src/java.base/share/classes/sun/security/ssl/SupportedVersionsExtension.java
author wetmore
Fri, 11 May 2018 15:53:12 -0700
branchJDK-8145252-TLS13-branch
changeset 56542 56aaa6cb3693
child 56704 c3ee22c3a0f6
permissions -rw-r--r--
Initial TLSv1.3 Implementation

/*
 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.text.MessageFormat;
import java.util.Locale;
import javax.net.ssl.SSLProtocolException;
import static sun.security.ssl.SSLExtension.CH_SUPPORTED_VERSIONS;
import sun.security.ssl.SSLExtension.ExtensionConsumer;
import static sun.security.ssl.SSLExtension.HRR_SUPPORTED_VERSIONS;
import static sun.security.ssl.SSLExtension.SH_SUPPORTED_VERSIONS;
import sun.security.ssl.SSLExtension.SSLExtensionSpec;
import sun.security.ssl.SSLHandshake.HandshakeMessage;

/**
 * Pack of the "supported_versions" extensions.
 */
final class SupportedVersionsExtension {
    static final HandshakeProducer chNetworkProducer =
            new CHSupportedVersionsProducer();
    static final ExtensionConsumer chOnLoadConcumer =
            new CHSupportedVersionsConsumer();
    static final SSLStringize chStringize =
            new CHSupportedVersionsStringize();

    static final HandshakeProducer shNetworkProducer =
            new SHSupportedVersionsProducer();
    static final ExtensionConsumer shOnLoadConcumer =
            new SHSupportedVersionsConsumer();
    static final SSLStringize shStringize =
            new SHSupportedVersionsStringize();

    static final HandshakeProducer hrrNetworkProducer =
            new HRRSupportedVersionsProducer();
    static final ExtensionConsumer hrrOnLoadConcumer =
            new HRRSupportedVersionsConsumer();
    static final HandshakeProducer hrrReproducer =
            new HRRSupportedVersionsReproducer();
    static final SSLStringize hrrStringize =
            new SHSupportedVersionsStringize();
    /**
     * The "supported_versions" extension in ClientHello.
     */
    static final class CHSupportedVersionsSpec implements SSLExtensionSpec {
        final int[] requestedProtocols;

        private CHSupportedVersionsSpec(int[] requestedProtocols) {
            this.requestedProtocols = requestedProtocols;
        }

        private CHSupportedVersionsSpec(ByteBuffer m) throws IOException  {
            if (m.remaining() < 3) {        //  1: the length of the list
                                            // +2: one version at least
                throw new SSLProtocolException(
                    "Invalid supported_versions extension: insufficient data");
            }

            byte[] vbs = Record.getBytes8(m);   // Get the version bytes.
            if (m.hasRemaining()) {
                throw new SSLProtocolException(
                    "Invalid supported_versions extension: unknown extra data");
            }

            if (vbs == null || vbs.length == 0 || (vbs.length & 0x01) != 0) {
                throw new SSLProtocolException(
                    "Invalid supported_versions extension: incomplete data");
            }

            int[] protocols = new int[vbs.length >> 1];
            for (int i = 0, j = 0; i < vbs.length;) {
                byte major = vbs[i++];
                byte minor = vbs[i++];
                protocols[j++] = ((major & 0xFF) << 8) | (minor & 0xFF);
            }

            this.requestedProtocols = protocols;
        }

        @Override
        public String toString() {
            MessageFormat messageFormat = new MessageFormat(
                "\"versions\": '['{0}']'", Locale.ENGLISH);

            if (requestedProtocols == null || requestedProtocols.length == 0) {
                Object[] messageFields = {
                        "<no supported version specified>"
                    };
                return messageFormat.format(messageFields);
            } else {
                StringBuilder builder = new StringBuilder(512);
                boolean isFirst = true;
                for (int pv : requestedProtocols) {
                    if (isFirst) {
                        isFirst = false;
                    } else {
                        builder.append(", ");
                    }

                    builder.append(ProtocolVersion.nameOf(pv));
                }

                Object[] messageFields = {
                        builder.toString()
                    };

                return messageFormat.format(messageFields);
            }
        }
    }

    private static final
            class CHSupportedVersionsStringize implements SSLStringize {
        @Override
        public String toString(ByteBuffer buffer) {
            try {
                return (new CHSupportedVersionsSpec(buffer)).toString();
            } catch (IOException ioe) {
                // For debug logging only, so please swallow exceptions.
                return ioe.getMessage();
            }
        }
    }

    /**
     * Network data producer of a "supported_versions" extension in ClientHello.
     */
    private static final
            class CHSupportedVersionsProducer implements HandshakeProducer {
        // Prevent instantiation of this class.
        private CHSupportedVersionsProducer() {
            // blank
        }

        @Override
        public byte[] produce(ConnectionContext context,
                HandshakeMessage message) throws IOException {
            // The producing happens in client side only.
            ClientHandshakeContext chc = (ClientHandshakeContext)context;

            // Is it a supported and enabled extension?
            if (!chc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                        "Ignore unavailable extension: " +
                        CH_SUPPORTED_VERSIONS.name);
                }
                return null;
            }

            // Produce the extension.
            //
            // The activated protocols are used as the supported versions.
            int[] protocols = new int[chc.activeProtocols.size()];
            int verLen = protocols.length * 2;
            byte[] extData = new byte[verLen + 1];      // 1: versions length
            extData[0] = (byte)(verLen & 0xFF);
            int i = 0, j = 1;
            for (ProtocolVersion pv : chc.activeProtocols) {
                protocols[i++] = pv.id;
                extData[j++] = pv.major;
                extData[j++] = pv.minor;
            }

            // Update the context.
            chc.handshakeExtensions.put(CH_SUPPORTED_VERSIONS,
                    new CHSupportedVersionsSpec(protocols));

            return extData;
        }
    }

    /**
     * Network data consumer of a "supported_versions" extension in ClientHello.
     */
    private static final
            class CHSupportedVersionsConsumer implements ExtensionConsumer {
        // Prevent instantiation of this class.
        private CHSupportedVersionsConsumer() {
            // blank
        }

        @Override
        public void consume(ConnectionContext context,
            HandshakeMessage message, ByteBuffer buffer) throws IOException {
            // The comsuming happens in server side only.
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

            // Is it a supported and enabled extension?
            if (!shc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                        "Ignore unavailable extension: " +
                        CH_SUPPORTED_VERSIONS.name);
                }
                return;     // ignore the extension
            }

            // Parse the extension.
            CHSupportedVersionsSpec spec;
            try {
                spec = new CHSupportedVersionsSpec(buffer);
            } catch (IOException ioe) {
                shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
                return;     // fatal() always throws, make the compiler happy.
            }

            // Update the context.
            shc.handshakeExtensions.put(CH_SUPPORTED_VERSIONS, spec);

            // No impact on session resumption.
            //
            // Note that the protocol version negotiation happens before the
            // session resumption negotiation.  And the session resumption
            // negotiation depends on the negotiated protocol version.
        }
    }

    /**
     * The "supported_versions" extension in ServerHello and HelloRetryRequest.
     */
    static final class SHSupportedVersionsSpec implements SSLExtensionSpec {
        final int selectedVersion;

        private SHSupportedVersionsSpec(ProtocolVersion selectedVersion) {
            this.selectedVersion = selectedVersion.id;
        }

        private SHSupportedVersionsSpec(ByteBuffer m) throws IOException  {
            if (m.remaining() != 2) {       // 2: the selected version
                throw new SSLProtocolException(
                    "Invalid supported_versions: insufficient data");
            }

            byte major = m.get();
            byte minor = m.get();
            this.selectedVersion = ((major & 0xFF) << 8) | (minor & 0xFF);
        }

        @Override
        public String toString() {
            MessageFormat messageFormat = new MessageFormat(
                "\"selected version\": '['{0}']'", Locale.ENGLISH);

            Object[] messageFields = {
                    ProtocolVersion.nameOf(selectedVersion)
                };
            return messageFormat.format(messageFields);
        }
    }

    private static final
            class SHSupportedVersionsStringize implements SSLStringize {
        @Override
        public String toString(ByteBuffer buffer) {
            try {
                return (new SHSupportedVersionsSpec(buffer)).toString();
            } catch (IOException ioe) {
                // For debug logging only, so please swallow exceptions.
                return ioe.getMessage();
            }
        }
    }

    /**
     * Network data producer of a "supported_versions" extension in ServerHello.
     */
    private static final
            class SHSupportedVersionsProducer implements HandshakeProducer {
        // Prevent instantiation of this class.
        private SHSupportedVersionsProducer() {
            // blank
        }

        @Override
        public byte[] produce(ConnectionContext context,
                HandshakeMessage message) throws IOException {
            // The producing happens in server side only.
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

            // In response to supported_versions request only
            CHSupportedVersionsSpec svs = (CHSupportedVersionsSpec)
                    shc.handshakeExtensions.get(CH_SUPPORTED_VERSIONS);
            if (svs == null) {
                // Unlikely, no key_share extension requested.
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.warning(
                            "Ignore unavailable supported_versions extension");
                }
                return null;
            }

            // Is it a supported and enabled extension?
            if (!shc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                        "Ignore unavailable extension: " +
                        SH_SUPPORTED_VERSIONS.name);
                }
                return null;
            }

            // Produce the extension.
            byte[] extData = new byte[2];
            extData[0] = shc.negotiatedProtocol.major;
            extData[1] = shc.negotiatedProtocol.minor;

            // Update the context.
            shc.handshakeExtensions.put(SH_SUPPORTED_VERSIONS,
                    new SHSupportedVersionsSpec(shc.negotiatedProtocol));

            return extData;
        }
    }

    /**
     * Network data consumer of a "supported_versions" extension in ServerHello.
     */
    private static final
            class SHSupportedVersionsConsumer implements ExtensionConsumer {
        // Prevent instantiation of this class.
        private SHSupportedVersionsConsumer() {
            // blank
        }

        @Override
        public void consume(ConnectionContext context,
            HandshakeMessage message, ByteBuffer buffer) throws IOException {
            // The comsuming happens in client side only.
            ClientHandshakeContext chc = (ClientHandshakeContext)context;

            // Is it a supported and enabled extension?
            if (!chc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                        "Ignore unavailable extension: " +
                        SH_SUPPORTED_VERSIONS.name);
                }
                return;     // ignore the extension
            }

            // Parse the extension.
            SHSupportedVersionsSpec spec;
            try {
                spec = new SHSupportedVersionsSpec(buffer);
            } catch (IOException ioe) {
                chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
                return;     // fatal() always throws, make the compiler happy.
            }

            // Update the context.
            chc.handshakeExtensions.put(SH_SUPPORTED_VERSIONS, spec);

            // No impact on session resumption.
            //
            // Note that the protocol version negotiation happens before the
            // session resumption negotiation.  And the session resumption
            // negotiation depends on the negotiated protocol version.
        }
    }

    /**
     * Network data producer of a "supported_versions" extension in
     * HelloRetryRequest.
     */
    private static final
            class HRRSupportedVersionsProducer implements HandshakeProducer {

        // Prevent instantiation of this class.
        private HRRSupportedVersionsProducer() {
            // blank
        }

        @Override
        public byte[] produce(ConnectionContext context,
                HandshakeMessage message) throws IOException {
            // The producing happens in server side only.
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

            // Is it a supported and enabled extension?
            if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                        "Ignore unavailable extension: " +
                        HRR_SUPPORTED_VERSIONS.name);
                }
                return null;
            }

            // Produce the extension.
            byte[] extData = new byte[2];
            extData[0] = shc.negotiatedProtocol.major;
            extData[1] = shc.negotiatedProtocol.minor;

            // Update the context.
            shc.handshakeExtensions.put(HRR_SUPPORTED_VERSIONS,
                    new SHSupportedVersionsSpec(shc.negotiatedProtocol));

            return extData;
        }
    }

    /**
     * Network data consumer of a "supported_versions" extension in
     * HelloRetryRequest.
     */
    private static final
            class HRRSupportedVersionsConsumer implements ExtensionConsumer {

        // Prevent instantiation of this class.
        private HRRSupportedVersionsConsumer() {
            // blank
        }

        @Override
        public void consume(ConnectionContext context,
            HandshakeMessage message, ByteBuffer buffer) throws IOException {

            // The comsuming happens in client side only.
            ClientHandshakeContext chc = (ClientHandshakeContext)context;

            // Is it a supported and enabled extension?
            if (!chc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                        "Ignore unavailable extension: " +
                        HRR_SUPPORTED_VERSIONS.name);
                }
                return;     // ignore the extension
            }

            // Parse the extension.
            SHSupportedVersionsSpec spec;
            try {
                spec = new SHSupportedVersionsSpec(buffer);
            } catch (IOException ioe) {
                chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
                return;     // fatal() always throws, make the compiler happy.
            }

            // Update the context.
            chc.handshakeExtensions.put(HRR_SUPPORTED_VERSIONS, spec);

            // No impact on session resumption.
            //
            // Note that the protocol version negotiation happens before the
            // session resumption negotiation.  And the session resumption
            // negotiation depends on the negotiated protocol version.
        }
    }

    /**
     * Network data producer of a "supported_versions" extension for stateless
     * HelloRetryRequest reconstruction.
     */
    private static final
            class HRRSupportedVersionsReproducer implements HandshakeProducer {
        // Prevent instantiation of this class.
        private HRRSupportedVersionsReproducer() {
            // blank
        }

        @Override
        public byte[] produce(ConnectionContext context,
                HandshakeMessage message) throws IOException {
            // The producing happens in server side only.
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

            // Is it a supported and enabled extension?
            if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine(
                        "[Reprocude] Ignore unavailable extension: " +
                        HRR_SUPPORTED_VERSIONS.name);
                }
                return null;
            }

            // Produce the extension.
            byte[] extData = new byte[2];
            extData[0] = shc.negotiatedProtocol.major;
            extData[1] = shc.negotiatedProtocol.minor;

            return extData;
        }
    }
}