8148188: Enhance the security libraries to record events of interest

Reviewed-by: egahlin, mullan, weijun, xuelei
2025-08-28 07:14:30 +02:00 · 2018-11-20 13:12:48 +00:00 · 2018-11-20 13:12:48 +00:00 · 73ad9c4a00
commit 73ad9c4a00
parent dc260a5369
35 changed files with 2617 additions and 8 deletions
--- a/src/java.base/share/classes/sun/security/ssl/Finished.java
+++ b/src/java.base/share/classes/sun/security/ssl/Finished.java
@ -40,6 +40,10 @@ import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
+import javax.net.ssl.SSLPeerUnverifiedException;
+
+import jdk.internal.event.EventHelper;
+import jdk.internal.event.TLSHandshakeEvent;
 import sun.security.internal.spec.TlsPrfParameterSpec;
 import sun.security.ssl.CipherSuite.HashAlg;
 import static sun.security.ssl.CipherSuite.HashAlg.H_NONE;
@ -548,6 +552,7 @@ final class Finished {

                // handshake context cleanup.
                chc.handshakeFinished = true;
+                recordEvent(chc.conContext.conSession);

                // May need to retransmit the last flight for DTLS.
                if (!chc.sslContext.isDTLS()) {
@ -597,6 +602,7 @@ final class Finished {

                // handshake context cleanup.
                shc.handshakeFinished = true;
+                recordEvent(shc.conContext.conSession);

                // May need to retransmit the last flight for DTLS.
                if (!shc.sslContext.isDTLS()) {
@ -730,6 +736,8 @@ final class Finished {
            // handshake context cleanup.
            chc.handshakeFinished = true;
            chc.conContext.finishHandshake();
+            recordEvent(chc.conContext.conSession);
+

            // The handshake message has been delivered.
            return null;
@ -1063,6 +1071,7 @@ final class Finished {
            if (!shc.sslContext.isDTLS()) {
                shc.conContext.finishHandshake();
            }
+            recordEvent(shc.conContext.conSession);

            //
            // produce
@ -1074,4 +1083,35 @@ final class Finished {

        }
    }
+
+    private static void recordEvent(SSLSessionImpl session) {
+        TLSHandshakeEvent event = new TLSHandshakeEvent();
+        if (event.shouldCommit() || EventHelper.isLoggingSecurity()) {
+            int peerCertificateId = 0;
+            try {
+                // use hash code for Id
+                peerCertificateId = session
+                        .getCertificateChain()[0]
+                        .hashCode();
+            } catch (SSLPeerUnverifiedException e) {
+                 // not verified msg
+            }
+            if (event.shouldCommit()) {
+                event.peerHost = session.getPeerHost();
+                event.peerPort = session.getPeerPort();
+                event.cipherSuite = session.getCipherSuite();
+                event.protocolVersion = session.getProtocol();
+                event.certificateId = peerCertificateId;
+                event.commit();
+            }
+            if (EventHelper.isLoggingSecurity()) {
+                EventHelper.logTLSHandshakeEvent(null,
+                                session.getPeerHost(),
+                                session.getPeerPort(),
+                                session.getCipherSuite(),
+                                session.getProtocol(),
+                                peerCertificateId);
+            }
+        }
+    }
 }