Updated SSLSessionImpl constructor with Record interface methods

Author: nibjen

src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java

@@ -30,6 +30,7 @@
 import java.math.BigInteger;
 import java.net.InetAddress;
 import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
 import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
@@ -311,113 +312,90 @@ final class SSLSessionImpl extends ExtendedSSLSession {
     SSLSessionImpl(HandshakeContext hc, ByteBuffer buf) throws IOException {
         boundValues = new ConcurrentHashMap<>();
         this.protocolVersion =
-                ProtocolVersion.valueOf(Short.toUnsignedInt(buf.getShort()));
+                ProtocolVersion.valueOf(Record.getInt16(buf));
 
         // The CH session id may reset this if it's provided
         this.sessionId = new SessionId(true,
                 hc.sslContext.getSecureRandom());
 
         this.cipherSuite =
-                CipherSuite.valueOf(Short.toUnsignedInt(buf.getShort()));
+                CipherSuite.valueOf(Record.getInt16(buf));
 
         // Local Supported signature algorithms
         ArrayList<SignatureScheme> list = new ArrayList<>();
-        int i = Byte.toUnsignedInt(buf.get());
+        int i = Record.getInt8(buf);
         while (i-- > 0) {
             list.add(SignatureScheme.valueOf(
-                    Short.toUnsignedInt(buf.getShort())));
+                    Record.getInt16(buf)));
         }
         this.localSupportedSignAlgs = Collections.unmodifiableCollection(list);
 
         // Peer Supported signature algorithms
-        i = Byte.toUnsignedInt(buf.get());
+        i = Record.getInt8(buf);
         list.clear();
         while (i-- > 0) {
             list.add(SignatureScheme.valueOf(
-                    Short.toUnsignedInt(buf.getShort())));
+                    Record.getInt16(buf)));
         }
         this.peerSupportedSignAlgs = Collections.unmodifiableCollection(list);
 
         // PSK
-        byte[] b;
-        i = Short.toUnsignedInt(buf.getShort());
-        if (i > 0) {
-            b = new byte[i];
-            // Get algorithm string
-            buf.get(b, 0, i);
-            // Encoded length
-            i = Short.toUnsignedInt(buf.getShort());
-            // Encoded SecretKey
-            b = new byte[i];
-            buf.get(b);
+        byte[] b = Record.getBytes16(buf);
+        if (b.length > 0) {
+            b = Record.getBytes16(buf);
             this.preSharedKey = new SecretKeySpec(b, "TlsMasterSecret");
         } else {
             this.preSharedKey = null;
         }
 
         // PSK identity
-        i = Byte.toUnsignedInt(buf.get());
-        if (i > 0) {
-            b = new byte[i];
-            buf.get(b);
+        b = Record.getBytes8(buf);
+        if (b.length > 0) {
             this.pskIdentity = b;
         } else {
             this.pskIdentity = null;
         }
 
         // Master secret length of secret key algorithm  (one byte)
-        i = buf.get();
-        if (i > 0) {
-            b = new byte[i];
-            // Get algorithm string
-            buf.get(b, 0, i);
-            // Encoded length
-            i = Short.toUnsignedInt(buf.getShort());
-            // Encoded SecretKey
-            b = new byte[i];
-            buf.get(b);
+        b = Record.getBytes8(buf);
+        if (b.length > 0) {
+            b = Record.getBytes16(buf);
             this.masterSecret = new SecretKeySpec(b, "TlsMasterSecret");
         } else {
             this.masterSecret = null;
         }
+
         // Use extended master secret
-        this.useExtendedMasterSecret = (buf.get() != 0);
+        this.useExtendedMasterSecret = (Record.getInt8(buf) != 0);
 
         // Identification Protocol
-        i = buf.get();
-        if (i == 0) {
+        b = Record.getBytes8(buf);
+        if (b.length == 0) {
             identificationProtocol = null;
         } else {
-            b = new byte[i];
-            buf.get(b);
             identificationProtocol = new String(b);
         }
 
         // SNI
-        i = Byte.toUnsignedInt(buf.get());  // length
-        if (i == 0) {
+        b = Record.getBytes8(buf);
+        if (b.length == 0) {
             serverNameIndication = null;
         } else {
-            b = new byte[i];
-            buf.get(b, 0, b.length);
             serverNameIndication = new SNIHostName(b);
         }
 
         // List of SNIServerName
-        int len = Short.toUnsignedInt(buf.getShort());
+        int len = Record.getInt16(buf);
         if (len == 0) {
             this.requestedServerNames = Collections.emptyList();
         } else {
             requestedServerNames = new ArrayList<>();
             while (len > 0) {
-                int l = Byte.toUnsignedInt(buf.get());
-                b = new byte[l];
-                buf.get(b, 0, l);
+                b = Record.getBytes8(buf);
                 requestedServerNames.add(new SNIHostName(new String(b)));
                 len--;
             }
         }
-
         maximumPacketSize = buf.getInt();
         negotiatedMaxFragLen = buf.getInt();
 
@@ -427,31 +405,28 @@ final class SSLSessionImpl extends ExtendedSSLSession {
         // Get Buffer sizes
 
         // Status Response
-        len = Short.toUnsignedInt(buf.getShort());
+        len = Record.getInt16(buf);
         if (len == 0) {
             statusResponses = Collections.emptyList();
         } else {
             statusResponses = new ArrayList<>();
         }
         while (len-- > 0) {
-            b = new byte[Short.toUnsignedInt(buf.getShort())];
-            buf.get(b);
+            b = Record.getBytes16(buf);
             statusResponses.add(b);
         }
 
         // Get Peer host & port
-        i = Byte.toUnsignedInt(buf.get());
-        if (i == 0) {
+        b = Record.getBytes8(buf);
+        if (b.length == 0) {
             this.host = "";
         } else {
-            b = new byte[i];
-            buf.get(b, 0, i);
             this.host = new String(b);
         }
-        this.port = Short.toUnsignedInt(buf.getShort());
+        this.port = Record.getInt16(buf);
 
         // Peer certs
-        i = buf.get();
+        i = Record.getInt8(buf);
         if (i == 0) {
             this.peerCerts = null;
         } else {
@@ -470,7 +445,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
         }
 
         // Get local certs of PSK
-        switch (buf.get()) {
+        switch (Record.getInt8(buf)) {
             case 0:
                 break;
             case 1:
@@ -492,21 +467,15 @@ final class SSLSessionImpl extends ExtendedSSLSession {
             case 2:
                 // pre-shared key
                 // Length of pre-shared key algorithm  (one byte)
-                i = buf.get();
-                b = new byte[i];
-                buf.get(b, 0, i);
+                b = Record.getBytes8(buf);
                 String alg = new String(b);
-                // Get length of encoding
-                i = Short.toUnsignedInt(buf.getShort());
                 // Get encoding
-                b = new byte[i];
-                buf.get(b);
+                b = Record.getBytes16(buf);
                 this.preSharedKey = new SecretKeySpec(b, alg);
                 // Get identity len
-                i = buf.get();
+                i = Record.getInt8(buf);
                 if (i > 0) {
-                    this.pskIdentity = new byte[buf.get()];
-                    buf.get(pskIdentity);
+                    this.pskIdentity = Record.getBytes8(buf);
                 } else {
                     this.pskIdentity = null;
                 }
@@ -520,6 +489,7 @@ final class SSLSessionImpl extends ExtendedSSLSession {
         this.lastUsedTime = System.currentTimeMillis();
     }
 
+
     // Some situations we cannot provide a stateless ticket, but after it
     // has been negotiated
     boolean isStatelessable() {

test/jdk/sun/security/ssl/SSLSessionImpl/ResumeClientTLS12withSNI.java

@@ -25,13 +25,16 @@
  * @test
  * @bug 8350830
  * @summary TLS 1.2 Client session resumption having ServerNameIndication
- * @run main/othervm ResumeClientTLS12withSNI
+ * @modules java.base/sun.security.tools.keytool
+ * @run main/othervm -Djavax.net.debug=all ResumeClientTLS12withSNI
  */
 
 import javax.net.ssl.*;
 import javax.net.ssl.SSLEngineResult.HandshakeStatus;
 import java.io.*;
 import java.nio.ByteBuffer;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.util.*;
@@ -41,18 +44,7 @@ public class ResumeClientTLS12withSNI {
     /*
      * Enables logging of the SSLEngine operations.
      */
-    private static final boolean logging = false;
-
-    /*
-     * Enables the JSSE system debugging system property:
-     *
-     *     -Djavax.net.debug=ssl:handshake
-     *
-     * This gives a lot of low-level information about operations underway,
-     * including specific handshake messages, and might be best examined
-     * after gaining some familiarity with this application.
-     */
-    private static final boolean debug = true;
+    private static final boolean logging = true;
 
     private static SSLContext sslc;
 
@@ -70,15 +62,12 @@ public class ResumeClientTLS12withSNI {
     private ByteBuffer cTOs; // "reliable" transport client->server
     private ByteBuffer sTOc; // "reliable" transport server->client
 
-
-    private byte[] previousSessionId;
-
     /*
      * The following is to set up the keystores.
      */
     private static final String pathToStores = System.getProperty("test.src", ".");
-    private static final String keyStoreFile = "keystore_san.p12";
-    private static final String trustStoreFile = "keystore_san.p12";
+    private static final String keyStoreFile = "ks_san.p12";
+    private static final String trustStoreFile = "ks_san.p12";
     private static final char[] passphrase = "123456".toCharArray();
 
     private static final String keyFilename =
@@ -88,21 +77,28 @@ public class ResumeClientTLS12withSNI {
 
     private static final String HOST_NAME = "arf.yak.foo.localhost123456.localhost123456.localhost123456.localhost123456.localhost123456.localhost123456."
             + "localhost123456.localhost123456.localhost123456.localhost123456.localhost123456.localhost123456";
-    private static final SNIHostName SNI_NAME = new SNIHostName(HOST_NAME);
     private static final SNIMatcher SNI_MATCHER = SNIHostName.createSNIMatcher("arf\\.yak\\.foo.*");
 
     /*
      * Main entry point for this test.
      */
     public static void main(String args[]) throws Exception {
-        if (debug) {
-            System.setProperty("javax.net.debug", "ssl");
-        }
-
+        Files.deleteIfExists(Path.of(keyFilename));
+
+        sun.security.tools.keytool.Main.main(
+                ("-keystore " + keyFilename + " -storepass 123456 -keypass 123456 -dname"
+                 + " CN=test" + " -alias ks_san -genkeypair -keyalg rsa -ext "
+                 + "san=dns:localhost123.localhost123.localhost123.localhost123."
+                 + "localhost123.localhost123.localhost123.localhost123.localhost123."
+                 + "localhost123.localhost123.localhost123.localhost123.localhost123."
+                 + "localhost123.localhost123.localhost123.localhost123.localhost123.com,"
+                 + "dns:localhost456").split(" "));
         final ResumeClientTLS12withSNI clientSession = new ResumeClientTLS12withSNI("TLSv1.2");
         for (int i = 0; i < 2; i++) {
             clientSession.runTest();
         }
+
+        Files.deleteIfExists(Path.of(keyFilename));
     }
 
     public ResumeClientTLS12withSNI(final String sslProtocol) throws Exception {
@@ -183,10 +179,6 @@ private void runTest() throws Exception {
             log("================");
 
             clientResult = clientEngine.wrap(clientOut, cTOs);
-            if (clientResult.getHandshakeStatus() == HandshakeStatus.FINISHED) {
-                this.verifySessionResumption(this.previousSessionId, clientEngine);
-                this.previousSessionId = clientEngine.getSession().getId();
-            }
             log("client wrap: ", clientResult);
             runDelegatedTasks(clientResult, clientEngine);
 
@@ -200,10 +192,6 @@ private void runTest() throws Exception {
             log("-------");
 
             clientResult = clientEngine.unwrap(sTOc, clientIn);
-            if (clientResult.getHandshakeStatus() == HandshakeStatus.FINISHED) {
-                this.verifySessionResumption(this.previousSessionId, clientEngine);
-                this.previousSessionId = clientEngine.getSession().getId();
-            }
             log("client unwrap: ", clientResult);
             runDelegatedTasks(clientResult, clientEngine);
 
@@ -262,10 +250,9 @@ private void createSSLEngines() throws Exception {
         /*
          * Similar to above, but using client mode instead.
          */
-        clientEngine = sslc.createSSLEngine("client", 80);
+        clientEngine = sslc.createSSLEngine(HOST_NAME, 80);
         clientEngine.setUseClientMode(true);
         SSLParameters cliSSLParams = clientEngine.getSSLParameters();
-        cliSSLParams.setServerNames(List.of(SNI_NAME));
         clientEngine.setSSLParameters(cliSSLParams);
     }
 
@@ -377,19 +364,4 @@ private static void log(String str) {
             System.out.println(str);
         }
     }
-
-    private void verifySessionResumption(final byte[] expected, final SSLEngine engine) {
-        if (expected == null) {
-            // we haven't yet created a session previously, so there isn't any
-            // session to be expected to resume
-            return;
-        }
-        final byte[] sessionId = engine.getSession().getId();
-        // compare and verify if they are same
-        if (Arrays.equals(expected, sessionId)) {
-            System.out.println(this.sslc.getProvider().getName() + " " + this.sslc.getProtocol() + " - Session resumption SUCCEEDED");
-        } else {
-            System.out.println(this.sslc.getProvider().getName() + " " + this.sslc.getProtocol() + " - Session resumption FAILED");
-        }
-    }
 }