author | chegar |
Thu, 17 Oct 2019 20:54:25 +0100 | |
branch | datagramsocketimpl-branch |
changeset 58679 | 9c3209ff7550 |
parent 58678 | 9cf78a70fa4f |
parent 57485 | af4b0fc25bc4 |
permissions | -rw-r--r-- |
50768 | 1 |
/* |
54253 | 2 |
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. |
50768 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. Oracle designates this |
|
8 |
* particular file as subject to the "Classpath" exception as provided |
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
|
10 |
* |
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
24 |
*/ |
|
25 |
package sun.security.ssl; |
|
26 |
||
27 |
import java.io.IOException; |
|
28 |
import java.math.BigInteger; |
|
29 |
import java.nio.ByteBuffer; |
|
30 |
import java.security.GeneralSecurityException; |
|
31 |
import java.security.SecureRandom; |
|
32 |
import java.text.MessageFormat; |
|
33 |
import java.util.Locale; |
|
34 |
import javax.crypto.SecretKey; |
|
35 |
import javax.net.ssl.SSLHandshakeException; |
|
36 |
import sun.security.ssl.PskKeyExchangeModesExtension.PskKeyExchangeModesSpec; |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
37 |
import sun.security.ssl.SessionTicketExtension.SessionTicketSpec; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
38 |
import sun.security.ssl.SSLHandshake.HandshakeMessage; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
39 |
import sun.security.util.HexDumpEncoder; |
50768 | 40 |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
41 |
import static sun.security.ssl.SSLHandshake.NEW_SESSION_TICKET; |
50768 | 42 |
|
43 |
/** |
|
44 |
* Pack of the NewSessionTicket handshake message. |
|
45 |
*/ |
|
46 |
final class NewSessionTicket { |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
47 |
static final int MAX_TICKET_LIFETIME = 604800; // seconds, 7 days |
50768 | 48 |
static final SSLConsumer handshakeConsumer = |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
49 |
new T13NewSessionTicketConsumer(); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
50 |
static final SSLConsumer handshake12Consumer = |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
51 |
new T12NewSessionTicketConsumer(); |
50768 | 52 |
static final SSLProducer kickstartProducer = |
53 |
new NewSessionTicketKickstartProducer(); |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
54 |
static final HandshakeProducer handshake12Producer = |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
55 |
new T12NewSessionTicketProducer(); |
50768 | 56 |
|
57 |
/** |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
58 |
* The NewSessionTicketMessage handshake messages. |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
59 |
*/ |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
60 |
abstract static class NewSessionTicketMessage extends HandshakeMessage { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
61 |
int ticketLifetime; |
57485 | 62 |
byte[] ticket = new byte[0]; |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
63 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
64 |
NewSessionTicketMessage(HandshakeContext context) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
65 |
super(context); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
66 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
67 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
68 |
@Override |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
69 |
public SSLHandshake handshakeType() { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
70 |
return NEW_SESSION_TICKET; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
71 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
72 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
73 |
// For TLS 1.3 only |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
74 |
int getTicketAgeAdd() throws IOException { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
75 |
throw handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
76 |
"TicketAgeAdd not part of RFC 5077."); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
77 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
78 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
79 |
// For TLS 1.3 only |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
80 |
byte[] getTicketNonce() throws IOException { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
81 |
throw handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
82 |
"TicketNonce not part of RFC 5077."); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
83 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
84 |
|
57485 | 85 |
boolean isValid() { |
86 |
return (ticket.length > 0); |
|
87 |
} |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
88 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
89 |
/** |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
90 |
* NewSessionTicket for TLS 1.2 and below (RFC 5077) |
50768 | 91 |
*/ |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
92 |
static final class T12NewSessionTicketMessage extends NewSessionTicketMessage { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
93 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
94 |
T12NewSessionTicketMessage(HandshakeContext context, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
95 |
int ticketLifetime, byte[] ticket) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
96 |
super(context); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
97 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
98 |
this.ticketLifetime = ticketLifetime; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
99 |
this.ticket = ticket; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
100 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
101 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
102 |
T12NewSessionTicketMessage(HandshakeContext context, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
103 |
ByteBuffer m) throws IOException { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
104 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
105 |
// RFC5077 struct { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
106 |
// uint32 ticket_lifetime; |
57485 | 107 |
// opaque ticket<0..2^16-1>; |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
108 |
// } NewSessionTicket; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
109 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
110 |
super(context); |
57485 | 111 |
if (m.remaining() < 6) { |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
112 |
throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
57485 | 113 |
"Invalid NewSessionTicket message: insufficient data"); |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
114 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
115 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
116 |
this.ticketLifetime = Record.getInt32(m); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
117 |
this.ticket = Record.getBytes16(m); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
118 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
119 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
120 |
@Override |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
121 |
public SSLHandshake handshakeType() { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
122 |
return NEW_SESSION_TICKET; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
123 |
} |
50768 | 124 |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
125 |
@Override |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
126 |
public int messageLength() { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
127 |
return 4 + // ticketLifetime |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
128 |
2 + ticket.length; // len of ticket + ticket |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
129 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
130 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
131 |
@Override |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
132 |
public void send(HandshakeOutStream hos) throws IOException { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
133 |
hos.putInt32(ticketLifetime); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
134 |
hos.putBytes16(ticket); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
135 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
136 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
137 |
@Override |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
138 |
public String toString() { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
139 |
MessageFormat messageFormat = new MessageFormat( |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
140 |
"\"NewSessionTicket\": '{'\n" + |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
141 |
" \"ticket_lifetime\" : \"{0}\",\n" + |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
142 |
" \"ticket\" : '{'\n" + |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
143 |
"{1}\n" + |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
144 |
" '}'" + |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
145 |
"'}'", |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
146 |
Locale.ENGLISH); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
147 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
148 |
HexDumpEncoder hexEncoder = new HexDumpEncoder(); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
149 |
Object[] messageFields = { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
150 |
ticketLifetime, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
151 |
Utilities.indent(hexEncoder.encode(ticket), " "), |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
152 |
}; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
153 |
return messageFormat.format(messageFields); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
154 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
155 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
156 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
157 |
/** |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
158 |
* NewSessionTicket defined by the TLS 1.3 |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
159 |
*/ |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
160 |
static final class T13NewSessionTicketMessage extends NewSessionTicketMessage { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
161 |
int ticketAgeAdd; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
162 |
byte[] ticketNonce; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
163 |
SSLExtensions extensions; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
164 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
165 |
T13NewSessionTicketMessage(HandshakeContext context, |
50768 | 166 |
int ticketLifetime, SecureRandom generator, |
167 |
byte[] ticketNonce, byte[] ticket) { |
|
168 |
super(context); |
|
169 |
||
170 |
this.ticketLifetime = ticketLifetime; |
|
171 |
this.ticketAgeAdd = generator.nextInt(); |
|
172 |
this.ticketNonce = ticketNonce; |
|
173 |
this.ticket = ticket; |
|
174 |
this.extensions = new SSLExtensions(this); |
|
175 |
} |
|
176 |
||
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
177 |
T13NewSessionTicketMessage(HandshakeContext context, |
50768 | 178 |
ByteBuffer m) throws IOException { |
179 |
super(context); |
|
180 |
||
181 |
// struct { |
|
182 |
// uint32 ticket_lifetime; |
|
183 |
// uint32 ticket_age_add; |
|
184 |
// opaque ticket_nonce<0..255>; |
|
185 |
// opaque ticket<1..2^16-1>; |
|
186 |
// Extension extensions<0..2^16-2>; |
|
187 |
// } NewSessionTicket; |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
188 |
|
50768 | 189 |
if (m.remaining() < 14) { |
53064
103ed9569fc8
8215443: The use of TransportContext.fatal() leads to bad coding style
xuelei
parents:
52512
diff
changeset
|
190 |
throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
57485 | 191 |
"Invalid NewSessionTicket message: insufficient data"); |
50768 | 192 |
} |
193 |
||
194 |
this.ticketLifetime = Record.getInt32(m); |
|
195 |
this.ticketAgeAdd = Record.getInt32(m); |
|
196 |
this.ticketNonce = Record.getBytes8(m); |
|
197 |
||
198 |
if (m.remaining() < 5) { |
|
53064
103ed9569fc8
8215443: The use of TransportContext.fatal() leads to bad coding style
xuelei
parents:
52512
diff
changeset
|
199 |
throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
57485 | 200 |
"Invalid NewSessionTicket message: insufficient ticket" + |
201 |
" data"); |
|
50768 | 202 |
} |
203 |
||
204 |
this.ticket = Record.getBytes16(m); |
|
205 |
if (ticket.length == 0) { |
|
57485 | 206 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
207 |
SSLLogger.fine( |
|
50768 | 208 |
"No ticket in the NewSessionTicket handshake message"); |
57485 | 209 |
} |
50768 | 210 |
} |
211 |
||
212 |
if (m.remaining() < 2) { |
|
53064
103ed9569fc8
8215443: The use of TransportContext.fatal() leads to bad coding style
xuelei
parents:
52512
diff
changeset
|
213 |
throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
57485 | 214 |
"Invalid NewSessionTicket message: extra data"); |
50768 | 215 |
} |
216 |
||
217 |
SSLExtension[] supportedExtensions = |
|
218 |
context.sslConfig.getEnabledExtensions( |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
219 |
NEW_SESSION_TICKET); |
50768 | 220 |
this.extensions = new SSLExtensions(this, m, supportedExtensions); |
221 |
} |
|
222 |
||
223 |
@Override |
|
224 |
public SSLHandshake handshakeType() { |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
225 |
return NEW_SESSION_TICKET; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
226 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
227 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
228 |
int getTicketAgeAdd() { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
229 |
return ticketAgeAdd; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
230 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
231 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
232 |
byte[] getTicketNonce() { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
233 |
return ticketNonce; |
50768 | 234 |
} |
235 |
||
236 |
@Override |
|
237 |
public int messageLength() { |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
238 |
|
50768 | 239 |
int extLen = extensions.length(); |
240 |
if (extLen == 0) { |
|
241 |
extLen = 2; // empty extensions |
|
242 |
} |
|
243 |
||
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
244 |
return 4 +// ticketLifetime |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
245 |
4 + // ticketAgeAdd |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
246 |
1 + ticketNonce.length + // len of nonce + nonce |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
247 |
2 + ticket.length + // len of ticket + ticket |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
248 |
extLen; |
50768 | 249 |
} |
250 |
||
251 |
@Override |
|
252 |
public void send(HandshakeOutStream hos) throws IOException { |
|
253 |
hos.putInt32(ticketLifetime); |
|
254 |
hos.putInt32(ticketAgeAdd); |
|
255 |
hos.putBytes8(ticketNonce); |
|
256 |
hos.putBytes16(ticket); |
|
257 |
||
258 |
// Is it an empty extensions? |
|
259 |
if (extensions.length() == 0) { |
|
260 |
hos.putInt16(0); |
|
261 |
} else { |
|
262 |
extensions.send(hos); |
|
263 |
} |
|
264 |
} |
|
265 |
||
266 |
@Override |
|
267 |
public String toString() { |
|
268 |
MessageFormat messageFormat = new MessageFormat( |
|
269 |
"\"NewSessionTicket\": '{'\n" + |
|
270 |
" \"ticket_lifetime\" : \"{0}\",\n" + |
|
271 |
" \"ticket_age_add\" : \"{1}\",\n" + |
|
272 |
" \"ticket_nonce\" : \"{2}\",\n" + |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
273 |
" \"ticket\" : '{'\n" + |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
274 |
"{3}\n" + |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
275 |
" '}'" + |
50768 | 276 |
" \"extensions\" : [\n" + |
277 |
"{4}\n" + |
|
278 |
" ]\n" + |
|
279 |
"'}'", |
|
280 |
Locale.ENGLISH); |
|
281 |
||
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
282 |
HexDumpEncoder hexEncoder = new HexDumpEncoder(); |
50768 | 283 |
Object[] messageFields = { |
284 |
ticketLifetime, |
|
285 |
"<omitted>", //ticketAgeAdd should not be logged |
|
286 |
Utilities.toHexString(ticketNonce), |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
287 |
Utilities.indent(hexEncoder.encode(ticket), " "), |
50768 | 288 |
Utilities.indent(extensions.toString(), " ") |
289 |
}; |
|
290 |
||
291 |
return messageFormat.format(messageFields); |
|
292 |
} |
|
293 |
} |
|
294 |
||
295 |
private static SecretKey derivePreSharedKey(CipherSuite.HashAlg hashAlg, |
|
296 |
SecretKey resumptionMasterSecret, byte[] nonce) throws IOException { |
|
297 |
try { |
|
298 |
HKDF hkdf = new HKDF(hashAlg.name); |
|
299 |
byte[] hkdfInfo = SSLSecretDerivation.createHkdfInfo( |
|
300 |
"tls13 resumption".getBytes(), nonce, hashAlg.hashLength); |
|
301 |
return hkdf.expand(resumptionMasterSecret, hkdfInfo, |
|
302 |
hashAlg.hashLength, "TlsPreSharedKey"); |
|
303 |
} catch (GeneralSecurityException gse) { |
|
304 |
throw (SSLHandshakeException) new SSLHandshakeException( |
|
305 |
"Could not derive PSK").initCause(gse); |
|
306 |
} |
|
307 |
} |
|
308 |
||
309 |
private static final |
|
310 |
class NewSessionTicketKickstartProducer implements SSLProducer { |
|
311 |
// Prevent instantiation of this class. |
|
312 |
private NewSessionTicketKickstartProducer() { |
|
313 |
// blank |
|
314 |
} |
|
315 |
||
316 |
@Override |
|
317 |
public byte[] produce(ConnectionContext context) throws IOException { |
|
57485 | 318 |
HandshakeContext hc = (HandshakeContext)context; |
50768 | 319 |
|
57485 | 320 |
// The producing happens in server side only. |
321 |
if (hc instanceof ServerHandshakeContext) { |
|
322 |
// Is this session resumable? |
|
323 |
if (!hc.handshakeSession.isRejoinable()) { |
|
324 |
return null; |
|
325 |
} |
|
50768 | 326 |
|
57485 | 327 |
// What's the requested PSK key exchange modes? |
328 |
// |
|
329 |
// Note that currently, the NewSessionTicket post-handshake is |
|
330 |
// produced and delivered only in the current handshake context |
|
331 |
// if required. |
|
332 |
PskKeyExchangeModesSpec pkemSpec = |
|
333 |
(PskKeyExchangeModesSpec) hc.handshakeExtensions.get( |
|
334 |
SSLExtension.PSK_KEY_EXCHANGE_MODES); |
|
335 |
if (pkemSpec == null || !pkemSpec.contains( |
|
336 |
PskKeyExchangeModesExtension.PskKeyExchangeMode.PSK_DHE_KE)) { |
|
337 |
// Client doesn't support PSK with (EC)DHE key establishment. |
|
338 |
return null; |
|
339 |
} |
|
340 |
} else { // PostHandshakeContext |
|
341 |
||
342 |
// Check if we have sent a PSK already, then we know it is using a |
|
343 |
// allowable PSK exchange key mode |
|
344 |
if (!hc.handshakeSession.isPSKable()) { |
|
345 |
return null; |
|
346 |
} |
|
50768 | 347 |
} |
348 |
||
349 |
// get a new session ID |
|
350 |
SSLSessionContextImpl sessionCache = (SSLSessionContextImpl) |
|
57485 | 351 |
hc.sslContext.engineGetServerSessionContext(); |
50768 | 352 |
SessionId newId = new SessionId(true, |
57485 | 353 |
hc.sslContext.getSecureRandom()); |
50768 | 354 |
|
54253 | 355 |
SecretKey resumptionMasterSecret = |
57485 | 356 |
hc.handshakeSession.getResumptionMasterSecret(); |
54253 | 357 |
if (resumptionMasterSecret == null) { |
50768 | 358 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
359 |
SSLLogger.fine( |
|
360 |
"Session has no resumption secret. No ticket sent."); |
|
361 |
} |
|
362 |
return null; |
|
363 |
} |
|
364 |
||
365 |
// construct the PSK and handshake message |
|
57485 | 366 |
BigInteger nonce = hc.handshakeSession.incrTicketNonceCounter(); |
50768 | 367 |
byte[] nonceArr = nonce.toByteArray(); |
368 |
SecretKey psk = derivePreSharedKey( |
|
57485 | 369 |
hc.negotiatedCipherSuite.hashAlg, |
54253 | 370 |
resumptionMasterSecret, nonceArr); |
50768 | 371 |
|
372 |
int sessionTimeoutSeconds = sessionCache.getSessionTimeout(); |
|
373 |
if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) { |
|
374 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
375 |
SSLLogger.fine( |
|
376 |
"Session timeout is too long. No ticket sent."); |
|
377 |
} |
|
378 |
return null; |
|
379 |
} |
|
380 |
||
57485 | 381 |
NewSessionTicketMessage nstm = null; |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
382 |
|
52512
1838347a803b
8212885: TLS 1.3 resumed session does not retain peer certificate chain
jnimeh
parents:
50768
diff
changeset
|
383 |
SSLSessionImpl sessionCopy = |
57485 | 384 |
new SSLSessionImpl(hc.handshakeSession, newId); |
50768 | 385 |
sessionCopy.setPreSharedKey(psk); |
386 |
sessionCopy.setPskIdentity(newId.getId()); |
|
387 |
||
57485 | 388 |
// If a stateless ticket is allowed, attempt to make one |
389 |
if (hc.handshakeSession.isStatelessable(hc)) { |
|
390 |
nstm = new T13NewSessionTicketMessage(hc, |
|
391 |
sessionTimeoutSeconds, |
|
392 |
hc.sslContext.getSecureRandom(), |
|
393 |
nonceArr, |
|
394 |
new SessionTicketSpec().encrypt(hc, sessionCopy)); |
|
395 |
// If ticket construction failed, switch to session cache |
|
396 |
if (!nstm.isValid()) { |
|
397 |
hc.statelessResumption = false; |
|
398 |
} else { |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
399 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
400 |
SSLLogger.fine( |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
401 |
"Produced NewSessionTicket stateless " + |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
402 |
"handshake message", nstm); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
403 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
404 |
} |
57485 | 405 |
} |
406 |
// If a session cache ticket is being used, make one |
|
407 |
if (!hc.handshakeSession.isStatelessable(hc)) { |
|
408 |
nstm = new T13NewSessionTicketMessage(hc, sessionTimeoutSeconds, |
|
409 |
hc.sslContext.getSecureRandom(), nonceArr, |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
410 |
newId.getId()); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
411 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
412 |
SSLLogger.fine( |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
413 |
"Produced NewSessionTicket handshake message", |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
414 |
nstm); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
415 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
416 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
417 |
// create and cache the new session |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
418 |
// The new session must be a child of the existing session so |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
419 |
// they will be invalidated together, etc. |
57485 | 420 |
hc.handshakeSession.addChild(sessionCopy); |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
421 |
sessionCopy.setTicketAgeAdd(nstm.getTicketAgeAdd()); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
422 |
sessionCache.put(sessionCopy); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
423 |
} |
57485 | 424 |
|
50768 | 425 |
// Output the handshake message. |
57485 | 426 |
if (nstm != null) { |
427 |
// should never be null |
|
428 |
nstm.write(hc.handshakeOutput); |
|
429 |
hc.handshakeOutput.flush(); |
|
430 |
} |
|
431 |
||
432 |
if (hc instanceof PostHandshakeContext) { |
|
433 |
((PostHandshakeContext) hc).finish(); |
|
434 |
} |
|
50768 | 435 |
|
436 |
// The message has been delivered. |
|
437 |
return null; |
|
438 |
} |
|
439 |
} |
|
440 |
||
441 |
/** |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
442 |
* The "NewSessionTicket" handshake message producer for RFC 5077 |
50768 | 443 |
*/ |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
444 |
private static final class T12NewSessionTicketProducer |
50768 | 445 |
implements HandshakeProducer { |
446 |
||
447 |
// Prevent instantiation of this class. |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
448 |
private T12NewSessionTicketProducer() { |
50768 | 449 |
// blank |
450 |
} |
|
451 |
||
452 |
@Override |
|
453 |
public byte[] produce(ConnectionContext context, |
|
454 |
HandshakeMessage message) throws IOException { |
|
455 |
||
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
456 |
ServerHandshakeContext shc = (ServerHandshakeContext)context; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
457 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
458 |
// Is this session resumable? |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
459 |
if (!shc.handshakeSession.isRejoinable()) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
460 |
return null; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
461 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
462 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
463 |
// get a new session ID |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
464 |
SessionId newId = shc.handshakeSession.getSessionId(); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
465 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
466 |
SSLSessionContextImpl sessionCache = (SSLSessionContextImpl) |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
467 |
shc.sslContext.engineGetServerSessionContext(); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
468 |
int sessionTimeoutSeconds = sessionCache.getSessionTimeout(); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
469 |
if (sessionTimeoutSeconds > MAX_TICKET_LIFETIME) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
470 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
471 |
SSLLogger.fine( |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
472 |
"Session timeout is too long. No ticket sent."); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
473 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
474 |
return null; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
475 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
476 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
477 |
SSLSessionImpl sessionCopy = |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
478 |
new SSLSessionImpl(shc.handshakeSession, newId); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
479 |
sessionCopy.setPskIdentity(newId.getId()); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
480 |
|
57485 | 481 |
NewSessionTicketMessage nstm = new T12NewSessionTicketMessage(shc, |
482 |
sessionTimeoutSeconds, |
|
483 |
new SessionTicketSpec().encrypt(shc, sessionCopy)); |
|
484 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
485 |
SSLLogger.fine( |
|
486 |
"Produced NewSessionTicket stateless handshake message", nstm); |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
487 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
488 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
489 |
// Output the handshake message. |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
490 |
nstm.write(shc.handshakeOutput); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
491 |
shc.handshakeOutput.flush(); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
492 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
493 |
// The message has been delivered. |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
494 |
return null; |
50768 | 495 |
} |
496 |
} |
|
497 |
||
498 |
private static final |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
499 |
class T13NewSessionTicketConsumer implements SSLConsumer { |
50768 | 500 |
// Prevent instantiation of this class. |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
501 |
private T13NewSessionTicketConsumer() { |
50768 | 502 |
// blank |
503 |
} |
|
504 |
||
505 |
@Override |
|
506 |
public void consume(ConnectionContext context, |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
507 |
ByteBuffer message) throws IOException { |
50768 | 508 |
|
509 |
// Note: Although the resumption master secret depends on the |
|
510 |
// client's second flight, servers which do not request client |
|
511 |
// authentication MAY compute the remainder of the transcript |
|
512 |
// independently and then send a NewSessionTicket immediately |
|
513 |
// upon sending its Finished rather than waiting for the client |
|
514 |
// Finished. |
|
515 |
// |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
516 |
// The consuming happens in client side only and is received after |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
517 |
// the server's Finished message with PostHandshakeContext. |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
518 |
|
50768 | 519 |
HandshakeContext hc = (HandshakeContext)context; |
520 |
NewSessionTicketMessage nstm = |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
521 |
new T13NewSessionTicketMessage(hc, message); |
50768 | 522 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
523 |
SSLLogger.fine( |
|
524 |
"Consuming NewSessionTicket message", nstm); |
|
525 |
} |
|
526 |
||
57485 | 527 |
SSLSessionContextImpl sessionCache = (SSLSessionContextImpl) |
528 |
hc.sslContext.engineGetClientSessionContext(); |
|
529 |
||
50768 | 530 |
// discard tickets with timeout 0 |
531 |
if (nstm.ticketLifetime <= 0 || |
|
532 |
nstm.ticketLifetime > MAX_TICKET_LIFETIME) { |
|
533 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
534 |
SSLLogger.fine( |
|
535 |
"Discarding NewSessionTicket with lifetime " |
|
536 |
+ nstm.ticketLifetime, nstm); |
|
537 |
} |
|
57485 | 538 |
sessionCache.remove(hc.handshakeSession.getSessionId()); |
50768 | 539 |
return; |
540 |
} |
|
541 |
||
542 |
if (sessionCache.getSessionTimeout() > MAX_TICKET_LIFETIME) { |
|
543 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
544 |
SSLLogger.fine( |
|
545 |
"Session cache lifetime is too long. Discarding ticket."); |
|
546 |
} |
|
547 |
return; |
|
548 |
} |
|
549 |
||
550 |
SSLSessionImpl sessionToSave = hc.conContext.conSession; |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
551 |
SecretKey psk = null; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
552 |
if (hc.negotiatedProtocol.useTLS13PlusSpec()) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
553 |
SecretKey resumptionMasterSecret = |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
554 |
sessionToSave.getResumptionMasterSecret(); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
555 |
if (resumptionMasterSecret == null) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
556 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
557 |
SSLLogger.fine( |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
558 |
"Session has no resumption master secret." + |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
559 |
" Ignoring ticket."); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
560 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
561 |
return; |
50768 | 562 |
} |
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
563 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
564 |
// derive the PSK |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
565 |
psk = derivePreSharedKey( |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
566 |
sessionToSave.getSuite().hashAlg, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
567 |
resumptionMasterSecret, nstm.getTicketNonce()); |
50768 | 568 |
} |
569 |
||
570 |
// create and cache the new session |
|
571 |
// The new session must be a child of the existing session so |
|
572 |
// they will be invalidated together, etc. |
|
573 |
SessionId newId = |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
574 |
new SessionId(true, hc.sslContext.getSecureRandom()); |
52512
1838347a803b
8212885: TLS 1.3 resumed session does not retain peer certificate chain
jnimeh
parents:
50768
diff
changeset
|
575 |
SSLSessionImpl sessionCopy = new SSLSessionImpl(sessionToSave, |
1838347a803b
8212885: TLS 1.3 resumed session does not retain peer certificate chain
jnimeh
parents:
50768
diff
changeset
|
576 |
newId); |
50768 | 577 |
sessionToSave.addChild(sessionCopy); |
578 |
sessionCopy.setPreSharedKey(psk); |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
579 |
sessionCopy.setTicketAgeAdd(nstm.getTicketAgeAdd()); |
50768 | 580 |
sessionCopy.setPskIdentity(nstm.ticket); |
581 |
sessionCache.put(sessionCopy); |
|
582 |
||
583 |
// clean handshake context |
|
55336
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
584 |
if (hc.negotiatedProtocol.useTLS13PlusSpec()) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
585 |
hc.conContext.finishPostHandshake(); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
586 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
587 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
588 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
589 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
590 |
private static final |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
591 |
class T12NewSessionTicketConsumer implements SSLConsumer { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
592 |
// Prevent instantiation of this class. |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
593 |
private T12NewSessionTicketConsumer() { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
594 |
// blank |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
595 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
596 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
597 |
@Override |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
598 |
public void consume(ConnectionContext context, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
599 |
ByteBuffer message) throws IOException { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
600 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
601 |
HandshakeContext hc = (HandshakeContext)context; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
602 |
hc.handshakeConsumers.remove(NEW_SESSION_TICKET.id); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
603 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
604 |
NewSessionTicketMessage nstm = new T12NewSessionTicketMessage(hc, |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
605 |
message); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
606 |
if (nstm.ticket.length == 0) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
607 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
608 |
SSLLogger.fine("NewSessionTicket ticket was empty"); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
609 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
610 |
return; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
611 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
612 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
613 |
// discard tickets with timeout 0 |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
614 |
if (nstm.ticketLifetime <= 0 || |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
615 |
nstm.ticketLifetime > MAX_TICKET_LIFETIME) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
616 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
617 |
SSLLogger.fine( |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
618 |
"Discarding NewSessionTicket with lifetime " |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
619 |
+ nstm.ticketLifetime, nstm); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
620 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
621 |
return; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
622 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
623 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
624 |
SSLSessionContextImpl sessionCache = (SSLSessionContextImpl) |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
625 |
hc.sslContext.engineGetClientSessionContext(); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
626 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
627 |
if (sessionCache.getSessionTimeout() > MAX_TICKET_LIFETIME) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
628 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
629 |
SSLLogger.fine( |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
630 |
"Session cache lifetime is too long. Discarding ticket."); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
631 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
632 |
return; |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
633 |
} |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
634 |
|
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
635 |
hc.handshakeSession.setPskIdentity(nstm.ticket); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
636 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
637 |
SSLLogger.fine("Consuming NewSessionTicket\n" + |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
638 |
nstm.toString()); |
c2398053ee90
8211018: Session Resumption without Server-Side State
ascarpino
parents:
54253
diff
changeset
|
639 |
} |
50768 | 640 |
} |
641 |
} |
|
642 |
} |
|
643 |