< prev index next >
src/java.base/share/classes/sun/security/ssl/Finished.java
Print this page
*** 30,47 ****
--- 30,54 ----
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
+ import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.text.MessageFormat;
import java.util.Locale;
+ import java.util.stream.Collectors;
+ import java.util.stream.Stream;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
+ import javax.net.ssl.SSLPeerUnverifiedException;
+
+ import jdk.internal.event.EventHelper;
+ import jdk.internal.event.TLSHandshakeEvent;
import sun.security.internal.spec.TlsPrfParameterSpec;
import sun.security.ssl.CipherSuite.HashAlg;
import static sun.security.ssl.CipherSuite.HashAlg.H_NONE;
import sun.security.ssl.SSLBasicKeyDerivation.SecretSizeSpec;
import sun.security.ssl.SSLCipher.SSLReadCipher;
*** 546,555 ****
--- 553,563 ----
chc.conContext.conSession = chc.handshakeSession.finish();
chc.conContext.protocolVersion = chc.negotiatedProtocol;
// handshake context cleanup.
chc.handshakeFinished = true;
+ recordEvent(chc.conContext.conSession);
// May need to retransmit the last flight for DTLS.
if (!chc.sslContext.isDTLS()) {
chc.conContext.finishHandshake();
}
*** 595,604 ****
--- 603,613 ----
shc.conContext.conSession = shc.handshakeSession.finish();
shc.conContext.protocolVersion = shc.negotiatedProtocol;
// handshake context cleanup.
shc.handshakeFinished = true;
+ recordEvent(shc.conContext.conSession);
// May need to retransmit the last flight for DTLS.
if (!shc.sslContext.isDTLS()) {
shc.conContext.finishHandshake();
}
*** 728,737 ****
--- 737,748 ----
chc.conContext.protocolVersion = chc.negotiatedProtocol;
// handshake context cleanup.
chc.handshakeFinished = true;
chc.conContext.finishHandshake();
+ recordEvent(chc.conContext.conSession);
+
// The handshake message has been delivered.
return null;
}
*** 1061,1070 ****
--- 1072,1082 ----
// May need to retransmit the last flight for DTLS.
if (!shc.sslContext.isDTLS()) {
shc.conContext.finishHandshake();
}
+ recordEvent(shc.conContext.conSession);
//
// produce
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.fine(
*** 1072,1077 ****
--- 1084,1109 ----
}
NewSessionTicket.kickstartProducer.produce(shc);
}
}
+
+ private static void recordEvent(SSLSessionImpl session) {
+ TLSHandshakeEvent event = new TLSHandshakeEvent();
+ if (event.isEnabled() || EventHelper.isLoggingSecurity()) {
+ String certIDs = "";
+ try {
+ certIDs = Stream.of(session.getPeerCertificates())
+ .filter(c -> c instanceof X509Certificate)
+ .map(c -> (X509Certificate) c)
+ .map(c -> c.getSerialNumber().toString(16))
+ .collect(Collectors.joining(", "));
+ } catch (SSLPeerUnverifiedException e) {
+ certIDs = e.getMessage(); // not verified msg
+ }
+
+ EventHelper.commitTLSHandshakeEvent(event, null,
+ session.getPeerHost(), session.getPeerPort(),
+ session.getCipherSuite(), session.getProtocol(), certIDs);
+ }
+ }
}
< prev index next >