jdk-sandbox: src/java.base/share/classes/sun/security/ssl/CertificateVerify.java@d6e682e8fcc3 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	2	* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.*;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.Locale;
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	34	import java.util.Map;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import sun.security.ssl.X509Authentication.X509Credentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import sun.security.ssl.X509Authentication.X509Possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import sun.security.util.HexDumpEncoder;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	* Pack of the CertificateVerify handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	final class CertificateVerify {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	static final SSLConsumer s30HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	new S30CertificateVerifyConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	static final HandshakeProducer s30HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	new S30CertificateVerifyProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	static final SSLConsumer t10HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	new T10CertificateVerifyConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	static final HandshakeProducer t10HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	new T10CertificateVerifyProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	static final SSLConsumer t12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	new T12CertificateVerifyConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	static final HandshakeProducer t12HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	new T12CertificateVerifyProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	static final SSLConsumer t13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	new T13CertificateVerifyConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	static final HandshakeProducer t13HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	new T13CertificateVerifyProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	* The CertificateVerify handshake message (SSL 3.0).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	static final class S30CertificateVerifyMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	// signature bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	private final byte[] signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	S30CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	byte[] temproary = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	String algorithm = x509Possession.popPrivateKey.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	getSignature(algorithm, x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	byte[] hashes = chc.handshakeHash.digest(algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	chc.handshakeSession.getMasterSecret());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	signer.update(hashes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	temproary = signer.sign();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	} catch (NoSuchAlgorithmException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	87	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	"Unsupported signature algorithm (" + algorithm +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	} catch (GeneralSecurityException gse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	91	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	"Cannot produce CertificateVerify signature", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	this.signature = temproary;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	S30CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	// This happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	// digitally-signed struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	// select(SignatureAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	// case anonymous: struct { };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	// case rsa:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	// opaque md5_hash[16];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	// opaque sha_hash[20];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	// case dsa:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	// opaque sha_hash[20];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	// };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	// } Signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	if (m.remaining() < 2) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	116	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	"Invalid CertificateVerify message: no sufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	// read and verify the signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	this.signature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	for (SSLCredentials cd : shc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	if (x509Credentials == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	x509Credentials.popPublicKey == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	132	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	"No X509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	String algorithm = x509Credentials.popPublicKey.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	getSignature(algorithm, x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	byte[] hashes = shc.handshakeHash.digest(algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	shc.handshakeSession.getMasterSecret());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	signer.update(hashes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	if (!signer.verify(signature)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	144	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	"Invalid CertificateVerify message: invalid signature");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	} catch (NoSuchAlgorithmException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	148	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	"Unsupported signature algorithm (" + algorithm +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	} catch (GeneralSecurityException gse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	152	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	"Cannot verify CertificateVerify signature", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	return SSLHandshake.CERTIFICATE_VERIFY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	return 2 + signature.length; // 2: length of signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	hos.putBytes16(signature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	"\"CertificateVerify\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	hexEncoder.encodeBuffer(signature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	* Get the Signature object appropriate for verification using the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	* given signature algorithm.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	private static Signature getSignature(String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	Key key) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	Signature signer = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	switch (algorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	case "RSA":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	200	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWRSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	case "DSA":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	203	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWDSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	case "EC":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	206	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWECDSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	throw new SignatureException("Unrecognized algorithm: "
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	+ algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	if (signer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	if (key instanceof PublicKey) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	signer.initVerify((PublicKey)(key));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	signer.initSign((PrivateKey)key);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	return signer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	* The "CertificateVerify" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	class S30CertificateVerifyProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	private S30CertificateVerifyProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	for (SSLPossession possession : chc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	if (x509Possession == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	x509Possession.popPrivateKey == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	"No X.509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	S30CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	new S30CertificateVerifyMessage(chc, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	"Produced CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	cvm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	* The "CertificateVerify" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	class S30CertificateVerifyConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	private S30CertificateVerifyConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	S30CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	new S30CertificateVerifyMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	"Consuming CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	// Need no additional validation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	// Need no new handshake message producers here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	* The CertificateVerify handshake message (TLS 1.0/1.1).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	static final class T10CertificateVerifyMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	// signature bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	private final byte[] signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	T10CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	byte[] temproary = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	String algorithm = x509Possession.popPrivateKey.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	getSignature(algorithm, x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	byte[] hashes = chc.handshakeHash.digest(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	signer.update(hashes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	temproary = signer.sign();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	} catch (NoSuchAlgorithmException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	331	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	"Unsupported signature algorithm (" + algorithm +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	} catch (GeneralSecurityException gse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	335	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	"Cannot produce CertificateVerify signature", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	this.signature = temproary;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	T10CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	// This happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	// digitally-signed struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	// select(SignatureAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	// case anonymous: struct { };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	// case rsa:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	// opaque md5_hash[16];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	// opaque sha_hash[20];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	// case dsa:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	// opaque sha_hash[20];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	// };
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	// } Signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	if (m.remaining() < 2) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	360	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	"Invalid CertificateVerify message: no sufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	// read and verify the signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	this.signature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	for (SSLCredentials cd : shc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	if (x509Credentials == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	x509Credentials.popPublicKey == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	376	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	"No X509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	String algorithm = x509Credentials.popPublicKey.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	Signature signer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	getSignature(algorithm, x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	byte[] hashes = shc.handshakeHash.digest(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	signer.update(hashes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	if (!signer.verify(signature)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	387	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	"Invalid CertificateVerify message: invalid signature");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	} catch (NoSuchAlgorithmException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	391	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	"Unsupported signature algorithm (" + algorithm +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394	} catch (GeneralSecurityException gse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	395	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	"Cannot verify CertificateVerify signature", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	return SSLHandshake.CERTIFICATE_VERIFY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	return 2 + signature.length; // 2: length of signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	hos.putBytes16(signature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	"\"CertificateVerify\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	hexEncoder.encodeBuffer(signature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	* Get the Signature object appropriate for verification using the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	* given signature algorithm.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	private static Signature getSignature(String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	Key key) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	Signature signer = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	switch (algorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	case "RSA":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	443	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWRSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	case "DSA":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	446	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWDSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	case "EC":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	449	signer = Signature.getInstance(JsseJce.SIGNATURE_RAWECDSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	throw new SignatureException("Unrecognized algorithm: "
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	+ algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	if (signer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	if (key instanceof PublicKey) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	signer.initVerify((PublicKey)(key));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	signer.initSign((PrivateKey)key);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	return signer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	* The "CertificateVerify" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	class T10CertificateVerifyProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	private T10CertificateVerifyProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	for (SSLPossession possession : chc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	if (x509Possession == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	x509Possession.popPrivateKey == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	"No X.509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	T10CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	new T10CertificateVerifyMessage(chc, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	"Produced CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	cvm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	* The "CertificateVerify" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	class T10CertificateVerifyConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	private T10CertificateVerifyConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	T10CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	new T10CertificateVerifyMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	"Consuming CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	// Need no additional validation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	// Need no new handshake message producers here. }
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	* The CertificateVerify handshake message (TLS 1.2).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	static final class T12CertificateVerifyMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	// the signature algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556	private final SignatureScheme signatureScheme;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	// signature bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	private final byte[] signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	T12CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	ClientHandshakeContext chc = (ClientHandshakeContext)context;
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	567	Map.Entry<SignatureScheme, Signature> schemeAndSigner =
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	568	SignatureScheme.getSignerOfPreferableAlgorithm(
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 54417 diff changeset	569	chc.algorithmConstraints,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	chc.peerRequestedSignatureSchemes,
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	571	x509Possession,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	chc.negotiatedProtocol);
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	573	if (schemeAndSigner == null) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574	// Unlikely, the credentials generator should have
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575	// selected the preferable signature algorithm properly.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	576	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	577	"No supported CertificateVerify signature algorithm for " +
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	578	x509Possession.popPrivateKey.getAlgorithm() +
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	579	" key");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	582	this.signatureScheme = schemeAndSigner.getKey();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	byte[] temproary = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584	try {
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	585	Signature signer = schemeAndSigner.getValue();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586	signer.update(chc.handshakeHash.archived());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587	temproary = signer.sign();
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	588	} catch (SignatureException ikse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	589	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590	"Cannot produce CertificateVerify signature", ikse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	this.signature = temproary;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	T12CertificateVerifyMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	// This happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601	ServerHandshakeContext shc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602	(ServerHandshakeContext)handshakeContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605	// SignatureAndHashAlgorithm algorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606	// opaque signature<0..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	// } DigitallySigned;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	if (m.remaining() < 4) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	609	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	"Invalid CertificateVerify message: no sufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	// SignatureAndHashAlgorithm algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614	int ssid = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615	this.signatureScheme = SignatureScheme.valueOf(ssid);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	if (signatureScheme == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	617	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	"Invalid signature algorithm (" + ssid +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619	") used in CertificateVerify handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	if (!shc.localSupportedSignAlgs.contains(signatureScheme)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	623	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	") used in CertificateVerify handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	// read and verify the signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	for (SSLCredentials cd : shc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	if (x509Credentials == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639	x509Credentials.popPublicKey == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	640	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	"No X509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	// opaque signature<0..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645	this.signature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	Signature signer =
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	648	signatureScheme.getVerifier(x509Credentials.popPublicKey);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	signer.update(shc.handshakeHash.archived());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650	if (!signer.verify(signature)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	651	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	"Invalid CertificateVerify signature");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	} catch (NoSuchAlgorithmException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	InvalidAlgorithmParameterException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	656	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	} catch (InvalidKeyException \| SignatureException ikse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	661	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	"Cannot verify CertificateVerify signature", ikse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	return SSLHandshake.CERTIFICATE_VERIFY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	return 4 + signature.length; // 2: signature algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	// +2: length of signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	679	hos.putInt16(signatureScheme.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	680	hos.putBytes16(signature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	681	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	682
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	683	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	684	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686	"\"CertificateVerify\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	687	" \"signature algorithm\": {0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	690	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	691	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	692	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	693
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	694	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	695	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	696	signatureScheme.name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	697	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	698	hexEncoder.encodeBuffer(signature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	706	* The "CertificateVerify" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	707	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	708	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	709	class T12CertificateVerifyProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	710	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	private T12CertificateVerifyProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	716	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	717	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	718	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	719	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	720
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	721	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	722	for (SSLPossession possession : chc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	723	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	724	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	725	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	726	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729	if (x509Possession == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	730	x509Possession.popPrivateKey == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	732	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	"No X.509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	739	T12CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	740	new T12CertificateVerifyMessage(chc, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	741	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	"Produced CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	746	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	747	cvm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	749
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	750	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	755	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	756	* The "CertificateVerify" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759	class T12CertificateVerifyConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	private T12CertificateVerifyConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	765	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	768	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	769	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770	T12CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771	new T12CertificateVerifyMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774	"Consuming CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	777	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780	// Need no additional validation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	783	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	785	// Need no new handshake message producers here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	787	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	788
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	789	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790	* The CertificateVerify handshake message (TLS 1.3).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792	static final class T13CertificateVerifyMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793	private static final byte[] serverSignHead = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794	// repeated 0x20 for 64 times
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	795	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	803	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	805	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	806	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	807	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	809	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	810	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812	// "TLS 1.3, server CertificateVerify" + 0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813	(byte)0x54, (byte)0x4c, (byte)0x53, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	814	(byte)0x31, (byte)0x2e, (byte)0x33, (byte)0x2c,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	815	(byte)0x20, (byte)0x73, (byte)0x65, (byte)0x72,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	(byte)0x76, (byte)0x65, (byte)0x72, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817	(byte)0x43, (byte)0x65, (byte)0x72, (byte)0x74,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	(byte)0x69, (byte)0x66, (byte)0x69, (byte)0x63,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819	(byte)0x61, (byte)0x74, (byte)0x65, (byte)0x56,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	(byte)0x65, (byte)0x72, (byte)0x69, (byte)0x66,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821	(byte)0x79, (byte)0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	823
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	824	private static final byte[] clientSignHead = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	825	// repeated 0x20 for 64 times
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	826	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	827	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	828	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	829	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	830	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	831	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	840	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	841	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843	// "TLS 1.3, client CertificateVerify" + 0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844	(byte)0x54, (byte)0x4c, (byte)0x53, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	845	(byte)0x31, (byte)0x2e, (byte)0x33, (byte)0x2c,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	(byte)0x20, (byte)0x63, (byte)0x6c, (byte)0x69,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	(byte)0x65, (byte)0x6e, (byte)0x74, (byte)0x20,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848	(byte)0x43, (byte)0x65, (byte)0x72, (byte)0x74,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849	(byte)0x69, (byte)0x66, (byte)0x69, (byte)0x63,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850	(byte)0x61, (byte)0x74, (byte)0x65, (byte)0x56,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	851	(byte)0x65, (byte)0x72, (byte)0x69, (byte)0x66,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	(byte)0x79, (byte)0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856	// the signature algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857	private final SignatureScheme signatureScheme;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859	// signature bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860	private final byte[] signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862	T13CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	866	Map.Entry<SignatureScheme, Signature> schemeAndSigner =
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	867	SignatureScheme.getSignerOfPreferableAlgorithm(
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 54417 diff changeset	868	context.algorithmConstraints,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	869	context.peerRequestedSignatureSchemes,
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	870	x509Possession,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	871	context.negotiatedProtocol);
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	872	if (schemeAndSigner == null) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	873	// Unlikely, the credentials generator should have
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	874	// selected the preferable signature algorithm properly.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	875	throw context.conContext.fatal(Alert.INTERNAL_ERROR,
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	876	"No supported CertificateVerify signature algorithm for " +
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	877	x509Possession.popPrivateKey.getAlgorithm() +
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	878	" key");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	879	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	880
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	881	this.signatureScheme = schemeAndSigner.getKey();
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	882
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	883	byte[] hashValue = context.handshakeHash.digest();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	884	byte[] contentCovered;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	885	if (context.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	886	contentCovered = Arrays.copyOf(clientSignHead,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	887	clientSignHead.length + hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	888	System.arraycopy(hashValue, 0, contentCovered,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	889	clientSignHead.length, hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	890	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	891	contentCovered = Arrays.copyOf(serverSignHead,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	892	serverSignHead.length + hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	893	System.arraycopy(hashValue, 0, contentCovered,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	894	serverSignHead.length, hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	895	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	896
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	897	byte[] temproary = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	898	try {
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	899	Signature signer = schemeAndSigner.getValue();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	900	signer.update(contentCovered);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	901	temproary = signer.sign();
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	902	} catch (SignatureException ikse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	903	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	904	"Cannot produce CertificateVerify signature", ikse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	905	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	906
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	907	this.signature = temproary;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	908	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	909
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	910	T13CertificateVerifyMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	911	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	912	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	913
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	914	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	915	// SignatureAndHashAlgorithm algorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	916	// opaque signature<0..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	917	// } DigitallySigned;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	918	if (m.remaining() < 4) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	919	throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	920	"Invalid CertificateVerify message: no sufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	921	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	922
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	923	// SignatureAndHashAlgorithm algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	924	int ssid = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	925	this.signatureScheme = SignatureScheme.valueOf(ssid);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	926	if (signatureScheme == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	927	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	928	"Invalid signature algorithm (" + ssid +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	929	") used in CertificateVerify handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	930	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	931
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	932	if (!context.localSupportedSignAlgs.contains(signatureScheme)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	933	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	934	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	935	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	936	") used in CertificateVerify handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	937	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	938
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	939	// read and verify the signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	940	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	941	for (SSLCredentials cd : context.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	942	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	943	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	944	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	945	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	946	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	947
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	948	if (x509Credentials == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	949	x509Credentials.popPublicKey == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	950	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	951	"No X509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	952	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	953
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	954	// opaque signature<0..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	955	this.signature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	956
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	957	byte[] hashValue = context.handshakeHash.digest();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	958	byte[] contentCovered;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	959	if (context.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	960	contentCovered = Arrays.copyOf(serverSignHead,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	961	serverSignHead.length + hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	962	System.arraycopy(hashValue, 0, contentCovered,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	963	serverSignHead.length, hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	964	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	965	contentCovered = Arrays.copyOf(clientSignHead,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	966	clientSignHead.length + hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	967	System.arraycopy(hashValue, 0, contentCovered,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	968	clientSignHead.length, hashValue.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	969	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	970
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	971	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	972	Signature signer =
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	973	signatureScheme.getVerifier(x509Credentials.popPublicKey);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	974	signer.update(contentCovered);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	975	if (!signer.verify(signature)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	976	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	977	"Invalid CertificateVerify signature");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	978	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	979	} catch (NoSuchAlgorithmException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	980	InvalidAlgorithmParameterException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	981	throw context.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	982	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	983	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	984	") used in CertificateVerify handshake message", nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	985	} catch (InvalidKeyException \| SignatureException ikse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	986	throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	987	"Cannot verify CertificateVerify signature", ikse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	988	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	989	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	990
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	991	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	992	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	993	return SSLHandshake.CERTIFICATE_VERIFY;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	994	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	995
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	996	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	997	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	998	return 4 + signature.length; // 2: signature algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	999	// +2: length of signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1000	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1001
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1002	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1003	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1004	hos.putInt16(signatureScheme.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1005	hos.putBytes16(signature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1006	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1007
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1008	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1009	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1010	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1011	"\"CertificateVerify\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1012	" \"signature algorithm\": {0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1013	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1014	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1015	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1016	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1017	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1018
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1019	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1020	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1021	signatureScheme.name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1022	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1023	hexEncoder.encodeBuffer(signature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1024	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1025
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1026	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1027	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1028	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1029
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1030	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1031	* The "CertificateVerify" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1032	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1033	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1034	class T13CertificateVerifyProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1035	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1036	private T13CertificateVerifyProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1037	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1038	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1039
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1040	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1041	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1042	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1043	// The producing happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1044	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1045
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1046	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1047	for (SSLPossession possession : hc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1048	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1049	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1050	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1051	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1052	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1053
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1054	if (x509Possession == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1055	x509Possession.popPrivateKey == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1056	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1057	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1058	"No X.509 credentials negotiated for CertificateVerify");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1059	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1060
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1061	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1062	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1063
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1064	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1065	return onProduceCertificateVerify(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1066	(ClientHandshakeContext)context, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1067	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1068	return onProduceCertificateVerify(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1069	(ServerHandshakeContext)context, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1070	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1071	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1072
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1073	private byte[] onProduceCertificateVerify(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1074	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1075	T13CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1076	new T13CertificateVerifyMessage(shc, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1077	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1078	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1079	"Produced server CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1080	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1081
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1082	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1083	cvm.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1084	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1085
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1086	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1087	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1088	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1089
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1090	private byte[] onProduceCertificateVerify(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1091	X509Possession x509Possession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1092	T13CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1093	new T13CertificateVerifyMessage(chc, x509Possession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1094	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1095	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1096	"Produced client CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1097	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1098
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1099	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1100	cvm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1101	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1102
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1103	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1104	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1105	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1106	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1108	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1109	* The "CertificateVerify" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1110	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1111	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1112	class T13CertificateVerifyConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1113	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1114	private T13CertificateVerifyConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1115	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1116	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1117
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1118	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1119	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1120	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1121	// The producing happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1122	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1123	T13CertificateVerifyMessage cvm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1124	new T13CertificateVerifyMessage(hc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1125	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1126	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1127	"Consuming CertificateVerify handshake message", cvm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1128	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1129
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1130	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1131	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1132	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1133	// Need no additional validation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1134
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1135	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1136	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1137	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1138	// Need no new handshake message producers here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1139	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1140	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1141	}

author	xuelei
	Wed, 06 Nov 2019 09:45:04 -0800
changeset 58951	d6e682e8fcc3
parent 57718	a93b7b28f644
permissions	-rw-r--r--