equal
deleted
inserted
replaced
30 import java.text.MessageFormat; |
30 import java.text.MessageFormat; |
31 import java.util.List; |
31 import java.util.List; |
32 import java.util.ArrayList; |
32 import java.util.ArrayList; |
33 import java.util.Locale; |
33 import java.util.Locale; |
34 import java.util.Arrays; |
34 import java.util.Arrays; |
|
35 import java.util.Objects; |
35 import java.util.Optional; |
36 import java.util.Optional; |
36 import java.util.Collection; |
37 import java.util.Collection; |
37 import javax.crypto.Mac; |
38 import javax.crypto.Mac; |
38 import javax.crypto.SecretKey; |
39 import javax.crypto.SecretKey; |
39 import javax.net.ssl.SSLPeerUnverifiedException; |
40 import javax.net.ssl.SSLPeerUnverifiedException; |
168 } |
169 } |
169 } |
170 } |
170 |
171 |
171 int getIdsEncodedLength() { |
172 int getIdsEncodedLength() { |
172 int idEncodedLength = 0; |
173 int idEncodedLength = 0; |
173 for (PskIdentity curId : identities) { |
174 for(PskIdentity curId : identities) { |
174 idEncodedLength += curId.getEncodedLength(); |
175 idEncodedLength += curId.getEncodedLength(); |
175 } |
176 } |
176 |
177 |
177 return idEncodedLength; |
178 return idEncodedLength; |
178 } |
179 } |
191 int bindersEncodedLength = getBindersEncodedLength(); |
192 int bindersEncodedLength = getBindersEncodedLength(); |
192 int encodedLength = 4 + idsEncodedLength + bindersEncodedLength; |
193 int encodedLength = 4 + idsEncodedLength + bindersEncodedLength; |
193 byte[] buffer = new byte[encodedLength]; |
194 byte[] buffer = new byte[encodedLength]; |
194 ByteBuffer m = ByteBuffer.wrap(buffer); |
195 ByteBuffer m = ByteBuffer.wrap(buffer); |
195 Record.putInt16(m, idsEncodedLength); |
196 Record.putInt16(m, idsEncodedLength); |
196 for (PskIdentity curId : identities) { |
197 for(PskIdentity curId : identities) { |
197 curId.writeEncoded(m); |
198 curId.writeEncoded(m); |
198 } |
199 } |
199 Record.putInt16(m, bindersEncodedLength); |
200 Record.putInt16(m, bindersEncodedLength); |
200 for (byte[] curBinder : binders) { |
201 for (byte[] curBinder : binders) { |
201 Record.putBytes8(m, curBinder); |
202 Record.putBytes8(m, curBinder); |
441 } |
442 } |
442 result = false; |
443 result = false; |
443 } |
444 } |
444 } |
445 } |
445 |
446 |
|
447 // ensure that the endpoint identification algorithm matches the |
|
448 // one in the session |
|
449 String identityAlg = shc.sslConfig.identificationProtocol; |
|
450 if (result && identityAlg != null) { |
|
451 String sessionIdentityAlg = s.getIdentificationProtocol(); |
|
452 if (!Objects.equals(identityAlg, sessionIdentityAlg)) { |
|
453 if (SSLLogger.isOn && |
|
454 SSLLogger.isOn("ssl,handshake,verbose")) { |
|
455 |
|
456 SSLLogger.finest("Can't resume, endpoint id" + |
|
457 " algorithm does not match, requested: " + |
|
458 identityAlg + ", cached: " + sessionIdentityAlg); |
|
459 } |
|
460 result = false; |
|
461 } |
|
462 } |
|
463 |
446 // Ensure cipher suite can be negotiated |
464 // Ensure cipher suite can be negotiated |
447 if (result && (!shc.isNegotiable(s.getSuite()) || |
465 if (result && (!shc.isNegotiable(s.getSuite()) || |
448 !clientHello.cipherSuites.contains(s.getSuite()))) { |
466 !clientHello.cipherSuites.contains(s.getSuite()))) { |
449 if (SSLLogger.isOn && |
467 if (SSLLogger.isOn && |
450 SSLLogger.isOn("ssl,handshake,verbose")) { |
468 SSLLogger.isOn("ssl,handshake,verbose")) { |