equal
deleted
inserted
replaced
47 * Pack of the ClientHello handshake message. |
47 * Pack of the ClientHello handshake message. |
48 */ |
48 */ |
49 final class ClientHello { |
49 final class ClientHello { |
50 static final SSLProducer kickstartProducer = |
50 static final SSLProducer kickstartProducer = |
51 new ClientHelloKickstartProducer(); |
51 new ClientHelloKickstartProducer(); |
52 |
|
53 static final SSLConsumer handshakeConsumer = |
52 static final SSLConsumer handshakeConsumer = |
54 new ClientHelloConsumer(); |
53 new ClientHelloConsumer(); |
55 static final HandshakeProducer handshakeProducer = |
54 static final HandshakeProducer handshakeProducer = |
56 new ClientHelloProducer(); |
55 new ClientHelloProducer(); |
57 |
56 |
189 ((encodedIds[i++] & 0xFF) << 8) | (encodedIds[i] & 0xFF); |
188 ((encodedIds[i++] & 0xFF) << 8) | (encodedIds[i] & 0xFF); |
190 } |
189 } |
191 this.cipherSuites = getCipherSuites(cipherSuiteIds); |
190 this.cipherSuites = getCipherSuites(cipherSuiteIds); |
192 |
191 |
193 this.compressionMethod = Record.getBytes8(m); |
192 this.compressionMethod = Record.getBytes8(m); |
194 // In TLS 1.3, use of certain extensions is mandatory. |
193 // In TLS 1.3, use of certain extensions is mandatory. |
195 if (m.hasRemaining()) { |
194 if (m.hasRemaining()) { |
196 this.extensions = |
195 this.extensions = |
197 new SSLExtensions(this, m, supportedExtensions); |
196 new SSLExtensions(this, m, supportedExtensions); |
198 } else { |
197 } else { |
199 this.extensions = new SSLExtensions(this); |
198 this.extensions = new SSLExtensions(this); |
309 // extensions is mandatory. |
308 // extensions is mandatory. |
310 } |
309 } |
311 |
310 |
312 @Override |
311 @Override |
313 public void send(HandshakeOutStream hos) throws IOException { |
312 public void send(HandshakeOutStream hos) throws IOException { |
314 |
|
315 sendCore(hos); |
313 sendCore(hos); |
316 extensions.send(hos); // In TLS 1.3, use of certain |
314 extensions.send(hos); // In TLS 1.3, use of certain |
317 // extensions is mandatory. |
315 // extensions is mandatory. |
318 } |
316 } |
319 |
317 |
437 if (!session.isRejoinable()) { |
435 if (!session.isRejoinable()) { |
438 session = null; |
436 session = null; |
439 if (SSLLogger.isOn && |
437 if (SSLLogger.isOn && |
440 SSLLogger.isOn("ssl,handshake,verbose")) { |
438 SSLLogger.isOn("ssl,handshake,verbose")) { |
441 SSLLogger.finest( |
439 SSLLogger.finest( |
442 "Can't resume, the sessoin is not rejoinable"); |
440 "Can't resume, the session is not rejoinable"); |
443 } |
441 } |
444 } |
442 } |
445 } |
443 } |
446 |
444 |
447 CipherSuite sessionSuite = null; |
445 CipherSuite sessionSuite = null; |
450 if (!chc.isNegotiable(sessionSuite)) { |
448 if (!chc.isNegotiable(sessionSuite)) { |
451 session = null; |
449 session = null; |
452 if (SSLLogger.isOn && |
450 if (SSLLogger.isOn && |
453 SSLLogger.isOn("ssl,handshake,verbose")) { |
451 SSLLogger.isOn("ssl,handshake,verbose")) { |
454 SSLLogger.finest( |
452 SSLLogger.finest( |
455 "Can't resume, unavailable sessoin cipher suite"); |
453 "Can't resume, unavailable session cipher suite"); |
456 } |
454 } |
457 } |
455 } |
458 } |
456 } |
459 |
457 |
460 ProtocolVersion sessionVersion = null; |
458 ProtocolVersion sessionVersion = null; |
515 if (session != null) { |
513 if (session != null) { |
516 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) { |
514 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) { |
517 SSLLogger.finest("Try resuming session", session); |
515 SSLLogger.finest("Try resuming session", session); |
518 } |
516 } |
519 |
517 |
520 // only set session id if session is 1.2 or earlier |
518 // only set session id if session is 1.2 or earlier |
521 if (!session.getProtocolVersion().useTLS13PlusSpec()) { |
519 if (!session.getProtocolVersion().useTLS13PlusSpec()) { |
522 sessionId = session.getSessionId(); |
520 sessionId = session.getSessionId(); |
523 } |
521 } |
524 if (!maxProtocolVersion.equals(sessionVersion)) { |
522 if (!maxProtocolVersion.equals(sessionVersion)) { |
525 maxProtocolVersion = sessionVersion; |
523 maxProtocolVersion = sessionVersion; |
796 |
794 |
797 private void onClientHello(ServerHandshakeContext context, |
795 private void onClientHello(ServerHandshakeContext context, |
798 ClientHelloMessage clientHello) throws IOException { |
796 ClientHelloMessage clientHello) throws IOException { |
799 // Negotiate protocol version. |
797 // Negotiate protocol version. |
800 // |
798 // |
801 // Check and lanuch SupportedVersions. |
799 // Check and launch SupportedVersions. |
802 SSLExtension[] extTypes = new SSLExtension[] { |
800 SSLExtension[] extTypes = new SSLExtension[] { |
803 SSLExtension.CH_SUPPORTED_VERSIONS |
801 SSLExtension.CH_SUPPORTED_VERSIONS |
804 }; |
802 }; |
805 clientHello.extensions.consumeOnLoad(context, extTypes); |
803 clientHello.extensions.consumeOnLoad(context, extTypes); |
806 |
804 |
963 if (!resumingSession) { |
961 if (!resumingSession) { |
964 if (SSLLogger.isOn && |
962 if (SSLLogger.isOn && |
965 SSLLogger.isOn("ssl,handshake,verbose")) { |
963 SSLLogger.isOn("ssl,handshake,verbose")) { |
966 SSLLogger.finest( |
964 SSLLogger.finest( |
967 "Can't resume, " + |
965 "Can't resume, " + |
968 "the existing sessoin is not rejoinable"); |
966 "the existing session is not rejoinable"); |
969 } |
967 } |
970 } |
968 } |
971 // Validate the negotiated protocol version. |
969 // Validate the negotiated protocol version. |
972 if (resumingSession) { |
970 if (resumingSession) { |
973 ProtocolVersion sessionProtocol = |
971 ProtocolVersion sessionProtocol = |
983 } |
981 } |
984 |
982 |
985 // Validate the required client authentication. |
983 // Validate the required client authentication. |
986 if (resumingSession && |
984 if (resumingSession && |
987 (shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) { |
985 (shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) { |
988 |
|
989 try { |
986 try { |
990 previous.getPeerPrincipal(); |
987 previous.getPeerPrincipal(); |
991 } catch (SSLPeerUnverifiedException e) { |
988 } catch (SSLPeerUnverifiedException e) { |
992 resumingSession = false; |
989 resumingSession = false; |
993 if (SSLLogger.isOn && |
990 if (SSLLogger.isOn && |
1236 if (!resumingSession) { |
1233 if (!resumingSession) { |
1237 if (SSLLogger.isOn && |
1234 if (SSLLogger.isOn && |
1238 SSLLogger.isOn("ssl,handshake,verbose")) { |
1235 SSLLogger.isOn("ssl,handshake,verbose")) { |
1239 SSLLogger.finest( |
1236 SSLLogger.finest( |
1240 "Can't resume, " + |
1237 "Can't resume, " + |
1241 "the existing sessoin is not rejoinable"); |
1238 "the existing session is not rejoinable"); |
1242 } |
1239 } |
1243 } |
1240 } |
1244 // Validate the negotiated protocol version. |
1241 // Validate the negotiated protocol version. |
1245 if (resumingSession) { |
1242 if (resumingSession) { |
1246 ProtocolVersion sessionProtocol = |
1243 ProtocolVersion sessionProtocol = |