jdk-sandbox: src/java.base/share/classes/sun/security/ssl/NewSessionTicket.java@9c3209ff7550 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
54253 01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53064 diff changeset	2	* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.math.BigInteger;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.SecureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import javax.crypto.SecretKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import javax.net.ssl.SSLHandshakeException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import sun.security.ssl.PskKeyExchangeModesExtension.PskKeyExchangeModesSpec;
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	37	import sun.security.ssl.SessionTicketExtension.SessionTicketSpec;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	38	import sun.security.ssl.SSLHandshake.HandshakeMessage;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	39	import sun.security.util.HexDumpEncoder;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	41	import static sun.security.ssl.SSLHandshake.NEW_SESSION_TICKET;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	* Pack of the NewSessionTicket handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	final class NewSessionTicket {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	47	static final int MAX_TICKET_LIFETIME = 604800; // seconds, 7 days
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	static final SSLConsumer handshakeConsumer =
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	49	new T13NewSessionTicketConsumer();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	50	static final SSLConsumer handshake12Consumer =
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	51	new T12NewSessionTicketConsumer();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	static final SSLProducer kickstartProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	new NewSessionTicketKickstartProducer();
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	54	static final HandshakeProducer handshake12Producer =
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	55	new T12NewSessionTicketProducer();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	/**
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	58	* The NewSessionTicketMessage handshake messages.
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	59	*/
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	60	abstract static class NewSessionTicketMessage extends HandshakeMessage {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	61	int ticketLifetime;
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	62	byte[] ticket = new byte[0];
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	63
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	64	NewSessionTicketMessage(HandshakeContext context) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	65	super(context);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	66	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	67
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	68	@Override
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	69	public SSLHandshake handshakeType() {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	70	return NEW_SESSION_TICKET;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	71	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	72
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	73	// For TLS 1.3 only
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	74	int getTicketAgeAdd() throws IOException {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	75	throw handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER,
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	76	"TicketAgeAdd not part of RFC 5077.");
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	77	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	78
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	79	// For TLS 1.3 only
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	80	byte[] getTicketNonce() throws IOException {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	81	throw handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER,
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	82	"TicketNonce not part of RFC 5077.");
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	83	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	84
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	85	boolean isValid() {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	86	return (ticket.length > 0);
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	87	}
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	88	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	89	/**
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	90	* NewSessionTicket for TLS 1.2 and below (RFC 5077)
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	*/
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	92	static final class T12NewSessionTicketMessage extends NewSessionTicketMessage {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	93
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	94	T12NewSessionTicketMessage(HandshakeContext context,
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	95	int ticketLifetime, byte[] ticket) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	96	super(context);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	97
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	98	this.ticketLifetime = ticketLifetime;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	99	this.ticket = ticket;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	100	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	101
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	102	T12NewSessionTicketMessage(HandshakeContext context,
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	103	ByteBuffer m) throws IOException {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	104
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	105	// RFC5077 struct {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	106	// uint32 ticket_lifetime;
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	107	// opaque ticket<0..2^16-1>;
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	108	// } NewSessionTicket;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	109
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	110	super(context);
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	111	if (m.remaining() < 6) {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	112	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	113	"Invalid NewSessionTicket message: insufficient data");
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	114	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	115
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	116	this.ticketLifetime = Record.getInt32(m);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	117	this.ticket = Record.getBytes16(m);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	118	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	119
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	120	@Override
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	121	public SSLHandshake handshakeType() {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	122	return NEW_SESSION_TICKET;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	123	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	125	@Override
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	126	public int messageLength() {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	127	return 4 + // ticketLifetime
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	128	2 + ticket.length; // len of ticket + ticket
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	129	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	130
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	131	@Override
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	132	public void send(HandshakeOutStream hos) throws IOException {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	133	hos.putInt32(ticketLifetime);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	134	hos.putBytes16(ticket);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	135	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	136
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	137	@Override
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	138	public String toString() {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	139	MessageFormat messageFormat = new MessageFormat(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	140	"\"NewSessionTicket\": '{'\n" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	141	" \"ticket_lifetime\" : \"{0}\",\n" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	142	" \"ticket\" : '{'\n" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	143	"{1}\n" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	144	" '}'" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	145	"'}'",
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	146	Locale.ENGLISH);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	147
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	148	HexDumpEncoder hexEncoder = new HexDumpEncoder();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	149	Object[] messageFields = {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	150	ticketLifetime,
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	151	Utilities.indent(hexEncoder.encode(ticket), " "),
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	152	};
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	153	return messageFormat.format(messageFields);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	154	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	155	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	156
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	157	/**
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	158	* NewSessionTicket defined by the TLS 1.3
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	159	*/
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	160	static final class T13NewSessionTicketMessage extends NewSessionTicketMessage {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	161	int ticketAgeAdd;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	162	byte[] ticketNonce;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	163	SSLExtensions extensions;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	164
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	165	T13NewSessionTicketMessage(HandshakeContext context,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	int ticketLifetime, SecureRandom generator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	byte[] ticketNonce, byte[] ticket) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	this.ticketLifetime = ticketLifetime;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	this.ticketAgeAdd = generator.nextInt();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	this.ticketNonce = ticketNonce;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	this.ticket = ticket;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	this.extensions = new SSLExtensions(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	177	T13NewSessionTicketMessage(HandshakeContext context,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	// uint32 ticket_lifetime;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	// uint32 ticket_age_add;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	// opaque ticket_nonce<0..255>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	// opaque ticket<1..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	// Extension extensions<0..2^16-2>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	// } NewSessionTicket;
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	188
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	if (m.remaining() < 14) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 52512 diff changeset	190	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	191	"Invalid NewSessionTicket message: insufficient data");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	this.ticketLifetime = Record.getInt32(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	this.ticketAgeAdd = Record.getInt32(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	this.ticketNonce = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	if (m.remaining() < 5) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 52512 diff changeset	199	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	200	"Invalid NewSessionTicket message: insufficient ticket" +
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	201	" data");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	this.ticket = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	if (ticket.length == 0) {
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	206	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	207	SSLLogger.fine(
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	"No ticket in the NewSessionTicket handshake message");
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	209	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	if (m.remaining() < 2) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 52512 diff changeset	213	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	214	"Invalid NewSessionTicket message: extra data");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	SSLExtension[] supportedExtensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	context.sslConfig.getEnabledExtensions(
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	219	NEW_SESSION_TICKET);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	this.extensions = new SSLExtensions(this, m, supportedExtensions);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	public SSLHandshake handshakeType() {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	225	return NEW_SESSION_TICKET;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	226	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	227
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	228	int getTicketAgeAdd() {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	229	return ticketAgeAdd;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	230	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	231
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	232	byte[] getTicketNonce() {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	233	return ticketNonce;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	public int messageLength() {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	238
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	int extLen = extensions.length();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	if (extLen == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	extLen = 2; // empty extensions
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	244	return 4 +// ticketLifetime
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	245	4 + // ticketAgeAdd
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	246	1 + ticketNonce.length + // len of nonce + nonce
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	247	2 + ticket.length + // len of ticket + ticket
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	248	extLen;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	hos.putInt32(ticketLifetime);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	hos.putInt32(ticketAgeAdd);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	hos.putBytes8(ticketNonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	hos.putBytes16(ticket);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	// Is it an empty extensions?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	if (extensions.length() == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	hos.putInt16(0);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	extensions.send(hos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	"\"NewSessionTicket\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	" \"ticket_lifetime\" : \"{0}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	" \"ticket_age_add\" : \"{1}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	" \"ticket_nonce\" : \"{2}\",\n" +
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	273	" \"ticket\" : '{'\n" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	274	"{3}\n" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	275	" '}'" +
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	" \"extensions\" : [\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	"{4}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	" ]\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	282	HexDumpEncoder hexEncoder = new HexDumpEncoder();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	ticketLifetime,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	"<omitted>", //ticketAgeAdd should not be logged
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	Utilities.toHexString(ticketNonce),
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	287	Utilities.indent(hexEncoder.encode(ticket), " "),
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	Utilities.indent(extensions.toString(), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	private static SecretKey derivePreSharedKey(CipherSuite.HashAlg hashAlg,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	SecretKey resumptionMasterSecret, byte[] nonce) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	HKDF hkdf = new HKDF(hashAlg.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	byte[] hkdfInfo = SSLSecretDerivation.createHkdfInfo(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	"tls13 resumption".getBytes(), nonce, hashAlg.hashLength);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	return hkdf.expand(resumptionMasterSecret, hkdfInfo,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	hashAlg.hashLength, "TlsPreSharedKey");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	throw (SSLHandshakeException) new SSLHandshakeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	"Could not derive PSK").initCause(gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	class NewSessionTicketKickstartProducer implements SSLProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	private NewSessionTicketKickstartProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	public byte[] produce(ConnectionContext context) throws IOException {
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	318	HandshakeContext hc = (HandshakeContext)context;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	320	// The producing happens in server side only.
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	321	if (hc instanceof ServerHandshakeContext) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	322	// Is this session resumable?
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	323	if (!hc.handshakeSession.isRejoinable()) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	324	return null;
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	325	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	327	// What's the requested PSK key exchange modes?
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	328	//
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	329	// Note that currently, the NewSessionTicket post-handshake is
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	330	// produced and delivered only in the current handshake context
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	331	// if required.
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	332	PskKeyExchangeModesSpec pkemSpec =
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	333	(PskKeyExchangeModesSpec) hc.handshakeExtensions.get(
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	334	SSLExtension.PSK_KEY_EXCHANGE_MODES);
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	335	if (pkemSpec == null \|\| !pkemSpec.contains(
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	336	PskKeyExchangeModesExtension.PskKeyExchangeMode.PSK_DHE_KE)) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	337	// Client doesn't support PSK with (EC)DHE key establishment.
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	338	return null;
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	339	}
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	340	} else { // PostHandshakeContext
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	341
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	342	// Check if we have sent a PSK already, then we know it is using a
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	343	// allowable PSK exchange key mode
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	344	if (!hc.handshakeSession.isPSKable()) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	345	return null;
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	346	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	// get a new session ID
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	351	hc.sslContext.engineGetServerSessionContext();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	SessionId newId = new SessionId(true,
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	353	hc.sslContext.getSecureRandom());
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354
54253 01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53064 diff changeset	355	SecretKey resumptionMasterSecret =
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	356	hc.handshakeSession.getResumptionMasterSecret();
54253 01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53064 diff changeset	357	if (resumptionMasterSecret == null) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	"Session has no resumption secret. No ticket sent.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	// construct the PSK and handshake message
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	366	BigInteger nonce = hc.handshakeSession.incrTicketNonceCounter();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	byte[] nonceArr = nonce.toByteArray();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	SecretKey psk = derivePreSharedKey(
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	369	hc.negotiatedCipherSuite.hashAlg,
54253 01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53064 diff changeset	370	resumptionMasterSecret, nonceArr);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	int sessionTimeoutSeconds = sessionCache.getSessionTimeout();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	"Session timeout is too long. No ticket sent.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	381	NewSessionTicketMessage nstm = null;
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	382
52512 1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 50768 diff changeset	383	SSLSessionImpl sessionCopy =
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	384	new SSLSessionImpl(hc.handshakeSession, newId);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	sessionCopy.setPreSharedKey(psk);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	sessionCopy.setPskIdentity(newId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	388	// If a stateless ticket is allowed, attempt to make one
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	389	if (hc.handshakeSession.isStatelessable(hc)) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	390	nstm = new T13NewSessionTicketMessage(hc,
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	391	sessionTimeoutSeconds,
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	392	hc.sslContext.getSecureRandom(),
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	393	nonceArr,
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	394	new SessionTicketSpec().encrypt(hc, sessionCopy));
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	395	// If ticket construction failed, switch to session cache
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	396	if (!nstm.isValid()) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	397	hc.statelessResumption = false;
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	398	} else {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	399	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	400	SSLLogger.fine(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	401	"Produced NewSessionTicket stateless " +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	402	"handshake message", nstm);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	403	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	404	}
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	405	}
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	406	// If a session cache ticket is being used, make one
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	407	if (!hc.handshakeSession.isStatelessable(hc)) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	408	nstm = new T13NewSessionTicketMessage(hc, sessionTimeoutSeconds,
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	409	hc.sslContext.getSecureRandom(), nonceArr,
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	410	newId.getId());
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	411	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	412	SSLLogger.fine(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	413	"Produced NewSessionTicket handshake message",
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	414	nstm);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	415	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	416
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	417	// create and cache the new session
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	418	// The new session must be a child of the existing session so
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	419	// they will be invalidated together, etc.
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	420	hc.handshakeSession.addChild(sessionCopy);
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	421	sessionCopy.setTicketAgeAdd(nstm.getTicketAgeAdd());
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	422	sessionCache.put(sessionCopy);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	423	}
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	424
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	// Output the handshake message.
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	426	if (nstm != null) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	427	// should never be null
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	428	nstm.write(hc.handshakeOutput);
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	429	hc.handshakeOutput.flush();
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	430	}
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	431
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	432	if (hc instanceof PostHandshakeContext) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	433	((PostHandshakeContext) hc).finish();
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	434	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	// The message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	/**
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	442	* The "NewSessionTicket" handshake message producer for RFC 5077
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	*/
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	444	private static final class T12NewSessionTicketProducer
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	// Prevent instantiation of this class.
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	448	private T12NewSessionTicketProducer() {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	456	ServerHandshakeContext shc = (ServerHandshakeContext)context;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	457
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	458	// Is this session resumable?
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	459	if (!shc.handshakeSession.isRejoinable()) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	460	return null;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	461	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	462
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	463	// get a new session ID
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	464	SessionId newId = shc.handshakeSession.getSessionId();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	465
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	466	SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	467	shc.sslContext.engineGetServerSessionContext();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	468	int sessionTimeoutSeconds = sessionCache.getSessionTimeout();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	469	if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	470	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	471	SSLLogger.fine(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	472	"Session timeout is too long. No ticket sent.");
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	473	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	474	return null;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	475	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	476
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	477	SSLSessionImpl sessionCopy =
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	478	new SSLSessionImpl(shc.handshakeSession, newId);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	479	sessionCopy.setPskIdentity(newId.getId());
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	480
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	481	NewSessionTicketMessage nstm = new T12NewSessionTicketMessage(shc,
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	482	sessionTimeoutSeconds,
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	483	new SessionTicketSpec().encrypt(shc, sessionCopy));
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	484	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	485	SSLLogger.fine(
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	486	"Produced NewSessionTicket stateless handshake message", nstm);
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	487	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	488
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	489	// Output the handshake message.
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	490	nstm.write(shc.handshakeOutput);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	491	shc.handshakeOutput.flush();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	492
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	493	// The message has been delivered.
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	494	return null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	private static final
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	499	class T13NewSessionTicketConsumer implements SSLConsumer {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	// Prevent instantiation of this class.
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	501	private T13NewSessionTicketConsumer() {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	public void consume(ConnectionContext context,
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	507	ByteBuffer message) throws IOException {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	// Note: Although the resumption master secret depends on the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	// client's second flight, servers which do not request client
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	// authentication MAY compute the remainder of the transcript
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	// independently and then send a NewSessionTicket immediately
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513	// upon sending its Finished rather than waiting for the client
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	// Finished.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	//
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	516	// The consuming happens in client side only and is received after
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	517	// the server's Finished message with PostHandshakeContext.
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	518
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	NewSessionTicketMessage nstm =
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	521	new T13NewSessionTicketMessage(hc, message);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	"Consuming NewSessionTicket message", nstm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	527	SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	528	hc.sslContext.engineGetClientSessionContext();
af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	529
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	// discard tickets with timeout 0
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	if (nstm.ticketLifetime <= 0 \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	nstm.ticketLifetime > MAX_TICKET_LIFETIME) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	"Discarding NewSessionTicket with lifetime "
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	+ nstm.ticketLifetime, nstm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	}
57485 af4b0fc25bc4 8226338: Updates to Stateless Resumption ascarpino parents: 55336 diff changeset	538	sessionCache.remove(hc.handshakeSession.getSessionId());
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	if (sessionCache.getSessionTimeout() > MAX_TICKET_LIFETIME) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	"Session cache lifetime is too long. Discarding ticket.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	SSLSessionImpl sessionToSave = hc.conContext.conSession;
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	551	SecretKey psk = null;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	552	if (hc.negotiatedProtocol.useTLS13PlusSpec()) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	553	SecretKey resumptionMasterSecret =
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	554	sessionToSave.getResumptionMasterSecret();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	555	if (resumptionMasterSecret == null) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	556	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	557	SSLLogger.fine(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	558	"Session has no resumption master secret." +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	559	" Ignoring ticket.");
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	560	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	561	return;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	}
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	563
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	564	// derive the PSK
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	565	psk = derivePreSharedKey(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	566	sessionToSave.getSuite().hashAlg,
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	567	resumptionMasterSecret, nstm.getTicketNonce());
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	// create and cache the new session
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	// The new session must be a child of the existing session so
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	// they will be invalidated together, etc.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573	SessionId newId =
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	574	new SessionId(true, hc.sslContext.getSecureRandom());
52512 1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 50768 diff changeset	575	SSLSessionImpl sessionCopy = new SSLSessionImpl(sessionToSave,
1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 50768 diff changeset	576	newId);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	sessionToSave.addChild(sessionCopy);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	sessionCopy.setPreSharedKey(psk);
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	579	sessionCopy.setTicketAgeAdd(nstm.getTicketAgeAdd());
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	sessionCopy.setPskIdentity(nstm.ticket);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581	sessionCache.put(sessionCopy);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	// clean handshake context
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	584	if (hc.negotiatedProtocol.useTLS13PlusSpec()) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	585	hc.conContext.finishPostHandshake();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	586	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	587	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	588	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	589
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	590	private static final
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	591	class T12NewSessionTicketConsumer implements SSLConsumer {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	592	// Prevent instantiation of this class.
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	593	private T12NewSessionTicketConsumer() {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	594	// blank
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	595	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	596
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	597	@Override
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	598	public void consume(ConnectionContext context,
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	599	ByteBuffer message) throws IOException {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	600
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	601	HandshakeContext hc = (HandshakeContext)context;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	602	hc.handshakeConsumers.remove(NEW_SESSION_TICKET.id);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	603
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	604	NewSessionTicketMessage nstm = new T12NewSessionTicketMessage(hc,
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	605	message);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	606	if (nstm.ticket.length == 0) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	607	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	608	SSLLogger.fine("NewSessionTicket ticket was empty");
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	609	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	610	return;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	611	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	612
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	613	// discard tickets with timeout 0
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	614	if (nstm.ticketLifetime <= 0 \|\|
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	615	nstm.ticketLifetime > MAX_TICKET_LIFETIME) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	616	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	617	SSLLogger.fine(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	618	"Discarding NewSessionTicket with lifetime "
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	619	+ nstm.ticketLifetime, nstm);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	620	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	621	return;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	622	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	623
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	624	SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	625	hc.sslContext.engineGetClientSessionContext();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	626
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	627	if (sessionCache.getSessionTimeout() > MAX_TICKET_LIFETIME) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	628	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	629	SSLLogger.fine(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	630	"Session cache lifetime is too long. Discarding ticket.");
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	631	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	632	return;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	633	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	634
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	635	hc.handshakeSession.setPskIdentity(nstm.ticket);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	636	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	637	SSLLogger.fine("Consuming NewSessionTicket\n" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	638	nstm.toString());
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	639	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643

author	chegar
	Thu, 17 Oct 2019 20:54:25 +0100
branch	datagramsocketimpl-branch
changeset 58679	9c3209ff7550
parent 58678	9cf78a70fa4f
parent 57485	af4b0fc25bc4
permissions	-rw-r--r--