/*
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ssl;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.text.MessageFormat;
import java.util.Locale;
import javax.net.ssl.SSLProtocolException;
import static sun.security.ssl.SSLExtension.CH_SUPPORTED_VERSIONS;
import sun.security.ssl.SSLExtension.ExtensionConsumer;
import static sun.security.ssl.SSLExtension.HRR_SUPPORTED_VERSIONS;
import static sun.security.ssl.SSLExtension.SH_SUPPORTED_VERSIONS;
import sun.security.ssl.SSLExtension.SSLExtensionSpec;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
/**
* Pack of the "supported_versions" extensions.
*/
final class SupportedVersionsExtension {
static final HandshakeProducer chNetworkProducer =
new CHSupportedVersionsProducer();
static final ExtensionConsumer chOnLoadConcumer =
new CHSupportedVersionsConsumer();
static final SSLStringize chStringize =
new CHSupportedVersionsStringize();
static final HandshakeProducer shNetworkProducer =
new SHSupportedVersionsProducer();
static final ExtensionConsumer shOnLoadConcumer =
new SHSupportedVersionsConsumer();
static final SSLStringize shStringize =
new SHSupportedVersionsStringize();
static final HandshakeProducer hrrNetworkProducer =
new HRRSupportedVersionsProducer();
static final ExtensionConsumer hrrOnLoadConcumer =
new HRRSupportedVersionsConsumer();
static final HandshakeProducer hrrReproducer =
new HRRSupportedVersionsReproducer();
static final SSLStringize hrrStringize =
new SHSupportedVersionsStringize();
/**
* The "supported_versions" extension in ClientHello.
*/
static final class CHSupportedVersionsSpec implements SSLExtensionSpec {
final int[] requestedProtocols;
private CHSupportedVersionsSpec(int[] requestedProtocols) {
this.requestedProtocols = requestedProtocols;
}
private CHSupportedVersionsSpec(ByteBuffer m) throws IOException {
if (m.remaining() < 3) { // 1: the length of the list
// +2: one version at least
throw new SSLProtocolException(
"Invalid supported_versions extension: insufficient data");
}
byte[] vbs = Record.getBytes8(m); // Get the version bytes.
if (m.hasRemaining()) {
throw new SSLProtocolException(
"Invalid supported_versions extension: unknown extra data");
}
if (vbs == null || vbs.length == 0 || (vbs.length & 0x01) != 0) {
throw new SSLProtocolException(
"Invalid supported_versions extension: incomplete data");
}
int[] protocols = new int[vbs.length >> 1];
for (int i = 0, j = 0; i < vbs.length;) {
byte major = vbs[i++];
byte minor = vbs[i++];
protocols[j++] = ((major & 0xFF) << 8) | (minor & 0xFF);
}
this.requestedProtocols = protocols;
}
@Override
public String toString() {
MessageFormat messageFormat = new MessageFormat(
"\"versions\": '['{0}']'", Locale.ENGLISH);
if (requestedProtocols == null || requestedProtocols.length == 0) {
Object[] messageFields = {
"<no supported version specified>"
};
return messageFormat.format(messageFields);
} else {
StringBuilder builder = new StringBuilder(512);
boolean isFirst = true;
for (int pv : requestedProtocols) {
if (isFirst) {
isFirst = false;
} else {
builder.append(", ");
}
builder.append(ProtocolVersion.nameOf(pv));
}
Object[] messageFields = {
builder.toString()
};
return messageFormat.format(messageFields);
}
}
}
private static final
class CHSupportedVersionsStringize implements SSLStringize {
@Override
public String toString(ByteBuffer buffer) {
try {
return (new CHSupportedVersionsSpec(buffer)).toString();
} catch (IOException ioe) {
// For debug logging only, so please swallow exceptions.
return ioe.getMessage();
}
}
}
/**
* Network data producer of a "supported_versions" extension in ClientHello.
*/
private static final
class CHSupportedVersionsProducer implements HandshakeProducer {
// Prevent instantiation of this class.
private CHSupportedVersionsProducer() {
// blank
}
@Override
public byte[] produce(ConnectionContext context,
HandshakeMessage message) throws IOException {
// The producing happens in client side only.
ClientHandshakeContext chc = (ClientHandshakeContext)context;
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
CH_SUPPORTED_VERSIONS.name);
}
return null;
}
// Produce the extension.
//
// The activated protocols are used as the supported versions.
int[] protocols = new int[chc.activeProtocols.size()];
int verLen = protocols.length * 2;
byte[] extData = new byte[verLen + 1]; // 1: versions length
extData[0] = (byte)(verLen & 0xFF);
int i = 0, j = 1;
for (ProtocolVersion pv : chc.activeProtocols) {
protocols[i++] = pv.id;
extData[j++] = pv.major;
extData[j++] = pv.minor;
}
// Update the context.
chc.handshakeExtensions.put(CH_SUPPORTED_VERSIONS,
new CHSupportedVersionsSpec(protocols));
return extData;
}
}
/**
* Network data consumer of a "supported_versions" extension in ClientHello.
*/
private static final
class CHSupportedVersionsConsumer implements ExtensionConsumer {
// Prevent instantiation of this class.
private CHSupportedVersionsConsumer() {
// blank
}
@Override
public void consume(ConnectionContext context,
HandshakeMessage message, ByteBuffer buffer) throws IOException {
// The comsuming happens in server side only.
ServerHandshakeContext shc = (ServerHandshakeContext)context;
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(CH_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
CH_SUPPORTED_VERSIONS.name);
}
return; // ignore the extension
}
// Parse the extension.
CHSupportedVersionsSpec spec;
try {
spec = new CHSupportedVersionsSpec(buffer);
} catch (IOException ioe) {
shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
return; // fatal() always throws, make the compiler happy.
}
// Update the context.
shc.handshakeExtensions.put(CH_SUPPORTED_VERSIONS, spec);
// No impact on session resumption.
//
// Note that the protocol version negotiation happens before the
// session resumption negotiation. And the session resumption
// negotiation depends on the negotiated protocol version.
}
}
/**
* The "supported_versions" extension in ServerHello and HelloRetryRequest.
*/
static final class SHSupportedVersionsSpec implements SSLExtensionSpec {
final int selectedVersion;
private SHSupportedVersionsSpec(ProtocolVersion selectedVersion) {
this.selectedVersion = selectedVersion.id;
}
private SHSupportedVersionsSpec(ByteBuffer m) throws IOException {
if (m.remaining() != 2) { // 2: the selected version
throw new SSLProtocolException(
"Invalid supported_versions: insufficient data");
}
byte major = m.get();
byte minor = m.get();
this.selectedVersion = ((major & 0xFF) << 8) | (minor & 0xFF);
}
@Override
public String toString() {
MessageFormat messageFormat = new MessageFormat(
"\"selected version\": '['{0}']'", Locale.ENGLISH);
Object[] messageFields = {
ProtocolVersion.nameOf(selectedVersion)
};
return messageFormat.format(messageFields);
}
}
private static final
class SHSupportedVersionsStringize implements SSLStringize {
@Override
public String toString(ByteBuffer buffer) {
try {
return (new SHSupportedVersionsSpec(buffer)).toString();
} catch (IOException ioe) {
// For debug logging only, so please swallow exceptions.
return ioe.getMessage();
}
}
}
/**
* Network data producer of a "supported_versions" extension in ServerHello.
*/
private static final
class SHSupportedVersionsProducer implements HandshakeProducer {
// Prevent instantiation of this class.
private SHSupportedVersionsProducer() {
// blank
}
@Override
public byte[] produce(ConnectionContext context,
HandshakeMessage message) throws IOException {
// The producing happens in server side only.
ServerHandshakeContext shc = (ServerHandshakeContext)context;
// In response to supported_versions request only
CHSupportedVersionsSpec svs = (CHSupportedVersionsSpec)
shc.handshakeExtensions.get(CH_SUPPORTED_VERSIONS);
if (svs == null) {
// Unlikely, no key_share extension requested.
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning(
"Ignore unavailable supported_versions extension");
}
return null;
}
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
SH_SUPPORTED_VERSIONS.name);
}
return null;
}
// Produce the extension.
byte[] extData = new byte[2];
extData[0] = shc.negotiatedProtocol.major;
extData[1] = shc.negotiatedProtocol.minor;
// Update the context.
shc.handshakeExtensions.put(SH_SUPPORTED_VERSIONS,
new SHSupportedVersionsSpec(shc.negotiatedProtocol));
return extData;
}
}
/**
* Network data consumer of a "supported_versions" extension in ServerHello.
*/
private static final
class SHSupportedVersionsConsumer implements ExtensionConsumer {
// Prevent instantiation of this class.
private SHSupportedVersionsConsumer() {
// blank
}
@Override
public void consume(ConnectionContext context,
HandshakeMessage message, ByteBuffer buffer) throws IOException {
// The comsuming happens in client side only.
ClientHandshakeContext chc = (ClientHandshakeContext)context;
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(SH_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
SH_SUPPORTED_VERSIONS.name);
}
return; // ignore the extension
}
// Parse the extension.
SHSupportedVersionsSpec spec;
try {
spec = new SHSupportedVersionsSpec(buffer);
} catch (IOException ioe) {
chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
return; // fatal() always throws, make the compiler happy.
}
// Update the context.
chc.handshakeExtensions.put(SH_SUPPORTED_VERSIONS, spec);
// No impact on session resumption.
//
// Note that the protocol version negotiation happens before the
// session resumption negotiation. And the session resumption
// negotiation depends on the negotiated protocol version.
}
}
/**
* Network data producer of a "supported_versions" extension in
* HelloRetryRequest.
*/
private static final
class HRRSupportedVersionsProducer implements HandshakeProducer {
// Prevent instantiation of this class.
private HRRSupportedVersionsProducer() {
// blank
}
@Override
public byte[] produce(ConnectionContext context,
HandshakeMessage message) throws IOException {
// The producing happens in server side only.
ServerHandshakeContext shc = (ServerHandshakeContext)context;
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
HRR_SUPPORTED_VERSIONS.name);
}
return null;
}
// Produce the extension.
byte[] extData = new byte[2];
extData[0] = shc.negotiatedProtocol.major;
extData[1] = shc.negotiatedProtocol.minor;
// Update the context.
shc.handshakeExtensions.put(HRR_SUPPORTED_VERSIONS,
new SHSupportedVersionsSpec(shc.negotiatedProtocol));
return extData;
}
}
/**
* Network data consumer of a "supported_versions" extension in
* HelloRetryRequest.
*/
private static final
class HRRSupportedVersionsConsumer implements ExtensionConsumer {
// Prevent instantiation of this class.
private HRRSupportedVersionsConsumer() {
// blank
}
@Override
public void consume(ConnectionContext context,
HandshakeMessage message, ByteBuffer buffer) throws IOException {
// The comsuming happens in client side only.
ClientHandshakeContext chc = (ClientHandshakeContext)context;
// Is it a supported and enabled extension?
if (!chc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"Ignore unavailable extension: " +
HRR_SUPPORTED_VERSIONS.name);
}
return; // ignore the extension
}
// Parse the extension.
SHSupportedVersionsSpec spec;
try {
spec = new SHSupportedVersionsSpec(buffer);
} catch (IOException ioe) {
chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
return; // fatal() always throws, make the compiler happy.
}
// Update the context.
chc.handshakeExtensions.put(HRR_SUPPORTED_VERSIONS, spec);
// No impact on session resumption.
//
// Note that the protocol version negotiation happens before the
// session resumption negotiation. And the session resumption
// negotiation depends on the negotiated protocol version.
}
}
/**
* Network data producer of a "supported_versions" extension for stateless
* HelloRetryRequest reconstruction.
*/
private static final
class HRRSupportedVersionsReproducer implements HandshakeProducer {
// Prevent instantiation of this class.
private HRRSupportedVersionsReproducer() {
// blank
}
@Override
public byte[] produce(ConnectionContext context,
HandshakeMessage message) throws IOException {
// The producing happens in server side only.
ServerHandshakeContext shc = (ServerHandshakeContext)context;
// Is it a supported and enabled extension?
if (!shc.sslConfig.isAvailable(HRR_SUPPORTED_VERSIONS)) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
"[Reprocude] Ignore unavailable extension: " +
HRR_SUPPORTED_VERSIONS.name);
}
return null;
}
// Produce the extension.
byte[] extData = new byte[2];
extData[0] = shc.negotiatedProtocol.major;
extData[1] = shc.negotiatedProtocol.minor;
return extData;
}
}
}