|
1 /* |
|
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 package sun.security.ssl; |
|
27 |
|
28 import java.io.IOException; |
|
29 import java.nio.ByteBuffer; |
|
30 import java.text.MessageFormat; |
|
31 import java.util.Collection; |
|
32 import java.util.Collections; |
|
33 import java.util.LinkedList; |
|
34 import java.util.Locale; |
|
35 import sun.security.ssl.SSLHandshake.HandshakeMessage; |
|
36 import sun.security.util.HexDumpEncoder; |
|
37 |
|
38 enum SSLExtension implements SSLStringizer { |
|
39 // Extensions defined in RFC 6066 |
|
40 CH_SERVER_NAME (0x0000, "server_name", |
|
41 SSLHandshake.CLIENT_HELLO, |
|
42 ProtocolVersion.PROTOCOLS_TO_13, |
|
43 ServerNameExtension.chNetworkProducer, |
|
44 ServerNameExtension.chOnLoadConsumer, |
|
45 null, |
|
46 null, |
|
47 null, |
|
48 ServerNameExtension.chStringizer), |
|
49 SH_SERVER_NAME (0x0000, "server_name", |
|
50 SSLHandshake.SERVER_HELLO, |
|
51 ProtocolVersion.PROTOCOLS_TO_12, |
|
52 ServerNameExtension.shNetworkProducer, |
|
53 ServerNameExtension.shOnLoadConsumer, |
|
54 null, |
|
55 null, |
|
56 null, |
|
57 ServerNameExtension.shStringizer), |
|
58 EE_SERVER_NAME (0x0000, "server_name", |
|
59 SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
60 ProtocolVersion.PROTOCOLS_OF_13, |
|
61 ServerNameExtension.eeNetworkProducer, |
|
62 ServerNameExtension.eeOnLoadConsumer, |
|
63 null, |
|
64 null, |
|
65 null, |
|
66 ServerNameExtension.shStringizer), |
|
67 CH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
68 SSLHandshake.CLIENT_HELLO, |
|
69 ProtocolVersion.PROTOCOLS_TO_13, |
|
70 MaxFragExtension.chNetworkProducer, |
|
71 MaxFragExtension.chOnLoadConsumer, |
|
72 null, |
|
73 null, |
|
74 null, |
|
75 MaxFragExtension.maxFragLenStringizer), |
|
76 SH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
77 SSLHandshake.SERVER_HELLO, |
|
78 ProtocolVersion.PROTOCOLS_TO_12, |
|
79 MaxFragExtension.shNetworkProducer, |
|
80 MaxFragExtension.shOnLoadConsumer, |
|
81 null, |
|
82 MaxFragExtension.shOnTradeConsumer, |
|
83 null, |
|
84 MaxFragExtension.maxFragLenStringizer), |
|
85 EE_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", |
|
86 SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
87 ProtocolVersion.PROTOCOLS_OF_13, |
|
88 MaxFragExtension.eeNetworkProducer, |
|
89 MaxFragExtension.eeOnLoadConsumer, |
|
90 null, |
|
91 MaxFragExtension.eeOnTradeConsumer, |
|
92 null, |
|
93 MaxFragExtension.maxFragLenStringizer), |
|
94 CLIENT_CERTIFICATE_URL (0x0002, "client_certificate_url"), |
|
95 TRUSTED_CA_KEYS (0x0003, "trusted_ca_keys"), |
|
96 TRUNCATED_HMAC (0x0004, "truncated_hmac"), |
|
97 |
|
98 CH_STATUS_REQUEST (0x0005, "status_request", |
|
99 SSLHandshake.CLIENT_HELLO, |
|
100 ProtocolVersion.PROTOCOLS_TO_13, |
|
101 CertStatusExtension.chNetworkProducer, |
|
102 CertStatusExtension.chOnLoadConsumer, |
|
103 null, |
|
104 null, |
|
105 null, |
|
106 CertStatusExtension.certStatusReqStringizer), |
|
107 SH_STATUS_REQUEST (0x0005, "status_request", |
|
108 SSLHandshake.SERVER_HELLO, |
|
109 ProtocolVersion.PROTOCOLS_TO_12, |
|
110 CertStatusExtension.shNetworkProducer, |
|
111 CertStatusExtension.shOnLoadConsumer, |
|
112 null, |
|
113 null, |
|
114 null, |
|
115 CertStatusExtension.certStatusReqStringizer), |
|
116 |
|
117 CR_STATUS_REQUEST (0x0005, "status_request"), |
|
118 CT_STATUS_REQUEST (0x0005, "status_request", |
|
119 SSLHandshake.CERTIFICATE, |
|
120 ProtocolVersion.PROTOCOLS_OF_13, |
|
121 CertStatusExtension.ctNetworkProducer, |
|
122 CertStatusExtension.ctOnLoadConsumer, |
|
123 null, |
|
124 null, |
|
125 null, |
|
126 CertStatusExtension.certStatusRespStringizer), |
|
127 // extensions defined in RFC 4681 |
|
128 USER_MAPPING (0x0006, "user_mapping"), |
|
129 |
|
130 // extensions defined in RFC 5878 |
|
131 CLIENT_AUTHZ (0x0007, "client_authz"), |
|
132 SERVER_AUTHZ (0x0008, "server_authz"), |
|
133 |
|
134 // extensions defined in RFC 5081 |
|
135 CERT_TYPE (0x0009, "cert_type"), |
|
136 |
|
137 // extensions defined in RFC 4492 (ECC) |
|
138 CH_SUPPORTED_GROUPS (0x000A, "supported_groups", |
|
139 SSLHandshake.CLIENT_HELLO, |
|
140 ProtocolVersion.PROTOCOLS_TO_13, |
|
141 SupportedGroupsExtension.chNetworkProducer, |
|
142 SupportedGroupsExtension.chOnLoadConsumer, |
|
143 null, |
|
144 null, |
|
145 null, |
|
146 SupportedGroupsExtension.sgsStringizer), |
|
147 EE_SUPPORTED_GROUPS (0x000A, "supported_groups", |
|
148 SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
149 ProtocolVersion.PROTOCOLS_OF_13, |
|
150 SupportedGroupsExtension.eeNetworkProducer, |
|
151 SupportedGroupsExtension.eeOnLoadConsumer, |
|
152 null, |
|
153 null, |
|
154 null, |
|
155 SupportedGroupsExtension.sgsStringizer), |
|
156 |
|
157 CH_EC_POINT_FORMATS (0x000B, "ec_point_formats", |
|
158 SSLHandshake.CLIENT_HELLO, |
|
159 ProtocolVersion.PROTOCOLS_TO_12, |
|
160 ECPointFormatsExtension.chNetworkProducer, |
|
161 ECPointFormatsExtension.chOnLoadConsumer, |
|
162 null, |
|
163 null, |
|
164 null, |
|
165 ECPointFormatsExtension.epfStringizer), |
|
166 SH_EC_POINT_FORMATS (0x000B, "ec_point_formats", |
|
167 SSLHandshake.SERVER_HELLO, |
|
168 ProtocolVersion.PROTOCOLS_TO_12, |
|
169 null, // not use of the producer |
|
170 ECPointFormatsExtension.shOnLoadConsumer, |
|
171 null, |
|
172 null, |
|
173 null, |
|
174 ECPointFormatsExtension.epfStringizer), |
|
175 |
|
176 // extensions defined in RFC 5054 |
|
177 SRP (0x000C, "srp"), |
|
178 |
|
179 // extensions defined in RFC 5246 |
|
180 CH_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", |
|
181 SSLHandshake.CLIENT_HELLO, |
|
182 ProtocolVersion.PROTOCOLS_12_13, |
|
183 SignatureAlgorithmsExtension.chNetworkProducer, |
|
184 SignatureAlgorithmsExtension.chOnLoadConsumer, |
|
185 SignatureAlgorithmsExtension.chOnLoadAbsence, |
|
186 SignatureAlgorithmsExtension.chOnTradeConsumer, |
|
187 SignatureAlgorithmsExtension.chOnTradeAbsence, |
|
188 SignatureAlgorithmsExtension.ssStringizer), |
|
189 CR_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", |
|
190 SSLHandshake.CERTIFICATE_REQUEST, |
|
191 ProtocolVersion.PROTOCOLS_OF_13, |
|
192 SignatureAlgorithmsExtension.crNetworkProducer, |
|
193 SignatureAlgorithmsExtension.crOnLoadConsumer, |
|
194 SignatureAlgorithmsExtension.crOnLoadAbsence, |
|
195 SignatureAlgorithmsExtension.crOnTradeConsumer, |
|
196 null, |
|
197 SignatureAlgorithmsExtension.ssStringizer), |
|
198 |
|
199 CH_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", |
|
200 SSLHandshake.CLIENT_HELLO, |
|
201 ProtocolVersion.PROTOCOLS_12_13, |
|
202 CertSignAlgsExtension.chNetworkProducer, |
|
203 CertSignAlgsExtension.chOnLoadConsumer, |
|
204 null, |
|
205 CertSignAlgsExtension.chOnTradeConsumer, |
|
206 null, |
|
207 CertSignAlgsExtension.ssStringizer), |
|
208 CR_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", |
|
209 SSLHandshake.CERTIFICATE_REQUEST, |
|
210 ProtocolVersion.PROTOCOLS_OF_13, |
|
211 CertSignAlgsExtension.crNetworkProducer, |
|
212 CertSignAlgsExtension.crOnLoadConsumer, |
|
213 null, |
|
214 CertSignAlgsExtension.crOnTradeConsumer, |
|
215 null, |
|
216 CertSignAlgsExtension.ssStringizer), |
|
217 |
|
218 // extensions defined in RFC 5764 |
|
219 USE_SRTP (0x000E, "use_srtp"), |
|
220 |
|
221 // extensions defined in RFC 6520 |
|
222 HEARTBEAT (0x000E, "heartbeat"), |
|
223 |
|
224 // extension defined in RFC 7301 (ALPN) |
|
225 CH_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
226 SSLHandshake.CLIENT_HELLO, |
|
227 ProtocolVersion.PROTOCOLS_TO_13, |
|
228 AlpnExtension.chNetworkProducer, |
|
229 AlpnExtension.chOnLoadConsumer, |
|
230 AlpnExtension.chOnLoadAbsence, |
|
231 null, |
|
232 null, |
|
233 AlpnExtension.alpnStringizer), |
|
234 SH_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
235 SSLHandshake.SERVER_HELLO, |
|
236 ProtocolVersion.PROTOCOLS_TO_12, |
|
237 AlpnExtension.shNetworkProducer, |
|
238 AlpnExtension.shOnLoadConsumer, |
|
239 AlpnExtension.shOnLoadAbsence, |
|
240 null, |
|
241 null, |
|
242 AlpnExtension.alpnStringizer), |
|
243 EE_ALPN (0x0010, "application_layer_protocol_negotiation", |
|
244 SSLHandshake.ENCRYPTED_EXTENSIONS, |
|
245 ProtocolVersion.PROTOCOLS_OF_13, |
|
246 AlpnExtension.shNetworkProducer, |
|
247 AlpnExtension.shOnLoadConsumer, |
|
248 AlpnExtension.shOnLoadAbsence, |
|
249 null, |
|
250 null, |
|
251 AlpnExtension.alpnStringizer), |
|
252 |
|
253 // extensions defined in RFC 6961 |
|
254 CH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", |
|
255 SSLHandshake.CLIENT_HELLO, |
|
256 ProtocolVersion.PROTOCOLS_TO_12, |
|
257 CertStatusExtension.chV2NetworkProducer, |
|
258 CertStatusExtension.chV2OnLoadConsumer, |
|
259 null, |
|
260 null, |
|
261 null, |
|
262 CertStatusExtension.certStatusReqV2Stringizer), |
|
263 SH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", |
|
264 SSLHandshake.SERVER_HELLO, |
|
265 ProtocolVersion.PROTOCOLS_TO_12, |
|
266 CertStatusExtension.shV2NetworkProducer, |
|
267 CertStatusExtension.shV2OnLoadConsumer, |
|
268 null, |
|
269 null, |
|
270 null, |
|
271 CertStatusExtension.certStatusReqV2Stringizer), |
|
272 |
|
273 // extensions defined in RFC 6962 |
|
274 SIGNED_CERT_TIMESTAMP (0x0012, "signed_certificate_timestamp"), |
|
275 |
|
276 // extensions defined in RFC 7250 |
|
277 CLIENT_CERT_TYPE (0x0013, "padding"), |
|
278 SERVER_CERT_TYPE (0x0014, "server_certificate_type"), |
|
279 |
|
280 // extensions defined in RFC 7685 |
|
281 PADDING (0x0015, "client_certificate_type"), |
|
282 |
|
283 // extensions defined in RFC 7366 |
|
284 ENCRYPT_THEN_MAC (0x0016, "encrypt_then_mac"), |
|
285 |
|
286 // extensions defined in RFC 7627 |
|
287 CH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", |
|
288 SSLHandshake.CLIENT_HELLO, |
|
289 ProtocolVersion.PROTOCOLS_TO_12, |
|
290 ExtendedMasterSecretExtension.chNetworkProducer, |
|
291 ExtendedMasterSecretExtension.chOnLoadConsumer, |
|
292 ExtendedMasterSecretExtension.chOnLoadAbsence, |
|
293 null, |
|
294 null, |
|
295 ExtendedMasterSecretExtension.emsStringizer), |
|
296 SH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", |
|
297 SSLHandshake.SERVER_HELLO, |
|
298 ProtocolVersion.PROTOCOLS_TO_12, |
|
299 ExtendedMasterSecretExtension.shNetworkProducer, |
|
300 ExtendedMasterSecretExtension.shOnLoadConsumer, |
|
301 ExtendedMasterSecretExtension.shOnLoadAbsence, |
|
302 null, |
|
303 null, |
|
304 ExtendedMasterSecretExtension.emsStringizer), |
|
305 |
|
306 // extensions defined in RFC draft-ietf-tokbind-negotiation |
|
307 TOKEN_BINDING (0x0018, "token_binding "), |
|
308 |
|
309 // extensions defined in RFC 7924 |
|
310 CACHED_INFO (0x0019, "cached_info"), |
|
311 |
|
312 // extensions defined in RFC 4507/5077 |
|
313 SESSION_TICKET (0x0023, "session_ticket"), |
|
314 |
|
315 // extensions defined in TLS 1.3 |
|
316 CH_EARLY_DATA (0x002A, "early_data"), |
|
317 EE_EARLY_DATA (0x002A, "early_data"), |
|
318 NST_EARLY_DATA (0x002A, "early_data"), |
|
319 |
|
320 CH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
321 SSLHandshake.CLIENT_HELLO, |
|
322 ProtocolVersion.PROTOCOLS_TO_13, |
|
323 SupportedVersionsExtension.chNetworkProducer, |
|
324 SupportedVersionsExtension.chOnLoadConsumer, |
|
325 null, |
|
326 null, |
|
327 null, |
|
328 SupportedVersionsExtension.chStringizer), |
|
329 SH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
330 SSLHandshake.SERVER_HELLO, |
|
331 // and HelloRetryRequest |
|
332 ProtocolVersion.PROTOCOLS_OF_13, |
|
333 SupportedVersionsExtension.shNetworkProducer, |
|
334 SupportedVersionsExtension.shOnLoadConsumer, |
|
335 null, |
|
336 null, |
|
337 null, |
|
338 SupportedVersionsExtension.shStringizer), |
|
339 HRR_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
340 SSLHandshake.HELLO_RETRY_REQUEST, |
|
341 ProtocolVersion.PROTOCOLS_OF_13, |
|
342 SupportedVersionsExtension.hrrNetworkProducer, |
|
343 SupportedVersionsExtension.hrrOnLoadConsumer, |
|
344 null, |
|
345 null, |
|
346 null, |
|
347 SupportedVersionsExtension.hrrStringizer), |
|
348 MH_SUPPORTED_VERSIONS (0x002B, "supported_versions", |
|
349 SSLHandshake.MESSAGE_HASH, |
|
350 ProtocolVersion.PROTOCOLS_OF_13, |
|
351 SupportedVersionsExtension.hrrReproducer, |
|
352 null, null, null, |
|
353 null, |
|
354 SupportedVersionsExtension.hrrStringizer), |
|
355 |
|
356 CH_COOKIE (0x002C, "cookie", |
|
357 SSLHandshake.CLIENT_HELLO, |
|
358 ProtocolVersion.PROTOCOLS_OF_13, |
|
359 CookieExtension.chNetworkProducer, |
|
360 CookieExtension.chOnLoadConsumer, |
|
361 null, |
|
362 CookieExtension.chOnTradeConsumer, |
|
363 null, |
|
364 CookieExtension.cookieStringizer), |
|
365 HRR_COOKIE (0x002C, "cookie", |
|
366 SSLHandshake.HELLO_RETRY_REQUEST, |
|
367 ProtocolVersion.PROTOCOLS_OF_13, |
|
368 CookieExtension.hrrNetworkProducer, |
|
369 CookieExtension.hrrOnLoadConsumer, |
|
370 null, null, |
|
371 null, |
|
372 CookieExtension.cookieStringizer), |
|
373 MH_COOKIE (0x002C, "cookie", |
|
374 SSLHandshake.MESSAGE_HASH, |
|
375 ProtocolVersion.PROTOCOLS_OF_13, |
|
376 CookieExtension.hrrNetworkReproducer, |
|
377 null, null, null, |
|
378 null, |
|
379 CookieExtension.cookieStringizer), |
|
380 |
|
381 PSK_KEY_EXCHANGE_MODES (0x002D, "psk_key_exchange_modes", |
|
382 SSLHandshake.CLIENT_HELLO, |
|
383 ProtocolVersion.PROTOCOLS_OF_13, |
|
384 PskKeyExchangeModesExtension.chNetworkProducer, |
|
385 PskKeyExchangeModesExtension.chOnLoadConsumer, |
|
386 PskKeyExchangeModesExtension.chOnLoadAbsence, |
|
387 null, |
|
388 PskKeyExchangeModesExtension.chOnTradeAbsence, |
|
389 PskKeyExchangeModesExtension.pkemStringizer), |
|
390 CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities"), |
|
391 OID_FILTERS (0x0030, "oid_filters"), |
|
392 POST_HANDSHAKE_AUTH (0x0030, "post_handshake_auth"), |
|
393 |
|
394 CH_KEY_SHARE (0x0033, "key_share", |
|
395 SSLHandshake.CLIENT_HELLO, |
|
396 ProtocolVersion.PROTOCOLS_OF_13, |
|
397 KeyShareExtension.chNetworkProducer, |
|
398 KeyShareExtension.chOnLoadConsumer, |
|
399 null, null, null, |
|
400 KeyShareExtension.chStringizer), |
|
401 SH_KEY_SHARE (0x0033, "key_share", |
|
402 SSLHandshake.SERVER_HELLO, |
|
403 ProtocolVersion.PROTOCOLS_OF_13, |
|
404 KeyShareExtension.shNetworkProducer, |
|
405 KeyShareExtension.shOnLoadConsumer, |
|
406 KeyShareExtension.shOnLoadAbsence, |
|
407 null, |
|
408 null, |
|
409 KeyShareExtension.shStringizer), |
|
410 HRR_KEY_SHARE (0x0033, "key_share", |
|
411 SSLHandshake.HELLO_RETRY_REQUEST, |
|
412 ProtocolVersion.PROTOCOLS_OF_13, |
|
413 KeyShareExtension.hrrNetworkProducer, |
|
414 KeyShareExtension.hrrOnLoadConsumer, |
|
415 null, null, null, |
|
416 KeyShareExtension.hrrStringizer), |
|
417 MH_KEY_SHARE (0x0033, "key_share", |
|
418 SSLHandshake.MESSAGE_HASH, |
|
419 ProtocolVersion.PROTOCOLS_OF_13, |
|
420 KeyShareExtension.hrrNetworkReproducer, |
|
421 null, null, null, null, |
|
422 KeyShareExtension.hrrStringizer), |
|
423 |
|
424 // Extensions defined in RFC 5746 |
|
425 CH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", |
|
426 SSLHandshake.CLIENT_HELLO, |
|
427 ProtocolVersion.PROTOCOLS_TO_12, |
|
428 RenegoInfoExtension.chNetworkProducer, |
|
429 RenegoInfoExtension.chOnLoadConsumer, |
|
430 RenegoInfoExtension.chOnLoadAbsence, |
|
431 null, |
|
432 null, |
|
433 RenegoInfoExtension.rniStringizer), |
|
434 SH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", |
|
435 SSLHandshake.SERVER_HELLO, |
|
436 ProtocolVersion.PROTOCOLS_TO_12, |
|
437 RenegoInfoExtension.shNetworkProducer, |
|
438 RenegoInfoExtension.shOnLoadConsumer, |
|
439 RenegoInfoExtension.shOnLoadAbsence, |
|
440 null, |
|
441 null, |
|
442 RenegoInfoExtension.rniStringizer), |
|
443 |
|
444 // TLS 1.3 PSK extension must be last |
|
445 CH_PRE_SHARED_KEY (0x0029, "pre_shared_key", |
|
446 SSLHandshake.CLIENT_HELLO, |
|
447 ProtocolVersion.PROTOCOLS_OF_13, |
|
448 PreSharedKeyExtension.chNetworkProducer, |
|
449 PreSharedKeyExtension.chOnLoadConsumer, |
|
450 PreSharedKeyExtension.chOnLoadAbsence, |
|
451 PreSharedKeyExtension.chOnTradeConsumer, |
|
452 null, |
|
453 PreSharedKeyExtension.chStringizer), |
|
454 SH_PRE_SHARED_KEY (0x0029, "pre_shared_key", |
|
455 SSLHandshake.SERVER_HELLO, |
|
456 ProtocolVersion.PROTOCOLS_OF_13, |
|
457 PreSharedKeyExtension.shNetworkProducer, |
|
458 PreSharedKeyExtension.shOnLoadConsumer, |
|
459 PreSharedKeyExtension.shOnLoadAbsence, |
|
460 null, null, |
|
461 PreSharedKeyExtension.shStringizer); |
|
462 |
|
463 final int id; |
|
464 final SSLHandshake handshakeType; |
|
465 final String name; |
|
466 final ProtocolVersion[] supportedProtocols; |
|
467 final HandshakeProducer networkProducer; |
|
468 final ExtensionConsumer onLoadConsumer; |
|
469 final HandshakeAbsence onLoadAbsence; |
|
470 final HandshakeConsumer onTradeConsumer; |
|
471 final HandshakeAbsence onTradeAbsence; |
|
472 final SSLStringizer stringizer; |
|
473 |
|
474 // known but unsupported extension |
|
475 private SSLExtension(int id, String name) { |
|
476 this.id = id; |
|
477 this.handshakeType = SSLHandshake.NOT_APPLICABLE; |
|
478 this.name = name; |
|
479 this.supportedProtocols = new ProtocolVersion[0]; |
|
480 this.networkProducer = null; |
|
481 this.onLoadConsumer = null; |
|
482 this.onLoadAbsence = null; |
|
483 this.onTradeConsumer = null; |
|
484 this.onTradeAbsence = null; |
|
485 this.stringizer = null; |
|
486 } |
|
487 |
|
488 // supported extension |
|
489 private SSLExtension(int id, String name, SSLHandshake handshakeType, |
|
490 ProtocolVersion[] supportedProtocols, |
|
491 HandshakeProducer producer, |
|
492 ExtensionConsumer onLoadConsumer, HandshakeAbsence onLoadAbsence, |
|
493 HandshakeConsumer onTradeConsumer, HandshakeAbsence onTradeAbsence, |
|
494 SSLStringizer stringize) { |
|
495 this.id = id; |
|
496 this.handshakeType = handshakeType; |
|
497 this.name = name; |
|
498 this.supportedProtocols = supportedProtocols; |
|
499 this.networkProducer = producer; |
|
500 this.onLoadConsumer = onLoadConsumer; |
|
501 this.onLoadAbsence = onLoadAbsence; |
|
502 this.onTradeConsumer = onTradeConsumer; |
|
503 this.onTradeAbsence = onTradeAbsence; |
|
504 this.stringizer = stringize; |
|
505 } |
|
506 |
|
507 static SSLExtension valueOf(SSLHandshake handshakeType, int extensionType) { |
|
508 for (SSLExtension ext : SSLExtension.values()) { |
|
509 if (ext.id == extensionType && |
|
510 ext.handshakeType == handshakeType) { |
|
511 return ext; |
|
512 } |
|
513 } |
|
514 |
|
515 return null; |
|
516 } |
|
517 |
|
518 static boolean isConsumable(int extensionType) { |
|
519 for (SSLExtension ext : SSLExtension.values()) { |
|
520 if (ext.id == extensionType && |
|
521 ext.onLoadConsumer != null) { |
|
522 return true; |
|
523 } |
|
524 } |
|
525 |
|
526 return false; |
|
527 } |
|
528 |
|
529 public byte[] produce(ConnectionContext context, |
|
530 HandshakeMessage message) throws IOException { |
|
531 if (networkProducer != null) { |
|
532 return networkProducer.produce(context, message); |
|
533 } else { |
|
534 throw new UnsupportedOperationException( |
|
535 "Not yet supported extension producing."); |
|
536 } |
|
537 } |
|
538 |
|
539 public void consumeOnLoad(ConnectionContext context, |
|
540 HandshakeMessage message, ByteBuffer buffer) throws IOException { |
|
541 if (onLoadConsumer != null) { |
|
542 onLoadConsumer.consume(context, message, buffer); |
|
543 } else { |
|
544 throw new UnsupportedOperationException( |
|
545 "Not yet supported extension loading."); |
|
546 } |
|
547 } |
|
548 |
|
549 public void consumeOnTrade(ConnectionContext context, |
|
550 HandshakeMessage message) throws IOException { |
|
551 if (onTradeConsumer != null) { |
|
552 onTradeConsumer.consume(context, message); |
|
553 } else { |
|
554 throw new UnsupportedOperationException( |
|
555 "Not yet supported extension processing."); |
|
556 } |
|
557 } |
|
558 |
|
559 void absentOnLoad(ConnectionContext context, |
|
560 HandshakeMessage message) throws IOException { |
|
561 if (onLoadAbsence != null) { |
|
562 onLoadAbsence.absent(context, message); |
|
563 } else { |
|
564 throw new UnsupportedOperationException( |
|
565 "Not yet supported extension absence processing."); |
|
566 } |
|
567 } |
|
568 |
|
569 void absentOnTrade(ConnectionContext context, |
|
570 HandshakeMessage message) throws IOException { |
|
571 if (onTradeAbsence != null) { |
|
572 onTradeAbsence.absent(context, message); |
|
573 } else { |
|
574 throw new UnsupportedOperationException( |
|
575 "Not yet supported extension absence processing."); |
|
576 } |
|
577 } |
|
578 |
|
579 public boolean isAvailable(ProtocolVersion protocolVersion) { |
|
580 for (int i = 0; i < supportedProtocols.length; i++) { |
|
581 if (supportedProtocols[i] == protocolVersion) { |
|
582 return true; |
|
583 } |
|
584 } |
|
585 |
|
586 return false; |
|
587 } |
|
588 |
|
589 @Override |
|
590 public String toString() { |
|
591 return name; |
|
592 } |
|
593 |
|
594 @Override |
|
595 public String toString(ByteBuffer byteBuffer) { |
|
596 MessageFormat messageFormat = new MessageFormat( |
|
597 "\"{0} ({1})\": '{'\n" + |
|
598 "{2}\n" + |
|
599 "'}'", |
|
600 Locale.ENGLISH); |
|
601 |
|
602 String extData; |
|
603 if (stringizer == null) { |
|
604 HexDumpEncoder hexEncoder = new HexDumpEncoder(); |
|
605 String encoded = hexEncoder.encode(byteBuffer.duplicate()); |
|
606 extData = encoded; |
|
607 } else { |
|
608 extData = stringizer.toString(byteBuffer); |
|
609 } |
|
610 |
|
611 Object[] messageFields = { |
|
612 this.name, |
|
613 this.id, |
|
614 Utilities.indent(extData) |
|
615 }; |
|
616 |
|
617 return messageFormat.format(messageFields); |
|
618 } |
|
619 |
|
620 ////////////////////////////////////////////////////// |
|
621 // Nested extension, consumer and producer interfaces. |
|
622 |
|
623 static interface ExtensionConsumer { |
|
624 void consume(ConnectionContext context, |
|
625 HandshakeMessage message, ByteBuffer buffer) throws IOException; |
|
626 } |
|
627 |
|
628 /** |
|
629 * A (transparent) specification of extension data. |
|
630 * |
|
631 * This interface contains no methods or constants. Its only purpose is to |
|
632 * group all extension data. All extension data should implement this |
|
633 * interface if the data is expected to handle in the following handshake |
|
634 * processes. |
|
635 */ |
|
636 static interface SSLExtensionSpec { |
|
637 // blank |
|
638 } |
|
639 |
|
640 // Default enabled client extensions. |
|
641 static final class ClientExtensions { |
|
642 static final Collection<SSLExtension> defaults; |
|
643 |
|
644 static { |
|
645 Collection<SSLExtension> extensions = new LinkedList<>(); |
|
646 for (SSLExtension extension : SSLExtension.values()) { |
|
647 if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) { |
|
648 extensions.add(extension); |
|
649 } |
|
650 } |
|
651 |
|
652 // Switch off SNI extention? |
|
653 boolean enableExtension = |
|
654 Utilities.getBooleanProperty("jsse.enableSNIExtension", true); |
|
655 if (!enableExtension) { |
|
656 extensions.remove(CH_SERVER_NAME); |
|
657 } |
|
658 |
|
659 // To switch off the max_fragment_length extension. |
|
660 enableExtension = |
|
661 Utilities.getBooleanProperty("jsse.enableMFLExtension", false); |
|
662 if (!enableExtension) { |
|
663 extensions.remove(CH_MAX_FRAGMENT_LENGTH); |
|
664 } |
|
665 |
|
666 defaults = Collections.unmodifiableCollection(extensions); |
|
667 } |
|
668 } |
|
669 |
|
670 // Default enabled server extensions. |
|
671 static final class ServerExtensions { |
|
672 static final Collection<SSLExtension> defaults; |
|
673 |
|
674 static { |
|
675 Collection<SSLExtension> extensions = new LinkedList<>(); |
|
676 for (SSLExtension extension : SSLExtension.values()) { |
|
677 if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) { |
|
678 extensions.add(extension); |
|
679 } |
|
680 } |
|
681 |
|
682 defaults = Collections.unmodifiableCollection(extensions); |
|
683 } |
|
684 } |
|
685 } |