jdk-sandbox: src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java@c2398053ee90 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
53708 c34acb3a3330 8218580: endpoint identification algorithm should be case-insensitive xuelei parents: 53064 diff changeset	2	* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.security.*;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.util.ArrayList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.util.Arrays;
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	35	import java.util.Collection;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import javax.crypto.Mac;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import javax.crypto.SecretKey;
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	38	import javax.net.ssl.SSLPeerUnverifiedException;
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	39	import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import sun.security.ssl.ClientHello.ClientHelloMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import sun.security.ssl.SSLExtension.ExtensionConsumer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import sun.security.ssl.SSLExtension.SSLExtensionSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import sun.security.ssl.SSLHandshake.HandshakeMessage;
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	44	import sun.security.ssl.SessionTicketExtension.SessionTicketSpec;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	45	import sun.security.util.HexDumpEncoder;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	46
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	import static sun.security.ssl.SSLExtension.*;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	* Pack of the "pre_shared_key" extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	final class PreSharedKeyExtension {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	static final HandshakeProducer chNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	new CHPreSharedKeyProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	static final ExtensionConsumer chOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	new CHPreSharedKeyConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	static final HandshakeAbsence chOnLoadAbsence =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	new CHPreSharedKeyAbsence();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	static final HandshakeConsumer chOnTradeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	new CHPreSharedKeyUpdate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	static final SSLStringizer chStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	new CHPreSharedKeyStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	static final HandshakeProducer shNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	new SHPreSharedKeyProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	static final ExtensionConsumer shOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	new SHPreSharedKeyConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	static final HandshakeAbsence shOnLoadAbsence =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	new SHPreSharedKeyAbsence();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	static final SSLStringizer shStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	new SHPreSharedKeyStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	private static final class PskIdentity {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	final byte[] identity;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	final int obfuscatedAge;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	PskIdentity(byte[] identity, int obfuscatedAge) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	this.identity = identity;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	this.obfuscatedAge = obfuscatedAge;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	int getEncodedLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	return 2 + identity.length + 4;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	void writeEncoded(ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	Record.putBytes16(m, identity);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	Record.putInt32(m, obfuscatedAge);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	public String toString() {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	93	return "{" + Utilities.toHexString(identity) + ", " +
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	obfuscatedAge + "}";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	class CHPreSharedKeySpec implements SSLExtensionSpec {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	final List<PskIdentity> identities;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	final List<byte[]> binders;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	CHPreSharedKeySpec(List<PskIdentity> identities, List<byte[]> binders) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	this.identities = identities;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	this.binders = binders;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	CHPreSharedKeySpec(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	// PskIdentity identities<7..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	// PskBinderEntry binders<33..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	// } OfferedPsks;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	if (m.remaining() < 44) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	115	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	"Invalid pre_shared_key extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	"insufficient data (length=" + m.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	int idEncodedLength = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	if (idEncodedLength < 7) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	122	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	"Invalid pre_shared_key extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	"insufficient identities (length=" + idEncodedLength + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	identities = new ArrayList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	int idReadLength = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	while (idReadLength < idEncodedLength) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	byte[] id = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	if (id.length < 1) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	132	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	"Invalid pre_shared_key extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	"insufficient identity (length=" + id.length + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	int obfuscatedTicketAge = Record.getInt32(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	PskIdentity pskId = new PskIdentity(id, obfuscatedTicketAge);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	identities.add(pskId);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	idReadLength += pskId.getEncodedLength();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	if (m.remaining() < 35) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	144	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	"Invalid pre_shared_key extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	"insufficient binders data (length=" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	m.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	int bindersEncodedLen = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	if (bindersEncodedLen < 33) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	152	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	"Invalid pre_shared_key extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	"insufficient binders (length=" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	bindersEncodedLen + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	binders = new ArrayList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	int bindersReadLength = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	while (bindersReadLength < bindersEncodedLen) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	byte[] binder = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	if (binder.length < 32) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	163	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	"Invalid pre_shared_key extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	"insufficient binder entry (length=" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	binder.length + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	binders.add(binder);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	bindersReadLength += 1 + binder.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	int getIdsEncodedLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	int idEncodedLength = 0;
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	175	for (PskIdentity curId : identities) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	idEncodedLength += curId.getEncodedLength();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	return idEncodedLength;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	int getBindersEncodedLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	int binderEncodedLength = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	for (byte[] curBinder : binders) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	binderEncodedLength += 1 + curBinder.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	return binderEncodedLength;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	byte[] getEncoded() throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	int idsEncodedLength = getIdsEncodedLength();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	int bindersEncodedLength = getBindersEncodedLength();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	int encodedLength = 4 + idsEncodedLength + bindersEncodedLength;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	byte[] buffer = new byte[encodedLength];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	ByteBuffer m = ByteBuffer.wrap(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	Record.putInt16(m, idsEncodedLength);
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	198	for (PskIdentity curId : identities) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	curId.writeEncoded(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	Record.putInt16(m, bindersEncodedLength);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	for (byte[] curBinder : binders) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	Record.putBytes8(m, curBinder);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	return buffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	"\"PreSharedKey\": '{'\n" +
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	213	" \"identities\": '{'\n" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	214	"{0}\n" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	215	" '}'" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	216	" \"binders\": \"{1}\",\n" +
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	Utilities.indent(identitiesString()),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	Utilities.indent(bindersString())
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	String identitiesString() {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	229	HexDumpEncoder hexEncoder = new HexDumpEncoder();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	230
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	StringBuilder result = new StringBuilder();
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	232	for (PskIdentity curId : identities) {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	233	result.append(" {\n"+ Utilities.indent(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	234	hexEncoder.encode(curId.identity), " ") +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	235	"\n }\n");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	return result.toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	String bindersString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	StringBuilder result = new StringBuilder();
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	243	for (byte[] curBinder : binders) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	result.append("{" + Utilities.toHexString(curBinder) + "}\n");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	return result.toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	class CHPreSharedKeyStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	// As the HandshakeContext parameter of CHPreSharedKeySpec
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	// constructor is used for fatal alert only, we can use
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	// null HandshakeContext here as we don't care about exception.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	// Please take care of this code if the CHPreSharedKeySpec
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	// constructor is updated in the future.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	return (new CHPreSharedKeySpec(null, buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	} catch (Exception ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	return ex.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	class SHPreSharedKeySpec implements SSLExtensionSpec {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	final int selectedIdentity;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	SHPreSharedKeySpec(int selectedIdentity) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	this.selectedIdentity = selectedIdentity;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	SHPreSharedKeySpec(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	if (m.remaining() < 2) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	281	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	"Invalid pre_shared_key extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	"insufficient selected_identity (length=" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	m.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	this.selectedIdentity = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	289	byte[] getEncoded() {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	return new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	(byte)((selectedIdentity >> 8) & 0xFF),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	(byte)(selectedIdentity & 0xFF)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	"\"PreSharedKey\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	" \"selected_identity\" : \"{0}\",\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	Utilities.byte16HexString(selectedIdentity)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	class SHPreSharedKeyStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	// As the HandshakeContext parameter of SHPreSharedKeySpec
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	// constructor is used for fatal alert only, we can use
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	// null HandshakeContext here as we don't care about exception.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	// Please take care of this code if the SHPreSharedKeySpec
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	// constructor is updated in the future.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	return (new SHPreSharedKeySpec(null, buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	} catch (Exception ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	return ex.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	class CHPreSharedKeyConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	private CHPreSharedKeyConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	HandshakeMessage message,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	ByteBuffer buffer) throws IOException {
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	342	ClientHelloMessage clientHello = (ClientHelloMessage) message;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	if (!shc.sslConfig.isAvailable(SSLExtension.CH_PRE_SHARED_KEY)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	"Ignore unavailable pre_shared_key extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	return; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	// Parse the extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	CHPreSharedKeySpec pskSpec = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	pskSpec = new CHPreSharedKeySpec(shc, buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	} catch (IOException ioe) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	358	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	// The "psk_key_exchange_modes" extension should have been loaded.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	if (!shc.handshakeExtensions.containsKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	SSLExtension.PSK_KEY_EXCHANGE_MODES)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	364	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	"Client sent PSK but not PSK modes, or the PSK " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	"extension is not the last extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	// error if id and binder lists are not the same length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	if (pskSpec.identities.size() != pskSpec.binders.size()) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	371	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	"PSK extension has incorrect number of binders");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	if (shc.isResumption) { // resumingSession may not be set
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	shc.sslContext.engineGetServerSessionContext();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	int idIndex = 0;
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	379	SSLSessionImpl s = null;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	380
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	for (PskIdentity requestedId : pskSpec.identities) {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	382	// If we are keeping state, see if the identity is in the cache
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	383	if (requestedId.identity.length == SessionId.MAX_LENGTH) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	384	s = sessionCache.get(requestedId.identity);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	385	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	386	// See if the identity is a stateless ticket
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	387	if (s == null &&
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	388	requestedId.identity.length > SessionId.MAX_LENGTH &&
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	389	sessionCache.statelessEnabled()) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	390	ByteBuffer b =
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	391	new SessionTicketSpec(requestedId.identity).
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	392	decrypt(shc);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	393	if (b != null) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	394	try {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	395	s = new SSLSessionImpl(shc, b);
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	396	} catch (IOException \| RuntimeException e) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	397	s = null;
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	398	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	399	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	400	if (b == null \|\| s == null) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	401	if (SSLLogger.isOn &&
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	402	SSLLogger.isOn("ssl,handshake")) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	403	SSLLogger.fine(
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	404	"Stateless session ticket invalid");
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	405	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	406	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	407	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	408
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	409	if (s != null && canRejoin(clientHello, shc, s)) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	SSLLogger.fine("Resuming session: ", s);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	// binder will be checked later
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	shc.resumingSession = s;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	shc.handshakeExtensions.put(SH_PRE_SHARED_KEY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	new SHPreSharedKeySpec(idIndex)); // for the index
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	++idIndex;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	if (idIndex == pskSpec.identities.size()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	// no resumable session
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	shc.isResumption = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	shc.resumingSession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	shc.handshakeExtensions.put(
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	432	SSLExtension.CH_PRE_SHARED_KEY, pskSpec);
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	433	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	434	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	435
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	436	private static boolean canRejoin(ClientHelloMessage clientHello,
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	437	ServerHandshakeContext shc, SSLSessionImpl s) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	438
54253 01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	439	boolean result = s.isRejoinable() && (s.getPreSharedKey() != null);
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	440
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	441	// Check protocol version
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	442	if (result && s.getProtocolVersion() != shc.negotiatedProtocol) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	443	if (SSLLogger.isOn &&
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	444	SSLLogger.isOn("ssl,handshake,verbose")) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	445
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	446	SSLLogger.finest("Can't resume, incorrect protocol version");
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	447	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	448	result = false;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	}
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	450
52512 1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	451	// Make sure that the server handshake context's localSupportedSignAlgs
1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	452	// field is populated. This is particularly important when
1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	453	// client authentication was used in an initial session and it is
1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	454	// now being resumed.
1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	455	if (shc.localSupportedSignAlgs == null) {
1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	456	shc.localSupportedSignAlgs =
1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	457	SignatureScheme.getSupportedAlgorithms(
1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	458	shc.algorithmConstraints, shc.activeProtocols);
1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	459	}
1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	460
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	461	// Validate the required client authentication.
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	462	if (result &&
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	463	(shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	464	try {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	465	s.getPeerPrincipal();
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	466	} catch (SSLPeerUnverifiedException e) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	467	if (SSLLogger.isOn &&
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	468	SSLLogger.isOn("ssl,handshake,verbose")) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	469	SSLLogger.finest(
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	470	"Can't resume, " +
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	471	"client authentication is required");
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	472	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	473	result = false;
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	474	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	475
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	476	// Make sure the list of supported signature algorithms matches
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	477	Collection<SignatureScheme> sessionSigAlgs =
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	478	s.getLocalSupportedSignatureSchemes();
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	479	if (result &&
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	480	!shc.localSupportedSignAlgs.containsAll(sessionSigAlgs)) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	481
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	482	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	483	SSLLogger.fine("Can't resume. Session uses different " +
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	484	"signature algorithms");
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	485	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	486	result = false;
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	487	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	488	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	489
52170 2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	490	// ensure that the endpoint identification algorithm matches the
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	491	// one in the session
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	492	String identityAlg = shc.sslConfig.identificationProtocol;
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	493	if (result && identityAlg != null) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	494	String sessionIdentityAlg = s.getIdentificationProtocol();
53708 c34acb3a3330 8218580: endpoint identification algorithm should be case-insensitive xuelei parents: 53064 diff changeset	495	if (!identityAlg.equalsIgnoreCase(sessionIdentityAlg)) {
52170 2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	496	if (SSLLogger.isOn &&
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	497	SSLLogger.isOn("ssl,handshake,verbose")) {
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	498
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	499	SSLLogger.finest("Can't resume, endpoint id" +
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	500	" algorithm does not match, requested: " +
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	501	identityAlg + ", cached: " + sessionIdentityAlg);
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	502	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	503	result = false;
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	504	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	505	}
2990f1e1c325 8208209: Improve TLS connection stability again apetcher parents: 51134 diff changeset	506
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	507	// Ensure cipher suite can be negotiated
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	508	if (result && (!shc.isNegotiable(s.getSuite()) \|\|
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	509	!clientHello.cipherSuites.contains(s.getSuite()))) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	510	if (SSLLogger.isOn &&
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	511	SSLLogger.isOn("ssl,handshake,verbose")) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	512	SSLLogger.finest(
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	513	"Can't resume, unavailable session cipher suite");
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	514	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	515	result = false;
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	516	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	517
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	518	return result;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	class CHPreSharedKeyUpdate implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	private CHPreSharedKeyUpdate() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	if (!shc.isResumption \|\| shc.resumingSession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	// not resuming---nothing to do
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	CHPreSharedKeySpec chPsk = (CHPreSharedKeySpec)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	shc.handshakeExtensions.get(SSLExtension.CH_PRE_SHARED_KEY);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	SHPreSharedKeySpec shPsk = (SHPreSharedKeySpec)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	shc.handshakeExtensions.get(SSLExtension.SH_PRE_SHARED_KEY);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	if (chPsk == null \|\| shPsk == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	542	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	"Required extensions are unavailable");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	byte[] binder = chPsk.binders.get(shPsk.selectedIdentity);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	// set up PSK binder hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	HandshakeHash pskBinderHash = shc.handshakeHash.copy();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	byte[] lastMessage = pskBinderHash.removeLastReceived();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	ByteBuffer messageBuf = ByteBuffer.wrap(lastMessage);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	// skip the type and length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	messageBuf.position(4);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	// read to find the beginning of the binders
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	ClientHelloMessage.readPartial(shc.conContext, messageBuf);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556	int length = messageBuf.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	messageBuf.position(0);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	pskBinderHash.receive(messageBuf, length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	checkBinder(shc, shc.resumingSession, pskBinderHash, binder);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	private static void checkBinder(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	SSLSessionImpl session,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	HandshakeHash pskBinderHash, byte[] binder) throws IOException {
54253 01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	567	SecretKey psk = session.getPreSharedKey();
01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	568	if (psk == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	569	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	"Session has no PSK");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	573	SecretKey binderKey = deriveBinderKey(shc, psk, session);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574	byte[] computedBinder =
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	575	computeBinder(shc, binderKey, session, pskBinderHash);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576	if (!Arrays.equals(binder, computedBinder)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	577	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	578	"Incorect PSK binder value");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582	// Class that produces partial messages used to compute binder hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	static final class PartialClientHelloMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585	private final ClientHello.ClientHelloMessage msg;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586	private final CHPreSharedKeySpec psk;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	588	PartialClientHelloMessage(HandshakeContext ctx,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589	ClientHello.ClientHelloMessage msg,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590	CHPreSharedKeySpec psk) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	super(ctx);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	this.msg = msg;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	this.psk = psk;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599	return msg.handshakeType();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602	private int pskTotalLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603	return psk.getIdsEncodedLength() +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604	psk.getBindersEncodedLength() + 8;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	if (msg.extensions.get(SSLExtension.CH_PRE_SHARED_KEY) != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611	return msg.messageLength();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	return msg.messageLength() + pskTotalLength();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619	msg.sendCore(hos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	// complete extensions
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	int extsLen = msg.extensions.length();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623	if (msg.extensions.get(SSLExtension.CH_PRE_SHARED_KEY) == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624	extsLen += pskTotalLength();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	hos.putInt16(extsLen - 2);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	// write the complete extensions
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	for (SSLExtension ext : SSLExtension.values()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	byte[] extData = msg.extensions.get(ext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	if (extData == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	// the PSK could be there from an earlier round
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	if (ext == SSLExtension.CH_PRE_SHARED_KEY) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637	int extID = ext.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	hos.putInt16(extID);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639	hos.putBytes16(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	// partial PSK extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643	int extID = SSLExtension.CH_PRE_SHARED_KEY.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	hos.putInt16(extID);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645	byte[] encodedPsk = psk.getEncoded();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	hos.putInt16(encodedPsk.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	hos.write(encodedPsk, 0, psk.getIdsEncodedLength() + 2);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	class CHPreSharedKeyProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	private CHPreSharedKeyProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	if (!chc.isResumption \|\| chc.resumingSession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	SSLLogger.fine("No session to resume.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	671	// Make sure the list of supported signature algorithms matches
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	672	Collection<SignatureScheme> sessionSigAlgs =
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	673	chc.resumingSession.getLocalSupportedSignatureSchemes();
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	674	if (!chc.localSupportedSignAlgs.containsAll(sessionSigAlgs)) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	675	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	676	SSLLogger.fine("Existing session uses different " +
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	677	"signature algorithms");
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	678	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	679	return null;
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	680	}
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	681
a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	682	// The session must have a pre-shared key
54253 01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	683	SecretKey psk = chc.resumingSession.getPreSharedKey();
01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	684	if (psk == null) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686	SSLLogger.fine("Existing session has no PSK.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	687	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689	}
54253 01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	690
52947 01b519fcb8a8 8214688: TLS 1.3 session resumption with hello retry request failed with "illegal_parameter" apetcher parents: 52643 diff changeset	691	// The PSK ID can only be used in one connections, but this method
01b519fcb8a8 8214688: TLS 1.3 session resumption with hello retry request failed with "illegal_parameter" apetcher parents: 52643 diff changeset	692	// may be called twice in a connection if the server sends HRR.
01b519fcb8a8 8214688: TLS 1.3 session resumption with hello retry request failed with "illegal_parameter" apetcher parents: 52643 diff changeset	693	// ID is saved in the context so it can be used in the second call.
54253 01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	694	if (chc.pskIdentity == null) {
01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	695	chc.pskIdentity = chc.resumingSession.consumePskIdentity();
01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	696	}
01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	697
01d8eae542ff 8218889: Improperly use of the Optional API xuelei parents: 53734 diff changeset	698	if (chc.pskIdentity == null) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701	"PSK has no identity, or identity was already used");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705
52643 f8fb0c86f2b3 8213202: Possible race condition in TLS 1.3 session resumption apetcher parents: 52512 diff changeset	706	//The session cannot be used again. Remove it from the cache.
f8fb0c86f2b3 8213202: Possible race condition in TLS 1.3 session resumption apetcher parents: 52512 diff changeset	707	SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
f8fb0c86f2b3 8213202: Possible race condition in TLS 1.3 session resumption apetcher parents: 52512 diff changeset	708	chc.sslContext.engineGetClientSessionContext();
f8fb0c86f2b3 8213202: Possible race condition in TLS 1.3 session resumption apetcher parents: 52512 diff changeset	709	sessionCache.remove(chc.resumingSession.getSessionId());
f8fb0c86f2b3 8213202: Possible race condition in TLS 1.3 session resumption apetcher parents: 52512 diff changeset	710
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	"Found resumable session. Preparing PSK message.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	716	List<PskIdentity> identities = new ArrayList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	717	int ageMillis = (int)(System.currentTimeMillis() -
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	718	chc.resumingSession.getTicketCreationTime());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	719	int obfuscatedAge =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	720	ageMillis + chc.resumingSession.getTicketAgeAdd();
52947 01b519fcb8a8 8214688: TLS 1.3 session resumption with hello retry request failed with "illegal_parameter" apetcher parents: 52643 diff changeset	721	identities.add(new PskIdentity(chc.pskIdentity, obfuscatedAge));
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	722
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	723	SecretKey binderKey =
9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	724	deriveBinderKey(chc, psk, chc.resumingSession);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	725	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	726	CHPreSharedKeySpec pskPrototype = createPskPrototype(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	chc.resumingSession.getSuite().hashAlg.hashLength, identities);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728	HandshakeHash pskBinderHash = chc.handshakeHash.copy();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	730	byte[] binder = computeBinder(chc, binderKey, pskBinderHash,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	chc.resumingSession, chc, clientHello, pskPrototype);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	732
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	List<byte[]> binders = new ArrayList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734	binders.add(binder);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736	CHPreSharedKeySpec pskMessage =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737	new CHPreSharedKeySpec(identities, binders);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738	chc.handshakeExtensions.put(CH_PRE_SHARED_KEY, pskMessage);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	739	return pskMessage.getEncoded();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	740	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	741
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742	private CHPreSharedKeySpec createPskPrototype(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	int hashLength, List<PskIdentity> identities) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744	List<byte[]> binders = new ArrayList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745	byte[] binderProto = new byte[hashLength];
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	746	int i = identities.size();
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54253 diff changeset	747	while (i-- > 0) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748	binders.add(binderProto);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	749	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	750
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751	return new CHPreSharedKeySpec(identities, binders);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	755	private static byte[] computeBinder(
9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	756	HandshakeContext context, SecretKey binderKey,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	SSLSessionImpl session,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758	HandshakeHash pskBinderHash) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760	pskBinderHash.determine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	session.getProtocolVersion(), session.getSuite());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	pskBinderHash.update();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763	byte[] digest = pskBinderHash.digest();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	765	return computeBinder(context, binderKey, session, digest);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	768	private static byte[] computeBinder(
9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	769	HandshakeContext context, SecretKey binderKey,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770	HandshakeHash hash, SSLSessionImpl session,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771	HandshakeContext ctx, ClientHello.ClientHelloMessage hello,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	CHPreSharedKeySpec pskPrototype) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774	PartialClientHelloMessage partialMsg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775	new PartialClientHelloMessage(ctx, hello, pskPrototype);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	777	SSLEngineOutputRecord record = new SSLEngineOutputRecord(hash);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778	HandshakeOutStream hos = new HandshakeOutStream(record);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779	partialMsg.write(hos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781	hash.determine(session.getProtocolVersion(), session.getSuite());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	hash.update();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	783	byte[] digest = hash.digest();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	785	return computeBinder(context, binderKey, session, digest);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	787
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	788	private static byte[] computeBinder(HandshakeContext context,
9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	789	SecretKey binderKey,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790	SSLSessionImpl session, byte[] digest) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792	CipherSuite.HashAlg hashAlg = session.getSuite().hashAlg;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793	HKDF hkdf = new HKDF(hashAlg.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794	byte[] label = ("tls13 finished").getBytes();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	795	byte[] hkdfInfo = SSLSecretDerivation.createHkdfInfo(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796	label, new byte[0], hashAlg.hashLength);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797	SecretKey finishedKey = hkdf.expand(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	binderKey, hkdfInfo, hashAlg.hashLength, "TlsBinderKey");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800	String hmacAlg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801	"Hmac" + hashAlg.name.replace("-", "");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802	try {
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53708 diff changeset	803	Mac hmac = Mac.getInstance(hmacAlg);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804	hmac.init(finishedKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	805	return hmac.doFinal(digest);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	806	} catch (NoSuchAlgorithmException \| InvalidKeyException ex) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	807	throw context.conContext.fatal(Alert.INTERNAL_ERROR, ex);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808	}
51134 a0de9a3a6766 8206929: Check session context for TLS 1.3 session resumption apetcher parents: 50768 diff changeset	809	} catch (GeneralSecurityException ex) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	810	throw context.conContext.fatal(Alert.INTERNAL_ERROR, ex);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	814	private static SecretKey deriveBinderKey(HandshakeContext context,
9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	815	SecretKey psk, SSLSessionImpl session) throws IOException {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817	CipherSuite.HashAlg hashAlg = session.getSuite().hashAlg;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	HKDF hkdf = new HKDF(hashAlg.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819	byte[] zeros = new byte[hashAlg.hashLength];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	SecretKey earlySecret = hkdf.extract(zeros, psk, "TlsEarlySecret");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822	byte[] label = ("tls13 res binder").getBytes();
52512 1838347a803b 8212885: TLS 1.3 resumed session does not retain peer certificate chain jnimeh parents: 52170 diff changeset	823	MessageDigest md = MessageDigest.getInstance(hashAlg.name);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	824	byte[] hkdfInfo = SSLSecretDerivation.createHkdfInfo(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	825	label, md.digest(new byte[0]), hashAlg.hashLength);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	826	return hkdf.expand(earlySecret,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	827	hkdfInfo, hashAlg.hashLength, "TlsBinderKey");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	828	} catch (GeneralSecurityException ex) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	829	throw context.conContext.fatal(Alert.INTERNAL_ERROR, ex);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	830	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	831	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834	class CHPreSharedKeyAbsence implements HandshakeAbsence {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836	public void absent(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	840	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	841	"Handling pre_shared_key absence.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	845
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	// Resumption is only determined by PSK, when enabled
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	shc.resumingSession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848	shc.isResumption = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	851
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853	class SHPreSharedKeyConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855	private SHPreSharedKeyConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862	// The consuming happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865	// Is it a response of the specific request?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	866	if (!chc.handshakeExtensions.containsKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	867	SSLExtension.CH_PRE_SHARED_KEY)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	868	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	869	"Server sent unexpected pre_shared_key extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	870	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	871
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	872	SHPreSharedKeySpec shPsk = new SHPreSharedKeySpec(chc, buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	873	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	874	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	875	"Received pre_shared_key extension: ", shPsk);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	876	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	877
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	878	if (shPsk.selectedIdentity != 0) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	879	throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	880	"Selected identity index is not in correct range.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	881	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	882
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	883	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	884	SSLLogger.fine(
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 52947 diff changeset	885	"Resuming session: ", chc.resumingSession);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	886	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	887	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	888	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	889
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	890	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	891	class SHPreSharedKeyAbsence implements HandshakeAbsence {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	892	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	893	public void absent(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	894	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	895	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	896
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	897	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	898	SSLLogger.fine("Handling pre_shared_key absence.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	899	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	900
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	901	// The server refused to resume, or the client did not
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	902	// request 1.3 resumption.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	903	chc.resumingSession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	904	chc.isResumption = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	905	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	906	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	907
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	908	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	909	class SHPreSharedKeyProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	910	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	911	private SHPreSharedKeyProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	912	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	913	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	914
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	915	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	916	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	917	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	918	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	919	SHPreSharedKeySpec psk = (SHPreSharedKeySpec)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	920	shc.handshakeExtensions.get(SH_PRE_SHARED_KEY);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	921	if (psk == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	922	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	923	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	924
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	925	return psk.getEncoded();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	926	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	927	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	928	}

author	ascarpino
	Tue, 11 Jun 2019 16:31:37 -0700
changeset 55336	c2398053ee90
parent 54253	01d8eae542ff
permissions	-rw-r--r--