Back to index...

	/*
	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package sun.security.ssl;

	import java.io.IOException;
	import java.nio.ByteBuffer;
	import java.text.MessageFormat;
	import java.util.Locale;
	import javax.net.ssl.SSLProtocolException;

	import sun.security.ssl.ClientHello.ClientHelloMessage;
	import sun.security.ssl.SSLExtension.ExtensionConsumer;
	import sun.security.ssl.SSLHandshake.HandshakeMessage;
	import sun.security.ssl.SSLExtension.SSLExtensionSpec;
	import sun.security.ssl.ServerHello.ServerHelloMessage;
	import sun.misc.HexDumpEncoder;

	public class CookieExtension {
	static final HandshakeProducer chNetworkProducer =
	new CHCookieProducer();
	static final ExtensionConsumer chOnLoadConsumer =
	new CHCookieConsumer();
	static final HandshakeConsumer chOnTradeConsumer =
	new CHCookieUpdate();

	static final HandshakeProducer hrrNetworkProducer =
	new HRRCookieProducer();
	static final ExtensionConsumer hrrOnLoadConsumer =
	new HRRCookieConsumer();

	static final HandshakeProducer hrrNetworkReproducer =
	new HRRCookieReproducer();

	static final CookieStringizer cookieStringizer =
	new CookieStringizer();

	/**
	* The "cookie" extension.
	*/
	static class CookieSpec implements SSLExtensionSpec {
	final byte[] cookie;

	private CookieSpec(ByteBuffer m) throws IOException {
	// opaque cookie<1..2^16-1>;
	if (m.remaining() < 3) {
	throw new SSLProtocolException(
	"Invalid cookie extension: insufficient data");
	}

	this.cookie = Record.getBytes16(m);
	}

	@Override
	public String toString() {
	MessageFormat messageFormat = new MessageFormat(
	"\"cookie\": '{'\n" +
	"{0}\n" +
	"'}',", Locale.ENGLISH);
	HexDumpEncoder hexEncoder = new HexDumpEncoder();
	Object[] messageFields = {
	Utilities.indent(hexEncoder.encode(cookie))
	};

	return messageFormat.format(messageFields);
	}
	}

	private static final class CookieStringizer implements SSLStringizer {
	@Override
	public String toString(ByteBuffer buffer) {
	try {
	return (new CookieSpec(buffer)).toString();
	} catch (IOException ioe) {
	// For debug logging only, so please swallow exceptions.
	return ioe.getMessage();
	}
	}
	}

	private static final
	class CHCookieProducer implements HandshakeProducer {
	// Prevent instantiation of this class.
	private CHCookieProducer() {
	// blank
	}

	@Override
	public byte[] produce(ConnectionContext context,
	HandshakeMessage message) throws IOException {
	ClientHandshakeContext chc = (ClientHandshakeContext) context;

	// Is it a supported and enabled extension?
	if (!chc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
	SSLLogger.fine(
	"Ignore unavailable cookie extension");
	}
	return null;
	}

	// response to an HelloRetryRequest cookie
	CookieSpec spec = (CookieSpec)chc.handshakeExtensions.get(
	SSLExtension.HRR_COOKIE);

	if (spec != null &&
	spec.cookie != null && spec.cookie.length != 0) {
	byte[] extData = new byte[spec.cookie.length + 2];
	ByteBuffer m = ByteBuffer.wrap(extData);
	Record.putBytes16(m, spec.cookie);
	return extData;
	}

	return null;
	}
	}

	private static final
	class CHCookieConsumer implements ExtensionConsumer {
	// Prevent instantiation of this class.
	private CHCookieConsumer() {
	// blank
	}

	@Override
	public void consume(ConnectionContext context,
	HandshakeMessage message, ByteBuffer buffer) throws IOException {
	// The consuming happens in server side only.
	ServerHandshakeContext shc = (ServerHandshakeContext)context;

	// Is it a supported and enabled extension?
	if (!shc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) {
	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
	SSLLogger.fine(
	"Ignore unavailable cookie extension");
	}
	return; // ignore the extension
	}

	CookieSpec spec;
	try {
	spec = new CookieSpec(buffer);
	} catch (IOException ioe) {
	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
	}

	shc.handshakeExtensions.put(SSLExtension.CH_COOKIE, spec);

	// No impact on session resumption.
	//
	// Note that the protocol version negotiation happens before the
	// session resumption negotiation. And the session resumption
	// negotiation depends on the negotiated protocol version.
	}
	}

	private static final
	class CHCookieUpdate implements HandshakeConsumer {
	// Prevent instantiation of this class.
	private CHCookieUpdate() {
	// blank
	}

	@Override
	public void consume(ConnectionContext context,
	HandshakeMessage message) throws IOException {
	// The consuming happens in server side only.
	ServerHandshakeContext shc = (ServerHandshakeContext)context;
	ClientHelloMessage clientHello = (ClientHelloMessage)message;

	CookieSpec spec = (CookieSpec)
	shc.handshakeExtensions.get(SSLExtension.CH_COOKIE);
	if (spec == null) {
	// Ignore, no "cookie" extension requested.
	return;
	}

	HelloCookieManager hcm =
	shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol);
	if (!hcm.isCookieValid(shc, clientHello, spec.cookie)) {
	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
	"unrecognized cookie");
	}
	}
	}

	private static final
	class HRRCookieProducer implements HandshakeProducer {
	// Prevent instantiation of this class.
	private HRRCookieProducer() {
	// blank
	}

	@Override
	public byte[] produce(ConnectionContext context,
	HandshakeMessage message) throws IOException {
	// The producing happens in server side only.
	ServerHandshakeContext shc = (ServerHandshakeContext)context;
	ServerHelloMessage hrrm = (ServerHelloMessage)message;

	// Is it a supported and enabled extension?
	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
	SSLLogger.fine(
	"Ignore unavailable cookie extension");
	}
	return null;
	}

	HelloCookieManager hcm =
	shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol);

	byte[] cookie = hcm.createCookie(shc, hrrm.clientHello);

	byte[] extData = new byte[cookie.length + 2];
	ByteBuffer m = ByteBuffer.wrap(extData);
	Record.putBytes16(m, cookie);

	return extData;
	}
	}

	private static final
	class HRRCookieConsumer implements ExtensionConsumer {
	// Prevent instantiation of this class.
	private HRRCookieConsumer() {
	// blank
	}

	@Override
	public void consume(ConnectionContext context,
	HandshakeMessage message, ByteBuffer buffer) throws IOException {
	// The consuming happens in client side only.
	ClientHandshakeContext chc = (ClientHandshakeContext)context;

	// Is it a supported and enabled extension?
	if (!chc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
	SSLLogger.fine(
	"Ignore unavailable cookie extension");
	}
	return; // ignore the extension
	}

	CookieSpec spec;
	try {
	spec = new CookieSpec(buffer);
	} catch (IOException ioe) {
	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
	}

	chc.handshakeExtensions.put(SSLExtension.HRR_COOKIE, spec);
	}
	}

	private static final
	class HRRCookieReproducer implements HandshakeProducer {
	// Prevent instantiation of this class.
	private HRRCookieReproducer() {
	// blank
	}

	@Override
	public byte[] produce(ConnectionContext context,
	HandshakeMessage message) throws IOException {
	// The producing happens in server side only.
	ServerHandshakeContext shc = (ServerHandshakeContext) context;

	// Is it a supported and enabled extension?
	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) {
	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
	SSLLogger.fine(
	"Ignore unavailable cookie extension");
	}
	return null;
	}

	// copy of the ClientHello cookie
	CookieSpec spec = (CookieSpec)shc.handshakeExtensions.get(
	SSLExtension.CH_COOKIE);

	if (spec != null &&
	spec.cookie != null && spec.cookie.length != 0) {
	byte[] extData = new byte[spec.cookie.length + 2];
	ByteBuffer m = ByteBuffer.wrap(extData);
	Record.putBytes16(m, spec.cookie);
	return extData;
	}

	return null;
	}
	}
	}

Back to index...