author | xuelei |
Mon, 25 Jun 2018 13:41:39 -0700 | |
changeset 50768 | 68fa3d4026ea |
parent 47216 | 71c04702a3d5 |
child 51458 | 97300133cc23 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
50768 | 2 |
* Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.ssl; |
|
27 |
||
28555 | 28 |
import java.security.CryptoPrimitive; |
50768 | 29 |
import java.util.ArrayList; |
30 |
import java.util.Collections; |
|
31 |
import java.util.EnumSet; |
|
32 |
import java.util.List; |
|
28555 | 33 |
|
2 | 34 |
/** |
50768 | 35 |
* Enum for an SSL/TLS/DTLS protocol version. |
2 | 36 |
* |
37 |
* @author Andreas Sterbenz |
|
38 |
* @since 1.4.1 |
|
39 |
*/ |
|
50768 | 40 |
enum ProtocolVersion { |
41 |
// TLS13 (0x0304, "TLSv1.3", false), |
|
42 |
TLS13 (SSLConfiguration.tls13VN, "TLSv1.3", false), |
|
43 |
TLS12 (0x0303, "TLSv1.2", false), |
|
44 |
TLS11 (0x0302, "TLSv1.1", false), |
|
45 |
TLS10 (0x0301, "TLSv1", false), |
|
46 |
SSL30 (0x0300, "SSLv3", false), |
|
47 |
SSL20Hello (0x0002, "SSLv2Hello", false), |
|
48 |
||
49 |
DTLS12 (0xFEFD, "DTLSv1.2", true), |
|
50 |
DTLS10 (0xFEFF, "DTLSv1.0", true), |
|
51 |
||
52 |
// Dummy protocol version value for invalid SSLSession |
|
53 |
NONE (-1, "NONE", false); |
|
54 |
||
55 |
||
56 |
final int id; |
|
57 |
final String name; |
|
58 |
final boolean isDTLS; |
|
59 |
final byte major; |
|
60 |
final byte minor; |
|
61 |
final boolean isAvailable; |
|
2 | 62 |
|
7039 | 63 |
// The limit of maximum protocol version |
32649
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
30904
diff
changeset
|
64 |
static final int LIMIT_MAX_VALUE = 0xFFFF; |
7039 | 65 |
|
7043 | 66 |
// The limit of minimum protocol version |
32649
2ee9017c7597
8136583: Core libraries should use blessed modifier order
martin
parents:
30904
diff
changeset
|
67 |
static final int LIMIT_MIN_VALUE = 0x0000; |
7043 | 68 |
|
50768 | 69 |
// (D)TLS ProtocolVersion array for TLS 1.0 and previous versions. |
70 |
static final ProtocolVersion[] PROTOCOLS_TO_10 = new ProtocolVersion[] { |
|
71 |
TLS10, SSL30 |
|
72 |
}; |
|
2 | 73 |
|
50768 | 74 |
// (D)TLS ProtocolVersion array for TLS 1.1/DTLS 1.0 and previous versions. |
75 |
static final ProtocolVersion[] PROTOCOLS_TO_11 = new ProtocolVersion[] { |
|
76 |
TLS11, TLS10, SSL30, DTLS10 |
|
77 |
}; |
|
2 | 78 |
|
50768 | 79 |
// (D)TLS ProtocolVersion array for (D)TLS 1.2 and previous versions. |
80 |
static final ProtocolVersion[] PROTOCOLS_TO_12 = new ProtocolVersion[] { |
|
81 |
TLS12, TLS11, TLS10, SSL30, DTLS12, DTLS10 |
|
82 |
}; |
|
2 | 83 |
|
50768 | 84 |
// (D)TLS ProtocolVersion array for (D)TLS 1.3 and previous versions. |
85 |
static final ProtocolVersion[] PROTOCOLS_TO_13 = new ProtocolVersion[] { |
|
86 |
TLS13, TLS12, TLS11, TLS10, SSL30, DTLS12, DTLS10 |
|
87 |
}; |
|
2 | 88 |
|
50768 | 89 |
// No protocol version specified. |
90 |
static final ProtocolVersion[] PROTOCOLS_OF_NONE = new ProtocolVersion[] { |
|
91 |
NONE |
|
92 |
}; |
|
2 | 93 |
|
50768 | 94 |
// (D)TLS ProtocolVersion array for SSL 3.0. |
95 |
static final ProtocolVersion[] PROTOCOLS_OF_30 = new ProtocolVersion[] { |
|
96 |
SSL30 |
|
97 |
}; |
|
7039 | 98 |
|
50768 | 99 |
// (D)TLS ProtocolVersion array for TLS 1.1/DTSL 1.0. |
100 |
static final ProtocolVersion[] PROTOCOLS_OF_11 = new ProtocolVersion[] { |
|
101 |
TLS11, DTLS10 |
|
102 |
}; |
|
30904 | 103 |
|
50768 | 104 |
// (D)TLS ProtocolVersion array for (D)TLS 1.2. |
105 |
static final ProtocolVersion[] PROTOCOLS_OF_12 = new ProtocolVersion[] { |
|
106 |
TLS12, DTLS12 |
|
107 |
}; |
|
30904 | 108 |
|
50768 | 109 |
// (D)TLS ProtocolVersion array for (D)TLS 1.3. |
110 |
static final ProtocolVersion[] PROTOCOLS_OF_13 = new ProtocolVersion[] { |
|
111 |
TLS13 |
|
112 |
}; |
|
30904 | 113 |
|
50768 | 114 |
// (D)TLS ProtocolVersion array for TSL 1.0/1.1 and DTLS 1.0. |
115 |
static final ProtocolVersion[] PROTOCOLS_10_11 = new ProtocolVersion[] { |
|
116 |
TLS11, TLS10, DTLS10 |
|
117 |
}; |
|
2 | 118 |
|
50768 | 119 |
// (D)TLS ProtocolVersion array for TSL 1.1/1.2 and DTLS 1.0/1.2. |
120 |
static final ProtocolVersion[] PROTOCOLS_11_12 = new ProtocolVersion[] { |
|
121 |
TLS12, TLS11, DTLS12, DTLS10 |
|
122 |
}; |
|
2 | 123 |
|
50768 | 124 |
// (D)TLS ProtocolVersion array for TSL 1.2/1.3 and DTLS 1.2/1.3. |
125 |
static final ProtocolVersion[] PROTOCOLS_12_13 = new ProtocolVersion[] { |
|
126 |
TLS13, TLS12, DTLS12 |
|
127 |
}; |
|
30904 | 128 |
|
50768 | 129 |
// (D)TLS ProtocolVersion array for TSL 1.0/1.1/1.2 and DTLS 1.0/1.2. |
130 |
static final ProtocolVersion[] PROTOCOLS_10_12 = new ProtocolVersion[] { |
|
131 |
TLS12, TLS11, TLS10, DTLS12, DTLS10 |
|
132 |
}; |
|
2 | 133 |
|
50768 | 134 |
// TLS ProtocolVersion array for TLS 1.2 and previous versions. |
135 |
static final ProtocolVersion[] PROTOCOLS_TO_TLS12 = new ProtocolVersion[] { |
|
136 |
TLS12, TLS11, TLS10, SSL30 |
|
137 |
}; |
|
2 | 138 |
|
50768 | 139 |
// TLS ProtocolVersion array for TLS 1.1 and previous versions. |
140 |
static final ProtocolVersion[] PROTOCOLS_TO_TLS11 = new ProtocolVersion[] { |
|
141 |
TLS11, TLS10, SSL30 |
|
142 |
}; |
|
28555 | 143 |
|
50768 | 144 |
// TLS ProtocolVersion array for TLS 1.0 and previous versions. |
145 |
static final ProtocolVersion[] PROTOCOLS_TO_TLS10 = new ProtocolVersion[] { |
|
146 |
TLS10, SSL30 |
|
147 |
}; |
|
2 | 148 |
|
50768 | 149 |
// Empty ProtocolVersion array |
150 |
static final ProtocolVersion[] PROTOCOLS_EMPTY = new ProtocolVersion[0]; |
|
2 | 151 |
|
50768 | 152 |
private ProtocolVersion(int id, String name, boolean isDTLS) { |
153 |
this.id = id; |
|
154 |
this.name = name; |
|
155 |
this.isDTLS = isDTLS; |
|
156 |
this.major = (byte)((id >>> 8) & 0xFF); |
|
157 |
this.minor = (byte)(id & 0xFF); |
|
28555 | 158 |
|
50768 | 159 |
this.isAvailable = SSLAlgorithmConstraints.DEFAULT_SSL_ONLY.permits( |
160 |
EnumSet.<CryptoPrimitive>of(CryptoPrimitive.KEY_AGREEMENT), |
|
161 |
name, null); |
|
162 |
} |
|
163 |
||
164 |
/** |
|
165 |
* Return a ProtocolVersion with the specified major and minor |
|
166 |
* version numbers. |
|
167 |
*/ |
|
168 |
static ProtocolVersion valueOf(byte major, byte minor) { |
|
169 |
for (ProtocolVersion pv : ProtocolVersion.values()) { |
|
170 |
if ((pv.major == major) && (pv.minor == minor)) { |
|
171 |
return pv; |
|
28555 | 172 |
} |
173 |
} |
|
174 |
||
50768 | 175 |
return null; |
28555 | 176 |
} |
177 |
||
50768 | 178 |
/** |
179 |
* Return a ProtocolVersion with the specified version number. |
|
180 |
*/ |
|
181 |
static ProtocolVersion valueOf(int id) { |
|
182 |
for (ProtocolVersion pv : ProtocolVersion.values()) { |
|
183 |
if (pv.id == id) { |
|
184 |
return pv; |
|
185 |
} |
|
186 |
} |
|
187 |
||
188 |
return null; |
|
189 |
} |
|
190 |
||
191 |
/** |
|
192 |
* Return name of a (D)TLS protocol specified by major and |
|
193 |
* minor version numbers. |
|
194 |
*/ |
|
195 |
static String nameOf(byte major, byte minor) { |
|
196 |
for (ProtocolVersion pv : ProtocolVersion.values()) { |
|
197 |
if ((pv.major == major) && (pv.minor == minor)) { |
|
198 |
return pv.name; |
|
199 |
} |
|
200 |
} |
|
201 |
||
202 |
return "(D)TLS-" + major + "." + minor; |
|
2 | 203 |
} |
204 |
||
50768 | 205 |
/** |
206 |
* Return name of a (D)TLS protocol specified by a protocol number. |
|
207 |
*/ |
|
208 |
static String nameOf(int id) { |
|
209 |
return nameOf((byte)((id >>> 8) & 0xFF), (byte)(id & 0xFF)); |
|
210 |
} |
|
211 |
||
212 |
/** |
|
213 |
* Return a ProtocolVersion for the given (D)TLS protocol name. |
|
214 |
*/ |
|
215 |
static ProtocolVersion nameOf(String name) { |
|
216 |
for (ProtocolVersion pv : ProtocolVersion.values()) { |
|
217 |
if (pv.name.equals(name)) { |
|
218 |
return pv; |
|
219 |
} |
|
220 |
} |
|
221 |
||
222 |
return null; |
|
223 |
} |
|
224 |
||
225 |
/** |
|
226 |
* Return true if the specific (D)TLS protocol is negotiable. |
|
227 |
* |
|
228 |
* Used to filter out SSLv2Hello and protocol numbers less than the |
|
229 |
* minimal supported protocol versions. |
|
230 |
*/ |
|
231 |
static boolean isNegotiable( |
|
232 |
byte major, byte minor, boolean isDTLS, boolean allowSSL20Hello) { |
|
233 |
int v = ((major & 0xFF) << 8) | (minor & 0xFF); |
|
234 |
if (isDTLS) { |
|
235 |
return v <= DTLS10.id; |
|
2 | 236 |
} else { |
50768 | 237 |
if (v < SSL30.id) { |
238 |
if (!allowSSL20Hello || (v != SSL20Hello.id)) { |
|
239 |
return false; |
|
240 |
} |
|
241 |
} |
|
242 |
return true; |
|
2 | 243 |
} |
244 |
} |
|
245 |
||
246 |
/** |
|
50768 | 247 |
* Get names of a list of ProtocolVersion objects. |
2 | 248 |
*/ |
50768 | 249 |
static String[] toStringArray(List<ProtocolVersion> protocolVersions) { |
250 |
if ((protocolVersions != null) && !protocolVersions.isEmpty()) { |
|
251 |
String[] protocolNames = new String[protocolVersions.size()]; |
|
252 |
int i = 0; |
|
253 |
for (ProtocolVersion pv : protocolVersions) { |
|
254 |
protocolNames[i++] = pv.name; |
|
255 |
} |
|
256 |
||
257 |
return protocolNames; |
|
258 |
} |
|
259 |
||
260 |
return new String[0]; |
|
261 |
} |
|
262 |
||
263 |
/** |
|
264 |
* Get names of a list of protocol version identifiers. |
|
265 |
*/ |
|
266 |
static String[] toStringArray(int[] protocolVersions) { |
|
267 |
if ((protocolVersions != null) && protocolVersions.length != 0) { |
|
268 |
String[] protocolNames = new String[protocolVersions.length]; |
|
269 |
int i = 0; |
|
270 |
for (int pv : protocolVersions) { |
|
271 |
protocolNames[i++] = ProtocolVersion.nameOf(pv); |
|
272 |
} |
|
273 |
||
274 |
return protocolNames; |
|
275 |
} |
|
276 |
||
277 |
return new String[0]; |
|
2 | 278 |
} |
279 |
||
280 |
/** |
|
50768 | 281 |
* Get a list of ProtocolVersion objects of an array protocol |
282 |
* version names. |
|
2 | 283 |
*/ |
50768 | 284 |
static List<ProtocolVersion> namesOf(String[] protocolNames) { |
285 |
if (protocolNames == null || protocolNames.length == 0) { |
|
286 |
return Collections.<ProtocolVersion>emptyList(); |
|
2 | 287 |
} |
7039 | 288 |
|
50768 | 289 |
List<ProtocolVersion> pvs = new ArrayList<>(protocolNames.length); |
290 |
for (String pn : protocolNames) { |
|
291 |
ProtocolVersion pv = ProtocolVersion.nameOf(pn); |
|
292 |
if (pv == null) { |
|
293 |
throw new IllegalArgumentException( |
|
294 |
"Unsupported protocol" + pn); |
|
295 |
} |
|
296 |
||
297 |
pvs.add(pv); |
|
2 | 298 |
} |
299 |
||
50768 | 300 |
return Collections.unmodifiableList(pvs); |
2 | 301 |
} |
302 |
||
7039 | 303 |
/** |
50768 | 304 |
* Return true if the specific protocol version name is |
305 |
* of (D)TLS 1.2 or newer version. |
|
7039 | 306 |
*/ |
50768 | 307 |
static boolean useTLS12PlusSpec(String name) { |
308 |
ProtocolVersion pv = ProtocolVersion.nameOf(name); |
|
309 |
if (pv != null && pv != NONE) { |
|
310 |
return pv.isDTLS ? (pv.id <= DTLS12.id) : (pv.id >= TLS12.id); |
|
311 |
} |
|
312 |
||
313 |
return false; |
|
314 |
} |
|
30904 | 315 |
|
50768 | 316 |
/** |
317 |
* Compares this object with the specified ProtocolVersion. |
|
318 |
* |
|
319 |
* @see java.lang.Comparable |
|
320 |
*/ |
|
321 |
int compare(ProtocolVersion that) { |
|
322 |
if (this == that) { |
|
323 |
return 0; |
|
324 |
} |
|
325 |
||
326 |
if (this == ProtocolVersion.NONE) { |
|
327 |
return -1; |
|
328 |
} else if (that == ProtocolVersion.NONE) { |
|
329 |
return 1; |
|
330 |
} |
|
331 |
||
332 |
if (isDTLS) { |
|
333 |
return that.id - this.id; |
|
30904 | 334 |
} else { |
50768 | 335 |
return this.id - that.id; |
30904 | 336 |
} |
337 |
} |
|
338 |
||
339 |
/** |
|
50768 | 340 |
* Return true if this ProtocolVersion object is of (D)TLS 1.3 or |
341 |
* newer version. |
|
342 |
*/ |
|
343 |
boolean useTLS13PlusSpec() { |
|
344 |
return isDTLS ? (this.id < DTLS12.id) : (this.id >= TLS13.id); |
|
345 |
} |
|
346 |
||
347 |
/** |
|
348 |
* Return true if this ProtocolVersion object is of (D)TLS 1.2 or |
|
349 |
* newer version. |
|
30904 | 350 |
*/ |
50768 | 351 |
boolean useTLS12PlusSpec() { |
352 |
return isDTLS ? (this.id <= DTLS12.id) : (this.id >= TLS12.id); |
|
353 |
} |
|
354 |
||
355 |
/** |
|
356 |
* Return true if this ProtocolVersion object is of |
|
357 |
* TLS 1.1/DTLS 1.0 or newer version. |
|
358 |
*/ |
|
359 |
boolean useTLS11PlusSpec() { |
|
360 |
return isDTLS ? true : (this.id >= TLS11.id); |
|
361 |
} |
|
362 |
||
363 |
/** |
|
364 |
* Return true if this ProtocolVersion object is of TLS 1.0 or |
|
365 |
* newer version. |
|
366 |
*/ |
|
367 |
boolean useTLS10PlusSpec() { |
|
368 |
return isDTLS ? true : (this.id >= TLS10.id); |
|
30904 | 369 |
} |
370 |
||
371 |
/** |
|
50768 | 372 |
* Return true if this ProtocolVersion object is of TLS 1.0 or |
373 |
* newer version. |
|
30904 | 374 |
*/ |
50768 | 375 |
static boolean useTLS10PlusSpec(int id, boolean isDTLS) { |
376 |
return isDTLS ? true : (id >= TLS10.id); |
|
30904 | 377 |
} |
378 |
||
50768 | 379 |
/** |
380 |
* Return true if this ProtocolVersion object is of (D)TLS 1.3 or |
|
381 |
* newer version. |
|
382 |
*/ |
|
383 |
static boolean useTLS13PlusSpec(int id, boolean isDTLS) { |
|
384 |
return isDTLS ? (id < DTLS12.id) : (id >= TLS13.id); |
|
30904 | 385 |
} |
386 |
||
50768 | 387 |
/** |
388 |
* Select the lower of that suggested protocol version and |
|
389 |
* the highest of the listed protocol versions. |
|
390 |
* |
|
391 |
* @param listedVersions the listed protocol version |
|
392 |
* @param suggestedVersion the suggested protocol version |
|
393 |
*/ |
|
394 |
static ProtocolVersion selectedFrom( |
|
395 |
List<ProtocolVersion> listedVersions, int suggestedVersion) { |
|
396 |
ProtocolVersion selectedVersion = ProtocolVersion.NONE; |
|
397 |
for (ProtocolVersion pv : listedVersions) { |
|
398 |
if (pv.id == suggestedVersion) { |
|
399 |
return pv; |
|
400 |
} else if (pv.isDTLS) { |
|
401 |
if (pv.id > suggestedVersion && pv.id < selectedVersion.id) { |
|
402 |
selectedVersion = pv; |
|
403 |
} |
|
404 |
} else { |
|
405 |
if (pv.id < suggestedVersion && pv.id > selectedVersion.id) { |
|
406 |
selectedVersion = pv; |
|
407 |
} |
|
30904 | 408 |
} |
409 |
} |
|
410 |
||
50768 | 411 |
return selectedVersion; |
7039 | 412 |
} |
2 | 413 |
} |