jdk-sandbox: src/java.base/share/classes/sun/security/ssl/CookieExtension.java@68fa3d4026ea (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import javax.net.ssl.SSLProtocolException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import sun.security.ssl.ClientHello.ClientHelloMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import sun.security.ssl.SSLExtension.ExtensionConsumer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import sun.security.ssl.SSLExtension.SSLExtensionSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import sun.security.ssl.ServerHello.ServerHelloMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import sun.security.util.HexDumpEncoder;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	public class CookieExtension {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	static final HandshakeProducer chNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	new CHCookieProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	static final ExtensionConsumer chOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	new CHCookieConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	static final HandshakeConsumer chOnTradeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	new CHCookieUpdate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	static final HandshakeProducer hrrNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	new HRRCookieProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	static final ExtensionConsumer hrrOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	new HRRCookieConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	static final HandshakeProducer hrrNetworkReproducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	new HRRCookieReproducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	static final CookieStringizer cookieStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	new CookieStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	* The "cookie" extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	static class CookieSpec implements SSLExtensionSpec {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	final byte[] cookie;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	private CookieSpec(ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	// opaque cookie<1..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	if (m.remaining() < 3) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	"Invalid cookie extension: insufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	this.cookie = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	"\"cookie\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	"'}',", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	Utilities.indent(hexEncoder.encode(cookie))
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	private static final class CookieStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	return (new CookieSpec(buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	return ioe.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	class CHCookieProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	private CHCookieProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	ClientHandshakeContext chc = (ClientHandshakeContext) context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	if (!chc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	"Ignore unavailable cookie extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	// response to an HelloRetryRequest cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	CookieSpec spec = (CookieSpec)chc.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	SSLExtension.HRR_COOKIE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	if (spec != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	spec.cookie != null && spec.cookie.length != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	byte[] extData = new byte[spec.cookie.length + 2];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	ByteBuffer m = ByteBuffer.wrap(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	Record.putBytes16(m, spec.cookie);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	class CHCookieConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	private CHCookieConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	if (!shc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	"Ignore unavailable cookie extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	return; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	CookieSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	spec = new CookieSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	shc.handshakeExtensions.put(SSLExtension.CH_COOKIE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	// No impact on session resumption.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	// Note that the protocol version negotiation happens before the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	// session resumption negotiation. And the session resumption
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	// negotiation depends on the negotiated protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	class CHCookieUpdate implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	private CHCookieUpdate() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	CookieSpec spec = (CookieSpec)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	shc.handshakeExtensions.get(SSLExtension.CH_COOKIE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	if (spec == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	// Ignore, no "cookie" extension requested.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	HelloCookieManager hcm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	if (!hcm.isCookieValid(shc, clientHello, spec.cookie)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	"unrecognized cookie");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	class HRRCookieProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	private HRRCookieProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	ServerHelloMessage hrrm = (ServerHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	"Ignore unavailable cookie extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	HelloCookieManager hcm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	byte[] cookie = hcm.createCookie(shc, hrrm.clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	byte[] extData = new byte[cookie.length + 2];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	ByteBuffer m = ByteBuffer.wrap(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	Record.putBytes16(m, cookie);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	class HRRCookieConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	private HRRCookieConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	// The consuming happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	if (!chc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	"Ignore unavailable cookie extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	return; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	CookieSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	spec = new CookieSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	chc.handshakeExtensions.put(SSLExtension.HRR_COOKIE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	class HRRCookieReproducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	private HRRCookieReproducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	ServerHandshakeContext shc = (ServerHandshakeContext) context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	"Ignore unavailable cookie extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	// copy of the ClientHello cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	CookieSpec spec = (CookieSpec)shc.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	SSLExtension.CH_COOKIE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	if (spec != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	spec.cookie != null && spec.cookie.length != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	byte[] extData = new byte[spec.cookie.length + 2];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	ByteBuffer m = ByteBuffer.wrap(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	Record.putBytes16(m, spec.cookie);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
child 53064	103ed9569fc8
permissions	-rw-r--r--