1 /* 2 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.io.IOException; 29 import java.nio.ByteBuffer; 30 import sun.security.ssl.SSLHandshake.HandshakeMessage; 31 32 /** 33 * Pack of the HelloRequest handshake message. 34 */ 35 final class HelloRequest { 36 static final SSLProducer kickstartProducer = 37 new HelloRequestKickstartProducer(); 38 39 static final SSLConsumer handshakeConsumer = 40 new HelloRequestConsumer(); 41 static final HandshakeProducer handshakeProducer = 42 new HelloRequestProducer(); 43 44 /** 45 * The HelloRequest handshake message. 46 * 47 * [RFC 5246] The HelloRequest message MAY be sent by the server at any 48 * time. HelloRequest is a simple notification that the client should 49 * begin the negotiation process anew. 50 * 51 * struct { } HelloRequest; 52 */ 53 static final class HelloRequestMessage extends HandshakeMessage { 54 HelloRequestMessage(HandshakeContext handshakeContext) { 55 super(handshakeContext); 56 } 57 58 HelloRequestMessage(HandshakeContext handshakeContext, 59 ByteBuffer m) throws IOException { 60 super(handshakeContext); 61 if (m.hasRemaining()) { 62 handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, 63 "Error parsing HelloRequest message: not empty"); 64 } 65 } 66 67 @Override 68 public SSLHandshake handshakeType() { 69 return SSLHandshake.HELLO_REQUEST; 70 } 71 72 @Override 73 public int messageLength() { 74 return 0; 75 } 76 77 @Override 78 public void send(HandshakeOutStream s) throws IOException { 79 // empty, nothing to send 80 } 81 82 @Override 83 public String toString() { 84 return "<empty>"; 85 } 86 } 87 88 /** 89 * The "HelloRequest" handshake message kick start producer. 90 */ 91 private static final 92 class HelloRequestKickstartProducer implements SSLProducer { 93 // Prevent instantiation of this class. 94 private HelloRequestKickstartProducer() { 95 // blank 96 } 97 98 @Override 99 public byte[] produce(ConnectionContext context) throws IOException { 100 // The producing happens in server side only. 101 ServerHandshakeContext shc = (ServerHandshakeContext)context; 102 103 HelloRequestMessage hrm = new HelloRequestMessage(shc); 104 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { 105 SSLLogger.fine("Produced HelloRequest handshake message", hrm); 106 } 107 108 // Output the handshake message. 109 hrm.write(shc.handshakeOutput); 110 shc.handshakeOutput.flush(); 111 112 // update the context 113 114 // What's the expected response? 115 shc.handshakeConsumers.put( 116 SSLHandshake.CLIENT_HELLO.id, SSLHandshake.CLIENT_HELLO); 117 118 // The handshake message has been delivered. 119 return null; 120 } 121 } 122 123 /** 124 * The "HelloRequest" handshake message producer. 125 */ 126 private static final class HelloRequestProducer 127 implements HandshakeProducer { 128 // Prevent instantiation of this class. 129 private HelloRequestProducer() { 130 // blank 131 } 132 133 @Override 134 public byte[] produce(ConnectionContext context, 135 HandshakeMessage message) throws IOException { 136 // The producing happens in server side only. 137 ServerHandshakeContext shc = (ServerHandshakeContext)context; 138 139 HelloRequestMessage hrm = new HelloRequestMessage(shc); 140 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { 141 SSLLogger.fine("Produced HelloRequest handshake message", hrm); 142 } 143 144 // Output the handshake message. 145 hrm.write(shc.handshakeOutput); 146 shc.handshakeOutput.flush(); 147 148 // update the context 149 150 // What's the expected response? 151 shc.handshakeConsumers.put( 152 SSLHandshake.CLIENT_HELLO.id, SSLHandshake.CLIENT_HELLO); 153 154 // The handshake message has been delivered. 155 return null; 156 } 157 } 158 159 /** 160 * The "HelloRequest" handshake message consumer. 161 */ 162 private static final class HelloRequestConsumer 163 implements SSLConsumer { 164 165 // Prevent instantiation of this class. 166 private HelloRequestConsumer() { 167 // blank 168 } 169 170 @Override 171 public void consume(ConnectionContext context, 172 ByteBuffer message) throws IOException { 173 // The consuming happens in client side only. 174 ClientHandshakeContext chc = (ClientHandshakeContext)context; 175 176 // For TLS 1.2 and prior versions, the HelloRequest message MAY 177 // be sent by the server at any time. Please don't clean up this 178 // handshake consumer. 179 HelloRequestMessage hrm = new HelloRequestMessage(chc, message); 180 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { 181 SSLLogger.fine( 182 "Consuming HelloRequest handshake message", hrm); 183 } 184 185 if (!chc.kickstartMessageDelivered) { 186 if (!chc.conContext.secureRenegotiation && 187 !HandshakeContext.allowUnsafeRenegotiation) { 188 chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, 189 "Unsafe renegotiation is not allowed"); 190 } 191 192 if (!chc.conContext.secureRenegotiation) { 193 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { 194 SSLLogger.warning( 195 "Continue with insecure renegotiation"); 196 } 197 } 198 199 // update the responders 200 chc.handshakeProducers.put( 201 SSLHandshake.CLIENT_HELLO.id, 202 SSLHandshake.CLIENT_HELLO); 203 204 // 205 // produce response handshake message 206 // 207 SSLHandshake.CLIENT_HELLO.produce(context, hrm); 208 } else { 209 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { 210 SSLLogger.fine( 211 "Ingore HelloRequest, handshaking is in progress"); 212 } 213 } 214 } 215 } 216 } 217