jdk-sandbox: src/java.base/share/classes/sun/security/ssl/ClientHello.java@8bf9268df0e2 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.SecureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.cert.X509Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.util.Collections;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.util.LinkedList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.util.Locale;
52170 2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	38	import java.util.Objects;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import javax.net.ssl.SSLException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import javax.net.ssl.SSLHandshakeException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import javax.net.ssl.SSLPeerUnverifiedException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import javax.net.ssl.SSLProtocolException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	import sun.security.ssl.SupportedVersionsExtension.CHSupportedVersionsSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	* Pack of the ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	final class ClientHello {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	static final SSLProducer kickstartProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	new ClientHelloKickstartProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	static final SSLConsumer handshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	new ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	static final HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	new ClientHelloProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	private static final HandshakeConsumer t12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	new T12ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	private static final HandshakeConsumer t13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	new T13ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	private static final HandshakeConsumer d12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	new D12ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	private static final HandshakeConsumer d13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	new D13ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	* The ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	* See RFC 5264/4346/2246/6347 for the specifications.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	static final class ClientHelloMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	private final boolean isDTLS;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	final int clientVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	final RandomCookie clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	final SessionId sessionId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	private byte[] cookie; // DTLS only
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	final int[] cipherSuiteIds;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	final List<CipherSuite> cipherSuites; // known cipher suites only
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	final byte[] compressionMethod;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	final SSLExtensions extensions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	private static final byte[] NULL_COMPRESSION = new byte[] {0};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	ClientHelloMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	int clientVersion, SessionId sessionId,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	List<CipherSuite> cipherSuites, SecureRandom generator) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	this.isDTLS = handshakeContext.sslContext.isDTLS();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	this.clientVersion = clientVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	this.clientRandom = new RandomCookie(generator);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	this.sessionId = sessionId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	this.cookie = new byte[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	this.cookie = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	this.cipherSuites = cipherSuites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	this.cipherSuiteIds = getCipherSuiteIds(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	this.extensions = new SSLExtensions(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	// Don't support compression.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	this.compressionMethod = NULL_COMPRESSION;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	/* Read up to the binders in the PSK extension. After this method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	* returns, the ByteBuffer position will be at end of the message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	* fragment that should be hashed to produce the PSK binder values.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	* The client of this method can use this position to determine the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	* message fragment and produce the binder values.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	static void readPartial(TransportContext tc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	boolean isDTLS = tc.sslContext.isDTLS();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	// version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	new RandomCookie(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	// session ID
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	// DTLS cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	// cipher suite IDs
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	// compression method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	// read extensions, if present
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	if (m.remaining() >= 2) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	int remaining = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	while (remaining > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	int id = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	int extLen = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	remaining -= extLen + 4;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	if (id == SSLExtension.CH_PRE_SHARED_KEY.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	// ensure pre_shared_key is the last extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	if (remaining > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	tc.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	"pre_shared_key extension is not last");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	// read only up to the IDs
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	m.position(m.position() + extLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	} // Otherwise, ignore the remaining bytes.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	ClientHelloMessage(HandshakeContext handshakeContext, ByteBuffer m,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	SSLExtension[] supportedExtensions) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	this.isDTLS = handshakeContext.sslContext.isDTLS();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	this.clientVersion = ((m.get() & 0xFF) << 8) \| (m.get() & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	this.clientRandom = new RandomCookie(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	this.sessionId = new SessionId(Record.getBytes8(m));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	sessionId.checkLength(clientVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	} catch (SSLProtocolException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, ex);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	this.cookie = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	this.cookie = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	byte[] encodedIds = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	if (encodedIds.length == 0 \|\| (encodedIds.length & 0x01) != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	"Invalid ClientHello message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	this.cipherSuiteIds = new int[encodedIds.length >> 1];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	for (int i = 0, j = 0; i < encodedIds.length; i++, j++) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	cipherSuiteIds[j] =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	((encodedIds[i++] & 0xFF) << 8) \| (encodedIds[i] & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	this.cipherSuites = getCipherSuites(cipherSuiteIds);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	this.compressionMethod = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	// In TLS 1.3, use of certain extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	if (m.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	this.extensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	new SSLExtensions(this, m, supportedExtensions);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	this.extensions = new SSLExtensions(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	void setHelloCookie(byte[] cookie) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	this.cookie = cookie;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	// DTLS 1.0/1.2, for cookie generation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	byte[] getHelloCookieBytes() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	HandshakeOutStream hos = new HandshakeOutStream(null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	// copied from send() method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	hos.putInt8((byte)((clientVersion >>> 8) & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	hos.putInt8((byte)(clientVersion & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	hos.write(clientRandom.randomBytes, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	hos.putBytes8(sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	// ignore cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	hos.putBytes16(getEncodedCipherSuites());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	hos.putBytes8(compressionMethod);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	extensions.send(hos); // In TLS 1.3, use of certain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	// extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	return hos.toByteArray();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	// (D)TLS 1.3, for cookie generation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	byte[] getHeaderBytes() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	HandshakeOutStream hos = new HandshakeOutStream(null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	// copied from send() method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	hos.putInt8((byte)((clientVersion >>> 8) & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	hos.putInt8((byte)(clientVersion & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	hos.write(clientRandom.randomBytes, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	hos.putBytes8(sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	hos.putBytes16(getEncodedCipherSuites());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	hos.putBytes8(compressionMethod);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	return hos.toByteArray();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	private static int[] getCipherSuiteIds(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	List<CipherSuite> cipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	if (cipherSuites != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	int[] ids = new int[cipherSuites.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	for (CipherSuite cipherSuite : cipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	ids[i++] = cipherSuite.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	return ids;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	return new int[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	private static List<CipherSuite> getCipherSuites(int[] ids) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	List<CipherSuite> cipherSuites = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	for (int id : ids) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	CipherSuite cipherSuite = CipherSuite.valueOf(id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	if (cipherSuite != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	cipherSuites.add(cipherSuite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	return Collections.unmodifiableList(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	private List<String> getCipherSuiteNames() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	List<String> names = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	for (int id : cipherSuiteIds) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	names.add(CipherSuite.nameOf(id) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	"(" + Utilities.byte16HexString(id) + ")"); }
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	return names;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	private byte[] getEncodedCipherSuites() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	byte[] encoded = new byte[cipherSuiteIds.length << 1];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	for (int id : cipherSuiteIds) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	encoded[i++] = (byte)(id >> 8);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	encoded[i++] = (byte)id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	return encoded;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	return SSLHandshake.CLIENT_HELLO;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	* Add fixed size parts of each field...
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	* version + random + session + cipher + compress
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	return (2 + 32 + 1 + 2 + 1
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	+ sessionId.length() /* ... + variable parts */
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	+ (isDTLS ? (1 + cookie.length) : 0)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	+ (cipherSuiteIds.length * 2)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	+ compressionMethod.length)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	+ extensions.length(); // In TLS 1.3, use of certain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	// extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	sendCore(hos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	extensions.send(hos); // In TLS 1.3, use of certain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	// extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	void sendCore(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	hos.putInt8((byte) (clientVersion >>> 8));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	hos.putInt8((byte) clientVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	hos.write(clientRandom.randomBytes, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	hos.putBytes8(sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	hos.putBytes8(cookie);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	hos.putBytes16(getEncodedCipherSuites());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	hos.putBytes8(compressionMethod);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	"\"ClientHello\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	" \"client version\" : \"{0}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	" \"random\" : \"{1}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	" \"session id\" : \"{2}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	" \"cookie\" : \"{3}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	" \"cipher suites\" : \"{4}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	" \"compression methods\" : \"{5}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	" \"extensions\" : [\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	"{6}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	" ]\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	ProtocolVersion.nameOf(clientVersion),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	Utilities.toHexString(clientRandom.randomBytes),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	sessionId.toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	Utilities.toHexString(cookie),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	getCipherSuiteNames().toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	Utilities.toHexString(compressionMethod),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	Utilities.indent(Utilities.indent(extensions.toString()))
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	"\"ClientHello\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	" \"client version\" : \"{0}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	" \"random\" : \"{1}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	" \"session id\" : \"{2}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	" \"cipher suites\" : \"{3}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	" \"compression methods\" : \"{4}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	" \"extensions\" : [\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	"{5}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	" ]\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	ProtocolVersion.nameOf(clientVersion),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	Utilities.toHexString(clientRandom.randomBytes),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	sessionId.toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	getCipherSuiteNames().toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	Utilities.toHexString(compressionMethod),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	Utilities.indent(Utilities.indent(extensions.toString()))
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	* The "ClientHello" handshake message kick start producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	class ClientHelloKickstartProducer implements SSLProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	private ClientHelloKickstartProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	// Produce kickstart handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	public byte[] produce(ConnectionContext context) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	// clean up this producer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	chc.handshakeProducers.remove(SSLHandshake.CLIENT_HELLO.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	// the max protocol version this client is supporting.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	ProtocolVersion maxProtocolVersion = chc.maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	// session ID of the ClientHello message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	SessionId sessionId = SSLSessionImpl.nullSession.getSessionId();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	// a list of cipher suites sent by the client
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	List<CipherSuite> cipherSuites = chc.activeCipherSuites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	// Try to resume an existing session.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	SSLSessionContextImpl ssci = (SSLSessionContextImpl)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	chc.sslContext.engineGetClientSessionContext();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	SSLSessionImpl session = ssci.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	chc.conContext.transport.getPeerHost(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	chc.conContext.transport.getPeerPort());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	// If unsafe server certificate change is not allowed, reserve
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	// current server certificates if the previous handshake is a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	// session-resumption abbreviated initial handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	if (!ClientHandshakeContext.allowUnsafeServerCertChange &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	session.isSessionResumption()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	// If existing, peer certificate chain cannot be null.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	chc.reservedServerCerts =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	(X509Certificate[])session.getPeerCertificates();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	} catch (SSLPeerUnverifiedException puve) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432	// Maybe not certificate-based, ignore the exception.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	if (!session.isRejoinable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	"Can't resume, the session is not rejoinable");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	CipherSuite sessionSuite = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	sessionSuite = session.getSuite();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	if (!chc.isNegotiable(sessionSuite)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	"Can't resume, unavailable session cipher suite");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	ProtocolVersion sessionVersion = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461	sessionVersion = session.getProtocolVersion();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462	if (!chc.isNegotiable(sessionVersion)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	"Can't resume, unavailable protocol version");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	if (session != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	!sessionVersion.useTLS13PlusSpec() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	SSLConfiguration.useExtendedMasterSecret) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	boolean isEmsAvailable = chc.sslConfig.isAvailable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477	SSLExtension.CH_EXTENDED_MASTER_SECRET, sessionVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	if (isEmsAvailable && !session.useExtendedMasterSecret &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	!SSLConfiguration.allowLegacyResumption) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	// perform full handshake instead
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	// The client SHOULD NOT offer an abbreviated handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	// to resume a session that does not use an extended
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	// master secret. Instead, it SHOULD offer a full
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	// handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489	if ((session != null) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	!ClientHandshakeContext.allowUnsafeServerCertChange) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	// It is fine to move on with abbreviate handshake if
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	// endpoint identification is enabled.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493	String identityAlg = chc.sslConfig.identificationProtocol;
53018 8bf9268df0e2 8215281: Use String.isEmpty() when applicable in java.base redestad parents: 52170 diff changeset	494	if (identityAlg == null \|\| identityAlg.isEmpty()) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	if (isEmsAvailable) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	if (!session.useExtendedMasterSecret) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	// perform full handshake instead
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	} // Otherwise, use extended master secret.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	// The extended master secret extension does not
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	// apply to SSL 3.0. Perform a full handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	// instead.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	// Note that the useExtendedMasterSecret is
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	// extended to protect SSL 3.0 connections,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507	// by discarding abbreviate handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513
52170 2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	514	// ensure that the endpoint identification algorithm matches the
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	515	// one in the session
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	516	String identityAlg = chc.sslConfig.identificationProtocol;
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	517	if (session != null && identityAlg != null) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	518	String sessionIdentityAlg =
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	519	session.getIdentificationProtocol();
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	520	if (!Objects.equals(identityAlg, sessionIdentityAlg)) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	521	if (SSLLogger.isOn &&
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	522	SSLLogger.isOn("ssl,handshake,verbose")) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	523	SSLLogger.finest("Can't resume, endpoint id" +
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	524	" algorithm does not match, requested: " +
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	525	identityAlg + ", cached: " + sessionIdentityAlg);
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	526	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	527	session = null;
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	528	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	529	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	530
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	SSLLogger.finest("Try resuming session", session);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	// only set session id if session is 1.2 or earlier
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	if (!session.getProtocolVersion().useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	sessionId = session.getSessionId();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	if (!maxProtocolVersion.equals(sessionVersion)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	maxProtocolVersion = sessionVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	// Update protocol version number in underlying socket and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	// handshake output stream, so that the output records
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	// (at the record layer) have the correct version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	chc.setVersion(sessionVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	// If no new session is allowed, force use of the previous
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	// session ciphersuite, and add the renegotiation SCSV if
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	// necessary.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	if (!chc.sslConfig.enableSessionCreation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	if (!chc.conContext.isNegotiated &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	!sessionVersion.useTLS13PlusSpec() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	cipherSuites.contains(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	cipherSuites = Arrays.asList(sessionSuite,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	} else { // otherwise, use renegotiation_info extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	cipherSuites = Arrays.asList(sessionSuite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	"No new session is allowed, so try to resume " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567	"the session cipher suite only", sessionSuite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	chc.isResumption = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	chc.resumingSession = session;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575	if (session == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576	if (!chc.sslConfig.enableSessionCreation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	throw new SSLHandshakeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	"No new session is allowed and " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	"no existing session can be resumed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582	if (maxProtocolVersion.useTLS13PlusSpec() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	SSLConfiguration.useCompatibilityMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584	// In compatibility mode, the TLS 1.3 legacy_session_id
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585	// field MUST be non-empty, so a client not offering a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586	// pre-TLS 1.3 session MUST generate a new 32-byte value.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587	sessionId =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	588	new SessionId(true, chc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592	ProtocolVersion minimumVersion = ProtocolVersion.NONE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	for (ProtocolVersion pv : chc.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	if (minimumVersion == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595	pv.compare(minimumVersion) < 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	minimumVersion = pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	// exclude SCSV for secure renegotiation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601	if (!minimumVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602	if (chc.conContext.secureRenegotiation &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603	cipherSuites.contains(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605	// The cipherSuites may be unmodifiable
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606	cipherSuites = new LinkedList<>(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	cipherSuites.remove(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612	// make sure there is a negotiable cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	boolean negotiable = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614	for (CipherSuite suite : cipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615	if (chc.isNegotiable(suite)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	negotiable = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	if (!negotiable) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	throw new SSLHandshakeException("No negotiable cipher suite");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624	// Create the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	ProtocolVersion clientHelloVersion = maxProtocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	if (clientHelloVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	// In (D)TLS 1.3, the client indicates its version preferences
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	// in the "supported_versions" extension and the client_version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	// (legacy_version) field MUST be set to (D)TLS 1.2.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	if (clientHelloVersion.isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	clientHelloVersion = ProtocolVersion.DTLS12;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	clientHelloVersion = ProtocolVersion.TLS12;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637	ClientHelloMessage chm = new ClientHelloMessage(chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	clientHelloVersion.id, sessionId, cipherSuites,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639	chc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	// cache the client random number for further using
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	chc.clientHelloRandom = chm.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643	chc.clientHelloVersion = clientHelloVersion.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645	// Produce extensions for ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	SSLExtension[] extTypes = chc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	SSLHandshake.CLIENT_HELLO, chc.activeProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	chm.extensions.produce(chc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	SSLLogger.fine("Produced ClientHello handshake message", chm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	chm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658	// Reserve the initial ClientHello message for the follow on
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	// cookie exchange if needed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	chc.initialClientHelloMsg = chm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	// What's the expected response?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	chc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	SSLHandshake.SERVER_HELLO.id, SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665	if (chc.sslContext.isDTLS() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	!minimumVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	chc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	SSLHandshake.HELLO_VERIFY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	SSLHandshake.HELLO_VERIFY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678	class ClientHelloProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	679	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	680	private ClientHelloProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	681	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	682	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	683
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	684	// Response to one of the following handshake message:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	// HelloRequest (SSL 3.0/TLS 1.0/1.1/1.2)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686	// ServerHello(HelloRetryRequest) (TLS 1.3)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	687	// HelloVerifyRequest (DTLS 1.0/1.2)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	690	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	691	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	692	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	693
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	694	SSLHandshake ht = message.handshakeType();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	695	if (ht == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	696	throw new UnsupportedOperationException("Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	697	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	698
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699	switch (ht) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700	case HELLO_REQUEST:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701	// SSL 3.0/TLS 1.0/1.1/1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	chc.kickstart();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	706	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	707
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	708	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	709	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	710	case HELLO_VERIFY_REQUEST:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	// DTLS 1.0/1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	// The HelloVerifyRequest consumer should have updated the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714	// ClientHello handshake message with cookie.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	716	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	717	"Produced ClientHello(cookie) handshake message",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	718	chc.initialClientHelloMsg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	719	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	720
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	721	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	722	chc.initialClientHelloMsg.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	723	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	724
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	725	// What's the expected response?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	726	chc.handshakeConsumers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729	ProtocolVersion minimumVersion = ProtocolVersion.NONE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	730	for (ProtocolVersion pv : chc.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	if (minimumVersion == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	732	pv.compare(minimumVersion) < 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	minimumVersion = pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736	if (chc.sslContext.isDTLS() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737	!minimumVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738	chc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	739	SSLHandshake.HELLO_VERIFY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	740	SSLHandshake.HELLO_VERIFY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	741	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745	case HELLO_RETRY_REQUEST:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	746	// TLS 1.3
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	747	// The HelloRetryRequest consumer should have updated the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748	// ClientHello handshake message with cookie.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	749	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	750	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751	"Produced ClientHello(HRR) handshake message",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	chc.initialClientHelloMsg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	755	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	756	chc.initialClientHelloMsg.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759	// What's the expected response?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760	chc.conContext.consumers.putIfAbsent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	ContentType.CHANGE_CIPHER_SPEC.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	ChangeCipherSpec.t13Consumer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763	chc.handshakeConsumers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	765
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	768	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	769	throw new UnsupportedOperationException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770	"Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776	* The "ClientHello" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	777	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778	private static final class ClientHelloConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780	private ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	783
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	785	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	787	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	788	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	789
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790	// clean up this consumer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791	shc.handshakeConsumers.remove(SSLHandshake.CLIENT_HELLO.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792	if (!shc.handshakeConsumers.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794	"No more handshake message allowed " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	795	"in a ClientHello flight");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	// Get enabled extension types in ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799	SSLExtension[] enabledExtensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800	shc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801	SSLHandshake.CLIENT_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	803	ClientHelloMessage chm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804	new ClientHelloMessage(shc, message, enabledExtensions);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	805	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	806	SSLLogger.fine("Consuming ClientHello handshake message", chm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	807	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	809	shc.clientHelloVersion = chm.clientVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	810	onClientHello(shc, chm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813	private void onClientHello(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	814	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	815	// Negotiate protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817	// Check and launch SupportedVersions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	SSLExtension[] extTypes = new SSLExtension[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819	SSLExtension.CH_SUPPORTED_VERSIONS
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821	clientHello.extensions.consumeOnLoad(context, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	823	ProtocolVersion negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	824	CHSupportedVersionsSpec svs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	825	(CHSupportedVersionsSpec)context.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	826	SSLExtension.CH_SUPPORTED_VERSIONS);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	827	if (svs != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	828	negotiatedProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	829	negotiateProtocol(context, svs.requestedProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	830	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	831	negotiatedProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832	negotiateProtocol(context, clientHello.clientVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834	context.negotiatedProtocol = negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837	"Negotiated protocol version: " + negotiatedProtocol.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	840	// Consume the handshake message for the specific protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	841	if (negotiatedProtocol.isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842	if (negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843	d13HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	845	d12HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848	if (negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849	t13HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	851	t12HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856	// Select a protocol version according to the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857	// ClientHello.client_version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858	private ProtocolVersion negotiateProtocol(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859	ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860	int clientHelloVersion) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862	// Per TLS 1.3 specification, server MUST negotiate TLS 1.2 or prior
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863	// even if ClientHello.client_version is 0x0304 or later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864	int chv = clientHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865	if (context.sslContext.isDTLS()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	866	if (chv < ProtocolVersion.DTLS12.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	867	chv = ProtocolVersion.DTLS12.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	868	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	869	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	870	if (chv > ProtocolVersion.TLS12.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	871	chv = ProtocolVersion.TLS12.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	872	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	873	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	874
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	875	// Select a protocol version from the activated protocols.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	876	ProtocolVersion pv = ProtocolVersion.selectedFrom(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	877	context.activeProtocols, chv);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	878	if (pv == null \|\| pv == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	879	pv == ProtocolVersion.SSL20Hello) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	880	context.conContext.fatal(Alert.PROTOCOL_VERSION,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	881	"Client requested protocol " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	882	ProtocolVersion.nameOf(clientHelloVersion) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	883	" is not enabled or supported in server context");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	884	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	885
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	886	return pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	887	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	888
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	889	// Select a protocol version according to the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	890	// supported_versions extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	891	private ProtocolVersion negotiateProtocol(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	892	ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	893	int[] clientSupportedVersions) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	894
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	895	// The client supported protocol versions are present in client
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	896	// preference order. This implementation chooses to use the server
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	897	// preference of protocol versions instead.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	898	for (ProtocolVersion spv : context.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	899	if (spv == ProtocolVersion.SSL20Hello) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	900	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	901	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	902	for (int cpv : clientSupportedVersions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	903	if (cpv == ProtocolVersion.SSL20Hello.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	904	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	905	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	906	if (spv.id == cpv) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	907	return spv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	908	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	909	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	910	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	911
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	912	// No protocol version can be negotiated.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	913	context.conContext.fatal(Alert.PROTOCOL_VERSION,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	914	"The client supported protocol versions " + Arrays.toString(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	915	ProtocolVersion.toStringArray(clientSupportedVersions)) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	916	" are not accepted by server preferences " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	917	context.activeProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	918
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	919	return null; // make the compiler happy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	920	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	921	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	922
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	923	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	924	* The "ClientHello" handshake message consumer for TLS 1.2 and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	925	* prior SSL/TLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	926	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	927	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	928	class T12ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	929	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	930	private T12ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	931	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	932	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	933
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	934	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	935	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	936	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	937	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	938	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	939	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	940
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	941	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	942	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	943	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	944
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	945	// Reject client initiated renegotiation?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	946	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	947	// If server side should reject client-initiated renegotiation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	948	// send an Alert.HANDSHAKE_FAILURE fatal alert, not a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	949	// no_renegotiation warning alert (no_renegotiation must be a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	950	// warning: RFC 2246). no_renegotiation might seem more
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	951	// natural at first, but warnings are not appropriate because
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	952	// the sending party does not know how the receiving party
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	953	// will behave. This state must be treated as a fatal server
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	954	// condition.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	955	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	956	// This will not have any impact on server initiated renegotiation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	957	if (shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	958	if (!shc.conContext.secureRenegotiation &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	959	!HandshakeContext.allowUnsafeRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	960	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	961	"Unsafe renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	962	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	963
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	964	if (ServerHandshakeContext.rejectClientInitiatedRenego &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	965	!shc.kickstartMessageDelivered) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	966	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	967	"Client initiated renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	968	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	969	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	970
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	971	// Is it an abbreviated handshake?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	972	if (clientHello.sessionId.length() != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	973	SSLSessionImpl previous = ((SSLSessionContextImpl)shc.sslContext
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	974	.engineGetServerSessionContext())
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	975	.get(clientHello.sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	976
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	977	boolean resumingSession =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	978	(previous != null) && previous.isRejoinable();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	979	if (!resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	980	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	981	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	982	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	983	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	984	"the existing session is not rejoinable");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	985	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	986	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	987	// Validate the negotiated protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	988	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	989	ProtocolVersion sessionProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	990	previous.getProtocolVersion();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	991	if (sessionProtocol != shc.negotiatedProtocol) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	992	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	993	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	994	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	995	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	996	"Can't resume, not the same protocol version");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	997	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	998	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	999	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1000
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1001	// Validate the required client authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1002	if (resumingSession &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1003	(shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1004	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1005	previous.getPeerPrincipal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1006	} catch (SSLPeerUnverifiedException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1007	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1008	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1009	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1010	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1011	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1012	"client authentication is required");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1013	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1014	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1015	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1016
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1017	// Validate that the cached cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1018	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1019	CipherSuite suite = previous.getSuite();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1020	if ((!shc.isNegotiable(suite)) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1021	(!clientHello.cipherSuites.contains(suite))) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1022	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1023	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1024	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1025	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1026	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1027	"the session cipher suite is absent");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1028	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1029	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1030	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1031
52170 2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1032	// ensure that the endpoint identification algorithm matches the
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1033	// one in the session
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1034	String identityAlg = shc.sslConfig.identificationProtocol;
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1035	if (resumingSession && identityAlg != null) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1036	String sessionIdentityAlg =
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1037	previous.getIdentificationProtocol();
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1038	if (!Objects.equals(identityAlg, sessionIdentityAlg)) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1039	if (SSLLogger.isOn &&
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1040	SSLLogger.isOn("ssl,handshake,verbose")) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1041	SSLLogger.finest("Can't resume, endpoint id" +
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1042	" algorithm does not match, requested: " +
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1043	identityAlg + ", cached: " + sessionIdentityAlg);
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1044	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1045	resumingSession = false;
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1046	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1047	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1048
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1049	// So far so good. Note that the handshake extensions may reset
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1050	// the resuming options later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1051	shc.isResumption = resumingSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1052	shc.resumingSession = resumingSession ? previous : null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1053	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1054
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1055	// cache the client random number for further using
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1056	shc.clientHelloRandom = clientHello.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1057
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1058	// Check and launch ClientHello extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1059	SSLExtension[] extTypes = shc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1060	SSLHandshake.CLIENT_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1061	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1062
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1063	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1064	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1065	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1066	if (!shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1067	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1068	shc.conContext.outputRecord.setVersion(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1069	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1070
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1071	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1072	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1073	// Only need to ServerHello, which may add more responders later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1074	// Note that ServerHello and HelloRetryRequest share the same
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1075	// handshake type/id. The ServerHello producer may be replaced
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1076	// by HelloRetryRequest producer if needed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1077	shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1078	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1079
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1080	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1081	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1082	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1083	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1084	SSLHandshake.SERVER_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1085
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1086	// full handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1087	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1088	SSLHandshake.CERTIFICATE_STATUS,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1089	SSLHandshake.SERVER_KEY_EXCHANGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1090	SSLHandshake.CERTIFICATE_REQUEST,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1091	SSLHandshake.SERVER_HELLO_DONE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1092
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1093	// abbreviated handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1094	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1095	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1096
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1097	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1098	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1099	shc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1100	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1101	handshakeProducer.produce(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1102	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1103	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1104	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1105	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1106
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1107	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1108	* The "ClientHello" handshake message consumer for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1109	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1110	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1111	class T13ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1112	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1113	private T13ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1114	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1115	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1116
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1117	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1118	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1119	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1120	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1121	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1122	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1123
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1124	// The client may send a dummy change_cipher_spec record
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1125	// immediately after the first ClientHello.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1126	shc.conContext.consumers.putIfAbsent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1127	ContentType.CHANGE_CIPHER_SPEC.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1128	ChangeCipherSpec.t13Consumer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1129
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1130	// Is it a resumption?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1131	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1132	// Check and launch the "psk_key_exchange_modes" and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1133	// "pre_shared_key" extensions first, which will reset the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1134	// resuming session, no matter the extensions present or not.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1135	shc.isResumption = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1136	SSLExtension[] extTypes = new SSLExtension[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1137	SSLExtension.PSK_KEY_EXCHANGE_MODES,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1138	SSLExtension.CH_PRE_SHARED_KEY
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1139	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1140	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1141
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1142	// Check and launch ClientHello extensions other than
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1143	// "psk_key_exchange_modes", "pre_shared_key", "protocol_version"
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1144	// and "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1145	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1146	// These extensions may discard session resumption, or ask for
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1147	// hello retry.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1148	extTypes = shc.sslConfig.getExclusiveExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1149	SSLHandshake.CLIENT_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1150	Arrays.asList(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1151	SSLExtension.PSK_KEY_EXCHANGE_MODES,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1152	SSLExtension.CH_PRE_SHARED_KEY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1153	SSLExtension.CH_SUPPORTED_VERSIONS));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1154	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1155
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1156	if (!shc.handshakeProducers.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1157	// Should be HelloRetryRequest producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1158	goHelloRetryRequest(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1159	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1160	goServerHello(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1161	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1162	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1163
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1164	private void goHelloRetryRequest(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1165	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1166	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1167	shc.handshakeProducers.remove(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1168	SSLHandshake.HELLO_RETRY_REQUEST.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1169	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1170	handshakeProducer.produce(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1171	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1172	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1173	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1174	"No HelloRetryRequest producer: " + shc.handshakeProducers);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1175	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1176
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1177	if (!shc.handshakeProducers.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1178	// unlikely, but please double check.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1179	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1180	"unknown handshake producers: " + shc.handshakeProducers);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1181	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1182	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1183
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1184	private void goServerHello(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1185	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1186	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1187	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1188	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1189	shc.clientHelloRandom = clientHello.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1190
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1191	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1192	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1193	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1194	if (!shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1195	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1196	shc.conContext.outputRecord.setVersion(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1197	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1198
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1199	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1200	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1201	// Only ServerHello/HelloRetryRequest producer, which adds
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1202	// more responders later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1203	shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1204	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1205
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1206	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1207	SSLHandshake.SERVER_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1208
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1209	// full handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1210	SSLHandshake.ENCRYPTED_EXTENSIONS,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1211	SSLHandshake.CERTIFICATE_REQUEST,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1212	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1213	SSLHandshake.CERTIFICATE_VERIFY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1214	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1215	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1216
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1217	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1218	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1219	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1220	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1221	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1222	shc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1223	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1224	handshakeProducer.produce(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1225	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1226	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1227	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1228	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1229
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1230	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1231	* The "ClientHello" handshake message consumer for DTLS 1.2 and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1232	* previous DTLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1233	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1234	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1235	class D12ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1236	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1237	private D12ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1238	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1239	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1240
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1241	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1242	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1243	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1244	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1245	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1246	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1247
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1248	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1249	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1250	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1251
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1252	// Reject client initiated renegotiation?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1253	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1254	// If server side should reject client-initiated renegotiation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1255	// send an Alert.HANDSHAKE_FAILURE fatal alert, not a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1256	// no_renegotiation warning alert (no_renegotiation must be a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1257	// warning: RFC 2246). no_renegotiation might seem more
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1258	// natural at first, but warnings are not appropriate because
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1259	// the sending party does not know how the receiving party
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1260	// will behave. This state must be treated as a fatal server
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1261	// condition.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1262	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1263	// This will not have any impact on server initiated renegotiation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1264	if (shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1265	if (!shc.conContext.secureRenegotiation &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1266	!HandshakeContext.allowUnsafeRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1267	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1268	"Unsafe renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1269	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1270
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1271	if (ServerHandshakeContext.rejectClientInitiatedRenego &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1272	!shc.kickstartMessageDelivered) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1273	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1274	"Client initiated renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1275	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1276	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1277
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1278	// Is it an abbreviated handshake?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1279	if (clientHello.sessionId.length() != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1280	SSLSessionImpl previous = ((SSLSessionContextImpl)shc.sslContext
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1281	.engineGetServerSessionContext())
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1282	.get(clientHello.sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1283
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1284	boolean resumingSession =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1285	(previous != null) && previous.isRejoinable();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1286	if (!resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1287	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1288	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1289	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1290	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1291	"the existing session is not rejoinable");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1292	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1293	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1294	// Validate the negotiated protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1295	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1296	ProtocolVersion sessionProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1297	previous.getProtocolVersion();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1298	if (sessionProtocol != shc.negotiatedProtocol) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1299	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1300	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1301	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1302	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1303	"Can't resume, not the same protocol version");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1304	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1305	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1306	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1307
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1308	// Validate the required client authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1309	if (resumingSession &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1310	(shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1311
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1312	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1313	previous.getPeerPrincipal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1314	} catch (SSLPeerUnverifiedException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1315	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1316	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1317	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1318	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1319	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1320	"client authentication is required");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1321	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1322	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1323	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1324
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1325	// Validate that the cached cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1326	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1327	CipherSuite suite = previous.getSuite();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1328	if ((!shc.isNegotiable(suite)) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1329	(!clientHello.cipherSuites.contains(suite))) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1330	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1331	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1332	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1333	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1334	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1335	"the session cipher suite is absent");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1336	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1337	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1338	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1339
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1340	// So far so good. Note that the handshake extensions may reset
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1341	// the resuming options later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1342	shc.isResumption = resumingSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1343	shc.resumingSession = resumingSession ? previous : null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1344	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1345
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1346	HelloCookieManager hcm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1347	shc.sslContext.getHelloCookieManager(ProtocolVersion.DTLS10);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1348	if (!shc.isResumption &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1349	!hcm.isCookieValid(shc, clientHello, clientHello.cookie)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1350	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1351	// Perform cookie exchange for DTLS handshaking if no cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1352	// or the cookie is invalid in the ClientHello message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1353	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1354	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1355	shc.handshakeProducers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1356	SSLHandshake.HELLO_VERIFY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1357	SSLHandshake.HELLO_VERIFY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1358
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1359	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1360	// produce response handshake message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1361	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1362	SSLHandshake.HELLO_VERIFY_REQUEST.produce(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1363
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1364	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1365	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1366
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1367	// cache the client random number for further using
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1368	shc.clientHelloRandom = clientHello.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1369
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1370	// Check and launch ClientHello extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1371	SSLExtension[] extTypes = shc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1372	SSLHandshake.CLIENT_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1373	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1374
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1375	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1376	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1377	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1378	if (!shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1379	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1380	shc.conContext.outputRecord.setVersion(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1381	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1382
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1383	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1384	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1385	// Only need to ServerHello, which may add more responders later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1386	shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1387	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1388
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1389	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1390	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1391	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1392	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1393	SSLHandshake.SERVER_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1394
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1395	// full handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1396	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1397	SSLHandshake.CERTIFICATE_STATUS,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1398	SSLHandshake.SERVER_KEY_EXCHANGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1399	SSLHandshake.CERTIFICATE_REQUEST,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1400	SSLHandshake.SERVER_HELLO_DONE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1401
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1402	// abbreviated handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1403	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1404	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1405
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1406	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1407	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1408	shc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1409	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1410	handshakeProducer.produce(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1411	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1412	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1413	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1414	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1415
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1416	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1417	* The "ClientHello" handshake message consumer for DTLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1418	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1419	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1420	class D13ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1421	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1422	private D13ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1423	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1424	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1425
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1426	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1427	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1428	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1429	throw new UnsupportedOperationException("Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1430	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1431	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1432	}

author	redestad
	Thu, 13 Dec 2018 15:31:05 +0100
changeset 53018	8bf9268df0e2
parent 52170	2990f1e1c325
child 53064	103ed9569fc8
permissions	-rw-r--r--