760 for (HelloExtension ext : mesg.extensions.list()) {
761 ExtensionType type = ext.type;
762 if (type == ExtensionType.EXT_SERVER_NAME) {
763 serverNamesAccepted = true;
764 } else if (type == ExtensionType.EXT_STATUS_REQUEST ||
765 type == ExtensionType.EXT_STATUS_REQUEST_V2) {
766 // Only enable the stapling feature if the client asserted
767 // these extensions.
768 if (sslContext.isStaplingEnabled(true)) {
769 staplingActive = true;
770 } else {
771 fatalSE(Alerts.alert_unexpected_message, "Server set " +
772 type + " extension when not requested by client");
773 }
774 } else if ((type != ExtensionType.EXT_SUPPORTED_GROUPS)
775 && (type != ExtensionType.EXT_EC_POINT_FORMATS)
776 && (type != ExtensionType.EXT_SERVER_NAME)
777 && (type != ExtensionType.EXT_ALPN)
778 && (type != ExtensionType.EXT_RENEGOTIATION_INFO)
779 && (type != ExtensionType.EXT_STATUS_REQUEST)
780 && (type != ExtensionType.EXT_STATUS_REQUEST_V2)) {
781 // Note: Better to check client requested extensions rather
782 // than all supported extensions.
783 fatalSE(Alerts.alert_unsupported_extension,
784 "Server sent an unsupported extension: " + type);
785 }
786 }
787
788 // Create a new session, we need to do the full handshake
789 session = new SSLSessionImpl(protocolVersion, cipherSuite,
790 getLocalSupportedSignAlgs(),
791 mesg.sessionId, getHostSE(), getPortSE());
792 session.setRequestedServerNames(requestedServerNames);
793 session.setNegotiatedMaxFragSize(requestedMFLength);
794 session.setMaximumPacketSize(maximumPacketSize);
795 setHandshakeSessionSE(session);
796 if (debug != null && Debug.isOn("handshake")) {
797 System.out.println("** " + cipherSuite);
798 }
799 }
800
801 /*
802 * Server's own key was either a signing-only key, or was too
803 * large for export rules ... this message holds an ephemeral
804 * RSA key to use for key exchange.
805 */
806 private void serverKeyExchange(RSA_ServerKeyExchange mesg)
807 throws IOException, GeneralSecurityException {
808 if (debug != null && Debug.isOn("handshake")) {
809 mesg.print(System.out);
810 }
811 if (!mesg.verify(serverKey, clnt_random, svr_random)) {
812 fatalSE(Alerts.alert_handshake_failure,
813 "server key exchange invalid");
814 // NOTREACHED
815 }
816 ephemeralServerKey = mesg.getPublicKey();
817
818 // check constraints of RSA PublicKey
1520 if (sge != null) {
1521 clientHelloMessage.extensions.add(sge);
1522 // Add elliptic point format extensions
1523 if (cipherSuites.contains(NamedGroupType.NAMED_GROUP_ECDHE)) {
1524 clientHelloMessage.extensions.add(
1525 EllipticPointFormatsExtension.DEFAULT);
1526 }
1527 }
1528
1529 // add signature_algorithm extension
1530 if (maxProtocolVersion.useTLS12PlusSpec()) {
1531 // we will always send the signature_algorithm extension
1532 Collection<SignatureAndHashAlgorithm> localSignAlgs =
1533 getLocalSupportedSignAlgs();
1534 if (localSignAlgs.isEmpty()) {
1535 throw new SSLHandshakeException(
1536 "No supported signature algorithm");
1537 }
1538
1539 clientHelloMessage.addSignatureAlgorithmsExtension(localSignAlgs);
1540 }
1541
1542 // add server_name extension
1543 if (enableSNIExtension) {
1544 if (session != null) {
1545 requestedServerNames = session.getRequestedServerNames();
1546 } else {
1547 requestedServerNames = serverNames;
1548 }
1549
1550 if (!requestedServerNames.isEmpty()) {
1551 clientHelloMessage.addSNIExtension(requestedServerNames);
1552 }
1553 }
1554
1555 // add max_fragment_length extension
1556 if (enableMFLExtension) {
1557 if (session != null) {
1558 // The same extension should be sent for resumption.
1559 requestedMFLength = session.getNegotiatedMaxFragSize();
|
760 for (HelloExtension ext : mesg.extensions.list()) {
761 ExtensionType type = ext.type;
762 if (type == ExtensionType.EXT_SERVER_NAME) {
763 serverNamesAccepted = true;
764 } else if (type == ExtensionType.EXT_STATUS_REQUEST ||
765 type == ExtensionType.EXT_STATUS_REQUEST_V2) {
766 // Only enable the stapling feature if the client asserted
767 // these extensions.
768 if (sslContext.isStaplingEnabled(true)) {
769 staplingActive = true;
770 } else {
771 fatalSE(Alerts.alert_unexpected_message, "Server set " +
772 type + " extension when not requested by client");
773 }
774 } else if ((type != ExtensionType.EXT_SUPPORTED_GROUPS)
775 && (type != ExtensionType.EXT_EC_POINT_FORMATS)
776 && (type != ExtensionType.EXT_SERVER_NAME)
777 && (type != ExtensionType.EXT_ALPN)
778 && (type != ExtensionType.EXT_RENEGOTIATION_INFO)
779 && (type != ExtensionType.EXT_STATUS_REQUEST)
780 && (type != ExtensionType.EXT_STATUS_REQUEST_V2)
781 && (type != ExtensionType.EXT_EXTENDED_MASTER_SECRET)) {
782 // Note: Better to check client requested extensions rather
783 // than all supported extensions.
784 fatalSE(Alerts.alert_unsupported_extension,
785 "Server sent an unsupported extension: " + type);
786 }
787 }
788
789 // Create a new session, we need to do the full handshake
790 session = new SSLSessionImpl(protocolVersion, cipherSuite,
791 getLocalSupportedSignAlgs(),
792 mesg.sessionId, getHostSE(), getPortSE());
793 session.setRequestedServerNames(requestedServerNames);
794 session.setNegotiatedMaxFragSize(requestedMFLength);
795 session.setMaximumPacketSize(maximumPacketSize);
796 setHandshakeSessionSE(session);
797 if (debug != null && Debug.isOn("handshake")) {
798 System.out.println("** " + cipherSuite);
799 }
800
801 if (useExtendedMasterSecretExtension) {
802 // check Extended Master Secret extension
803 ExtendedMasterSecretExtension extendedMasterSecretExtension = (ExtendedMasterSecretExtension)
804 mesg.extensions.get(ExtensionType.EXT_EXTENDED_MASTER_SECRET);
805 if (extendedMasterSecretExtension != null) {
806 if (resumingSession) {
807 if (!session.getUseExtendedMasterSecret()) {
808 // Full-handshake was not using Extended Master Secret
809 // However, Extended Master Secret was received on
810 // session resumption.
811 throw new SSLHandshakeException(
812 "Unexpected Extended Master Secret extension on session resumption");
813 }
814 } else {
815 session.setUseExtendedMasterSecret();
816 }
817 } else {
818 if (resumingSession) {
819 if (session.getUseExtendedMasterSecret()) {
820 // Full-handshake was using Extended Master Secret
821 // However, Extended Master Secret was not received
822 // on session resumption.
823 throw new SSLHandshakeException(
824 "Extended Master Secret extension missing on session resumption");
825 }
826 }
827 }
828 }
829 }
830
831 /*
832 * Server's own key was either a signing-only key, or was too
833 * large for export rules ... this message holds an ephemeral
834 * RSA key to use for key exchange.
835 */
836 private void serverKeyExchange(RSA_ServerKeyExchange mesg)
837 throws IOException, GeneralSecurityException {
838 if (debug != null && Debug.isOn("handshake")) {
839 mesg.print(System.out);
840 }
841 if (!mesg.verify(serverKey, clnt_random, svr_random)) {
842 fatalSE(Alerts.alert_handshake_failure,
843 "server key exchange invalid");
844 // NOTREACHED
845 }
846 ephemeralServerKey = mesg.getPublicKey();
847
848 // check constraints of RSA PublicKey
1550 if (sge != null) {
1551 clientHelloMessage.extensions.add(sge);
1552 // Add elliptic point format extensions
1553 if (cipherSuites.contains(NamedGroupType.NAMED_GROUP_ECDHE)) {
1554 clientHelloMessage.extensions.add(
1555 EllipticPointFormatsExtension.DEFAULT);
1556 }
1557 }
1558
1559 // add signature_algorithm extension
1560 if (maxProtocolVersion.useTLS12PlusSpec()) {
1561 // we will always send the signature_algorithm extension
1562 Collection<SignatureAndHashAlgorithm> localSignAlgs =
1563 getLocalSupportedSignAlgs();
1564 if (localSignAlgs.isEmpty()) {
1565 throw new SSLHandshakeException(
1566 "No supported signature algorithm");
1567 }
1568
1569 clientHelloMessage.addSignatureAlgorithmsExtension(localSignAlgs);
1570 }
1571
1572 // add Extended Master Secret extension
1573 if (useExtendedMasterSecretExtension) {
1574 if (maxProtocolVersion.useTLS10PlusSpec()) {
1575 if (!resumingSession || session.getUseExtendedMasterSecret()) {
1576 clientHelloMessage.addExtendedMasterSecretExtension();
1577 }
1578 }
1579 }
1580
1581 // add server_name extension
1582 if (enableSNIExtension) {
1583 if (session != null) {
1584 requestedServerNames = session.getRequestedServerNames();
1585 } else {
1586 requestedServerNames = serverNames;
1587 }
1588
1589 if (!requestedServerNames.isEmpty()) {
1590 clientHelloMessage.addSNIExtension(requestedServerNames);
1591 }
1592 }
1593
1594 // add max_fragment_length extension
1595 if (enableMFLExtension) {
1596 if (session != null) {
1597 // The same extension should be sent for resumption.
1598 requestedMFLength = session.getNegotiatedMaxFragSize();
|