< prev index next >

src/java.base/share/classes/sun/security/ssl/Finished.java

Print this page

        

*** 30,47 **** --- 30,54 ---- import java.security.GeneralSecurityException; import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.ProviderException; + import java.security.cert.X509Certificate; import java.security.spec.AlgorithmParameterSpec; import java.text.MessageFormat; import java.util.Locale; + import java.util.stream.Collectors; + import java.util.stream.Stream; import javax.crypto.KeyGenerator; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; + import javax.net.ssl.SSLPeerUnverifiedException; + + import jdk.internal.event.EventHelper; + import jdk.internal.event.TLSHandshakeEvent; import sun.security.internal.spec.TlsPrfParameterSpec; import sun.security.ssl.CipherSuite.HashAlg; import static sun.security.ssl.CipherSuite.HashAlg.H_NONE; import sun.security.ssl.SSLBasicKeyDerivation.SecretSizeSpec; import sun.security.ssl.SSLCipher.SSLReadCipher;
*** 546,555 **** --- 553,563 ---- chc.conContext.conSession = chc.handshakeSession.finish(); chc.conContext.protocolVersion = chc.negotiatedProtocol; // handshake context cleanup. chc.handshakeFinished = true; + recordEvent(chc.conContext.conSession); // May need to retransmit the last flight for DTLS. if (!chc.sslContext.isDTLS()) { chc.conContext.finishHandshake(); }
*** 595,604 **** --- 603,613 ---- shc.conContext.conSession = shc.handshakeSession.finish(); shc.conContext.protocolVersion = shc.negotiatedProtocol; // handshake context cleanup. shc.handshakeFinished = true; + recordEvent(shc.conContext.conSession); // May need to retransmit the last flight for DTLS. if (!shc.sslContext.isDTLS()) { shc.conContext.finishHandshake(); }
*** 728,737 **** --- 737,748 ---- chc.conContext.protocolVersion = chc.negotiatedProtocol; // handshake context cleanup. chc.handshakeFinished = true; chc.conContext.finishHandshake(); + recordEvent(chc.conContext.conSession); + // The handshake message has been delivered. return null; }
*** 1061,1070 **** --- 1072,1082 ---- // May need to retransmit the last flight for DTLS. if (!shc.sslContext.isDTLS()) { shc.conContext.finishHandshake(); } + recordEvent(shc.conContext.conSession); // // produce if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine(
*** 1072,1077 **** --- 1084,1109 ---- } NewSessionTicket.kickstartProducer.produce(shc); } } + + private static void recordEvent(SSLSessionImpl session) { + TLSHandshakeEvent event = new TLSHandshakeEvent(); + if (event.isEnabled() || EventHelper.isLoggingSecurity()) { + String certIDs = ""; + try { + certIDs = Stream.of(session.getPeerCertificates()) + .filter(c -> c instanceof X509Certificate) + .map(c -> (X509Certificate) c) + .map(c -> c.getSerialNumber().toString(16)) + .collect(Collectors.joining(", ")); + } catch (SSLPeerUnverifiedException e) { + certIDs = e.getMessage(); // not verified msg + } + + EventHelper.commitTLSHandshakeEvent(event, null, + session.getPeerHost(), session.getPeerPort(), + session.getCipherSuite(), session.getProtocol(), certIDs); + } + } }
< prev index next >