Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/src/java.base/share/classes/sun/security/ssl/ClientHandshakeContext.java
41159 views
1
/*

2
 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.  Oracle designates this

8
 * particular file as subject to the "Classpath" exception as provided

9
 * by Oracle in the LICENSE file that accompanied this code.

10
 *

11
 * This code is distributed in the hope that it will be useful, but WITHOUT

12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14
 * version 2 for more details (a copy is included in the LICENSE file that

15
 * accompanied this code).

16
 *

17
 * You should have received a copy of the GNU General Public License version

18
 * 2 along with this work; if not, write to the Free Software Foundation,

19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20
 *

21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22
 * or visit www.oracle.com if you need additional information or have any

23
 * questions.

24
 */

25


26
package sun.security.ssl;

27


28
import java.io.IOException;

29
import java.security.cert.X509Certificate;

30


31
import sun.security.ssl.ClientHello.ClientHelloMessage;

32


33
class ClientHandshakeContext extends HandshakeContext {

34
    /*

35
     * Allow unsafe server certificate change?

36
     *

37
     * Server certificate change during SSL/TLS renegotiation may be considered

38
     * unsafe, as described in the Triple Handshake attacks:

39
     *

40
     *     https://secure-resumption.com/tlsauth.pdf

41
     *

42
     * Endpoint identification (See

43
     * SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice

44
     * guarantee that the server certificate change in renegotiation is legal.

45
     * However, endpoint identification is only enabled for HTTPS and LDAP

46
     * over SSL/TLS by default.  It is not enough to protect SSL/TLS

47
     * connections other than HTTPS and LDAP.

48
     *

49
     * The renegotiation indication extension (See RFC 5746) is a pretty

50
     * strong guarantee that the endpoints on both client and server sides

51
     * are identical on the same connection.  However, the Triple Handshake

52
     * attacks can bypass this guarantee if there is a session-resumption

53
     * handshake between the initial full handshake and the renegotiation

54
     * full handshake.

55
     *

56
     * Server certificate change may be unsafe and should be restricted if

57
     * endpoint identification is not enabled and the previous handshake is

58
     * a session-resumption abbreviated initial handshake, unless the

59
     * identities represented by both certificates can be regraded as the

60
     * same (See isIdentityEquivalent()).

61
     *

62
     * Considering the compatibility impact and the actual requirements to

63
     * support server certificate change in practice, the system property,

64
     * jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe

65
     * server certificate change in renegotiation is allowed or not.  The

66
     * default value of the system property is "false".  To mitigate the

67
     * compatibility impact, applications may want to set the system

68
     * property to "true" at their own risk.

69
     *

70
     * If the value of the system property is "false", server certificate

71
     * change in renegotiation after a session-resumption abbreviated initial

72
     * handshake is restricted (See isIdentityEquivalent()).

73
     *

74
     * If the system property is set to "true" explicitly, the restriction on

75
     * server certificate change in renegotiation is disabled.

76
     */

77
    static final boolean allowUnsafeServerCertChange =

78
            Utilities.getBooleanProperty(

79
                    "jdk.tls.allowUnsafeServerCertChange", false);

80


81
    /*

82
     * the reserved server certificate chain in previous handshaking

83
     *

84
     * The server certificate chain is only reserved if the previous

85
     * handshake is a session-resumption abbreviated initial handshake.

86
     */

87
    X509Certificate[] reservedServerCerts = null;

88


89
    X509Certificate[] deferredCerts;

90


91
    ClientHelloMessage initialClientHelloMsg = null;

92


93
    // PSK identity is selected in first Hello and used again after HRR

94
    byte[] pskIdentity;

95


96
    ClientHandshakeContext(SSLContextImpl sslContext,

97
            TransportContext conContext) throws IOException {

98
        super(sslContext, conContext);

99
    }

100


101
    @Override

102
    void kickstart() throws IOException {

103
        if (kickstartMessageDelivered) {

104
            return;

105
        }

106


107
        SSLHandshake.kickstart(this);

108
        kickstartMessageDelivered = true;

109
    }

110
}

111


112