jdk-sandbox: src/java.base/share/classes/sun/security/ssl/ClientHandshakeContext.java@68fa3d4026ea (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	28	import java.io.IOException;
2 90ce3da70b43 Initial load duke parents: diff changeset	29	import java.security.cert.X509Certificate;
90ce3da70b43 Initial load duke parents: diff changeset	30
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	31	import sun.security.ssl.ClientHello.ClientHelloMessage;
2 90ce3da70b43 Initial load duke parents: diff changeset	32
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	33	class ClientHandshakeContext extends HandshakeContext {
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	34	/*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	35	* Allow unsafe server certificate change?
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	36	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	37	* Server certificate change during SSL/TLS renegotiation may be considered
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	38	* unsafe, as described in the Triple Handshake attacks:
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	39	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	40	* https://secure-resumption.com/tlsauth.pdf
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	41	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	42	* Endpoint identification (See
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	43	* SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	44	* guarantee that the server certificate change in renegotiation is legal.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	45	* However, endpoint identification is only enabled for HTTPS and LDAP
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	46	* over SSL/TLS by default. It is not enough to protect SSL/TLS
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	47	* connections other than HTTPS and LDAP.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	48	*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	49	* The renegotiation indication extension (See RFC 5746) is a pretty
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	50	* strong guarantee that the endpoints on both client and server sides
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	51	* are identical on the same connection. However, the Triple Handshake
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	52	* attacks can bypass this guarantee if there is a session-resumption
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	53	* handshake between the initial full handshake and the renegotiation
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	54	* full handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	55	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	56	* Server certificate change may be unsafe and should be restricted if
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	57	* endpoint identification is not enabled and the previous handshake is
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	58	* a session-resumption abbreviated initial handshake, unless the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	59	* identities represented by both certificates can be regraded as the
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	60	* same (See isIdentityEquivalent()).
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	61	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	62	* Considering the compatibility impact and the actual requirements to
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	63	* support server certificate change in practice, the system property,
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	64	* jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	65	* server certificate change in renegotiation is allowed or not. The
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	66	* default value of the system property is "false". To mitigate the
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	67	* compatibility impact, applications may want to set the system
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	68	* property to "true" at their own risk.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	69	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	70	* If the value of the system property is "false", server certificate
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	71	* change in renegotiation after a session-resumption abbreviated initial
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	72	* handshake is restricted (See isIdentityEquivalent()).
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	73	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	74	* If the system property is set to "true" explicitly, the restriction on
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	75	* server certificate change in renegotiation is disabled.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	76	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	77	static final boolean allowUnsafeServerCertChange =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	78	Utilities.getBooleanProperty(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	79	"jdk.tls.allowUnsafeServerCertChange", false);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	80
2 90ce3da70b43 Initial load duke parents: diff changeset	81	/*
27068 5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	82	* the reserved server certificate chain in previous handshaking
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	83	*
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	84	* The server certificate chain is only reserved if the previous
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	85	* handshake is a session-resumption abbreviated initial handshake.
5fe2d67f5f68 8037066: Secure transport layer xuelei parents: 25859 diff changeset	86	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	87	X509Certificate[] reservedServerCerts = null;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29918 diff changeset	88
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	89	X509Certificate[] deferredCerts;
703 80722b883082 6690018: RSAClientKeyExchange NullPointerException xuelei parents: 2 diff changeset	90
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	91	ClientHelloMessage initialClientHelloMsg = null;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	92
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	93	ClientHandshakeContext(SSLContextImpl sslContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	94	TransportContext conContext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	95	super(sslContext, conContext);
2 90ce3da70b43 Initial load duke parents: diff changeset	96	}
90ce3da70b43 Initial load duke parents: diff changeset	97
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	98	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	99	void kickstart() throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	100	if (kickstartMessageDelivered) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	101	return;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	102	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	103
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	104	SSLHandshake.kickstart(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	105	kickstartMessageDelivered = true;
32032 22badc53802f 8046321: OCSP Stapling for TLS jnimeh parents: 31712 diff changeset	106	}
2 90ce3da70b43 Initial load duke parents: diff changeset	107	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
parent 48225	src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java@718669e6b375
child 52947	01b519fcb8a8
permissions	-rw-r--r--