jdk-sandbox: src/java.base/share/classes/sun/security/ssl/CertificateVerify.java@a93b7b28f644 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	2	* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.*;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import sun.security.ssl.X509Authentication.X509Credentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import sun.security.ssl.X509Authentication.X509Possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import sun.security.util.HexDumpEncoder;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	* Pack of the CertificateVerify handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	final class CertificateVerify {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	static final SSLConsumer s30HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	new S30CertificateVerifyConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	static final HandshakeProducer s30HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	new S30CertificateVerifyProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	static final SSLConsumer t10HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	new T10CertificateVerifyConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	static final HandshakeProducer t10HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	new T10CertificateVerifyProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	static final SSLConsumer t12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	new T12CertificateVerifyConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	static final HandshakeProducer t12HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	new T12CertificateVerifyProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	static final SSLConsumer t13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	new T13CertificateVerifyConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	static final HandshakeProducer t13HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	new T13CertificateVerifyProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	* The CertificateVerify handshake message (SSL 3.0).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	static final class S30CertificateVerifyMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	// signature bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	private final byte[] signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	S30CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	byte[] temproary = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	String algorithm = x509Possession.popPrivateKey.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	getSignature(algorithm, x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	byte[] hashes = chc.handshakeHash.digest(algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	chc.handshakeSession.getMasterSecret());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	signer.update(hashes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	temproary = signer.sign();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	} catch (NoSuchAlgorithmException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	86	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	"Unsupported signature algorithm (" + algorithm +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	} catch (GeneralSecurityException gse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	90	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	"Cannot produce CertificateVerify signature", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	this.signature = temproary;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	S30CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	// This happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	// digitally-signed struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	// select(SignatureAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	// case anonymous: struct { };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	// case rsa:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	// opaque md5_hash[16];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	// opaque sha_hash[20];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	// case dsa:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	// opaque sha_hash[20];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	// };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	// } Signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	if (m.remaining() < 2) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	115	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	"Invalid CertificateVerify message: no sufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	// read and verify the signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	this.signature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	for (SSLCredentials cd : shc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	if (x509Credentials == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	x509Credentials.popPublicKey == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	131	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	"No X509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	String algorithm = x509Credentials.popPublicKey.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	getSignature(algorithm, x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	byte[] hashes = shc.handshakeHash.digest(algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	shc.handshakeSession.getMasterSecret());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	signer.update(hashes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	if (!signer.verify(signature)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	143	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	"Invalid CertificateVerify message: invalid signature");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	} catch (NoSuchAlgorithmException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	147	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	"Unsupported signature algorithm (" + algorithm +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	} catch (GeneralSecurityException gse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	151	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	"Cannot verify CertificateVerify signature", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	return SSLHandshake.CERTIFICATE_VERIFY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	return 2 + signature.length; // 2: length of signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	hos.putBytes16(signature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	"\"CertificateVerify\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	hexEncoder.encodeBuffer(signature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	* Get the Signature object appropriate for verification using the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	* given signature algorithm.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	private static Signature getSignature(String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	Key key) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	Signature signer = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	switch (algorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	case "RSA":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	199	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWRSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	case "DSA":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	202	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWDSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	case "EC":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	205	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWECDSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	throw new SignatureException("Unrecognized algorithm: "
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	+ algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	if (signer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	if (key instanceof PublicKey) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	signer.initVerify((PublicKey)(key));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	signer.initSign((PrivateKey)key);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	return signer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	* The "CertificateVerify" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	class S30CertificateVerifyProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	private S30CertificateVerifyProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	for (SSLPossession possession : chc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	if (x509Possession == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	x509Possession.popPrivateKey == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	"No X.509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	S30CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	new S30CertificateVerifyMessage(chc, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	"Produced CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	cvm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	* The "CertificateVerify" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	class S30CertificateVerifyConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	private S30CertificateVerifyConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	S30CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	new S30CertificateVerifyMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	"Consuming CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	// Need no additional validation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	// Need no new handshake message producers here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	* The CertificateVerify handshake message (TLS 1.0/1.1).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	static final class T10CertificateVerifyMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	// signature bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	private final byte[] signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	T10CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	byte[] temproary = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	String algorithm = x509Possession.popPrivateKey.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	getSignature(algorithm, x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	byte[] hashes = chc.handshakeHash.digest(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	signer.update(hashes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	temproary = signer.sign();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	} catch (NoSuchAlgorithmException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	330	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	"Unsupported signature algorithm (" + algorithm +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	} catch (GeneralSecurityException gse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	334	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	"Cannot produce CertificateVerify signature", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	this.signature = temproary;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	T10CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	// This happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	// digitally-signed struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	// select(SignatureAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	// case anonymous: struct { };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	// case rsa:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	// opaque md5_hash[16];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	// opaque sha_hash[20];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	// case dsa:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	// opaque sha_hash[20];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	// };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	// } Signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	if (m.remaining() < 2) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	359	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	"Invalid CertificateVerify message: no sufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	// read and verify the signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	this.signature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	for (SSLCredentials cd : shc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	if (x509Credentials == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	x509Credentials.popPublicKey == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	375	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	"No X509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	String algorithm = x509Credentials.popPublicKey.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	getSignature(algorithm, x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	byte[] hashes = shc.handshakeHash.digest(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	signer.update(hashes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	if (!signer.verify(signature)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	386	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	"Invalid CertificateVerify message: invalid signature");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	} catch (NoSuchAlgorithmException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	390	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	"Unsupported signature algorithm (" + algorithm +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	} catch (GeneralSecurityException gse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	394	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	"Cannot verify CertificateVerify signature", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	return SSLHandshake.CERTIFICATE_VERIFY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	return 2 + signature.length; // 2: length of signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	hos.putBytes16(signature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	"\"CertificateVerify\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	hexEncoder.encodeBuffer(signature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	* Get the Signature object appropriate for verification using the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	* given signature algorithm.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	private static Signature getSignature(String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	Key key) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	Signature signer = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	switch (algorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	case "RSA":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	442	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWRSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	case "DSA":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	445	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWDSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	case "EC":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	448	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWECDSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	throw new SignatureException("Unrecognized algorithm: "
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	+ algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	if (signer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	if (key instanceof PublicKey) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	signer.initVerify((PublicKey)(key));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	signer.initSign((PrivateKey)key);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	return signer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	* The "CertificateVerify" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	class T10CertificateVerifyProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	private T10CertificateVerifyProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	for (SSLPossession possession : chc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	if (x509Possession == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	x509Possession.popPrivateKey == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	"No X.509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	T10CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	new T10CertificateVerifyMessage(chc, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	"Produced CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	cvm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517	* The "CertificateVerify" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	class T10CertificateVerifyConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	private T10CertificateVerifyConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	T10CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	new T10CertificateVerifyMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	"Consuming CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	// Need no additional validation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	// Need no new handshake message producers here. }
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	* The CertificateVerify handshake message (TLS 1.2).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	static final class T12CertificateVerifyMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	// the signature algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	private final SignatureScheme signatureScheme;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	// signature bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	private final byte[] signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	T12CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 54417 diff changeset	567	chc.algorithmConstraints,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	chc.peerRequestedSignatureSchemes,
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	569	x509Possession,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	if (signatureScheme == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	// Unlikely, the credentials generator should have
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573	// selected the preferable signature algorithm properly.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	574	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575	"No preferred signature algorithm for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	byte[] temproary = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581	signatureScheme.getSignature(x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582	signer.update(chc.handshakeHash.archived());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	temproary = signer.sign();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584	} catch (NoSuchAlgorithmException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585	InvalidAlgorithmParameterException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	586	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	588	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590	} catch (InvalidKeyException \| SignatureException ikse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	591	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592	"Cannot produce CertificateVerify signature", ikse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595	this.signature = temproary;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	T12CertificateVerifyMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602	// This happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603	ServerHandshakeContext shc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604	(ServerHandshakeContext)handshakeContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	// SignatureAndHashAlgorithm algorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	// opaque signature<0..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609	// } DigitallySigned;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	if (m.remaining() < 4) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	611	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612	"Invalid CertificateVerify message: no sufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615	// SignatureAndHashAlgorithm algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	int ssid = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	this.signatureScheme = SignatureScheme.valueOf(ssid);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	if (signatureScheme == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	619	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	"Invalid signature algorithm (" + ssid +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	") used in CertificateVerify handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624	if (!shc.localSupportedSignAlgs.contains(signatureScheme)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	625	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	") used in CertificateVerify handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	// read and verify the signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	for (SSLCredentials cd : shc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	if (x509Credentials == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	x509Credentials.popPublicKey == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	642	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643	"No X509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	// opaque signature<0..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	this.signature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650	signatureScheme.getSignature(x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	signer.update(shc.handshakeHash.archived());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	if (!signer.verify(signature)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	653	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	"Invalid CertificateVerify signature");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	} catch (NoSuchAlgorithmException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	InvalidAlgorithmParameterException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	658	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	} catch (InvalidKeyException \| SignatureException ikse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	663	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	"Cannot verify CertificateVerify signature", ikse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	return SSLHandshake.CERTIFICATE_VERIFY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675	return 4 + signature.length; // 2: signature algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676	// +2: length of signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	679	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	680	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	681	hos.putInt16(signatureScheme.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	682	hos.putBytes16(signature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	683	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	684
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	687	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	"\"CertificateVerify\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689	" \"signature algorithm\": {0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	690	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	691	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	692	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	693	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	694	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	695
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	696	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	697	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	698	signatureScheme.name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700	hexEncoder.encodeBuffer(signature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	706
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	707	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	708	* The "CertificateVerify" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	709	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	710	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	class T12CertificateVerifyProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	private T12CertificateVerifyProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	716
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	717	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	718	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	719	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	720	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	721	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	722
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	723	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	724	for (SSLPossession possession : chc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	725	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	726	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	730
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	if (x509Possession == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	732	x509Possession.popPrivateKey == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735	"No X.509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	739	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	740
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	741	T12CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742	new T12CertificateVerifyMessage(chc, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745	"Produced CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	746	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	747
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	749	cvm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	750	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	755	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	756
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758	* The "CertificateVerify" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	class T12CertificateVerifyConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763	private T12CertificateVerifyConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	765	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	768	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	769	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	T12CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773	new T12CertificateVerifyMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776	"Consuming CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	777	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	// Need no additional validation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	783
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	785	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	787	// Need no new handshake message producers here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	788	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	789	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792	* The CertificateVerify handshake message (TLS 1.3).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794	static final class T13CertificateVerifyMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	795	private static final byte[] serverSignHead = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796	// repeated 0x20 for 64 times
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	803	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	805	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	806	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	807	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	809	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	810	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	814	// "TLS 1.3, server CertificateVerify" + 0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	815	(byte)0x54, (byte)0x4c, (byte)0x53, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	(byte)0x31, (byte)0x2e, (byte)0x33, (byte)0x2c,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817	(byte)0x20, (byte)0x73, (byte)0x65, (byte)0x72,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	(byte)0x76, (byte)0x65, (byte)0x72, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819	(byte)0x43, (byte)0x65, (byte)0x72, (byte)0x74,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	(byte)0x69, (byte)0x66, (byte)0x69, (byte)0x63,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821	(byte)0x61, (byte)0x74, (byte)0x65, (byte)0x56,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822	(byte)0x65, (byte)0x72, (byte)0x69, (byte)0x66,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	823	(byte)0x79, (byte)0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	824	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	825
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	826	private static final byte[] clientSignHead = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	827	// repeated 0x20 for 64 times
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	828	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	829	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	830	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	831	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	840	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	841	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	845	// "TLS 1.3, client CertificateVerify" + 0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	(byte)0x54, (byte)0x4c, (byte)0x53, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	(byte)0x31, (byte)0x2e, (byte)0x33, (byte)0x2c,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848	(byte)0x20, (byte)0x63, (byte)0x6c, (byte)0x69,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849	(byte)0x65, (byte)0x6e, (byte)0x74, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850	(byte)0x43, (byte)0x65, (byte)0x72, (byte)0x74,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	851	(byte)0x69, (byte)0x66, (byte)0x69, (byte)0x63,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	(byte)0x61, (byte)0x74, (byte)0x65, (byte)0x56,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853	(byte)0x65, (byte)0x72, (byte)0x69, (byte)0x66,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854	(byte)0x79, (byte)0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858	// the signature algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859	private final SignatureScheme signatureScheme;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861	// signature bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862	private final byte[] signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864	T13CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	866	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	867
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	868	this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 54417 diff changeset	869	context.algorithmConstraints,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	870	context.peerRequestedSignatureSchemes,
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	871	x509Possession,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	872	context.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	873	if (signatureScheme == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	874	// Unlikely, the credentials generator should have
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	875	// selected the preferable signature algorithm properly.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	876	throw context.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	877	"No preferred signature algorithm for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	878	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	879
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	880	byte[] hashValue = context.handshakeHash.digest();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	881	byte[] contentCovered;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	882	if (context.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	883	contentCovered = Arrays.copyOf(clientSignHead,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	884	clientSignHead.length + hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	885	System.arraycopy(hashValue, 0, contentCovered,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	886	clientSignHead.length, hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	887	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	888	contentCovered = Arrays.copyOf(serverSignHead,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	889	serverSignHead.length + hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	890	System.arraycopy(hashValue, 0, contentCovered,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	891	serverSignHead.length, hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	892	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	893
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	894	byte[] temproary = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	895	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	896	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	897	signatureScheme.getSignature(x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	898	signer.update(contentCovered);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	899	temproary = signer.sign();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	900	} catch (NoSuchAlgorithmException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	901	InvalidAlgorithmParameterException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	902	throw context.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	903	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	904	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	905	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	906	} catch (InvalidKeyException \| SignatureException ikse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	907	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	908	"Cannot produce CertificateVerify signature", ikse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	909	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	910
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	911	this.signature = temproary;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	912	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	913
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	914	T13CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	915	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	916	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	917
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	918	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	919	// SignatureAndHashAlgorithm algorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	920	// opaque signature<0..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	921	// } DigitallySigned;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	922	if (m.remaining() < 4) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	923	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	924	"Invalid CertificateVerify message: no sufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	925	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	926
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	927	// SignatureAndHashAlgorithm algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	928	int ssid = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	929	this.signatureScheme = SignatureScheme.valueOf(ssid);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	930	if (signatureScheme == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	931	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	932	"Invalid signature algorithm (" + ssid +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	933	") used in CertificateVerify handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	934	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	935
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	936	if (!context.localSupportedSignAlgs.contains(signatureScheme)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	937	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	938	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	939	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	940	") used in CertificateVerify handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	941	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	942
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	943	// read and verify the signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	944	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	945	for (SSLCredentials cd : context.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	946	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	947	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	948	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	949	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	950	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	951
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	952	if (x509Credentials == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	953	x509Credentials.popPublicKey == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	954	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	955	"No X509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	956	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	957
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	958	// opaque signature<0..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	959	this.signature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	960
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	961	byte[] hashValue = context.handshakeHash.digest();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	962	byte[] contentCovered;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	963	if (context.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	964	contentCovered = Arrays.copyOf(serverSignHead,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	965	serverSignHead.length + hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	966	System.arraycopy(hashValue, 0, contentCovered,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	967	serverSignHead.length, hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	968	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	969	contentCovered = Arrays.copyOf(clientSignHead,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	970	clientSignHead.length + hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	971	System.arraycopy(hashValue, 0, contentCovered,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	972	clientSignHead.length, hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	973	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	974
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	975	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	976	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	977	signatureScheme.getSignature(x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	978	signer.update(contentCovered);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	979	if (!signer.verify(signature)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	980	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	981	"Invalid CertificateVerify signature");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	982	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	983	} catch (NoSuchAlgorithmException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	984	InvalidAlgorithmParameterException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	985	throw context.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	986	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	987	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	988	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	989	} catch (InvalidKeyException \| SignatureException ikse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	990	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	991	"Cannot verify CertificateVerify signature", ikse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	992	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	993	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	994
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	995	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	996	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	997	return SSLHandshake.CERTIFICATE_VERIFY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	998	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	999
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1000	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1001	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1002	return 4 + signature.length; // 2: signature algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1003	// +2: length of signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1004	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1005
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1006	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1007	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1008	hos.putInt16(signatureScheme.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1009	hos.putBytes16(signature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1010	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1011
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1012	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1013	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1014	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1015	"\"CertificateVerify\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1016	" \"signature algorithm\": {0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1017	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1018	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1019	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1020	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1021	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1022
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1023	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1024	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1025	signatureScheme.name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1026	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1027	hexEncoder.encodeBuffer(signature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1028	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1029
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1030	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1031	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1032	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1033
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1034	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1035	* The "CertificateVerify" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1036	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1037	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1038	class T13CertificateVerifyProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1039	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1040	private T13CertificateVerifyProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1041	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1042	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1043
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1044	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1045	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1046	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1047	// The producing happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1048	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1049
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1050	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1051	for (SSLPossession possession : hc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1052	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1053	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1054	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1055	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1056	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1057
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1058	if (x509Possession == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1059	x509Possession.popPrivateKey == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1060	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1061	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1062	"No X.509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1063	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1064
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1065	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1066	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1067
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1068	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1069	return onProduceCertificateVerify(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1070	(ClientHandshakeContext)context, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1071	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1072	return onProduceCertificateVerify(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1073	(ServerHandshakeContext)context, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1074	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1075	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1076
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1077	private byte[] onProduceCertificateVerify(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1078	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1079	T13CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1080	new T13CertificateVerifyMessage(shc, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1081	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1082	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1083	"Produced server CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1084	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1085
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1086	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1087	cvm.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1088	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1089
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1090	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1091	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1092	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1093
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1094	private byte[] onProduceCertificateVerify(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1095	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1096	T13CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1097	new T13CertificateVerifyMessage(chc, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1098	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1099	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1100	"Produced client CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1101	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1102
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1103	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1104	cvm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1105	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1106
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1107	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1108	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1109	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1110	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1111
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1112	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1113	* The "CertificateVerify" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1114	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1115	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1116	class T13CertificateVerifyConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1117	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1118	private T13CertificateVerifyConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1119	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1120	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1121
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1122	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1123	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1124	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1125	// The producing happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1126	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1127	T13CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1128	new T13CertificateVerifyMessage(hc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1129	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1130	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1131	"Consuming CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1132	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1133
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1134	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1135	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1136	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1137	// Need no additional validation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1138
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1139	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1140	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1141	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1142	// Need no new handshake message producers here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1143	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1144	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1145	}

author	xuelei
	Mon, 12 Aug 2019 21:36:29 -0700
changeset 57718	a93b7b28f644
parent 54417	f87041131515
child 58951	d6e682e8fcc3
permissions	-rw-r--r--