33 import java.util.Arrays; |
33 import java.util.Arrays; |
34 import java.util.Collections; |
34 import java.util.Collections; |
35 import java.util.LinkedList; |
35 import java.util.LinkedList; |
36 import java.util.List; |
36 import java.util.List; |
37 import java.util.Locale; |
37 import java.util.Locale; |
38 import java.util.Objects; |
|
39 import javax.net.ssl.SSLException; |
38 import javax.net.ssl.SSLException; |
40 import javax.net.ssl.SSLHandshakeException; |
39 import javax.net.ssl.SSLHandshakeException; |
41 import javax.net.ssl.SSLPeerUnverifiedException; |
40 import javax.net.ssl.SSLPeerUnverifiedException; |
42 import javax.net.ssl.SSLProtocolException; |
41 import javax.net.ssl.SSLProtocolException; |
43 import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED; |
42 import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED; |
967 throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
966 throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
968 "Client initiated renegotiation is not allowed"); |
967 "Client initiated renegotiation is not allowed"); |
969 } |
968 } |
970 } |
969 } |
971 |
970 |
972 // Is it an abbreviated handshake? |
971 // Consume a Session Ticket Extension if it exists |
973 if (clientHello.sessionId.length() != 0) { |
972 SSLExtension[] ext = new SSLExtension[]{ |
974 SSLSessionImpl previous = ((SSLSessionContextImpl)shc.sslContext |
973 SSLExtension.CH_SESSION_TICKET |
975 .engineGetServerSessionContext()) |
974 }; |
976 .get(clientHello.sessionId.getId()); |
975 clientHello.extensions.consumeOnLoad(shc, ext); |
|
976 |
|
977 // Does the client want to resume a session? |
|
978 if (clientHello.sessionId.length() != 0 || shc.statelessResumption) { |
|
979 SSLSessionContextImpl cache = (SSLSessionContextImpl)shc.sslContext |
|
980 .engineGetServerSessionContext(); |
|
981 |
|
982 SSLSessionImpl previous; |
|
983 // Use the stateless session ticket if provided |
|
984 if (shc.statelessResumption) { |
|
985 previous = shc.resumingSession; |
|
986 } else { |
|
987 previous = cache.get(clientHello.sessionId.getId()); |
|
988 } |
977 |
989 |
978 boolean resumingSession = |
990 boolean resumingSession = |
979 (previous != null) && previous.isRejoinable(); |
991 (previous != null) && previous.isRejoinable(); |
980 if (!resumingSession) { |
992 if (!resumingSession) { |
981 if (SSLLogger.isOn && |
993 if (SSLLogger.isOn && |
1049 |
1061 |
1050 // So far so good. Note that the handshake extensions may reset |
1062 // So far so good. Note that the handshake extensions may reset |
1051 // the resuming options later. |
1063 // the resuming options later. |
1052 shc.isResumption = resumingSession; |
1064 shc.isResumption = resumingSession; |
1053 shc.resumingSession = resumingSession ? previous : null; |
1065 shc.resumingSession = resumingSession ? previous : null; |
|
1066 |
|
1067 if (!resumingSession && SSLLogger.isOn && |
|
1068 SSLLogger.isOn("ssl,handshake")) { |
|
1069 SSLLogger.fine("Session not resumed."); |
|
1070 } |
1054 } |
1071 } |
1055 |
1072 |
1056 // cache the client random number for further using |
1073 // cache the client random number for further using |
1057 shc.clientHelloRandom = clientHello.clientRandom; |
1074 shc.clientHelloRandom = clientHello.clientRandom; |
1058 |
1075 |
1059 // Check and launch ClientHello extensions. |
1076 // Check and launch ClientHello extensions. |
1060 SSLExtension[] extTypes = shc.sslConfig.getEnabledExtensions( |
1077 SSLExtension[] extTypes = shc.sslConfig.getExclusiveExtensions( |
1061 SSLHandshake.CLIENT_HELLO); |
1078 SSLHandshake.CLIENT_HELLO, |
|
1079 Arrays.asList(SSLExtension.CH_SESSION_TICKET)); |
1062 clientHello.extensions.consumeOnLoad(shc, extTypes); |
1080 clientHello.extensions.consumeOnLoad(shc, extTypes); |
1063 |
1081 |
1064 // |
1082 // |
1065 // update |
1083 // update |
1066 // |
1084 // |
1274 throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
1292 throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
1275 "Client initiated renegotiation is not allowed"); |
1293 "Client initiated renegotiation is not allowed"); |
1276 } |
1294 } |
1277 } |
1295 } |
1278 |
1296 |
1279 // Is it an abbreviated handshake? |
1297 |
|
1298 // Does the client want to resume a session? |
1280 if (clientHello.sessionId.length() != 0) { |
1299 if (clientHello.sessionId.length() != 0) { |
1281 SSLSessionImpl previous = ((SSLSessionContextImpl)shc.sslContext |
1300 SSLSessionContextImpl cache = (SSLSessionContextImpl)shc.sslContext |
1282 .engineGetServerSessionContext()) |
1301 .engineGetServerSessionContext(); |
1283 .get(clientHello.sessionId.getId()); |
1302 |
|
1303 // Consume a Session Ticket Extension if it exists |
|
1304 SSLExtension[] ext = new SSLExtension[]{ |
|
1305 SSLExtension.CH_SESSION_TICKET |
|
1306 }; |
|
1307 clientHello.extensions.consumeOnLoad(shc, ext); |
|
1308 |
|
1309 SSLSessionImpl previous; |
|
1310 // Use stateless session ticket if provided. |
|
1311 if (shc.statelessResumption) { |
|
1312 previous = shc.resumingSession; |
|
1313 } else { |
|
1314 previous = cache.get(clientHello.sessionId.getId()); |
|
1315 } |
1284 |
1316 |
1285 boolean resumingSession = |
1317 boolean resumingSession = |
1286 (previous != null) && previous.isRejoinable(); |
1318 (previous != null) && previous.isRejoinable(); |
1287 if (!resumingSession) { |
1319 if (!resumingSession) { |
1288 if (SSLLogger.isOn && |
1320 if (SSLLogger.isOn && |