mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-28 15:24:43 +02:00
315 lines
11 KiB
Java
315 lines
11 KiB
Java
/*
|
|
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation. Oracle designates this
|
|
* particular file as subject to the "Classpath" exception as provided
|
|
* by Oracle in the LICENSE file that accompanied this code.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
package sun.security.ssl;
|
|
|
|
import java.io.IOException;
|
|
import java.nio.ByteBuffer;
|
|
import java.text.MessageFormat;
|
|
import java.util.Locale;
|
|
import javax.net.ssl.SSLProtocolException;
|
|
|
|
import sun.security.ssl.ClientHello.ClientHelloMessage;
|
|
import sun.security.ssl.SSLExtension.ExtensionConsumer;
|
|
import sun.security.ssl.SSLHandshake.HandshakeMessage;
|
|
import sun.security.ssl.SSLExtension.SSLExtensionSpec;
|
|
import sun.security.ssl.ServerHello.ServerHelloMessage;
|
|
import sun.security.util.HexDumpEncoder;
|
|
|
|
public class CookieExtension {
|
|
static final HandshakeProducer chNetworkProducer =
|
|
new CHCookieProducer();
|
|
static final ExtensionConsumer chOnLoadConsumer =
|
|
new CHCookieConsumer();
|
|
static final HandshakeConsumer chOnTradeConsumer =
|
|
new CHCookieUpdate();
|
|
|
|
static final HandshakeProducer hrrNetworkProducer =
|
|
new HRRCookieProducer();
|
|
static final ExtensionConsumer hrrOnLoadConsumer =
|
|
new HRRCookieConsumer();
|
|
|
|
static final HandshakeProducer hrrNetworkReproducer =
|
|
new HRRCookieReproducer();
|
|
|
|
static final CookieStringizer cookieStringizer =
|
|
new CookieStringizer();
|
|
|
|
/**
|
|
* The "cookie" extension.
|
|
*/
|
|
static class CookieSpec implements SSLExtensionSpec {
|
|
final byte[] cookie;
|
|
|
|
private CookieSpec(ByteBuffer m) throws IOException {
|
|
// opaque cookie<1..2^16-1>;
|
|
if (m.remaining() < 3) {
|
|
throw new SSLProtocolException(
|
|
"Invalid cookie extension: insufficient data");
|
|
}
|
|
|
|
this.cookie = Record.getBytes16(m);
|
|
}
|
|
|
|
@Override
|
|
public String toString() {
|
|
MessageFormat messageFormat = new MessageFormat(
|
|
"\"cookie\": '{'\n" +
|
|
"{0}\n" +
|
|
"'}',", Locale.ENGLISH);
|
|
HexDumpEncoder hexEncoder = new HexDumpEncoder();
|
|
Object[] messageFields = {
|
|
Utilities.indent(hexEncoder.encode(cookie))
|
|
};
|
|
|
|
return messageFormat.format(messageFields);
|
|
}
|
|
}
|
|
|
|
private static final class CookieStringizer implements SSLStringizer {
|
|
@Override
|
|
public String toString(ByteBuffer buffer) {
|
|
try {
|
|
return (new CookieSpec(buffer)).toString();
|
|
} catch (IOException ioe) {
|
|
// For debug logging only, so please swallow exceptions.
|
|
return ioe.getMessage();
|
|
}
|
|
}
|
|
}
|
|
|
|
private static final
|
|
class CHCookieProducer implements HandshakeProducer {
|
|
// Prevent instantiation of this class.
|
|
private CHCookieProducer() {
|
|
// blank
|
|
}
|
|
|
|
@Override
|
|
public byte[] produce(ConnectionContext context,
|
|
HandshakeMessage message) throws IOException {
|
|
ClientHandshakeContext chc = (ClientHandshakeContext) context;
|
|
|
|
// Is it a supported and enabled extension?
|
|
if (!chc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
|
|
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
|
|
SSLLogger.fine(
|
|
"Ignore unavailable cookie extension");
|
|
}
|
|
return null;
|
|
}
|
|
|
|
// response to an HelloRetryRequest cookie
|
|
CookieSpec spec = (CookieSpec)chc.handshakeExtensions.get(
|
|
SSLExtension.HRR_COOKIE);
|
|
|
|
if (spec != null &&
|
|
spec.cookie != null && spec.cookie.length != 0) {
|
|
byte[] extData = new byte[spec.cookie.length + 2];
|
|
ByteBuffer m = ByteBuffer.wrap(extData);
|
|
Record.putBytes16(m, spec.cookie);
|
|
return extData;
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}
|
|
|
|
private static final
|
|
class CHCookieConsumer implements ExtensionConsumer {
|
|
// Prevent instantiation of this class.
|
|
private CHCookieConsumer() {
|
|
// blank
|
|
}
|
|
|
|
@Override
|
|
public void consume(ConnectionContext context,
|
|
HandshakeMessage message, ByteBuffer buffer) throws IOException {
|
|
// The consuming happens in server side only.
|
|
ServerHandshakeContext shc = (ServerHandshakeContext)context;
|
|
|
|
// Is it a supported and enabled extension?
|
|
if (!shc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
|
|
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
|
|
SSLLogger.fine(
|
|
"Ignore unavailable cookie extension");
|
|
}
|
|
return; // ignore the extension
|
|
}
|
|
|
|
CookieSpec spec;
|
|
try {
|
|
spec = new CookieSpec(buffer);
|
|
} catch (IOException ioe) {
|
|
throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
|
|
}
|
|
|
|
shc.handshakeExtensions.put(SSLExtension.CH_COOKIE, spec);
|
|
|
|
// No impact on session resumption.
|
|
//
|
|
// Note that the protocol version negotiation happens before the
|
|
// session resumption negotiation. And the session resumption
|
|
// negotiation depends on the negotiated protocol version.
|
|
}
|
|
}
|
|
|
|
private static final
|
|
class CHCookieUpdate implements HandshakeConsumer {
|
|
// Prevent instantiation of this class.
|
|
private CHCookieUpdate() {
|
|
// blank
|
|
}
|
|
|
|
@Override
|
|
public void consume(ConnectionContext context,
|
|
HandshakeMessage message) throws IOException {
|
|
// The consuming happens in server side only.
|
|
ServerHandshakeContext shc = (ServerHandshakeContext)context;
|
|
ClientHelloMessage clientHello = (ClientHelloMessage)message;
|
|
|
|
CookieSpec spec = (CookieSpec)
|
|
shc.handshakeExtensions.get(SSLExtension.CH_COOKIE);
|
|
if (spec == null) {
|
|
// Ignore, no "cookie" extension requested.
|
|
return;
|
|
}
|
|
|
|
HelloCookieManager hcm =
|
|
shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol);
|
|
if (!hcm.isCookieValid(shc, clientHello, spec.cookie)) {
|
|
throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
|
|
"unrecognized cookie");
|
|
}
|
|
}
|
|
}
|
|
|
|
private static final
|
|
class HRRCookieProducer implements HandshakeProducer {
|
|
// Prevent instantiation of this class.
|
|
private HRRCookieProducer() {
|
|
// blank
|
|
}
|
|
|
|
@Override
|
|
public byte[] produce(ConnectionContext context,
|
|
HandshakeMessage message) throws IOException {
|
|
// The producing happens in server side only.
|
|
ServerHandshakeContext shc = (ServerHandshakeContext)context;
|
|
ServerHelloMessage hrrm = (ServerHelloMessage)message;
|
|
|
|
// Is it a supported and enabled extension?
|
|
if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
|
|
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
|
|
SSLLogger.fine(
|
|
"Ignore unavailable cookie extension");
|
|
}
|
|
return null;
|
|
}
|
|
|
|
HelloCookieManager hcm =
|
|
shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol);
|
|
|
|
byte[] cookie = hcm.createCookie(shc, hrrm.clientHello);
|
|
|
|
byte[] extData = new byte[cookie.length + 2];
|
|
ByteBuffer m = ByteBuffer.wrap(extData);
|
|
Record.putBytes16(m, cookie);
|
|
|
|
return extData;
|
|
}
|
|
}
|
|
|
|
private static final
|
|
class HRRCookieConsumer implements ExtensionConsumer {
|
|
// Prevent instantiation of this class.
|
|
private HRRCookieConsumer() {
|
|
// blank
|
|
}
|
|
|
|
@Override
|
|
public void consume(ConnectionContext context,
|
|
HandshakeMessage message, ByteBuffer buffer) throws IOException {
|
|
// The consuming happens in client side only.
|
|
ClientHandshakeContext chc = (ClientHandshakeContext)context;
|
|
|
|
// Is it a supported and enabled extension?
|
|
if (!chc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
|
|
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
|
|
SSLLogger.fine(
|
|
"Ignore unavailable cookie extension");
|
|
}
|
|
return; // ignore the extension
|
|
}
|
|
|
|
CookieSpec spec;
|
|
try {
|
|
spec = new CookieSpec(buffer);
|
|
} catch (IOException ioe) {
|
|
throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
|
|
}
|
|
|
|
chc.handshakeExtensions.put(SSLExtension.HRR_COOKIE, spec);
|
|
}
|
|
}
|
|
|
|
private static final
|
|
class HRRCookieReproducer implements HandshakeProducer {
|
|
// Prevent instantiation of this class.
|
|
private HRRCookieReproducer() {
|
|
// blank
|
|
}
|
|
|
|
@Override
|
|
public byte[] produce(ConnectionContext context,
|
|
HandshakeMessage message) throws IOException {
|
|
// The producing happens in server side only.
|
|
ServerHandshakeContext shc = (ServerHandshakeContext) context;
|
|
|
|
// Is it a supported and enabled extension?
|
|
if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
|
|
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
|
|
SSLLogger.fine(
|
|
"Ignore unavailable cookie extension");
|
|
}
|
|
return null;
|
|
}
|
|
|
|
// copy of the ClientHello cookie
|
|
CookieSpec spec = (CookieSpec)shc.handshakeExtensions.get(
|
|
SSLExtension.CH_COOKIE);
|
|
|
|
if (spec != null &&
|
|
spec.cookie != null && spec.cookie.length != 0) {
|
|
byte[] extData = new byte[spec.cookie.length + 2];
|
|
ByteBuffer m = ByteBuffer.wrap(extData);
|
|
Record.putBytes16(m, spec.cookie);
|
|
return extData;
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}
|
|
}
|