jdk-sandbox: src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java@ed52ea83f830 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import sun.security.ssl.SSLExtension.ExtensionConsumer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import sun.security.ssl.SignatureAlgorithmsExtension.SignatureSchemesSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	* Pack of the "signature_algorithms_cert" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	final class CertSignAlgsExtension {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	static final HandshakeProducer chNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	new CHCertSignatureSchemesProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	static final ExtensionConsumer chOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	new CHCertSignatureSchemesConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	static final HandshakeConsumer chOnTradeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	new CHCertSignatureSchemesUpdate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	static final HandshakeProducer crNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	new CRCertSignatureSchemesProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	static final ExtensionConsumer crOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	new CRCertSignatureSchemesConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	static final HandshakeConsumer crOnTradeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	new CRCertSignatureSchemesUpdate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	static final SSLStringizer ssStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	new CertSignatureSchemesStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	class CertSignatureSchemesStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	return (new SignatureSchemesSpec(buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	return ioe.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	* Network data producer of a "signature_algorithms_cert" extension in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	* the ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	class CHCertSignatureSchemesProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	private CHCertSignatureSchemesProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	if (!chc.sslConfig.isAvailable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	"Ignore unavailable " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	"signature_algorithms_cert extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	return null; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	// Produce the extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	if (chc.localSupportedSignAlgs == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	chc.localSupportedSignAlgs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	SignatureScheme.getSupportedAlgorithms(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	chc.algorithmConstraints, chc.activeProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	int vectorLen = SignatureScheme.sizeInRecord() *
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	chc.localSupportedSignAlgs.size();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	byte[] extData = new byte[vectorLen + 2];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	ByteBuffer m = ByteBuffer.wrap(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	Record.putInt16(m, vectorLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	for (SignatureScheme ss : chc.localSupportedSignAlgs) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	Record.putInt16(m, ss.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	// Update the context.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	chc.handshakeExtensions.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	new SignatureSchemesSpec(chc.localSupportedSignAlgs));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	* Network data consumer of a "signature_algorithms_cert" extension in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	* the ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	class CHCertSignatureSchemesConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	private CHCertSignatureSchemesConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	if (!shc.sslConfig.isAvailable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	"Ignore unavailable " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	"signature_algorithms_cert extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	return; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	// Parse the extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	SignatureSchemesSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	spec = new SignatureSchemesSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	// Update the context.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	shc.handshakeExtensions.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	// No impact on session resumption.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	* After session creation consuming of a "signature_algorithms_cert"
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	* extension in the ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	private static final class CHCertSignatureSchemesUpdate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	private CHCertSignatureSchemesUpdate() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	SignatureSchemesSpec spec = (SignatureSchemesSpec)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	shc.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	if (spec == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	// Ignore, no signature_algorithms_cert extension requested.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	// update the context
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	194	List<SignatureScheme> schemes =
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	SignatureScheme.getSupportedAlgorithms(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	shc.algorithmConstraints, shc.negotiatedProtocol,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	spec.signatureSchemes);
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	198	shc.peerRequestedCertSignSchemes = schemes;
ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	199	shc.handshakeSession.setPeerSupportedSignatureAlgorithms(schemes);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	if (!shc.isResumption && shc.negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	if (shc.sslConfig.clientAuthType !=
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	ClientAuthType.CLIENT_AUTH_NONE) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	shc.handshakeProducers.putIfAbsent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	SSLHandshake.CERTIFICATE_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	SSLHandshake.CERTIFICATE_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	shc.handshakeProducers.put(SSLHandshake.CERTIFICATE.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	SSLHandshake.CERTIFICATE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	shc.handshakeProducers.putIfAbsent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	SSLHandshake.CERTIFICATE_VERIFY.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	SSLHandshake.CERTIFICATE_VERIFY);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	* Network data producer of a "signature_algorithms_cert" extension in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	* the CertificateRequest handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	class CRCertSignatureSchemesProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	private CRCertSignatureSchemesProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	if (!shc.sslConfig.isAvailable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	"Ignore unavailable " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	"signature_algorithms_cert extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	return null; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	// Produce the extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	if (shc.localSupportedSignAlgs == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	shc.localSupportedSignAlgs =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	SignatureScheme.getSupportedAlgorithms(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	shc.algorithmConstraints, shc.activeProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	int vectorLen = SignatureScheme.sizeInRecord() *
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	shc.localSupportedSignAlgs.size();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	byte[] extData = new byte[vectorLen + 2];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	ByteBuffer m = ByteBuffer.wrap(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	Record.putInt16(m, vectorLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	for (SignatureScheme ss : shc.localSupportedSignAlgs) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	Record.putInt16(m, ss.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	// Update the context.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	shc.handshakeExtensions.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	new SignatureSchemesSpec(shc.localSupportedSignAlgs));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	* Network data consumer of a "signature_algorithms_cert" extension in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	* the CertificateRequest handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	class CRCertSignatureSchemesConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	private CRCertSignatureSchemesConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	// The consuming happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	if (!chc.sslConfig.isAvailable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	"Ignore unavailable " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	"signature_algorithms_cert extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	return; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	// Parse the extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	SignatureSchemesSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	spec = new SignatureSchemesSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	// Update the context.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	chc.handshakeExtensions.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	// No impact on session resumption.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	* After session creation consuming of a "signature_algorithms_cert"
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	* extension in the CertificateRequest handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	private static final class CRCertSignatureSchemesUpdate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	private CRCertSignatureSchemesUpdate() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	// The consuming happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	SignatureSchemesSpec spec = (SignatureSchemesSpec)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	chc.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	if (spec == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	// Ignore, no "signature_algorithms_cert" extension requested.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	// update the context
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	340	List<SignatureScheme> schemes =
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	SignatureScheme.getSupportedAlgorithms(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	chc.algorithmConstraints, chc.negotiatedProtocol,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	spec.signatureSchemes);
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	344	chc.peerRequestedCertSignSchemes = schemes;
ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	345	chc.handshakeSession.setPeerSupportedSignatureAlgorithms(schemes);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	}

author	wetmore
	Tue, 21 Aug 2018 11:30:48 -0700
changeset 51574	ed52ea83f830
parent 50768	68fa3d4026ea
child 52151	af6fb2cb82ae
permissions	-rw-r--r--