SSLLogger.java (was Re: Code Review Request: TLS 1.3 Implementation)
Xuelei Fan
xuelei.fan at oracle.com
Thu Jun 7 00:54:53 UTC 2018
On 6/6/2018 5:46 PM, Weijun Wang wrote:
>
>
>> On Jun 7, 2018, at 8:41 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>>
>>
>> On 6/6/2018 4:21 PM, Weijun Wang wrote:
>>>> On Jun 7, 2018, at 12:27 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>>>
>>>> On 6/6/2018 5:41 AM, Weijun Wang wrote:
>>>>> There are lots of calls like
>>>>> RSAClientKeyExchangeMessage ckem =
>>>>> new RSAClientKeyExchangeMessage(shc, message);
>>>>> if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
>>>>> SSLLogger.fine(
>>>>> "Consuming RSA ClientKeyExchange handshake message", ckem);
>>>>> }
>>>>> which finally calls to
>>>>> String formatted =
>>>>> SSLSimpleFormatter.formatParameters(params);
>>>>> logger.log(level, msg, formatted);
>>>>> Now that msg contains no placeholder likes "{0}", nothing on temporary will be shown.
>>>> I did not catch you here. SSLSimpleFormatter is a package private class (SSLLogger#SSLSimpleFormatter), which does not use placeholder in msg.
>>> I see.
>>> BTW, at the beginning of SSLLogger, there is
>>> String p = GetPropertyAction.privilegedGetProperty("javax.net.debug");
>>> if (p != null) {
>>> if (p.isEmpty()) {
>>> property = "";
>>> logger = System.getLogger("javax.net.ssl");
>>> } else {
>>> Will this "p.isEmpty()" ever happen? I cannot find a place when only SSLLogger.isOn is checked but not SSLLogger.isOn("something").
>> If p.isEmpty(), SSLLogger.isOn("something") always returns true. It means that 'something" (ssl, handshake, etc) is not used to control the debug level any more. Instead, the System.Logger levels (FINE, WARNING, etc) get used instead.
>
> And in this case, what would
>
>>>>> SSLLogger.fine(
>>>>> "Consuming RSA ClientKeyExchange handshake message", ckem);
>
> print out?
>
If Level.DEBUG is enabled, the printout may look like (I use the DH
ClientkeyExchange handshake message as I happen to have the debug log in
hand):
javax.net.ssl|DEBUG|01|main|2018-06-06 17:49:38.624
PDT|DHClientKeyExchange.java:271|Consuming DH ClientKeyExchange
handshake message (
"DH ClientKeyExchange": {
"parameters": {
"dh_Yc": {
0000: 4E 8B 14 6B E7 D6 EB BF 8C 69 C6 03 5D D0 EA 10
N..k.....i..]...
0010: F9 B6 37 89 B5 50 67 3B A0 3B 18 2C EE 99 87 D5
..7..Pg;.;.,....
0020: D8 61 62 D1 5F 97 66 6B 27 03 19 6C 6D DE 91 07
.ab._.fk'..lm...
0030: E1 A8 AC D7 30 55 2C 86 A1 D1 9C 98 BF DF 83 3E
....0U,........>
0040: 34 1F 7C F0 AC 87 BC 5E D4 E9 99 33 2C D0 79 20
4......^...3,.y
0050: B5 66 12 95 84 66 50 24 5D F6 C9 1A D0 18 8C A9
.f...fP$].......
0060: 9A EC E5 59 5C FE 57 31 66 CE BF FD E2 61 4B 5D
...Y\.W1f....aK]
0070: A5 49 94 0B CC 30 BA 0A 16 D9 0A B3 19 EE 58 C7
.I...0........X.
0080: E4 D1 22 9E 1D 9A 43 57 D0 B8 B6 87 02 A0 42 D3
.."...CW......B.
0090: A1 66 EB 04 5F 5F B7 3F 1F B9 1A 23 D1 79 A6 01
.f..__.?...#.y..
00A0: 9F CE 65 EE CD 04 B7 1A 38 2E 2A 7B F3 0E F6 F8
..e.....8.*.....
00B0: 5F D3 8F E5 5E 83 89 FD 97 17 9D C4 81 99 9A AB
_...^...........
00C0: 83 EC E5 C5 68 0A E2 D5 CF D0 70 D9 D5 BE C4 16
....h.....p.....
00D0: 37 E2 2D 86 2C 53 95 C8 D9 EE 9F E4 32 35 DE FE
7.-.,S......25..
00E0: D8 5D 78 BC 6E 2C 98 90 03 0B F4 CF 36 20 6E F1
.]x.n,......6 n.
00F0: F9 3B 05 C1 3E 17 2A 7B 11 39 6D 59 82 A8 61 9C
.;..>.*..9mY..a.
},
}
}
)
Xuelei
More information about the security-dev
mailing list