equal
deleted
inserted
replaced
38 import javax.crypto.KeyGenerator; |
38 import javax.crypto.KeyGenerator; |
39 import javax.crypto.Mac; |
39 import javax.crypto.Mac; |
40 import javax.crypto.SecretKey; |
40 import javax.crypto.SecretKey; |
41 import javax.crypto.spec.IvParameterSpec; |
41 import javax.crypto.spec.IvParameterSpec; |
42 import javax.crypto.spec.SecretKeySpec; |
42 import javax.crypto.spec.SecretKeySpec; |
|
43 import javax.net.ssl.SSLPeerUnverifiedException; |
|
44 |
|
45 import jdk.internal.event.EventHelper; |
|
46 import jdk.internal.event.TLSHandshakeEvent; |
43 import sun.security.internal.spec.TlsPrfParameterSpec; |
47 import sun.security.internal.spec.TlsPrfParameterSpec; |
44 import sun.security.ssl.CipherSuite.HashAlg; |
48 import sun.security.ssl.CipherSuite.HashAlg; |
45 import static sun.security.ssl.CipherSuite.HashAlg.H_NONE; |
49 import static sun.security.ssl.CipherSuite.HashAlg.H_NONE; |
46 import sun.security.ssl.SSLBasicKeyDerivation.SecretSizeSpec; |
50 import sun.security.ssl.SSLBasicKeyDerivation.SecretSizeSpec; |
47 import sun.security.ssl.SSLCipher.SSLReadCipher; |
51 import sun.security.ssl.SSLCipher.SSLReadCipher; |
546 chc.conContext.conSession = chc.handshakeSession.finish(); |
550 chc.conContext.conSession = chc.handshakeSession.finish(); |
547 chc.conContext.protocolVersion = chc.negotiatedProtocol; |
551 chc.conContext.protocolVersion = chc.negotiatedProtocol; |
548 |
552 |
549 // handshake context cleanup. |
553 // handshake context cleanup. |
550 chc.handshakeFinished = true; |
554 chc.handshakeFinished = true; |
|
555 recordEvent(chc.conContext.conSession); |
551 |
556 |
552 // May need to retransmit the last flight for DTLS. |
557 // May need to retransmit the last flight for DTLS. |
553 if (!chc.sslContext.isDTLS()) { |
558 if (!chc.sslContext.isDTLS()) { |
554 chc.conContext.finishHandshake(); |
559 chc.conContext.finishHandshake(); |
555 } |
560 } |
595 shc.conContext.conSession = shc.handshakeSession.finish(); |
600 shc.conContext.conSession = shc.handshakeSession.finish(); |
596 shc.conContext.protocolVersion = shc.negotiatedProtocol; |
601 shc.conContext.protocolVersion = shc.negotiatedProtocol; |
597 |
602 |
598 // handshake context cleanup. |
603 // handshake context cleanup. |
599 shc.handshakeFinished = true; |
604 shc.handshakeFinished = true; |
|
605 recordEvent(shc.conContext.conSession); |
600 |
606 |
601 // May need to retransmit the last flight for DTLS. |
607 // May need to retransmit the last flight for DTLS. |
602 if (!shc.sslContext.isDTLS()) { |
608 if (!shc.sslContext.isDTLS()) { |
603 shc.conContext.finishHandshake(); |
609 shc.conContext.finishHandshake(); |
604 } |
610 } |
728 chc.conContext.protocolVersion = chc.negotiatedProtocol; |
734 chc.conContext.protocolVersion = chc.negotiatedProtocol; |
729 |
735 |
730 // handshake context cleanup. |
736 // handshake context cleanup. |
731 chc.handshakeFinished = true; |
737 chc.handshakeFinished = true; |
732 chc.conContext.finishHandshake(); |
738 chc.conContext.finishHandshake(); |
|
739 recordEvent(chc.conContext.conSession); |
|
740 |
733 |
741 |
734 // The handshake message has been delivered. |
742 // The handshake message has been delivered. |
735 return null; |
743 return null; |
736 } |
744 } |
737 |
745 |
1061 |
1069 |
1062 // May need to retransmit the last flight for DTLS. |
1070 // May need to retransmit the last flight for DTLS. |
1063 if (!shc.sslContext.isDTLS()) { |
1071 if (!shc.sslContext.isDTLS()) { |
1064 shc.conContext.finishHandshake(); |
1072 shc.conContext.finishHandshake(); |
1065 } |
1073 } |
|
1074 recordEvent(shc.conContext.conSession); |
1066 |
1075 |
1067 // |
1076 // |
1068 // produce |
1077 // produce |
1069 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
1078 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
1070 SSLLogger.fine( |
1079 SSLLogger.fine( |
1072 } |
1081 } |
1073 NewSessionTicket.kickstartProducer.produce(shc); |
1082 NewSessionTicket.kickstartProducer.produce(shc); |
1074 |
1083 |
1075 } |
1084 } |
1076 } |
1085 } |
|
1086 |
|
1087 private static void recordEvent(SSLSessionImpl session) { |
|
1088 TLSHandshakeEvent event = new TLSHandshakeEvent(); |
|
1089 if (event.shouldCommit() || EventHelper.isLoggingSecurity()) { |
|
1090 int peerCertificateId = 0; |
|
1091 try { |
|
1092 // use hash code for Id |
|
1093 peerCertificateId = session |
|
1094 .getCertificateChain()[0] |
|
1095 .hashCode(); |
|
1096 } catch (SSLPeerUnverifiedException e) { |
|
1097 // not verified msg |
|
1098 } |
|
1099 if (event.shouldCommit()) { |
|
1100 event.peerHost = session.getPeerHost(); |
|
1101 event.peerPort = session.getPeerPort(); |
|
1102 event.cipherSuite = session.getCipherSuite(); |
|
1103 event.protocolVersion = session.getProtocol(); |
|
1104 event.certificateId = peerCertificateId; |
|
1105 event.commit(); |
|
1106 } |
|
1107 if (EventHelper.isLoggingSecurity()) { |
|
1108 EventHelper.logTLSHandshakeEvent(null, |
|
1109 session.getPeerHost(), |
|
1110 session.getPeerPort(), |
|
1111 session.getCipherSuite(), |
|
1112 session.getProtocol(), |
|
1113 peerCertificateId); |
|
1114 } |
|
1115 } |
|
1116 } |
1077 } |
1117 } |