jdk-sandbox: src/java.base/share/classes/sun/security/ssl/ClientHello.java@68fa3d4026ea (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.SecureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.cert.X509Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.util.Collections;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.util.LinkedList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import javax.net.ssl.SSLException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import javax.net.ssl.SSLHandshakeException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import javax.net.ssl.SSLPeerUnverifiedException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import javax.net.ssl.SSLProtocolException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import sun.security.ssl.SupportedVersionsExtension.CHSupportedVersionsSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	* Pack of the ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	final class ClientHello {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	static final SSLProducer kickstartProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	new ClientHelloKickstartProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	static final SSLConsumer handshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	new ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	static final HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	new ClientHelloProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	private static final HandshakeConsumer t12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	new T12ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	private static final HandshakeConsumer t13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	new T13ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	private static final HandshakeConsumer d12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	new D12ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	private static final HandshakeConsumer d13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	new D13ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	* The ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	* See RFC 5264/4346/2246/6347 for the specifications.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	static final class ClientHelloMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	private final boolean isDTLS;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	final int clientVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	final RandomCookie clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	final SessionId sessionId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	private byte[] cookie; // DTLS only
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	final int[] cipherSuiteIds;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	final List<CipherSuite> cipherSuites; // known cipher suites only
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	final byte[] compressionMethod;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	final SSLExtensions extensions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	private static final byte[] NULL_COMPRESSION = new byte[] {0};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	ClientHelloMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	int clientVersion, SessionId sessionId,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	List<CipherSuite> cipherSuites, SecureRandom generator) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	this.isDTLS = handshakeContext.sslContext.isDTLS();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	this.clientVersion = clientVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	this.clientRandom = new RandomCookie(generator);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	this.sessionId = sessionId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	this.cookie = new byte[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	this.cookie = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	this.cipherSuites = cipherSuites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	this.cipherSuiteIds = getCipherSuiteIds(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	this.extensions = new SSLExtensions(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	// Don't support compression.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	this.compressionMethod = NULL_COMPRESSION;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	/* Read up to the binders in the PSK extension. After this method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	* returns, the ByteBuffer position will be at end of the message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	* fragment that should be hashed to produce the PSK binder values.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	* The client of this method can use this position to determine the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	* message fragment and produce the binder values.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	static void readPartial(TransportContext tc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	boolean isDTLS = tc.sslContext.isDTLS();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	// version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	new RandomCookie(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	// session ID
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	// DTLS cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	// cipher suite IDs
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	// compression method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	// read extensions, if present
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	if (m.remaining() >= 2) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	int remaining = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	while (remaining > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	int id = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	int extLen = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	remaining -= extLen + 4;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	if (id == SSLExtension.CH_PRE_SHARED_KEY.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	// ensure pre_shared_key is the last extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	if (remaining > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	tc.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	"pre_shared_key extension is not last");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	// read only up to the IDs
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	m.position(m.position() + extLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	} // Otherwise, ignore the remaining bytes.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	ClientHelloMessage(HandshakeContext handshakeContext, ByteBuffer m,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	SSLExtension[] supportedExtensions) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	this.isDTLS = handshakeContext.sslContext.isDTLS();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	this.clientVersion = ((m.get() & 0xFF) << 8) \| (m.get() & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	this.clientRandom = new RandomCookie(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	this.sessionId = new SessionId(Record.getBytes8(m));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	sessionId.checkLength(clientVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	} catch (SSLProtocolException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, ex);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	this.cookie = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	this.cookie = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	byte[] encodedIds = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	if (encodedIds.length == 0 \|\| (encodedIds.length & 0x01) != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	"Invalid ClientHello message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	this.cipherSuiteIds = new int[encodedIds.length >> 1];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	for (int i = 0, j = 0; i < encodedIds.length; i++, j++) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	cipherSuiteIds[j] =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	((encodedIds[i++] & 0xFF) << 8) \| (encodedIds[i] & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	this.cipherSuites = getCipherSuites(cipherSuiteIds);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	this.compressionMethod = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	// In TLS 1.3, use of certain extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	if (m.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	this.extensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	new SSLExtensions(this, m, supportedExtensions);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	this.extensions = new SSLExtensions(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	void setHelloCookie(byte[] cookie) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	this.cookie = cookie;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	// DTLS 1.0/1.2, for cookie generation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	byte[] getHelloCookieBytes() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	HandshakeOutStream hos = new HandshakeOutStream(null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	// copied from send() method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	hos.putInt8((byte)((clientVersion >>> 8) & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	hos.putInt8((byte)(clientVersion & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	hos.write(clientRandom.randomBytes, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	hos.putBytes8(sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	// ignore cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	hos.putBytes16(getEncodedCipherSuites());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	hos.putBytes8(compressionMethod);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	extensions.send(hos); // In TLS 1.3, use of certain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	// extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	return hos.toByteArray();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	// (D)TLS 1.3, for cookie generation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	byte[] getHeaderBytes() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	HandshakeOutStream hos = new HandshakeOutStream(null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	// copied from send() method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	hos.putInt8((byte)((clientVersion >>> 8) & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	hos.putInt8((byte)(clientVersion & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	hos.write(clientRandom.randomBytes, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	hos.putBytes8(sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	hos.putBytes16(getEncodedCipherSuites());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	hos.putBytes8(compressionMethod);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	return hos.toByteArray();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	private static int[] getCipherSuiteIds(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	List<CipherSuite> cipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	if (cipherSuites != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	int[] ids = new int[cipherSuites.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	for (CipherSuite cipherSuite : cipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	ids[i++] = cipherSuite.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	return ids;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	return new int[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	private static List<CipherSuite> getCipherSuites(int[] ids) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	List<CipherSuite> cipherSuites = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	for (int id : ids) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	CipherSuite cipherSuite = CipherSuite.valueOf(id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	if (cipherSuite != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	cipherSuites.add(cipherSuite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	return Collections.unmodifiableList(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	private List<String> getCipherSuiteNames() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	List<String> names = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	for (int id : cipherSuiteIds) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	names.add(CipherSuite.nameOf(id) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	"(" + Utilities.byte16HexString(id) + ")"); }
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	return names;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	private byte[] getEncodedCipherSuites() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	byte[] encoded = new byte[cipherSuiteIds.length << 1];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	for (int id : cipherSuiteIds) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	encoded[i++] = (byte)(id >> 8);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	encoded[i++] = (byte)id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	return encoded;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	return SSLHandshake.CLIENT_HELLO;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	* Add fixed size parts of each field...
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	* version + random + session + cipher + compress
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	return (2 + 32 + 1 + 2 + 1
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	+ sessionId.length() /* ... + variable parts */
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	+ (isDTLS ? (1 + cookie.length) : 0)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	+ (cipherSuiteIds.length * 2)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	+ compressionMethod.length)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	+ extensions.length(); // In TLS 1.3, use of certain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	// extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	sendCore(hos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	extensions.send(hos); // In TLS 1.3, use of certain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	// extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	void sendCore(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	hos.putInt8((byte) (clientVersion >>> 8));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	hos.putInt8((byte) clientVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	hos.write(clientRandom.randomBytes, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	hos.putBytes8(sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	hos.putBytes8(cookie);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	hos.putBytes16(getEncodedCipherSuites());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	hos.putBytes8(compressionMethod);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	"\"ClientHello\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	" \"client version\" : \"{0}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	" \"random\" : \"{1}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	" \"session id\" : \"{2}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	" \"cookie\" : \"{3}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	" \"cipher suites\" : \"{4}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	" \"compression methods\" : \"{5}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	" \"extensions\" : [\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	"{6}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	" ]\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	ProtocolVersion.nameOf(clientVersion),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	Utilities.toHexString(clientRandom.randomBytes),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	sessionId.toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	Utilities.toHexString(cookie),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	getCipherSuiteNames().toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	Utilities.toHexString(compressionMethod),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	Utilities.indent(Utilities.indent(extensions.toString()))
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	"\"ClientHello\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	" \"client version\" : \"{0}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	" \"random\" : \"{1}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	" \"session id\" : \"{2}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	" \"cipher suites\" : \"{3}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	" \"compression methods\" : \"{4}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	" \"extensions\" : [\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	"{5}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	" ]\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	ProtocolVersion.nameOf(clientVersion),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	Utilities.toHexString(clientRandom.randomBytes),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	sessionId.toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	getCipherSuiteNames().toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	Utilities.toHexString(compressionMethod),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	Utilities.indent(Utilities.indent(extensions.toString()))
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	* The "ClientHello" handshake message kick start producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	class ClientHelloKickstartProducer implements SSLProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	private ClientHelloKickstartProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394	// Produce kickstart handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	public byte[] produce(ConnectionContext context) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	// clean up this producer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	chc.handshakeProducers.remove(SSLHandshake.CLIENT_HELLO.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	// the max protocol version this client is supporting.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	ProtocolVersion maxProtocolVersion = chc.maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	// session ID of the ClientHello message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	SessionId sessionId = SSLSessionImpl.nullSession.getSessionId();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	// a list of cipher suites sent by the client
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	List<CipherSuite> cipherSuites = chc.activeCipherSuites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	// Try to resume an existing session.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	SSLSessionContextImpl ssci = (SSLSessionContextImpl)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	chc.sslContext.engineGetClientSessionContext();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	SSLSessionImpl session = ssci.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	chc.conContext.transport.getPeerHost(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	chc.conContext.transport.getPeerPort());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	// If unsafe server certificate change is not allowed, reserve
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	// current server certificates if the previous handshake is a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	// session-resumption abbreviated initial handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	if (!ClientHandshakeContext.allowUnsafeServerCertChange &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	session.isSessionResumption()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	// If existing, peer certificate chain cannot be null.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	chc.reservedServerCerts =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	(X509Certificate[])session.getPeerCertificates();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	} catch (SSLPeerUnverifiedException puve) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	// Maybe not certificate-based, ignore the exception.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	if (!session.isRejoinable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	"Can't resume, the session is not rejoinable");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	CipherSuite sessionSuite = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	sessionSuite = session.getSuite();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	if (!chc.isNegotiable(sessionSuite)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	"Can't resume, unavailable session cipher suite");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	ProtocolVersion sessionVersion = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	sessionVersion = session.getProtocolVersion();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461	if (!chc.isNegotiable(sessionVersion)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	"Can't resume, unavailable protocol version");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	if (session != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	!sessionVersion.useTLS13PlusSpec() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	SSLConfiguration.useExtendedMasterSecret) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	boolean isEmsAvailable = chc.sslConfig.isAvailable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	SSLExtension.CH_EXTENDED_MASTER_SECRET, sessionVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477	if (isEmsAvailable && !session.useExtendedMasterSecret &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	!SSLConfiguration.allowLegacyResumption) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	// perform full handshake instead
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	// The client SHOULD NOT offer an abbreviated handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	// to resume a session that does not use an extended
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	// master secret. Instead, it SHOULD offer a full
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	// handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488	if ((session != null) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489	!ClientHandshakeContext.allowUnsafeServerCertChange) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	// It is fine to move on with abbreviate handshake if
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	// endpoint identification is enabled.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	String identityAlg = chc.sslConfig.identificationProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493	if ((identityAlg == null \|\| identityAlg.length() == 0)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	if (isEmsAvailable) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	if (!session.useExtendedMasterSecret) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	// perform full handshake instead
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	} // Otherwise, use extended master secret.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	// The extended master secret extension does not
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	// apply to SSL 3.0. Perform a full handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	// instead.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	// Note that the useExtendedMasterSecret is
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	// extended to protect SSL 3.0 connections,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	// by discarding abbreviate handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	SSLLogger.finest("Try resuming session", session);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	// only set session id if session is 1.2 or earlier
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	if (!session.getProtocolVersion().useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	sessionId = session.getSessionId();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	if (!maxProtocolVersion.equals(sessionVersion)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	maxProtocolVersion = sessionVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	// Update protocol version number in underlying socket and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	// handshake output stream, so that the output records
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	// (at the record layer) have the correct version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	chc.setVersion(sessionVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	// If no new session is allowed, force use of the previous
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	// session ciphersuite, and add the renegotiation SCSV if
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	// necessary.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	if (!chc.sslConfig.enableSessionCreation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	if (!chc.conContext.isNegotiated &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	!sessionVersion.useTLS13PlusSpec() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	cipherSuites.contains(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	cipherSuites = Arrays.asList(sessionSuite,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	} else { // otherwise, use renegotiation_info extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	cipherSuites = Arrays.asList(sessionSuite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	"No new session is allowed, so try to resume " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	"the session cipher suite only", sessionSuite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	chc.isResumption = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	chc.resumingSession = session;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	if (session == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	if (!chc.sslConfig.enableSessionCreation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	throw new SSLHandshakeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	"No new session is allowed and " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	"no existing session can be resumed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	if (maxProtocolVersion.useTLS13PlusSpec() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	SSLConfiguration.useCompatibilityMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	// In compatibility mode, the TLS 1.3 legacy_session_id
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567	// field MUST be non-empty, so a client not offering a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	// pre-TLS 1.3 session MUST generate a new 32-byte value.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569	sessionId =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	new SessionId(true, chc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574	ProtocolVersion minimumVersion = ProtocolVersion.NONE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575	for (ProtocolVersion pv : chc.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576	if (minimumVersion == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	pv.compare(minimumVersion) < 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	minimumVersion = pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582	// exclude SCSV for secure renegotiation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	if (!minimumVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584	if (chc.conContext.secureRenegotiation &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585	cipherSuites.contains(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587	// The cipherSuites may be unmodifiable
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	588	cipherSuites = new LinkedList<>(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589	cipherSuites.remove(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	// make sure there is a negotiable cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595	boolean negotiable = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	for (CipherSuite suite : cipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	if (chc.isNegotiable(suite)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	negotiable = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602	if (!negotiable) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603	throw new SSLHandshakeException("No negotiable cipher suite");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606	// Create the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	ProtocolVersion clientHelloVersion = maxProtocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	if (clientHelloVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609	// In (D)TLS 1.3, the client indicates its version preferences
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	// in the "supported_versions" extension and the client_version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611	// (legacy_version) field MUST be set to (D)TLS 1.2.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612	if (clientHelloVersion.isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	clientHelloVersion = ProtocolVersion.DTLS12;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615	clientHelloVersion = ProtocolVersion.TLS12;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619	ClientHelloMessage chm = new ClientHelloMessage(chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	clientHelloVersion.id, sessionId, cipherSuites,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	chc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623	// cache the client random number for further using
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624	chc.clientHelloRandom = chm.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	chc.clientHelloVersion = clientHelloVersion.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	// Produce extensions for ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	SSLExtension[] extTypes = chc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	SSLHandshake.CLIENT_HELLO, chc.activeProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	chm.extensions.produce(chc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	SSLLogger.fine("Produced ClientHello handshake message", chm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637	chm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	// Reserve the initial ClientHello message for the follow on
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	// cookie exchange if needed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	chc.initialClientHelloMsg = chm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	// What's the expected response?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645	chc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	SSLHandshake.SERVER_HELLO.id, SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	if (chc.sslContext.isDTLS() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	!minimumVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	chc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650	SSLHandshake.HELLO_VERIFY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	SSLHandshake.HELLO_VERIFY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	class ClientHelloProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	private ClientHelloProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	// Response to one of the following handshake message:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	// HelloRequest (SSL 3.0/TLS 1.0/1.1/1.2)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	// ServerHello(HelloRetryRequest) (TLS 1.3)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	// HelloVerifyRequest (DTLS 1.0/1.2)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676	SSLHandshake ht = message.handshakeType();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677	if (ht == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678	throw new UnsupportedOperationException("Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	679	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	680
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	681	switch (ht) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	682	case HELLO_REQUEST:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	683	// SSL 3.0/TLS 1.0/1.1/1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	684	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	chc.kickstart();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	687	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	690	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	691	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	692	case HELLO_VERIFY_REQUEST:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	693	// DTLS 1.0/1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	694	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	695	// The HelloVerifyRequest consumer should have updated the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	696	// ClientHello handshake message with cookie.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	697	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	698	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699	"Produced ClientHello(cookie) handshake message",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700	chc.initialClientHelloMsg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704	chc.initialClientHelloMsg.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	706
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	707	// What's the expected response?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	708	chc.handshakeConsumers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	709	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	710
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	ProtocolVersion minimumVersion = ProtocolVersion.NONE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	for (ProtocolVersion pv : chc.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	if (minimumVersion == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714	pv.compare(minimumVersion) < 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715	minimumVersion = pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	716	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	717	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	718	if (chc.sslContext.isDTLS() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	719	!minimumVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	720	chc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	721	SSLHandshake.HELLO_VERIFY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	722	SSLHandshake.HELLO_VERIFY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	723	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	724
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	725	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	726	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	case HELLO_RETRY_REQUEST:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728	// TLS 1.3
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729	// The HelloRetryRequest consumer should have updated the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	730	// ClientHello handshake message with cookie.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	732	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	"Produced ClientHello(HRR) handshake message",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734	chc.initialClientHelloMsg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738	chc.initialClientHelloMsg.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	739	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	740
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	741	// What's the expected response?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742	chc.conContext.consumers.putIfAbsent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	ContentType.CHANGE_CIPHER_SPEC.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744	ChangeCipherSpec.t13Consumer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745	chc.handshakeConsumers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	746	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	747
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	749	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	750	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751	throw new UnsupportedOperationException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	"Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	755	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	756
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758	* The "ClientHello" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760	private static final class ClientHelloConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	private ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	765
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	768	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	769	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	// clean up this consumer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773	shc.handshakeConsumers.remove(SSLHandshake.CLIENT_HELLO.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774	if (!shc.handshakeConsumers.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776	"No more handshake message allowed " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	777	"in a ClientHello flight");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780	// Get enabled extension types in ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781	SSLExtension[] enabledExtensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	shc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	783	SSLHandshake.CLIENT_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	785	ClientHelloMessage chm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786	new ClientHelloMessage(shc, message, enabledExtensions);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	787	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	788	SSLLogger.fine("Consuming ClientHello handshake message", chm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	789	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791	shc.clientHelloVersion = chm.clientVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792	onClientHello(shc, chm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	795	private void onClientHello(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797	// Negotiate protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799	// Check and launch SupportedVersions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800	SSLExtension[] extTypes = new SSLExtension[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801	SSLExtension.CH_SUPPORTED_VERSIONS
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	803	clientHello.extensions.consumeOnLoad(context, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	805	ProtocolVersion negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	806	CHSupportedVersionsSpec svs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	807	(CHSupportedVersionsSpec)context.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808	SSLExtension.CH_SUPPORTED_VERSIONS);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	809	if (svs != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	810	negotiatedProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811	negotiateProtocol(context, svs.requestedProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813	negotiatedProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	814	negotiateProtocol(context, clientHello.clientVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	815	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	context.negotiatedProtocol = negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819	"Negotiated protocol version: " + negotiatedProtocol.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822	// Consume the handshake message for the specific protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	823	if (negotiatedProtocol.isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	824	if (negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	825	d13HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	826	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	827	d12HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	828	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	829	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	830	if (negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	831	t13HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	t12HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838	// Select a protocol version according to the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839	// ClientHello.client_version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	840	private ProtocolVersion negotiateProtocol(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	841	ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842	int clientHelloVersion) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844	// Per TLS 1.3 specification, server MUST negotiate TLS 1.2 or prior
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	845	// even if ClientHello.client_version is 0x0304 or later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	int chv = clientHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	if (context.sslContext.isDTLS()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848	if (chv < ProtocolVersion.DTLS12.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849	chv = ProtocolVersion.DTLS12.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	851	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	if (chv > ProtocolVersion.TLS12.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853	chv = ProtocolVersion.TLS12.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857	// Select a protocol version from the activated protocols.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858	ProtocolVersion pv = ProtocolVersion.selectedFrom(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859	context.activeProtocols, chv);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860	if (pv == null \|\| pv == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861	pv == ProtocolVersion.SSL20Hello) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862	context.conContext.fatal(Alert.PROTOCOL_VERSION,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863	"Client requested protocol " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864	ProtocolVersion.nameOf(clientHelloVersion) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865	" is not enabled or supported in server context");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	866	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	867
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	868	return pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	869	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	870
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	871	// Select a protocol version according to the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	872	// supported_versions extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	873	private ProtocolVersion negotiateProtocol(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	874	ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	875	int[] clientSupportedVersions) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	876
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	877	// The client supported protocol versions are present in client
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	878	// preference order. This implementation chooses to use the server
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	879	// preference of protocol versions instead.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	880	for (ProtocolVersion spv : context.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	881	if (spv == ProtocolVersion.SSL20Hello) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	882	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	883	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	884	for (int cpv : clientSupportedVersions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	885	if (cpv == ProtocolVersion.SSL20Hello.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	886	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	887	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	888	if (spv.id == cpv) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	889	return spv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	890	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	891	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	892	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	893
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	894	// No protocol version can be negotiated.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	895	context.conContext.fatal(Alert.PROTOCOL_VERSION,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	896	"The client supported protocol versions " + Arrays.toString(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	897	ProtocolVersion.toStringArray(clientSupportedVersions)) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	898	" are not accepted by server preferences " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	899	context.activeProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	900
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	901	return null; // make the compiler happy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	902	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	903	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	904
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	905	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	906	* The "ClientHello" handshake message consumer for TLS 1.2 and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	907	* prior SSL/TLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	908	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	909	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	910	class T12ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	911	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	912	private T12ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	913	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	914	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	915
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	916	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	917	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	918	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	919	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	920	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	921	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	922
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	923	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	924	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	925	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	926
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	927	// Reject client initiated renegotiation?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	928	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	929	// If server side should reject client-initiated renegotiation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	930	// send an Alert.HANDSHAKE_FAILURE fatal alert, not a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	931	// no_renegotiation warning alert (no_renegotiation must be a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	932	// warning: RFC 2246). no_renegotiation might seem more
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	933	// natural at first, but warnings are not appropriate because
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	934	// the sending party does not know how the receiving party
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	935	// will behave. This state must be treated as a fatal server
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	936	// condition.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	937	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	938	// This will not have any impact on server initiated renegotiation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	939	if (shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	940	if (!shc.conContext.secureRenegotiation &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	941	!HandshakeContext.allowUnsafeRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	942	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	943	"Unsafe renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	944	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	945
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	946	if (ServerHandshakeContext.rejectClientInitiatedRenego &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	947	!shc.kickstartMessageDelivered) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	948	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	949	"Client initiated renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	950	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	951	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	952
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	953	// Is it an abbreviated handshake?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	954	if (clientHello.sessionId.length() != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	955	SSLSessionImpl previous = ((SSLSessionContextImpl)shc.sslContext
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	956	.engineGetServerSessionContext())
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	957	.get(clientHello.sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	958
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	959	boolean resumingSession =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	960	(previous != null) && previous.isRejoinable();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	961	if (!resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	962	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	963	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	964	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	965	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	966	"the existing session is not rejoinable");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	967	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	968	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	969	// Validate the negotiated protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	970	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	971	ProtocolVersion sessionProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	972	previous.getProtocolVersion();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	973	if (sessionProtocol != shc.negotiatedProtocol) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	974	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	975	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	976	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	977	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	978	"Can't resume, not the same protocol version");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	979	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	980	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	981	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	982
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	983	// Validate the required client authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	984	if (resumingSession &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	985	(shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	986	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	987	previous.getPeerPrincipal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	988	} catch (SSLPeerUnverifiedException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	989	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	990	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	991	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	992	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	993	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	994	"client authentication is required");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	995	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	996	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	997	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	998
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	999	// Validate that the cached cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1000	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1001	CipherSuite suite = previous.getSuite();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1002	if ((!shc.isNegotiable(suite)) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1003	(!clientHello.cipherSuites.contains(suite))) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1004	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1005	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1006	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1007	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1008	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1009	"the session cipher suite is absent");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1010	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1011	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1012	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1013
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1014	// So far so good. Note that the handshake extensions may reset
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1015	// the resuming options later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1016	shc.isResumption = resumingSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1017	shc.resumingSession = resumingSession ? previous : null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1018	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1019
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1020	// cache the client random number for further using
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1021	shc.clientHelloRandom = clientHello.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1022
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1023	// Check and launch ClientHello extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1024	SSLExtension[] extTypes = shc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1025	SSLHandshake.CLIENT_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1026	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1027
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1028	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1029	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1030	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1031	if (!shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1032	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1033	shc.conContext.outputRecord.setVersion(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1034	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1035
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1036	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1037	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1038	// Only need to ServerHello, which may add more responders later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1039	// Note that ServerHello and HelloRetryRequest share the same
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1040	// handshake type/id. The ServerHello producer may be replaced
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1041	// by HelloRetryRequest producer if needed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1042	shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1043	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1044
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1045	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1046	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1047	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1048	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1049	SSLHandshake.SERVER_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1050
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1051	// full handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1052	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1053	SSLHandshake.CERTIFICATE_STATUS,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1054	SSLHandshake.SERVER_KEY_EXCHANGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1055	SSLHandshake.CERTIFICATE_REQUEST,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1056	SSLHandshake.SERVER_HELLO_DONE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1057
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1058	// abbreviated handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1059	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1060	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1061
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1062	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1063	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1064	shc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1065	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1066	handshakeProducer.produce(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1067	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1068	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1069	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1070	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1071
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1072	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1073	* The "ClientHello" handshake message consumer for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1074	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1075	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1076	class T13ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1077	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1078	private T13ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1079	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1080	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1081
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1082	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1083	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1084	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1085	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1086	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1087	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1088
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1089	// The client may send a dummy change_cipher_spec record
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1090	// immediately after the first ClientHello.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1091	shc.conContext.consumers.putIfAbsent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1092	ContentType.CHANGE_CIPHER_SPEC.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1093	ChangeCipherSpec.t13Consumer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1094
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1095	// Is it a resumption?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1096	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1097	// Check and launch the "psk_key_exchange_modes" and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1098	// "pre_shared_key" extensions first, which will reset the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1099	// resuming session, no matter the extensions present or not.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1100	shc.isResumption = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1101	SSLExtension[] extTypes = new SSLExtension[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1102	SSLExtension.PSK_KEY_EXCHANGE_MODES,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1103	SSLExtension.CH_PRE_SHARED_KEY
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1104	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1105	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1106
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1107	// Check and launch ClientHello extensions other than
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1108	// "psk_key_exchange_modes", "pre_shared_key", "protocol_version"
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1109	// and "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1110	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1111	// These extensions may discard session resumption, or ask for
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1112	// hello retry.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1113	extTypes = shc.sslConfig.getExclusiveExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1114	SSLHandshake.CLIENT_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1115	Arrays.asList(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1116	SSLExtension.PSK_KEY_EXCHANGE_MODES,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1117	SSLExtension.CH_PRE_SHARED_KEY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1118	SSLExtension.CH_SUPPORTED_VERSIONS));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1119	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1120
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1121	if (!shc.handshakeProducers.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1122	// Should be HelloRetryRequest producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1123	goHelloRetryRequest(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1124	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1125	goServerHello(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1126	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1127	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1128
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1129	private void goHelloRetryRequest(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1130	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1131	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1132	shc.handshakeProducers.remove(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1133	SSLHandshake.HELLO_RETRY_REQUEST.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1134	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1135	handshakeProducer.produce(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1136	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1137	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1138	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1139	"No HelloRetryRequest producer: " + shc.handshakeProducers);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1140	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1141
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1142	if (!shc.handshakeProducers.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1143	// unlikely, but please double check.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1144	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1145	"unknown handshake producers: " + shc.handshakeProducers);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1146	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1147	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1148
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1149	private void goServerHello(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1150	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1151	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1152	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1153	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1154	shc.clientHelloRandom = clientHello.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1155
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1156	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1157	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1158	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1159	if (!shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1160	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1161	shc.conContext.outputRecord.setVersion(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1162	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1163
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1164	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1165	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1166	// Only ServerHello/HelloRetryRequest producer, which adds
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1167	// more responders later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1168	shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1169	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1170
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1171	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1172	SSLHandshake.SERVER_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1173
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1174	// full handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1175	SSLHandshake.ENCRYPTED_EXTENSIONS,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1176	SSLHandshake.CERTIFICATE_REQUEST,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1177	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1178	SSLHandshake.CERTIFICATE_VERIFY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1179	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1180	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1181
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1182	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1183	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1184	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1185	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1186	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1187	shc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1188	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1189	handshakeProducer.produce(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1190	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1191	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1192	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1193	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1194
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1195	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1196	* The "ClientHello" handshake message consumer for DTLS 1.2 and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1197	* previous DTLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1198	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1199	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1200	class D12ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1201	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1202	private D12ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1203	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1204	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1205
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1206	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1207	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1208	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1209	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1210	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1211	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1212
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1213	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1214	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1215	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1216
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1217	// Reject client initiated renegotiation?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1218	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1219	// If server side should reject client-initiated renegotiation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1220	// send an Alert.HANDSHAKE_FAILURE fatal alert, not a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1221	// no_renegotiation warning alert (no_renegotiation must be a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1222	// warning: RFC 2246). no_renegotiation might seem more
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1223	// natural at first, but warnings are not appropriate because
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1224	// the sending party does not know how the receiving party
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1225	// will behave. This state must be treated as a fatal server
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1226	// condition.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1227	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1228	// This will not have any impact on server initiated renegotiation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1229	if (shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1230	if (!shc.conContext.secureRenegotiation &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1231	!HandshakeContext.allowUnsafeRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1232	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1233	"Unsafe renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1234	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1235
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1236	if (ServerHandshakeContext.rejectClientInitiatedRenego &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1237	!shc.kickstartMessageDelivered) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1238	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1239	"Client initiated renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1240	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1241	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1242
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1243	// Is it an abbreviated handshake?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1244	if (clientHello.sessionId.length() != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1245	SSLSessionImpl previous = ((SSLSessionContextImpl)shc.sslContext
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1246	.engineGetServerSessionContext())
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1247	.get(clientHello.sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1248
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1249	boolean resumingSession =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1250	(previous != null) && previous.isRejoinable();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1251	if (!resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1252	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1253	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1254	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1255	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1256	"the existing session is not rejoinable");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1257	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1258	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1259	// Validate the negotiated protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1260	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1261	ProtocolVersion sessionProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1262	previous.getProtocolVersion();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1263	if (sessionProtocol != shc.negotiatedProtocol) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1264	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1265	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1266	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1267	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1268	"Can't resume, not the same protocol version");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1269	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1270	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1271	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1272
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1273	// Validate the required client authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1274	if (resumingSession &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1275	(shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1276
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1277	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1278	previous.getPeerPrincipal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1279	} catch (SSLPeerUnverifiedException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1280	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1281	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1282	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1283	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1284	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1285	"client authentication is required");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1286	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1287	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1288	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1289
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1290	// Validate that the cached cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1291	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1292	CipherSuite suite = previous.getSuite();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1293	if ((!shc.isNegotiable(suite)) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1294	(!clientHello.cipherSuites.contains(suite))) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1295	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1296	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1297	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1298	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1299	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1300	"the session cipher suite is absent");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1301	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1302	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1303	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1304
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1305	// So far so good. Note that the handshake extensions may reset
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1306	// the resuming options later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1307	shc.isResumption = resumingSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1308	shc.resumingSession = resumingSession ? previous : null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1309	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1310
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1311	HelloCookieManager hcm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1312	shc.sslContext.getHelloCookieManager(ProtocolVersion.DTLS10);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1313	if (!shc.isResumption &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1314	!hcm.isCookieValid(shc, clientHello, clientHello.cookie)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1315	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1316	// Perform cookie exchange for DTLS handshaking if no cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1317	// or the cookie is invalid in the ClientHello message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1318	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1319	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1320	shc.handshakeProducers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1321	SSLHandshake.HELLO_VERIFY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1322	SSLHandshake.HELLO_VERIFY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1323
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1324	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1325	// produce response handshake message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1326	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1327	SSLHandshake.HELLO_VERIFY_REQUEST.produce(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1328
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1329	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1330	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1331
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1332	// cache the client random number for further using
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1333	shc.clientHelloRandom = clientHello.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1334
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1335	// Check and launch ClientHello extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1336	SSLExtension[] extTypes = shc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1337	SSLHandshake.CLIENT_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1338	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1339
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1340	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1341	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1342	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1343	if (!shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1344	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1345	shc.conContext.outputRecord.setVersion(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1346	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1347
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1348	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1349	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1350	// Only need to ServerHello, which may add more responders later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1351	shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1352	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1353
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1354	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1355	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1356	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1357	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1358	SSLHandshake.SERVER_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1359
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1360	// full handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1361	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1362	SSLHandshake.CERTIFICATE_STATUS,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1363	SSLHandshake.SERVER_KEY_EXCHANGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1364	SSLHandshake.CERTIFICATE_REQUEST,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1365	SSLHandshake.SERVER_HELLO_DONE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1366
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1367	// abbreviated handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1368	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1369	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1370
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1371	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1372	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1373	shc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1374	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1375	handshakeProducer.produce(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1376	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1377	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1378	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1379	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1380
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1381	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1382	* The "ClientHello" handshake message consumer for DTLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1383	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1384	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1385	class D13ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1386	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1387	private D13ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1388	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1389	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1390
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1391	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1392	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1393	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1394	throw new UnsupportedOperationException("Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1395	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1396	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1397	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
child 52170	2990f1e1c325
permissions	-rw-r--r--