1 /*
2 * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.io.IOException;
29
30 import javax.net.ssl.SSLProtocolException;
31
32 /*
33 * For secure renegotiation, RFC5746 defines a new TLS extension,
34 * "renegotiation_info" (with extension type 0xff01), which contains a
35 * cryptographic binding to the enclosing TLS connection (if any) for
36 * which the renegotiation is being performed. The "extension data"
37 * field of this extension contains a "RenegotiationInfo" structure:
38 *
39 * struct {
40 * opaque renegotiated_connection<0..255>;
41 * } RenegotiationInfo;
42 */
43 final class RenegotiationInfoExtension extends HelloExtension {
44 private final byte[] renegotiated_connection;
45
46 RenegotiationInfoExtension(byte[] clientVerifyData,
47 byte[] serverVerifyData) {
48 super(ExtensionType.EXT_RENEGOTIATION_INFO);
49
50 if (clientVerifyData.length != 0) {
51 renegotiated_connection =
52 new byte[clientVerifyData.length + serverVerifyData.length];
53 System.arraycopy(clientVerifyData, 0, renegotiated_connection,
54 0, clientVerifyData.length);
55
56 if (serverVerifyData.length != 0) {
57 System.arraycopy(serverVerifyData, 0, renegotiated_connection,
58 clientVerifyData.length, serverVerifyData.length);
59 }
60 } else {
61 // ignore both the client and server verify data.
62 renegotiated_connection = new byte[0];
63 }
64 }
65
66 RenegotiationInfoExtension(HandshakeInStream s, int len)
67 throws IOException {
68 super(ExtensionType.EXT_RENEGOTIATION_INFO);
69
70 // check the extension length
71 if (len < 1) {
72 throw new SSLProtocolException("Invalid " + type + " extension");
73 }
74
75 int renegoInfoDataLen = s.getInt8();
76 if (renegoInfoDataLen + 1 != len) { // + 1 = the byte we just read
77 throw new SSLProtocolException("Invalid " + type + " extension");
78 }
79
80 renegotiated_connection = new byte[renegoInfoDataLen];
81 if (renegoInfoDataLen != 0) {
82 s.read(renegotiated_connection, 0, renegoInfoDataLen);
83 }
84 }
85
86
87 // Length of the encoded extension, including the type and length fields
88 @Override
89 int length() {
90 return 5 + renegotiated_connection.length;
91 }
92
93 @Override
94 void send(HandshakeOutStream s) throws IOException {
95 s.putInt16(type.id);
96 s.putInt16(renegotiated_connection.length + 1);
97 s.putBytes8(renegotiated_connection);
98 }
99
100 boolean isEmpty() {
101 return renegotiated_connection.length == 0;
102 }
103
104 byte[] getRenegotiatedConnection() {
105 return renegotiated_connection;
106 }
107
108 @Override
109 public String toString() {
110 return "Extension " + type + ", renegotiated_connection: " +
111 (renegotiated_connection.length == 0 ? "<empty>" :
112 Debug.toString(renegotiated_connection));
113 }
114
115 }