src/java.base/share/classes/sun/security/ssl/CookieExtension.java
author xuelei
Tue, 18 Dec 2018 12:08:51 -0800
changeset 53064 103ed9569fc8
parent 50768 68fa3d4026ea
permissions -rw-r--r--
8215443: The use of TransportContext.fatal() leads to bad coding style Reviewed-by: ascarpino

/*
 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.text.MessageFormat;
import java.util.Locale;
import javax.net.ssl.SSLProtocolException;

import sun.security.ssl.ClientHello.ClientHelloMessage;
import sun.security.ssl.SSLExtension.ExtensionConsumer;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.SSLExtension.SSLExtensionSpec;
import sun.security.ssl.ServerHello.ServerHelloMessage;
import sun.security.util.HexDumpEncoder;

public class CookieExtension {
    static final HandshakeProducer chNetworkProducer =
            new CHCookieProducer();
    static final ExtensionConsumer chOnLoadConsumer =
            new CHCookieConsumer();
    static final HandshakeConsumer chOnTradeConsumer =
            new CHCookieUpdate();

    static final HandshakeProducer hrrNetworkProducer =
            new HRRCookieProducer();
    static final ExtensionConsumer hrrOnLoadConsumer =
            new HRRCookieConsumer();

    static final HandshakeProducer hrrNetworkReproducer =
            new HRRCookieReproducer();

    static final CookieStringizer cookieStringizer =
            new CookieStringizer();

    /**
     * The "cookie" extension.
     */
    static class CookieSpec implements SSLExtensionSpec {
        final byte[] cookie;

        private CookieSpec(ByteBuffer m) throws IOException {
            // opaque cookie<1..2^16-1>;
            if (m.remaining() < 3) {
                throw new SSLProtocolException(
                    "Invalid cookie extension: insufficient data");
            }

            this.cookie = Record.getBytes16(m);
        }

        @Override
        public String toString() {
            MessageFormat messageFormat = new MessageFormat(
                    "\"cookie\": '{'\n" +
                    "{0}\n" +
                    "'}',", Locale.ENGLISH);
            HexDumpEncoder hexEncoder = new HexDumpEncoder();
            Object[] messageFields = {
                Utilities.indent(hexEncoder.encode(cookie))
            };

            return messageFormat.format(messageFields);
        }
    }

    private static final class CookieStringizer implements SSLStringizer {
        @Override
        public String toString(ByteBuffer buffer) {
            try {
                return (new CookieSpec(buffer)).toString();
            } catch (IOException ioe) {
                // For debug logging only, so please swallow exceptions.
                return ioe.getMessage();
            }
        }
    }

    private static final
            class CHCookieProducer implements HandshakeProducer {
        // Prevent instantiation of this class.
        private CHCookieProducer() {
            // blank
        }

        @Override
        public byte[] produce(ConnectionContext context,
                HandshakeMessage message) throws IOException {
            ClientHandshakeContext chc = (ClientHandshakeContext) context;

            // Is it a supported and enabled extension?
            if (!chc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                            "Ignore unavailable cookie extension");
                }
                return null;
            }

            // response to an HelloRetryRequest cookie
            CookieSpec spec = (CookieSpec)chc.handshakeExtensions.get(
                    SSLExtension.HRR_COOKIE);

            if (spec != null &&
                    spec.cookie != null && spec.cookie.length != 0) {
                byte[] extData = new byte[spec.cookie.length + 2];
                ByteBuffer m = ByteBuffer.wrap(extData);
                Record.putBytes16(m, spec.cookie);
                return extData;
            }

            return null;
        }
    }

    private static final
            class CHCookieConsumer implements ExtensionConsumer {
        // Prevent instantiation of this class.
        private CHCookieConsumer() {
            // blank
        }

        @Override
        public void consume(ConnectionContext context,
            HandshakeMessage message, ByteBuffer buffer) throws IOException {
            // The consuming happens in server side only.
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

            // Is it a supported and enabled extension?
            if (!shc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                            "Ignore unavailable cookie extension");
                }
                return;     // ignore the extension
            }

            CookieSpec spec;
            try {
                spec = new CookieSpec(buffer);
            } catch (IOException ioe) {
                throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
            }

            shc.handshakeExtensions.put(SSLExtension.CH_COOKIE, spec);

            // No impact on session resumption.
            //
            // Note that the protocol version negotiation happens before the
            // session resumption negotiation.  And the session resumption
            // negotiation depends on the negotiated protocol version.
        }
    }

    private static final
            class CHCookieUpdate implements HandshakeConsumer {
        // Prevent instantiation of this class.
        private CHCookieUpdate() {
            // blank
        }

        @Override
        public void consume(ConnectionContext context,
                HandshakeMessage message) throws IOException {
            // The consuming happens in server side only.
            ServerHandshakeContext shc = (ServerHandshakeContext)context;
            ClientHelloMessage clientHello = (ClientHelloMessage)message;

            CookieSpec spec = (CookieSpec)
                    shc.handshakeExtensions.get(SSLExtension.CH_COOKIE);
            if (spec == null) {
                // Ignore, no "cookie" extension requested.
                return;
            }

            HelloCookieManager hcm =
                shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol);
            if (!hcm.isCookieValid(shc, clientHello, spec.cookie)) {
                throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                        "unrecognized cookie");
            }
        }
    }

    private static final
            class HRRCookieProducer implements HandshakeProducer {
        // Prevent instantiation of this class.
        private HRRCookieProducer() {
            // blank
        }

        @Override
        public byte[] produce(ConnectionContext context,
                HandshakeMessage message) throws IOException {
            // The producing happens in server side only.
            ServerHandshakeContext shc = (ServerHandshakeContext)context;
            ServerHelloMessage hrrm = (ServerHelloMessage)message;

            // Is it a supported and enabled extension?
            if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                            "Ignore unavailable cookie extension");
                }
                return null;
            }

            HelloCookieManager hcm =
                shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol);

            byte[] cookie = hcm.createCookie(shc, hrrm.clientHello);

            byte[] extData = new byte[cookie.length + 2];
            ByteBuffer m = ByteBuffer.wrap(extData);
            Record.putBytes16(m, cookie);

            return extData;
        }
    }

    private static final
            class HRRCookieConsumer implements ExtensionConsumer {
        // Prevent instantiation of this class.
        private HRRCookieConsumer() {
            // blank
        }

        @Override
        public void consume(ConnectionContext context,
            HandshakeMessage message, ByteBuffer buffer) throws IOException {
            // The consuming happens in client side only.
            ClientHandshakeContext chc = (ClientHandshakeContext)context;

            // Is it a supported and enabled extension?
            if (!chc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                            "Ignore unavailable cookie extension");
                }
                return;     // ignore the extension
            }

            CookieSpec spec;
            try {
                spec = new CookieSpec(buffer);
            } catch (IOException ioe) {
                throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
            }

            chc.handshakeExtensions.put(SSLExtension.HRR_COOKIE, spec);
        }
    }

    private static final
            class HRRCookieReproducer implements HandshakeProducer {
        // Prevent instantiation of this class.
        private HRRCookieReproducer() {
            // blank
        }

        @Override
        public byte[] produce(ConnectionContext context,
                HandshakeMessage message) throws IOException {
            // The producing happens in server side only.
            ServerHandshakeContext shc = (ServerHandshakeContext) context;

            // Is it a supported and enabled extension?
            if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                            "Ignore unavailable cookie extension");
                }
                return null;
            }

            // copy of the ClientHello cookie
            CookieSpec spec = (CookieSpec)shc.handshakeExtensions.get(
                    SSLExtension.CH_COOKIE);

            if (spec != null &&
                    spec.cookie != null && spec.cookie.length != 0) {
                byte[] extData = new byte[spec.cookie.length + 2];
                ByteBuffer m = ByteBuffer.wrap(extData);
                Record.putBytes16(m, spec.cookie);
                return extData;
            }

            return null;
        }
    }
}