/*
 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.text.MessageFormat;
import java.util.Locale;
import sun.security.ssl.ClientHello.ClientHelloMessage;
import sun.security.ssl.SSLHandshake.HandshakeMessage;

Pack of the HelloVerifyRequest handshake message.
/** * Pack of the HelloVerifyRequest handshake message. */
final class HelloVerifyRequest { static final SSLConsumer handshakeConsumer = new HelloVerifyRequestConsumer(); static final HandshakeProducer handshakeProducer = new HelloVerifyRequestProducer();
The HelloVerifyRequest handshake message [RFC 6347].
/** * The HelloVerifyRequest handshake message [RFC 6347]. */
static final class HelloVerifyRequestMessage extends HandshakeMessage { final int serverVersion; final byte[] cookie; HelloVerifyRequestMessage(HandshakeContext context, HandshakeMessage message) throws IOException { super(context); // This happens in server side only. ServerHandshakeContext shc = (ServerHandshakeContext)context; ClientHelloMessage clientHello = (ClientHelloMessage)message; HelloCookieManager hcMgr = shc.sslContext.getHelloCookieManager(ProtocolVersion.DTLS10); this.serverVersion = shc.clientHelloVersion; this.cookie = hcMgr.createCookie(shc, clientHello); } HelloVerifyRequestMessage(HandshakeContext context, ByteBuffer m) throws IOException { super(context); // This happens in client side only. ClientHandshakeContext chc = (ClientHandshakeContext)context; // struct { // ProtocolVersion server_version; // opaque cookie<0..2^8-1>; // } HelloVerifyRequest; if (m.remaining() < 3) { throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Invalid HelloVerifyRequest: no sufficient data"); } byte major = m.get(); byte minor = m.get(); this.serverVersion = ((major & 0xFF) << 8) | (minor & 0xFF); this.cookie = Record.getBytes8(m); } @Override public SSLHandshake handshakeType() { return SSLHandshake.HELLO_VERIFY_REQUEST; } @Override public int messageLength() { return 3 + cookie.length; // 2: the length of protocol version // +1: the cookie length } @Override public void send(HandshakeOutStream hos) throws IOException { hos.putInt8((byte)((serverVersion >>> 8) & 0xFF)); hos.putInt8((byte)(serverVersion & 0xFF)); hos.putBytes8(cookie); } @Override public String toString() { MessageFormat messageFormat = new MessageFormat( "\"HelloVerifyRequest\": '{'\n" + " \"server version\" : \"{0}\",\n" + " \"cookie\" : \"{1}\",\n" + "'}'", Locale.ENGLISH); Object[] messageFields = { ProtocolVersion.nameOf(serverVersion), Utilities.toHexString(cookie), }; return messageFormat.format(messageFields); } }
The "HelloVerifyRequest" handshake message producer.
/** * The "HelloVerifyRequest" handshake message producer. */
private static final class HelloVerifyRequestProducer implements HandshakeProducer { // Prevent instantiation of this class. private HelloVerifyRequestProducer() { // blank } @Override public byte[] produce(ConnectionContext context, HandshakeMessage message) throws IOException { // The producing happens in server side only. ServerHandshakeContext shc = (ServerHandshakeContext)context; // clean up this producer shc.handshakeProducers.remove(SSLHandshake.HELLO_VERIFY_REQUEST.id); HelloVerifyRequestMessage hvrm = new HelloVerifyRequestMessage(shc, message); if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine( "Produced HelloVerifyRequest handshake message", hvrm); } // Output the handshake message. hvrm.write(shc.handshakeOutput); shc.handshakeOutput.flush(); // update the context // Stateless, clean up the handshake context as well? shc.handshakeHash.finish(); // forgot about the handshake hash shc.handshakeExtensions.clear(); // What's the expected response? shc.handshakeConsumers.put( SSLHandshake.CLIENT_HELLO.id, SSLHandshake.CLIENT_HELLO); // The handshake message has been delivered. return null; } }
The "HelloVerifyRequest" handshake message consumer.
/** * The "HelloVerifyRequest" handshake message consumer. */
private static final class HelloVerifyRequestConsumer implements SSLConsumer { // Prevent instantiation of this class. private HelloVerifyRequestConsumer() { // blank } @Override public void consume(ConnectionContext context, ByteBuffer message) throws IOException { // The consuming happens in client side only. ClientHandshakeContext chc = (ClientHandshakeContext)context; // clean up this consumer chc.handshakeConsumers.remove(SSLHandshake.HELLO_VERIFY_REQUEST.id); if (!chc.handshakeConsumers.isEmpty()) { chc.handshakeConsumers.remove(SSLHandshake.SERVER_HELLO.id); } if (!chc.handshakeConsumers.isEmpty()) { throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "No more message expected before " + "HelloVerifyRequest is processed"); } // Refresh handshake hash. chc.handshakeHash.finish(); // forgot about the handshake hash HelloVerifyRequestMessage hvrm = new HelloVerifyRequestMessage(chc, message); if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine( "Consuming HelloVerifyRequest handshake message", hvrm); } // Note that HelloVerifyRequest.server_version is used solely to // indicate packet formatting, and not as part of version // negotiation. Need not to check version values match for // HelloVerifyRequest message. chc.initialClientHelloMsg.setHelloCookie(hvrm.cookie); // // produce response handshake message // SSLHandshake.CLIENT_HELLO.produce(context, hvrm); } } }