612 lines
22 KiB
Java
612 lines
22 KiB
Java
/*
|
|
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
import java.nio.ByteBuffer;
|
|
import java.nio.BufferUnderflowException;
|
|
import java.io.IOException;
|
|
import javax.net.ssl.*;
|
|
import java.util.*;
|
|
|
|
/**
|
|
* Instances of this class acts as an explorer of the network data of an
|
|
* SSL/TLS connection.
|
|
*/
|
|
public final class SSLExplorer {
|
|
|
|
// Private constructor prevents construction outside this class.
|
|
private SSLExplorer() {
|
|
}
|
|
|
|
/**
|
|
* The header size of TLS/SSL records.
|
|
* <P>
|
|
* The value of this constant is {@value}.
|
|
*/
|
|
public final static int RECORD_HEADER_SIZE = 0x05;
|
|
|
|
/**
|
|
* Returns the required number of bytes in the {@code source}
|
|
* {@link ByteBuffer} necessary to explore SSL/TLS connection.
|
|
* <P>
|
|
* This method tries to parse as few bytes as possible from
|
|
* {@code source} byte buffer to get the length of an
|
|
* SSL/TLS record.
|
|
* <P>
|
|
* This method accesses the {@code source} parameter in read-only
|
|
* mode, and does not update the buffer's properties such as capacity,
|
|
* limit, position, and mark values.
|
|
*
|
|
* @param source
|
|
* a {@link ByteBuffer} containing
|
|
* inbound or outbound network data for an SSL/TLS connection.
|
|
* @throws BufferUnderflowException if less than {@code RECORD_HEADER_SIZE}
|
|
* bytes remaining in {@code source}
|
|
* @return the required size in byte to explore an SSL/TLS connection
|
|
*/
|
|
public final static int getRequiredSize(ByteBuffer source) {
|
|
|
|
ByteBuffer input = source.duplicate();
|
|
|
|
// Do we have a complete header?
|
|
if (input.remaining() < RECORD_HEADER_SIZE) {
|
|
throw new BufferUnderflowException();
|
|
}
|
|
|
|
// Is it a handshake message?
|
|
byte firstByte = input.get();
|
|
byte secondByte = input.get();
|
|
byte thirdByte = input.get();
|
|
if ((firstByte & 0x80) != 0 && thirdByte == 0x01) {
|
|
// looks like a V2ClientHello
|
|
// return (((firstByte & 0x7F) << 8) | (secondByte & 0xFF)) + 2;
|
|
return RECORD_HEADER_SIZE; // Only need the header fields
|
|
} else {
|
|
return (((input.get() & 0xFF) << 8) | (input.get() & 0xFF)) + 5;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns the required number of bytes in the {@code source} byte array
|
|
* necessary to explore SSL/TLS connection.
|
|
* <P>
|
|
* This method tries to parse as few bytes as possible from
|
|
* {@code source} byte array to get the length of an
|
|
* SSL/TLS record.
|
|
*
|
|
* @param source
|
|
* a byte array containing inbound or outbound network data for
|
|
* an SSL/TLS connection.
|
|
* @param offset
|
|
* the start offset in array {@code source} at which the
|
|
* network data is read from.
|
|
* @param length
|
|
* the maximum number of bytes to read.
|
|
*
|
|
* @throws BufferUnderflowException if less than {@code RECORD_HEADER_SIZE}
|
|
* bytes remaining in {@code source}
|
|
* @return the required size in byte to explore an SSL/TLS connection
|
|
*/
|
|
public final static int getRequiredSize(byte[] source,
|
|
int offset, int length) throws IOException {
|
|
|
|
ByteBuffer byteBuffer =
|
|
ByteBuffer.wrap(source, offset, length).asReadOnlyBuffer();
|
|
return getRequiredSize(byteBuffer);
|
|
}
|
|
|
|
/**
|
|
* Launch and explore the security capabilities from byte buffer.
|
|
* <P>
|
|
* This method tries to parse as few records as possible from
|
|
* {@code source} byte buffer to get the {@link SSLCapabilities}
|
|
* of an SSL/TLS connection.
|
|
* <P>
|
|
* Please NOTE that this method must be called before any handshaking
|
|
* occurs. The behavior of this method is not defined in this release
|
|
* if the handshake has begun, or has completed.
|
|
* <P>
|
|
* This method accesses the {@code source} parameter in read-only
|
|
* mode, and does not update the buffer's properties such as capacity,
|
|
* limit, position, and mark values.
|
|
*
|
|
* @param source
|
|
* a {@link ByteBuffer} containing
|
|
* inbound or outbound network data for an SSL/TLS connection.
|
|
*
|
|
* @throws IOException on network data error
|
|
* @throws BufferUnderflowException if not enough source bytes available
|
|
* to make a complete exploration.
|
|
*
|
|
* @return the explored {@link SSLCapabilities} of the SSL/TLS
|
|
* connection
|
|
*/
|
|
public final static SSLCapabilities explore(ByteBuffer source)
|
|
throws IOException {
|
|
|
|
ByteBuffer input = source.duplicate();
|
|
|
|
// Do we have a complete header?
|
|
if (input.remaining() < RECORD_HEADER_SIZE) {
|
|
throw new BufferUnderflowException();
|
|
}
|
|
|
|
// Is it a handshake message?
|
|
byte firstByte = input.get();
|
|
byte secondByte = input.get();
|
|
byte thirdByte = input.get();
|
|
if ((firstByte & 0x80) != 0 && thirdByte == 0x01) {
|
|
// looks like a V2ClientHello
|
|
return exploreV2HelloRecord(input,
|
|
firstByte, secondByte, thirdByte);
|
|
} else if (firstByte == 22) { // 22: handshake record
|
|
return exploreTLSRecord(input,
|
|
firstByte, secondByte, thirdByte);
|
|
} else {
|
|
throw new SSLException("Not handshake record");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Launch and explore the security capabilities from byte array.
|
|
* <P>
|
|
* Please NOTE that this method must be called before any handshaking
|
|
* occurs. The behavior of this method is not defined in this release
|
|
* if the handshake has begun, or has completed. Once handshake has
|
|
* begun, or has completed, the security capabilities can not and
|
|
* should not be launched with this method.
|
|
*
|
|
* @param source
|
|
* a byte array containing inbound or outbound network data for
|
|
* an SSL/TLS connection.
|
|
* @param offset
|
|
* the start offset in array {@code source} at which the
|
|
* network data is read from.
|
|
* @param length
|
|
* the maximum number of bytes to read.
|
|
*
|
|
* @throws IOException on network data error
|
|
* @throws BufferUnderflowException if not enough source bytes available
|
|
* to make a complete exploration.
|
|
* @return the explored {@link SSLCapabilities} of the SSL/TLS
|
|
* connection
|
|
*
|
|
* @see #explore(ByteBuffer)
|
|
*/
|
|
public final static SSLCapabilities explore(byte[] source,
|
|
int offset, int length) throws IOException {
|
|
ByteBuffer byteBuffer =
|
|
ByteBuffer.wrap(source, offset, length).asReadOnlyBuffer();
|
|
return explore(byteBuffer);
|
|
}
|
|
|
|
/*
|
|
* uint8 V2CipherSpec[3];
|
|
* struct {
|
|
* uint16 msg_length; // The highest bit MUST be 1;
|
|
* // the remaining bits contain the length
|
|
* // of the following data in bytes.
|
|
* uint8 msg_type; // MUST be 1
|
|
* Version version;
|
|
* uint16 cipher_spec_length; // It cannot be zero and MUST be a
|
|
* // multiple of the V2CipherSpec length.
|
|
* uint16 session_id_length; // This field MUST be empty.
|
|
* uint16 challenge_length; // SHOULD use a 32-byte challenge
|
|
* V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length];
|
|
* opaque session_id[V2ClientHello.session_id_length];
|
|
* opaque challenge[V2ClientHello.challenge_length;
|
|
* } V2ClientHello;
|
|
*/
|
|
private static SSLCapabilities exploreV2HelloRecord(
|
|
ByteBuffer input, byte firstByte, byte secondByte,
|
|
byte thirdByte) throws IOException {
|
|
|
|
// We only need the header. We have already had enough source bytes.
|
|
// int recordLength = (firstByte & 0x7F) << 8) | (secondByte & 0xFF);
|
|
try {
|
|
// Is it a V2ClientHello?
|
|
if (thirdByte != 0x01) {
|
|
throw new SSLException(
|
|
"Unsupported or Unrecognized SSL record");
|
|
}
|
|
|
|
// What's the hello version?
|
|
byte helloVersionMajor = input.get();
|
|
byte helloVersionMinor = input.get();
|
|
|
|
// 0x00: major version of SSLv20
|
|
// 0x02: minor version of SSLv20
|
|
//
|
|
// SNIServerName is an extension, SSLv20 doesn't support extension.
|
|
return new SSLCapabilitiesImpl((byte)0x00, (byte)0x02,
|
|
helloVersionMajor, helloVersionMinor,
|
|
Collections.<SNIServerName>emptyList());
|
|
} catch (BufferUnderflowException bufe) {
|
|
throw new SSLProtocolException(
|
|
"Invalid handshake record");
|
|
}
|
|
}
|
|
|
|
/*
|
|
* struct {
|
|
* uint8 major;
|
|
* uint8 minor;
|
|
* } ProtocolVersion;
|
|
*
|
|
* enum {
|
|
* change_cipher_spec(20), alert(21), handshake(22),
|
|
* application_data(23), (255)
|
|
* } ContentType;
|
|
*
|
|
* struct {
|
|
* ContentType type;
|
|
* ProtocolVersion version;
|
|
* uint16 length;
|
|
* opaque fragment[TLSPlaintext.length];
|
|
* } TLSPlaintext;
|
|
*/
|
|
private static SSLCapabilities exploreTLSRecord(
|
|
ByteBuffer input, byte firstByte, byte secondByte,
|
|
byte thirdByte) throws IOException {
|
|
|
|
// Is it a handshake message?
|
|
if (firstByte != 22) { // 22: handshake record
|
|
throw new SSLException("Not handshake record");
|
|
}
|
|
|
|
// We need the record version to construct SSLCapabilities.
|
|
byte recordMajorVersion = secondByte;
|
|
byte recordMinorVersion = thirdByte;
|
|
|
|
// Is there enough data for a full record?
|
|
int recordLength = getInt16(input);
|
|
if (recordLength > input.remaining()) {
|
|
throw new BufferUnderflowException();
|
|
}
|
|
|
|
// We have already had enough source bytes.
|
|
try {
|
|
return exploreHandshake(input,
|
|
recordMajorVersion, recordMinorVersion, recordLength);
|
|
} catch (BufferUnderflowException bufe) {
|
|
throw new SSLProtocolException(
|
|
"Invalid handshake record");
|
|
}
|
|
}
|
|
|
|
/*
|
|
* enum {
|
|
* hello_request(0), client_hello(1), server_hello(2),
|
|
* certificate(11), server_key_exchange (12),
|
|
* certificate_request(13), server_hello_done(14),
|
|
* certificate_verify(15), client_key_exchange(16),
|
|
* finished(20)
|
|
* (255)
|
|
* } HandshakeType;
|
|
*
|
|
* struct {
|
|
* HandshakeType msg_type;
|
|
* uint24 length;
|
|
* select (HandshakeType) {
|
|
* case hello_request: HelloRequest;
|
|
* case client_hello: ClientHello;
|
|
* case server_hello: ServerHello;
|
|
* case certificate: Certificate;
|
|
* case server_key_exchange: ServerKeyExchange;
|
|
* case certificate_request: CertificateRequest;
|
|
* case server_hello_done: ServerHelloDone;
|
|
* case certificate_verify: CertificateVerify;
|
|
* case client_key_exchange: ClientKeyExchange;
|
|
* case finished: Finished;
|
|
* } body;
|
|
* } Handshake;
|
|
*/
|
|
private static SSLCapabilities exploreHandshake(
|
|
ByteBuffer input, byte recordMajorVersion,
|
|
byte recordMinorVersion, int recordLength) throws IOException {
|
|
|
|
// What is the handshake type?
|
|
byte handshakeType = input.get();
|
|
if (handshakeType != 0x01) { // 0x01: client_hello message
|
|
throw new IllegalStateException("Not initial handshaking");
|
|
}
|
|
|
|
// What is the handshake body length?
|
|
int handshakeLength = getInt24(input);
|
|
|
|
// Theoretically, a single handshake message might span multiple
|
|
// records, but in practice this does not occur.
|
|
if (handshakeLength > (recordLength - 4)) { // 4: handshake header size
|
|
throw new SSLException("Handshake message spans multiple records");
|
|
}
|
|
|
|
input = input.duplicate();
|
|
input.limit(handshakeLength + input.position());
|
|
return exploreClientHello(input,
|
|
recordMajorVersion, recordMinorVersion);
|
|
}
|
|
|
|
/*
|
|
* struct {
|
|
* uint32 gmt_unix_time;
|
|
* opaque random_bytes[28];
|
|
* } Random;
|
|
*
|
|
* opaque SessionID<0..32>;
|
|
*
|
|
* uint8 CipherSuite[2];
|
|
*
|
|
* enum { null(0), (255) } CompressionMethod;
|
|
*
|
|
* struct {
|
|
* ProtocolVersion client_version;
|
|
* Random random;
|
|
* SessionID session_id;
|
|
* CipherSuite cipher_suites<2..2^16-2>;
|
|
* CompressionMethod compression_methods<1..2^8-1>;
|
|
* select (extensions_present) {
|
|
* case false:
|
|
* struct {};
|
|
* case true:
|
|
* Extension extensions<0..2^16-1>;
|
|
* };
|
|
* } ClientHello;
|
|
*/
|
|
private static SSLCapabilities exploreClientHello(
|
|
ByteBuffer input,
|
|
byte recordMajorVersion,
|
|
byte recordMinorVersion) throws IOException {
|
|
|
|
List<SNIServerName> snList = Collections.<SNIServerName>emptyList();
|
|
|
|
// client version
|
|
byte helloMajorVersion = input.get();
|
|
byte helloMinorVersion = input.get();
|
|
|
|
// ignore random
|
|
int position = input.position();
|
|
input.position(position + 32); // 32: the length of Random
|
|
|
|
// ignore session id
|
|
ignoreByteVector8(input);
|
|
|
|
// ignore cipher_suites
|
|
ignoreByteVector16(input);
|
|
|
|
// ignore compression methods
|
|
ignoreByteVector8(input);
|
|
|
|
if (input.remaining() > 0) {
|
|
snList = exploreExtensions(input);
|
|
}
|
|
|
|
return new SSLCapabilitiesImpl(
|
|
recordMajorVersion, recordMinorVersion,
|
|
helloMajorVersion, helloMinorVersion, snList);
|
|
}
|
|
|
|
/*
|
|
* struct {
|
|
* ExtensionType extension_type;
|
|
* opaque extension_data<0..2^16-1>;
|
|
* } Extension;
|
|
*
|
|
* enum {
|
|
* server_name(0), max_fragment_length(1),
|
|
* client_certificate_url(2), trusted_ca_keys(3),
|
|
* truncated_hmac(4), status_request(5), (65535)
|
|
* } ExtensionType;
|
|
*/
|
|
private static List<SNIServerName> exploreExtensions(ByteBuffer input)
|
|
throws IOException {
|
|
|
|
int length = getInt16(input); // length of extensions
|
|
while (length > 0) {
|
|
int extType = getInt16(input); // extenson type
|
|
int extLen = getInt16(input); // length of extension data
|
|
|
|
if (extType == 0x00) { // 0x00: type of server name indication
|
|
return exploreSNIExt(input, extLen);
|
|
} else { // ignore other extensions
|
|
ignoreByteVector(input, extLen);
|
|
}
|
|
|
|
length -= extLen + 4;
|
|
}
|
|
|
|
return Collections.<SNIServerName>emptyList();
|
|
}
|
|
|
|
/*
|
|
* struct {
|
|
* NameType name_type;
|
|
* select (name_type) {
|
|
* case host_name: HostName;
|
|
* } name;
|
|
* } ServerName;
|
|
*
|
|
* enum {
|
|
* host_name(0), (255)
|
|
* } NameType;
|
|
*
|
|
* opaque HostName<1..2^16-1>;
|
|
*
|
|
* struct {
|
|
* ServerName server_name_list<1..2^16-1>
|
|
* } ServerNameList;
|
|
*/
|
|
private static List<SNIServerName> exploreSNIExt(ByteBuffer input,
|
|
int extLen) throws IOException {
|
|
|
|
Map<Integer, SNIServerName> sniMap = new LinkedHashMap<>();
|
|
|
|
int remains = extLen;
|
|
if (extLen >= 2) { // "server_name" extension in ClientHello
|
|
int listLen = getInt16(input); // length of server_name_list
|
|
if (listLen == 0 || listLen + 2 != extLen) {
|
|
throw new SSLProtocolException(
|
|
"Invalid server name indication extension");
|
|
}
|
|
|
|
remains -= 2; // 0x02: the length field of server_name_list
|
|
while (remains > 0) {
|
|
int code = getInt8(input); // name_type
|
|
int snLen = getInt16(input); // length field of server name
|
|
if (snLen > remains) {
|
|
throw new SSLProtocolException(
|
|
"Not enough data to fill declared vector size");
|
|
}
|
|
byte[] encoded = new byte[snLen];
|
|
input.get(encoded);
|
|
|
|
SNIServerName serverName;
|
|
switch (code) {
|
|
case StandardConstants.SNI_HOST_NAME:
|
|
if (encoded.length == 0) {
|
|
throw new SSLProtocolException(
|
|
"Empty HostName in server name indication");
|
|
}
|
|
serverName = new SNIHostName(encoded);
|
|
break;
|
|
default:
|
|
serverName = new UnknownServerName(code, encoded);
|
|
}
|
|
// check for duplicated server name type
|
|
if (sniMap.put(serverName.getType(), serverName) != null) {
|
|
throw new SSLProtocolException(
|
|
"Duplicated server name of type " +
|
|
serverName.getType());
|
|
}
|
|
|
|
remains -= encoded.length + 3; // NameType: 1 byte
|
|
// HostName length: 2 bytes
|
|
}
|
|
} else if (extLen == 0) { // "server_name" extension in ServerHello
|
|
throw new SSLProtocolException(
|
|
"Not server name indication extension in client");
|
|
}
|
|
|
|
if (remains != 0) {
|
|
throw new SSLProtocolException(
|
|
"Invalid server name indication extension");
|
|
}
|
|
|
|
return Collections.<SNIServerName>unmodifiableList(
|
|
new ArrayList<>(sniMap.values()));
|
|
}
|
|
|
|
private static int getInt8(ByteBuffer input) {
|
|
return input.get();
|
|
}
|
|
|
|
private static int getInt16(ByteBuffer input) {
|
|
return ((input.get() & 0xFF) << 8) | (input.get() & 0xFF);
|
|
}
|
|
|
|
private static int getInt24(ByteBuffer input) {
|
|
return ((input.get() & 0xFF) << 16) | ((input.get() & 0xFF) << 8) |
|
|
(input.get() & 0xFF);
|
|
}
|
|
|
|
private static void ignoreByteVector8(ByteBuffer input) {
|
|
ignoreByteVector(input, getInt8(input));
|
|
}
|
|
|
|
private static void ignoreByteVector16(ByteBuffer input) {
|
|
ignoreByteVector(input, getInt16(input));
|
|
}
|
|
|
|
private static void ignoreByteVector24(ByteBuffer input) {
|
|
ignoreByteVector(input, getInt24(input));
|
|
}
|
|
|
|
private static void ignoreByteVector(ByteBuffer input, int length) {
|
|
if (length != 0) {
|
|
int position = input.position();
|
|
input.position(position + length);
|
|
}
|
|
}
|
|
|
|
private static class UnknownServerName extends SNIServerName {
|
|
UnknownServerName(int code, byte[] encoded) {
|
|
super(code, encoded);
|
|
}
|
|
}
|
|
|
|
private static final class SSLCapabilitiesImpl extends SSLCapabilities {
|
|
private final static Map<Integer, String> versionMap = new HashMap<>(5);
|
|
|
|
private final String recordVersion;
|
|
private final String helloVersion;
|
|
List<SNIServerName> sniNames;
|
|
|
|
static {
|
|
versionMap.put(0x0002, "SSLv2Hello");
|
|
versionMap.put(0x0300, "SSLv3");
|
|
versionMap.put(0x0301, "TLSv1");
|
|
versionMap.put(0x0302, "TLSv1.1");
|
|
versionMap.put(0x0303, "TLSv1.2");
|
|
}
|
|
|
|
SSLCapabilitiesImpl(byte recordMajorVersion, byte recordMinorVersion,
|
|
byte helloMajorVersion, byte helloMinorVersion,
|
|
List<SNIServerName> sniNames) {
|
|
|
|
int version = (recordMajorVersion << 8) | recordMinorVersion;
|
|
this.recordVersion = versionMap.get(version) != null ?
|
|
versionMap.get(version) :
|
|
unknownVersion(recordMajorVersion, recordMinorVersion);
|
|
|
|
version = (helloMajorVersion << 8) | helloMinorVersion;
|
|
this.helloVersion = versionMap.get(version) != null ?
|
|
versionMap.get(version) :
|
|
unknownVersion(helloMajorVersion, helloMinorVersion);
|
|
|
|
this.sniNames = sniNames;
|
|
}
|
|
|
|
@Override
|
|
public String getRecordVersion() {
|
|
return recordVersion;
|
|
}
|
|
|
|
@Override
|
|
public String getHelloVersion() {
|
|
return helloVersion;
|
|
}
|
|
|
|
@Override
|
|
public List<SNIServerName> getServerNames() {
|
|
if (!sniNames.isEmpty()) {
|
|
return Collections.<SNIServerName>unmodifiableList(sniNames);
|
|
}
|
|
|
|
return sniNames;
|
|
}
|
|
|
|
private static String unknownVersion(byte major, byte minor) {
|
|
return "Unknown-" + ((int)major) + "." + ((int)minor);
|
|
}
|
|
}
|
|
}
|
|
|