1 /*
2 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.io.IOException;
29 import java.nio.ByteBuffer;
30 import java.nio.charset.StandardCharsets;
31 import java.util.Arrays;
32 import java.util.Collections;
33 import java.util.LinkedList;
34 import java.util.List;
35 import javax.net.ssl.SSLEngine;
36 import javax.net.ssl.SSLProtocolException;
37 import javax.net.ssl.SSLSocket;
38 import sun.security.ssl.SSLExtension.ExtensionConsumer;
39 import sun.security.ssl.SSLExtension.SSLExtensionSpec;
40 import sun.security.ssl.SSLHandshake.HandshakeMessage;
41
42 /**
43 * Pack of the "application_layer_protocol_negotiation" extensions [RFC 7301].
44 */
45 final class AlpnExtension {
46 static final HandshakeProducer chNetworkProducer = new CHAlpnProducer();
47 static final ExtensionConsumer chOnLoadConcumer = new CHAlpnConsumer();
48 static final HandshakeAbsence chOnLoadAbsence = new CHAlpnAbsence();
49
50 static final HandshakeProducer shNetworkProducer = new SHAlpnProducer();
51 static final ExtensionConsumer shOnLoadConcumer = new SHAlpnConsumer();
52 static final HandshakeAbsence shOnLoadAbsence = new SHAlpnAbsence();
53
54 // Note: we reuse ServerHello operations for EncryptedExtensions for now.
55 // Please be careful about any code or specification changes in the future.
56 static final HandshakeProducer eeNetworkProducer = new SHAlpnProducer();
57 static final ExtensionConsumer eeOnLoadConcumer = new SHAlpnConsumer();
58 static final HandshakeAbsence eeOnLoadAbsence = new SHAlpnAbsence();
59
60 static final SSLStringize alpnStringize = new AlpnStringize();
61
62 /**
63 * The "application_layer_protocol_negotiation" extension.
64 *
65 * See RFC 7301 for the specification of this extension.
66 */
67 static final class AlpnSpec implements SSLExtensionSpec {
68 final List<String> applicationProtocols;
69
70 private AlpnSpec(String[] applicationProtocols) {
71 this.applicationProtocols = Collections.unmodifiableList(
72 Arrays.asList(applicationProtocols));
73 }
74
75 private AlpnSpec(ByteBuffer buffer) throws IOException {
76 // ProtocolName protocol_name_list<2..2^16-1>, RFC 7301.
77 if (buffer.remaining() < 2) {
78 throw new SSLProtocolException(
79 "Invalid application_layer_protocol_negotiation: " +
80 "insufficient data (length=" + buffer.remaining() + ")");
81 }
82
83 int listLen = Record.getInt16(buffer);
84 if (listLen < 2 || listLen != buffer.remaining()) {
85 throw new SSLProtocolException(
86 "Invalid application_layer_protocol_negotiation: " +
87 "incorrect list length (length=" + listLen + ")");
88 }
89
90 List<String> protocolNames = new LinkedList<>();
91 while (buffer.hasRemaining()) {
92 // opaque ProtocolName<1..2^8-1>, RFC 7301.
93 byte[] bytes = Record.getBytes8(buffer);
94 if (bytes.length == 0) {
95 throw new SSLProtocolException(
96 "Invalid application_layer_protocol_negotiation " +
97 "extension: empty application protocol name");
98 }
99
100 String appProtocol = new String(bytes, StandardCharsets.UTF_8);
101 protocolNames.add(appProtocol);
102 }
103
104 this.applicationProtocols =
105 Collections.unmodifiableList(protocolNames);
106 }
107
108 @Override
109 public String toString() {
110 return applicationProtocols.toString();
111 }
112 }
113
114 private static final class AlpnStringize implements SSLStringize {
115 @Override
116 public String toString(ByteBuffer buffer) {
117 try {
118 return (new AlpnSpec(buffer)).toString();
119 } catch (IOException ioe) {
120 // For debug logging only, so please swallow exceptions.
121 return ioe.getMessage();
122 }
123 }
124 }
125
126 /**
127 * Network data producer of the extension in a ClientHello
128 * handshake message.
129 */
130 private static final class CHAlpnProducer implements HandshakeProducer {
131 static final int MAX_AP_LENGTH = 255;
132 static final int MAX_AP_LIST_LENGTH = 65535;
133
134 // Prevent instantiation of this class.
135 private CHAlpnProducer() {
136 // blank
137 }
138
139 @Override
140 public byte[] produce(ConnectionContext context,
141 HandshakeMessage message) throws IOException {
142 // The producing happens in client side only.
143 ClientHandshakeContext chc = (ClientHandshakeContext)context;
144
145 // Is it a supported and enabled extension?
146 if (!chc.sslConfig.isAvailable(SSLExtension.CH_ALPN)) {
147 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
148 SSLLogger.info(
149 "Ignore client unavailable extension: " +
150 SSLExtension.CH_ALPN.name);
151 }
152 return null;
153 }
154
155 String[] laps = chc.sslConfig.applicationProtocols;
156 if ((laps == null) || (laps.length == 0)) {
157 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
158 SSLLogger.info(
159 "No available application protocols");
160 }
161 return null;
162 }
163
164 // Produce the extension.
165 int listLength = 0; // ProtocolNameList length
166 for (String ap : laps) {
167 int length = ap.getBytes(StandardCharsets.UTF_8).length;
168 if (length == 0) {
169 // log the configuration problem
170 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
171 SSLLogger.severe(
172 "Application protocol name cannot be empty");
173 }
174 chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
175 "Application protocol name cannot be empty");
176 }
177
178 if (length <= MAX_AP_LENGTH) {
179 // opaque ProtocolName<1..2^8-1>, RFC 7301.
180 listLength += (length + 1);
181 } else {
182 // log the configuration problem
183 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
184 SSLLogger.severe(
185 "Application protocol name (" + ap +
186 ") exceeds the size limit (" +
187 MAX_AP_LENGTH + " bytes)");
188 }
189 chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
190 "Application protocol name (" + ap +
191 ") exceeds the size limit (" +
192 MAX_AP_LENGTH + " bytes)");
193 }
194
195 if (listLength > MAX_AP_LIST_LENGTH) {
196 // log the configuration problem
197 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
198 SSLLogger.severe(
199 "The configured application protocols (" +
200 Arrays.toString(laps) +
201 ") exceed the size limit (" +
202 MAX_AP_LIST_LENGTH + " bytes)");
203 }
204 chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
205 "The configured application protocols (" +
206 Arrays.toString(laps) +
207 ") exceed the size limit (" +
208 MAX_AP_LIST_LENGTH + " bytes)");
209 }
210 }
211
212 // ProtocolName protocol_name_list<2..2^16-1>, RFC 7301.
213 byte[] extData = new byte[listLength + 2];
214 ByteBuffer m = ByteBuffer.wrap(extData);
215 Record.putInt16(m, listLength);
216 for (String ap : laps) {
217 Record.putBytes8(m, ap.getBytes(StandardCharsets.UTF_8));
218 }
219
220 // Update the context.
221 chc.handshakeExtensions.put(SSLExtension.CH_ALPN,
222 new AlpnSpec(chc.sslConfig.applicationProtocols));
223
224 return extData;
225 }
226 }
227
228 /**
229 * Network data consumer of the extension in a ClientHello
230 * handshake message.
231 */
232 private static final class CHAlpnConsumer implements ExtensionConsumer {
233 // Prevent instantiation of this class.
234 private CHAlpnConsumer() {
235 // blank
236 }
237
238 @Override
239 public void consume(ConnectionContext context,
240 HandshakeMessage message, ByteBuffer buffer) throws IOException {
241 // The comsuming happens in server side only.
242 ServerHandshakeContext shc = (ServerHandshakeContext)context;
243
244 // Is it a supported and enabled extension?
245 if (!shc.sslConfig.isAvailable(SSLExtension.CH_ALPN)) {
246 shc.applicationProtocol = "";
247 shc.conContext.applicationProtocol = "";
248 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
249 SSLLogger.info(
250 "Ignore server unavailable extension: " +
251 SSLExtension.CH_ALPN.name);
252 }
253 return; // ignore the extension
254 }
255
256 // Is the extension enabled?
257 boolean noAPSelector;
258 if (shc.conContext.transport instanceof SSLEngine) {
259 noAPSelector = (shc.sslConfig.engineAPSelector == null);
260 } else {
261 noAPSelector = (shc.sslConfig.socketAPSelector == null);
262 }
263
264 boolean noAlpnProtocols =
265 shc.sslConfig.applicationProtocols == null ||
266 shc.sslConfig.applicationProtocols.length == 0;
267 if (noAPSelector && noAlpnProtocols) {
268 shc.applicationProtocol = "";
269 shc.conContext.applicationProtocol = "";
270 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
271 SSLLogger.fine(
272 "Ignore server unenabled extension: " +
273 SSLExtension.CH_ALPN.name);
274 }
275 return; // ignore the extension
276 }
277
278 // Parse the extension.
279 AlpnSpec spec;
280 try {
281 spec = new AlpnSpec(buffer);
282 } catch (IOException ioe) {
283 shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
284 return; // fatal() always throws, make the compiler happy.
285 }
286
287 // Update the context.
288 if (noAPSelector) { // noAlpnProtocols is false
289 List<String> protocolNames = spec.applicationProtocols;
290 boolean matched = false;
291 // Use server application protocol preference order.
292 for (String ap : shc.sslConfig.applicationProtocols) {
293 if (protocolNames.contains(ap)) {
294 shc.applicationProtocol = ap;
295 shc.conContext.applicationProtocol = ap;
296 matched = true;
297 break;
298 }
299 }
300
301 if (!matched) {
302 shc.conContext.fatal(Alert.NO_APPLICATION_PROTOCOL,
303 "No matching application layer protocol values");
304 }
305 } // Otherwise, applicationProtocol will be set by the
306 // application selector callback later.
307
308 shc.handshakeExtensions.put(SSLExtension.CH_ALPN, spec);
309
310 // No impact on session resumption.
311 //
312 // [RFC 7301] Unlike many other TLS extensions, this extension
313 // does not establish properties of the session, only of the
314 // connection. When session resumption or session tickets are
315 // used, the previous contents of this extension are irrelevant,
316 // and only the values in the new handshake messages are
317 // considered.
318 }
319 }
320
321 /**
322 * The absence processing if the extension is not present in
323 * a ClientHello handshake message.
324 */
325 private static final class CHAlpnAbsence implements HandshakeAbsence {
326 @Override
327 public void absent(ConnectionContext context,
328 HandshakeMessage message) throws IOException {
329 // The producing happens in server side only.
330 ServerHandshakeContext shc = (ServerHandshakeContext)context;
331
332 // Please don't use the previous negotiated application protocol.
333 shc.applicationProtocol = "";
334 shc.conContext.applicationProtocol = "";
335 }
336 }
337
338 /**
339 * Network data producer of the extension in the ServerHello
340 * handshake message.
341 */
342 private static final class SHAlpnProducer implements HandshakeProducer {
343 // Prevent instantiation of this class.
344 private SHAlpnProducer() {
345 // blank
346 }
347
348 @Override
349 public byte[] produce(ConnectionContext context,
350 HandshakeMessage message) throws IOException {
351 // The producing happens in client side only.
352 ServerHandshakeContext shc = (ServerHandshakeContext)context;
353
354 // In response to ALPN request only
355 AlpnSpec requestedAlps =
356 (AlpnSpec)shc.handshakeExtensions.get(SSLExtension.CH_ALPN);
357 if (requestedAlps == null) {
358 // Ignore, this extension was not requested and accepted.
359 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
360 SSLLogger.fine(
361 "Ignore unavailable extension: " +
362 SSLExtension.SH_ALPN.name);
363 }
364 return null;
365 }
366
367 List<String> alps = requestedAlps.applicationProtocols;
368 if (shc.conContext.transport instanceof SSLEngine) {
369 if (shc.sslConfig.engineAPSelector != null) {
370 SSLEngine engine = (SSLEngine)shc.conContext.transport;
371 shc.applicationProtocol =
372 shc.sslConfig.engineAPSelector.apply(engine, alps);
373 if ((shc.applicationProtocol == null) ||
374 (!shc.applicationProtocol.isEmpty() &&
375 !alps.contains(shc.applicationProtocol))) {
376 shc.conContext.fatal(Alert.NO_APPLICATION_PROTOCOL,
377 "No matching application layer protocol values");
378 }
379 }
380 } else {
381 if (shc.sslConfig.socketAPSelector != null) {
382 SSLSocket socket = (SSLSocket)shc.conContext.transport;
383 shc.applicationProtocol =
384 shc.sslConfig.socketAPSelector.apply(socket, alps);
385 if ((shc.applicationProtocol == null) ||
386 (!shc.applicationProtocol.isEmpty() &&
387 !alps.contains(shc.applicationProtocol))) {
388 shc.conContext.fatal(Alert.NO_APPLICATION_PROTOCOL,
389 "No matching application layer protocol values");
390 }
391 }
392 }
393
394 if ((shc.applicationProtocol == null) ||
395 (shc.applicationProtocol.isEmpty())) {
396 // Ignore, no negotiated application layer protocol.
397 shc.applicationProtocol = "";
398 shc.conContext.applicationProtocol = "";
399 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
400 SSLLogger.warning(
401 "Ignore, no negotiated application layer protocol");
402 }
403
404 return null;
405 }
406
407 // opaque ProtocolName<1..2^8-1>, RFC 7301.
408 int listLen = shc.applicationProtocol.length() + 1;
409 // 1: length byte
410 // ProtocolName protocol_name_list<2..2^16-1>, RFC 7301.
411 byte[] extData = new byte[listLen + 2]; // 2: list length
412 ByteBuffer m = ByteBuffer.wrap(extData);
413 Record.putInt16(m, listLen);
414 Record.putBytes8(m,
415 shc.applicationProtocol.getBytes(StandardCharsets.UTF_8));
416
417 // Update the context.
418 shc.conContext.applicationProtocol = shc.applicationProtocol;
419
420 // Clean or register the extension
421 //
422 // No further use of the request and respond extension any more.
423 shc.handshakeExtensions.remove(SSLExtension.CH_ALPN);
424
425 return extData;
426 }
427 }
428
429 /**
430 * Network data consumer of the extension in the ServerHello
431 * handshake message.
432 */
433 private static final class SHAlpnConsumer implements ExtensionConsumer {
434 // Prevent instantiation of this class.
435 private SHAlpnConsumer() {
436 // blank
437 }
438
439 @Override
440 public void consume(ConnectionContext context,
441 HandshakeMessage message, ByteBuffer buffer) throws IOException {
442 // The producing happens in client side only.
443 ClientHandshakeContext chc = (ClientHandshakeContext)context;
444
445 // In response to ALPN request only
446 AlpnSpec requestedAlps =
447 (AlpnSpec)chc.handshakeExtensions.get(SSLExtension.CH_ALPN);
448 if (requestedAlps == null) {
449 chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
450 "Unexpected " + SSLExtension.CH_ALPN.name + " extension");
451 }
452
453 // Parse the extension.
454 AlpnSpec spec;
455 try {
456 spec = new AlpnSpec(buffer);
457 } catch (IOException ioe) {
458 chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
459 return; // fatal() always throws, make the compiler happy.
460 }
461
462 // Only one application protocol is allowed.
463 if (spec.applicationProtocols.size() != 1) {
464 chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
465 "Invalid " + SSLExtension.CH_ALPN.name + " extension: " +
466 "Only one protocol name is allowed in ServerHello message");
467 }
468
469 // Update the context.
470 chc.applicationProtocol = spec.applicationProtocols.get(0);
471 chc.conContext.applicationProtocol = chc.applicationProtocol;
472
473 // Clean or register the extension
474 //
475 // No further use of the request and respond extension any more.
476 chc.handshakeExtensions.remove(SSLExtension.CH_ALPN);
477 }
478 }
479
480 /**
481 * The absence processing if the extension is not present in
482 * the ServerHello handshake message.
483 */
484 private static final class SHAlpnAbsence implements HandshakeAbsence {
485 @Override
486 public void absent(ConnectionContext context,
487 HandshakeMessage message) throws IOException {
488 // The producing happens in client side only.
489 ClientHandshakeContext chc = (ClientHandshakeContext)context;
490
491 // Please don't use the previous negotiated application protocol.
492 chc.applicationProtocol = "";
493 chc.conContext.applicationProtocol = "";
494 }
495 }
496 }