/*
 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.text.MessageFormat;
import java.util.Locale;
import javax.net.ssl.SSLProtocolException;

import sun.security.ssl.ClientHello.ClientHelloMessage;
import sun.security.ssl.SSLExtension.ExtensionConsumer;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.SSLExtension.SSLExtensionSpec;
import sun.security.ssl.ServerHello.ServerHelloMessage;
import sun.security.util.HexDumpEncoder;

public class CookieExtension {
    static final HandshakeProducer chNetworkProducer =
            new CHCookieProducer();
    static final ExtensionConsumer chOnLoadConsumer =
            new CHCookieConsumer();
    static final HandshakeConsumer chOnTradeConsumer =
            new CHCookieUpdate();

    static final HandshakeProducer hrrNetworkProducer =
            new HRRCookieProducer();
    static final ExtensionConsumer hrrOnLoadConsumer =
            new HRRCookieConsumer();

    static final HandshakeProducer hrrNetworkReproducer =
            new HRRCookieReproducer();

    static final CookieStringizer cookieStringizer =
            new CookieStringizer();

    
The "cookie" extension.
/** * The "cookie" extension. */
static class CookieSpec implements SSLExtensionSpec { final byte[] cookie; private CookieSpec(ByteBuffer m) throws IOException { // opaque cookie<1..2^16-1>; if (m.remaining() < 3) { throw new SSLProtocolException( "Invalid cookie extension: insufficient data"); } this.cookie = Record.getBytes16(m); } @Override public String toString() { MessageFormat messageFormat = new MessageFormat( "\"cookie\": '{'\n" + "{0}\n" + "'}',", Locale.ENGLISH); HexDumpEncoder hexEncoder = new HexDumpEncoder(); Object[] messageFields = { Utilities.indent(hexEncoder.encode(cookie)) }; return messageFormat.format(messageFields); } } private static final class CookieStringizer implements SSLStringizer { @Override public String toString(ByteBuffer buffer) { try { return (new CookieSpec(buffer)).toString(); } catch (IOException ioe) { // For debug logging only, so please swallow exceptions. return ioe.getMessage(); } } } private static final class CHCookieProducer implements HandshakeProducer { // Prevent instantiation of this class. private CHCookieProducer() { // blank } @Override public byte[] produce(ConnectionContext context, HandshakeMessage message) throws IOException { ClientHandshakeContext chc = (ClientHandshakeContext) context; // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine( "Ignore unavailable cookie extension"); } return null; } // response to an HelloRetryRequest cookie CookieSpec spec = (CookieSpec)chc.handshakeExtensions.get( SSLExtension.HRR_COOKIE); if (spec != null && spec.cookie != null && spec.cookie.length != 0) { byte[] extData = new byte[spec.cookie.length + 2]; ByteBuffer m = ByteBuffer.wrap(extData); Record.putBytes16(m, spec.cookie); return extData; } return null; } } private static final class CHCookieConsumer implements ExtensionConsumer { // Prevent instantiation of this class. private CHCookieConsumer() { // blank } @Override public void consume(ConnectionContext context, HandshakeMessage message, ByteBuffer buffer) throws IOException { // The consuming happens in server side only. ServerHandshakeContext shc = (ServerHandshakeContext)context; // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(SSLExtension.CH_COOKIE)) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine( "Ignore unavailable cookie extension"); } return; // ignore the extension } CookieSpec spec; try { spec = new CookieSpec(buffer); } catch (IOException ioe) { throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe); } shc.handshakeExtensions.put(SSLExtension.CH_COOKIE, spec); // No impact on session resumption. // // Note that the protocol version negotiation happens before the // session resumption negotiation. And the session resumption // negotiation depends on the negotiated protocol version. } } private static final class CHCookieUpdate implements HandshakeConsumer { // Prevent instantiation of this class. private CHCookieUpdate() { // blank } @Override public void consume(ConnectionContext context, HandshakeMessage message) throws IOException { // The consuming happens in server side only. ServerHandshakeContext shc = (ServerHandshakeContext)context; ClientHelloMessage clientHello = (ClientHelloMessage)message; CookieSpec spec = (CookieSpec) shc.handshakeExtensions.get(SSLExtension.CH_COOKIE); if (spec == null) { // Ignore, no "cookie" extension requested. return; } HelloCookieManager hcm = shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol); if (!hcm.isCookieValid(shc, clientHello, spec.cookie)) { throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "unrecognized cookie"); } } } private static final class HRRCookieProducer implements HandshakeProducer { // Prevent instantiation of this class. private HRRCookieProducer() { // blank } @Override public byte[] produce(ConnectionContext context, HandshakeMessage message) throws IOException { // The producing happens in server side only. ServerHandshakeContext shc = (ServerHandshakeContext)context; ServerHelloMessage hrrm = (ServerHelloMessage)message; // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine( "Ignore unavailable cookie extension"); } return null; } HelloCookieManager hcm = shc.sslContext.getHelloCookieManager(shc.negotiatedProtocol); byte[] cookie = hcm.createCookie(shc, hrrm.clientHello); byte[] extData = new byte[cookie.length + 2]; ByteBuffer m = ByteBuffer.wrap(extData); Record.putBytes16(m, cookie); return extData; } } private static final class HRRCookieConsumer implements ExtensionConsumer { // Prevent instantiation of this class. private HRRCookieConsumer() { // blank } @Override public void consume(ConnectionContext context, HandshakeMessage message, ByteBuffer buffer) throws IOException { // The consuming happens in client side only. ClientHandshakeContext chc = (ClientHandshakeContext)context; // Is it a supported and enabled extension? if (!chc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine( "Ignore unavailable cookie extension"); } return; // ignore the extension } CookieSpec spec; try { spec = new CookieSpec(buffer); } catch (IOException ioe) { throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe); } chc.handshakeExtensions.put(SSLExtension.HRR_COOKIE, spec); } } private static final class HRRCookieReproducer implements HandshakeProducer { // Prevent instantiation of this class. private HRRCookieReproducer() { // blank } @Override public byte[] produce(ConnectionContext context, HandshakeMessage message) throws IOException { // The producing happens in server side only. ServerHandshakeContext shc = (ServerHandshakeContext) context; // Is it a supported and enabled extension? if (!shc.sslConfig.isAvailable(SSLExtension.HRR_COOKIE)) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine( "Ignore unavailable cookie extension"); } return null; } // copy of the ClientHello cookie CookieSpec spec = (CookieSpec)shc.handshakeExtensions.get( SSLExtension.CH_COOKIE); if (spec != null && spec.cookie != null && spec.cookie.length != 0) { byte[] extData = new byte[spec.cookie.length + 2]; ByteBuffer m = ByteBuffer.wrap(extData); Record.putBytes16(m, spec.cookie); return extData; } return null; } } }