1 /* 2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.io.IOException; 29 import java.nio.ByteBuffer; 30 import java.text.MessageFormat; 31 import java.util.Collection; 32 import java.util.Collections; 33 import java.util.LinkedList; 34 import java.util.Locale; 35 import sun.security.ssl.SSLHandshake.HandshakeMessage; 36 import sun.security.util.HexDumpEncoder; 37 38 enum SSLExtension implements SSLStringize { 39 // Extensions defined in RFC 3546 40 CH_SERVER_NAME (0x0000, "server_name", 41 SSLHandshake.CLIENT_HELLO, 42 ProtocolVersion.PROTOCOLS_TO_13, 43 ServerNameExtension.chNetworkProducer, 44 ServerNameExtension.chOnLoadConcumer, 45 null, 46 null, 47 ServerNameExtension.chStringize), 48 SH_SERVER_NAME (0x0000, "server_name", 49 SSLHandshake.SERVER_HELLO, 50 ProtocolVersion.PROTOCOLS_TO_12, 51 ServerNameExtension.shNetworkProducer, 52 ServerNameExtension.shOnLoadConcumer, 53 null, 54 null, 55 ServerNameExtension.shStringize), 56 EE_SERVER_NAME (0x0000, "server_name", 57 SSLHandshake.ENCRYPTED_EXTENSIONS, 58 ProtocolVersion.PROTOCOLS_OF_13, 59 ServerNameExtension.eeNetworkProducer, 60 ServerNameExtension.eeOnLoadConcumer, 61 null, 62 null, 63 ServerNameExtension.shStringize), 64 CH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", 65 SSLHandshake.CLIENT_HELLO, 66 ProtocolVersion.PROTOCOLS_TO_13, 67 MaxFragExtension.chNetworkProducer, 68 MaxFragExtension.chOnLoadConcumer, 69 null, 70 null, 71 MaxFragExtension.maxFragLenStringize), 72 SH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", 73 SSLHandshake.SERVER_HELLO, 74 ProtocolVersion.PROTOCOLS_TO_12, 75 MaxFragExtension.shNetworkProducer, 76 MaxFragExtension.shOnLoadConcumer, 77 null, 78 MaxFragExtension.shOnTradeConsumer, 79 MaxFragExtension.maxFragLenStringize), 80 EE_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", 81 SSLHandshake.ENCRYPTED_EXTENSIONS, 82 ProtocolVersion.PROTOCOLS_OF_13, 83 MaxFragExtension.eeNetworkProducer, 84 MaxFragExtension.eeOnLoadConcumer, 85 null, 86 MaxFragExtension.eeOnTradeConsumer, 87 MaxFragExtension.maxFragLenStringize), 88 CLIENT_CERTIFICATE_URL (0x0002, "client_certificate_url"), 89 TRUSTED_CA_KEYS (0x0003, "trusted_ca_keys"), 90 TRUNCATED_HMAC (0x0004, "truncated_hmac"), 91 92 CH_STATUS_REQUEST (0x0005, "status_request", 93 SSLHandshake.CLIENT_HELLO, 94 ProtocolVersion.PROTOCOLS_TO_13, 95 CertStatusExtension.chNetworkProducer, 96 CertStatusExtension.chOnLoadConsumer, 97 null, 98 null, 99 CertStatusExtension.certStatusReqStringize), 100 SH_STATUS_REQUEST (0x0005, "status_request", 101 SSLHandshake.SERVER_HELLO, 102 ProtocolVersion.PROTOCOLS_TO_12, 103 CertStatusExtension.shNetworkProducer, 104 CertStatusExtension.shOnLoadConsumer, 105 null, 106 null, 107 CertStatusExtension.certStatusReqStringize), 108 109 CR_STATUS_REQUEST (0x0005, "status_request"), 110 CT_STATUS_REQUEST (0x0005, "status_request", 111 SSLHandshake.CERTIFICATE, 112 ProtocolVersion.PROTOCOLS_OF_13, 113 CertStatusExtension.ctNetworkProducer, 114 CertStatusExtension.ctOnLoadConsumer, 115 null, 116 null, 117 CertStatusExtension.certStatusRespStringize), 118 // extensions defined in RFC 4681 119 USER_MAPPING (0x0006, "user_mapping"), 120 121 // extensions defined in RFC 5878 122 CLIENT_AUTHZ (0x0007, "client_authz"), 123 SERVER_AUTHZ (0x0008, "server_authz"), 124 125 // extensions defined in RFC 5081 126 CERT_TYPE (0x0009, "cert_type"), 127 128 // extensions defined in RFC 4492 (ECC) 129 CH_SUPPORTED_GROUPS (0x000A, "supported_groups", 130 SSLHandshake.CLIENT_HELLO, 131 ProtocolVersion.PROTOCOLS_TO_13, 132 SupportedGroupsExtension.chNetworkProducer, 133 SupportedGroupsExtension.chOnLoadConcumer, 134 null, 135 null, 136 SupportedGroupsExtension.sgsStringize), 137 EE_SUPPORTED_GROUPS (0x000A, "supported_groups", 138 SSLHandshake.ENCRYPTED_EXTENSIONS, 139 ProtocolVersion.PROTOCOLS_OF_13, 140 SupportedGroupsExtension.eeNetworkProducer, 141 SupportedGroupsExtension.eeOnLoadConcumer, 142 null, 143 null, 144 SupportedGroupsExtension.sgsStringize), 145 146 CH_EC_POINT_FORMATS (0x000B, "ec_point_formats", 147 SSLHandshake.CLIENT_HELLO, 148 ProtocolVersion.PROTOCOLS_TO_12, 149 ECPointFormatsExtension.chNetworkProducer, 150 ECPointFormatsExtension.chOnLoadConcumer, 151 null, 152 null, 153 ECPointFormatsExtension.epfStringize), 154 SH_EC_POINT_FORMATS (0x000B, "ec_point_formats", 155 SSLHandshake.SERVER_HELLO, 156 ProtocolVersion.PROTOCOLS_TO_12, 157 null, // not use of the producer 158 ECPointFormatsExtension.shOnLoadConcumer, 159 null, 160 null, 161 ECPointFormatsExtension.epfStringize), 162 163 // extensions defined in RFC 5054 164 SRP (0x000C, "srp"), 165 166 // extensions defined in RFC 5246 167 CH_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", 168 SSLHandshake.CLIENT_HELLO, 169 ProtocolVersion.PROTOCOLS_12_13, 170 SignatureAlgorithmsExtension.chNetworkProducer, 171 SignatureAlgorithmsExtension.chOnLoadConcumer, 172 SignatureAlgorithmsExtension.chOnLoadAbsence, 173 SignatureAlgorithmsExtension.chOnTradeConsumer, 174 SignatureAlgorithmsExtension.ssStringize), 175 CR_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", 176 SSLHandshake.CERTIFICATE_REQUEST, 177 ProtocolVersion.PROTOCOLS_OF_13, 178 SignatureAlgorithmsExtension.crNetworkProducer, 179 SignatureAlgorithmsExtension.crOnLoadConcumer, 180 SignatureAlgorithmsExtension.crOnLoadAbsence, 181 SignatureAlgorithmsExtension.crOnTradeConsumer, 182 SignatureAlgorithmsExtension.ssStringize), 183 184 CH_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", 185 SSLHandshake.CLIENT_HELLO, 186 ProtocolVersion.PROTOCOLS_12_13, 187 CertSignAlgsExtension.chNetworkProducer, 188 CertSignAlgsExtension.chOnLoadConcumer, 189 null, 190 CertSignAlgsExtension.chOnTradeConsumer, 191 CertSignAlgsExtension.ssStringize), 192 CR_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", 193 SSLHandshake.CERTIFICATE_REQUEST, 194 ProtocolVersion.PROTOCOLS_OF_13, 195 CertSignAlgsExtension.crNetworkProducer, 196 CertSignAlgsExtension.crOnLoadConcumer, 197 null, 198 CertSignAlgsExtension.crOnTradeConsumer, 199 CertSignAlgsExtension.ssStringize), 200 201 // extensions defined in RFC 5764 202 USE_SRTP (0x000E, "use_srtp"), 203 204 // extensions defined in RFC 6520 205 HEARTBEAT (0x000E, "heartbeat"), 206 207 // extension defined in RFC 7301 (ALPN) 208 CH_ALPN (0x0010, "application_layer_protocol_negotiation", 209 SSLHandshake.CLIENT_HELLO, 210 ProtocolVersion.PROTOCOLS_TO_13, 211 AlpnExtension.chNetworkProducer, 212 AlpnExtension.chOnLoadConcumer, 213 AlpnExtension.chOnLoadAbsence, 214 null, 215 AlpnExtension.alpnStringize), 216 SH_ALPN (0x0010, "application_layer_protocol_negotiation", 217 SSLHandshake.SERVER_HELLO, 218 ProtocolVersion.PROTOCOLS_TO_12, 219 AlpnExtension.shNetworkProducer, 220 AlpnExtension.shOnLoadConcumer, 221 AlpnExtension.shOnLoadAbsence, 222 null, 223 AlpnExtension.alpnStringize), 224 EE_ALPN (0x0010, "application_layer_protocol_negotiation", 225 SSLHandshake.ENCRYPTED_EXTENSIONS, 226 ProtocolVersion.PROTOCOLS_OF_13, 227 AlpnExtension.shNetworkProducer, 228 AlpnExtension.shOnLoadConcumer, 229 AlpnExtension.shOnLoadAbsence, 230 null, 231 AlpnExtension.alpnStringize), 232 233 // extensions defined in RFC 6961 234 CH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", 235 SSLHandshake.CLIENT_HELLO, 236 ProtocolVersion.PROTOCOLS_TO_12, 237 CertStatusExtension.chV2NetworkProducer, 238 CertStatusExtension.chV2OnLoadConsumer, 239 null, 240 null, 241 CertStatusExtension.certStatusReqV2Stringize), 242 SH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", 243 SSLHandshake.SERVER_HELLO, 244 ProtocolVersion.PROTOCOLS_TO_12, 245 CertStatusExtension.shV2NetworkProducer, 246 CertStatusExtension.shV2OnLoadConsumer, 247 null, 248 null, 249 CertStatusExtension.certStatusReqV2Stringize), 250 251 // extensions defined in RFC 6962 252 SIGNED_CERT_TIMESTAMP (0x0012, "signed_certificate_timestamp"), 253 254 // extensions defined in RFC 7250 255 CLIENT_CERT_TYPE (0x0013, "padding"), 256 SERVER_CERT_TYPE (0x0014, "server_certificate_type"), 257 258 // extensions defined in RFC 7685 259 PADDING (0x0015, "client_certificate_type"), 260 261 // extensions defined in RFC 7366 262 ENCRYPT_THEN_MAC (0x0016, "encrypt_then_mac"), 263 264 // extensions defined in RFC 7627 265 CH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", 266 SSLHandshake.CLIENT_HELLO, 267 ProtocolVersion.PROTOCOLS_10_12, 268 ExtendedMasterSecretExtension.chNetworkProducer, 269 ExtendedMasterSecretExtension.chOnLoadConcumer, 270 ExtendedMasterSecretExtension.chOnLoadAbsence, 271 null, 272 ExtendedMasterSecretExtension.emsStringize), 273 SH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", 274 SSLHandshake.SERVER_HELLO, 275 ProtocolVersion.PROTOCOLS_10_12, 276 ExtendedMasterSecretExtension.shNetworkProducer, 277 ExtendedMasterSecretExtension.shOnLoadConcumer, 278 ExtendedMasterSecretExtension.shOnLoadAbsence, 279 null, 280 ExtendedMasterSecretExtension.emsStringize), 281 282 // extensions defined in RFC draft-ietf-tokbind-negotiation 283 TOKEN_BINDING (0x0018, "token_binding "), 284 285 // extensions defined in RFC 7924 286 CACHED_INFO (0x0019, "cached_info"), 287 288 // extensions defined in RFC 4507/5077 289 SESSION_TICKET (0x0023, "session_ticket"), 290 291 // extensions defined in TLS 1.3 292 CH_EARLY_DATA (0x002A, "early_data"), 293 EE_EARLY_DATA (0x002A, "early_data"), 294 NST_EARLY_DATA (0x002A, "early_data"), 295 296 CH_SUPPORTED_VERSIONS (0x002B, "supported_versions", 297 SSLHandshake.CLIENT_HELLO, 298 ProtocolVersion.PROTOCOLS_OF_13, 299 SupportedVersionsExtension.chNetworkProducer, 300 SupportedVersionsExtension.chOnLoadConcumer, 301 null, 302 null, 303 SupportedVersionsExtension.chStringize), 304 SH_SUPPORTED_VERSIONS (0x002B, "supported_versions", 305 SSLHandshake.SERVER_HELLO, 306 // and HelloRetryRequest 307 ProtocolVersion.PROTOCOLS_OF_13, 308 SupportedVersionsExtension.shNetworkProducer, 309 SupportedVersionsExtension.shOnLoadConcumer, 310 null, 311 null, 312 SupportedVersionsExtension.shStringize), 313 HRR_SUPPORTED_VERSIONS (0x002B, "supported_versions", 314 SSLHandshake.HELLO_RETRY_REQUEST, 315 ProtocolVersion.PROTOCOLS_OF_13, 316 SupportedVersionsExtension.hrrNetworkProducer, 317 SupportedVersionsExtension.hrrOnLoadConcumer, 318 null, 319 null, 320 SupportedVersionsExtension.hrrStringize), 321 MH_SUPPORTED_VERSIONS (0x002B, "supported_versions", 322 SSLHandshake.MESSAGE_HASH, 323 ProtocolVersion.PROTOCOLS_OF_13, 324 SupportedVersionsExtension.hrrReproducer, 325 null, null, null, 326 SupportedVersionsExtension.hrrStringize), 327 328 CH_COOKIE (0x002C, "cookie", 329 SSLHandshake.CLIENT_HELLO, 330 ProtocolVersion.PROTOCOLS_OF_13, 331 CookieExtension.chNetworkProducer, 332 CookieExtension.chOnLoadConcumer, 333 null, 334 CookieExtension.chOnTradeConsumer, 335 CookieExtension.cookieStringize), 336 HRR_COOKIE (0x002C, "cookie", 337 SSLHandshake.HELLO_RETRY_REQUEST, 338 ProtocolVersion.PROTOCOLS_OF_13, 339 CookieExtension.hrrNetworkProducer, 340 CookieExtension.hrrOnLoadConcumer, 341 null, null, 342 CookieExtension.cookieStringize), 343 MH_COOKIE (0x002C, "cookie", 344 SSLHandshake.MESSAGE_HASH, 345 ProtocolVersion.PROTOCOLS_OF_13, 346 CookieExtension.hrrNetworkReproducer, 347 null, null, null, 348 CookieExtension.cookieStringize), 349 350 PSK_KEY_EXCHANGE_MODES (0x002D, "psk_key_exchange_modes", 351 SSLHandshake.CLIENT_HELLO, 352 ProtocolVersion.PROTOCOLS_OF_13, 353 PskKeyExchangeModesExtension.chNetworkProducer, 354 PskKeyExchangeModesExtension.chOnLoadConsumer, 355 null, null, null), 356 CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities"), 357 OID_FILTERS (0x0030, "oid_filters"), 358 POST_HANDSHAKE_AUTH (0x0030, "post_handshake_auth"), 359 360 CH_KEY_SHARE (0x0033, "key_share", 361 SSLHandshake.CLIENT_HELLO, 362 ProtocolVersion.PROTOCOLS_OF_13, 363 KeyShareExtension.chNetworkProducer, 364 KeyShareExtension.chOnLoadConcumer, 365 null, null, 366 KeyShareExtension.chStringize), 367 SH_KEY_SHARE (0x0033, "key_share", 368 SSLHandshake.SERVER_HELLO, 369 ProtocolVersion.PROTOCOLS_OF_13, 370 KeyShareExtension.shNetworkProducer, 371 KeyShareExtension.shOnLoadConcumer, 372 KeyShareExtension.shOnLoadAbsence, 373 null, 374 KeyShareExtension.shStringize), 375 HRR_KEY_SHARE (0x0033, "key_share", 376 SSLHandshake.HELLO_RETRY_REQUEST, 377 ProtocolVersion.PROTOCOLS_OF_13, 378 KeyShareExtension.hrrNetworkProducer, 379 KeyShareExtension.hrrOnLoadConcumer, 380 null, null, 381 KeyShareExtension.hrrStringize), 382 MH_KEY_SHARE (0x0033, "key_share", 383 SSLHandshake.MESSAGE_HASH, 384 ProtocolVersion.PROTOCOLS_OF_13, 385 KeyShareExtension.hrrNetworkReproducer, 386 null, null, null, 387 KeyShareExtension.hrrStringize), 388 389 // Extensions defined in RFC 5746 390 CH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", 391 SSLHandshake.CLIENT_HELLO, 392 ProtocolVersion.PROTOCOLS_TO_12, 393 RenegoInfoExtension.chNetworkProducer, 394 RenegoInfoExtension.chOnLoadConcumer, 395 RenegoInfoExtension.chOnLoadAbsence, 396 null, 397 RenegoInfoExtension.rniStringize), 398 SH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", 399 SSLHandshake.SERVER_HELLO, 400 ProtocolVersion.PROTOCOLS_TO_12, 401 RenegoInfoExtension.shNetworkProducer, 402 RenegoInfoExtension.shOnLoadConcumer, 403 RenegoInfoExtension.shOnLoadAbsence, 404 null, 405 RenegoInfoExtension.rniStringize), 406 407 // TLS 1.3 PSK extension must be last 408 CH_PRE_SHARED_KEY (0x0029, "pre_shared_key", 409 SSLHandshake.CLIENT_HELLO, 410 ProtocolVersion.PROTOCOLS_OF_13, 411 PreSharedKeyExtension.chNetworkProducer, 412 PreSharedKeyExtension.chOnLoadConsumer, 413 PreSharedKeyExtension.chOnLoadAbsence, 414 PreSharedKeyExtension.chOnTradeConsumer, 415 null), 416 SH_PRE_SHARED_KEY (0x0029, "pre_shared_key", 417 SSLHandshake.SERVER_HELLO, 418 ProtocolVersion.PROTOCOLS_OF_13, 419 PreSharedKeyExtension.shNetworkProducer, 420 PreSharedKeyExtension.shOnLoadConsumer, 421 PreSharedKeyExtension.shOnLoadAbsence, 422 null, null); 423 424 final int id; 425 final SSLHandshake handshakeType; 426 final String name; 427 final ProtocolVersion[] supportedProtocols; 428 final HandshakeProducer networkProducer; 429 final ExtensionConsumer onLoadConcumer; 430 final HandshakeAbsence onLoadAbsence; 431 final HandshakeConsumer onTradeConsumer; 432 final SSLStringize stringize; 433 434 // known but unsupported extension 435 private SSLExtension(int id, String name) { 436 this.id = id; 437 this.handshakeType = SSLHandshake.NOT_APPLICABLE; 438 this.name = name; 439 this.supportedProtocols = new ProtocolVersion[0]; 440 this.networkProducer = null; 441 this.onLoadConcumer = null; 442 this.onLoadAbsence = null; 443 this.onTradeConsumer = null; 444 this.stringize = null; 445 } 446 447 // supported extension 448 private SSLExtension(int id, String name, SSLHandshake handshakeType, 449 ProtocolVersion[] supportedProtocols, 450 HandshakeProducer producer, 451 ExtensionConsumer onLoadConcumer, HandshakeAbsence onLoadAbsence, 452 HandshakeConsumer onTradeConsumer, SSLStringize stringize) { 453 454 this.id = id; 455 this.handshakeType = handshakeType; 456 this.name = name; 457 this.supportedProtocols = supportedProtocols; 458 this.networkProducer = producer; 459 this.onLoadConcumer = onLoadConcumer; 460 this.onLoadAbsence = onLoadAbsence; 461 this.onTradeConsumer = onTradeConsumer; 462 this.stringize = stringize; 463 } 464 465 static SSLExtension valueOf(SSLHandshake handshakeType, int extensionType) { 466 for (SSLExtension ext : SSLExtension.values()) { 467 if (ext.id == extensionType && 468 ext.handshakeType == handshakeType) { 469 return ext; 470 } 471 } 472 473 return null; 474 } 475 476 static boolean isConsumable(int extensionType) { 477 for (SSLExtension ext : SSLExtension.values()) { 478 if (ext.id == extensionType && 479 ext.onLoadConcumer != null) { 480 return true; 481 } 482 } 483 484 return false; 485 } 486 487 public byte[] produce(ConnectionContext context, 488 HandshakeMessage message) throws IOException { 489 if (networkProducer != null) { 490 return networkProducer.produce(context, message); 491 } else { 492 throw new UnsupportedOperationException( 493 "Not yet supported extension producing."); 494 } 495 } 496 497 public void consumeOnLoad(ConnectionContext context, 498 HandshakeMessage message, ByteBuffer buffer) throws IOException { 499 if (onLoadConcumer != null) { 500 onLoadConcumer.consume(context, message, buffer); 501 } else { 502 throw new UnsupportedOperationException( 503 "Not yet supported extension loading."); 504 } 505 } 506 507 public void consumeOnTrade(ConnectionContext context, 508 HandshakeMessage message) throws IOException { 509 if (onTradeConsumer != null) { 510 onTradeConsumer.consume(context, message); 511 } else { 512 throw new UnsupportedOperationException( 513 "Not yet supported extension processing."); 514 } 515 } 516 517 void absent(ConnectionContext context, 518 HandshakeMessage message) throws IOException { 519 if (onLoadAbsence != null) { 520 onLoadAbsence.absent(context, message); 521 } else { 522 throw new UnsupportedOperationException( 523 "Not yet supported extension absence processing."); 524 } 525 } 526 527 public boolean isAvailable(ProtocolVersion protocolVersion) { 528 /* 529 for (ProtocolVersion pv : supportedProtocols) { 530 if (pv == protocolVersion) { 531 return true; 532 } 533 } 534 */ 535 for (int i = 0; i < supportedProtocols.length; i++) { 536 if (supportedProtocols[i] == protocolVersion) { 537 return true; 538 } 539 } 540 541 return false; 542 } 543 544 @Override 545 public String toString() { 546 return name; 547 } 548 549 @Override 550 public String toString(ByteBuffer byteBuffer) { 551 MessageFormat messageFormat = new MessageFormat( 552 "\"{0} ({1})\": '{'\n" + 553 "{2}\n" + 554 "'}'", 555 Locale.ENGLISH); 556 557 String extData; 558 if (stringize == null) { 559 HexDumpEncoder hexEncoder = new HexDumpEncoder(); 560 String encoded = hexEncoder.encode(byteBuffer.duplicate()); 561 extData = encoded; 562 } else { 563 extData = stringize.toString(byteBuffer); 564 } 565 566 Object[] messageFields = { 567 this.name, 568 this.id, 569 Utilities.indent(extData) 570 }; 571 572 return messageFormat.format(messageFields); 573 } 574 575 ////////////////////////////////////////////////////// 576 // Nested extension, consumer and producer interfaces. 577 578 static interface ExtensionConsumer { 579 void consume(ConnectionContext context, 580 HandshakeMessage message, ByteBuffer buffer) throws IOException; 581 } 582 583 /** 584 * A (transparent) specification of extension data. 585 * 586 * This interface contains no methods or constants. Its only purpose is to 587 * group all extension data. All extension data should implement this 588 * interface if the data is expected to handle in the following handshake 589 * processes. 590 */ 591 static interface SSLExtensionSpec { 592 // blank 593 } 594 595 // Default enabled client extensions. 596 static final class ClientExtensions { 597 static final Collection<SSLExtension> defaults; 598 599 static { 600 Collection<SSLExtension> extensions = new LinkedList<>(); 601 for (SSLExtension extension : SSLExtension.values()) { 602 if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) { 603 extensions.add(extension); 604 } 605 } 606 607 // Switch off SNI extention? 608 boolean enableExtension = 609 Utilities.getBooleanProperty("jsse.enableSNIExtension", true); 610 if (!enableExtension) { 611 extensions.remove(CH_SERVER_NAME); 612 } 613 614 // To switch off the max_fragment_length extension. 615 enableExtension = 616 Utilities.getBooleanProperty("jsse.enableMFLExtension", false); 617 if (!enableExtension) { 618 extensions.remove(CH_MAX_FRAGMENT_LENGTH); 619 } 620 621 // enableExtension = Utilities.getBooleanProperty( 622 // "jdk.tls.client.enableStatusRequestExtension", true); 623 // if (!enableExtension) { 624 // extensions.remove(CH_STATUS_REQUEST); 625 // extensions.remove(CR_STATUS_REQUEST); 626 // extensions.remove(CT_STATUS_REQUEST); 627 // 628 // extensions.remove(CH_STATUS_REQUEST_V2); 629 // } 630 631 if (!SSLConfiguration.useExtendedMasterSecret) { 632 extensions.remove(CH_EXTENDED_MASTER_SECRET); 633 } 634 635 defaults = Collections.unmodifiableCollection(extensions); 636 } 637 } 638 639 // Default enabled server extensions. 640 static final class ServerExtensions { 641 static final Collection<SSLExtension> defaults; 642 643 static { 644 Collection<SSLExtension> extensions = new LinkedList<>(); 645 for (SSLExtension extension : SSLExtension.values()) { 646 if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) { 647 extensions.add(extension); 648 } 649 } 650 651 /* 652 // Switch off SNI extention? 653 boolean enableExtension = 654 Utilities.getBooleanProperty("jsse.enableSNIExtension", true); 655 if (!enableExtension) { 656 extensions.remove(CH_SERVER_NAME); 657 extensions.remove(SH_SERVER_NAME); 658 extensions.remove(EE_SERVER_NAME); 659 } 660 661 // To switch off the max_fragment_length extension. 662 enableExtension = 663 Utilities.getBooleanProperty("jsse.enableMFLExtension", false); 664 if (!enableExtension) { 665 extensions.remove(CH_MAX_FRAGMENT_LENGTH); 666 extensions.remove(SH_MAX_FRAGMENT_LENGTH); 667 extensions.remove(EE_MAX_FRAGMENT_LENGTH); 668 } 669 */ 670 671 // enableExtension = Utilities.getBooleanProperty( 672 // "jdk.tls.server.enableStatusRequestExtension", true); 673 // if (!enableExtension) { 674 // extensions.remove(CH_STATUS_REQUEST); 675 // extensions.remove(SH_STATUS_REQUEST); 676 // extensions.remove(CR_STATUS_REQUEST); 677 // extensions.remove(CT_STATUS_REQUEST); 678 // 679 // extensions.remove(SH_STATUS_REQUEST_V2); 680 // } 681 682 /* 683 if (!SSLConfiguration.useExtendedMasterSecret) { 684 extensions.remove(CH_EXTENDED_MASTER_SECRET); 685 extensions.remove(SH_EXTENDED_MASTER_SECRET); 686 } 687 */ 688 defaults = Collections.unmodifiableCollection(extensions); 689 } 690 } 691 }