146 List<NamedGroup> clientRequestedNamedGroups;
147
148 // HelloRetryRequest
149 NamedGroup serverSelectedNamedGroup;
150
151 // if server name indicator is negotiated
152 //
153 // May need a public API for the indication in the future.
154 List<SNIServerName> requestedServerNames;
155 SNIServerName negotiatedServerName;
156
157 // OCSP Stapling info
158 boolean staplingActive = false;
159
160 protected HandshakeContext(SSLContextImpl sslContext,
161 TransportContext conContext) throws IOException {
162 this.sslContext = sslContext;
163 this.conContext = conContext;
164 this.sslConfig = (SSLConfiguration)conContext.sslConfig.clone();
165
166 this.activeProtocols = getActiveProtocols(sslConfig.enabledProtocols,
167 sslConfig.enabledCipherSuites, sslConfig.algorithmConstraints);
168 if (activeProtocols.isEmpty()) {
169 throw new SSLHandshakeException(
170 "No appropriate protocol (protocol is disabled or " +
171 "cipher suites are inappropriate)");
172 }
173
174 ProtocolVersion maximumVersion = ProtocolVersion.NONE;
175 for (ProtocolVersion pv : this.activeProtocols) {
176 if (maximumVersion == ProtocolVersion.NONE ||
177 pv.compare(maximumVersion) > 0) {
178 maximumVersion = pv;
179 }
180 }
181 this.maximumActiveProtocol = maximumVersion;
182 this.activeCipherSuites = getActiveCipherSuites(this.activeProtocols,
183 sslConfig.enabledCipherSuites, sslConfig.algorithmConstraints);
184 if (activeCipherSuites.isEmpty()) {
185 throw new SSLHandshakeException("No appropriate cipher suite");
186 }
187 this.algorithmConstraints =
188 new SSLAlgorithmConstraints(sslConfig.algorithmConstraints);
189
190 this.handshakeConsumers = new LinkedHashMap<>();
191 this.handshakeProducers = new HashMap<>();
192 this.handshakeHash = conContext.inputRecord.handshakeHash;
193 this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
194
195 this.handshakeFinished = false;
196 this.kickstartMessageDelivered = false;
197
198 this.delegatedActions = new LinkedList<>();
199 this.handshakeExtensions = new HashMap<>();
200 this.handshakePossessions = new LinkedList<>();
201 this.handshakeCredentials = new LinkedList<>();
202 this.requestedServerNames = null;
203 this.negotiatedServerName = null;
204 this.negotiatedCipherSuite = conContext.cipherSuite;
205 initialize();
206 }
207
208 /**
209 * Constructor for PostHandshakeContext
210 */
211 HandshakeContext(TransportContext conContext) {
212 this.sslContext = conContext.sslContext;
213 this.conContext = conContext;
214 this.sslConfig = conContext.sslConfig;
215
216 this.negotiatedProtocol = conContext.protocolVersion;
217 this.negotiatedCipherSuite = conContext.cipherSuite;
218 this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
219 this.delegatedActions = new LinkedList<>();
220
221 this.handshakeProducers = null;
222 this.handshakeHash = null;
223 this.activeProtocols = null;
224 this.activeCipherSuites = null;
225 this.algorithmConstraints = null;
226 this.maximumActiveProtocol = null;
227 this.handshakeExtensions = Collections.emptyMap(); // Not in TLS13
228 this.handshakePossessions = null;
229 this.handshakeCredentials = null;
230 }
231
232 // Initialize the non-final class variables.
233 private void initialize() {
234 ProtocolVersion inputHelloVersion;
235 ProtocolVersion outputHelloVersion;
236 if (conContext.isNegotiated) {
237 inputHelloVersion = conContext.protocolVersion;
238 outputHelloVersion = conContext.protocolVersion;
239 } else {
240 if (activeProtocols.contains(ProtocolVersion.SSL20Hello)) {
|
146 List<NamedGroup> clientRequestedNamedGroups;
147
148 // HelloRetryRequest
149 NamedGroup serverSelectedNamedGroup;
150
151 // if server name indicator is negotiated
152 //
153 // May need a public API for the indication in the future.
154 List<SNIServerName> requestedServerNames;
155 SNIServerName negotiatedServerName;
156
157 // OCSP Stapling info
158 boolean staplingActive = false;
159
160 protected HandshakeContext(SSLContextImpl sslContext,
161 TransportContext conContext) throws IOException {
162 this.sslContext = sslContext;
163 this.conContext = conContext;
164 this.sslConfig = (SSLConfiguration)conContext.sslConfig.clone();
165
166 this.algorithmConstraints = new SSLAlgorithmConstraints(
167 sslConfig.userSpecifiedAlgorithmConstraints);
168 this.activeProtocols = getActiveProtocols(sslConfig.enabledProtocols,
169 sslConfig.enabledCipherSuites, algorithmConstraints);
170 if (activeProtocols.isEmpty()) {
171 throw new SSLHandshakeException(
172 "No appropriate protocol (protocol is disabled or " +
173 "cipher suites are inappropriate)");
174 }
175
176 ProtocolVersion maximumVersion = ProtocolVersion.NONE;
177 for (ProtocolVersion pv : this.activeProtocols) {
178 if (maximumVersion == ProtocolVersion.NONE ||
179 pv.compare(maximumVersion) > 0) {
180 maximumVersion = pv;
181 }
182 }
183 this.maximumActiveProtocol = maximumVersion;
184 this.activeCipherSuites = getActiveCipherSuites(this.activeProtocols,
185 sslConfig.enabledCipherSuites, algorithmConstraints);
186 if (activeCipherSuites.isEmpty()) {
187 throw new SSLHandshakeException("No appropriate cipher suite");
188 }
189
190 this.handshakeConsumers = new LinkedHashMap<>();
191 this.handshakeProducers = new HashMap<>();
192 this.handshakeHash = conContext.inputRecord.handshakeHash;
193 this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
194
195 this.handshakeFinished = false;
196 this.kickstartMessageDelivered = false;
197
198 this.delegatedActions = new LinkedList<>();
199 this.handshakeExtensions = new HashMap<>();
200 this.handshakePossessions = new LinkedList<>();
201 this.handshakeCredentials = new LinkedList<>();
202 this.requestedServerNames = null;
203 this.negotiatedServerName = null;
204 this.negotiatedCipherSuite = conContext.cipherSuite;
205 initialize();
206 }
207
208 /**
209 * Constructor for PostHandshakeContext
210 */
211 protected HandshakeContext(TransportContext conContext) {
212 this.sslContext = conContext.sslContext;
213 this.conContext = conContext;
214 this.sslConfig = conContext.sslConfig;
215
216 this.negotiatedProtocol = conContext.protocolVersion;
217 this.negotiatedCipherSuite = conContext.cipherSuite;
218 this.handshakeOutput = new HandshakeOutStream(conContext.outputRecord);
219 this.delegatedActions = new LinkedList<>();
220
221 this.handshakeConsumers = new LinkedHashMap<>();
222 this.handshakeProducers = null;
223 this.handshakeHash = null;
224 this.activeProtocols = null;
225 this.activeCipherSuites = null;
226 this.algorithmConstraints = null;
227 this.maximumActiveProtocol = null;
228 this.handshakeExtensions = Collections.emptyMap(); // Not in TLS13
229 this.handshakePossessions = null;
230 this.handshakeCredentials = null;
231 }
232
233 // Initialize the non-final class variables.
234 private void initialize() {
235 ProtocolVersion inputHelloVersion;
236 ProtocolVersion outputHelloVersion;
237 if (conContext.isNegotiated) {
238 inputHelloVersion = conContext.protocolVersion;
239 outputHelloVersion = conContext.protocolVersion;
240 } else {
241 if (activeProtocols.contains(ProtocolVersion.SSL20Hello)) {
|