jdk-sandbox: comparison src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java

equal deleted inserted replaced

-:f7cc25dda38a
+:c2398053ee90
 import java.text.MessageFormat;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.Locale;
 import java.util.Arrays;
-import java.util.Objects;
 import java.util.Collection;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import static sun.security.ssl.ClientAuthType.CLIENT_AUTH_REQUIRED;
 import sun.security.ssl.ClientHello.ClientHelloMessage;
 import sun.security.ssl.SSLExtension.ExtensionConsumer;
 import sun.security.ssl.SSLExtension.SSLExtensionSpec;
 import sun.security.ssl.SSLHandshake.HandshakeMessage;
+import sun.security.ssl.SessionTicketExtension.SessionTicketSpec;
+import sun.security.util.HexDumpEncoder;
 import static sun.security.ssl.SSLExtension.*;
 /**
 * Pack of the "pre_shared_key" extension.
 */
 Record.putInt32(m, obfuscatedAge);
 }
 @Override
 public String toString() {
-return "{" + Utilities.toHexString(identity) + "," +
+return "{" + Utilities.toHexString(identity) + ", " +
 obfuscatedAge + "}";
 }
 }
 private static final
 @Override
 public String toString() {
 MessageFormat messageFormat = new MessageFormat(
 "\"PreSharedKey\": '{'\n" +
-"  \"identities\"    : \"{0}\",\n" +
+"  \"identities\": '{'\n" +
-"  \"binders\"       : \"{1}\",\n" +
+"{0}\n" +
+"  '}'" +
+"  \"binders\": \"{1}\",\n" +
 "'}'",
 Locale.ENGLISH);
 Object[] messageFields = {
 Utilities.indent(identitiesString()),
 return messageFormat.format(messageFields);
 }
 String identitiesString() {
+HexDumpEncoder hexEncoder = new HexDumpEncoder();
 StringBuilder result = new StringBuilder();
 for (PskIdentity curId : identities) {
-result.append(curId.toString() + "\n");
+result.append("  {\n"+ Utilities.indent(
+hexEncoder.encode(curId.identity), "    ") +
+"\n  }\n");
 }
 return result.toString();
 }
 m.remaining() + ")");
 }
 this.selectedIdentity = Record.getInt16(m);
 }
-byte[] getEncoded() throws IOException {
+byte[] getEncoded() {
 return new byte[] {
 (byte)((selectedIdentity >> 8) & 0xFF),
 (byte)(selectedIdentity & 0xFF)
 };
 }
 if (shc.isResumption) {     // resumingSession may not be set
 SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
 shc.sslContext.engineGetServerSessionContext();
 int idIndex = 0;
+SSLSessionImpl s = null;
 for (PskIdentity requestedId : pskSpec.identities) {
-SSLSessionImpl s = sessionCache.get(requestedId.identity);
+// If we are keeping state, see if the identity is in the cache
+if (requestedId.identity.length == SessionId.MAX_LENGTH) {
+s = sessionCache.get(requestedId.identity);
+}
+// See if the identity is a stateless ticket
+if (s == null &&
+requestedId.identity.length > SessionId.MAX_LENGTH &&
+sessionCache.statelessEnabled()) {
+ByteBuffer b =
+new SessionTicketSpec(requestedId.identity).
+decrypt(shc);
+if (b != null) {
+try {
+s = new SSLSessionImpl(shc, b);
+} catch (IOException | RuntimeException e) {
+s = null;
+}
+}
+if (b == null || s == null) {
+if (SSLLogger.isOn &&
+SSLLogger.isOn("ssl,handshake")) {
+SSLLogger.fine(
+"Stateless session ticket invalid");
+}
+}
+}
 if (s != null && canRejoin(clientHello, shc, s)) {
 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
 SSLLogger.fine("Resuming session: ", s);
 }
 // no resumable session
 shc.isResumption = false;
 shc.resumingSession = null;
 }
 }
 // update the context
 shc.handshakeExtensions.put(
 SSLExtension.CH_PRE_SHARED_KEY, pskSpec);
 }
 }
 private CHPreSharedKeySpec createPskPrototype(
 int hashLength, List<PskIdentity> identities) {
 List<byte[]> binders = new ArrayList<>();
 byte[] binderProto = new byte[hashLength];
-for (PskIdentity curId : identities) {
+int i = identities.size();
+while (i-- > 0) {
 binders.add(binderProto);
 }
 return new CHPreSharedKeySpec(identities, binders);
 }

changeset 55336	c2398053ee90
parent 54253	01d8eae542ff