--- a/src/java.base/share/classes/sun/security/ssl/Finished.java Tue Nov 20 10:08:19 2018 +0100
+++ b/src/java.base/share/classes/sun/security/ssl/Finished.java Tue Nov 20 13:12:48 2018 +0000
@@ -40,6 +40,10 @@
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
+import javax.net.ssl.SSLPeerUnverifiedException;
+
+import jdk.internal.event.EventHelper;
+import jdk.internal.event.TLSHandshakeEvent;
import sun.security.internal.spec.TlsPrfParameterSpec;
import sun.security.ssl.CipherSuite.HashAlg;
import static sun.security.ssl.CipherSuite.HashAlg.H_NONE;
@@ -548,6 +552,7 @@
// handshake context cleanup.
chc.handshakeFinished = true;
+ recordEvent(chc.conContext.conSession);
// May need to retransmit the last flight for DTLS.
if (!chc.sslContext.isDTLS()) {
@@ -597,6 +602,7 @@
// handshake context cleanup.
shc.handshakeFinished = true;
+ recordEvent(shc.conContext.conSession);
// May need to retransmit the last flight for DTLS.
if (!shc.sslContext.isDTLS()) {
@@ -730,6 +736,8 @@
// handshake context cleanup.
chc.handshakeFinished = true;
chc.conContext.finishHandshake();
+ recordEvent(chc.conContext.conSession);
+
// The handshake message has been delivered.
return null;
@@ -1063,6 +1071,7 @@
if (!shc.sslContext.isDTLS()) {
shc.conContext.finishHandshake();
}
+ recordEvent(shc.conContext.conSession);
//
// produce
@@ -1074,4 +1083,35 @@
}
}
+
+ private static void recordEvent(SSLSessionImpl session) {
+ TLSHandshakeEvent event = new TLSHandshakeEvent();
+ if (event.shouldCommit() || EventHelper.isLoggingSecurity()) {
+ int peerCertificateId = 0;
+ try {
+ // use hash code for Id
+ peerCertificateId = session
+ .getCertificateChain()[0]
+ .hashCode();
+ } catch (SSLPeerUnverifiedException e) {
+ // not verified msg
+ }
+ if (event.shouldCommit()) {
+ event.peerHost = session.getPeerHost();
+ event.peerPort = session.getPeerPort();
+ event.cipherSuite = session.getCipherSuite();
+ event.protocolVersion = session.getProtocol();
+ event.certificateId = peerCertificateId;
+ event.commit();
+ }
+ if (EventHelper.isLoggingSecurity()) {
+ EventHelper.logTLSHandshakeEvent(null,
+ session.getPeerHost(),
+ session.getPeerPort(),
+ session.getCipherSuite(),
+ session.getProtocol(),
+ peerCertificateId);
+ }
+ }
+ }
}