jdk-sandbox: src/java.base/share/classes/sun/security/ssl/HandshakeContext.java@68fa3d4026ea (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5182 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	28	import java.io.IOException;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	29	import java.nio.ByteBuffer;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	30	import java.security.AlgorithmConstraints;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	31	import java.security.CryptoPrimitive;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	32	import java.util.AbstractMap.SimpleImmutableEntry;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	33	import java.util.ArrayList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	34	import java.util.Collections;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	35	import java.util.EnumMap;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	36	import java.util.EnumSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	37	import java.util.HashMap;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	38	import java.util.LinkedHashMap;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	39	import java.util.LinkedList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	40	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	41	import java.util.Map;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	42	import java.util.Queue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	43	import javax.crypto.SecretKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	44	import javax.net.ssl.SNIServerName;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	45	import javax.net.ssl.SSLHandshakeException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	46	import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	47	import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	48	import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	49	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	50	import sun.security.ssl.PskKeyExchangeModesExtension.PskKeyExchangeMode;
2 90ce3da70b43 Initial load duke parents: diff changeset	51
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	52	abstract class HandshakeContext implements ConnectionContext {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	53	// System properties
2 90ce3da70b43 Initial load duke parents: diff changeset	54
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	55	// By default, disable the unsafe legacy session renegotiation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	56	static final boolean allowUnsafeRenegotiation =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	57	Utilities.getBooleanProperty(
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 715 diff changeset	58	"sun.security.ssl.allowUnsafeRenegotiation", false);
62836694baeb 6898739: TLS renegotiation issue xuelei parents: 715 diff changeset	59
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	60	// For maximum interoperability and backward compatibility, RFC 5746
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	61	// allows server (or client) to accept ClientHello (or ServerHello)
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	62	// message without the secure renegotiation_info extension or SCSV.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	63	//
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	64	// For maximum security, RFC 5746 also allows server (or client) to
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	65	// reject such message with a fatal "handshake_failure" alert.
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	66	//
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	67	// By default, allow such legacy hello messages.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	68	static final boolean allowLegacyHelloMessages =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	69	Utilities.getBooleanProperty(
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	70	"sun.security.ssl.allowLegacyHelloMessages", true);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	71
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	72	// registered handshake message actors
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	73	LinkedHashMap<Byte, SSLConsumer> handshakeConsumers;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	74	final HashMap<Byte, HandshakeProducer> handshakeProducers;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	75
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	76	// context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	77	final SSLContextImpl sslContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	78	final TransportContext conContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	79	final SSLConfiguration sslConfig;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	80
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	81	// consolidated parameters
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	82	final List<ProtocolVersion> activeProtocols;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	83	final List<CipherSuite> activeCipherSuites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	84	final AlgorithmConstraints algorithmConstraints;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	85	final ProtocolVersion maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	86
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	87	// output stream
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	88	final HandshakeOutStream handshakeOutput;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	89
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	90	// handshake transcript hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	91	final HandshakeHash handshakeHash;
18283 f842a42076b9 7188658: Add possibility to disable client initiated renegotiation xuelei parents: 16913 diff changeset	92
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	93	// negotiated security parameters
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	94	SSLSessionImpl handshakeSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	95	boolean handshakeFinished;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	96	// boolean isInvalidated;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	97
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	98	boolean kickstartMessageDelivered;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	99
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	100	// Resumption
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	101	boolean isResumption;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	102	SSLSessionImpl resumingSession;
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	103
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	104	final Queue<Map.Entry<Byte, ByteBuffer>> delegatedActions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	105	volatile boolean taskDelegated = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	106	volatile Exception delegatedThrown = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	108	ProtocolVersion negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	109	CipherSuite negotiatedCipherSuite;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	110	final List<SSLPossession> handshakePossessions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	111	final List<SSLCredentials> handshakeCredentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	112	SSLKeyDerivation handshakeKeyDerivation;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	113	SSLKeyExchange handshakeKeyExchange;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	114	SecretKey baseReadSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	115	SecretKey baseWriteSecret;
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	116
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	117	// protocol version being established
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	118	int clientHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	119	String applicationProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	120
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	121	RandomCookie clientHelloRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	122	RandomCookie serverHelloRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	123	byte[] certRequestContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	124
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	125	////////////////////
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	126	// Extensions
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	127
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	128	// the extensions used in the handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	129	final Map<SSLExtension, SSLExtension.SSLExtensionSpec>
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	130	handshakeExtensions;
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	131
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	132	// MaxFragmentLength
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	133	int maxFragmentLength;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	134
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	135	// SignatureScheme
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	136	List<SignatureScheme> localSupportedSignAlgs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	137	List<SignatureScheme> peerRequestedSignatureSchemes;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	138	List<SignatureScheme> peerRequestedCertSignSchemes;
5182 62836694baeb 6898739: TLS renegotiation issue xuelei parents: 715 diff changeset	139
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	140	// SupportedGroups
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	141	List<NamedGroup> clientRequestedNamedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	142
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	143	// HelloRetryRequest
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	144	NamedGroup serverSelectedNamedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	145
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	146	// if server name indicator is negotiated
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	147	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	148	// May need a public API for the indication in the future.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	149	List<SNIServerName> requestedServerNames;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	150	SNIServerName negotiatedServerName;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	151
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	152	// OCSP Stapling info
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	153	boolean staplingActive = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	154
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	155	protected HandshakeContext(SSLContextImpl sslContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	156	TransportContext conContext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	157	this.sslContext = sslContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	158	this.conContext = conContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	159	this.sslConfig = (SSLConfiguration)conContext.sslConfig.clone();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	160
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	161	this.activeProtocols = getActiveProtocols(sslConfig.enabledProtocols,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	162	sslConfig.enabledCipherSuites, sslConfig.algorithmConstraints);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	163	if (activeProtocols.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	164	throw new SSLHandshakeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	165	"No appropriate protocol (protocol is disabled or " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	166	"cipher suites are inappropriate)");
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	167	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	168
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	169	ProtocolVersion maximumVersion = ProtocolVersion.NONE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	170	for (ProtocolVersion pv : this.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	171	if (maximumVersion == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	172	pv.compare(maximumVersion) > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	173	maximumVersion = pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	174	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	175	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	176	this.maximumActiveProtocol = maximumVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	177	this.activeCipherSuites = getActiveCipherSuites(this.activeProtocols,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	178	sslConfig.enabledCipherSuites, sslConfig.algorithmConstraints);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	179	if (activeCipherSuites.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	180	throw new SSLHandshakeException("No appropriate cipher suite");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	181	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	182	this.algorithmConstraints =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	183	new SSLAlgorithmConstraints(sslConfig.algorithmConstraints);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	184
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	185	this.handshakeConsumers = new LinkedHashMap<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	186	this.handshakeProducers = new HashMap<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	187	this.handshakeHash = conContext.inputRecord.handshakeHash;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	188	this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	189
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	190	this.handshakeFinished = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	191	this.kickstartMessageDelivered = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	192
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	193	this.delegatedActions = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	194	this.handshakeExtensions = new HashMap<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	195	this.handshakePossessions = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	196	this.handshakeCredentials = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	197	this.requestedServerNames = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	198	this.negotiatedServerName = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	199	this.negotiatedCipherSuite = conContext.cipherSuite;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	200	initialize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	201	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	202
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	203	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	204	* Constructor for PostHandshakeContext
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	205	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	206	HandshakeContext(TransportContext conContext) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	207	this.sslContext = conContext.sslContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	208	this.conContext = conContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	209	this.sslConfig = conContext.sslConfig;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	210
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	211	this.negotiatedProtocol = conContext.protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	212	this.negotiatedCipherSuite = conContext.cipherSuite;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	213	this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	214	this.delegatedActions = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	215
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	216	this.handshakeProducers = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	217	this.handshakeHash = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	218	this.activeProtocols = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	219	this.activeCipherSuites = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	220	this.algorithmConstraints = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	221	this.maximumActiveProtocol = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	222	this.handshakeExtensions = Collections.emptyMap(); // Not in TLS13
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	223	this.handshakePossessions = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	224	this.handshakeCredentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	225	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	226
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	227	// Initialize the non-final class variables.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	228	private void initialize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	229	ProtocolVersion inputHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	230	ProtocolVersion outputHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	231	if (conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	232	inputHelloVersion = conContext.protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	233	outputHelloVersion = conContext.protocolVersion;
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	234	} else {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	235	if (activeProtocols.contains(ProtocolVersion.SSL20Hello)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	236	inputHelloVersion = ProtocolVersion.SSL20Hello;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	237
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	238	// Per TLS 1.3 protocol, implementation MUST NOT send an SSL
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	239	// version 2.0 compatible CLIENT-HELLO.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	240	if (maximumActiveProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	241	outputHelloVersion = maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	242	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	243	outputHelloVersion = ProtocolVersion.SSL20Hello;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	244	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	245	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	246	inputHelloVersion = maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	247	outputHelloVersion = maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	248	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	249	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	250
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	251	conContext.inputRecord.setHelloVersion(inputHelloVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	252	conContext.outputRecord.setHelloVersion(outputHelloVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	253
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	254	if (!conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	255	conContext.protocolVersion = maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	256	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	257	conContext.outputRecord.setVersion(conContext.protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	258	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	259
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	260	private static List<ProtocolVersion> getActiveProtocols(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	261	List<ProtocolVersion> enabledProtocols,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	262	List<CipherSuite> enabledCipherSuites,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	263	AlgorithmConstraints algorithmConstraints) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	264	boolean enabledSSL20Hello = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	265	ArrayList<ProtocolVersion> protocols = new ArrayList<>(4);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	266	for (ProtocolVersion protocol : enabledProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	267	if (!enabledSSL20Hello && protocol == ProtocolVersion.SSL20Hello) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	268	enabledSSL20Hello = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	269	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	270	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	271
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	272	if (!algorithmConstraints.permits(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	273	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	274	protocol.name, null)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	275	// Ignore disabled protocol.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	276	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	277	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	278
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	279	boolean found = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	280	Map<NamedGroupType, Boolean> cachedStatus =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	281	new EnumMap<>(NamedGroupType.class);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	282	for (CipherSuite suite : enabledCipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	283	if (suite.isAvailable() && suite.supports(protocol)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	284	if (isActivatable(suite,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	285	algorithmConstraints, cachedStatus)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	286	protocols.add(protocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	287	found = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	288	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	289	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	290	} else if (SSLLogger.isOn && SSLLogger.isOn("verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	291	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	292	"Ignore unsupported cipher suite: " + suite +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	293	" for " + protocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	294	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	295	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	296
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	297	if (!found && (SSLLogger.isOn) && SSLLogger.isOn("handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	298	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	299	"No available cipher suite for " + protocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	300	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	301	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	302
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	303	if (!protocols.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	304	if (enabledSSL20Hello) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	305	protocols.add(ProtocolVersion.SSL20Hello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	306	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	307	Collections.sort(protocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	308	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	309
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	310	return Collections.unmodifiableList(protocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	311	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	312
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	313	private static List<CipherSuite> getActiveCipherSuites(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	314	List<ProtocolVersion> enabledProtocols,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	315	List<CipherSuite> enabledCipherSuites,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	316	AlgorithmConstraints algorithmConstraints) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	317
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	318	List<CipherSuite> suites = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	319	if (enabledProtocols != null && !enabledProtocols.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	320	Map<NamedGroupType, Boolean> cachedStatus =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	321	new EnumMap<>(NamedGroupType.class);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	322	for (CipherSuite suite : enabledCipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	323	if (!suite.isAvailable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	324	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	325	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	326
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	327	boolean isSupported = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	328	for (ProtocolVersion protocol : enabledProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	329	if (!suite.supports(protocol)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	330	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	331	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	332	if (isActivatable(suite,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	333	algorithmConstraints, cachedStatus)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	334	suites.add(suite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	335	isSupported = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	336	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	337	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	338	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	339
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	340	if (!isSupported &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	341	SSLLogger.isOn && SSLLogger.isOn("verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	342	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	343	"Ignore unsupported cipher suite: " + suite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	344	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	345	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	346	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	347
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	348	return Collections.unmodifiableList(suites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	349	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	350
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	351	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	352	* Parse the handshake record and return the contentType
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	353	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	354	static byte getHandshakeType(TransportContext conContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	355	Plaintext plaintext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	356	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	357	// HandshakeType msg_type; /* handshake type */
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	358	// uint24 length; /* bytes in message */
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	359	// select (HandshakeType) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	360	// ...
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	361	// } body;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	362	// } Handshake;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	363
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	364	if (plaintext.contentType != ContentType.HANDSHAKE.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	365	conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	366	"Unexpected operation for record: " + plaintext.contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	367
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	368	return 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	369	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	370
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	371	if (plaintext.fragment == null \|\| plaintext.fragment.remaining() < 4) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	372	conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	373	"Invalid handshake message: insufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	374
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	375	return 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	376	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	377
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	378	byte handshakeType = (byte)Record.getInt8(plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	379	int handshakeLen = Record.getInt24(plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	380	if (handshakeLen != plaintext.fragment.remaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	381	conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	382	"Invalid handshake message: insufficient handshake body");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	383
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	384	return 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	385	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	386
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	387	return handshakeType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	388	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	389
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	390	void dispatch(byte handshakeType, Plaintext plaintext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	391	if (conContext.transport.useDelegatedTask()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	392	boolean hasDelegated = !delegatedActions.isEmpty();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	393	if (hasDelegated \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	394	(handshakeType != SSLHandshake.FINISHED.id &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	395	handshakeType != SSLHandshake.KEY_UPDATE.id &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	396	handshakeType != SSLHandshake.NEW_SESSION_TICKET.id)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	397	if (!hasDelegated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	398	taskDelegated = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	399	delegatedThrown = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	400	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	401
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	402	// Clone the fragment for delegated actions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	403	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	404	// The plaintext may share the application buffers. It is
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	405	// fine to use shared buffers if no delegated actions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	406	// However, for delegated actions, the shared buffers may be
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	407	// polluted in application layer before the delegated actions
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	408	// executed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	409	ByteBuffer fragment = ByteBuffer.wrap(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	410	new byte[plaintext.fragment.remaining()]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	411	fragment.put(plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	412	fragment = fragment.rewind();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	413
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	414	delegatedActions.add(new SimpleImmutableEntry<>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	415	handshakeType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	416	fragment
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	417	));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	418	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	419	dispatch(handshakeType, plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	420	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	421	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	422	dispatch(handshakeType, plaintext.fragment);
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	423	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	424	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: 47216 diff changeset	425
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	426	void dispatch(byte handshakeType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	427	ByteBuffer fragment) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	428	SSLConsumer consumer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	429	if (handshakeType == SSLHandshake.HELLO_REQUEST.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	430	// For TLS 1.2 and prior versions, the HelloRequest message MAY
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	431	// be sent by the server at any time.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	432	consumer = SSLHandshake.HELLO_REQUEST;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	433	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	434	consumer = handshakeConsumers.get(handshakeType);
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	435	}
2 90ce3da70b43 Initial load duke parents: diff changeset	436
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	437	if (consumer == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	438	conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	439	"Unexpected handshake message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	440	SSLHandshake.nameOf(handshakeType));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	441	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	442	}
2 90ce3da70b43 Initial load duke parents: diff changeset	443
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	444	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	445	consumer.consume(this, fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	446	} catch (UnsupportedOperationException unsoe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	447	conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	448	"Unsupported handshake message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	449	SSLHandshake.nameOf(handshakeType), unsoe);
2 90ce3da70b43 Initial load duke parents: diff changeset	450	}
90ce3da70b43 Initial load duke parents: diff changeset	451
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	452	// update handshake hash after handshake message consumption.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	453	handshakeHash.consume();
2 90ce3da70b43 Initial load duke parents: diff changeset	454	}
90ce3da70b43 Initial load duke parents: diff changeset	455
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	456	abstract void kickstart() throws IOException;
2 90ce3da70b43 Initial load duke parents: diff changeset	457
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	458	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	459	* Check if the given cipher suite is enabled and available within
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	460	* the current active cipher suites.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	461	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	462	* Does not check if the required server certificates are available.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	463	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	464	boolean isNegotiable(CipherSuite cs) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	465	return isNegotiable(activeCipherSuites, cs);
2 90ce3da70b43 Initial load duke parents: diff changeset	466	}
90ce3da70b43 Initial load duke parents: diff changeset	467
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	468	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	469	* Check if the given cipher suite is enabled and available within
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	470	* the proposed cipher suite list.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	471	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	472	* Does not check if the required server certificates are available.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	473	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	474	static final boolean isNegotiable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	475	List<CipherSuite> proposed, CipherSuite cs) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	476	return proposed.contains(cs) && cs.isNegotiable();
2 90ce3da70b43 Initial load duke parents: diff changeset	477	}
90ce3da70b43 Initial load duke parents: diff changeset	478
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	479	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	480	* Check if the given cipher suite is enabled and available within
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	481	* the proposed cipher suite list and specific protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	482	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	483	* Does not check if the required server certificates are available.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	484	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	485	static final boolean isNegotiable(List<CipherSuite> proposed,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	486	ProtocolVersion protocolVersion, CipherSuite cs) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	487	return proposed.contains(cs) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	488	cs.isNegotiable() && cs.supports(protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	489	}
90ce3da70b43 Initial load duke parents: diff changeset	490
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	491	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	492	* Check if the given protocol version is enabled and available.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	493	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	494	boolean isNegotiable(ProtocolVersion protocolVersion) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	495	return activeProtocols.contains(protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	496	}
90ce3da70b43 Initial load duke parents: diff changeset	497
90ce3da70b43 Initial load duke parents: diff changeset	498	/**
90ce3da70b43 Initial load duke parents: diff changeset	499	* Set the active protocol version and propagate it to the SSLSocket
90ce3da70b43 Initial load duke parents: diff changeset	500	* and our handshake streams. Called from ClientHandshaker
90ce3da70b43 Initial load duke parents: diff changeset	501	* and ServerHandshaker with the negotiated protocol version.
90ce3da70b43 Initial load duke parents: diff changeset	502	*/
90ce3da70b43 Initial load duke parents: diff changeset	503	void setVersion(ProtocolVersion protocolVersion) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	504	this.conContext.protocolVersion = protocolVersion;
19823 f0fd09e20528 7188657: There should be a way to reorder the JSSE ciphers xuelei parents: 18554 diff changeset	505	}
f0fd09e20528 7188657: There should be a way to reorder the JSSE ciphers xuelei parents: 18554 diff changeset	506
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	507	private static boolean isActivatable(CipherSuite suite,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	508	AlgorithmConstraints algorithmConstraints,
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	509	Map<NamedGroupType, Boolean> cachedStatus) {
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	510
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	511	if (algorithmConstraints.permits(
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	512	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), suite.name, null)) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	513	if (suite.keyExchange == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	514	// TLS 1.3, no definition of key exchange in cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	515	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	516	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	517
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	518	boolean available;
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	519	NamedGroupType groupType = suite.keyExchange.groupType;
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	520	if (groupType != NAMED_GROUP_NONE) {
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	521	Boolean checkedStatus = cachedStatus.get(groupType);
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	522	if (checkedStatus == null) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	523	available = SupportedGroups.isActivatable(
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	524	algorithmConstraints, groupType);
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	525	cachedStatus.put(groupType, available);
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	526
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	527	if (!available &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	528	SSLLogger.isOn && SSLLogger.isOn("verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	529	SSLLogger.fine("No activated named group");
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	530	}
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	531	} else {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	532	available = checkedStatus;
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	533	}
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	534
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	535	if (!available && SSLLogger.isOn && SSLLogger.isOn("verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	536	SSLLogger.fine(
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	537	"No active named group, ignore " + suite);
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	538	}
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	539	return available;
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	540	} else {
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	541	return true;
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	542	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	543	} else if (SSLLogger.isOn && SSLLogger.isOn("verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	544	SSLLogger.fine("Ignore disabled cipher suite: " + suite);
45064 b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	545	}
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	546
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	547	return false;
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	548	}
b1b45177051b 8140436: Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS xuelei parents: 42706 diff changeset	549
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	550	List<SNIServerName> getRequestedServerNames() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	551	if (requestedServerNames == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	552	return Collections.<SNIServerName>emptyList();
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 28555 diff changeset	553	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	554	return requestedServerNames;
2 90ce3da70b43 Initial load duke parents: diff changeset	555	}
90ce3da70b43 Initial load duke parents: diff changeset	556	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 48225 diff changeset	557

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
parent 48225	src/java.base/share/classes/sun/security/ssl/Handshaker.java@718669e6b375
child 51407	910f7b56592f
permissions	-rw-r--r--