedCipherSuite.keyExchange.name;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	if (tm instanceof X509ExtendedTrustManager) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	if (chc.conContext.transport instanceof SSLEngine) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619	SSLEngine engine = (SSLEngine)chc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	((X509ExtendedTrustManager)tm).checkServerTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	keyExchangeString,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623	engine);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	SSLSocket socket = (SSLSocket)chc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	((X509ExtendedTrustManager)tm).checkServerTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	keyExchangeString,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	socket);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	// Unlikely to happen, because we have wrapped the old
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	// X509TrustManager with the new X509ExtendedTrustManager.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	throw new CertificateException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	"Improper X509TrustManager implementation");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	// Once the server certificate chain has been validated, set
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639	// the certificate chain in the TLS session.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	chc.handshakeSession.setPeerCertificates(certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	chc.conContext.fatal(getCertificateAlert(chc, ce), ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	private static void checkClientCerts(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	X509Certificate[] certs) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	X509TrustManager tm = shc.sslContext.getX509TrustManager();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650	// find out the types of client authentication used
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	PublicKey key = certs[0].getPublicKey();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	String keyAlgorithm = key.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653	String authType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	switch (keyAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	case "RSA":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	case "DSA":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	case "EC":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658	case "RSASSA-PSS":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	authType = keyAlgorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	// unknown public key type
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	authType = "UNKNOWN";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	if (tm instanceof X509ExtendedTrustManager) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	if (shc.conContext.transport instanceof SSLEngine) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	SSLEngine engine = (SSLEngine)shc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	((X509ExtendedTrustManager)tm).checkClientTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	engine);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675	SSLSocket socket = (SSLSocket)shc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676	((X509ExtendedTrustManager)tm).checkClientTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	679	socket);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	680	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	681	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	682	// Unlikely to happen, because we have wrapped the old
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	683	// X509TrustManager with the new X509ExtendedTrustManager.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	684	throw new CertificateException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	"Improper X509TrustManager implementation");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	687	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	shc.conContext.fatal(Alert.CERTIFICATE_UNKNOWN, ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	690	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	691
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	692	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	693	* When a failure happens during certificate checking from an
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	694	* {@link X509TrustManager}, determine what TLS alert description
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	695	* to use.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	696	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	697	* @param cexc The exception thrown by the {@link X509TrustManager}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	698	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699	* @return A byte value corresponding to a TLS alert description number.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701	private static Alert getCertificateAlert(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702	ClientHandshakeContext chc, CertificateException cexc) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	// The specific reason for the failure will determine how to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704	// set the alert description value
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705	Alert alert = Alert.CERTIFICATE_UNKNOWN;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	706
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	707	Throwable baseCause = cexc.getCause();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	708	if (baseCause instanceof CertPathValidatorException) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	709	CertPathValidatorException cpve =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	710	(CertPathValidatorException)baseCause;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	Reason reason = cpve.getReason();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	if (reason == BasicReason.REVOKED) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	alert = chc.staplingActive ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714	Alert.BAD_CERT_STATUS_RESPONSE :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715	Alert.CERTIFICATE_REVOKED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	716	} else if (
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	717	reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	718	alert = chc.staplingActive ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	719	Alert.BAD_CERT_STATUS_RESPONSE :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	720	Alert.CERTIFICATE_UNKNOWN;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	721	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	722	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	723
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	724	return alert;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	725	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	726
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	730	* The certificate entry used in Certificate handshake message for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	732	static final class CertificateEntry {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	final byte[] encoded; // encoded cert or public key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734	private final SSLExtensions extensions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736	CertificateEntry(byte[] encoded, SSLExtensions extensions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737	this.encoded = encoded;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738	this.extensions = extensions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	739	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	740
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	741	private int getEncodedSize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742	int extLen = extensions.length();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	if (extLen == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744	extLen = 2; // empty extensions
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	746	return 3 + encoded.length + extLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	747	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	749	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	750	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	"\n'{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753	"{0}\n" + // X.509 certificate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754	" \"extensions\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	755	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	756	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	"'}',", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759	Object x509Certs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	// Don't support certificate type extension (RawPublicKey) yet.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763	x509Certs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764	cf.generateCertificate(new ByteArrayInputStream(encoded));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	765	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766	// no X.509 certificate factory service
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767	x509Certs = encoded;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	768	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	769
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771	SSLLogger.toString(x509Certs),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	Utilities.indent(extensions.toString(), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	777	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780	* The Certificate handshake message for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	static final class T13CertificateMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	783	private final byte[] requestContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784	private final List<CertificateEntry> certEntries;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	785
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786	T13CertificateMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	787	byte[] requestContext, X509Certificate[] certificates)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	788	throws SSLException, CertificateException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	789	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791	this.requestContext = requestContext.clone();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792	this.certEntries = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793	for (X509Certificate cert : certificates) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794	byte[] encoded = cert.getEncoded();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	795	SSLExtensions extensions = new SSLExtensions(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796	certEntries.add(new CertificateEntry(encoded, extensions));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800	T13CertificateMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801	byte[] requestContext, List<CertificateEntry> certificates) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	803
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804	this.requestContext = requestContext.clone();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	805	this.certEntries = certificates;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	806	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	807
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808	T13CertificateMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	809	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	810	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813	// opaque certificate_request_context<0..2^8-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	814	// CertificateEntry certificate_list<0..2^24-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	815	// } Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	if (m.remaining() < 4) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	"Invalid Certificate message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819	"insufficient data (length=" + m.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821	this.requestContext = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	823	if (m.remaining() < 3) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	824	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	825	"Invalid Certificate message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	826	"insufficient certificate entries data (length=" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	827	m.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	828	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	829
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	830	int listLen = Record.getInt24(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	831	if (listLen != m.remaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	"Invalid Certificate message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834	"incorrect list length (length=" + listLen + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837	SSLExtension[] enabledExtensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838	handshakeContext.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839	SSLHandshake.CERTIFICATE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	840	List<CertificateEntry> certList = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	841	while (m.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842	// Note: support only X509 CertificateType right now.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843	byte[] encodedCert = Record.getBytes24(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844	if (encodedCert.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	845	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	"Invalid Certificate message: empty cert_data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849	SSLExtensions extensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850	new SSLExtensions(this, m, enabledExtensions);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	851	certList.add(new CertificateEntry(encodedCert, extensions));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854	this.certEntries = Collections.unmodifiableList(certList);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859	return SSLHandshake.CERTIFICATE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864	int msgLen = 4 + requestContext.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	866	msgLen += entry.getEncodedSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	867	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	868
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	869	return msgLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	870	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	871
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	872	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	873	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	874	int entryListLen = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	875	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	876	entryListLen += entry.getEncodedSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	877	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	878
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	879	hos.putBytes8(requestContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	880	hos.putInt24(entryListLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	881	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	882	hos.putBytes24(entry.encoded);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	883	// Is it an empty extensions?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	884	if (entry.extensions.length() == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	885	hos.putInt16(0);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	886	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	887	entry.extensions.send(hos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	888	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	889	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	890	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	891
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	892	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	893	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	894	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	895	"\"Certificate\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	896	" \"certificate_request_context\": \"{0}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	897	" \"certificate_list\": [{1}\n]\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	898	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	899	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	900
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	901	StringBuilder builder = new StringBuilder(512);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	902	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	903	builder.append(entry.toString());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	904	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	905
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	906	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	907	Utilities.toHexString(requestContext),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	908	Utilities.indent(builder.toString())
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	909	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	910
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	911	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	912	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	913	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	914
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	915	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	916	* The "Certificate" handshake message producer for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	917	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	918	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	919	class T13CertificateProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	920	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	921	private T13CertificateProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	922	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	923	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	924
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	925	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	926	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	927	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	928	// The producing happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	929	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	930	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	931	return onProduceCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	932	(ClientHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	933	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	934	return onProduceCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	935	(ServerHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	936	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	937	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	938
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	939	private byte[] onProduceCertificate(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	940	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	941	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	942
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	943	SSLPossession pos = choosePossession(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	944	if (pos == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	945	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	946	"No available authentication scheme");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	947	return null; // make the complier happy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	948	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	949
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	950	if (!(pos instanceof X509Possession)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	951	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	952	"No X.509 certificate for server authentication");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	953	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	954
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	955	X509Possession x509Possession = (X509Possession)pos;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	956	X509Certificate[] localCerts = x509Possession.popCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	957	if (localCerts == null \|\| localCerts.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	958	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	959	"No X.509 certificate for server authentication");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	960	return null; // make the complier happy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	961	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	962
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	963	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	964	shc.handshakePossessions.add(x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	965	shc.handshakeSession.setLocalPrivateKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	966	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	967	shc.handshakeSession.setLocalCertificates(localCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	968	T13CertificateMessage cm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	969	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	970	cm = new T13CertificateMessage(shc, (new byte[0]), localCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	971	} catch (SSLException \| CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	972	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	973	"Failed to produce server Certificate message", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	974	return null; // make the complier happy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	975	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	976
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	977	// Check the OCSP stapling extensions and attempt
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	978	// to get responses. If the resulting stapleParams is non
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	979	// null, it implies that stapling is enabled on the server side.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	980	shc.stapleParams = StatusResponseManager.processStapling(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	981	shc.staplingActive = (shc.stapleParams != null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	982
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	983	// Process extensions for each CertificateEntry.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	984	// Since there can be multiple CertificateEntries within a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	985	// single CT message, we will pin a specific CertificateEntry
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	986	// into the ServerHandshakeContext so individual extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	987	// producers know which X509Certificate it is processing in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	988	// each call.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	989	SSLExtension[] enabledCTExts = shc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	990	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	991	Arrays.asList(ProtocolVersion.PROTOCOLS_OF_13));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	992	for (CertificateEntry certEnt : cm.certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	993	shc.currentCertEntry = certEnt;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	994	certEnt.extensions.produce(shc, enabledCTExts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	995	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	996
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	997	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	998	SSLLogger.fine("Produced server Certificate message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	999	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1000
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1001	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1002	cm.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1003	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1004
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1005	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1006	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1007	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1008
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1009	private static SSLPossession choosePossession(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1010	HandshakeContext hc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1011	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1012	if (hc.peerRequestedCertSignSchemes == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1013	hc.peerRequestedCertSignSchemes.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1014	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1015	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1016	"No signature_algorithms(_cert) in ClientHello");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1017	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1018	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1019	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1020
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1021	Collection<String> checkedKeyTypes = new HashSet<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1022	for (SignatureScheme ss : hc.peerRequestedCertSignSchemes) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1023	if (checkedKeyTypes.contains(ss.keyAlgorithm)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1024	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1025	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1026	"Unsupported authentication scheme: " + ss.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1027	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1028	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1029	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1030
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1031	// Don't select a signature scheme unless we will be able to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1032	// produce a CertificateVerify message later
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1033	if (SignatureScheme.getPreferableAlgorithm(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1034	hc.peerRequestedSignatureSchemes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1035	ss, hc.negotiatedProtocol) == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1036
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1037	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1038	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1039	"Unable to produce CertificateVerify for " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1040	"signature scheme: " + ss.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1041	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1042	checkedKeyTypes.add(ss.keyAlgorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1043	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1044	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1045
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1046	SSLAuthentication ka = X509Authentication.valueOf(ss);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1047	if (ka == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1048	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1049	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1050	"Unsupported authentication scheme: " + ss.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1051	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1052	checkedKeyTypes.add(ss.keyAlgorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1053	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1054	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1055
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1056	SSLPossession pos = ka.createPossession(hc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1057	if (pos == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1058	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1059	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1060	"Unavailable authentication scheme: " + ss.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1061	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1062	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1063	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1064
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1065	return pos;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1066	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1067
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1068	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1069	SSLLogger.warning("No available authentication scheme");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1070	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1071	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1072	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1073
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1074	private byte[] onProduceCertificate(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1075	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1076	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1077	SSLPossession pos = choosePossession(chc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1078	X509Certificate[] localCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1079	if (pos == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1080	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1081	SSLLogger.fine("No available client authentication scheme");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1082	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1083	localCerts = new X509Certificate[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1084	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1085	chc.handshakePossessions.add(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1086	if (!(pos instanceof X509Possession)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1087	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1088	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1089	"No X.509 certificate for client authentication");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1090	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1091	localCerts = new X509Certificate[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1092	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1093	X509Possession x509Possession = (X509Possession)pos;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1094	localCerts = x509Possession.popCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1095	chc.handshakeSession.setLocalPrivateKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1096	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1097	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1098	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1099
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1100	if (localCerts != null && localCerts.length != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1101	chc.handshakeSession.setLocalCertificates(localCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1102	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1103	chc.handshakeSession.setLocalCertificates(null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1104	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1105
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1106	T13CertificateMessage cm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1107	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1108	cm = new T13CertificateMessage(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1109	chc, chc.certRequestContext, localCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1110	} catch (SSLException \| CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1111	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1112	"Failed to produce client Certificate message", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1113	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1114	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1115	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1116	SSLLogger.fine("Produced client Certificate message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1117	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1118
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1119	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1120	cm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1121	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1122
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1123	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1124	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1125	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1126	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1127
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1128	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1129	* The "Certificate" handshake message consumer for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1130	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1131	private static final class T13CertificateConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1132	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1133	private T13CertificateConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1134	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1135	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1136
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1137	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1138	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1139	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1140	// The consuming happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1141	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1142
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1143	// clean up this consumer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1144	hc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1145	T13CertificateMessage cm = new T13CertificateMessage(hc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1146	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1147	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1148	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1149	"Consuming server Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1150	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1151	onConsumeCertificate((ClientHandshakeContext)context, cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1152	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1153	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1154	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1155	"Consuming client Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1156	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1157	onConsumeCertificate((ServerHandshakeContext)context, cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1158	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1159	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1160
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1161	private void onConsumeCertificate(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1162	T13CertificateMessage certificateMessage )throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1163	if (certificateMessage.certEntries == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1164	certificateMessage.certEntries.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1165	if (shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1166	shc.conContext.fatal(Alert.BAD_CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1167	"Empty client certificate chain");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1168	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1169	// optional client authentication
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1170	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1171	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1172	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1173
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1174	// check client certificate entries
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1175	X509Certificate[] cliCerts =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1176	checkClientCerts(shc, certificateMessage.certEntries);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1177
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1178	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1179	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1180	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1181	shc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1182	new X509Credentials(cliCerts[0].getPublicKey(), cliCerts));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1183	shc.handshakeSession.setPeerCertificates(cliCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1184	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1185
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1186	private void onConsumeCertificate(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1187	T13CertificateMessage certificateMessage )throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1188	if (certificateMessage.certEntries == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1189	certificateMessage.certEntries.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1190	chc.conContext.fatal(Alert.BAD_CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1191	"Empty server certificate chain");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1192	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1193
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1194	// Each CertificateEntry will have its own set of extensions
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1195	// which must be consumed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1196	SSLExtension[] enabledExtensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1197	chc.sslConfig.getEnabledExtensions(SSLHandshake.CERTIFICATE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1198	for (CertificateEntry certEnt : certificateMessage.certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1199	certEnt.extensions.consumeOnLoad(chc, enabledExtensions);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1201
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1202	// check server certificate entries
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1203	X509Certificate[] srvCerts =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1204	checkServerCerts(chc, certificateMessage.certEntries);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1205
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1206	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1207	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1208	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1209	chc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1210	new X509Credentials(srvCerts[0].getPublicKey(), srvCerts));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1211	chc.handshakeSession.setPeerCertificates(srvCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1212	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1213
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1214	private static X509Certificate[] checkClientCerts(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1215	ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1216	List<CertificateEntry> certEntries) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1217	X509Certificate[] certs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1218	new X509Certificate[certEntries.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1219	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1220	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1221	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1222	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1223	certs[i++] = (X509Certificate)cf.generateCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1224	new ByteArrayInputStream(entry.encoded));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1225	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1226	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1227	shc.conContext.fatal(Alert.BAD_CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1228	"Failed to parse server certificates", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1229	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1230
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1231	// find out the types of client authentication used
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1232	String keyAlgorithm = certs[0].getPublicKey().getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1233	String authType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1234	switch (keyAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1235	case "RSA":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1236	case "DSA":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1237	case "EC":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1238	case "RSASSA-PSS":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1239	authType = keyAlgorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1240	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1241	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1242	// unknown public key type
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1243	authType = "UNKNOWN";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1244	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1245
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1246	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1247	X509TrustManager tm = shc.sslContext.getX509TrustManager();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1248	if (tm instanceof X509ExtendedTrustManager) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1249	if (shc.conContext.transport instanceof SSLEngine) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1250	SSLEngine engine = (SSLEngine)shc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1251	((X509ExtendedTrustManager)tm).checkClientTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1252	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1253	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1254	engine);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1255	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1256	SSLSocket socket = (SSLSocket)shc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1257	((X509ExtendedTrustManager)tm).checkClientTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1258	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1259	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1260	socket);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1261	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1262	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1263	// Unlikely to happen, because we have wrapped the old
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1264	// X509TrustManager with the new X509ExtendedTrustManager.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1265	throw new CertificateException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1266	"Improper X509TrustManager implementation");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1267	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1268
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1269	// Once the client certificate chain has been validated, set
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1270	// the certificate chain in the TLS session.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1271	shc.handshakeSession.setPeerCertificates(certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1272	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1273	shc.conContext.fatal(Alert.CERTIFICATE_UNKNOWN, ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1274	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1275
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1276	return certs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1277	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1278
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1279	private static X509Certificate[] checkServerCerts(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1280	ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1281	List<CertificateEntry> certEntries) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1282	X509Certificate[] certs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1283	new X509Certificate[certEntries.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1284	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1285	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1286	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1287	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1288	certs[i++] = (X509Certificate)cf.generateCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1289	new ByteArrayInputStream(entry.encoded));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1290	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1291	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1292	chc.conContext.fatal(Alert.BAD_CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1293	"Failed to parse server certificates", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1294	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1295
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1296	// find out the types of server authentication used
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1297	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1298	// Note that the "UNKNOWN" authentication type is sufficient to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1299	// check the required digitalSignature KeyUsage for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1300	String authType = "UNKNOWN";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1301
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1302	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1303	X509TrustManager tm = chc.sslContext.getX509TrustManager();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1304	if (tm instanceof X509ExtendedTrustManager) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1305	if (chc.conContext.transport instanceof SSLEngine) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1306	SSLEngine engine = (SSLEngine)chc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1307	((X509ExtendedTrustManager)tm).checkServerTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1308	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1309	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1310	engine);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1311	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1312	SSLSocket socket = (SSLSocket)chc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1313	((X509ExtendedTrustManager)tm).checkServerTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1314	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1315	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1316	socket);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1317	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1318	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1319	// Unlikely to happen, because we have wrapped the old
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1320	// X509TrustManager with the new X509ExtendedTrustManager.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1321	throw new CertificateException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1322	"Improper X509TrustManager implementation");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1323	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1324
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1325	// Once the server certificate chain has been validated, set
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1326	// the certificate chain in the TLS session.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1327	chc.handshakeSession.setPeerCertificates(certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1328	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1329	chc.conContext.fatal(getCertificateAlert(chc, ce), ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1330	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1331
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1332	return certs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1333	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1334
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1335	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1336	* When a failure happens during certificate checking from an
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1337	* {@link X509TrustManager}, determine what TLS alert description
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1338	* to use.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1339	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1340	* @param cexc The exception thrown by the {@link X509TrustManager}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1341	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1342	* @return A byte value corresponding to a TLS alert description number.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1343	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1344	private static Alert getCertificateAlert(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1345	ClientHandshakeContext chc, CertificateException cexc) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1346	// The specific reason for the failure will determine how to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1347	// set the alert description value
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1348	Alert alert = Alert.CERTIFICATE_UNKNOWN;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1349
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1350	Throwable baseCause = cexc.getCause();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1351	if (baseCause instanceof CertPathValidatorException) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1352	CertPathValidatorException cpve =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1353	(CertPathValidatorException)baseCause;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1354	Reason reason = cpve.getReason();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1355	if (reason == BasicReason.REVOKED) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1356	alert = chc.staplingActive ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1357	Alert.BAD_CERT_STATUS_RESPONSE :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1358	Alert.CERTIFICATE_REVOKED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1359	} else if (
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1360	reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1361	alert = chc.staplingActive ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1362	Alert.BAD_CERT_STATUS_RESPONSE :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1363	Alert.CERTIFICATE_UNKNOWN;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1364	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1365	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1366
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1367	return alert;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1368	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1369	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1370	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
child 51574	ed52ea83f830
permissions	-rw-r--r--