jdk-sandbox: src/java.base/share/classes/sun/security/ssl/CertificateMessage.java@a93b7b28f644 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
53759 e16b61a1395e 4919790: Errors in alert ssl message does not reflect the actual certificate status xuelei parents: 53064 diff changeset	2	* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.ByteArrayInputStream;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.PublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.security.cert.CertPathValidatorException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.security.cert.CertPathValidatorException.BasicReason;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.security.cert.CertPathValidatorException.Reason;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.security.cert.CertificateEncodingException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.security.cert.CertificateException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.security.cert.CertificateFactory;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import java.security.cert.CertificateParsingException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import java.security.cert.X509Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import java.util.ArrayList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import java.util.Collection;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import java.util.Collections;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	import java.util.HashSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	import java.util.LinkedList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	import javax.net.ssl.SSLEngine;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	import javax.net.ssl.SSLException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	import javax.net.ssl.SSLProtocolException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	import javax.net.ssl.SSLSocket;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	import javax.net.ssl.X509ExtendedTrustManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	import javax.net.ssl.X509TrustManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	import javax.security.auth.x500.X500Principal;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	import sun.security.ssl.ClientHello.ClientHelloMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	import sun.security.ssl.X509Authentication.X509Credentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	import sun.security.ssl.X509Authentication.X509Possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	* Pack of the CertificateMessage handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	final class CertificateMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	static final SSLConsumer t12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	new T12CertificateConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	static final HandshakeProducer t12HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	new T12CertificateProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	static final SSLConsumer t13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	new T13CertificateConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	static final HandshakeProducer t13HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	new T13CertificateProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	* The Certificate handshake message for TLS 1.2 and previous
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	* SSL/TLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	* In server mode, the certificate handshake message is sent whenever the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	* agreed-upon key exchange method uses certificates for authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	* In client mode, this message is only sent if the server requests a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	* certificate for client authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	* opaque ASN.1Cert<1..2^24-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	* SSL 3.0:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	* struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	* ASN.1Cert certificate_list<1..2^24-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	* } Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	* Note: For SSL 3.0 client authentication, if no suitable certificate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	* is available, the client should send a no_certificate alert instead.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	* This alert is only a warning; however, the server may respond with
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	* a fatal handshake failure alert if client authentication is required.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	* TLS 1.0/1.1/1.2:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	* struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	* ASN.1Cert certificate_list<0..2^24-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	* } Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	static final class T12CertificateMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	final List<byte[]> encodedCertChain;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	T12CertificateMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	X509Certificate[] certChain) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	List<byte[]> encodedCerts = new ArrayList<>(certChain.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	for (X509Certificate cert : certChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	encodedCerts.add(cert.getEncoded());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	} catch (CertificateEncodingException cee) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	114	throw handshakeContext.conContext.fatal(
103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	115	Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	"Could not encode certificate (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	cert.getSubjectX500Principal() + ")", cee);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	this.encodedCertChain = encodedCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	T12CertificateMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	int listLen = Record.getInt24(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	if (listLen > m.remaining()) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	130	throw handshakeContext.conContext.fatal(
103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	131	Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	"Error parsing certificate message:no sufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	if (listLen > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	List<byte[]> encodedCerts = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	while (listLen > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	byte[] encodedCert = Record.getBytes24(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	listLen -= (3 + encodedCert.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	encodedCerts.add(encodedCert);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	this.encodedCertChain = encodedCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	this.encodedCertChain = Collections.emptyList();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	return SSLHandshake.CERTIFICATE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	int msgLen = 3;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	for (byte[] encodedCert : encodedCertChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	msgLen += (encodedCert.length + 3);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	return msgLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	int listLen = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	for (byte[] encodedCert : encodedCertChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	listLen += (encodedCert.length + 3);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	hos.putInt24(listLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	for (byte[] encodedCert : encodedCertChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	hos.putBytes24(encodedCert);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	if (encodedCertChain.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	return "\"Certificates\": <empty list>";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	Object[] x509Certs = new Object[encodedCertChain.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	for (byte[] encodedCert : encodedCertChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	Object obj;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	obj = (X509Certificate)cf.generateCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	new ByteArrayInputStream(encodedCert));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	obj = encodedCert;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	x509Certs[i++] = obj;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	// no X.509 certificate factory service
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	for (byte[] encodedCert : encodedCertChain) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	x509Certs[i++] = encodedCert;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	"\"Certificates\": [\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	"]",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	SSLLogger.toString(x509Certs)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	* The "Certificate" handshake message producer for TLS 1.2 and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	* previous SSL/TLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	class T12CertificateProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	private T12CertificateProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	// The producing happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	return onProduceCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	(ClientHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	return onProduceCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	(ServerHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	private byte[] onProduceCertificate(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	SSLHandshake.HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	for (SSLPossession possession : shc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	if (x509Possession == null) { // unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	252	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	"No expected X.509 certificate for server authentication");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	shc.handshakeSession.setLocalPrivateKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	shc.handshakeSession.setLocalCertificates(x509Possession.popCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	T12CertificateMessage cm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	new T12CertificateMessage(shc, x509Possession.popCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	"Produced server Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	cm.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	private byte[] onProduceCertificate(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	SSLHandshake.HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	for (SSLPossession possession : chc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	// Report to the server if no appropriate cert was found. For
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	// SSL 3.0, send a no_certificate alert; TLS 1.0/1.1/1.2 uses
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	// an empty cert chain instead.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	if (x509Possession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	if (chc.negotiatedProtocol.useTLS10PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	"No X.509 certificate for client authentication, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	"use empty Certificate message instead");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	x509Possession =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	new X509Possession(null, new X509Certificate[0]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	"No X.509 certificate for client authentication, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	"send a no_certificate alert");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	chc.conContext.warning(Alert.NO_CERTIFICATE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	chc.handshakeSession.setLocalPrivateKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	if (x509Possession.popCerts != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	x509Possession.popCerts.length != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	chc.handshakeSession.setLocalCertificates(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	x509Possession.popCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	chc.handshakeSession.setLocalCertificates(null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	T12CertificateMessage cm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	new T12CertificateMessage(chc, x509Possession.popCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	"Produced client Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	cm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	* The "Certificate" handshake message consumer for TLS 1.2 and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	* previous SSL/TLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	class T12CertificateConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	private T12CertificateConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	// The consuming happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	// clean up this consumer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	hc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	T12CertificateMessage cm = new T12CertificateMessage(hc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	"Consuming server Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	onCertificate((ClientHandshakeContext)context, cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	"Consuming client Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	onCertificate((ServerHandshakeContext)context, cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	private void onCertificate(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	T12CertificateMessage certificateMessage )throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	List<byte[]> encodedCerts = certificateMessage.encodedCertChain;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	if (encodedCerts == null \|\| encodedCerts.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	if (shc.sslConfig.clientAuthType !=
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	ClientAuthType.CLIENT_AUTH_REQUESTED) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	// unexpected or require client authentication
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	377	throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	"Empty server certificate chain");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	X509Certificate[] x509Certs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	new X509Certificate[encodedCerts.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	for (byte[] encodedCert : encodedCerts) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	x509Certs[i++] = (X509Certificate)cf.generateCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	new ByteArrayInputStream(encodedCert));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	} catch (CertificateException ce) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	394	throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	"Failed to parse server certificates", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	checkClientCerts(shc, x509Certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	shc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	new X509Credentials(x509Certs[0].getPublicKey(), x509Certs));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	shc.handshakeSession.setPeerCertificates(x509Certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	private void onCertificate(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	T12CertificateMessage certificateMessage) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	List<byte[]> encodedCerts = certificateMessage.encodedCertChain;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	if (encodedCerts == null \|\| encodedCerts.isEmpty()) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	412	throw chc.conContext.fatal(Alert.BAD_CERTIFICATE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	"Empty server certificate chain");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	X509Certificate[] x509Certs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	new X509Certificate[encodedCerts.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	for (byte[] encodedCert : encodedCerts) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	x509Certs[i++] = (X509Certificate)cf.generateCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	new ByteArrayInputStream(encodedCert));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	} catch (CertificateException ce) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	426	throw chc.conContext.fatal(Alert.BAD_CERTIFICATE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	"Failed to parse server certificates", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	// Allow server certificate change in client side during
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	// renegotiation after a session-resumption abbreviated
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432	// initial handshake?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	// DO NOT need to check allowUnsafeServerCertChange here. We only
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	// reserve server certificates when allowUnsafeServerCertChange is
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	// false.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	if (chc.reservedServerCerts != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	!chc.handshakeSession.useExtendedMasterSecret) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	// It is not necessary to check the certificate update if
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	// endpoint identification is enabled.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	String identityAlg = chc.sslConfig.identificationProtocol;
53018 8bf9268df0e2 8215281: Use String.isEmpty() when applicable in java.base redestad parents: 51574 diff changeset	442	if ((identityAlg == null \|\| identityAlg.isEmpty()) &&
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	!isIdentityEquivalent(x509Certs[0],
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	chc.reservedServerCerts[0])) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	445	throw chc.conContext.fatal(Alert.BAD_CERTIFICATE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	"server certificate change is restricted " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	"during renegotiation");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	// ask the trust manager to verify the chain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	if (chc.staplingActive) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	// Defer the certificate check until after we've received the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	// CertificateStatus message. If that message doesn't come in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	// immediately following this message we will execute the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	// check from CertificateStatus' absent handler.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	chc.deferredCerts = x509Certs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	// We're not doing stapling, so perform the check right now
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	checkServerCerts(chc, x509Certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	chc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	new X509Credentials(x509Certs[0].getPublicKey(), x509Certs));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	chc.handshakeSession.setPeerCertificates(x509Certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	* Whether the certificates can represent the same identity?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	* The certificates can be used to represent the same identity:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	* 1. If the subject alternative names of IP address are present
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	* in both certificates, they should be identical; otherwise,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477	* 2. if the subject alternative names of DNS name are present in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	* both certificates, they should be identical; otherwise,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	* 3. if the subject fields are present in both certificates, the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	* certificate subjects and issuers should be identical.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	private static boolean isIdentityEquivalent(X509Certificate thisCert,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	X509Certificate prevCert) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	if (thisCert.equals(prevCert)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488	// check subject alternative names
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489	Collection<List<?>> thisSubjectAltNames = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	} catch (CertificateParsingException cpe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493	if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	"Attempt to obtain subjectAltNames extension failed!");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	Collection<List<?>> prevSubjectAltNames = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	} catch (CertificateParsingException cpe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	"Attempt to obtain subjectAltNames extension failed!");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	if (thisSubjectAltNames != null && prevSubjectAltNames != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	// check the iPAddress field in subjectAltName extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	// 7: subject alternative name of type IP.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513	Collection<String> thisSubAltIPAddrs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	getSubjectAltNames(thisSubjectAltNames, 7);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	Collection<String> prevSubAltIPAddrs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516	getSubjectAltNames(prevSubjectAltNames, 7);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517	if (thisSubAltIPAddrs != null && prevSubAltIPAddrs != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	isEquivalent(thisSubAltIPAddrs, prevSubAltIPAddrs)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	// check the dNSName field in subjectAltName extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	// 2: subject alternative name of type IP.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	Collection<String> thisSubAltDnsNames =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	getSubjectAltNames(thisSubjectAltNames, 2);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	Collection<String> prevSubAltDnsNames =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	getSubjectAltNames(prevSubjectAltNames, 2);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	if (thisSubAltDnsNames != null && prevSubAltDnsNames != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	isEquivalent(thisSubAltDnsNames, prevSubAltDnsNames)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	// check the certificate subject and issuer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	X500Principal thisSubject = thisCert.getSubjectX500Principal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	X500Principal prevSubject = prevCert.getSubjectX500Principal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	X500Principal thisIssuer = thisCert.getIssuerX500Principal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	X500Principal prevIssuer = prevCert.getIssuerX500Principal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	return (!thisSubject.getName().isEmpty() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	!prevSubject.getName().isEmpty() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	thisSubject.equals(prevSubject) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	thisIssuer.equals(prevIssuer));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	* Returns the subject alternative name of the specified type in the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	* subjectAltNames extension of a certificate.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	* Note that only those subjectAltName types that use String data
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	* should be passed into this function.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	private static Collection<String> getSubjectAltNames(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	Collection<List<?>> subjectAltNames, int type) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	HashSet<String> subAltDnsNames = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556	for (List<?> subjectAltName : subjectAltNames) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	int subjectAltNameType = (Integer)subjectAltName.get(0);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	if (subjectAltNameType == type) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	String subAltDnsName = (String)subjectAltName.get(1);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	if ((subAltDnsName != null) && !subAltDnsName.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	if (subAltDnsNames == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	subAltDnsNames =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563	new HashSet<>(subjectAltNames.size());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	subAltDnsNames.add(subAltDnsName);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	return subAltDnsNames;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573	private static boolean isEquivalent(Collection<String> thisSubAltNames,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574	Collection<String> prevSubAltNames) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575	for (String thisSubAltName : thisSubAltNames) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576	for (String prevSubAltName : prevSubAltNames) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	// Only allow the exactly match. No wildcard character
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	// checking.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	if (thisSubAltName.equalsIgnoreCase(prevSubAltName)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	588	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589	* Perform client-side checking of server certificates.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	* @param certs an array of {@code X509Certificate} objects presented
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592	* by the server in the ServerCertificate message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	* @throws IOException if a failure occurs during validation or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595	* the trust manager associated with the {@code SSLContext} is not
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	* an {@code X509ExtendedTrustManager}.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	static void checkServerCerts(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599	X509Certificate[] certs) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601	X509TrustManager tm = chc.sslContext.getX509TrustManager();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603	// find out the key exchange algorithm used
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604	// use "RSA" for non-ephemeral "RSA_EXPORT"
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605	String keyExchangeString;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606	if (chc.negotiatedCipherSuite.keyExchange ==
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	CipherSuite.KeyExchange.K_RSA_EXPORT \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	chc.negotiatedCipherSuite.keyExchange ==
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609	CipherSuite.KeyExchange.K_DHE_RSA_EXPORT) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	keyExchangeString = CipherSuite.KeyExchange.K_RSA.name;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612	keyExchangeString = chc.negotiatedCipherSuite.keyExchange.name;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	if (tm instanceof X509ExtendedTrustManager) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	if (chc.conContext.transport instanceof SSLEngine) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	SSLEngine engine = (SSLEngine)chc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619	((X509ExtendedTrustManager)tm).checkServerTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	keyExchangeString,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	engine);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624	SSLSocket socket = (SSLSocket)chc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	((X509ExtendedTrustManager)tm).checkServerTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	keyExchangeString,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	socket);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	// Unlikely to happen, because we have wrapped the old
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	// X509TrustManager with the new X509ExtendedTrustManager.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	throw new CertificateException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	"Improper X509TrustManager implementation");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637	// Once the server certificate chain has been validated, set
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	// the certificate chain in the TLS session.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639	chc.handshakeSession.setPeerCertificates(certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	} catch (CertificateException ce) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	641	throw chc.conContext.fatal(getCertificateAlert(chc, ce), ce);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645	private static void checkClientCerts(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	X509Certificate[] certs) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	X509TrustManager tm = shc.sslContext.getX509TrustManager();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	// find out the types of client authentication used
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650	PublicKey key = certs[0].getPublicKey();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	String keyAlgorithm = key.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	String authType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653	switch (keyAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	case "RSA":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	case "DSA":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	case "EC":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	case "RSASSA-PSS":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658	authType = keyAlgorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661	// unknown public key type
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	authType = "UNKNOWN";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	if (tm instanceof X509ExtendedTrustManager) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	if (shc.conContext.transport instanceof SSLEngine) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	SSLEngine engine = (SSLEngine)shc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	((X509ExtendedTrustManager)tm).checkClientTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672	engine);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	SSLSocket socket = (SSLSocket)shc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675	((X509ExtendedTrustManager)tm).checkClientTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678	socket);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	679	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	680	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	681	// Unlikely to happen, because we have wrapped the old
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	682	// X509TrustManager with the new X509ExtendedTrustManager.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	683	throw new CertificateException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	684	"Improper X509TrustManager implementation");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686	} catch (CertificateException ce) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	687	throw shc.conContext.fatal(Alert.CERTIFICATE_UNKNOWN, ce);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	690
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	691	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	692	* When a failure happens during certificate checking from an
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	693	* {@link X509TrustManager}, determine what TLS alert description
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	694	* to use.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	695	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	696	* @param cexc The exception thrown by the {@link X509TrustManager}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	697	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	698	* @return A byte value corresponding to a TLS alert description number.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700	private static Alert getCertificateAlert(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701	ClientHandshakeContext chc, CertificateException cexc) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702	// The specific reason for the failure will determine how to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	// set the alert description value
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704	Alert alert = Alert.CERTIFICATE_UNKNOWN;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	706	Throwable baseCause = cexc.getCause();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	707	if (baseCause instanceof CertPathValidatorException) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	708	CertPathValidatorException cpve =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	709	(CertPathValidatorException)baseCause;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	710	Reason reason = cpve.getReason();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	if (reason == BasicReason.REVOKED) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	alert = chc.staplingActive ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	Alert.BAD_CERT_STATUS_RESPONSE :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714	Alert.CERTIFICATE_REVOKED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715	} else if (
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	716	reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	717	alert = chc.staplingActive ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	718	Alert.BAD_CERT_STATUS_RESPONSE :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	719	Alert.CERTIFICATE_UNKNOWN;
53759 e16b61a1395e 4919790: Errors in alert ssl message does not reflect the actual certificate status xuelei parents: 53064 diff changeset	720	} else if (reason == BasicReason.ALGORITHM_CONSTRAINED) {
e16b61a1395e 4919790: Errors in alert ssl message does not reflect the actual certificate status xuelei parents: 53064 diff changeset	721	alert = Alert.UNSUPPORTED_CERTIFICATE;
e16b61a1395e 4919790: Errors in alert ssl message does not reflect the actual certificate status xuelei parents: 53064 diff changeset	722	} else if (reason == BasicReason.EXPIRED) {
e16b61a1395e 4919790: Errors in alert ssl message does not reflect the actual certificate status xuelei parents: 53064 diff changeset	723	alert = Alert.CERTIFICATE_EXPIRED;
e16b61a1395e 4919790: Errors in alert ssl message does not reflect the actual certificate status xuelei parents: 53064 diff changeset	724	} else if (reason == BasicReason.INVALID_SIGNATURE \|\|
e16b61a1395e 4919790: Errors in alert ssl message does not reflect the actual certificate status xuelei parents: 53064 diff changeset	725	reason == BasicReason.NOT_YET_VALID) {
e16b61a1395e 4919790: Errors in alert ssl message does not reflect the actual certificate status xuelei parents: 53064 diff changeset	726	alert = Alert.BAD_CERTIFICATE;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	730	return alert;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	732
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736	* The certificate entry used in Certificate handshake message for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738	static final class CertificateEntry {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	739	final byte[] encoded; // encoded cert or public key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	740	private final SSLExtensions extensions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	741
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742	CertificateEntry(byte[] encoded, SSLExtensions extensions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	this.encoded = encoded;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744	this.extensions = extensions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	746
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	747	private int getEncodedSize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748	int extLen = extensions.length();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	749	if (extLen == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	750	extLen = 2; // empty extensions
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	return 3 + encoded.length + extLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	755	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	756	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758	"\n'{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759	"{0}\n" + // X.509 certificate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760	" \"extensions\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763	"'}',", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	765	Object x509Certs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767	// Don't support certificate type extension (RawPublicKey) yet.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	768	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	769	x509Certs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770	cf.generateCertificate(new ByteArrayInputStream(encoded));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771	} catch (CertificateException ce) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	// no X.509 certificate factory service
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773	x509Certs = encoded;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	777	SSLLogger.toString(x509Certs),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778	Utilities.indent(extensions.toString(), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	783	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	785	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786	* The Certificate handshake message for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	787	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	788	static final class T13CertificateMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	789	private final byte[] requestContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790	private final List<CertificateEntry> certEntries;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792	T13CertificateMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793	byte[] requestContext, X509Certificate[] certificates)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794	throws SSLException, CertificateException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	795	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797	this.requestContext = requestContext.clone();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	this.certEntries = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799	for (X509Certificate cert : certificates) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800	byte[] encoded = cert.getEncoded();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801	SSLExtensions extensions = new SSLExtensions(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802	certEntries.add(new CertificateEntry(encoded, extensions));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	803	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	805
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	806	T13CertificateMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	807	byte[] requestContext, List<CertificateEntry> certificates) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	809
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	810	this.requestContext = requestContext.clone();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811	this.certEntries = certificates;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	814	T13CertificateMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	815	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819	// opaque certificate_request_context<0..2^8-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	// CertificateEntry certificate_list<0..2^24-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821	// } Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822	if (m.remaining() < 4) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	823	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	824	"Invalid Certificate message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	825	"insufficient data (length=" + m.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	826	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	827	this.requestContext = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	828
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	829	if (m.remaining() < 3) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	830	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	831	"Invalid Certificate message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832	"insufficient certificate entries data (length=" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	m.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836	int listLen = Record.getInt24(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837	if (listLen != m.remaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839	"Invalid Certificate message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	840	"incorrect list length (length=" + listLen + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	841	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843	SSLExtension[] enabledExtensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844	handshakeContext.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	845	SSLHandshake.CERTIFICATE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	List<CertificateEntry> certList = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	while (m.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848	// Note: support only X509 CertificateType right now.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849	byte[] encodedCert = Record.getBytes24(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850	if (encodedCert.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	851	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	"Invalid Certificate message: empty cert_data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855	SSLExtensions extensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856	new SSLExtensions(this, m, enabledExtensions);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857	certList.add(new CertificateEntry(encodedCert, extensions));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860	this.certEntries = Collections.unmodifiableList(certList);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865	return SSLHandshake.CERTIFICATE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	866	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	867
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	868	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	869	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	870	int msgLen = 4 + requestContext.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	871	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	872	msgLen += entry.getEncodedSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	873	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	874
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	875	return msgLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	876	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	877
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	878	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	879	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	880	int entryListLen = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	881	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	882	entryListLen += entry.getEncodedSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	883	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	884
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	885	hos.putBytes8(requestContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	886	hos.putInt24(entryListLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	887	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	888	hos.putBytes24(entry.encoded);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	889	// Is it an empty extensions?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	890	if (entry.extensions.length() == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	891	hos.putInt16(0);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	892	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	893	entry.extensions.send(hos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	894	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	895	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	896	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	897
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	898	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	899	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	900	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	901	"\"Certificate\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	902	" \"certificate_request_context\": \"{0}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	903	" \"certificate_list\": [{1}\n]\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	904	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	905	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	906
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	907	StringBuilder builder = new StringBuilder(512);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	908	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	909	builder.append(entry.toString());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	910	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	911
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	912	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	913	Utilities.toHexString(requestContext),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	914	Utilities.indent(builder.toString())
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	915	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	916
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	917	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	918	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	919	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	920
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	921	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	922	* The "Certificate" handshake message producer for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	923	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	924	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	925	class T13CertificateProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	926	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	927	private T13CertificateProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	928	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	929	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	930
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	931	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	932	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	933	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	934	// The producing happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	935	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	936	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	937	return onProduceCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	938	(ClientHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	939	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	940	return onProduceCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	941	(ServerHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	942	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	943	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	944
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	945	private byte[] onProduceCertificate(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	946	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	947	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	948
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	949	SSLPossession pos = choosePossession(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	950	if (pos == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	951	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	952	"No available authentication scheme");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	953	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	954
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	955	if (!(pos instanceof X509Possession)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	956	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	957	"No X.509 certificate for server authentication");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	958	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	959
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	960	X509Possession x509Possession = (X509Possession)pos;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	961	X509Certificate[] localCerts = x509Possession.popCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	962	if (localCerts == null \|\| localCerts.length == 0) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	963	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	964	"No X.509 certificate for server authentication");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	965	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	966
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	967	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	968	shc.handshakePossessions.add(x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	969	shc.handshakeSession.setLocalPrivateKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	970	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	971	shc.handshakeSession.setLocalCertificates(localCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	972	T13CertificateMessage cm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	973	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	974	cm = new T13CertificateMessage(shc, (new byte[0]), localCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	975	} catch (SSLException \| CertificateException ce) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	976	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	977	"Failed to produce server Certificate message", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	978	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	979
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	980	// Check the OCSP stapling extensions and attempt
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	981	// to get responses. If the resulting stapleParams is non
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	982	// null, it implies that stapling is enabled on the server side.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	983	shc.stapleParams = StatusResponseManager.processStapling(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	984	shc.staplingActive = (shc.stapleParams != null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	985
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	986	// Process extensions for each CertificateEntry.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	987	// Since there can be multiple CertificateEntries within a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	988	// single CT message, we will pin a specific CertificateEntry
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	989	// into the ServerHandshakeContext so individual extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	990	// producers know which X509Certificate it is processing in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	991	// each call.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	992	SSLExtension[] enabledCTExts = shc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	993	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	994	Arrays.asList(ProtocolVersion.PROTOCOLS_OF_13));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	995	for (CertificateEntry certEnt : cm.certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	996	shc.currentCertEntry = certEnt;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	997	certEnt.extensions.produce(shc, enabledCTExts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	998	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	999
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1000	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1001	SSLLogger.fine("Produced server Certificate message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1002	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1003
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1004	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1005	cm.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1006	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1007
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1008	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1009	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1010	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1011
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1012	private static SSLPossession choosePossession(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1013	HandshakeContext hc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1014	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1015	if (hc.peerRequestedCertSignSchemes == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1016	hc.peerRequestedCertSignSchemes.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1017	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1018	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1019	"No signature_algorithms(_cert) in ClientHello");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1020	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1021	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1022	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1023
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1024	Collection<String> checkedKeyTypes = new HashSet<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1025	for (SignatureScheme ss : hc.peerRequestedCertSignSchemes) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1026	if (checkedKeyTypes.contains(ss.keyAlgorithm)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1027	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1028	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1029	"Unsupported authentication scheme: " + ss.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1030	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1031	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1032	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1033
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1034	// Don't select a signature scheme unless we will be able to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1035	// produce a CertificateVerify message later
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1036	if (SignatureScheme.getPreferableAlgorithm(
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 53759 diff changeset	1037	hc.algorithmConstraints,
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	1038	hc.peerRequestedSignatureSchemes,
ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	1039	ss, hc.negotiatedProtocol) == null) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1040
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1041	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1042	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1043	"Unable to produce CertificateVerify for " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1044	"signature scheme: " + ss.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1045	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1046	checkedKeyTypes.add(ss.keyAlgorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1047	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1048	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1049
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1050	SSLAuthentication ka = X509Authentication.valueOf(ss);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1051	if (ka == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1052	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1053	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1054	"Unsupported authentication scheme: " + ss.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1055	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1056	checkedKeyTypes.add(ss.keyAlgorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1057	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1058	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1059
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1060	SSLPossession pos = ka.createPossession(hc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1061	if (pos == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1062	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1063	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1064	"Unavailable authentication scheme: " + ss.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1065	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1066	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1067	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1068
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1069	return pos;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1070	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1071
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1072	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1073	SSLLogger.warning("No available authentication scheme");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1074	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1075	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1076	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1077
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1078	private byte[] onProduceCertificate(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1079	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1080	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1081	SSLPossession pos = choosePossession(chc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1082	X509Certificate[] localCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1083	if (pos == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1084	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1085	SSLLogger.fine("No available client authentication scheme");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1086	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1087	localCerts = new X509Certificate[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1088	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1089	chc.handshakePossessions.add(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1090	if (!(pos instanceof X509Possession)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1091	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1092	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1093	"No X.509 certificate for client authentication");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1094	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1095	localCerts = new X509Certificate[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1096	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1097	X509Possession x509Possession = (X509Possession)pos;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1098	localCerts = x509Possession.popCerts;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1099	chc.handshakeSession.setLocalPrivateKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1100	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1101	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1102	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1103
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1104	if (localCerts != null && localCerts.length != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1105	chc.handshakeSession.setLocalCertificates(localCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1106	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1107	chc.handshakeSession.setLocalCertificates(null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1108	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1109
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1110	T13CertificateMessage cm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1111	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1112	cm = new T13CertificateMessage(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1113	chc, chc.certRequestContext, localCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1114	} catch (SSLException \| CertificateException ce) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1115	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1116	"Failed to produce client Certificate message", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1117	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1118	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1119	SSLLogger.fine("Produced client Certificate message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1120	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1121
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1122	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1123	cm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1124	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1125
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1126	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1127	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1128	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1129	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1130
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1131	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1132	* The "Certificate" handshake message consumer for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1133	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1134	private static final class T13CertificateConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1135	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1136	private T13CertificateConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1137	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1138	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1139
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1140	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1141	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1142	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1143	// The consuming happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1144	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1145
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1146	// clean up this consumer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1147	hc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1148	T13CertificateMessage cm = new T13CertificateMessage(hc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1149	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1150	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1151	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1152	"Consuming server Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1153	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1154	onConsumeCertificate((ClientHandshakeContext)context, cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1155	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1156	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1157	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1158	"Consuming client Certificate handshake message", cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1159	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1160	onConsumeCertificate((ServerHandshakeContext)context, cm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1161	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1162	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1163
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1164	private void onConsumeCertificate(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1165	T13CertificateMessage certificateMessage )throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1166	if (certificateMessage.certEntries == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1167	certificateMessage.certEntries.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1168	if (shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1169	throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1170	"Empty client certificate chain");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1171	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1172	// optional client authentication
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1173	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1174	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1175	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1176
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1177	// check client certificate entries
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1178	X509Certificate[] cliCerts =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1179	checkClientCerts(shc, certificateMessage.certEntries);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1180
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1181	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1182	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1183	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1184	shc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1185	new X509Credentials(cliCerts[0].getPublicKey(), cliCerts));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1186	shc.handshakeSession.setPeerCertificates(cliCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1187	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1188
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1189	private void onConsumeCertificate(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1190	T13CertificateMessage certificateMessage )throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1191	if (certificateMessage.certEntries == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1192	certificateMessage.certEntries.isEmpty()) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1193	throw chc.conContext.fatal(Alert.BAD_CERTIFICATE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1194	"Empty server certificate chain");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1195	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1196
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1197	// Each CertificateEntry will have its own set of extensions
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1198	// which must be consumed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1199	SSLExtension[] enabledExtensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1200	chc.sslConfig.getEnabledExtensions(SSLHandshake.CERTIFICATE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1201	for (CertificateEntry certEnt : certificateMessage.certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1202	certEnt.extensions.consumeOnLoad(chc, enabledExtensions);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1203	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1204
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1205	// check server certificate entries
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1206	X509Certificate[] srvCerts =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1207	checkServerCerts(chc, certificateMessage.certEntries);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1208
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1209	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1210	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1211	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1212	chc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1213	new X509Credentials(srvCerts[0].getPublicKey(), srvCerts));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1214	chc.handshakeSession.setPeerCertificates(srvCerts);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1215	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1216
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1217	private static X509Certificate[] checkClientCerts(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1218	ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1219	List<CertificateEntry> certEntries) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1220	X509Certificate[] certs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1221	new X509Certificate[certEntries.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1222	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1223	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1224	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1225	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1226	certs[i++] = (X509Certificate)cf.generateCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1227	new ByteArrayInputStream(entry.encoded));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1228	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1229	} catch (CertificateException ce) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1230	throw shc.conContext.fatal(Alert.BAD_CERTIFICATE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1231	"Failed to parse server certificates", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1232	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1233
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1234	// find out the types of client authentication used
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1235	String keyAlgorithm = certs[0].getPublicKey().getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1236	String authType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1237	switch (keyAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1238	case "RSA":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1239	case "DSA":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1240	case "EC":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1241	case "RSASSA-PSS":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1242	authType = keyAlgorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1243	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1244	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1245	// unknown public key type
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1246	authType = "UNKNOWN";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1247	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1248
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1249	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1250	X509TrustManager tm = shc.sslContext.getX509TrustManager();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1251	if (tm instanceof X509ExtendedTrustManager) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1252	if (shc.conContext.transport instanceof SSLEngine) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1253	SSLEngine engine = (SSLEngine)shc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1254	((X509ExtendedTrustManager)tm).checkClientTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1255	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1256	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1257	engine);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1258	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1259	SSLSocket socket = (SSLSocket)shc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1260	((X509ExtendedTrustManager)tm).checkClientTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1261	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1262	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1263	socket);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1264	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1265	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1266	// Unlikely to happen, because we have wrapped the old
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1267	// X509TrustManager with the new X509ExtendedTrustManager.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1268	throw new CertificateException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1269	"Improper X509TrustManager implementation");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1270	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1271
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1272	// Once the client certificate chain has been validated, set
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1273	// the certificate chain in the TLS session.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1274	shc.handshakeSession.setPeerCertificates(certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1275	} catch (CertificateException ce) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1276	throw shc.conContext.fatal(Alert.CERTIFICATE_UNKNOWN, ce);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1277	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1278
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1279	return certs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1280	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1281
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1282	private static X509Certificate[] checkServerCerts(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1283	ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1284	List<CertificateEntry> certEntries) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1285	X509Certificate[] certs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1286	new X509Certificate[certEntries.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1287	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1288	CertificateFactory cf = CertificateFactory.getInstance("X.509");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1289	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1290	for (CertificateEntry entry : certEntries) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1291	certs[i++] = (X509Certificate)cf.generateCertificate(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1292	new ByteArrayInputStream(entry.encoded));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1293	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1294	} catch (CertificateException ce) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1295	throw chc.conContext.fatal(Alert.BAD_CERTIFICATE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1296	"Failed to parse server certificates", ce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1297	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1298
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1299	// find out the types of server authentication used
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1300	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1301	// Note that the "UNKNOWN" authentication type is sufficient to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1302	// check the required digitalSignature KeyUsage for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1303	String authType = "UNKNOWN";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1304
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1305	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1306	X509TrustManager tm = chc.sslContext.getX509TrustManager();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1307	if (tm instanceof X509ExtendedTrustManager) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1308	if (chc.conContext.transport instanceof SSLEngine) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1309	SSLEngine engine = (SSLEngine)chc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1310	((X509ExtendedTrustManager)tm).checkServerTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1311	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1312	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1313	engine);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1314	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1315	SSLSocket socket = (SSLSocket)chc.conContext.transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1316	((X509ExtendedTrustManager)tm).checkServerTrusted(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1317	certs.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1318	authType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1319	socket);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1320	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1321	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1322	// Unlikely to happen, because we have wrapped the old
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1323	// X509TrustManager with the new X509ExtendedTrustManager.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1324	throw new CertificateException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1325	"Improper X509TrustManager implementation");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1326	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1327
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1328	// Once the server certificate chain has been validated, set
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1329	// the certificate chain in the TLS session.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1330	chc.handshakeSession.setPeerCertificates(certs);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1331	} catch (CertificateException ce) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1332	throw chc.conContext.fatal(getCertificateAlert(chc, ce), ce);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1333	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1334
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1335	return certs;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1336	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1337
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1338	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1339	* When a failure happens during certificate checking from an
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1340	* {@link X509TrustManager}, determine what TLS alert description
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1341	* to use.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1342	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1343	* @param cexc The exception thrown by the {@link X509TrustManager}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1344	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1345	* @return A byte value corresponding to a TLS alert description number.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1346	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1347	private static Alert getCertificateAlert(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1348	ClientHandshakeContext chc, CertificateException cexc) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1349	// The specific reason for the failure will determine how to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1350	// set the alert description value
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1351	Alert alert = Alert.CERTIFICATE_UNKNOWN;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1352
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1353	Throwable baseCause = cexc.getCause();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1354	if (baseCause instanceof CertPathValidatorException) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1355	CertPathValidatorException cpve =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1356	(CertPathValidatorException)baseCause;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1357	Reason reason = cpve.getReason();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1358	if (reason == BasicReason.REVOKED) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1359	alert = chc.staplingActive ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1360	Alert.BAD_CERT_STATUS_RESPONSE :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1361	Alert.CERTIFICATE_REVOKED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1362	} else if (
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1363	reason == BasicReason.UNDETERMINED_REVOCATION_STATUS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1364	alert = chc.staplingActive ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1365	Alert.BAD_CERT_STATUS_RESPONSE :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1366	Alert.CERTIFICATE_UNKNOWN;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1367	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1368	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1369
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1370	return alert;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1371	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1372	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1373	}

author	xuelei
	Mon, 12 Aug 2019 21:36:29 -0700
changeset 57718	a93b7b28f644
parent 53759	e16b61a1395e
permissions	-rw-r--r--