jdk-sandbox: src/java.base/share/classes/sun/security/ssl/ClientHello.java@c2398053ee90 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
53708 c34acb3a3330 8218580: endpoint identification algorithm should be case-insensitive xuelei parents: 53064 diff changeset	2	* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.SecureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.cert.X509Certificate;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.util.Collections;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.util.LinkedList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import javax.net.ssl.SSLException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import javax.net.ssl.SSLHandshakeException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import javax.net.ssl.SSLPeerUnverifiedException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import javax.net.ssl.SSLProtocolException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import sun.security.ssl.SupportedVersionsExtension.CHSupportedVersionsSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	* Pack of the ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	final class ClientHello {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	static final SSLProducer kickstartProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	new ClientHelloKickstartProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	static final SSLConsumer handshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	new ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	static final HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	new ClientHelloProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	private static final HandshakeConsumer t12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	new T12ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	private static final HandshakeConsumer t13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	new T13ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	private static final HandshakeConsumer d12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	new D12ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	private static final HandshakeConsumer d13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	new D13ClientHelloConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	* The ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	* See RFC 5264/4346/2246/6347 for the specifications.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	static final class ClientHelloMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	private final boolean isDTLS;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	final int clientVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	final RandomCookie clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	final SessionId sessionId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	private byte[] cookie; // DTLS only
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	final int[] cipherSuiteIds;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	final List<CipherSuite> cipherSuites; // known cipher suites only
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	final byte[] compressionMethod;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	final SSLExtensions extensions;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	private static final byte[] NULL_COMPRESSION = new byte[] {0};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	ClientHelloMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	int clientVersion, SessionId sessionId,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	List<CipherSuite> cipherSuites, SecureRandom generator) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	this.isDTLS = handshakeContext.sslContext.isDTLS();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	this.clientVersion = clientVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	this.clientRandom = new RandomCookie(generator);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	this.sessionId = sessionId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	this.cookie = new byte[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	this.cookie = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	this.cipherSuites = cipherSuites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	this.cipherSuiteIds = getCipherSuiteIds(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	this.extensions = new SSLExtensions(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	// Don't support compression.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	this.compressionMethod = NULL_COMPRESSION;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	/* Read up to the binders in the PSK extension. After this method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	* returns, the ByteBuffer position will be at end of the message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	* fragment that should be hashed to produce the PSK binder values.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	* The client of this method can use this position to determine the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	* message fragment and produce the binder values.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	static void readPartial(TransportContext tc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	boolean isDTLS = tc.sslContext.isDTLS();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	// version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	new RandomCookie(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	// session ID
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	// DTLS cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	// cipher suite IDs
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	// compression method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	// read extensions, if present
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	if (m.remaining() >= 2) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	int remaining = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	while (remaining > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	int id = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	int extLen = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	remaining -= extLen + 4;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	if (id == SSLExtension.CH_PRE_SHARED_KEY.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	// ensure pre_shared_key is the last extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	if (remaining > 0) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	146	throw tc.fatal(Alert.ILLEGAL_PARAMETER,
103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	147	"pre_shared_key extension is not last");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	// read only up to the IDs
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	m.position(m.position() + extLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	} // Otherwise, ignore the remaining bytes.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	ClientHelloMessage(HandshakeContext handshakeContext, ByteBuffer m,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	SSLExtension[] supportedExtensions) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	this.isDTLS = handshakeContext.sslContext.isDTLS();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	this.clientVersion = ((m.get() & 0xFF) << 8) \| (m.get() & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	this.clientRandom = new RandomCookie(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	this.sessionId = new SessionId(Record.getBytes8(m));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	sessionId.checkLength(clientVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	} catch (SSLProtocolException ex) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	171	throw handshakeContext.conContext.fatal(
103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	172	Alert.ILLEGAL_PARAMETER, ex);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	this.cookie = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	this.cookie = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	byte[] encodedIds = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	if (encodedIds.length == 0 \|\| (encodedIds.length & 0x01) != 0) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	182	throw handshakeContext.conContext.fatal(
103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	183	Alert.ILLEGAL_PARAMETER,
103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	184	"Invalid ClientHello message");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	this.cipherSuiteIds = new int[encodedIds.length >> 1];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	for (int i = 0, j = 0; i < encodedIds.length; i++, j++) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	cipherSuiteIds[j] =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	((encodedIds[i++] & 0xFF) << 8) \| (encodedIds[i] & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	this.cipherSuites = getCipherSuites(cipherSuiteIds);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	this.compressionMethod = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	// In TLS 1.3, use of certain extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	if (m.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	this.extensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	new SSLExtensions(this, m, supportedExtensions);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	this.extensions = new SSLExtensions(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	void setHelloCookie(byte[] cookie) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	this.cookie = cookie;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	// DTLS 1.0/1.2, for cookie generation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	byte[] getHelloCookieBytes() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	HandshakeOutStream hos = new HandshakeOutStream(null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	// copied from send() method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	hos.putInt8((byte)((clientVersion >>> 8) & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	hos.putInt8((byte)(clientVersion & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	hos.write(clientRandom.randomBytes, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	hos.putBytes8(sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	// ignore cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	hos.putBytes16(getEncodedCipherSuites());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	hos.putBytes8(compressionMethod);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	extensions.send(hos); // In TLS 1.3, use of certain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	// extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	return hos.toByteArray();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	// (D)TLS 1.3, for cookie generation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	byte[] getHeaderBytes() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	HandshakeOutStream hos = new HandshakeOutStream(null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	// copied from send() method
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	hos.putInt8((byte)((clientVersion >>> 8) & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	hos.putInt8((byte)(clientVersion & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	hos.write(clientRandom.randomBytes, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	hos.putBytes8(sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	hos.putBytes16(getEncodedCipherSuites());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	hos.putBytes8(compressionMethod);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	return hos.toByteArray();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	private static int[] getCipherSuiteIds(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	List<CipherSuite> cipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	if (cipherSuites != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	int[] ids = new int[cipherSuites.size()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	for (CipherSuite cipherSuite : cipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	ids[i++] = cipherSuite.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	return ids;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	return new int[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	private static List<CipherSuite> getCipherSuites(int[] ids) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	List<CipherSuite> cipherSuites = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	for (int id : ids) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	CipherSuite cipherSuite = CipherSuite.valueOf(id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	if (cipherSuite != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	cipherSuites.add(cipherSuite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	return Collections.unmodifiableList(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	private List<String> getCipherSuiteNames() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	List<String> names = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	for (int id : cipherSuiteIds) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	names.add(CipherSuite.nameOf(id) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	"(" + Utilities.byte16HexString(id) + ")"); }
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	return names;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	private byte[] getEncodedCipherSuites() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	byte[] encoded = new byte[cipherSuiteIds.length << 1];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	int i = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	for (int id : cipherSuiteIds) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	encoded[i++] = (byte)(id >> 8);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	encoded[i++] = (byte)id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	return encoded;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	return SSLHandshake.CLIENT_HELLO;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	* Add fixed size parts of each field...
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	* version + random + session + cipher + compress
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	return (2 + 32 + 1 + 2 + 1
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	+ sessionId.length() /* ... + variable parts */
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	+ (isDTLS ? (1 + cookie.length) : 0)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	+ (cipherSuiteIds.length * 2)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	+ compressionMethod.length)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	+ extensions.length(); // In TLS 1.3, use of certain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	// extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	sendCore(hos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	extensions.send(hos); // In TLS 1.3, use of certain
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	// extensions is mandatory.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	void sendCore(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	hos.putInt8((byte) (clientVersion >>> 8));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	hos.putInt8((byte) clientVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	hos.write(clientRandom.randomBytes, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	hos.putBytes8(sessionId.getId());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	hos.putBytes8(cookie);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	hos.putBytes16(getEncodedCipherSuites());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	hos.putBytes8(compressionMethod);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	if (isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	"\"ClientHello\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	" \"client version\" : \"{0}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	" \"random\" : \"{1}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	" \"session id\" : \"{2}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	" \"cookie\" : \"{3}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	" \"cipher suites\" : \"{4}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	" \"compression methods\" : \"{5}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	" \"extensions\" : [\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	"{6}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	" ]\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	ProtocolVersion.nameOf(clientVersion),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	Utilities.toHexString(clientRandom.randomBytes),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	sessionId.toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	Utilities.toHexString(cookie),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	getCipherSuiteNames().toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	Utilities.toHexString(compressionMethod),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	Utilities.indent(Utilities.indent(extensions.toString()))
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	"\"ClientHello\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	" \"client version\" : \"{0}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	" \"random\" : \"{1}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	" \"session id\" : \"{2}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	" \"cipher suites\" : \"{3}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	" \"compression methods\" : \"{4}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	" \"extensions\" : [\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	"{5}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	" ]\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	ProtocolVersion.nameOf(clientVersion),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	Utilities.toHexString(clientRandom.randomBytes),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	sessionId.toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	getCipherSuiteNames().toString(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	Utilities.toHexString(compressionMethod),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	Utilities.indent(Utilities.indent(extensions.toString()))
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	* The "ClientHello" handshake message kick start producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	class ClientHelloKickstartProducer implements SSLProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	private ClientHelloKickstartProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	// Produce kickstart handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	public byte[] produce(ConnectionContext context) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	// clean up this producer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	chc.handshakeProducers.remove(SSLHandshake.CLIENT_HELLO.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	// the max protocol version this client is supporting.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	ProtocolVersion maxProtocolVersion = chc.maximumActiveProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	// session ID of the ClientHello message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	SessionId sessionId = SSLSessionImpl.nullSession.getSessionId();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	// a list of cipher suites sent by the client
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	List<CipherSuite> cipherSuites = chc.activeCipherSuites;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	// Try to resume an existing session.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	SSLSessionContextImpl ssci = (SSLSessionContextImpl)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	chc.sslContext.engineGetClientSessionContext();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	SSLSessionImpl session = ssci.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	chc.conContext.transport.getPeerHost(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	chc.conContext.transport.getPeerPort());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	// If unsafe server certificate change is not allowed, reserve
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	// current server certificates if the previous handshake is a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	// session-resumption abbreviated initial handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	if (!ClientHandshakeContext.allowUnsafeServerCertChange &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	session.isSessionResumption()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	// If existing, peer certificate chain cannot be null.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	chc.reservedServerCerts =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	(X509Certificate[])session.getPeerCertificates();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432	} catch (SSLPeerUnverifiedException puve) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	// Maybe not certificate-based, ignore the exception.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	if (!session.isRejoinable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	"Can't resume, the session is not rejoinable");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	CipherSuite sessionSuite = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	sessionSuite = session.getSuite();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	if (!chc.isNegotiable(sessionSuite)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	"Can't resume, unavailable session cipher suite");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	ProtocolVersion sessionVersion = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462	sessionVersion = session.getProtocolVersion();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	if (!chc.isNegotiable(sessionVersion)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	"Can't resume, unavailable protocol version");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	if (session != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	!sessionVersion.useTLS13PlusSpec() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	SSLConfiguration.useExtendedMasterSecret) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477	boolean isEmsAvailable = chc.sslConfig.isAvailable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	SSLExtension.CH_EXTENDED_MASTER_SECRET, sessionVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	if (isEmsAvailable && !session.useExtendedMasterSecret &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	!SSLConfiguration.allowLegacyResumption) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	// perform full handshake instead
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	// The client SHOULD NOT offer an abbreviated handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	// to resume a session that does not use an extended
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	// master secret. Instead, it SHOULD offer a full
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	// handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	if ((session != null) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	!ClientHandshakeContext.allowUnsafeServerCertChange) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	// It is fine to move on with abbreviate handshake if
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493	// endpoint identification is enabled.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	String identityAlg = chc.sslConfig.identificationProtocol;
53018 8bf9268df0e2 8215281: Use String.isEmpty() when applicable in java.base redestad parents: 52170 diff changeset	495	if (identityAlg == null \|\| identityAlg.isEmpty()) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	if (isEmsAvailable) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	if (!session.useExtendedMasterSecret) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	// perform full handshake instead
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	} // Otherwise, use extended master secret.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	// The extended master secret extension does not
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	// apply to SSL 3.0. Perform a full handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	// instead.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	// Note that the useExtendedMasterSecret is
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507	// extended to protect SSL 3.0 connections,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	// by discarding abbreviate handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	session = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514
52170 2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	515	// ensure that the endpoint identification algorithm matches the
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	516	// one in the session
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	517	String identityAlg = chc.sslConfig.identificationProtocol;
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	518	if (session != null && identityAlg != null) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	519	String sessionIdentityAlg =
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	520	session.getIdentificationProtocol();
53708 c34acb3a3330 8218580: endpoint identification algorithm should be case-insensitive xuelei parents: 53064 diff changeset	521	if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) {
52170 2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	522	if (SSLLogger.isOn &&
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	523	SSLLogger.isOn("ssl,handshake,verbose")) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	524	SSLLogger.finest("Can't resume, endpoint id" +
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	525	" algorithm does not match, requested: " +
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	526	identityAlg + ", cached: " + sessionIdentityAlg);
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	527	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	528	session = null;
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	529	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	530	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	531
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	if (session != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	SSLLogger.finest("Try resuming session", session);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	// only set session id if session is 1.2 or earlier
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	if (!session.getProtocolVersion().useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	sessionId = session.getSessionId();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	if (!maxProtocolVersion.equals(sessionVersion)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	maxProtocolVersion = sessionVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	// Update protocol version number in underlying socket and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	// handshake output stream, so that the output records
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	// (at the record layer) have the correct version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	chc.setVersion(sessionVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	// If no new session is allowed, force use of the previous
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	// session ciphersuite, and add the renegotiation SCSV if
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	// necessary.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	if (!chc.sslConfig.enableSessionCreation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	if (!chc.conContext.isNegotiated &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	!sessionVersion.useTLS13PlusSpec() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556	cipherSuites.contains(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	cipherSuites = Arrays.asList(sessionSuite,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	} else { // otherwise, use renegotiation_info extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	cipherSuites = Arrays.asList(sessionSuite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567	"No new session is allowed, so try to resume " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	"the session cipher suite only", sessionSuite);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	chc.isResumption = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573	chc.resumingSession = session;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576	if (session == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	if (!chc.sslConfig.enableSessionCreation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	throw new SSLHandshakeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	"No new session is allowed and " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	"no existing session can be resumed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	if (maxProtocolVersion.useTLS13PlusSpec() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584	SSLConfiguration.useCompatibilityMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585	// In compatibility mode, the TLS 1.3 legacy_session_id
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586	// field MUST be non-empty, so a client not offering a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587	// pre-TLS 1.3 session MUST generate a new 32-byte value.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	588	sessionId =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589	new SessionId(true, chc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	ProtocolVersion minimumVersion = ProtocolVersion.NONE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	for (ProtocolVersion pv : chc.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595	if (minimumVersion == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	pv.compare(minimumVersion) < 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	minimumVersion = pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601	// exclude SCSV for secure renegotiation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602	if (!minimumVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603	if (chc.conContext.secureRenegotiation &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604	cipherSuites.contains(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606	// The cipherSuites may be unmodifiable
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	cipherSuites = new LinkedList<>(cipherSuites);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	cipherSuites.remove(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	// make sure there is a negotiable cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614	boolean negotiable = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615	for (CipherSuite suite : cipherSuites) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	if (chc.isNegotiable(suite)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	negotiable = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	if (!negotiable) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	throw new SSLHandshakeException("No negotiable cipher suite");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	// Create the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	ProtocolVersion clientHelloVersion = maxProtocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	if (clientHelloVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	// In (D)TLS 1.3, the client indicates its version preferences
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	// in the "supported_versions" extension and the client_version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	// (legacy_version) field MUST be set to (D)TLS 1.2.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	if (clientHelloVersion.isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	clientHelloVersion = ProtocolVersion.DTLS12;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	clientHelloVersion = ProtocolVersion.TLS12;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	ClientHelloMessage chm = new ClientHelloMessage(chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639	clientHelloVersion.id, sessionId, cipherSuites,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	chc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	// cache the client random number for further using
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643	chc.clientHelloRandom = chm.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	chc.clientHelloVersion = clientHelloVersion.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	// Produce extensions for ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	SSLExtension[] extTypes = chc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	SSLHandshake.CLIENT_HELLO, chc.activeProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	chm.extensions.produce(chc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	SSLLogger.fine("Produced ClientHello handshake message", chm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	chm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	// Reserve the initial ClientHello message for the follow on
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	// cookie exchange if needed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661	chc.initialClientHelloMsg = chm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	// What's the expected response?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	chc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665	SSLHandshake.SERVER_HELLO.id, SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	if (chc.sslContext.isDTLS() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	!minimumVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	chc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	SSLHandshake.HELLO_VERIFY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	SSLHandshake.HELLO_VERIFY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	679	class ClientHelloProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	680	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	681	private ClientHelloProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	682	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	683	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	684
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	// Response to one of the following handshake message:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686	// HelloRequest (SSL 3.0/TLS 1.0/1.1/1.2)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	687	// ServerHello(HelloRetryRequest) (TLS 1.3)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	// HelloVerifyRequest (DTLS 1.0/1.2)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	690	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	691	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	692	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	693	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	694
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	695	SSLHandshake ht = message.handshakeType();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	696	if (ht == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	697	throw new UnsupportedOperationException("Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	698	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700	switch (ht) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701	case HELLO_REQUEST:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702	// SSL 3.0/TLS 1.0/1.1/1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704	chc.kickstart();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705	} catch (IOException ioe) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	706	throw chc.conContext.fatal(
103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	707	Alert.HANDSHAKE_FAILURE, ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	708	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	709
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	710	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	case HELLO_VERIFY_REQUEST:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	// DTLS 1.0/1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715	// The HelloVerifyRequest consumer should have updated the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	716	// ClientHello handshake message with cookie.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	717	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	718	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	719	"Produced ClientHello(cookie) handshake message",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	720	chc.initialClientHelloMsg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	721	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	722
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	723	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	724	chc.initialClientHelloMsg.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	725	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	726
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	// What's the expected response?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728	chc.handshakeConsumers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	730
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	ProtocolVersion minimumVersion = ProtocolVersion.NONE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	732	for (ProtocolVersion pv : chc.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	if (minimumVersion == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734	pv.compare(minimumVersion) < 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735	minimumVersion = pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738	if (chc.sslContext.isDTLS() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	739	!minimumVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	740	chc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	741	SSLHandshake.HELLO_VERIFY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742	SSLHandshake.HELLO_VERIFY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	746	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	747	case HELLO_RETRY_REQUEST:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748	// TLS 1.3
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	749	// The HelloRetryRequest consumer should have updated the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	750	// ClientHello handshake message with cookie.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753	"Produced ClientHello(HRR) handshake message",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754	chc.initialClientHelloMsg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	755	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	756
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758	chc.initialClientHelloMsg.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	// What's the expected response?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	chc.conContext.consumers.putIfAbsent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763	ContentType.CHANGE_CIPHER_SPEC.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764	ChangeCipherSpec.t13Consumer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	765	chc.handshakeConsumers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	768	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	769	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771	throw new UnsupportedOperationException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	"Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	777	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778	* The "ClientHello" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780	private static final class ClientHelloConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	private ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	783	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	785
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	787	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	788	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	789	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792	// clean up this consumer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793	shc.handshakeConsumers.remove(SSLHandshake.CLIENT_HELLO.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794	if (!shc.handshakeConsumers.isEmpty()) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	795	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796	"No more handshake message allowed " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797	"in a ClientHello flight");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800	// Get enabled extension types in ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801	SSLExtension[] enabledExtensions =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802	shc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	803	SSLHandshake.CLIENT_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804
53852 25002c4f0145 8219389: Delegated task created by SSLEngine throws BufferUnderflowException xuelei parents: 53735 diff changeset	805	ClientHelloMessage chm =
25002c4f0145 8219389: Delegated task created by SSLEngine throws BufferUnderflowException xuelei parents: 53735 diff changeset	806	new ClientHelloMessage(shc, message, enabledExtensions);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	807	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808	SSLLogger.fine("Consuming ClientHello handshake message", chm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	809	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	810
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811	shc.clientHelloVersion = chm.clientVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812	onClientHello(shc, chm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	814
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	815	private void onClientHello(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817	// Negotiate protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819	// Check and launch SupportedVersions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	SSLExtension[] extTypes = new SSLExtension[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821	SSLExtension.CH_SUPPORTED_VERSIONS
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	823	clientHello.extensions.consumeOnLoad(context, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	824
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	825	ProtocolVersion negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	826	CHSupportedVersionsSpec svs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	827	(CHSupportedVersionsSpec)context.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	828	SSLExtension.CH_SUPPORTED_VERSIONS);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	829	if (svs != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	830	negotiatedProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	831	negotiateProtocol(context, svs.requestedProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	negotiatedProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834	negotiateProtocol(context, clientHello.clientVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836	context.negotiatedProtocol = negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839	"Negotiated protocol version: " + negotiatedProtocol.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	840	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	841
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842	// Consume the handshake message for the specific protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843	if (negotiatedProtocol.isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844	if (negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	845	d13HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	d12HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850	if (negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	851	t13HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853	t12HandshakeConsumer.consume(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858	// Select a protocol version according to the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859	// ClientHello.client_version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860	private ProtocolVersion negotiateProtocol(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861	ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862	int clientHelloVersion) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864	// Per TLS 1.3 specification, server MUST negotiate TLS 1.2 or prior
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865	// even if ClientHello.client_version is 0x0304 or later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	866	int chv = clientHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	867	if (context.sslContext.isDTLS()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	868	if (chv < ProtocolVersion.DTLS12.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	869	chv = ProtocolVersion.DTLS12.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	870	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	871	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	872	if (chv > ProtocolVersion.TLS12.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	873	chv = ProtocolVersion.TLS12.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	874	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	875	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	876
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	877	// Select a protocol version from the activated protocols.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	878	ProtocolVersion pv = ProtocolVersion.selectedFrom(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	879	context.activeProtocols, chv);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	880	if (pv == null \|\| pv == ProtocolVersion.NONE \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	881	pv == ProtocolVersion.SSL20Hello) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	882	throw context.conContext.fatal(Alert.PROTOCOL_VERSION,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	883	"Client requested protocol " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	884	ProtocolVersion.nameOf(clientHelloVersion) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	885	" is not enabled or supported in server context");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	886	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	887
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	888	return pv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	889	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	890
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	891	// Select a protocol version according to the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	892	// supported_versions extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	893	private ProtocolVersion negotiateProtocol(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	894	ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	895	int[] clientSupportedVersions) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	896
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	897	// The client supported protocol versions are present in client
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	898	// preference order. This implementation chooses to use the server
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	899	// preference of protocol versions instead.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	900	for (ProtocolVersion spv : context.activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	901	if (spv == ProtocolVersion.SSL20Hello) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	902	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	903	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	904	for (int cpv : clientSupportedVersions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	905	if (cpv == ProtocolVersion.SSL20Hello.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	906	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	907	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	908	if (spv.id == cpv) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	909	return spv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	910	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	911	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	912	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	913
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	914	// No protocol version can be negotiated.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	915	throw context.conContext.fatal(Alert.PROTOCOL_VERSION,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	916	"The client supported protocol versions " + Arrays.toString(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	917	ProtocolVersion.toStringArray(clientSupportedVersions)) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	918	" are not accepted by server preferences " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	919	context.activeProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	920	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	921	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	922
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	923	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	924	* The "ClientHello" handshake message consumer for TLS 1.2 and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	925	* prior SSL/TLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	926	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	927	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	928	class T12ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	929	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	930	private T12ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	931	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	932	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	933
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	934	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	935	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	936	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	937	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	938	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	939	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	940
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	941	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	942	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	943	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	944
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	945	// Reject client initiated renegotiation?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	946	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	947	// If server side should reject client-initiated renegotiation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	948	// send an Alert.HANDSHAKE_FAILURE fatal alert, not a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	949	// no_renegotiation warning alert (no_renegotiation must be a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	950	// warning: RFC 2246). no_renegotiation might seem more
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	951	// natural at first, but warnings are not appropriate because
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	952	// the sending party does not know how the receiving party
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	953	// will behave. This state must be treated as a fatal server
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	954	// condition.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	955	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	956	// This will not have any impact on server initiated renegotiation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	957	if (shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	958	if (!shc.conContext.secureRenegotiation &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	959	!HandshakeContext.allowUnsafeRenegotiation) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	960	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	961	"Unsafe renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	962	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	963
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	964	if (ServerHandshakeContext.rejectClientInitiatedRenego &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	965	!shc.kickstartMessageDelivered) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	966	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	967	"Client initiated renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	968	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	969	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	970
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	971	// Consume a Session Ticket Extension if it exists
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	972	SSLExtension[] ext = new SSLExtension[]{
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	973	SSLExtension.CH_SESSION_TICKET
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	974	};
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	975	clientHello.extensions.consumeOnLoad(shc, ext);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	976
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	977	// Does the client want to resume a session?
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	978	if (clientHello.sessionId.length() != 0 \|\| shc.statelessResumption) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	979	SSLSessionContextImpl cache = (SSLSessionContextImpl)shc.sslContext
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	980	.engineGetServerSessionContext();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	981
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	982	SSLSessionImpl previous;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	983	// Use the stateless session ticket if provided
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	984	if (shc.statelessResumption) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	985	previous = shc.resumingSession;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	986	} else {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	987	previous = cache.get(clientHello.sessionId.getId());
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	988	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	989
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	990	boolean resumingSession =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	991	(previous != null) && previous.isRejoinable();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	992	if (!resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	993	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	994	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	995	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	996	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	997	"the existing session is not rejoinable");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	998	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	999	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1000	// Validate the negotiated protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1001	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1002	ProtocolVersion sessionProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1003	previous.getProtocolVersion();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1004	if (sessionProtocol != shc.negotiatedProtocol) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1005	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1006	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1007	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1008	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1009	"Can't resume, not the same protocol version");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1010	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1011	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1012	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1013
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1014	// Validate the required client authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1015	if (resumingSession &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1016	(shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1017	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1018	previous.getPeerPrincipal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1019	} catch (SSLPeerUnverifiedException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1020	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1021	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1022	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1023	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1024	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1025	"client authentication is required");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1026	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1027	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1028	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1029
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1030	// Validate that the cached cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1031	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1032	CipherSuite suite = previous.getSuite();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1033	if ((!shc.isNegotiable(suite)) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1034	(!clientHello.cipherSuites.contains(suite))) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1035	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1036	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1037	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1038	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1039	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1040	"the session cipher suite is absent");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1041	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1042	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1043	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1044
52170 2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1045	// ensure that the endpoint identification algorithm matches the
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1046	// one in the session
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1047	String identityAlg = shc.sslConfig.identificationProtocol;
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1048	if (resumingSession && identityAlg != null) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1049	String sessionIdentityAlg =
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1050	previous.getIdentificationProtocol();
53708 c34acb3a3330 8218580: endpoint identification algorithm should be case-insensitive xuelei parents: 53064 diff changeset	1051	if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) {
52170 2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1052	if (SSLLogger.isOn &&
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1053	SSLLogger.isOn("ssl,handshake,verbose")) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1054	SSLLogger.finest("Can't resume, endpoint id" +
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1055	" algorithm does not match, requested: " +
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1056	identityAlg + ", cached: " + sessionIdentityAlg);
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1057	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1058	resumingSession = false;
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1059	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1060	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 50768 diff changeset	1061
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1062	// So far so good. Note that the handshake extensions may reset
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1063	// the resuming options later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1064	shc.isResumption = resumingSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1065	shc.resumingSession = resumingSession ? previous : null;
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1066
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1067	if (!resumingSession && SSLLogger.isOn &&
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1068	SSLLogger.isOn("ssl,handshake")) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1069	SSLLogger.fine("Session not resumed.");
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1070	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1071	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1072
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1073	// cache the client random number for further using
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1074	shc.clientHelloRandom = clientHello.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1075
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1076	// Check and launch ClientHello extensions.
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1077	SSLExtension[] extTypes = shc.sslConfig.getExclusiveExtensions(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1078	SSLHandshake.CLIENT_HELLO,
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1079	Arrays.asList(SSLExtension.CH_SESSION_TICKET));
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1080	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1081
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1082	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1083	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1084	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1085	if (!shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1086	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1087	shc.conContext.outputRecord.setVersion(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1088	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1089
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1090	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1091	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1092	// Only need to ServerHello, which may add more responders later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1093	// Note that ServerHello and HelloRetryRequest share the same
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1094	// handshake type/id. The ServerHello producer may be replaced
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1095	// by HelloRetryRequest producer if needed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1096	shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1097	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1098
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1099	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1100	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1101	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1102	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1103	SSLHandshake.SERVER_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1104
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1105	// full handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1106	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1107	SSLHandshake.CERTIFICATE_STATUS,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1108	SSLHandshake.SERVER_KEY_EXCHANGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1109	SSLHandshake.CERTIFICATE_REQUEST,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1110	SSLHandshake.SERVER_HELLO_DONE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1111
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1112	// abbreviated handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1113	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1114	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1115
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1116	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1117	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1118	shc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1119	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1120	handshakeProducer.produce(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1121	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1122	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1123	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1124	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1125
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1126	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1127	* The "ClientHello" handshake message consumer for TLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1128	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1129	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1130	class T13ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1131	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1132	private T13ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1133	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1134	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1135
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1136	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1137	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1138	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1139	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1140	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1141	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1142
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1143	// The client may send a dummy change_cipher_spec record
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1144	// immediately after the first ClientHello.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1145	shc.conContext.consumers.putIfAbsent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1146	ContentType.CHANGE_CIPHER_SPEC.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1147	ChangeCipherSpec.t13Consumer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1148
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1149	// Is it a resumption?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1150	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1151	// Check and launch the "psk_key_exchange_modes" and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1152	// "pre_shared_key" extensions first, which will reset the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1153	// resuming session, no matter the extensions present or not.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1154	shc.isResumption = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1155	SSLExtension[] extTypes = new SSLExtension[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1156	SSLExtension.PSK_KEY_EXCHANGE_MODES,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1157	SSLExtension.CH_PRE_SHARED_KEY
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1158	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1159	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1160
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1161	// Check and launch ClientHello extensions other than
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1162	// "psk_key_exchange_modes", "pre_shared_key", "protocol_version"
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1163	// and "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1164	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1165	// These extensions may discard session resumption, or ask for
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1166	// hello retry.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1167	extTypes = shc.sslConfig.getExclusiveExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1168	SSLHandshake.CLIENT_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1169	Arrays.asList(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1170	SSLExtension.PSK_KEY_EXCHANGE_MODES,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1171	SSLExtension.CH_PRE_SHARED_KEY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1172	SSLExtension.CH_SUPPORTED_VERSIONS));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1173	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1174
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1175	if (!shc.handshakeProducers.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1176	// Should be HelloRetryRequest producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1177	goHelloRetryRequest(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1178	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1179	goServerHello(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1180	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1181	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1182
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1183	private void goHelloRetryRequest(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1184	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1185	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1186	shc.handshakeProducers.remove(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1187	SSLHandshake.HELLO_RETRY_REQUEST.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1188	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1189	handshakeProducer.produce(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1190	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1191	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1192	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1193	"No HelloRetryRequest producer: " + shc.handshakeProducers);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1194	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1195
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1196	if (!shc.handshakeProducers.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1197	// unlikely, but please double check.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1198	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1199	"unknown handshake producers: " + shc.handshakeProducers);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1201	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1202
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1203	private void goServerHello(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1204	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1205	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1206	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1207	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1208	shc.clientHelloRandom = clientHello.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1209
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1210	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1211	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1212	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1213	if (!shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1214	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1215	shc.conContext.outputRecord.setVersion(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1216	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1217
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1218	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1219	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1220	// Only ServerHello/HelloRetryRequest producer, which adds
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1221	// more responders later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1222	shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1223	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1224
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1225	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1226	SSLHandshake.SERVER_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1227
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1228	// full handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1229	SSLHandshake.ENCRYPTED_EXTENSIONS,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1230	SSLHandshake.CERTIFICATE_REQUEST,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1231	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1232	SSLHandshake.CERTIFICATE_VERIFY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1233	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1234	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1235
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1236	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1237	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1238	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1239	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1240	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1241	shc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1242	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1243	handshakeProducer.produce(shc, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1244	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1245	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1246	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1247	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1248
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1249	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1250	* The "ClientHello" handshake message consumer for DTLS 1.2 and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1251	* previous DTLS protocol versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1252	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1253	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1254	class D12ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1255	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1256	private D12ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1257	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1258	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1259
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1260	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1261	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1262	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1263	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1264	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1265	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1266
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1267	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1268	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1269	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1270
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1271	// Reject client initiated renegotiation?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1272	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1273	// If server side should reject client-initiated renegotiation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1274	// send an Alert.HANDSHAKE_FAILURE fatal alert, not a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1275	// no_renegotiation warning alert (no_renegotiation must be a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1276	// warning: RFC 2246). no_renegotiation might seem more
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1277	// natural at first, but warnings are not appropriate because
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1278	// the sending party does not know how the receiving party
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1279	// will behave. This state must be treated as a fatal server
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1280	// condition.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1281	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1282	// This will not have any impact on server initiated renegotiation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1283	if (shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1284	if (!shc.conContext.secureRenegotiation &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1285	!HandshakeContext.allowUnsafeRenegotiation) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1286	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1287	"Unsafe renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1288	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1289
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1290	if (ServerHandshakeContext.rejectClientInitiatedRenego &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1291	!shc.kickstartMessageDelivered) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53018 diff changeset	1292	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1293	"Client initiated renegotiation is not allowed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1294	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1295	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1296
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1297
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1298	// Does the client want to resume a session?
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1299	if (clientHello.sessionId.length() != 0) {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1300	SSLSessionContextImpl cache = (SSLSessionContextImpl)shc.sslContext
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1301	.engineGetServerSessionContext();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1302
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1303	// Consume a Session Ticket Extension if it exists
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1304	SSLExtension[] ext = new SSLExtension[]{
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1305	SSLExtension.CH_SESSION_TICKET
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1306	};
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1307	clientHello.extensions.consumeOnLoad(shc, ext);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1308
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1309	SSLSessionImpl previous;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1310	// Use stateless session ticket if provided.
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1311	if (shc.statelessResumption) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1312	previous = shc.resumingSession;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1313	} else {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1314	previous = cache.get(clientHello.sessionId.getId());
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 53852 diff changeset	1315	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1316
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1317	boolean resumingSession =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1318	(previous != null) && previous.isRejoinable();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1319	if (!resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1320	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1321	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1322	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1323	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1324	"the existing session is not rejoinable");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1325	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1326	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1327	// Validate the negotiated protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1328	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1329	ProtocolVersion sessionProtocol =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1330	previous.getProtocolVersion();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1331	if (sessionProtocol != shc.negotiatedProtocol) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1332	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1333	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1334	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1335	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1336	"Can't resume, not the same protocol version");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1337	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1338	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1339	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1340
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1341	// Validate the required client authentication.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1342	if (resumingSession &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1343	(shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1344
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1345	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1346	previous.getPeerPrincipal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1347	} catch (SSLPeerUnverifiedException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1348	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1349	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1350	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1351	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1352	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1353	"client authentication is required");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1354	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1355	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1356	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1357
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1358	// Validate that the cached cipher suite.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1359	if (resumingSession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1360	CipherSuite suite = previous.getSuite();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1361	if ((!shc.isNegotiable(suite)) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1362	(!clientHello.cipherSuites.contains(suite))) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1363	resumingSession = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1364	if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1365	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1366	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1367	"Can't resume, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1368	"the session cipher suite is absent");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1369	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1370	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1371	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1372
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1373	// So far so good. Note that the handshake extensions may reset
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1374	// the resuming options later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1375	shc.isResumption = resumingSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1376	shc.resumingSession = resumingSession ? previous : null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1377	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1378
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1379	HelloCookieManager hcm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1380	shc.sslContext.getHelloCookieManager(ProtocolVersion.DTLS10);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1381	if (!shc.isResumption &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1382	!hcm.isCookieValid(shc, clientHello, clientHello.cookie)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1383	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1384	// Perform cookie exchange for DTLS handshaking if no cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1385	// or the cookie is invalid in the ClientHello message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1386	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1387	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1388	shc.handshakeProducers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1389	SSLHandshake.HELLO_VERIFY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1390	SSLHandshake.HELLO_VERIFY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1391
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1392	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1393	// produce response handshake message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1394	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1395	SSLHandshake.HELLO_VERIFY_REQUEST.produce(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1396
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1397	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1398	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1399
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1400	// cache the client random number for further using
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1401	shc.clientHelloRandom = clientHello.clientRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1402
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1403	// Check and launch ClientHello extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1404	SSLExtension[] extTypes = shc.sslConfig.getEnabledExtensions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1405	SSLHandshake.CLIENT_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1406	clientHello.extensions.consumeOnLoad(shc, extTypes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1407
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1408	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1409	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1410	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1411	if (!shc.conContext.isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1412	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1413	shc.conContext.outputRecord.setVersion(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1414	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1415
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1416	// update the responders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1417	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1418	// Only need to ServerHello, which may add more responders later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1419	shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1420	SSLHandshake.SERVER_HELLO);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1421
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1422	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1423	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1424	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1425	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1426	SSLHandshake.SERVER_HELLO,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1427
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1428	// full handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1429	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1430	SSLHandshake.CERTIFICATE_STATUS,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1431	SSLHandshake.SERVER_KEY_EXCHANGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1432	SSLHandshake.CERTIFICATE_REQUEST,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1433	SSLHandshake.SERVER_HELLO_DONE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1434
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1435	// abbreviated handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1436	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1437	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1438
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1439	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1440	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1441	shc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1442	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1443	handshakeProducer.produce(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1444	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1445	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1446	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1447	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1448
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1449	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1450	* The "ClientHello" handshake message consumer for DTLS 1.3.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1451	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1452	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1453	class D13ClientHelloConsumer implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1454	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1455	private D13ClientHelloConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1456	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1457	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1458
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1459	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1460	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1461	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1462	throw new UnsupportedOperationException("Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1463	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1464	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1465	}

author	ascarpino
	Tue, 11 Jun 2019 16:31:37 -0700
changeset 55336	c2398053ee90
parent 53852	25002c4f0145
permissions	-rw-r--r--