|
1 /* |
|
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 package sun.security.ssl; |
|
27 |
|
28 import java.io.IOException; |
|
29 import java.nio.ByteBuffer; |
|
30 import java.text.MessageFormat; |
|
31 import java.util.Collection; |
|
32 import java.util.Collections; |
|
33 import java.util.LinkedList; |
|
34 import java.util.Locale; |
|
35 import sun.security.ssl.SSLHandshake.HandshakeMessage; |
|
36 import sun.security.util.HexDumpEncoder; |
|
37 |
|
38 enum SSLExtension implements SSLStringize { |
|
39 // Extensions defined in RFC 3546 |
|
40 CH_SERVER_NAME (0x0000, "server_name", |
|
41 SSLHandshake.CLIENT_HELLO, |
|
42 ProtocolVersion.PROTOCOLS_TO_13, |
|
43 ServerNameExtension.chNetworkProducer, |
|
44 ServerNameExtension.chOnLoadConcumer, |
|
45 null, |
|
46 null, |
|
47 ServerNameExtension.chStringize), |
|
48 SH_SERVER_NAME (0x0000, "server_name", |
|
49 SSLHandshake.SERVER_HELLO, |
|
50 ProtocolVersion.PROTOCOLS_TO_12, |
|
51 ServerNameExtension.shNetworkProducer, |
|
52 ServerNameExtension.shOnLoadConcumer, |
|
53 null, |
|
54 null, |
|
55 ServerNameExtension.shStringize), |
|
56 EE_SERVER_NAME (0x0000, "server_name", |
|
57 SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
58 ProtocolVersion.PROTOCOLS_OF_13, |
|
59 ServerNameExtension.eeNetworkProducer, |
|
60 ServerNameExtension.eeOnLoadConcumer, |
|
61 null, |
|
62 null, |
|
63 ServerNameExtension.shStringize), |
|
64 CH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
65 SSLHandshake.CLIENT_HELLO, |
|
66 ProtocolVersion.PROTOCOLS_TO_13, |
|
67 MaxFragExtension.chNetworkProducer, |
|
68 MaxFragExtension.chOnLoadConcumer, |
|
69 null, |
|
70 null, |
|
71 MaxFragExtension.maxFragLenStringize), |
|
72 SH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
73 SSLHandshake.SERVER_HELLO, |
|
74 ProtocolVersion.PROTOCOLS_TO_12, |
|
75 MaxFragExtension.shNetworkProducer, |
|
76 MaxFragExtension.shOnLoadConcumer, |
|
77 null, |
|
78 MaxFragExtension.shOnTradeConsumer, |
|
79 MaxFragExtension.maxFragLenStringize), |
|
80 EE_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
81 SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
82 ProtocolVersion.PROTOCOLS_OF_13, |
|
83 MaxFragExtension.eeNetworkProducer, |
|
84 MaxFragExtension.eeOnLoadConcumer, |
|
85 null, |
|
86 MaxFragExtension.eeOnTradeConsumer, |
|
87 MaxFragExtension.maxFragLenStringize), |
|
88 CLIENT_CERTIFICATE_URL (0x0002, "client_certificate_url"), |
|
89 TRUSTED_CA_KEYS (0x0003, "trusted_ca_keys"), |
|
90 TRUNCATED_HMAC (0x0004, "truncated_hmac"), |
|
91 |
|
92 CH_STATUS_REQUEST (0x0005, "status_request", |
|
93 SSLHandshake.CLIENT_HELLO, |
|
94 ProtocolVersion.PROTOCOLS_TO_13, |
|
95 CertStatusExtension.chNetworkProducer, |
|
96 CertStatusExtension.chOnLoadConsumer, |
|
97 null, |
|
98 null, |
|
99 CertStatusExtension.certStatusReqStringize), |
|
100 SH_STATUS_REQUEST (0x0005, "status_request", |
|
101 SSLHandshake.SERVER_HELLO, |
|
102 ProtocolVersion.PROTOCOLS_TO_12, |
|
103 CertStatusExtension.shNetworkProducer, |
|
104 CertStatusExtension.shOnLoadConsumer, |
|
105 null, |
|
106 null, |
|
107 CertStatusExtension.certStatusReqStringize), |
|
108 |
|
109 CR_STATUS_REQUEST (0x0005, "status_request"), |
|
110 CT_STATUS_REQUEST (0x0005, "status_request", |
|
111 SSLHandshake.CERTIFICATE, |
|
112 ProtocolVersion.PROTOCOLS_OF_13, |
|
113 CertStatusExtension.ctNetworkProducer, |
|
114 CertStatusExtension.ctOnLoadConsumer, |
|
115 null, |
|
116 null, |
|
117 CertStatusExtension.certStatusRespStringize), |
|
118 // extensions defined in RFC 4681 |
|
119 USER_MAPPING (0x0006, "user_mapping"), |
|
120 |
|
121 // extensions defined in RFC 5878 |
|
122 CLIENT_AUTHZ (0x0007, "client_authz"), |
|
123 SERVER_AUTHZ (0x0008, "server_authz"), |
|
124 |
|
125 // extensions defined in RFC 5081 |
|
126 CERT_TYPE (0x0009, "cert_type"), |
|
127 |
|
128 // extensions defined in RFC 4492 (ECC) |
|
129 CH_SUPPORTED_GROUPS (0x000A, "supported_groups", |
|
130 SSLHandshake.CLIENT_HELLO, |
|
131 ProtocolVersion.PROTOCOLS_TO_13, |
|
132 SupportedGroupsExtension.chNetworkProducer, |
|
133 SupportedGroupsExtension.chOnLoadConcumer, |
|
134 null, |
|
135 null, |
|
136 SupportedGroupsExtension.sgsStringize), |
|
137 EE_SUPPORTED_GROUPS (0x000A, "supported_groups", |
|
138 SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
139 ProtocolVersion.PROTOCOLS_OF_13, |
|
140 SupportedGroupsExtension.eeNetworkProducer, |
|
141 SupportedGroupsExtension.eeOnLoadConcumer, |
|
142 null, |
|
143 null, |
|
144 SupportedGroupsExtension.sgsStringize), |
|
145 |
|
146 CH_EC_POINT_FORMATS (0x000B, "ec_point_formats", |
|
147 SSLHandshake.CLIENT_HELLO, |
|
148 ProtocolVersion.PROTOCOLS_TO_12, |
|
149 ECPointFormatsExtension.chNetworkProducer, |
|
150 ECPointFormatsExtension.chOnLoadConcumer, |
|
151 null, |
|
152 null, |
|
153 ECPointFormatsExtension.epfStringize), |
|
154 SH_EC_POINT_FORMATS (0x000B, "ec_point_formats", |
|
155 SSLHandshake.SERVER_HELLO, |
|
156 ProtocolVersion.PROTOCOLS_TO_12, |
|
157 null, // not use of the producer |
|
158 ECPointFormatsExtension.shOnLoadConcumer, |
|
159 null, |
|
160 null, |
|
161 ECPointFormatsExtension.epfStringize), |
|
162 |
|
163 // extensions defined in RFC 5054 |
|
164 SRP (0x000C, "srp"), |
|
165 |
|
166 // extensions defined in RFC 5246 |
|
167 CH_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", |
|
168 SSLHandshake.CLIENT_HELLO, |
|
169 ProtocolVersion.PROTOCOLS_12_13, |
|
170 SignatureAlgorithmsExtension.chNetworkProducer, |
|
171 SignatureAlgorithmsExtension.chOnLoadConcumer, |
|
172 SignatureAlgorithmsExtension.chOnLoadAbsence, |
|
173 SignatureAlgorithmsExtension.chOnTradeConsumer, |
|
174 SignatureAlgorithmsExtension.ssStringize), |
|
175 CR_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", |
|
176 SSLHandshake.CERTIFICATE_REQUEST, |
|
177 ProtocolVersion.PROTOCOLS_OF_13, |
|
178 SignatureAlgorithmsExtension.crNetworkProducer, |
|
179 SignatureAlgorithmsExtension.crOnLoadConcumer, |
|
180 SignatureAlgorithmsExtension.crOnLoadAbsence, |
|
181 SignatureAlgorithmsExtension.crOnTradeConsumer, |
|
182 SignatureAlgorithmsExtension.ssStringize), |
|
183 |
|
184 CH_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", |
|
185 SSLHandshake.CLIENT_HELLO, |
|
186 ProtocolVersion.PROTOCOLS_12_13, |
|
187 CertSignAlgsExtension.chNetworkProducer, |
|
188 CertSignAlgsExtension.chOnLoadConcumer, |
|
189 null, |
|
190 CertSignAlgsExtension.chOnTradeConsumer, |
|
191 CertSignAlgsExtension.ssStringize), |
|
192 CR_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", |
|
193 SSLHandshake.CERTIFICATE_REQUEST, |
|
194 ProtocolVersion.PROTOCOLS_OF_13, |
|
195 CertSignAlgsExtension.crNetworkProducer, |
|
196 CertSignAlgsExtension.crOnLoadConcumer, |
|
197 null, |
|
198 CertSignAlgsExtension.crOnTradeConsumer, |
|
199 CertSignAlgsExtension.ssStringize), |
|
200 |
|
201 // extensions defined in RFC 5764 |
|
202 USE_SRTP (0x000E, "use_srtp"), |
|
203 |
|
204 // extensions defined in RFC 6520 |
|
205 HEARTBEAT (0x000E, "heartbeat"), |
|
206 |
|
207 // extension defined in RFC 7301 (ALPN) |
|
208 CH_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
209 SSLHandshake.CLIENT_HELLO, |
|
210 ProtocolVersion.PROTOCOLS_TO_13, |
|
211 AlpnExtension.chNetworkProducer, |
|
212 AlpnExtension.chOnLoadConcumer, |
|
213 AlpnExtension.chOnLoadAbsence, |
|
214 null, |
|
215 AlpnExtension.alpnStringize), |
|
216 SH_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
217 SSLHandshake.SERVER_HELLO, |
|
218 ProtocolVersion.PROTOCOLS_TO_12, |
|
219 AlpnExtension.shNetworkProducer, |
|
220 AlpnExtension.shOnLoadConcumer, |
|
221 AlpnExtension.shOnLoadAbsence, |
|
222 null, |
|
223 AlpnExtension.alpnStringize), |
|
224 EE_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
225 SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
226 ProtocolVersion.PROTOCOLS_OF_13, |
|
227 AlpnExtension.shNetworkProducer, |
|
228 AlpnExtension.shOnLoadConcumer, |
|
229 AlpnExtension.shOnLoadAbsence, |
|
230 null, |
|
231 AlpnExtension.alpnStringize), |
|
232 |
|
233 // extensions defined in RFC 6961 |
|
234 CH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", |
|
235 SSLHandshake.CLIENT_HELLO, |
|
236 ProtocolVersion.PROTOCOLS_TO_12, |
|
237 CertStatusExtension.chV2NetworkProducer, |
|
238 CertStatusExtension.chV2OnLoadConsumer, |
|
239 null, |
|
240 null, |
|
241 CertStatusExtension.certStatusReqV2Stringize), |
|
242 SH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", |
|
243 SSLHandshake.SERVER_HELLO, |
|
244 ProtocolVersion.PROTOCOLS_TO_12, |
|
245 CertStatusExtension.shV2NetworkProducer, |
|
246 CertStatusExtension.shV2OnLoadConsumer, |
|
247 null, |
|
248 null, |
|
249 CertStatusExtension.certStatusReqV2Stringize), |
|
250 |
|
251 // extensions defined in RFC 6962 |
|
252 SIGNED_CERT_TIMESTAMP (0x0012, "signed_certificate_timestamp"), |
|
253 |
|
254 // extensions defined in RFC 7250 |
|
255 CLIENT_CERT_TYPE (0x0013, "padding"), |
|
256 SERVER_CERT_TYPE (0x0014, "server_certificate_type"), |
|
257 |
|
258 // extensions defined in RFC 7685 |
|
259 PADDING (0x0015, "client_certificate_type"), |
|
260 |
|
261 // extensions defined in RFC 7366 |
|
262 ENCRYPT_THEN_MAC (0x0016, "encrypt_then_mac"), |
|
263 |
|
264 // extensions defined in RFC 7627 |
|
265 CH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", |
|
266 SSLHandshake.CLIENT_HELLO, |
|
267 ProtocolVersion.PROTOCOLS_10_12, |
|
268 ExtendedMasterSecretExtension.chNetworkProducer, |
|
269 ExtendedMasterSecretExtension.chOnLoadConcumer, |
|
270 ExtendedMasterSecretExtension.chOnLoadAbsence, |
|
271 null, |
|
272 ExtendedMasterSecretExtension.emsStringize), |
|
273 SH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", |
|
274 SSLHandshake.SERVER_HELLO, |
|
275 ProtocolVersion.PROTOCOLS_10_12, |
|
276 ExtendedMasterSecretExtension.shNetworkProducer, |
|
277 ExtendedMasterSecretExtension.shOnLoadConcumer, |
|
278 ExtendedMasterSecretExtension.shOnLoadAbsence, |
|
279 null, |
|
280 ExtendedMasterSecretExtension.emsStringize), |
|
281 |
|
282 // extensions defined in RFC draft-ietf-tokbind-negotiation |
|
283 TOKEN_BINDING (0x0018, "token_binding "), |
|
284 |
|
285 // extensions defined in RFC 7924 |
|
286 CACHED_INFO (0x0019, "cached_info"), |
|
287 |
|
288 // extensions defined in RFC 4507/5077 |
|
289 SESSION_TICKET (0x0023, "session_ticket"), |
|
290 |
|
291 // extensions defined in TLS 1.3 |
|
292 CH_EARLY_DATA (0x002A, "early_data"), |
|
293 EE_EARLY_DATA (0x002A, "early_data"), |
|
294 NST_EARLY_DATA (0x002A, "early_data"), |
|
295 |
|
296 CH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
297 SSLHandshake.CLIENT_HELLO, |
|
298 ProtocolVersion.PROTOCOLS_OF_13, |
|
299 SupportedVersionsExtension.chNetworkProducer, |
|
300 SupportedVersionsExtension.chOnLoadConcumer, |
|
301 null, |
|
302 null, |
|
303 SupportedVersionsExtension.chStringize), |
|
304 SH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
305 SSLHandshake.SERVER_HELLO, |
|
306 // and HelloRetryRequest |
|
307 ProtocolVersion.PROTOCOLS_OF_13, |
|
308 SupportedVersionsExtension.shNetworkProducer, |
|
309 SupportedVersionsExtension.shOnLoadConcumer, |
|
310 null, |
|
311 null, |
|
312 SupportedVersionsExtension.shStringize), |
|
313 HRR_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
314 SSLHandshake.HELLO_RETRY_REQUEST, |
|
315 ProtocolVersion.PROTOCOLS_OF_13, |
|
316 SupportedVersionsExtension.hrrNetworkProducer, |
|
317 SupportedVersionsExtension.hrrOnLoadConcumer, |
|
318 null, |
|
319 null, |
|
320 SupportedVersionsExtension.hrrStringize), |
|
321 MH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
322 SSLHandshake.MESSAGE_HASH, |
|
323 ProtocolVersion.PROTOCOLS_OF_13, |
|
324 SupportedVersionsExtension.hrrReproducer, |
|
325 null, null, null, |
|
326 SupportedVersionsExtension.hrrStringize), |
|
327 |
|
328 CH_COOKIE (0x002C, "cookie", |
|
329 SSLHandshake.CLIENT_HELLO, |
|
330 ProtocolVersion.PROTOCOLS_OF_13, |
|
331 CookieExtension.chNetworkProducer, |
|
332 CookieExtension.chOnLoadConcumer, |
|
333 null, |
|
334 CookieExtension.chOnTradeConsumer, |
|
335 CookieExtension.cookieStringize), |
|
336 HRR_COOKIE (0x002C, "cookie", |
|
337 SSLHandshake.HELLO_RETRY_REQUEST, |
|
338 ProtocolVersion.PROTOCOLS_OF_13, |
|
339 CookieExtension.hrrNetworkProducer, |
|
340 CookieExtension.hrrOnLoadConcumer, |
|
341 null, null, |
|
342 CookieExtension.cookieStringize), |
|
343 MH_COOKIE (0x002C, "cookie", |
|
344 SSLHandshake.MESSAGE_HASH, |
|
345 ProtocolVersion.PROTOCOLS_OF_13, |
|
346 CookieExtension.hrrNetworkReproducer, |
|
347 null, null, null, |
|
348 CookieExtension.cookieStringize), |
|
349 |
|
350 PSK_KEY_EXCHANGE_MODES (0x002D, "psk_key_exchange_modes", |
|
351 SSLHandshake.CLIENT_HELLO, |
|
352 ProtocolVersion.PROTOCOLS_OF_13, |
|
353 PskKeyExchangeModesExtension.chNetworkProducer, |
|
354 PskKeyExchangeModesExtension.chOnLoadConsumer, |
|
355 null, null, null), |
|
356 CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities"), |
|
357 OID_FILTERS (0x0030, "oid_filters"), |
|
358 POST_HANDSHAKE_AUTH (0x0030, "post_handshake_auth"), |
|
359 |
|
360 CH_KEY_SHARE (0x0033, "key_share", |
|
361 SSLHandshake.CLIENT_HELLO, |
|
362 ProtocolVersion.PROTOCOLS_OF_13, |
|
363 KeyShareExtension.chNetworkProducer, |
|
364 KeyShareExtension.chOnLoadConcumer, |
|
365 null, null, |
|
366 KeyShareExtension.chStringize), |
|
367 SH_KEY_SHARE (0x0033, "key_share", |
|
368 SSLHandshake.SERVER_HELLO, |
|
369 ProtocolVersion.PROTOCOLS_OF_13, |
|
370 KeyShareExtension.shNetworkProducer, |
|
371 KeyShareExtension.shOnLoadConcumer, |
|
372 KeyShareExtension.shOnLoadAbsence, |
|
373 null, |
|
374 KeyShareExtension.shStringize), |
|
375 HRR_KEY_SHARE (0x0033, "key_share", |
|
376 SSLHandshake.HELLO_RETRY_REQUEST, |
|
377 ProtocolVersion.PROTOCOLS_OF_13, |
|
378 KeyShareExtension.hrrNetworkProducer, |
|
379 KeyShareExtension.hrrOnLoadConcumer, |
|
380 null, null, |
|
381 KeyShareExtension.hrrStringize), |
|
382 MH_KEY_SHARE (0x0033, "key_share", |
|
383 SSLHandshake.MESSAGE_HASH, |
|
384 ProtocolVersion.PROTOCOLS_OF_13, |
|
385 KeyShareExtension.hrrNetworkReproducer, |
|
386 null, null, null, |
|
387 KeyShareExtension.hrrStringize), |
|
388 |
|
389 // Extensions defined in RFC 5746 |
|
390 CH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", |
|
391 SSLHandshake.CLIENT_HELLO, |
|
392 ProtocolVersion.PROTOCOLS_TO_12, |
|
393 RenegoInfoExtension.chNetworkProducer, |
|
394 RenegoInfoExtension.chOnLoadConcumer, |
|
395 RenegoInfoExtension.chOnLoadAbsence, |
|
396 null, |
|
397 RenegoInfoExtension.rniStringize), |
|
398 SH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", |
|
399 SSLHandshake.SERVER_HELLO, |
|
400 ProtocolVersion.PROTOCOLS_TO_12, |
|
401 RenegoInfoExtension.shNetworkProducer, |
|
402 RenegoInfoExtension.shOnLoadConcumer, |
|
403 RenegoInfoExtension.shOnLoadAbsence, |
|
404 null, |
|
405 RenegoInfoExtension.rniStringize), |
|
406 |
|
407 // TLS 1.3 PSK extension must be last |
|
408 CH_PRE_SHARED_KEY (0x0029, "pre_shared_key", |
|
409 SSLHandshake.CLIENT_HELLO, |
|
410 ProtocolVersion.PROTOCOLS_OF_13, |
|
411 PreSharedKeyExtension.chNetworkProducer, |
|
412 PreSharedKeyExtension.chOnLoadConsumer, |
|
413 PreSharedKeyExtension.chOnLoadAbsence, |
|
414 PreSharedKeyExtension.chOnTradeConsumer, |
|
415 null), |
|
416 SH_PRE_SHARED_KEY (0x0029, "pre_shared_key", |
|
417 SSLHandshake.SERVER_HELLO, |
|
418 ProtocolVersion.PROTOCOLS_OF_13, |
|
419 PreSharedKeyExtension.shNetworkProducer, |
|
420 PreSharedKeyExtension.shOnLoadConsumer, |
|
421 PreSharedKeyExtension.shOnLoadAbsence, |
|
422 null, null); |
|
423 |
|
424 final int id; |
|
425 final SSLHandshake handshakeType; |
|
426 final String name; |
|
427 final ProtocolVersion[] supportedProtocols; |
|
428 final HandshakeProducer networkProducer; |
|
429 final ExtensionConsumer onLoadConcumer; |
|
430 final HandshakeAbsence onLoadAbsence; |
|
431 final HandshakeConsumer onTradeConsumer; |
|
432 final SSLStringize stringize; |
|
433 |
|
434 // known but unsupported extension |
|
435 private SSLExtension(int id, String name) { |
|
436 this.id = id; |
|
437 this.handshakeType = SSLHandshake.NOT_APPLICABLE; |
|
438 this.name = name; |
|
439 this.supportedProtocols = new ProtocolVersion[0]; |
|
440 this.networkProducer = null; |
|
441 this.onLoadConcumer = null; |
|
442 this.onLoadAbsence = null; |
|
443 this.onTradeConsumer = null; |
|
444 this.stringize = null; |
|
445 } |
|
446 |
|
447 // supported extension |
|
448 private SSLExtension(int id, String name, SSLHandshake handshakeType, |
|
449 ProtocolVersion[] supportedProtocols, |
|
450 HandshakeProducer producer, |
|
451 ExtensionConsumer onLoadConcumer, HandshakeAbsence onLoadAbsence, |
|
452 HandshakeConsumer onTradeConsumer, SSLStringize stringize) { |
|
453 |
|
454 this.id = id; |
|
455 this.handshakeType = handshakeType; |
|
456 this.name = name; |
|
457 this.supportedProtocols = supportedProtocols; |
|
458 this.networkProducer = producer; |
|
459 this.onLoadConcumer = onLoadConcumer; |
|
460 this.onLoadAbsence = onLoadAbsence; |
|
461 this.onTradeConsumer = onTradeConsumer; |
|
462 this.stringize = stringize; |
|
463 } |
|
464 |
|
465 static SSLExtension valueOf(SSLHandshake handshakeType, int extensionType) { |
|
466 for (SSLExtension ext : SSLExtension.values()) { |
|
467 if (ext.id == extensionType && |
|
468 ext.handshakeType == handshakeType) { |
|
469 return ext; |
|
470 } |
|
471 } |
|
472 |
|
473 return null; |
|
474 } |
|
475 |
|
476 static boolean isConsumable(int extensionType) { |
|
477 for (SSLExtension ext : SSLExtension.values()) { |
|
478 if (ext.id == extensionType && |
|
479 ext.onLoadConcumer != null) { |
|
480 return true; |
|
481 } |
|
482 } |
|
483 |
|
484 return false; |
|
485 } |
|
486 |
|
487 public byte[] produce(ConnectionContext context, |
|
488 HandshakeMessage message) throws IOException { |
|
489 if (networkProducer != null) { |
|
490 return networkProducer.produce(context, message); |
|
491 } else { |
|
492 throw new UnsupportedOperationException( |
|
493 "Not yet supported extension producing."); |
|
494 } |
|
495 } |
|
496 |
|
497 public void consumeOnLoad(ConnectionContext context, |
|
498 HandshakeMessage message, ByteBuffer buffer) throws IOException { |
|
499 if (onLoadConcumer != null) { |
|
500 onLoadConcumer.consume(context, message, buffer); |
|
501 } else { |
|
502 throw new UnsupportedOperationException( |
|
503 "Not yet supported extension loading."); |
|
504 } |
|
505 } |
|
506 |
|
507 public void consumeOnTrade(ConnectionContext context, |
|
508 HandshakeMessage message) throws IOException { |
|
509 if (onTradeConsumer != null) { |
|
510 onTradeConsumer.consume(context, message); |
|
511 } else { |
|
512 throw new UnsupportedOperationException( |
|
513 "Not yet supported extension processing."); |
|
514 } |
|
515 } |
|
516 |
|
517 void absent(ConnectionContext context, |
|
518 HandshakeMessage message) throws IOException { |
|
519 if (onLoadAbsence != null) { |
|
520 onLoadAbsence.absent(context, message); |
|
521 } else { |
|
522 throw new UnsupportedOperationException( |
|
523 "Not yet supported extension absence processing."); |
|
524 } |
|
525 } |
|
526 |
|
527 public boolean isAvailable(ProtocolVersion protocolVersion) { |
|
528 /* |
|
529 for (ProtocolVersion pv : supportedProtocols) { |
|
530 if (pv == protocolVersion) { |
|
531 return true; |
|
532 } |
|
533 } |
|
534 */ |
|
535 for (int i = 0; i < supportedProtocols.length; i++) { |
|
536 if (supportedProtocols[i] == protocolVersion) { |
|
537 return true; |
|
538 } |
|
539 } |
|
540 |
|
541 return false; |
|
542 } |
|
543 |
|
544 @Override |
|
545 public String toString() { |
|
546 return name; |
|
547 } |
|
548 |
|
549 @Override |
|
550 public String toString(ByteBuffer byteBuffer) { |
|
551 MessageFormat messageFormat = new MessageFormat( |
|
552 "\"{0} ({1})\": '{'\n" + |
|
553 "{2}\n" + |
|
554 "'}'", |
|
555 Locale.ENGLISH); |
|
556 |
|
557 String extData; |
|
558 if (stringize == null) { |
|
559 HexDumpEncoder hexEncoder = new HexDumpEncoder(); |
|
560 String encoded = hexEncoder.encode(byteBuffer.duplicate()); |
|
561 extData = encoded; |
|
562 } else { |
|
563 extData = stringize.toString(byteBuffer); |
|
564 } |
|
565 |
|
566 Object[] messageFields = { |
|
567 this.name, |
|
568 this.id, |
|
569 Utilities.indent(extData) |
|
570 }; |
|
571 |
|
572 return messageFormat.format(messageFields); |
|
573 } |
|
574 |
|
575 ////////////////////////////////////////////////////// |
|
576 // Nested extension, consumer and producer interfaces. |
|
577 |
|
578 static interface ExtensionConsumer { |
|
579 void consume(ConnectionContext context, |
|
580 HandshakeMessage message, ByteBuffer buffer) throws IOException; |
|
581 } |
|
582 |
|
583 /** |
|
584 * A (transparent) specification of extension data. |
|
585 * |
|
586 * This interface contains no methods or constants. Its only purpose is to |
|
587 * group all extension data. All extension data should implement this |
|
588 * interface if the data is expected to handle in the following handshake |
|
589 * processes. |
|
590 */ |
|
591 static interface SSLExtensionSpec { |
|
592 // blank |
|
593 } |
|
594 |
|
595 // Default enabled client extensions. |
|
596 static final class ClientExtensions { |
|
597 static final Collection<SSLExtension> defaults; |
|
598 |
|
599 static { |
|
600 Collection<SSLExtension> extensions = new LinkedList<>(); |
|
601 for (SSLExtension extension : SSLExtension.values()) { |
|
602 if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) { |
|
603 extensions.add(extension); |
|
604 } |
|
605 } |
|
606 |
|
607 // Switch off SNI extention? |
|
608 boolean enableExtension = |
|
609 Utilities.getBooleanProperty("jsse.enableSNIExtension", true); |
|
610 if (!enableExtension) { |
|
611 extensions.remove(CH_SERVER_NAME); |
|
612 } |
|
613 |
|
614 // To switch off the max_fragment_length extension. |
|
615 enableExtension = |
|
616 Utilities.getBooleanProperty("jsse.enableMFLExtension", false); |
|
617 if (!enableExtension) { |
|
618 extensions.remove(CH_MAX_FRAGMENT_LENGTH); |
|
619 } |
|
620 |
|
621 // enableExtension = Utilities.getBooleanProperty( |
|
622 // "jdk.tls.client.enableStatusRequestExtension", true); |
|
623 // if (!enableExtension) { |
|
624 // extensions.remove(CH_STATUS_REQUEST); |
|
625 // extensions.remove(CR_STATUS_REQUEST); |
|
626 // extensions.remove(CT_STATUS_REQUEST); |
|
627 // |
|
628 // extensions.remove(CH_STATUS_REQUEST_V2); |
|
629 // } |
|
630 |
|
631 if (!SSLConfiguration.useExtendedMasterSecret) { |
|
632 extensions.remove(CH_EXTENDED_MASTER_SECRET); |
|
633 } |
|
634 |
|
635 defaults = Collections.unmodifiableCollection(extensions); |
|
636 } |
|
637 } |
|
638 |
|
639 // Default enabled server extensions. |
|
640 static final class ServerExtensions { |
|
641 static final Collection<SSLExtension> defaults; |
|
642 |
|
643 static { |
|
644 Collection<SSLExtension> extensions = new LinkedList<>(); |
|
645 for (SSLExtension extension : SSLExtension.values()) { |
|
646 if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) { |
|
647 extensions.add(extension); |
|
648 } |
|
649 } |
|
650 |
|
651 /* |
|
652 // Switch off SNI extention? |
|
653 boolean enableExtension = |
|
654 Utilities.getBooleanProperty("jsse.enableSNIExtension", true); |
|
655 if (!enableExtension) { |
|
656 extensions.remove(CH_SERVER_NAME); |
|
657 extensions.remove(SH_SERVER_NAME); |
|
658 extensions.remove(EE_SERVER_NAME); |
|
659 } |
|
660 |
|
661 // To switch off the max_fragment_length extension. |
|
662 enableExtension = |
|
663 Utilities.getBooleanProperty("jsse.enableMFLExtension", false); |
|
664 if (!enableExtension) { |
|
665 extensions.remove(CH_MAX_FRAGMENT_LENGTH); |
|
666 extensions.remove(SH_MAX_FRAGMENT_LENGTH); |
|
667 extensions.remove(EE_MAX_FRAGMENT_LENGTH); |
|
668 } |
|
669 */ |
|
670 |
|
671 // enableExtension = Utilities.getBooleanProperty( |
|
672 // "jdk.tls.server.enableStatusRequestExtension", true); |
|
673 // if (!enableExtension) { |
|
674 // extensions.remove(CH_STATUS_REQUEST); |
|
675 // extensions.remove(SH_STATUS_REQUEST); |
|
676 // extensions.remove(CR_STATUS_REQUEST); |
|
677 // extensions.remove(CT_STATUS_REQUEST); |
|
678 // |
|
679 // extensions.remove(SH_STATUS_REQUEST_V2); |
|
680 // } |
|
681 |
|
682 /* |
|
683 if (!SSLConfiguration.useExtendedMasterSecret) { |
|
684 extensions.remove(CH_EXTENDED_MASTER_SECRET); |
|
685 extensions.remove(SH_EXTENDED_MASTER_SECRET); |
|
686 } |
|
687 */ |
|
688 defaults = Collections.unmodifiableCollection(extensions); |
|
689 } |
|
690 } |
|
691 } |