1 /*
   2  * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.io.IOException;
  29 import java.nio.ByteBuffer;
  30 import java.text.MessageFormat;
  31 import java.util.Collection;
  32 import java.util.Collections;
  33 import java.util.LinkedList;
  34 import java.util.Locale;
  35 import sun.security.ssl.SSLHandshake.HandshakeMessage;
  36 import sun.security.util.HexDumpEncoder;
  37 
  38 enum SSLExtension implements SSLStringizer {
  39     // Extensions defined in RFC 6066
  40     CH_SERVER_NAME          (0x0000,  "server_name",
  41                                 SSLHandshake.CLIENT_HELLO,
  42                                 ProtocolVersion.PROTOCOLS_TO_13,
  43                                 ServerNameExtension.chNetworkProducer,
  44                                 ServerNameExtension.chOnLoadConsumer,
  45                                 null,
  46                                 null,
  47                                 null,
  48                                 ServerNameExtension.chStringizer),
  49     SH_SERVER_NAME          (0x0000, "server_name",
  50                                 SSLHandshake.SERVER_HELLO,
  51                                 ProtocolVersion.PROTOCOLS_TO_12,
  52                                 ServerNameExtension.shNetworkProducer,
  53                                 ServerNameExtension.shOnLoadConsumer,
  54                                 null,
  55                                 null,
  56                                 null,
  57                                 ServerNameExtension.shStringizer),
  58     EE_SERVER_NAME          (0x0000, "server_name",
  59                                 SSLHandshake.ENCRYPTED_EXTENSIONS,
  60                                 ProtocolVersion.PROTOCOLS_OF_13,
  61                                 ServerNameExtension.eeNetworkProducer,
  62                                 ServerNameExtension.eeOnLoadConsumer,
  63                                 null,
  64                                 null,
  65                                 null,
  66                                 ServerNameExtension.shStringizer),
  67     CH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length",
  68                                 SSLHandshake.CLIENT_HELLO,
  69                                 ProtocolVersion.PROTOCOLS_TO_13,
  70                                 MaxFragExtension.chNetworkProducer,
  71                                 MaxFragExtension.chOnLoadConsumer,
  72                                 null,
  73                                 null,
  74                                 null,
  75                                 MaxFragExtension.maxFragLenStringizer),
  76     SH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length",
  77                                 SSLHandshake.SERVER_HELLO,
  78                                 ProtocolVersion.PROTOCOLS_TO_12,
  79                                 MaxFragExtension.shNetworkProducer,
  80                                 MaxFragExtension.shOnLoadConsumer,
  81                                 null,
  82                                 MaxFragExtension.shOnTradeConsumer,
  83                                 null,
  84                                 MaxFragExtension.maxFragLenStringizer),
  85     EE_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length",
  86                                 SSLHandshake.ENCRYPTED_EXTENSIONS,
  87                                 ProtocolVersion.PROTOCOLS_OF_13,
  88                                 MaxFragExtension.eeNetworkProducer,
  89                                 MaxFragExtension.eeOnLoadConsumer,
  90                                 null,
  91                                 MaxFragExtension.eeOnTradeConsumer,
  92                                 null,
  93                                 MaxFragExtension.maxFragLenStringizer),
  94     CLIENT_CERTIFICATE_URL  (0x0002, "client_certificate_url"),
  95     TRUSTED_CA_KEYS         (0x0003, "trusted_ca_keys"),
  96     TRUNCATED_HMAC          (0x0004, "truncated_hmac"),
  97 
  98     CH_STATUS_REQUEST       (0x0005, "status_request",
  99                                 SSLHandshake.CLIENT_HELLO,
 100                                 ProtocolVersion.PROTOCOLS_TO_13,
 101                                 CertStatusExtension.chNetworkProducer,
 102                                 CertStatusExtension.chOnLoadConsumer,
 103                                 null,
 104                                 null,
 105                                 null,
 106                                 CertStatusExtension.certStatusReqStringizer),
 107     SH_STATUS_REQUEST       (0x0005, "status_request",
 108                                 SSLHandshake.SERVER_HELLO,
 109                                 ProtocolVersion.PROTOCOLS_TO_12,
 110                                 CertStatusExtension.shNetworkProducer,
 111                                 CertStatusExtension.shOnLoadConsumer,
 112                                 null,
 113                                 null,
 114                                 null,
 115                                 CertStatusExtension.certStatusReqStringizer),
 116 
 117     CR_STATUS_REQUEST       (0x0005, "status_request"),
 118     CT_STATUS_REQUEST       (0x0005, "status_request",
 119                                 SSLHandshake.CERTIFICATE,
 120                                 ProtocolVersion.PROTOCOLS_OF_13,
 121                                 CertStatusExtension.ctNetworkProducer,
 122                                 CertStatusExtension.ctOnLoadConsumer,
 123                                 null,
 124                                 null,
 125                                 null,
 126                                 CertStatusExtension.certStatusRespStringizer),
 127     // extensions defined in RFC 4681
 128     USER_MAPPING            (0x0006, "user_mapping"),
 129 
 130     // extensions defined in RFC 5878
 131     CLIENT_AUTHZ            (0x0007, "client_authz"),
 132     SERVER_AUTHZ            (0x0008, "server_authz"),
 133 
 134     // extensions defined in RFC 5081
 135     CERT_TYPE               (0x0009, "cert_type"),
 136 
 137     // extensions defined in RFC 4492 (ECC)
 138     CH_SUPPORTED_GROUPS     (0x000A, "supported_groups",
 139                                 SSLHandshake.CLIENT_HELLO,
 140                                 ProtocolVersion.PROTOCOLS_TO_13,
 141                                 SupportedGroupsExtension.chNetworkProducer,
 142                                 SupportedGroupsExtension.chOnLoadConsumer,
 143                                 null,
 144                                 null,
 145                                 null,
 146                                 SupportedGroupsExtension.sgsStringizer),
 147     EE_SUPPORTED_GROUPS     (0x000A, "supported_groups",
 148                                 SSLHandshake.ENCRYPTED_EXTENSIONS,
 149                                 ProtocolVersion.PROTOCOLS_OF_13,
 150                                 SupportedGroupsExtension.eeNetworkProducer,
 151                                 SupportedGroupsExtension.eeOnLoadConsumer,
 152                                 null,
 153                                 null,
 154                                 null,
 155                                 SupportedGroupsExtension.sgsStringizer),
 156 
 157     CH_EC_POINT_FORMATS     (0x000B, "ec_point_formats",
 158                                 SSLHandshake.CLIENT_HELLO,
 159                                 ProtocolVersion.PROTOCOLS_TO_12,
 160                                 ECPointFormatsExtension.chNetworkProducer,
 161                                 ECPointFormatsExtension.chOnLoadConsumer,
 162                                 null,
 163                                 null,
 164                                 null,
 165                                 ECPointFormatsExtension.epfStringizer),
 166     SH_EC_POINT_FORMATS     (0x000B, "ec_point_formats",
 167                                 SSLHandshake.SERVER_HELLO,
 168                                 ProtocolVersion.PROTOCOLS_TO_12,
 169                                 null,   // not use of the producer
 170                                 ECPointFormatsExtension.shOnLoadConsumer,
 171                                 null,
 172                                 null,
 173                                 null,
 174                                 ECPointFormatsExtension.epfStringizer),
 175 
 176     // extensions defined in RFC 5054
 177     SRP                     (0x000C, "srp"),
 178 
 179     // extensions defined in RFC 5246
 180     CH_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms",
 181                                 SSLHandshake.CLIENT_HELLO,
 182                                 ProtocolVersion.PROTOCOLS_12_13,
 183                                 SignatureAlgorithmsExtension.chNetworkProducer,
 184                                 SignatureAlgorithmsExtension.chOnLoadConsumer,
 185                                 SignatureAlgorithmsExtension.chOnLoadAbsence,
 186                                 SignatureAlgorithmsExtension.chOnTradeConsumer,
 187                                 SignatureAlgorithmsExtension.chOnTradeAbsence,
 188                                 SignatureAlgorithmsExtension.ssStringizer),
 189     CR_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms",
 190                                 SSLHandshake.CERTIFICATE_REQUEST,
 191                                 ProtocolVersion.PROTOCOLS_OF_13,
 192                                 SignatureAlgorithmsExtension.crNetworkProducer,
 193                                 SignatureAlgorithmsExtension.crOnLoadConsumer,
 194                                 SignatureAlgorithmsExtension.crOnLoadAbsence,
 195                                 SignatureAlgorithmsExtension.crOnTradeConsumer,
 196                                 null,
 197                                 SignatureAlgorithmsExtension.ssStringizer),
 198 
 199     CH_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert",
 200                                 SSLHandshake.CLIENT_HELLO,
 201                                 ProtocolVersion.PROTOCOLS_12_13,
 202                                 CertSignAlgsExtension.chNetworkProducer,
 203                                 CertSignAlgsExtension.chOnLoadConsumer,
 204                                 null,
 205                                 CertSignAlgsExtension.chOnTradeConsumer,
 206                                 null,
 207                                 CertSignAlgsExtension.ssStringizer),
 208     CR_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert",
 209                                 SSLHandshake.CERTIFICATE_REQUEST,
 210                                 ProtocolVersion.PROTOCOLS_OF_13,
 211                                 CertSignAlgsExtension.crNetworkProducer,
 212                                 CertSignAlgsExtension.crOnLoadConsumer,
 213                                 null,
 214                                 CertSignAlgsExtension.crOnTradeConsumer,
 215                                 null,
 216                                 CertSignAlgsExtension.ssStringizer),
 217 
 218     // extensions defined in RFC 5764
 219     USE_SRTP                (0x000E, "use_srtp"),
 220 
 221     // extensions defined in RFC 6520
 222     HEARTBEAT               (0x000E, "heartbeat"),
 223 
 224     // extension defined in RFC 7301 (ALPN)
 225     CH_ALPN                 (0x0010, "application_layer_protocol_negotiation",
 226                                 SSLHandshake.CLIENT_HELLO,
 227                                 ProtocolVersion.PROTOCOLS_TO_13,
 228                                 AlpnExtension.chNetworkProducer,
 229                                 AlpnExtension.chOnLoadConsumer,
 230                                 AlpnExtension.chOnLoadAbsence,
 231                                 null,
 232                                 null,
 233                                 AlpnExtension.alpnStringizer),
 234     SH_ALPN                 (0x0010, "application_layer_protocol_negotiation",
 235                                 SSLHandshake.SERVER_HELLO,
 236                                 ProtocolVersion.PROTOCOLS_TO_12,
 237                                 AlpnExtension.shNetworkProducer,
 238                                 AlpnExtension.shOnLoadConsumer,
 239                                 AlpnExtension.shOnLoadAbsence,
 240                                 null,
 241                                 null,
 242                                 AlpnExtension.alpnStringizer),
 243     EE_ALPN                 (0x0010, "application_layer_protocol_negotiation",
 244                                 SSLHandshake.ENCRYPTED_EXTENSIONS,
 245                                 ProtocolVersion.PROTOCOLS_OF_13,
 246                                 AlpnExtension.shNetworkProducer,
 247                                 AlpnExtension.shOnLoadConsumer,
 248                                 AlpnExtension.shOnLoadAbsence,
 249                                 null,
 250                                 null,
 251                                 AlpnExtension.alpnStringizer),
 252 
 253     // extensions defined in RFC 6961
 254     CH_STATUS_REQUEST_V2    (0x0011, "status_request_v2",
 255                                 SSLHandshake.CLIENT_HELLO,
 256                                 ProtocolVersion.PROTOCOLS_TO_12,
 257                                 CertStatusExtension.chV2NetworkProducer,
 258                                 CertStatusExtension.chV2OnLoadConsumer,
 259                                 null,
 260                                 null,
 261                                 null,
 262                                 CertStatusExtension.certStatusReqV2Stringizer),
 263     SH_STATUS_REQUEST_V2    (0x0011, "status_request_v2",
 264                                 SSLHandshake.SERVER_HELLO,
 265                                 ProtocolVersion.PROTOCOLS_TO_12,
 266                                 CertStatusExtension.shV2NetworkProducer,
 267                                 CertStatusExtension.shV2OnLoadConsumer,
 268                                 null,
 269                                 null,
 270                                 null,
 271                                 CertStatusExtension.certStatusReqV2Stringizer),
 272 
 273     // extensions defined in RFC 6962
 274     SIGNED_CERT_TIMESTAMP   (0x0012, "signed_certificate_timestamp"),
 275 
 276     // extensions defined in RFC 7250
 277     CLIENT_CERT_TYPE        (0x0013, "padding"),
 278     SERVER_CERT_TYPE        (0x0014, "server_certificate_type"),
 279 
 280     // extensions defined in RFC 7685
 281     PADDING                 (0x0015, "client_certificate_type"),
 282 
 283     // extensions defined in RFC 7366
 284     ENCRYPT_THEN_MAC        (0x0016, "encrypt_then_mac"),
 285 
 286     // extensions defined in RFC 7627
 287     CH_EXTENDED_MASTER_SECRET  (0x0017, "extended_master_secret",
 288                                 SSLHandshake.CLIENT_HELLO,
 289                                 ProtocolVersion.PROTOCOLS_TO_12,
 290                                 ExtendedMasterSecretExtension.chNetworkProducer,
 291                                 ExtendedMasterSecretExtension.chOnLoadConsumer,
 292                                 ExtendedMasterSecretExtension.chOnLoadAbsence,
 293                                 null,
 294                                 null,
 295                                 ExtendedMasterSecretExtension.emsStringizer),
 296     SH_EXTENDED_MASTER_SECRET  (0x0017, "extended_master_secret",
 297                                 SSLHandshake.SERVER_HELLO,
 298                                 ProtocolVersion.PROTOCOLS_TO_12,
 299                                 ExtendedMasterSecretExtension.shNetworkProducer,
 300                                 ExtendedMasterSecretExtension.shOnLoadConsumer,
 301                                 ExtendedMasterSecretExtension.shOnLoadAbsence,
 302                                 null,
 303                                 null,
 304                                 ExtendedMasterSecretExtension.emsStringizer),
 305 
 306     // extensions defined in RFC draft-ietf-tokbind-negotiation
 307     TOKEN_BINDING           (0x0018, "token_binding "),
 308 
 309     // extensions defined in RFC 7924
 310     CACHED_INFO             (0x0019, "cached_info"),
 311 
 312     // extensions defined in RFC 5077
 313     CH_SESSION_TICKET       (0x0023, "session_ticket",
 314             SSLHandshake.CLIENT_HELLO,
 315             ProtocolVersion.PROTOCOLS_10_12,
 316             SessionTicketExtension.chNetworkProducer,
 317             SessionTicketExtension.chOnLoadConsumer,
 318             null,
 319             null,
 320             null,
 321             SessionTicketExtension.steStringizer),
 322             //null),
 323 
 324     SH_SESSION_TICKET       (0x0023, "session_ticket",
 325             SSLHandshake.SERVER_HELLO,
 326             ProtocolVersion.PROTOCOLS_10_12,
 327             SessionTicketExtension.shNetworkProducer,
 328             SessionTicketExtension.shOnLoadConsumer,
 329             null,
 330             null,
 331             null,
 332             SessionTicketExtension.steStringizer),
 333             //null),
 334 
 335     // extensions defined in TLS 1.3
 336     CH_EARLY_DATA           (0x002A, "early_data"),
 337     EE_EARLY_DATA           (0x002A, "early_data"),
 338     NST_EARLY_DATA          (0x002A, "early_data"),
 339 
 340     CH_SUPPORTED_VERSIONS   (0x002B, "supported_versions",
 341                                 SSLHandshake.CLIENT_HELLO,
 342                                 ProtocolVersion.PROTOCOLS_TO_13,
 343                                 SupportedVersionsExtension.chNetworkProducer,
 344                                 SupportedVersionsExtension.chOnLoadConsumer,
 345                                 null,
 346                                 null,
 347                                 null,
 348                                 SupportedVersionsExtension.chStringizer),
 349     SH_SUPPORTED_VERSIONS   (0x002B, "supported_versions",
 350                                 SSLHandshake.SERVER_HELLO,
 351                                         // and HelloRetryRequest
 352                                 ProtocolVersion.PROTOCOLS_OF_13,
 353                                 SupportedVersionsExtension.shNetworkProducer,
 354                                 SupportedVersionsExtension.shOnLoadConsumer,
 355                                 null,
 356                                 null,
 357                                 null,
 358                                 SupportedVersionsExtension.shStringizer),
 359     HRR_SUPPORTED_VERSIONS  (0x002B, "supported_versions",
 360                                 SSLHandshake.HELLO_RETRY_REQUEST,
 361                                 ProtocolVersion.PROTOCOLS_OF_13,
 362                                 SupportedVersionsExtension.hrrNetworkProducer,
 363                                 SupportedVersionsExtension.hrrOnLoadConsumer,
 364                                 null,
 365                                 null,
 366                                 null,
 367                                 SupportedVersionsExtension.hrrStringizer),
 368     MH_SUPPORTED_VERSIONS   (0x002B, "supported_versions",
 369                                 SSLHandshake.MESSAGE_HASH,
 370                                 ProtocolVersion.PROTOCOLS_OF_13,
 371                                 SupportedVersionsExtension.hrrReproducer,
 372                                 null, null, null,
 373                                 null,
 374                                 SupportedVersionsExtension.hrrStringizer),
 375 
 376     CH_COOKIE               (0x002C, "cookie",
 377                                 SSLHandshake.CLIENT_HELLO,
 378                                 ProtocolVersion.PROTOCOLS_OF_13,
 379                                 CookieExtension.chNetworkProducer,
 380                                 CookieExtension.chOnLoadConsumer,
 381                                 null,
 382                                 CookieExtension.chOnTradeConsumer,
 383                                 null,
 384                                 CookieExtension.cookieStringizer),
 385     HRR_COOKIE              (0x002C, "cookie",
 386                                 SSLHandshake.HELLO_RETRY_REQUEST,
 387                                 ProtocolVersion.PROTOCOLS_OF_13,
 388                                 CookieExtension.hrrNetworkProducer,
 389                                 CookieExtension.hrrOnLoadConsumer,
 390                                 null, null,
 391                                 null,
 392                                 CookieExtension.cookieStringizer),
 393     MH_COOKIE               (0x002C, "cookie",
 394                                 SSLHandshake.MESSAGE_HASH,
 395                                 ProtocolVersion.PROTOCOLS_OF_13,
 396                                 CookieExtension.hrrNetworkReproducer,
 397                                 null, null, null,
 398                                 null,
 399                                 CookieExtension.cookieStringizer),
 400 
 401     PSK_KEY_EXCHANGE_MODES  (0x002D, "psk_key_exchange_modes",
 402                                 SSLHandshake.CLIENT_HELLO,
 403                                 ProtocolVersion.PROTOCOLS_OF_13,
 404                                 PskKeyExchangeModesExtension.chNetworkProducer,
 405                                 PskKeyExchangeModesExtension.chOnLoadConsumer,
 406                                 PskKeyExchangeModesExtension.chOnLoadAbsence,
 407                                 null,
 408                                 PskKeyExchangeModesExtension.chOnTradeAbsence,
 409                                 PskKeyExchangeModesExtension.pkemStringizer),
 410     CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities"),
 411     OID_FILTERS             (0x0030, "oid_filters"),
 412     POST_HANDSHAKE_AUTH     (0x0030, "post_handshake_auth"),
 413 
 414     CH_KEY_SHARE            (0x0033, "key_share",
 415                                 SSLHandshake.CLIENT_HELLO,
 416                                 ProtocolVersion.PROTOCOLS_OF_13,
 417                                 KeyShareExtension.chNetworkProducer,
 418                                 KeyShareExtension.chOnLoadConsumer,
 419                                 null, null, null,
 420                                 KeyShareExtension.chStringizer),
 421     SH_KEY_SHARE            (0x0033, "key_share",
 422                                 SSLHandshake.SERVER_HELLO,
 423                                 ProtocolVersion.PROTOCOLS_OF_13,
 424                                 KeyShareExtension.shNetworkProducer,
 425                                 KeyShareExtension.shOnLoadConsumer,
 426                                 KeyShareExtension.shOnLoadAbsence,
 427                                 null,
 428                                 null,
 429                                 KeyShareExtension.shStringizer),
 430     HRR_KEY_SHARE           (0x0033, "key_share",
 431                                 SSLHandshake.HELLO_RETRY_REQUEST,
 432                                 ProtocolVersion.PROTOCOLS_OF_13,
 433                                 KeyShareExtension.hrrNetworkProducer,
 434                                 KeyShareExtension.hrrOnLoadConsumer,
 435                                 null, null, null,
 436                                 KeyShareExtension.hrrStringizer),
 437     MH_KEY_SHARE            (0x0033, "key_share",
 438                                 SSLHandshake.MESSAGE_HASH,
 439                                 ProtocolVersion.PROTOCOLS_OF_13,
 440                                 KeyShareExtension.hrrNetworkReproducer,
 441                                 null, null, null, null,
 442                                 KeyShareExtension.hrrStringizer),
 443 
 444     // Extensions defined in RFC 5746
 445     CH_RENEGOTIATION_INFO   (0xff01, "renegotiation_info",
 446                                 SSLHandshake.CLIENT_HELLO,
 447                                 ProtocolVersion.PROTOCOLS_TO_12,
 448                                 RenegoInfoExtension.chNetworkProducer,
 449                                 RenegoInfoExtension.chOnLoadConsumer,
 450                                 RenegoInfoExtension.chOnLoadAbsence,
 451                                 null,
 452                                 null,
 453                                 RenegoInfoExtension.rniStringizer),
 454     SH_RENEGOTIATION_INFO   (0xff01, "renegotiation_info",
 455                                 SSLHandshake.SERVER_HELLO,
 456                                 ProtocolVersion.PROTOCOLS_TO_12,
 457                                 RenegoInfoExtension.shNetworkProducer,
 458                                 RenegoInfoExtension.shOnLoadConsumer,
 459                                 RenegoInfoExtension.shOnLoadAbsence,
 460                                 null,
 461                                 null,
 462                                 RenegoInfoExtension.rniStringizer),
 463 
 464     // TLS 1.3 PSK extension must be last
 465     CH_PRE_SHARED_KEY       (0x0029, "pre_shared_key",
 466                                 SSLHandshake.CLIENT_HELLO,
 467                                 ProtocolVersion.PROTOCOLS_OF_13,
 468                                 PreSharedKeyExtension.chNetworkProducer,
 469                                 PreSharedKeyExtension.chOnLoadConsumer,
 470                                 PreSharedKeyExtension.chOnLoadAbsence,
 471                                 PreSharedKeyExtension.chOnTradeConsumer,
 472                                 null,
 473                                 PreSharedKeyExtension.chStringizer),
 474     SH_PRE_SHARED_KEY       (0x0029, "pre_shared_key",
 475                                 SSLHandshake.SERVER_HELLO,
 476                                 ProtocolVersion.PROTOCOLS_OF_13,
 477                                 PreSharedKeyExtension.shNetworkProducer,
 478                                 PreSharedKeyExtension.shOnLoadConsumer,
 479                                 PreSharedKeyExtension.shOnLoadAbsence,
 480                                 null, null,
 481                                 PreSharedKeyExtension.shStringizer);
 482 
 483     final int id;
 484     final SSLHandshake handshakeType;
 485     final String name;
 486     final ProtocolVersion[] supportedProtocols;
 487 
 488     /*
 489      * networkProducer: produces outbound handshake data.
 490      *
 491      * onLoadConsumer:  parses inbound data.  It may not be appropriate
 492      *                  to act until all of the message inputs have
 493      *                  been parsed.  (e.g. parsing keyShares and choosing
 494      *                  a local value without having seen the SupportedGroups
 495      *                  extension.)
 496      *
 497      * onLoadAbsence:   if a missing message needs special handling
 498      *                  during the load phase.
 499      *
 500      * onTradeConsumer: act on the parsed message once all inbound data has
 501      *                  been traded and parsed.
 502      *
 503      * onTradeAbsence:  if a missing message needs special handling
 504      *                  during the trade phase.
 505      */
 506     final HandshakeProducer networkProducer;
 507     final ExtensionConsumer onLoadConsumer;
 508     final HandshakeAbsence  onLoadAbsence;
 509     final HandshakeConsumer onTradeConsumer;
 510     final HandshakeAbsence  onTradeAbsence;
 511     final SSLStringizer stringizer;
 512 
 513     // known but unsupported extension
 514     private SSLExtension(int id, String name) {
 515         this.id = id;
 516         this.handshakeType = SSLHandshake.NOT_APPLICABLE;
 517         this.name = name;
 518         this.supportedProtocols = new ProtocolVersion[0];
 519         this.networkProducer = null;
 520         this.onLoadConsumer = null;
 521         this.onLoadAbsence = null;
 522         this.onTradeConsumer = null;
 523         this.onTradeAbsence = null;
 524         this.stringizer = null;
 525     }
 526 
 527     // supported extension
 528     private SSLExtension(int id, String name, SSLHandshake handshakeType,
 529             ProtocolVersion[] supportedProtocols,
 530             HandshakeProducer producer,
 531             ExtensionConsumer onLoadConsumer, HandshakeAbsence onLoadAbsence,
 532             HandshakeConsumer onTradeConsumer, HandshakeAbsence onTradeAbsence,
 533             SSLStringizer stringize) {
 534         this.id = id;
 535         this.handshakeType = handshakeType;
 536         this.name = name;
 537         this.supportedProtocols = supportedProtocols;
 538         this.networkProducer = producer;
 539         this.onLoadConsumer = onLoadConsumer;
 540         this.onLoadAbsence = onLoadAbsence;
 541         this.onTradeConsumer = onTradeConsumer;
 542         this.onTradeAbsence = onTradeAbsence;
 543         this.stringizer = stringize;
 544     }
 545 
 546     static SSLExtension valueOf(SSLHandshake handshakeType, int extensionType) {
 547         for (SSLExtension ext : SSLExtension.values()) {
 548             if (ext.id == extensionType &&
 549                     ext.handshakeType == handshakeType) {
 550                 return ext;
 551             }
 552         }
 553 
 554         return null;
 555     }
 556 
 557     static boolean isConsumable(int extensionType) {
 558         for (SSLExtension ext : SSLExtension.values()) {
 559             if (ext.id == extensionType &&
 560                     ext.onLoadConsumer != null) {
 561                 return true;
 562             }
 563         }
 564 
 565         return false;
 566     }
 567 
 568     public byte[] produce(ConnectionContext context,
 569             HandshakeMessage message) throws IOException {
 570         if (networkProducer != null) {
 571             return networkProducer.produce(context, message);
 572         } else {
 573             throw new UnsupportedOperationException(
 574                     "Not yet supported extension producing.");
 575         }
 576     }
 577 
 578     public void consumeOnLoad(ConnectionContext context,
 579             HandshakeMessage message, ByteBuffer buffer) throws IOException {
 580         if (onLoadConsumer != null) {
 581             onLoadConsumer.consume(context, message, buffer);
 582         } else {
 583             throw new UnsupportedOperationException(
 584                     "Not yet supported extension loading.");
 585         }
 586     }
 587 
 588     public void consumeOnTrade(ConnectionContext context,
 589             HandshakeMessage message) throws IOException {
 590         if (onTradeConsumer != null) {
 591             onTradeConsumer.consume(context, message);
 592         } else {
 593             throw new UnsupportedOperationException(
 594                     "Not yet supported extension processing.");
 595         }
 596     }
 597 
 598     void absentOnLoad(ConnectionContext context,
 599             HandshakeMessage message) throws IOException {
 600         if (onLoadAbsence != null) {
 601             onLoadAbsence.absent(context, message);
 602         } else {
 603             throw new UnsupportedOperationException(
 604                     "Not yet supported extension absence processing.");
 605         }
 606     }
 607 
 608     void absentOnTrade(ConnectionContext context,
 609             HandshakeMessage message) throws IOException {
 610         if (onTradeAbsence != null) {
 611             onTradeAbsence.absent(context, message);
 612         } else {
 613             throw new UnsupportedOperationException(
 614                     "Not yet supported extension absence processing.");
 615         }
 616     }
 617 
 618     public boolean isAvailable(ProtocolVersion protocolVersion) {
 619         for (int i = 0; i < supportedProtocols.length; i++) {
 620             if (supportedProtocols[i] == protocolVersion) {
 621                 return true;
 622             }
 623         }
 624 
 625         return false;
 626     }
 627 
 628     @Override
 629     public String toString() {
 630         return name;
 631     }
 632 
 633     @Override
 634     public String toString(ByteBuffer byteBuffer) {
 635         MessageFormat messageFormat = new MessageFormat(
 636             "\"{0} ({1})\": '{'\n" +
 637             "{2}\n" +
 638             "'}'",
 639             Locale.ENGLISH);
 640 
 641         String extData;
 642         if (stringizer == null) {
 643             HexDumpEncoder hexEncoder = new HexDumpEncoder();
 644             String encoded = hexEncoder.encode(byteBuffer.duplicate());
 645             extData = encoded;
 646         } else {
 647             extData = stringizer.toString(byteBuffer);
 648         }
 649 
 650         Object[] messageFields = {
 651             this.name,
 652             this.id,
 653             Utilities.indent(extData)
 654         };
 655 
 656         return messageFormat.format(messageFields);
 657     }
 658 
 659     //////////////////////////////////////////////////////
 660     // Nested extension, consumer and producer interfaces.
 661 
 662     static interface ExtensionConsumer {
 663         void consume(ConnectionContext context,
 664                 HandshakeMessage message, ByteBuffer buffer) throws IOException;
 665     }
 666 
 667     /**
 668      * A (transparent) specification of extension data.
 669      *
 670      * This interface contains no methods or constants. Its only purpose is to
 671      * group all extension data.  All extension data should implement this
 672      * interface if the data is expected to handle in the following handshake
 673      * processes.
 674      */
 675     static interface SSLExtensionSpec {
 676         // blank
 677     }
 678 
 679     // Default enabled client extensions.
 680     static final class ClientExtensions {
 681         static final Collection<SSLExtension> defaults;
 682 
 683         static {
 684             Collection<SSLExtension> extensions = new LinkedList<>();
 685             for (SSLExtension extension : SSLExtension.values()) {
 686                 if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) {
 687                     extensions.add(extension);
 688                 }
 689             }
 690 
 691             // Switch off SNI extention?
 692             boolean enableExtension =
 693                 Utilities.getBooleanProperty("jsse.enableSNIExtension", true);
 694             if (!enableExtension) {
 695                 extensions.remove(CH_SERVER_NAME);
 696             }
 697 
 698             // To switch off the max_fragment_length extension.
 699             enableExtension =
 700                 Utilities.getBooleanProperty("jsse.enableMFLExtension", false);
 701             if (!enableExtension) {
 702                 extensions.remove(CH_MAX_FRAGMENT_LENGTH);
 703             }
 704 
 705             defaults = Collections.unmodifiableCollection(extensions);
 706         }
 707     }
 708 
 709     // Default enabled server extensions.
 710     static final class ServerExtensions {
 711         static final Collection<SSLExtension> defaults;
 712 
 713         static {
 714             Collection<SSLExtension> extensions = new LinkedList<>();
 715             for (SSLExtension extension : SSLExtension.values()) {
 716                 if (extension.handshakeType != SSLHandshake.NOT_APPLICABLE) {
 717                     extensions.add(extension);
 718                 }
 719             }
 720 
 721             defaults = Collections.unmodifiableCollection(extensions);
 722         }
 723     }
 724 }