/*
* Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ssl;
import java.io.IOException;
import javax.net.ssl.SSLProtocolException;
/*
* For secure renegotiation, RFC5746 defines a new TLS extension,
* "renegotiation_info" (with extension type 0xff01), which contains a
* cryptographic binding to the enclosing TLS connection (if any) for
* which the renegotiation is being performed. The "extension data"
* field of this extension contains a "RenegotiationInfo" structure:
*
* struct {
* opaque renegotiated_connection<0..255>;
* } RenegotiationInfo;
*/
final class RenegotiationInfoExtension extends HelloExtension {
private final byte[] renegotiated_connection;
RenegotiationInfoExtension(byte[] clientVerifyData,
byte[] serverVerifyData) {
super(ExtensionType.EXT_RENEGOTIATION_INFO);
if (clientVerifyData.length != 0) {
renegotiated_connection =
new byte[clientVerifyData.length + serverVerifyData.length];
System.arraycopy(clientVerifyData, 0, renegotiated_connection,
0, clientVerifyData.length);
if (serverVerifyData.length != 0) {
System.arraycopy(serverVerifyData, 0, renegotiated_connection,
clientVerifyData.length, serverVerifyData.length);
}
} else {
// ignore both the client and server verify data.
renegotiated_connection = new byte[0];
}
}
RenegotiationInfoExtension(HandshakeInStream s, int len)
throws IOException {
super(ExtensionType.EXT_RENEGOTIATION_INFO);
// check the extension length
if (len < 1) {
throw new SSLProtocolException("Invalid " + type + " extension");
}
int renegoInfoDataLen = s.getInt8();
if (renegoInfoDataLen + 1 != len) { // + 1 = the byte we just read
throw new SSLProtocolException("Invalid " + type + " extension");
}
renegotiated_connection = new byte[renegoInfoDataLen];
if (renegoInfoDataLen != 0) {
s.read(renegotiated_connection, 0, renegoInfoDataLen);
}
}
// Length of the encoded extension, including the type and length fields
@Override
int length() {
return 5 + renegotiated_connection.length;
}
@Override
void send(HandshakeOutStream s) throws IOException {
s.putInt16(type.id);
s.putInt16(renegotiated_connection.length + 1);
s.putBytes8(renegotiated_connection);
}
boolean isEmpty() {
return renegotiated_connection.length == 0;
}
byte[] getRenegotiatedConnection() {
return renegotiated_connection;
}
@Override
public String toString() {
return "Extension " + type + ", renegotiated_connection: " +
(renegotiated_connection.length == 0 ? "<empty>" :
Debug.toString(renegotiated_connection));
}
}