Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
 Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/ssl/CertSignAlgsExtension.java
38830 views
1
/*

2
 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.  Oracle designates this

8
 * particular file as subject to the "Classpath" exception as provided

9
 * by Oracle in the LICENSE file that accompanied this code.

10
 *

11
 * This code is distributed in the hope that it will be useful, but WITHOUT

12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14
 * version 2 for more details (a copy is included in the LICENSE file that

15
 * accompanied this code).

16
 *

17
 * You should have received a copy of the GNU General Public License version

18
 * 2 along with this work; if not, write to the Free Software Foundation,

19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20
 *

21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22
 * or visit www.oracle.com if you need additional information or have any

23
 * questions.

24
 */

25


26
package sun.security.ssl;

27


28
import java.io.IOException;

29
import java.nio.ByteBuffer;

30
import java.util.Arrays;

31
import java.util.Collections;

32
import java.util.List;

33
import sun.security.ssl.SSLExtension.ExtensionConsumer;

34
import sun.security.ssl.SSLHandshake.HandshakeMessage;

35
import sun.security.ssl.SignatureAlgorithmsExtension.SignatureSchemesSpec;

36


37
/**

38
 * Pack of the "signature_algorithms_cert" extensions.

39
 */

40
final class CertSignAlgsExtension {

41
    static final HandshakeProducer chNetworkProducer =

42
            new CHCertSignatureSchemesProducer();

43
    static final ExtensionConsumer chOnLoadConsumer =

44
            new CHCertSignatureSchemesConsumer();

45
    static final HandshakeConsumer chOnTradeConsumer =

46
            new CHCertSignatureSchemesUpdate();

47


48
    static final HandshakeProducer crNetworkProducer =

49
            new CRCertSignatureSchemesProducer();

50
    static final ExtensionConsumer crOnLoadConsumer =

51
            new CRCertSignatureSchemesConsumer();

52
    static final HandshakeConsumer crOnTradeConsumer =

53
            new CRCertSignatureSchemesUpdate();

54


55
    static final SSLStringizer ssStringizer =

56
            new CertSignatureSchemesStringizer();

57


58
    private static final

59
            class CertSignatureSchemesStringizer implements SSLStringizer {

60
        @Override

61
        public String toString(ByteBuffer buffer) {

62
            try {

63
                return (new SignatureSchemesSpec(buffer)).toString();

64
            } catch (IOException ioe) {

65
                // For debug logging only, so please swallow exceptions.

66
                return ioe.getMessage();

67
            }

68
        }

69
    }

70


71
    /**

72
     * Network data producer of a "signature_algorithms_cert" extension in

73
     * the ClientHello handshake message.

74
     */

75
    private static final

76
            class CHCertSignatureSchemesProducer implements HandshakeProducer {

77
        // Prevent instantiation of this class.

78
        private CHCertSignatureSchemesProducer() {

79
            // blank

80
        }

81


82
        @Override

83
        public byte[] produce(ConnectionContext context,

84
                HandshakeMessage message) throws IOException {

85
            // The producing happens in client side only.

86
            ClientHandshakeContext chc = (ClientHandshakeContext)context;

87


88
            // Is it a supported and enabled extension?

89
            if (!chc.sslConfig.isAvailable(

90
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {

91
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

92
                    SSLLogger.fine(

93
                            "Ignore unavailable " +

94
                            "signature_algorithms_cert extension");

95
                }

96


97
                return null;    // ignore the extension

98
            }

99


100
            // Produce the extension.

101
            if (chc.localSupportedSignAlgs == null) {

102
                chc.localSupportedSignAlgs =

103
                    SignatureScheme.getSupportedAlgorithms(

104
                            chc.sslConfig,

105
                            chc.algorithmConstraints, chc.activeProtocols);

106
            }

107


108
            int vectorLen = SignatureScheme.sizeInRecord() *

109
                    chc.localSupportedSignAlgs.size();

110
            byte[] extData = new byte[vectorLen + 2];

111
            ByteBuffer m = ByteBuffer.wrap(extData);

112
            Record.putInt16(m, vectorLen);

113
            for (SignatureScheme ss : chc.localSupportedSignAlgs) {

114
                Record.putInt16(m, ss.id);

115
            }

116


117
            // Update the context.

118
            chc.handshakeExtensions.put(

119
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT,

120
                    new SignatureSchemesSpec(chc.localSupportedSignAlgs));

121


122
            return extData;

123
        }

124
    }

125


126
    /**

127
     * Network data consumer of a "signature_algorithms_cert" extension in

128
     * the ClientHello handshake message.

129
     */

130
    private static final

131
            class CHCertSignatureSchemesConsumer implements ExtensionConsumer {

132
        // Prevent instantiation of this class.

133
        private CHCertSignatureSchemesConsumer() {

134
            // blank

135
        }

136


137
        @Override

138
        public void consume(ConnectionContext context,

139
            HandshakeMessage message, ByteBuffer buffer) throws IOException {

140
            // The consuming happens in server side only.

141
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

142


143
            // Is it a supported and enabled extension?

144
            if (!shc.sslConfig.isAvailable(

145
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {

146
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

147
                    SSLLogger.fine(

148
                            "Ignore unavailable " +

149
                            "signature_algorithms_cert extension");

150
                }

151
                return;     // ignore the extension

152
            }

153


154
            // Parse the extension.

155
            SignatureSchemesSpec spec;

156
            try {

157
                spec = new SignatureSchemesSpec(buffer);

158
            } catch (IOException ioe) {

159
                throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);

160
            }

161


162
            // Update the context.

163
            shc.handshakeExtensions.put(

164
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT, spec);

165


166
            // No impact on session resumption.

167
        }

168
    }

169


170
    /**

171
     * After session creation consuming of a "signature_algorithms_cert"

172
     * extension in the ClientHello handshake message.

173
     */

174
    private static final class CHCertSignatureSchemesUpdate

175
            implements HandshakeConsumer {

176
        // Prevent instantiation of this class.

177
        private CHCertSignatureSchemesUpdate() {

178
            // blank

179
        }

180


181
        @Override

182
        public void consume(ConnectionContext context,

183
                HandshakeMessage message) throws IOException {

184
            // The consuming happens in server side only.

185
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

186


187
            SignatureSchemesSpec spec = (SignatureSchemesSpec)

188
                    shc.handshakeExtensions.get(

189
                            SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);

190
            if (spec == null) {

191
                // Ignore, no signature_algorithms_cert extension requested.

192
                return;

193
            }

194


195
            // update the context

196
            List<SignatureScheme> schemes =

197
                    SignatureScheme.getSupportedAlgorithms(

198
                            shc.sslConfig,

199
                            shc.algorithmConstraints, shc.negotiatedProtocol,

200
                            spec.signatureSchemes);

201
            shc.peerRequestedCertSignSchemes = schemes;

202
            shc.handshakeSession.setPeerSupportedSignatureAlgorithms(schemes);

203


204
            if (!shc.isResumption && shc.negotiatedProtocol.useTLS13PlusSpec()) {

205
                if (shc.sslConfig.clientAuthType !=

206
                        ClientAuthType.CLIENT_AUTH_NONE) {

207
                    shc.handshakeProducers.putIfAbsent(

208
                            SSLHandshake.CERTIFICATE_REQUEST.id,

209
                            SSLHandshake.CERTIFICATE_REQUEST);

210
                }

211
                shc.handshakeProducers.put(SSLHandshake.CERTIFICATE.id,

212
                        SSLHandshake.CERTIFICATE);

213
                shc.handshakeProducers.putIfAbsent(

214
                        SSLHandshake.CERTIFICATE_VERIFY.id,

215
                        SSLHandshake.CERTIFICATE_VERIFY);

216
            }

217
        }

218
    }

219


220
    /**

221
     * Network data producer of a "signature_algorithms_cert" extension in

222
     * the CertificateRequest handshake message.

223
     */

224
    private static final

225
            class CRCertSignatureSchemesProducer implements HandshakeProducer {

226
        // Prevent instantiation of this class.

227
        private CRCertSignatureSchemesProducer() {

228
            // blank

229
        }

230


231
        @Override

232
        public byte[] produce(ConnectionContext context,

233
                HandshakeMessage message) throws IOException {

234
            // The producing happens in server side only.

235
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

236


237
            // Is it a supported and enabled extension?

238
            if (!shc.sslConfig.isAvailable(

239
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {

240
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

241
                    SSLLogger.fine(

242
                            "Ignore unavailable " +

243
                            "signature_algorithms_cert extension");

244
                }

245
                return null;    // ignore the extension

246
            }

247


248
            // Produce the extension.

249
            List<ProtocolVersion> protocols = Arrays.asList(shc.negotiatedProtocol);

250
            protocols = Collections.unmodifiableList(protocols);

251
            List<SignatureScheme> sigAlgs =

252
                    SignatureScheme.getSupportedAlgorithms(

253
                            shc.sslConfig,

254
                            shc.algorithmConstraints,

255
                            protocols);

256


257
            int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();

258
            byte[] extData = new byte[vectorLen + 2];

259
            ByteBuffer m = ByteBuffer.wrap(extData);

260
            Record.putInt16(m, vectorLen);

261
            for (SignatureScheme ss : sigAlgs) {

262
                Record.putInt16(m, ss.id);

263
            }

264


265
            // Update the context.

266
            shc.handshakeExtensions.put(

267
                    SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT,

268
                    new SignatureSchemesSpec(shc.localSupportedSignAlgs));

269


270
            return extData;

271
        }

272
    }

273


274
    /**

275
     * Network data consumer of a "signature_algorithms_cert" extension in

276
     * the CertificateRequest handshake message.

277
     */

278
    private static final

279
            class CRCertSignatureSchemesConsumer implements ExtensionConsumer {

280
        // Prevent instantiation of this class.

281
        private CRCertSignatureSchemesConsumer() {

282
            // blank

283
        }

284
        @Override

285
        public void consume(ConnectionContext context,

286
            HandshakeMessage message, ByteBuffer buffer) throws IOException {

287
            // The consuming happens in client side only.

288
            ClientHandshakeContext chc = (ClientHandshakeContext)context;

289


290
            // Is it a supported and enabled extension?

291
            if (!chc.sslConfig.isAvailable(

292
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {

293
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

294
                    SSLLogger.fine(

295
                            "Ignore unavailable " +

296
                            "signature_algorithms_cert extension");

297
                }

298
                return;     // ignore the extension

299
            }

300


301
            // Parse the extension.

302
            SignatureSchemesSpec spec;

303
            try {

304
                spec = new SignatureSchemesSpec(buffer);

305
            } catch (IOException ioe) {

306
                throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);

307
            }

308


309
            // Update the context.

310
            chc.handshakeExtensions.put(

311
                    SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT, spec);

312


313
            // No impact on session resumption.

314
        }

315
    }

316


317
    /**

318
     * After session creation consuming of a "signature_algorithms_cert"

319
     * extension in the CertificateRequest handshake message.

320
     */

321
    private static final class CRCertSignatureSchemesUpdate

322
            implements HandshakeConsumer {

323
        // Prevent instantiation of this class.

324
        private CRCertSignatureSchemesUpdate() {

325
            // blank

326
        }

327


328
        @Override

329
        public void consume(ConnectionContext context,

330
                HandshakeMessage message) throws IOException {

331
            // The consuming happens in client side only.

332
            ClientHandshakeContext chc = (ClientHandshakeContext)context;

333


334
            SignatureSchemesSpec spec = (SignatureSchemesSpec)

335
                    chc.handshakeExtensions.get(

336
                            SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT);

337
            if (spec == null) {

338
                // Ignore, no "signature_algorithms_cert" extension requested.

339
                return;

340
            }

341


342
            // update the context

343
            List<SignatureScheme> schemes =

344
                    SignatureScheme.getSupportedAlgorithms(

345
                            chc.sslConfig,

346
                            chc.algorithmConstraints, chc.negotiatedProtocol,

347
                            spec.signatureSchemes);

348
            chc.peerRequestedCertSignSchemes = schemes;

349
            chc.handshakeSession.setPeerSupportedSignatureAlgorithms(schemes);

350
        }

351
    }

352
}

353


354