author | wetmore |
Wed, 12 Jun 2019 18:58:00 -0700 | |
changeset 55353 | 946f7f2d321c |
parent 55336 | c2398053ee90 |
child 58679 | 9c3209ff7550 |
child 58998 | 9e2f184eac99 |
permissions | -rw-r--r-- |
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
1 |
/* |
55353 | 2 |
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. |
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
4 |
* |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. Oracle designates this |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
8 |
* particular file as subject to the "Classpath" exception as provided |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
10 |
* |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
15 |
* accompanied this code). |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
16 |
* |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
17 |
* You should have received a copy of the GNU General Public License version |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
20 |
* |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
22 |
* or visit www.oracle.com if you need additional information or have any |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
23 |
* questions. |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
24 |
*/ |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
25 |
|
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
26 |
package sun.security.ssl; |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
27 |
|
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
28 |
import java.io.IOException; |
50768 | 29 |
import java.nio.ByteBuffer; |
30 |
import java.text.MessageFormat; |
|
31 |
import java.util.Collection; |
|
32 |
import java.util.Collections; |
|
33 |
import java.util.LinkedList; |
|
34 |
import java.util.Locale; |
|
35 |
import sun.security.ssl.SSLHandshake.HandshakeMessage; |
|
36 |
import sun.security.util.HexDumpEncoder; |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
37 |
|
50768 | 38 |
enum SSLExtension implements SSLStringizer { |
39 |
// Extensions defined in RFC 6066 |
|
40 |
CH_SERVER_NAME (0x0000, "server_name", |
|
41 |
SSLHandshake.CLIENT_HELLO, |
|
42 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
43 |
ServerNameExtension.chNetworkProducer, |
|
44 |
ServerNameExtension.chOnLoadConsumer, |
|
45 |
null, |
|
46 |
null, |
|
47 |
null, |
|
48 |
ServerNameExtension.chStringizer), |
|
49 |
SH_SERVER_NAME (0x0000, "server_name", |
|
50 |
SSLHandshake.SERVER_HELLO, |
|
51 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
52 |
ServerNameExtension.shNetworkProducer, |
|
53 |
ServerNameExtension.shOnLoadConsumer, |
|
54 |
null, |
|
55 |
null, |
|
56 |
null, |
|
57 |
ServerNameExtension.shStringizer), |
|
58 |
EE_SERVER_NAME (0x0000, "server_name", |
|
59 |
SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
60 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
61 |
ServerNameExtension.eeNetworkProducer, |
|
62 |
ServerNameExtension.eeOnLoadConsumer, |
|
63 |
null, |
|
64 |
null, |
|
65 |
null, |
|
66 |
ServerNameExtension.shStringizer), |
|
67 |
CH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
68 |
SSLHandshake.CLIENT_HELLO, |
|
69 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
70 |
MaxFragExtension.chNetworkProducer, |
|
71 |
MaxFragExtension.chOnLoadConsumer, |
|
72 |
null, |
|
73 |
null, |
|
74 |
null, |
|
75 |
MaxFragExtension.maxFragLenStringizer), |
|
76 |
SH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
77 |
SSLHandshake.SERVER_HELLO, |
|
78 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
79 |
MaxFragExtension.shNetworkProducer, |
|
80 |
MaxFragExtension.shOnLoadConsumer, |
|
81 |
null, |
|
82 |
MaxFragExtension.shOnTradeConsumer, |
|
83 |
null, |
|
84 |
MaxFragExtension.maxFragLenStringizer), |
|
85 |
EE_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
86 |
SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
87 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
88 |
MaxFragExtension.eeNetworkProducer, |
|
89 |
MaxFragExtension.eeOnLoadConsumer, |
|
90 |
null, |
|
91 |
MaxFragExtension.eeOnTradeConsumer, |
|
92 |
null, |
|
93 |
MaxFragExtension.maxFragLenStringizer), |
|
94 |
CLIENT_CERTIFICATE_URL (0x0002, "client_certificate_url"), |
|
95 |
TRUSTED_CA_KEYS (0x0003, "trusted_ca_keys"), |
|
96 |
TRUNCATED_HMAC (0x0004, "truncated_hmac"), |
|
97 |
||
98 |
CH_STATUS_REQUEST (0x0005, "status_request", |
|
99 |
SSLHandshake.CLIENT_HELLO, |
|
100 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
101 |
CertStatusExtension.chNetworkProducer, |
|
102 |
CertStatusExtension.chOnLoadConsumer, |
|
103 |
null, |
|
104 |
null, |
|
105 |
null, |
|
106 |
CertStatusExtension.certStatusReqStringizer), |
|
107 |
SH_STATUS_REQUEST (0x0005, "status_request", |
|
108 |
SSLHandshake.SERVER_HELLO, |
|
109 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
110 |
CertStatusExtension.shNetworkProducer, |
|
111 |
CertStatusExtension.shOnLoadConsumer, |
|
112 |
null, |
|
113 |
null, |
|
114 |
null, |
|
115 |
CertStatusExtension.certStatusReqStringizer), |
|
116 |
||
117 |
CR_STATUS_REQUEST (0x0005, "status_request"), |
|
118 |
CT_STATUS_REQUEST (0x0005, "status_request", |
|
119 |
SSLHandshake.CERTIFICATE, |
|
120 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
121 |
CertStatusExtension.ctNetworkProducer, |
|
122 |
CertStatusExtension.ctOnLoadConsumer, |
|
123 |
null, |
|
124 |
null, |
|
125 |
null, |
|
126 |
CertStatusExtension.certStatusRespStringizer), |
|
127 |
// extensions defined in RFC 4681 |
|
128 |
USER_MAPPING (0x0006, "user_mapping"), |
|
129 |
||
130 |
// extensions defined in RFC 5878 |
|
131 |
CLIENT_AUTHZ (0x0007, "client_authz"), |
|
132 |
SERVER_AUTHZ (0x0008, "server_authz"), |
|
133 |
||
134 |
// extensions defined in RFC 5081 |
|
135 |
CERT_TYPE (0x0009, "cert_type"), |
|
136 |
||
137 |
// extensions defined in RFC 4492 (ECC) |
|
138 |
CH_SUPPORTED_GROUPS (0x000A, "supported_groups", |
|
139 |
SSLHandshake.CLIENT_HELLO, |
|
140 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
141 |
SupportedGroupsExtension.chNetworkProducer, |
|
142 |
SupportedGroupsExtension.chOnLoadConsumer, |
|
143 |
null, |
|
144 |
null, |
|
145 |
null, |
|
146 |
SupportedGroupsExtension.sgsStringizer), |
|
147 |
EE_SUPPORTED_GROUPS (0x000A, "supported_groups", |
|
148 |
SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
149 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
150 |
SupportedGroupsExtension.eeNetworkProducer, |
|
151 |
SupportedGroupsExtension.eeOnLoadConsumer, |
|
152 |
null, |
|
153 |
null, |
|
154 |
null, |
|
155 |
SupportedGroupsExtension.sgsStringizer), |
|
156 |
||
157 |
CH_EC_POINT_FORMATS (0x000B, "ec_point_formats", |
|
158 |
SSLHandshake.CLIENT_HELLO, |
|
159 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
160 |
ECPointFormatsExtension.chNetworkProducer, |
|
161 |
ECPointFormatsExtension.chOnLoadConsumer, |
|
162 |
null, |
|
163 |
null, |
|
164 |
null, |
|
165 |
ECPointFormatsExtension.epfStringizer), |
|
166 |
SH_EC_POINT_FORMATS (0x000B, "ec_point_formats", |
|
167 |
SSLHandshake.SERVER_HELLO, |
|
168 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
169 |
null, // not use of the producer |
|
170 |
ECPointFormatsExtension.shOnLoadConsumer, |
|
171 |
null, |
|
172 |
null, |
|
173 |
null, |
|
174 |
ECPointFormatsExtension.epfStringizer), |
|
175 |
||
176 |
// extensions defined in RFC 5054 |
|
177 |
SRP (0x000C, "srp"), |
|
178 |
||
179 |
// extensions defined in RFC 5246 |
|
180 |
CH_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", |
|
181 |
SSLHandshake.CLIENT_HELLO, |
|
182 |
ProtocolVersion.PROTOCOLS_12_13, |
|
183 |
SignatureAlgorithmsExtension.chNetworkProducer, |
|
184 |
SignatureAlgorithmsExtension.chOnLoadConsumer, |
|
185 |
SignatureAlgorithmsExtension.chOnLoadAbsence, |
|
186 |
SignatureAlgorithmsExtension.chOnTradeConsumer, |
|
187 |
SignatureAlgorithmsExtension.chOnTradeAbsence, |
|
188 |
SignatureAlgorithmsExtension.ssStringizer), |
|
189 |
CR_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", |
|
190 |
SSLHandshake.CERTIFICATE_REQUEST, |
|
191 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
192 |
SignatureAlgorithmsExtension.crNetworkProducer, |
|
193 |
SignatureAlgorithmsExtension.crOnLoadConsumer, |
|
194 |
SignatureAlgorithmsExtension.crOnLoadAbsence, |
|
195 |
SignatureAlgorithmsExtension.crOnTradeConsumer, |
|
196 |
null, |
|
197 |
SignatureAlgorithmsExtension.ssStringizer), |
|
198 |
||
199 |
CH_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", |
|
200 |
SSLHandshake.CLIENT_HELLO, |
|
201 |
ProtocolVersion.PROTOCOLS_12_13, |
|
202 |
CertSignAlgsExtension.chNetworkProducer, |
|
203 |
CertSignAlgsExtension.chOnLoadConsumer, |
|
204 |
null, |
|
205 |
CertSignAlgsExtension.chOnTradeConsumer, |
|
206 |
null, |
|
207 |
CertSignAlgsExtension.ssStringizer), |
|
208 |
CR_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", |
|
209 |
SSLHandshake.CERTIFICATE_REQUEST, |
|
210 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
211 |
CertSignAlgsExtension.crNetworkProducer, |
|
212 |
CertSignAlgsExtension.crOnLoadConsumer, |
|
213 |
null, |
|
214 |
CertSignAlgsExtension.crOnTradeConsumer, |
|
215 |
null, |
|
216 |
CertSignAlgsExtension.ssStringizer), |
|
217 |
||
218 |
// extensions defined in RFC 5764 |
|
219 |
USE_SRTP (0x000E, "use_srtp"), |
|
220 |
||
221 |
// extensions defined in RFC 6520 |
|
222 |
HEARTBEAT (0x000E, "heartbeat"), |
|
223 |
||
224 |
// extension defined in RFC 7301 (ALPN) |
|
225 |
CH_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
226 |
SSLHandshake.CLIENT_HELLO, |
|
227 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
228 |
AlpnExtension.chNetworkProducer, |
|
229 |
AlpnExtension.chOnLoadConsumer, |
|
230 |
AlpnExtension.chOnLoadAbsence, |
|
231 |
null, |
|
232 |
null, |
|
233 |
AlpnExtension.alpnStringizer), |
|
234 |
SH_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
235 |
SSLHandshake.SERVER_HELLO, |
|
236 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
237 |
AlpnExtension.shNetworkProducer, |
|
238 |
AlpnExtension.shOnLoadConsumer, |
|
239 |
AlpnExtension.shOnLoadAbsence, |
|
240 |
null, |
|
241 |
null, |
|
242 |
AlpnExtension.alpnStringizer), |
|
243 |
EE_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
244 |
SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
245 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
246 |
AlpnExtension.shNetworkProducer, |
|
247 |
AlpnExtension.shOnLoadConsumer, |
|
248 |
AlpnExtension.shOnLoadAbsence, |
|
249 |
null, |
|
250 |
null, |
|
251 |
AlpnExtension.alpnStringizer), |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
252 |
|
50768 | 253 |
// extensions defined in RFC 6961 |
254 |
CH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", |
|
255 |
SSLHandshake.CLIENT_HELLO, |
|
256 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
257 |
CertStatusExtension.chV2NetworkProducer, |
|
258 |
CertStatusExtension.chV2OnLoadConsumer, |
|
259 |
null, |
|
260 |
null, |
|
261 |
null, |
|
262 |
CertStatusExtension.certStatusReqV2Stringizer), |
|
263 |
SH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", |
|
264 |
SSLHandshake.SERVER_HELLO, |
|
265 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
266 |
CertStatusExtension.shV2NetworkProducer, |
|
267 |
CertStatusExtension.shV2OnLoadConsumer, |
|
268 |
null, |
|
269 |
null, |
|
270 |
null, |
|
271 |
CertStatusExtension.certStatusReqV2Stringizer), |
|
272 |
||
273 |
// extensions defined in RFC 6962 |
|
274 |
SIGNED_CERT_TIMESTAMP (0x0012, "signed_certificate_timestamp"), |
|
275 |
||
276 |
// extensions defined in RFC 7250 |
|
277 |
CLIENT_CERT_TYPE (0x0013, "padding"), |
|
278 |
SERVER_CERT_TYPE (0x0014, "server_certificate_type"), |
|
279 |
||
280 |
// extensions defined in RFC 7685 |
|
281 |
PADDING (0x0015, "client_certificate_type"), |
|
282 |
||
283 |
// extensions defined in RFC 7366 |
|
284 |
ENCRYPT_THEN_MAC (0x0016, "encrypt_then_mac"), |
|
285 |
||
286 |
// extensions defined in RFC 7627 |
|
287 |
CH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", |
|
288 |
SSLHandshake.CLIENT_HELLO, |
|
289 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
290 |
ExtendedMasterSecretExtension.chNetworkProducer, |
|
291 |
ExtendedMasterSecretExtension.chOnLoadConsumer, |
|
292 |
ExtendedMasterSecretExtension.chOnLoadAbsence, |
|
293 |
null, |
|
294 |
null, |
|
295 |
ExtendedMasterSecretExtension.emsStringizer), |
|
296 |
SH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", |
|
297 |
SSLHandshake.SERVER_HELLO, |
|
298 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
299 |
ExtendedMasterSecretExtension.shNetworkProducer, |
|
300 |
ExtendedMasterSecretExtension.shOnLoadConsumer, |
|
301 |
ExtendedMasterSecretExtension.shOnLoadAbsence, |
|
302 |
null, |
|
303 |
null, |
|
304 |
ExtendedMasterSecretExtension.emsStringizer), |
|
305 |
||
306 |
// extensions defined in RFC draft-ietf-tokbind-negotiation |
|
307 |
TOKEN_BINDING (0x0018, "token_binding "), |
|
308 |
||
309 |
// extensions defined in RFC 7924 |
|
310 |
CACHED_INFO (0x0019, "cached_info"), |
|
311 |
||
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
312 |
// extensions defined in RFC 5077 |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
313 |
CH_SESSION_TICKET (0x0023, "session_ticket", |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
314 |
SSLHandshake.CLIENT_HELLO, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
315 |
ProtocolVersion.PROTOCOLS_10_12, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
316 |
SessionTicketExtension.chNetworkProducer, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
317 |
SessionTicketExtension.chOnLoadConsumer, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
318 |
null, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
319 |
null, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
320 |
null, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
321 |
SessionTicketExtension.steStringizer), |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
322 |
//null), |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
323 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
324 |
SH_SESSION_TICKET (0x0023, "session_ticket", |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
325 |
SSLHandshake.SERVER_HELLO, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
326 |
ProtocolVersion.PROTOCOLS_10_12, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
327 |
SessionTicketExtension.shNetworkProducer, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
328 |
SessionTicketExtension.shOnLoadConsumer, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
329 |
null, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
330 |
null, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
331 |
null, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
332 |
SessionTicketExtension.steStringizer), |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
50768
diff
changeset
|
333 |
//null), |
50768 | 334 |
|
335 |
// extensions defined in TLS 1.3 |
|
336 |
CH_EARLY_DATA (0x002A, "early_data"), |
|
337 |
EE_EARLY_DATA (0x002A, "early_data"), |
|
338 |
NST_EARLY_DATA (0x002A, "early_data"), |
|
339 |
||
340 |
CH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
341 |
SSLHandshake.CLIENT_HELLO, |
|
342 |
ProtocolVersion.PROTOCOLS_TO_13, |
|
343 |
SupportedVersionsExtension.chNetworkProducer, |
|
344 |
SupportedVersionsExtension.chOnLoadConsumer, |
|
345 |
null, |
|
346 |
null, |
|
347 |
null, |
|
348 |
SupportedVersionsExtension.chStringizer), |
|
349 |
SH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
350 |
SSLHandshake.SERVER_HELLO, |
|
351 |
// and HelloRetryRequest |
|
352 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
353 |
SupportedVersionsExtension.shNetworkProducer, |
|
354 |
SupportedVersionsExtension.shOnLoadConsumer, |
|
355 |
null, |
|
356 |
null, |
|
357 |
null, |
|
358 |
SupportedVersionsExtension.shStringizer), |
|
359 |
HRR_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
360 |
SSLHandshake.HELLO_RETRY_REQUEST, |
|
361 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
362 |
SupportedVersionsExtension.hrrNetworkProducer, |
|
363 |
SupportedVersionsExtension.hrrOnLoadConsumer, |
|
364 |
null, |
|
365 |
null, |
|
366 |
null, |
|
367 |
SupportedVersionsExtension.hrrStringizer), |
|
368 |
MH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
369 |
SSLHandshake.MESSAGE_HASH, |
|
370 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
371 |
SupportedVersionsExtension.hrrReproducer, |
|
372 |
null, null, null, |
|
373 |
null, |
|
374 |
SupportedVersionsExtension.hrrStringizer), |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
375 |
|
50768 | 376 |
CH_COOKIE (0x002C, "cookie", |
377 |
SSLHandshake.CLIENT_HELLO, |
|
378 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
379 |
CookieExtension.chNetworkProducer, |
|
380 |
CookieExtension.chOnLoadConsumer, |
|
381 |
null, |
|
382 |
CookieExtension.chOnTradeConsumer, |
|
383 |
null, |
|
384 |
CookieExtension.cookieStringizer), |
|
385 |
HRR_COOKIE (0x002C, "cookie", |
|
386 |
SSLHandshake.HELLO_RETRY_REQUEST, |
|
387 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
388 |
CookieExtension.hrrNetworkProducer, |
|
389 |
CookieExtension.hrrOnLoadConsumer, |
|
390 |
null, null, |
|
391 |
null, |
|
392 |
CookieExtension.cookieStringizer), |
|
393 |
MH_COOKIE (0x002C, "cookie", |
|
394 |
SSLHandshake.MESSAGE_HASH, |
|
395 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
396 |
CookieExtension.hrrNetworkReproducer, |
|
397 |
null, null, null, |
|
398 |
null, |
|
399 |
CookieExtension.cookieStringizer), |
|
400 |
||
401 |
PSK_KEY_EXCHANGE_MODES (0x002D, "psk_key_exchange_modes", |
|
402 |
SSLHandshake.CLIENT_HELLO, |
|
403 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
404 |
PskKeyExchangeModesExtension.chNetworkProducer, |
|
405 |
PskKeyExchangeModesExtension.chOnLoadConsumer, |
|
406 |
PskKeyExchangeModesExtension.chOnLoadAbsence, |
|
407 |
null, |
|
408 |
PskKeyExchangeModesExtension.chOnTradeAbsence, |
|
409 |
PskKeyExchangeModesExtension.pkemStringizer), |
|
410 |
CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities"), |
|
411 |
OID_FILTERS (0x0030, "oid_filters"), |
|
412 |
POST_HANDSHAKE_AUTH (0x0030, "post_handshake_auth"), |
|
413 |
||
414 |
CH_KEY_SHARE (0x0033, "key_share", |
|
415 |
SSLHandshake.CLIENT_HELLO, |
|
416 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
417 |
KeyShareExtension.chNetworkProducer, |
|
418 |
KeyShareExtension.chOnLoadConsumer, |
|
419 |
null, null, null, |
|
420 |
KeyShareExtension.chStringizer), |
|
421 |
SH_KEY_SHARE (0x0033, "key_share", |
|
422 |
SSLHandshake.SERVER_HELLO, |
|
423 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
424 |
KeyShareExtension.shNetworkProducer, |
|
425 |
KeyShareExtension.shOnLoadConsumer, |
|
426 |
KeyShareExtension.shOnLoadAbsence, |
|
427 |
null, |
|
428 |
null, |
|
429 |
KeyShareExtension.shStringizer), |
|
430 |
HRR_KEY_SHARE (0x0033, "key_share", |
|
431 |
SSLHandshake.HELLO_RETRY_REQUEST, |
|
432 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
433 |
KeyShareExtension.hrrNetworkProducer, |
|
434 |
KeyShareExtension.hrrOnLoadConsumer, |
|
435 |
null, null, null, |
|
436 |
KeyShareExtension.hrrStringizer), |
|
437 |
MH_KEY_SHARE (0x0033, "key_share", |
|
438 |
SSLHandshake.MESSAGE_HASH, |
|
439 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
440 |
KeyShareExtension.hrrNetworkReproducer, |
|
441 |
null, null, null, null, |
|
442 |
KeyShareExtension.hrrStringizer), |
|
443 |
||
444 |
// Extensions defined in RFC 5746 |
|
445 |
CH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", |
|
446 |
SSLHandshake.CLIENT_HELLO, |
|
447 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
448 |
RenegoInfoExtension.chNetworkProducer, |
|
449 |
RenegoInfoExtension.chOnLoadConsumer, |
|
450 |
RenegoInfoExtension.chOnLoadAbsence, |
|
451 |
null, |
|
452 |
null, |
|
453 |
RenegoInfoExtension.rniStringizer), |
|
454 |
SH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", |
|
455 |
SSLHandshake.SERVER_HELLO, |
|
456 |
ProtocolVersion.PROTOCOLS_TO_12, |
|
457 |
RenegoInfoExtension.shNetworkProducer, |
|
458 |
RenegoInfoExtension.shOnLoadConsumer, |
|
459 |
RenegoInfoExtension.shOnLoadAbsence, |
|
460 |
null, |
|
461 |
null, |
|
462 |
RenegoInfoExtension.rniStringizer), |
|
463 |
||
464 |
// TLS 1.3 PSK extension must be last |
|
465 |
CH_PRE_SHARED_KEY (0x0029, "pre_shared_key", |
|
466 |
SSLHandshake.CLIENT_HELLO, |
|
467 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
468 |
PreSharedKeyExtension.chNetworkProducer, |
|
469 |
PreSharedKeyExtension.chOnLoadConsumer, |
|
470 |
PreSharedKeyExtension.chOnLoadAbsence, |
|
471 |
PreSharedKeyExtension.chOnTradeConsumer, |
|
472 |
null, |
|
473 |
PreSharedKeyExtension.chStringizer), |
|
474 |
SH_PRE_SHARED_KEY (0x0029, "pre_shared_key", |
|
475 |
SSLHandshake.SERVER_HELLO, |
|
476 |
ProtocolVersion.PROTOCOLS_OF_13, |
|
477 |
PreSharedKeyExtension.shNetworkProducer, |
|
478 |
PreSharedKeyExtension.shOnLoadConsumer, |
|
479 |
PreSharedKeyExtension.shOnLoadAbsence, |
|
480 |
null, null, |
|
481 |
PreSharedKeyExtension.shStringizer); |
|
482 |
||
483 |
final int id; |
|
484 |
final SSLHandshake handshakeType; |
|
485 |
final String name; |
|
486 |
final ProtocolVersion[] supportedProtocols; |
|
55353 | 487 |
|
488 |
/* |
|
489 |
* networkProducer: produces outbound handshake data. |
|
490 |
* |
|
491 |
* onLoadConsumer: parses inbound data. It may not be appropriate |
|
492 |
* to act until all of the message inputs have |
|
493 |
* been parsed. (e.g. parsing keyShares and choosing |
|
494 |
* a local value without having seen the SupportedGroups |
|
495 |
* extension.) |
|
496 |
* |
|
497 |
* onLoadAbsence: if a missing message needs special handling |
|
498 |
* during the load phase. |
|
499 |
* |
|
500 |
* onTradeConsumer: act on the parsed message once all inbound data has |
|
501 |
* been traded and parsed. |
|
502 |
* |
|
503 |
* onTradeAbsence: if a missing message needs special handling |
|
504 |
* during the trade phase. |
|
505 |
*/ |
|
50768 | 506 |
final HandshakeProducer networkProducer; |
507 |
final ExtensionConsumer onLoadConsumer; |
|
508 |
final HandshakeAbsence onLoadAbsence; |
|
509 |
final HandshakeConsumer onTradeConsumer; |
|
510 |
final HandshakeAbsence onTradeAbsence; |
|
511 |
final SSLStringizer stringizer; |
|
512 |
||
513 |
// known but unsupported extension |
|
514 |
private SSLExtension(int id, String name) { |
|
515 |
this.id = id; |
|
516 |
this.handshakeType = SSLHandshake.NOT_APPLICABLE; |
|
517 |
this.name = name; |
|
518 |
this.supportedProtocols = new ProtocolVersion[0]; |
|
519 |
this.networkProducer = null; |
|
520 |
this.onLoadConsumer = null; |
|
521 |
this.onLoadAbsence = null; |
|
522 |
this.onTradeConsumer = null; |
|
523 |
this.onTradeAbsence = null; |
|
524 |
this.stringizer = null; |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
525 |
} |
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
526 |
|
50768 | 527 |
// supported extension |
528 |
private SSLExtension(int id, String name, SSLHandshake handshakeType, |
|
529 |
ProtocolVersion[] supportedProtocols, |
|
530 |
HandshakeProducer producer, |
|
531 |
ExtensionConsumer onLoadConsumer, HandshakeAbsence onLoadAbsence, |
|
532 |
HandshakeConsumer onTradeConsumer, HandshakeAbsence onTradeAbsence, |
|
533 |
SSLStringizer stringize) { |
|
534 |
this.id = id; |
|
535 |
this.handshakeType = handshakeType; |
|
536 |
this.name = name; |
|
537 |
this.supportedProtocols = supportedProtocols; |
|
538 |
this.networkProducer = producer; |
|
539 |
this.onLoadConsumer = onLoadConsumer; |
|
540 |
this.onLoadAbsence = onLoadAbsence; |
|
541 |
this.onTradeConsumer = onTradeConsumer; |
|
542 |
this.onTradeAbsence = onTradeAbsence; |
|
543 |
this.stringizer = stringize; |
|
544 |
} |
|
545 |
||
546 |
static SSLExtension valueOf(SSLHandshake handshakeType, int extensionType) { |
|
547 |
for (SSLExtension ext : SSLExtension.values()) { |
|
548 |
if (ext.id == extensionType && |
|
549 |
ext.handshakeType == handshakeType) { |
|
550 |
return ext; |
|
551 |
} |
|
552 |
} |
|
553 |
||
554 |
return null; |
|
555 |
} |
|
556 |
||
557 |
static boolean isConsumable(int extensionType) { |
|
558 |
for (SSLExtension ext : SSLExtension.values()) { |
|
559 |
if (ext.id == extensionType && |
|
560 |
ext.onLoadConsumer != null) { |
|
561 |
return true; |
|
562 |
} |
|
563 |
} |
|
564 |
||
565 |
return false; |
|
566 |
} |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
567 |
|
50768 | 568 |
public byte[] produce(ConnectionContext context, |
569 |
HandshakeMessage message) throws IOException { |
|
570 |
if (networkProducer != null) { |
|
571 |
return networkProducer.produce(context, message); |
|
572 |
} else { |
|
573 |
throw new UnsupportedOperationException( |
|
574 |
"Not yet supported extension producing."); |
|
575 |
} |
|
576 |
} |
|
577 |
||
578 |
public void consumeOnLoad(ConnectionContext context, |
|
579 |
HandshakeMessage message, ByteBuffer buffer) throws IOException { |
|
580 |
if (onLoadConsumer != null) { |
|
581 |
onLoadConsumer.consume(context, message, buffer); |
|
582 |
} else { |
|
583 |
throw new UnsupportedOperationException( |
|
584 |
"Not yet supported extension loading."); |
|
585 |
} |
|
586 |
} |
|
587 |
||
588 |
public void consumeOnTrade(ConnectionContext context, |
|
589 |
HandshakeMessage message) throws IOException { |
|
590 |
if (onTradeConsumer != null) { |
|
591 |
onTradeConsumer.consume(context, message); |
|
592 |
} else { |
|
593 |
throw new UnsupportedOperationException( |
|
594 |
"Not yet supported extension processing."); |
|
595 |
} |
|
596 |
} |
|
597 |
||
598 |
void absentOnLoad(ConnectionContext context, |
|
599 |
HandshakeMessage message) throws IOException { |
|
600 |
if (onLoadAbsence != null) { |
|
601 |
onLoadAbsence.absent(context, message); |
|
602 |
} else { |
|
603 |
throw new UnsupportedOperationException( |
|
604 |
"Not yet supported extension absence processing."); |
|
605 |
} |
|
606 |
} |
|
607 |
||
608 |
void absentOnTrade(ConnectionContext context, |
|
609 |
HandshakeMessage message) throws IOException { |
|
610 |
if (onTradeAbsence != null) { |
|
611 |
onTradeAbsence.absent(context, message); |
|
612 |
} else { |
|
613 |
throw new UnsupportedOperationException( |
|
614 |
"Not yet supported extension absence processing."); |
|
615 |
} |
|
616 |
} |
|
617 |
||
618 |
public boolean isAvailable(ProtocolVersion protocolVersion) { |
|
619 |
for (int i = 0; i < supportedProtocols.length; i++) { |
|
620 |
if (supportedProtocols[i] == protocolVersion) { |
|
621 |
return true; |
|
622 |
} |
|
623 |
} |
|
624 |
||
625 |
return false; |
|
626 |
} |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
627 |
|
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
14342
diff
changeset
|
628 |
@Override |
50768 | 629 |
public String toString() { |
630 |
return name; |
|
631 |
} |
|
632 |
||
633 |
@Override |
|
634 |
public String toString(ByteBuffer byteBuffer) { |
|
635 |
MessageFormat messageFormat = new MessageFormat( |
|
636 |
"\"{0} ({1})\": '{'\n" + |
|
637 |
"{2}\n" + |
|
638 |
"'}'", |
|
639 |
Locale.ENGLISH); |
|
640 |
||
641 |
String extData; |
|
642 |
if (stringizer == null) { |
|
643 |
HexDumpEncoder hexEncoder = new HexDumpEncoder(); |
|
644 |
String encoded = hexEncoder.encode(byteBuffer.duplicate()); |
|
645 |
extData = encoded; |
|
646 |
} else { |
|
647 |
extData = stringizer.toString(byteBuffer); |
|
648 |
} |
|
649 |
||
650 |
Object[] messageFields = { |
|
651 |
this.name, |
|
652 |
this.id, |
|
653 |
Utilities.indent(extData) |
|
654 |
}; |
|
655 |
||
656 |
return messageFormat.format(messageFields); |
|
657 |
} |
|
658 |
||
659 |
////////////////////////////////////////////////////// |
|
660 |
// Nested extension, consumer and producer interfaces. |
|
661 |
||
662 |
static interface ExtensionConsumer { |
|
663 |
void consume(ConnectionContext context, |
|
664 |
HandshakeMessage message, ByteBuffer buffer) throws IOException; |
|
665 |
} |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
666 |
|
50768 | 667 |
/** |
668 |
* A (transparent) specification of extension data. |
|
669 |
* |
|
670 |
* This interface contains no methods or constants. Its only purpose is to |
|
671 |
* group all extension data. All extension data should implement this |
|
672 |
* interface if the data is expected to handle in the following handshake |
|
673 |
* processes. |
|
674 |
*/ |
|
675 |
static interface SSLExtensionSpec { |
|
676 |
// blank |
|
677 |
} |
|
678 |
||
679 |
// Default enabled client extensions. |
|
680 |
static final class ClientExtensions { |
|
681 |
static final Collection<SSLExtension> defaults; |
|
682 |
||
683 |
static { |
|
684 |
Collection<SSLExtension> extensions = new LinkedList<>(); |
|
685 |
for (SSLExtension extension : SSLExtension.values()) { |
|
686 |
if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) { |
|
687 |
extensions.add(extension); |
|
688 |
} |
|
689 |
} |
|
690 |
||
691 |
// Switch off SNI extention? |
|
692 |
boolean enableExtension = |
|
693 |
Utilities.getBooleanProperty("jsse.enableSNIExtension", true); |
|
694 |
if (!enableExtension) { |
|
695 |
extensions.remove(CH_SERVER_NAME); |
|
696 |
} |
|
697 |
||
698 |
// To switch off the max_fragment_length extension. |
|
699 |
enableExtension = |
|
700 |
Utilities.getBooleanProperty("jsse.enableMFLExtension", false); |
|
701 |
if (!enableExtension) { |
|
702 |
extensions.remove(CH_MAX_FRAGMENT_LENGTH); |
|
703 |
} |
|
704 |
||
705 |
defaults = Collections.unmodifiableCollection(extensions); |
|
706 |
} |
|
707 |
} |
|
708 |
||
709 |
// Default enabled server extensions. |
|
710 |
static final class ServerExtensions { |
|
711 |
static final Collection<SSLExtension> defaults; |
|
712 |
||
713 |
static { |
|
714 |
Collection<SSLExtension> extensions = new LinkedList<>(); |
|
715 |
for (SSLExtension extension : SSLExtension.values()) { |
|
716 |
if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) { |
|
717 |
extensions.add(extension); |
|
718 |
} |
|
719 |
} |
|
720 |
||
721 |
defaults = Collections.unmodifiableCollection(extensions); |
|
722 |
} |
|
723 |
} |
|
14330
e4cb78065603
8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK
ohrstrom
parents:
diff
changeset
|
724 |
} |