Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merging EE4J_8 branch for further development #17

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Merging EE4J_8 branch for further development #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f25a050
Changed parent project and changes required for Eclipse release
anajosep Oct 18, 2018
001d678
Provided versions for maven-gpg-plugin and maven-compiler-plugin
anajosep Oct 18, 2018
73c441c
Updated parent to 1.0.5, updated mailing list
Cousjava Nov 21, 2018
e8223c8
Merge pull request #11 from Cousjava/changeparent-ee4j
arjantijms Nov 21, 2018
d0ca26b
Fix for JDK8u191/192 support and fixed pom.xml (#12)
anajosep Nov 26, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion api/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.3.7</version>
<version>3.5.1</version>
<extensions>true</extensions>
<configuration>
<instructions>
Expand Down
2 changes: 1 addition & 1 deletion bootstrap/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.3.7</version>
<version>3.5.1</version>
<extensions>true</extensions>
<configuration>
<instructions>
Expand Down
119 changes: 71 additions & 48 deletions bootstrap/src/main/java/sun/security/ssl/ClientHandshaker.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,19 +185,23 @@ final class ClientHandshaker extends Handshaker {
*/
@Override
void processMessage(byte type, int messageLen) throws IOException {
if (state >= type
&& (type != HandshakeMessage.ht_hello_request)) {
throw new SSLProtocolException(
"Handshake message sequence violation, " + type);
}
// check the handshake state
List<Byte> ignoredOptStates = handshakeState.check(type);

switch (type) {
case HandshakeMessage.ht_hello_request:
this.serverHelloRequest(new HelloRequest(input));
HelloRequest helloRequest = new HelloRequest(input);
handshakeState.update(helloRequest, resumingSession);
this.serverHelloRequest(helloRequest);
break;

case HandshakeMessage.ht_server_hello:
this.serverHello(new ServerHello(input, messageLen));
ServerHello serverHello = new ServerHello(input, messageLen);
this.serverHello(serverHello);

// This handshake state update needs the resumingSession value
// set by serverHello().
handshakeState.update(serverHello, resumingSession);
break;

case HandshakeMessage.ht_certificate:
Expand All @@ -207,7 +211,9 @@ void processMessage(byte type, int messageLen) throws IOException {
"unexpected server cert chain");
// NOTREACHED
}
this.serverCertificate(new CertificateMsg(input));
CertificateMsg certificateMsg = new CertificateMsg(input);
handshakeState.update(certificateMsg, resumingSession);
this.serverCertificate(certificateMsg);
serverKey =
session.getPeerCertificates()[0].getPublicKey();
break;
Expand Down Expand Up @@ -243,27 +249,35 @@ void processMessage(byte type, int messageLen) throws IOException {
}

try {
this.serverKeyExchange(new RSA_ServerKeyExchange(input));
RSA_ServerKeyExchange rsaSrvKeyExchange =
new RSA_ServerKeyExchange(input);
handshakeState.update(rsaSrvKeyExchange, resumingSession);
this.serverKeyExchange(rsaSrvKeyExchange);
} catch (GeneralSecurityException e) {
throwSSLException("Server key", e);
}
break;
case K_DH_ANON:
try {
this.serverKeyExchange(new DH_ServerKeyExchange(
input, protocolVersion));
DH_ServerKeyExchange dhSrvKeyExchange =
new DH_ServerKeyExchange(input, protocolVersion);
handshakeState.update(dhSrvKeyExchange, resumingSession);
this.serverKeyExchange(dhSrvKeyExchange);
} catch (GeneralSecurityException e) {
throwSSLException("Server key", e);
}
break;
case K_DHE_DSS:
case K_DHE_RSA:
try {
this.serverKeyExchange(new DH_ServerKeyExchange(
input, serverKey,
clnt_random.random_bytes, svr_random.random_bytes,
messageLen,
getLocalSupportedSignAlgs(), protocolVersion));
DH_ServerKeyExchange dhSrvKeyExchange =
new DH_ServerKeyExchange(
input, serverKey,
clnt_random.random_bytes, svr_random.random_bytes,
messageLen,
getLocalSupportedSignAlgs(), protocolVersion);
handshakeState.update(dhSrvKeyExchange, resumingSession);
this.serverKeyExchange(dhSrvKeyExchange);
} catch (GeneralSecurityException e) {
throwSSLException("Server key", e);
}
Expand All @@ -272,10 +286,13 @@ void processMessage(byte type, int messageLen) throws IOException {
case K_ECDHE_RSA:
case K_ECDH_ANON:
try {
this.serverKeyExchange(new ECDH_ServerKeyExchange
(input, serverKey, clnt_random.random_bytes,
svr_random.random_bytes,
getLocalSupportedSignAlgs(), protocolVersion));
ECDH_ServerKeyExchange ecdhSrvKeyExchange =
new ECDH_ServerKeyExchange
(input, serverKey, clnt_random.random_bytes,
svr_random.random_bytes,
getLocalSupportedSignAlgs(), protocolVersion);
handshakeState.update(ecdhSrvKeyExchange, resumingSession);
this.serverKeyExchange(ecdhSrvKeyExchange);
} catch (GeneralSecurityException e) {
throwSSLException("Server key", e);
}
Expand Down Expand Up @@ -314,6 +331,7 @@ void processMessage(byte type, int messageLen) throws IOException {
if (debug != null && Debug.isOn("handshake")) {
certRequest.print(System.out);
}
handshakeState.update(certRequest, resumingSession);

if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
Collection<SignatureAndHashAlgorithm> peerSignAlgs =
Expand All @@ -339,33 +357,22 @@ void processMessage(byte type, int messageLen) throws IOException {
break;

case HandshakeMessage.ht_server_hello_done:
this.serverHelloDone(new ServerHelloDone(input));
ServerHelloDone serverHelloDone = new ServerHelloDone(input);
handshakeState.update(serverHelloDone, resumingSession);
this.serverHelloDone(serverHelloDone);
break;

case HandshakeMessage.ht_finished:
// A ChangeCipherSpec record must have been received prior to
// reception of the Finished message (RFC 5246, 7.4.9).
if (!receivedChangeCipherSpec()) {
fatalSE(Alerts.alert_handshake_failure,
"Received Finished message before ChangeCipherSpec");
}

this.serverFinished(
new Finished(protocolVersion, input, cipherSuite));
Finished serverFinished =
new Finished(protocolVersion, input, cipherSuite);
handshakeState.update(serverFinished, resumingSession);
this.serverFinished(serverFinished);
break;

default:
throw new SSLProtocolException(
"Illegal client handshake msg, " + type);
}

//
// Move state machine forward if the message handling
// code didn't already do so
//
if (state < type) {
state = type;
}
}

/*
Expand All @@ -383,7 +390,7 @@ private void serverHelloRequest(HelloRequest mesg) throws IOException {
// Could be (e.g. at connection setup) that we already
// sent the "client hello" but the server's not seen it.
//
if (state < HandshakeMessage.ht_client_hello) {
if (!clientHelloDelivered) {
if (!secureRenegotiation && !allowUnsafeRenegotiation) {
// renegotiation is not allowed.
if (activeProtocolVersion.v >= ProtocolVersion.TLS10.v) {
Expand Down Expand Up @@ -623,7 +630,6 @@ public Subject run() throws Exception {

// looks fine; resume it, and update the state machine.
resumingSession = true;
state = HandshakeMessage.ht_finished - 1;
calculateConnectionKeys(session.getMasterSecret());
if (debug != null && Debug.isOn("session")) {
System.out.println("%% Server resumed " + session);
Expand Down Expand Up @@ -750,7 +756,8 @@ public Subject run() throws Exception {
session = new SSLSessionImpl(protocolVersion, cipherSuite,
getLocalSupportedSignAlgs(),
mesg.sessionId, getHostSE(), getPortSE(),
(extendedMasterSecretExt != null));
(extendedMasterSecretExt != null),
getEndpointIdentificationAlgorithmSE());
session.setRequestedServerNames(requestedServerNames);
setHandshakeSessionSE(session);
if (debug != null && Debug.isOn("handshake")) {
Expand Down Expand Up @@ -942,6 +949,7 @@ private void serverHelloDone(ServerHelloDone mesg) throws IOException {
m1.print(System.out);
}
m1.write(output);
handshakeState.update(m1, resumingSession);
}
}

Expand Down Expand Up @@ -1106,6 +1114,7 @@ hostname, getAccSE(), protocolVersion,
}
m2.write(output);

handshakeState.update(m2, resumingSession);

/*
* THIRD, send a "change_cipher_spec" record followed by the
Expand Down Expand Up @@ -1208,6 +1217,7 @@ hostname, getAccSE(), protocolVersion,
m3.print(System.out);
}
m3.write(output);
handshakeState.update(m3, resumingSession);
output.doHashes();
}

Expand Down Expand Up @@ -1265,6 +1275,8 @@ private void serverFinished(Finished mesg) throws IOException {
if (resumingSession) {
input.digestNow();
sendChangeCipherAndFinish(true);
} else {
handshakeFinished = true;
}
session.setLastAccessedTime(System.currentTimeMillis());

Expand Down Expand Up @@ -1310,13 +1322,6 @@ private void sendChangeCipherAndFinish(boolean finishedTag)
if (secureRenegotiation) {
clientVerifyData = mesg.getVerifyData();
}

/*
* Update state machine so server MUST send 'finished' next.
* (In "long" handshake case; in short case, we're responding
* to its message.)
*/
state = HandshakeMessage.ht_finished - 1;
}


Expand Down Expand Up @@ -1424,6 +1429,24 @@ HandshakeMessage getKickstartMessage() throws SSLException {
}
}

// ensure that the endpoint identification algorithm matches the
// one in the session
String identityAlg = getEndpointIdentificationAlgorithmSE();
if (session != null && identityAlg != null) {

String sessionIdentityAlg =
session.getEndpointIdentificationAlgorithm();
if (!Objects.equals(identityAlg, sessionIdentityAlg)) {

if (debug != null && Debug.isOn("session")) {
System.out.println("%% can't resume, endpoint id" +
" algorithm does not match, requested: " +
identityAlg + ", cached: " + sessionIdentityAlg);
}
session = null;
}
}

if (session != null) {
if (debug != null) {
if (Debug.isOn("handshake") || Debug.isOn("session")) {
Expand Down
2 changes: 2 additions & 0 deletions bootstrap/src/main/java/sun/security/ssl/HandshakeMessage.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ public abstract class HandshakeMessage {

static final byte ht_finished = 20;

static final byte ht_not_applicable = -1; // N/A

// BEGIN GRIZZLY NPN
// Defined by Draft03, section 3:
// A new handshake message type ("next_protocol(67)") is defined.
Expand Down
Loading