1 /*
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.io.IOException;
29 import java.nio.ByteBuffer;
30 import java.text.MessageFormat;
31 import java.util.Collection;
32 import java.util.Collections;
33 import java.util.LinkedList;
34 import java.util.Locale;
35 import sun.security.ssl.SSLHandshake.HandshakeMessage;
36 import sun.security.util.HexDumpEncoder;
37
38 enum SSLExtension implements SSLStringize {
39 // Extensions defined in RFC 3546
40 CH_SERVER_NAME (0x0000, "server_name",
41 SSLHandshake.CLIENT_HELLO,
42 ProtocolVersion.PROTOCOLS_TO_13,
43 ServerNameExtension.chNetworkProducer,
44 ServerNameExtension.chOnLoadConcumer,
45 null,
46 null,
47 ServerNameExtension.chStringize),
48 SH_SERVER_NAME (0x0000, "server_name",
49 SSLHandshake.SERVER_HELLO,
50 ProtocolVersion.PROTOCOLS_TO_12,
51 ServerNameExtension.shNetworkProducer,
52 ServerNameExtension.shOnLoadConcumer,
53 null,
54 null,
55 ServerNameExtension.shStringize),
56 EE_SERVER_NAME (0x0000, "server_name",
57 SSLHandshake.ENCRYPTED_EXTENSIONS,
58 ProtocolVersion.PROTOCOLS_OF_13,
59 ServerNameExtension.eeNetworkProducer,
60 ServerNameExtension.eeOnLoadConcumer,
61 null,
62 null,
63 ServerNameExtension.shStringize),
64 CH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length",
65 SSLHandshake.CLIENT_HELLO,
66 ProtocolVersion.PROTOCOLS_TO_13,
67 MaxFragExtension.chNetworkProducer,
68 MaxFragExtension.chOnLoadConcumer,
69 null,
70 null,
71 MaxFragExtension.maxFragLenStringize),
72 SH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length",
73 SSLHandshake.SERVER_HELLO,
74 ProtocolVersion.PROTOCOLS_TO_12,
75 MaxFragExtension.shNetworkProducer,
76 MaxFragExtension.shOnLoadConcumer,
77 null,
78 MaxFragExtension.shOnTradeConsumer,
79 MaxFragExtension.maxFragLenStringize),
80 EE_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length",
81 SSLHandshake.ENCRYPTED_EXTENSIONS,
82 ProtocolVersion.PROTOCOLS_OF_13,
83 MaxFragExtension.eeNetworkProducer,
84 MaxFragExtension.eeOnLoadConcumer,
85 null,
86 MaxFragExtension.eeOnTradeConsumer,
87 MaxFragExtension.maxFragLenStringize),
88 CLIENT_CERTIFICATE_URL (0x0002, "client_certificate_url"),
89 TRUSTED_CA_KEYS (0x0003, "trusted_ca_keys"),
90 TRUNCATED_HMAC (0x0004, "truncated_hmac"),
91
92 CH_STATUS_REQUEST (0x0005, "status_request",
93 SSLHandshake.CLIENT_HELLO,
94 ProtocolVersion.PROTOCOLS_TO_13,
95 CertStatusExtension.chNetworkProducer,
96 CertStatusExtension.chOnLoadConsumer,
97 null,
98 null,
99 CertStatusExtension.certStatusReqStringize),
100 SH_STATUS_REQUEST (0x0005, "status_request",
101 SSLHandshake.SERVER_HELLO,
102 ProtocolVersion.PROTOCOLS_TO_12,
103 CertStatusExtension.shNetworkProducer,
104 CertStatusExtension.shOnLoadConsumer,
105 null,
106 null,
107 CertStatusExtension.certStatusReqStringize),
108
109 CR_STATUS_REQUEST (0x0005, "status_request"),
110 CT_STATUS_REQUEST (0x0005, "status_request",
111 SSLHandshake.CERTIFICATE,
112 ProtocolVersion.PROTOCOLS_OF_13,
113 CertStatusExtension.ctNetworkProducer,
114 CertStatusExtension.ctOnLoadConsumer,
115 null,
116 null,
117 CertStatusExtension.certStatusRespStringize),
118 // extensions defined in RFC 4681
119 USER_MAPPING (0x0006, "user_mapping"),
120
121 // extensions defined in RFC 5878
122 CLIENT_AUTHZ (0x0007, "client_authz"),
123 SERVER_AUTHZ (0x0008, "server_authz"),
124
125 // extensions defined in RFC 5081
126 CERT_TYPE (0x0009, "cert_type"),
127
128 // extensions defined in RFC 4492 (ECC)
129 CH_SUPPORTED_GROUPS (0x000A, "supported_groups",
130 SSLHandshake.CLIENT_HELLO,
131 ProtocolVersion.PROTOCOLS_TO_13,
132 SupportedGroupsExtension.chNetworkProducer,
133 SupportedGroupsExtension.chOnLoadConcumer,
134 null,
135 null,
136 SupportedGroupsExtension.sgsStringize),
137 EE_SUPPORTED_GROUPS (0x000A, "supported_groups",
138 SSLHandshake.ENCRYPTED_EXTENSIONS,
139 ProtocolVersion.PROTOCOLS_OF_13,
140 SupportedGroupsExtension.eeNetworkProducer,
141 SupportedGroupsExtension.eeOnLoadConcumer,
142 null,
143 null,
144 SupportedGroupsExtension.sgsStringize),
145
146 CH_EC_POINT_FORMATS (0x000B, "ec_point_formats",
147 SSLHandshake.CLIENT_HELLO,
148 ProtocolVersion.PROTOCOLS_TO_12,
149 ECPointFormatsExtension.chNetworkProducer,
150 ECPointFormatsExtension.chOnLoadConcumer,
151 null,
152 null,
153 ECPointFormatsExtension.epfStringize),
154 SH_EC_POINT_FORMATS (0x000B, "ec_point_formats",
155 SSLHandshake.SERVER_HELLO,
156 ProtocolVersion.PROTOCOLS_TO_12,
157 null, // not use of the producer
158 ECPointFormatsExtension.shOnLoadConcumer,
159 null,
160 null,
161 ECPointFormatsExtension.epfStringize),
162
163 // extensions defined in RFC 5054
164 SRP (0x000C, "srp"),
165
166 // extensions defined in RFC 5246
167 CH_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms",
168 SSLHandshake.CLIENT_HELLO,
169 ProtocolVersion.PROTOCOLS_12_13,
170 SignatureAlgorithmsExtension.chNetworkProducer,
171 SignatureAlgorithmsExtension.chOnLoadConcumer,
172 SignatureAlgorithmsExtension.chOnLoadAbsence,
173 SignatureAlgorithmsExtension.chOnTradeConsumer,
174 SignatureAlgorithmsExtension.ssStringize),
175 CR_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms",
176 SSLHandshake.CERTIFICATE_REQUEST,
177 ProtocolVersion.PROTOCOLS_OF_13,
178 SignatureAlgorithmsExtension.crNetworkProducer,
179 SignatureAlgorithmsExtension.crOnLoadConcumer,
180 SignatureAlgorithmsExtension.crOnLoadAbsence,
181 SignatureAlgorithmsExtension.crOnTradeConsumer,
182 SignatureAlgorithmsExtension.ssStringize),
183
184 CH_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert",
185 SSLHandshake.CLIENT_HELLO,
186 ProtocolVersion.PROTOCOLS_12_13,
187 CertSignAlgsExtension.chNetworkProducer,
188 CertSignAlgsExtension.chOnLoadConcumer,
189 null,
190 CertSignAlgsExtension.chOnTradeConsumer,
191 CertSignAlgsExtension.ssStringize),
192 CR_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert",
193 SSLHandshake.CERTIFICATE_REQUEST,
194 ProtocolVersion.PROTOCOLS_OF_13,
195 CertSignAlgsExtension.crNetworkProducer,
196 CertSignAlgsExtension.crOnLoadConcumer,
197 null,
198 CertSignAlgsExtension.crOnTradeConsumer,
199 CertSignAlgsExtension.ssStringize),
200
201 // extensions defined in RFC 5764
202 USE_SRTP (0x000E, "use_srtp"),
203
204 // extensions defined in RFC 6520
205 HEARTBEAT (0x000E, "heartbeat"),
206
207 // extension defined in RFC 7301 (ALPN)
208 CH_ALPN (0x0010, "application_layer_protocol_negotiation",
209 SSLHandshake.CLIENT_HELLO,
210 ProtocolVersion.PROTOCOLS_TO_13,
211 AlpnExtension.chNetworkProducer,
212 AlpnExtension.chOnLoadConcumer,
213 AlpnExtension.chOnLoadAbsence,
214 null,
215 AlpnExtension.alpnStringize),
216 SH_ALPN (0x0010, "application_layer_protocol_negotiation",
217 SSLHandshake.SERVER_HELLO,
218 ProtocolVersion.PROTOCOLS_TO_12,
219 AlpnExtension.shNetworkProducer,
220 AlpnExtension.shOnLoadConcumer,
221 AlpnExtension.shOnLoadAbsence,
222 null,
223 AlpnExtension.alpnStringize),
224 EE_ALPN (0x0010, "application_layer_protocol_negotiation",
225 SSLHandshake.ENCRYPTED_EXTENSIONS,
226 ProtocolVersion.PROTOCOLS_OF_13,
227 AlpnExtension.shNetworkProducer,
228 AlpnExtension.shOnLoadConcumer,
229 AlpnExtension.shOnLoadAbsence,
230 null,
231 AlpnExtension.alpnStringize),
232
233 // extensions defined in RFC 6961
234 CH_STATUS_REQUEST_V2 (0x0011, "status_request_v2",
235 SSLHandshake.CLIENT_HELLO,
236 ProtocolVersion.PROTOCOLS_TO_12,
237 CertStatusExtension.chV2NetworkProducer,
238 CertStatusExtension.chV2OnLoadConsumer,
239 null,
240 null,
241 CertStatusExtension.certStatusReqV2Stringize),
242 SH_STATUS_REQUEST_V2 (0x0011, "status_request_v2",
243 SSLHandshake.SERVER_HELLO,
244 ProtocolVersion.PROTOCOLS_TO_12,
245 CertStatusExtension.shV2NetworkProducer,
246 CertStatusExtension.shV2OnLoadConsumer,
247 null,
248 null,
249 CertStatusExtension.certStatusReqV2Stringize),
250
251 // extensions defined in RFC 6962
252 SIGNED_CERT_TIMESTAMP (0x0012, "signed_certificate_timestamp"),
253
254 // extensions defined in RFC 7250
255 CLIENT_CERT_TYPE (0x0013, "padding"),
256 SERVER_CERT_TYPE (0x0014, "server_certificate_type"),
257
258 // extensions defined in RFC 7685
259 PADDING (0x0015, "client_certificate_type"),
260
261 // extensions defined in RFC 7366
262 ENCRYPT_THEN_MAC (0x0016, "encrypt_then_mac"),
263
264 // extensions defined in RFC 7627
265 CH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret",
266 SSLHandshake.CLIENT_HELLO,
267 ProtocolVersion.PROTOCOLS_10_12,
268 ExtendedMasterSecretExtension.chNetworkProducer,
269 ExtendedMasterSecretExtension.chOnLoadConcumer,
270 ExtendedMasterSecretExtension.chOnLoadAbsence,
271 null,
272 ExtendedMasterSecretExtension.emsStringize),
273 SH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret",
274 SSLHandshake.SERVER_HELLO,
275 ProtocolVersion.PROTOCOLS_10_12,
276 ExtendedMasterSecretExtension.shNetworkProducer,
277 ExtendedMasterSecretExtension.shOnLoadConcumer,
278 ExtendedMasterSecretExtension.shOnLoadAbsence,
279 null,
280 ExtendedMasterSecretExtension.emsStringize),
281
282 // extensions defined in RFC draft-ietf-tokbind-negotiation
283 TOKEN_BINDING (0x0018, "token_binding "),
284
285 // extensions defined in RFC 7924
286 CACHED_INFO (0x0019, "cached_info"),
287
288 // extensions defined in RFC 4507/5077
289 SESSION_TICKET (0x0023, "session_ticket"),
290
291 // extensions defined in TLS 1.3
292 CH_EARLY_DATA (0x002A, "early_data"),
293 EE_EARLY_DATA (0x002A, "early_data"),
294 NST_EARLY_DATA (0x002A, "early_data"),
295
296 CH_SUPPORTED_VERSIONS (0x002B, "supported_versions",
297 SSLHandshake.CLIENT_HELLO,
298 ProtocolVersion.PROTOCOLS_OF_13,
299 SupportedVersionsExtension.chNetworkProducer,
300 SupportedVersionsExtension.chOnLoadConcumer,
301 null,
302 null,
303 SupportedVersionsExtension.chStringize),
304 SH_SUPPORTED_VERSIONS (0x002B, "supported_versions",
305 SSLHandshake.SERVER_HELLO,
306 // and HelloRetryRequest
307 ProtocolVersion.PROTOCOLS_OF_13,
308 SupportedVersionsExtension.shNetworkProducer,
309 SupportedVersionsExtension.shOnLoadConcumer,
310 null,
311 null,
312 SupportedVersionsExtension.shStringize),
313 HRR_SUPPORTED_VERSIONS (0x002B, "supported_versions",
314 SSLHandshake.HELLO_RETRY_REQUEST,
315 ProtocolVersion.PROTOCOLS_OF_13,
316 SupportedVersionsExtension.hrrNetworkProducer,
317 SupportedVersionsExtension.hrrOnLoadConcumer,
318 null,
319 null,
320 SupportedVersionsExtension.hrrStringize),
321 MH_SUPPORTED_VERSIONS (0x002B, "supported_versions",
322 SSLHandshake.MESSAGE_HASH,
323 ProtocolVersion.PROTOCOLS_OF_13,
324 SupportedVersionsExtension.hrrReproducer,
325 null, null, null,
326 SupportedVersionsExtension.hrrStringize),
327
328 CH_COOKIE (0x002C, "cookie",
329 SSLHandshake.CLIENT_HELLO,
330 ProtocolVersion.PROTOCOLS_OF_13,
331 CookieExtension.chNetworkProducer,
332 CookieExtension.chOnLoadConcumer,
333 null,
334 CookieExtension.chOnTradeConsumer,
335 CookieExtension.cookieStringize),
336 HRR_COOKIE (0x002C, "cookie",
337 SSLHandshake.HELLO_RETRY_REQUEST,
338 ProtocolVersion.PROTOCOLS_OF_13,
339 CookieExtension.hrrNetworkProducer,
340 CookieExtension.hrrOnLoadConcumer,
341 null, null,
342 CookieExtension.cookieStringize),
343 MH_COOKIE (0x002C, "cookie",
344 SSLHandshake.MESSAGE_HASH,
345 ProtocolVersion.PROTOCOLS_OF_13,
346 CookieExtension.hrrNetworkReproducer,
347 null, null, null,
348 CookieExtension.cookieStringize),
349
350 PSK_KEY_EXCHANGE_MODES (0x002D, "psk_key_exchange_modes",
351 SSLHandshake.CLIENT_HELLO,
352 ProtocolVersion.PROTOCOLS_OF_13,
353 PskKeyExchangeModesExtension.chNetworkProducer,
354 PskKeyExchangeModesExtension.chOnLoadConsumer,
355 null, null, null),
356 CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities"),
357 OID_FILTERS (0x0030, "oid_filters"),
358 POST_HANDSHAKE_AUTH (0x0030, "post_handshake_auth"),
359
360 CH_KEY_SHARE (0x0033, "key_share",
361 SSLHandshake.CLIENT_HELLO,
362 ProtocolVersion.PROTOCOLS_OF_13,
363 KeyShareExtension.chNetworkProducer,
364 KeyShareExtension.chOnLoadConcumer,
365 null, null,
366 KeyShareExtension.chStringize),
367 SH_KEY_SHARE (0x0033, "key_share",
368 SSLHandshake.SERVER_HELLO,
369 ProtocolVersion.PROTOCOLS_OF_13,
370 KeyShareExtension.shNetworkProducer,
371 KeyShareExtension.shOnLoadConcumer,
372 KeyShareExtension.shOnLoadAbsence,
373 null,
374 KeyShareExtension.shStringize),
375 HRR_KEY_SHARE (0x0033, "key_share",
376 SSLHandshake.HELLO_RETRY_REQUEST,
377 ProtocolVersion.PROTOCOLS_OF_13,
378 KeyShareExtension.hrrNetworkProducer,
379 KeyShareExtension.hrrOnLoadConcumer,
380 null, null,
381 KeyShareExtension.hrrStringize),
382 MH_KEY_SHARE (0x0033, "key_share",
383 SSLHandshake.MESSAGE_HASH,
384 ProtocolVersion.PROTOCOLS_OF_13,
385 KeyShareExtension.hrrNetworkReproducer,
386 null, null, null,
387 KeyShareExtension.hrrStringize),
388
389 // Extensions defined in RFC 5746
390 CH_RENEGOTIATION_INFO (0xff01, "renegotiation_info",
391 SSLHandshake.CLIENT_HELLO,
392 ProtocolVersion.PROTOCOLS_TO_12,
393 RenegoInfoExtension.chNetworkProducer,
394 RenegoInfoExtension.chOnLoadConcumer,
395 RenegoInfoExtension.chOnLoadAbsence,
396 null,
397 RenegoInfoExtension.rniStringize),
398 SH_RENEGOTIATION_INFO (0xff01, "renegotiation_info",
399 SSLHandshake.SERVER_HELLO,
400 ProtocolVersion.PROTOCOLS_TO_12,
401 RenegoInfoExtension.shNetworkProducer,
402 RenegoInfoExtension.shOnLoadConcumer,
403 RenegoInfoExtension.shOnLoadAbsence,
404 null,
405 RenegoInfoExtension.rniStringize),
406
407 // TLS 1.3 PSK extension must be last
408 CH_PRE_SHARED_KEY (0x0029, "pre_shared_key",
409 SSLHandshake.CLIENT_HELLO,
410 ProtocolVersion.PROTOCOLS_OF_13,
411 PreSharedKeyExtension.chNetworkProducer,
412 PreSharedKeyExtension.chOnLoadConsumer,
413 PreSharedKeyExtension.chOnLoadAbsence,
414 PreSharedKeyExtension.chOnTradeConsumer,
415 null),
416 SH_PRE_SHARED_KEY (0x0029, "pre_shared_key",
417 SSLHandshake.SERVER_HELLO,
418 ProtocolVersion.PROTOCOLS_OF_13,
419 PreSharedKeyExtension.shNetworkProducer,
420 PreSharedKeyExtension.shOnLoadConsumer,
421 PreSharedKeyExtension.shOnLoadAbsence,
422 null, null);
423
424 final int id;
425 final SSLHandshake handshakeType;
426 final String name;
427 final ProtocolVersion[] supportedProtocols;
428 final HandshakeProducer networkProducer;
429 final ExtensionConsumer onLoadConcumer;
430 final HandshakeAbsence onLoadAbsence;
431 final HandshakeConsumer onTradeConsumer;
432 final SSLStringize stringize;
433
434 // known but unsupported extension
435 private SSLExtension(int id, String name) {
436 this.id = id;
437 this.handshakeType = SSLHandshake.NOT_APPLICABLE;
438 this.name = name;
439 this.supportedProtocols = new ProtocolVersion[0];
440 this.networkProducer = null;
441 this.onLoadConcumer = null;
442 this.onLoadAbsence = null;
443 this.onTradeConsumer = null;
444 this.stringize = null;
445 }
446
447 // supported extension
448 private SSLExtension(int id, String name, SSLHandshake handshakeType,
449 ProtocolVersion[] supportedProtocols,
450 HandshakeProducer producer,
451 ExtensionConsumer onLoadConcumer, HandshakeAbsence onLoadAbsence,
452 HandshakeConsumer onTradeConsumer, SSLStringize stringize) {
453
454 this.id = id;
455 this.handshakeType = handshakeType;
456 this.name = name;
457 this.supportedProtocols = supportedProtocols;
458 this.networkProducer = producer;
459 this.onLoadConcumer = onLoadConcumer;
460 this.onLoadAbsence = onLoadAbsence;
461 this.onTradeConsumer = onTradeConsumer;
462 this.stringize = stringize;
463 }
464
465 static SSLExtension valueOf(SSLHandshake handshakeType, int extensionType) {
466 for (SSLExtension ext : SSLExtension.values()) {
467 if (ext.id == extensionType &&
468 ext.handshakeType == handshakeType) {
469 return ext;
470 }
471 }
472
473 return null;
474 }
475
476 static boolean isConsumable(int extensionType) {
477 for (SSLExtension ext : SSLExtension.values()) {
478 if (ext.id == extensionType &&
479 ext.onLoadConcumer != null) {
480 return true;
481 }
482 }
483
484 return false;
485 }
486
487 public byte[] produce(ConnectionContext context,
488 HandshakeMessage message) throws IOException {
489 if (networkProducer != null) {
490 return networkProducer.produce(context, message);
491 } else {
492 throw new UnsupportedOperationException(
493 "Not yet supported extension producing.");
494 }
495 }
496
497 public void consumeOnLoad(ConnectionContext context,
498 HandshakeMessage message, ByteBuffer buffer) throws IOException {
499 if (onLoadConcumer != null) {
500 onLoadConcumer.consume(context, message, buffer);
501 } else {
502 throw new UnsupportedOperationException(
503 "Not yet supported extension loading.");
504 }
505 }
506
507 public void consumeOnTrade(ConnectionContext context,
508 HandshakeMessage message) throws IOException {
509 if (onTradeConsumer != null) {
510 onTradeConsumer.consume(context, message);
511 } else {
512 throw new UnsupportedOperationException(
513 "Not yet supported extension processing.");
514 }
515 }
516
517 void absent(ConnectionContext context,
518 HandshakeMessage message) throws IOException {
519 if (onLoadAbsence != null) {
520 onLoadAbsence.absent(context, message);
521 } else {
522 throw new UnsupportedOperationException(
523 "Not yet supported extension absence processing.");
524 }
525 }
526
527 public boolean isAvailable(ProtocolVersion protocolVersion) {
528 /*
529 for (ProtocolVersion pv : supportedProtocols) {
530 if (pv == protocolVersion) {
531 return true;
532 }
533 }
534 */
535 for (int i = 0; i < supportedProtocols.length; i++) {
536 if (supportedProtocols[i] == protocolVersion) {
537 return true;
538 }
539 }
540
541 return false;
542 }
543
544 @Override
545 public String toString() {
546 return name;
547 }
548
549 @Override
550 public String toString(ByteBuffer byteBuffer) {
551 MessageFormat messageFormat = new MessageFormat(
552 "\"{0} ({1})\": '{'\n" +
553 "{2}\n" +
554 "'}'",
555 Locale.ENGLISH);
556
557 String extData;
558 if (stringize == null) {
559 HexDumpEncoder hexEncoder = new HexDumpEncoder();
560 String encoded = hexEncoder.encode(byteBuffer.duplicate());
561 extData = encoded;
562 } else {
563 extData = stringize.toString(byteBuffer);
564 }
565
566 Object[] messageFields = {
567 this.name,
568 this.id,
569 Utilities.indent(extData)
570 };
571
572 return messageFormat.format(messageFields);
573 }
574
575 //////////////////////////////////////////////////////
576 // Nested extension, consumer and producer interfaces.
577
578 static interface ExtensionConsumer {
579 void consume(ConnectionContext context,
580 HandshakeMessage message, ByteBuffer buffer) throws IOException;
581 }
582
583 /**
584 * A (transparent) specification of extension data.
585 *
586 * This interface contains no methods or constants. Its only purpose is to
587 * group all extension data. All extension data should implement this
588 * interface if the data is expected to handle in the following handshake
589 * processes.
590 */
591 static interface SSLExtensionSpec {
592 // blank
593 }
594
595 // Default enabled client extensions.
596 static final class ClientExtensions {
597 static final Collection<SSLExtension> defaults;
598
599 static {
600 Collection<SSLExtension> extensions = new LinkedList<>();
601 for (SSLExtension extension : SSLExtension.values()) {
602 if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) {
603 extensions.add(extension);
604 }
605 }
606
607 // Switch off SNI extention?
608 boolean enableExtension =
609 Utilities.getBooleanProperty("jsse.enableSNIExtension", true);
610 if (!enableExtension) {
611 extensions.remove(CH_SERVER_NAME);
612 }
613
614 // To switch off the max_fragment_length extension.
615 enableExtension =
616 Utilities.getBooleanProperty("jsse.enableMFLExtension", false);
617 if (!enableExtension) {
618 extensions.remove(CH_MAX_FRAGMENT_LENGTH);
619 }
620
621 // enableExtension = Utilities.getBooleanProperty(
622 // "jdk.tls.client.enableStatusRequestExtension", true);
623 // if (!enableExtension) {
624 // extensions.remove(CH_STATUS_REQUEST);
625 // extensions.remove(CR_STATUS_REQUEST);
626 // extensions.remove(CT_STATUS_REQUEST);
627 //
628 // extensions.remove(CH_STATUS_REQUEST_V2);
629 // }
630
631 if (!SSLConfiguration.useExtendedMasterSecret) {
632 extensions.remove(CH_EXTENDED_MASTER_SECRET);
633 }
634
635 defaults = Collections.unmodifiableCollection(extensions);
636 }
637 }
638
639 // Default enabled server extensions.
640 static final class ServerExtensions {
641 static final Collection<SSLExtension> defaults;
642
643 static {
644 Collection<SSLExtension> extensions = new LinkedList<>();
645 for (SSLExtension extension : SSLExtension.values()) {
646 if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) {
647 extensions.add(extension);
648 }
649 }
650
651 /*
652 // Switch off SNI extention?
653 boolean enableExtension =
654 Utilities.getBooleanProperty("jsse.enableSNIExtension", true);
655 if (!enableExtension) {
656 extensions.remove(CH_SERVER_NAME);
657 extensions.remove(SH_SERVER_NAME);
658 extensions.remove(EE_SERVER_NAME);
659 }
660
661 // To switch off the max_fragment_length extension.
662 enableExtension =
663 Utilities.getBooleanProperty("jsse.enableMFLExtension", false);
664 if (!enableExtension) {
665 extensions.remove(CH_MAX_FRAGMENT_LENGTH);
666 extensions.remove(SH_MAX_FRAGMENT_LENGTH);
667 extensions.remove(EE_MAX_FRAGMENT_LENGTH);
668 }
669 */
670
671 // enableExtension = Utilities.getBooleanProperty(
672 // "jdk.tls.server.enableStatusRequestExtension", true);
673 // if (!enableExtension) {
674 // extensions.remove(CH_STATUS_REQUEST);
675 // extensions.remove(SH_STATUS_REQUEST);
676 // extensions.remove(CR_STATUS_REQUEST);
677 // extensions.remove(CT_STATUS_REQUEST);
678 //
679 // extensions.remove(SH_STATUS_REQUEST_V2);
680 // }
681
682 /*
683 if (!SSLConfiguration.useExtendedMasterSecret) {
684 extensions.remove(CH_EXTENDED_MASTER_SECRET);
685 extensions.remove(SH_EXTENDED_MASTER_SECRET);
686 }
687 */
688 defaults = Collections.unmodifiableCollection(extensions);
689 }
690 }
691 }