jdk-sandbox: src/java.base/share/classes/sun/security/ssl/CookieExtension.java@5b96c12f909d (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import javax.net.ssl.SSLProtocolException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import sun.security.ssl.ClientHello.ClientHelloMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import sun.security.ssl.SSLExtension.ExtensionConsumer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import sun.security.ssl.SSLExtension.SSLExtensionSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import sun.security.ssl.ServerHello.ServerHelloMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import sun.security.util.HexDumpEncoder;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	public class CookieExtension {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	static final HandshakeProducer chNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	new CHCookieProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	static final ExtensionConsumer chOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	new CHCookieConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	static final HandshakeConsumer chOnTradeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	new CHCookieUpdate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	static final HandshakeProducer hrrNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	new HRRCookieProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	static final ExtensionConsumer hrrOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	new HRRCookieConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	static final HandshakeProducer hrrNetworkReproducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	new HRRCookieReproducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	static final CookieStringizer cookieStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	new CookieStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	* The "cookie" extension.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	static class CookieSpec implements SSLExtensionSpec {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	final byte[] cookie;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	private CookieSpec(ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	// opaque cookie<1..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	if (m.remaining() < 3) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	"Invalid cookie extension: insufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	this.cookie = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	"\"cookie\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	"'}',", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	Utilities.indent(hexEncoder.encode(cookie))
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	private static final class CookieStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	return (new CookieSpec(buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	return ioe.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	class CHCookieProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	private CHCookieProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	ClientHandshakeContext chc = (ClientHandshakeContext) context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	if (!chc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	"Ignore unavailable cookie extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	// response to an HelloRetryRequest cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	CookieSpec spec = (CookieSpec)chc.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	SSLExtension.HRR_COOKIE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	if (spec != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	spec.cookie != null && spec.cookie.length != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	byte[] extData = new byte[spec.cookie.length + 2];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	ByteBuffer m = ByteBuffer.wrap(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	Record.putBytes16(m, spec.cookie);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	class CHCookieConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	private CHCookieConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	if (!shc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	"Ignore unavailable cookie extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	return; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	CookieSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	spec = new CookieSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	} catch (IOException ioe) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	166	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	shc.handshakeExtensions.put(SSLExtension.CH_COOKIE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	// No impact on session resumption.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	// Note that the protocol version negotiation happens before the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	// session resumption negotiation. And the session resumption
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	// negotiation depends on the negotiated protocol version.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	class CHCookieUpdate implements HandshakeConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	private CHCookieUpdate() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	ClientHelloMessage clientHello = (ClientHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	CookieSpec spec = (CookieSpec)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	shc.handshakeExtensions.get(SSLExtension.CH_COOKIE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	if (spec == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	// Ignore, no "cookie" extension requested.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	HelloCookieManager hcm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	if (!hcm.isCookieValid(shc, clientHello, spec.cookie)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	203	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	"unrecognized cookie");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	class HRRCookieProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	private HRRCookieProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	ServerHelloMessage hrrm = (ServerHelloMessage)message;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	"Ignore unavailable cookie extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	HelloCookieManager hcm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	byte[] cookie = hcm.createCookie(shc, hrrm.clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	byte[] extData = new byte[cookie.length + 2];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	ByteBuffer m = ByteBuffer.wrap(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	Record.putBytes16(m, cookie);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	class HRRCookieConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	private HRRCookieConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	// The consuming happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	if (!chc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	"Ignore unavailable cookie extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	return; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	CookieSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	spec = new CookieSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	} catch (IOException ioe) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	271	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	chc.handshakeExtensions.put(SSLExtension.HRR_COOKIE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	class HRRCookieReproducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	private HRRCookieReproducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	ServerHandshakeContext shc = (ServerHandshakeContext) context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	"Ignore unavailable cookie extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	// copy of the ClientHello cookie
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	CookieSpec spec = (CookieSpec)shc.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	SSLExtension.CH_COOKIE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	if (spec != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	spec.cookie != null && spec.cookie.length != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	byte[] extData = new byte[spec.cookie.length + 2];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	ByteBuffer m = ByteBuffer.wrap(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	Record.putBytes16(m, spec.cookie);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	}

author	phh
	Sat, 30 Nov 2019 14:33:05 -0800
changeset 59330	5b96c12f909d
parent 53064	103ed9569fc8
permissions	-rw-r--r--