1 /* 2 * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.io.*; 29 import java.nio.*; 30 import java.security.*; 31 import java.util.*; 32 import java.util.function.BiFunction; 33 34 import javax.crypto.BadPaddingException; 35 36 import javax.net.ssl.*; 37 import javax.net.ssl.SSLEngineResult.*; 38 39 /** 40 * Implementation of an non-blocking SSLEngine. 41 * 42 * *Currently*, the SSLEngine code exists in parallel with the current 43 * SSLSocket. As such, the current implementation is using legacy code 44 * with many of the same abstractions. However, it varies in many 45 * areas, most dramatically in the IO handling. 46 * 47 * There are three main I/O threads that can be existing in parallel: 48 * wrap(), unwrap(), and beginHandshake(). We are encouraging users to 49 * not call multiple instances of wrap or unwrap, because the data could 50 * appear to flow out of the SSLEngine in a non-sequential order. We 51 * take all steps we can to at least make sure the ordering remains 52 * consistent, but once the calls returns, anything can happen. For 53 * example, thread1 and thread2 both call wrap, thread1 gets the first 54 * packet, thread2 gets the second packet, but thread2 gets control back 55 * before thread1, and sends the data. The receiving side would see an 56 * out-of-order error. 57 * 58 * @author Brad Wetmore 59 */ 60 public final class SSLEngineImpl extends SSLEngine { 61 62 // 63 // Fields and global comments 64 // 65 66 /* 67 * There's a state machine associated with each connection, which 68 * among other roles serves to negotiate session changes. 69 * 70 * - START with constructor, until the TCP connection's around. 71 * - HANDSHAKE picks session parameters before allowing traffic. 72 * There are many substates due to sequencing requirements 73 * for handshake messages. 74 * - DATA may be transmitted. 75 * - RENEGOTIATE state allows concurrent data and handshaking 76 * traffic ("same" substates as HANDSHAKE), and terminates 77 * in selection of new session (and connection) parameters 78 * - ERROR state immediately precedes abortive disconnect. 79 * - CLOSED when one side closes down, used to start the shutdown 80 * process. SSL connection objects are not reused. 81 * 82 * State affects what SSL record types may legally be sent: 83 * 84 * - Handshake ... only in HANDSHAKE and RENEGOTIATE states 85 * - App Data ... only in DATA and RENEGOTIATE states 86 * - Alert ... in HANDSHAKE, DATA, RENEGOTIATE 87 * 88 * Re what may be received: same as what may be sent, except that 89 * HandshakeRequest handshaking messages can come from servers even 90 * in the application data state, to request entry to RENEGOTIATE. 91 * 92 * The state machine within HANDSHAKE and RENEGOTIATE states controls 93 * the pending session, not the connection state, until the change 94 * cipher spec and "Finished" handshake messages are processed and 95 * make the "new" session become the current one. 96 * 97 * NOTE: details of the SMs always need to be nailed down better. 98 * The text above illustrates the core ideas. 99 * 100 * +---->-------+------>--------->-------+ 101 * | | | 102 * <-----< ^ ^ <-----< | 103 *START>----->HANDSHAKE>----->DATA>----->RENEGOTIATE | 104 * v v v | 105 * | | | | 106 * +------------+---------------+ | 107 * | | 108 * v | 109 * ERROR>------>----->CLOSED<--------<----+ 110 * 111 * ALSO, note that the purpose of handshaking (renegotiation is 112 * included) is to assign a different, and perhaps new, session to 113 * the connection. The SSLv3 spec is a bit confusing on that new 114 * protocol feature. 115 */ 116 private int connectionState; 117 118 private static final int cs_START = 0; 119 private static final int cs_HANDSHAKE = 1; 120 private static final int cs_DATA = 2; 121 private static final int cs_RENEGOTIATE = 3; 122 private static final int cs_ERROR = 4; 123 private static final int cs_CLOSED = 6; 124 125 /* 126 * Once we're in state cs_CLOSED, we can continue to 127 * wrap/unwrap until we finish sending/receiving the messages 128 * for close_notify. 129 */ 130 private boolean inboundDone = false; 131 private boolean outboundDone = false; 132 133 /* 134 * The authentication context holds all information used to establish 135 * who this end of the connection is (certificate chains, private keys, 136 * etc) and who is trusted (e.g. as CAs or websites). 137 */ 138 private SSLContextImpl sslContext; 139 140 /* 141 * This connection is one of (potentially) many associated with 142 * any given session. The output of the handshake protocol is a 143 * new session ... although all the protocol description talks 144 * about changing the cipher spec (and it does change), in fact 145 * that's incidental since it's done by changing everything that 146 * is associated with a session at the same time. (TLS/IETF may 147 * change that to add client authentication w/o new key exchg.) 148 */ 149 private Handshaker handshaker; 150 private SSLSessionImpl sess; 151 private volatile SSLSessionImpl handshakeSession; 152 153 /* 154 * Flag indicating if the next record we receive MUST be a Finished 155 * message. Temporarily set during the handshake to ensure that 156 * a change cipher spec message is followed by a finished message. 157 */ 158 private boolean expectingFinished; 159 160 161 /* 162 * If someone tries to closeInbound() (say at End-Of-Stream) 163 * our engine having received a close_notify, we need to 164 * notify the app that we may have a truncation attack underway. 165 */ 166 private boolean recvCN; 167 168 /* 169 * For improved diagnostics, we detail connection closure 170 * If the engine is closed (connectionState >= cs_ERROR), 171 * closeReason != null indicates if the engine was closed 172 * because of an error or because or normal shutdown. 173 */ 174 private SSLException closeReason; 175 176 /* 177 * Per-connection private state that doesn't change when the 178 * session is changed. 179 */ 180 private ClientAuthType doClientAuth = 181 ClientAuthType.CLIENT_AUTH_NONE; 182 private boolean enableSessionCreation = true; 183 InputRecord inputRecord; 184 OutputRecord outputRecord; 185 private AccessControlContext acc; 186 187 // The cipher suites enabled for use on this connection. 188 private CipherSuiteList enabledCipherSuites; 189 190 // the endpoint identification protocol 191 private String identificationProtocol = null; 192 193 // The cryptographic algorithm constraints 194 private AlgorithmConstraints algorithmConstraints = null; 195 196 // The server name indication and matchers 197 List<SNIServerName> serverNames = 198 Collections.<SNIServerName>emptyList(); 199 Collection<SNIMatcher> sniMatchers = 200 Collections.<SNIMatcher>emptyList(); 201 202 // Is the use of Certificate Authorities TLS extension enabled? 203 private boolean useCertificateAuthorities = false; 204 205 // Configured application protocol values 206 String[] applicationProtocols = new String[0]; 207 208 // Negotiated application protocol value. 209 // 210 // The value under negotiation will be obtained from handshaker. 211 String applicationProtocol = null; 212 213 // Callback function that selects the application protocol value during 214 // the SSL/TLS handshake. 215 BiFunction<SSLEngine, List<String>, String> applicationProtocolSelector; 216 217 // Have we been told whether we're client or server? 218 private boolean serverModeSet = false; 219 private boolean roleIsServer; 220 221 /* 222 * The protocol versions enabled for use on this connection. 223 * 224 * Note: we support a pseudo protocol called SSLv2Hello which when 225 * set will result in an SSL v2 Hello being sent with SSL (version 3.0) 226 * or TLS (version 3.1, 3.2, etc.) version info. 227 */ 228 private ProtocolList enabledProtocols; 229 230 /* 231 * The SSL version associated with this connection. 232 */ 233 private ProtocolVersion protocolVersion; 234 235 /* 236 * security parameters for secure renegotiation. 237 */ 238 private boolean secureRenegotiation; 239 private byte[] clientVerifyData; 240 private byte[] serverVerifyData; 241 242 /* 243 * READ ME * READ ME * READ ME * READ ME * READ ME * READ ME * 244 * IMPORTANT STUFF TO UNDERSTANDING THE SYNCHRONIZATION ISSUES. 245 * READ ME * READ ME * READ ME * READ ME * READ ME * READ ME * 246 * 247 * There are several locks here. 248 * 249 * The primary lock is the per-instance lock used by 250 * synchronized(this) and the synchronized methods. It controls all 251 * access to things such as the connection state and variables which 252 * affect handshaking. If we are inside a synchronized method, we 253 * can access the state directly, otherwise, we must use the 254 * synchronized equivalents. 255 * 256 * Note that we must never acquire the <code>this</code> lock after 257 * <code>writeLock</code> or run the risk of deadlock. 258 * 259 * Grab some coffee, and be careful with any code changes. 260 */ 261 private Object wrapLock; 262 private Object unwrapLock; 263 Object writeLock; 264 265 /* 266 * Whether local cipher suites preference in server side should be 267 * honored during handshaking? 268 */ 269 private boolean preferLocalCipherSuites = false; 270 271 /* 272 * whether DTLS handshake retransmissions should be enabled? 273 */ 274 private boolean enableRetransmissions = false; 275 276 /* 277 * The maximum expected network packet size for SSL/TLS/DTLS records. 278 */ 279 private int maximumPacketSize = 0; 280 281 /* 282 * Is this an instance for Datagram Transport Layer Security (DTLS)? 283 */ 284 private final boolean isDTLS; 285 286 /* 287 * Class and subclass dynamic debugging support 288 */ 289 private static final Debug debug = Debug.getInstance("ssl"); 290 291 // 292 // Initialization/Constructors 293 // 294 295 /** 296 * Constructor for an SSLEngine from SSLContext, without 297 * host/port hints. This Engine will not be able to cache 298 * sessions, but must renegotiate everything by hand. 299 */ 300 SSLEngineImpl(SSLContextImpl ctx, boolean isDTLS) { 301 super(); 302 this.isDTLS = isDTLS; 303 init(ctx, isDTLS); 304 } 305 306 /** 307 * Constructor for an SSLEngine from SSLContext. 308 */ 309 SSLEngineImpl(SSLContextImpl ctx, String host, int port, boolean isDTLS) { 310 super(host, port); 311 this.isDTLS = isDTLS; 312 init(ctx, isDTLS); 313 } 314 315 /** 316 * Initializes the Engine 317 */ 318 private void init(SSLContextImpl ctx, boolean isDTLS) { 319 if (debug != null && Debug.isOn("ssl")) { 320 System.out.println("Using SSLEngineImpl."); 321 } 322 323 sslContext = ctx; 324 sess = SSLSessionImpl.nullSession; 325 handshakeSession = null; 326 protocolVersion = isDTLS ? 327 ProtocolVersion.DEFAULT_DTLS : ProtocolVersion.DEFAULT_TLS; 328 329 /* 330 * State is cs_START until we initialize the handshaker. 331 * 332 * Apps using SSLEngine are probably going to be server. 333 * Somewhat arbitrary choice. 334 */ 335 roleIsServer = true; 336 connectionState = cs_START; 337 338 // default server name indication 339 serverNames = 340 Utilities.addToSNIServerNameList(serverNames, getPeerHost()); 341 342 // default security parameters for secure renegotiation 343 secureRenegotiation = false; 344 clientVerifyData = new byte[0]; 345 serverVerifyData = new byte[0]; 346 347 enabledCipherSuites = 348 sslContext.getDefaultCipherSuiteList(roleIsServer); 349 enabledProtocols = 350 sslContext.getDefaultProtocolList(roleIsServer); 351 352 wrapLock = new Object(); 353 unwrapLock = new Object(); 354 writeLock = new Object(); 355 356 /* 357 * Save the Access Control Context. This will be used later 358 * for a couple of things, including providing a context to 359 * run tasks in, and for determining which credentials 360 * to use for Subject based (JAAS) decisions 361 */ 362 acc = AccessController.getContext(); 363 364 /* 365 * All outbound application data goes through this OutputRecord, 366 * other data goes through their respective records created 367 * elsewhere. All inbound data goes through this one 368 * input record. 369 */ 370 if (isDTLS) { 371 enableRetransmissions = true; 372 373 // SSLEngine needs no record local buffer 374 outputRecord = new DTLSOutputRecord(); 375 inputRecord = new DTLSInputRecord(); 376 377 } else { 378 outputRecord = new SSLEngineOutputRecord(); 379 inputRecord = new SSLEngineInputRecord(); 380 } 381 382 maximumPacketSize = outputRecord.getMaxPacketSize(); 383 } 384 385 /** 386 * Initialize the handshaker object. This means: 387 * 388 * . if a handshake is already in progress (state is cs_HANDSHAKE 389 * or cs_RENEGOTIATE), do nothing and return 390 * 391 * . if the engine is already closed, throw an Exception (internal error) 392 * 393 * . otherwise (cs_START or cs_DATA), create the appropriate handshaker 394 * object and advance the connection state (to cs_HANDSHAKE or 395 * cs_RENEGOTIATE, respectively). 396 * 397 * This method is called right after a new engine is created, when 398 * starting renegotiation, or when changing client/server mode of the 399 * engine. 400 */ 401 private void initHandshaker() { 402 switch (connectionState) { 403 404 // 405 // Starting a new handshake. 406 // 407 case cs_START: 408 case cs_DATA: 409 break; 410 411 // 412 // We're already in the middle of a handshake. 413 // 414 case cs_HANDSHAKE: 415 case cs_RENEGOTIATE: 416 return; 417 418 // 419 // Anyone allowed to call this routine is required to 420 // do so ONLY if the connection state is reasonable... 421 // 422 default: 423 throw new IllegalStateException("Internal error"); 424 } 425 426 // state is either cs_START or cs_DATA 427 if (connectionState == cs_START) { 428 connectionState = cs_HANDSHAKE; 429 } else { // cs_DATA 430 connectionState = cs_RENEGOTIATE; 431 } 432 433 if (roleIsServer) { 434 handshaker = new ServerHandshaker(this, sslContext, 435 enabledProtocols, doClientAuth, 436 protocolVersion, connectionState == cs_HANDSHAKE, 437 secureRenegotiation, clientVerifyData, serverVerifyData, 438 isDTLS); 439 handshaker.setSNIMatchers(sniMatchers); 440 handshaker.setUseCipherSuitesOrder(preferLocalCipherSuites); 441 } else { 442 handshaker = new ClientHandshaker(this, sslContext, 443 enabledProtocols, 444 protocolVersion, connectionState == cs_HANDSHAKE, 445 secureRenegotiation, clientVerifyData, serverVerifyData, 446 isDTLS); 447 handshaker.setSNIServerNames(serverNames); 448 } 449 handshaker.setMaximumPacketSize(maximumPacketSize); 450 handshaker.setEnabledCipherSuites(enabledCipherSuites); 451 handshaker.setEnableSessionCreation(enableSessionCreation); 452 handshaker.setApplicationProtocols(applicationProtocols); 453 handshaker.setApplicationProtocolSelectorSSLEngine( 454 applicationProtocolSelector); 455 456 outputRecord.initHandshaker(); 457 } 458 459 /* 460 * Report the current status of the Handshaker 461 */ 462 private HandshakeStatus getHSStatus(HandshakeStatus hss) { 463 464 if (hss != null) { 465 return hss; 466 } 467 468 synchronized (this) { 469 if (!outputRecord.isEmpty()) { 470 // If no handshaking, special case to wrap alters. 471 return HandshakeStatus.NEED_WRAP; 472 } else if (handshaker != null) { 473 if (handshaker.taskOutstanding()) { 474 return HandshakeStatus.NEED_TASK; 475 } else if (isDTLS && !inputRecord.isEmpty()) { 476 return HandshakeStatus.NEED_UNWRAP_AGAIN; 477 } else { 478 return HandshakeStatus.NEED_UNWRAP; 479 } 480 } else if (connectionState == cs_CLOSED) { 481 /* 482 * Special case where we're closing, but 483 * still need the close_notify before we 484 * can officially be closed. 485 * 486 * Note isOutboundDone is taken care of by 487 * hasOutboundData() above. 488 */ 489 if (!isInboundDone()) { 490 return HandshakeStatus.NEED_UNWRAP; 491 } // else not handshaking 492 } 493 494 return HandshakeStatus.NOT_HANDSHAKING; 495 } 496 } 497 498 private synchronized void checkTaskThrown() throws SSLException { 499 if (handshaker != null) { 500 handshaker.checkThrown(); 501 } 502 } 503 504 // 505 // Handshaking and connection state code 506 // 507 508 /* 509 * Provides "this" synchronization for connection state. 510 * Otherwise, you can access it directly. 511 */ 512 private synchronized int getConnectionState() { 513 return connectionState; 514 } 515 516 private synchronized void setConnectionState(int state) { 517 connectionState = state; 518 } 519 520 /* 521 * Get the Access Control Context. 522 * 523 * Used for a known context to 524 * run tasks in, and for determining which credentials 525 * to use for Subject-based (JAAS) decisions. 526 */ 527 AccessControlContext getAcc() { 528 return acc; 529 } 530 531 /* 532 * Is a handshake currently underway? 533 */ 534 @Override 535 public SSLEngineResult.HandshakeStatus getHandshakeStatus() { 536 return getHSStatus(null); 537 } 538 539 /* 540 * used by Handshaker to change the active write cipher, follows 541 * the output of the CCS message. 542 * 543 * Also synchronized on "this" from readRecord/delegatedTask. 544 */ 545 void changeWriteCiphers() throws IOException { 546 547 Authenticator writeAuthenticator; 548 CipherBox writeCipher; 549 try { 550 writeCipher = handshaker.newWriteCipher(); 551 writeAuthenticator = handshaker.newWriteAuthenticator(); 552 } catch (GeneralSecurityException e) { 553 // "can't happen" 554 throw new SSLException("Algorithm missing: ", e); 555 } 556 557 outputRecord.changeWriteCiphers(writeAuthenticator, writeCipher); 558 } 559 560 /* 561 * Updates the SSL version associated with this connection. 562 * Called from Handshaker once it has determined the negotiated version. 563 */ 564 synchronized void setVersion(ProtocolVersion protocolVersion) { 565 this.protocolVersion = protocolVersion; 566 outputRecord.setVersion(protocolVersion); 567 } 568 569 570 /** 571 * Kickstart the handshake if it is not already in progress. 572 * This means: 573 * 574 * . if handshaking is already underway, do nothing and return 575 * 576 * . if the engine is not connected or already closed, throw an 577 * Exception. 578 * 579 * . otherwise, call initHandshake() to initialize the handshaker 580 * object and progress the state. Then, send the initial 581 * handshaking message if appropriate (always on clients and 582 * on servers when renegotiating). 583 */ 584 private synchronized void kickstartHandshake() throws IOException { 585 switch (connectionState) { 586 587 case cs_START: 588 if (!serverModeSet) { 589 throw new IllegalStateException( 590 "Client/Server mode not yet set."); 591 } 592 initHandshaker(); 593 break; 594 595 case cs_HANDSHAKE: 596 // handshaker already setup, proceed 597 break; 598 599 case cs_DATA: 600 if (!secureRenegotiation && !Handshaker.allowUnsafeRenegotiation) { 601 throw new SSLHandshakeException( 602 "Insecure renegotiation is not allowed"); 603 } 604 605 if (!secureRenegotiation) { 606 if (debug != null && Debug.isOn("handshake")) { 607 System.out.println( 608 "Warning: Using insecure renegotiation"); 609 } 610 } 611 612 // initialize the handshaker, move to cs_RENEGOTIATE 613 initHandshaker(); 614 break; 615 616 case cs_RENEGOTIATE: 617 // handshaking already in progress, return 618 return; 619 620 default: 621 // cs_ERROR/cs_CLOSED 622 throw new SSLException("SSLEngine is closing/closed"); 623 } 624 625 // 626 // Kickstart handshake state machine if we need to ... 627 // 628 if (!handshaker.activated()) { 629 // prior to handshaking, activate the handshake 630 if (connectionState == cs_RENEGOTIATE) { 631 // don't use SSLv2Hello when renegotiating 632 handshaker.activate(protocolVersion); 633 } else { 634 handshaker.activate(null); 635 } 636 637 if (handshaker instanceof ClientHandshaker) { 638 // send client hello 639 handshaker.kickstart(); 640 } else { // instanceof ServerHandshaker 641 if (connectionState == cs_HANDSHAKE) { 642 // initial handshake, no kickstart message to send 643 } else { 644 // we want to renegotiate, send hello request 645 handshaker.kickstart(); 646 } 647 } 648 } 649 } 650 651 /* 652 * Start a SSLEngine handshake 653 */ 654 @Override 655 public void beginHandshake() throws SSLException { 656 try { 657 kickstartHandshake(); 658 } catch (Exception e) { 659 fatal(Alerts.alert_handshake_failure, 660 "Couldn't kickstart handshaking", e); 661 } 662 } 663 664 665 // 666 // Read/unwrap side 667 // 668 669 670 /** 671 * Unwraps a buffer. Does a variety of checks before grabbing 672 * the unwrapLock, which blocks multiple unwraps from occurring. 673 */ 674 @Override 675 public SSLEngineResult unwrap(ByteBuffer netData, ByteBuffer[] appData, 676 int offset, int length) throws SSLException { 677 678 // check engine parameters 679 checkEngineParas(netData, appData, offset, length, false); 680 681 try { 682 synchronized (unwrapLock) { 683 return readNetRecord(netData, appData, offset, length); 684 } 685 } catch (SSLProtocolException spe) { 686 // may be an unexpected handshake message 687 fatal(Alerts.alert_unexpected_message, spe.getMessage(), spe); 688 return null; // make compiler happy 689 } catch (Exception e) { 690 /* 691 * Don't reset position so it looks like we didn't 692 * consume anything. We did consume something, and it 693 * got us into this situation, so report that much back. 694 * Our days of consuming are now over anyway. 695 */ 696 fatal(Alerts.alert_internal_error, 697 "problem unwrapping net record", e); 698 return null; // make compiler happy 699 } 700 } 701 702 private static void checkEngineParas(ByteBuffer netData, 703 ByteBuffer[] appData, int offset, int len, boolean isForWrap) { 704 705 if ((netData == null) || (appData == null)) { 706 throw new IllegalArgumentException("src/dst is null"); 707 } 708 709 if ((offset < 0) || (len < 0) || (offset > appData.length - len)) { 710 throw new IndexOutOfBoundsException(); 711 } 712 713 /* 714 * If wrapping, make sure the destination bufffer is writable. 715 */ 716 if (isForWrap && netData.isReadOnly()) { 717 throw new ReadOnlyBufferException(); 718 } 719 720 for (int i = offset; i < offset + len; i++) { 721 if (appData[i] == null) { 722 throw new IllegalArgumentException( 723 "appData[" + i + "] == null"); 724 } 725 726 /* 727 * If unwrapping, make sure the destination bufffers are writable. 728 */ 729 if (!isForWrap && appData[i].isReadOnly()) { 730 throw new ReadOnlyBufferException(); 731 } 732 } 733 } 734 735 /* 736 * Makes additional checks for unwrap, but this time more 737 * specific to this packet and the current state of the machine. 738 */ 739 private SSLEngineResult readNetRecord(ByteBuffer netData, 740 ByteBuffer[] appData, int offset, int length) throws IOException { 741 742 Status status = null; 743 HandshakeStatus hsStatus = null; 744 745 /* 746 * See if the handshaker needs to report back some SSLException. 747 */ 748 checkTaskThrown(); 749 750 /* 751 * Check if we are closing/closed. 752 */ 753 if (isInboundDone()) { 754 return new SSLEngineResult(Status.CLOSED, getHSStatus(null), 0, 0); 755 } 756 757 /* 758 * If we're still in cs_HANDSHAKE, make sure it's been 759 * started. 760 */ 761 synchronized (this) { 762 if ((connectionState == cs_HANDSHAKE) || 763 (connectionState == cs_START)) { 764 kickstartHandshake(); 765 766 /* 767 * If there's still outbound data to flush, we 768 * can return without trying to unwrap anything. 769 */ 770 hsStatus = getHSStatus(null); 771 772 if (hsStatus == HandshakeStatus.NEED_WRAP) { 773 return new SSLEngineResult(Status.OK, hsStatus, 0, 0); 774 } 775 } 776 } 777 778 /* 779 * Grab a copy of this if it doesn't already exist, 780 * and we can use it several places before anything major 781 * happens on this side. Races aren't critical 782 * here. 783 */ 784 if (hsStatus == null) { 785 hsStatus = getHSStatus(null); 786 } 787 788 /* 789 * If we have a task outstanding, this *MUST* be done before 790 * doing any more unwrapping, because we could be in the middle 791 * of receiving a handshake message, for example, a finished 792 * message which would change the ciphers. 793 */ 794 if (hsStatus == HandshakeStatus.NEED_TASK) { 795 return new SSLEngineResult(Status.OK, hsStatus, 0, 0); 796 } 797 798 if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP_AGAIN) { 799 Plaintext plainText = null; 800 try { 801 plainText = readRecord(null, null, 0, 0); 802 } catch (SSLException e) { 803 throw e; 804 } catch (IOException e) { 805 throw new SSLException("readRecord", e); 806 } 807 808 status = (isInboundDone() ? Status.CLOSED : Status.OK); 809 hsStatus = getHSStatus(plainText.handshakeStatus); 810 811 return new SSLEngineResult( 812 status, hsStatus, 0, 0, plainText.recordSN); 813 } 814 815 /* 816 * Check the packet to make sure enough is here. 817 * This will also indirectly check for 0 len packets. 818 */ 819 int packetLen = 0; 820 try { 821 packetLen = inputRecord.bytesInCompletePacket(netData); 822 } catch (SSLException ssle) { 823 // Need to discard invalid records for DTLS protocols. 824 if (isDTLS) { 825 if (debug != null && Debug.isOn("ssl")) { 826 System.out.println( 827 Thread.currentThread().getName() + 828 " discard invalid record: " + ssle); 829 } 830 831 // invalid, discard the entire data [section 4.1.2.7, RFC 6347] 832 int deltaNet = netData.remaining(); 833 netData.position(netData.limit()); 834 835 status = (isInboundDone() ? Status.CLOSED : Status.OK); 836 hsStatus = getHSStatus(hsStatus); 837 838 return new SSLEngineResult(status, hsStatus, deltaNet, 0, -1L); 839 } else { 840 throw ssle; 841 } 842 } 843 844 // Is this packet bigger than SSL/TLS normally allows? 845 if (packetLen > sess.getPacketBufferSize()) { 846 int largestRecordSize = isDTLS ? 847 DTLSRecord.maxRecordSize : SSLRecord.maxLargeRecordSize; 848 if ((packetLen <= largestRecordSize) && !isDTLS) { 849 // Expand the expected maximum packet/application buffer 850 // sizes. 851 // 852 // Only apply to SSL/TLS protocols. 853 854 // Old behavior: shall we honor the System Property 855 // "jsse.SSLEngine.acceptLargeFragments" if it is "false"? 856 sess.expandBufferSizes(); 857 } 858 859 // check the packet again 860 largestRecordSize = sess.getPacketBufferSize(); 861 if (packetLen > largestRecordSize) { 862 throw new SSLProtocolException( 863 "Input record too big: max = " + 864 largestRecordSize + " len = " + packetLen); 865 } 866 } 867 868 int netPos = netData.position(); 869 int appRemains = 0; 870 for (int i = offset; i < offset + length; i++) { 871 if (appData[i] == null) { 872 throw new IllegalArgumentException( 873 "appData[" + i + "] == null"); 874 } 875 appRemains += appData[i].remaining(); 876 } 877 878 /* 879 * Check for OVERFLOW. 880 * 881 * Delay enforcing the application buffer free space requirement 882 * until after the initial handshaking. 883 */ 884 // synchronize connectionState? 885 if ((connectionState == cs_DATA) || 886 (connectionState == cs_RENEGOTIATE)) { 887 888 int FragLen = inputRecord.estimateFragmentSize(packetLen); 889 if (FragLen > appRemains) { 890 return new SSLEngineResult( 891 Status.BUFFER_OVERFLOW, hsStatus, 0, 0); 892 } 893 } 894 895 // check for UNDERFLOW. 896 if ((packetLen == -1) || (netData.remaining() < packetLen)) { 897 return new SSLEngineResult(Status.BUFFER_UNDERFLOW, hsStatus, 0, 0); 898 } 899 900 /* 901 * We're now ready to actually do the read. 902 */ 903 Plaintext plainText = null; 904 try { 905 plainText = readRecord(netData, appData, offset, length); 906 } catch (SSLException e) { 907 throw e; 908 } catch (IOException e) { 909 throw new SSLException("readRecord", e); 910 } 911 912 /* 913 * Check the various condition that we could be reporting. 914 * 915 * It's *possible* something might have happened between the 916 * above and now, but it was better to minimally lock "this" 917 * during the read process. We'll return the current 918 * status, which is more representative of the current state. 919 * 920 * status above should cover: FINISHED, NEED_TASK 921 */ 922 status = (isInboundDone() ? Status.CLOSED : Status.OK); 923 hsStatus = getHSStatus(plainText.handshakeStatus); 924 925 int deltaNet = netData.position() - netPos; 926 int deltaApp = appRemains; 927 for (int i = offset; i < offset + length; i++) { 928 deltaApp -= appData[i].remaining(); 929 } 930 931 return new SSLEngineResult( 932 status, hsStatus, deltaNet, deltaApp, plainText.recordSN); 933 } 934 935 // the caller have synchronized readLock 936 void expectingFinishFlight() { 937 inputRecord.expectingFinishFlight(); 938 } 939 940 /* 941 * Actually do the read record processing. 942 * 943 * Returns a Status if it can make specific determinations 944 * of the engine state. In particular, we need to signal 945 * that a handshake just completed. 946 * 947 * It would be nice to be symmetrical with the write side and move 948 * the majority of this to SSLInputRecord, but there's too much 949 * SSLEngine state to do that cleanly. It must still live here. 950 */ 951 private Plaintext readRecord(ByteBuffer netData, 952 ByteBuffer[] appData, int offset, int length) throws IOException { 953 954 /* 955 * The various operations will return new sliced BB's, 956 * this will avoid having to worry about positions and 957 * limits in the netBB. 958 */ 959 Plaintext plainText = null; 960 961 if (getConnectionState() == cs_ERROR) { 962 return Plaintext.PLAINTEXT_NULL; 963 } 964 965 /* 966 * Read a record ... maybe emitting an alert if we get a 967 * comprehensible but unsupported "hello" message during 968 * format checking (e.g. V2). 969 */ 970 try { 971 if (isDTLS) { 972 // Don't process the incoming record until all of the 973 // buffered records get handled. 974 plainText = inputRecord.acquirePlaintext(); 975 } 976 977 if ((!isDTLS || plainText == null) && netData != null) { 978 plainText = inputRecord.decode(netData); 979 } 980 } catch (UnsupportedOperationException unsoe) { // SSLv2Hello 981 // Hack code to deliver SSLv2 error message for SSL/TLS connections. 982 if (!isDTLS) { 983 outputRecord.encodeV2NoCipher(); 984 } 985 986 fatal(Alerts.alert_unexpected_message, unsoe); 987 } catch (BadPaddingException e) { 988 /* 989 * The basic SSLv3 record protection involves (optional) 990 * encryption for privacy, and an integrity check ensuring 991 * data origin authentication. We do them both here, and 992 * throw a fatal alert if the integrity check fails. 993 */ 994 byte alertType = (connectionState != cs_DATA) ? 995 Alerts.alert_handshake_failure : 996 Alerts.alert_bad_record_mac; 997 fatal(alertType, e.getMessage(), e); 998 } catch (SSLHandshakeException she) { 999 // may be record sequence number overflow 1000 fatal(Alerts.alert_handshake_failure, she); 1001 } catch (IOException ioe) { 1002 fatal(Alerts.alert_unexpected_message, ioe); 1003 } 1004 1005 // plainText should never be null for TLS protocols 1006 HandshakeStatus hsStatus = null; 1007 if (plainText == Plaintext.PLAINTEXT_NULL) { 1008 // Only happens for DTLS protocols. 1009 // 1010 // Received a retransmitted flight, and need to retransmit the 1011 // previous delivered handshake flight messages. 1012 if (enableRetransmissions) { 1013 if (debug != null && Debug.isOn("verbose")) { 1014 Debug.log( 1015 "Retransmit the previous handshake flight messages."); 1016 } 1017 1018 synchronized (this) { 1019 outputRecord.launchRetransmission(); 1020 } 1021 } // Otherwise, discard the retransmitted flight. 1022 } else if (!isDTLS || plainText != null) { 1023 hsStatus = processInputRecord(plainText, appData, offset, length); 1024 } 1025 1026 if (hsStatus == null) { 1027 hsStatus = getHSStatus(null); 1028 } 1029 1030 if (plainText == null) { 1031 plainText = Plaintext.PLAINTEXT_NULL; 1032 } 1033 plainText.handshakeStatus = hsStatus; 1034 1035 return plainText; 1036 } 1037 1038 /* 1039 * Process the record. 1040 */ 1041 private synchronized HandshakeStatus processInputRecord( 1042 Plaintext plainText, 1043 ByteBuffer[] appData, int offset, int length) throws IOException { 1044 1045 HandshakeStatus hsStatus = null; 1046 switch (plainText.contentType) { 1047 case Record.ct_handshake: 1048 /* 1049 * Handshake messages always go to a pending session 1050 * handshaker ... if there isn't one, create one. This 1051 * must work asynchronously, for renegotiation. 1052 * 1053 * NOTE that handshaking will either resume a session 1054 * which was in the cache (and which might have other 1055 * connections in it already), or else will start a new 1056 * session (new keys exchanged) with just this connection 1057 * in it. 1058 */ 1059 initHandshaker(); 1060 if (!handshaker.activated()) { 1061 // prior to handshaking, activate the handshake 1062 if (connectionState == cs_RENEGOTIATE) { 1063 // don't use SSLv2Hello when renegotiating 1064 handshaker.activate(protocolVersion); 1065 } else { 1066 handshaker.activate(null); 1067 } 1068 } 1069 1070 /* 1071 * process the handshake record ... may contain just 1072 * a partial handshake message or multiple messages. 1073 * 1074 * The handshaker state machine will ensure that it's 1075 * a finished message. 1076 */ 1077 handshaker.processRecord(plainText.fragment, expectingFinished); 1078 expectingFinished = false; 1079 1080 if (handshaker.invalidated) { 1081 finishHandshake(); 1082 1083 // if state is cs_RENEGOTIATE, revert it to cs_DATA 1084 if (connectionState == cs_RENEGOTIATE) { 1085 connectionState = cs_DATA; 1086 } 1087 } else if (handshaker.isDone()) { 1088 // reset the parameters for secure renegotiation. 1089 secureRenegotiation = 1090 handshaker.isSecureRenegotiation(); 1091 clientVerifyData = handshaker.getClientVerifyData(); 1092 serverVerifyData = handshaker.getServerVerifyData(); 1093 // set connection ALPN value 1094 applicationProtocol = 1095 handshaker.getHandshakeApplicationProtocol(); 1096 1097 sess = handshaker.getSession(); 1098 handshakeSession = null; 1099 if (outputRecord.isEmpty()) { 1100 hsStatus = finishHandshake(); 1101 connectionState = cs_DATA; 1102 } 1103 1104 // No handshakeListeners here. That's a 1105 // SSLSocket thing. 1106 } else if (handshaker.taskOutstanding()) { 1107 hsStatus = HandshakeStatus.NEED_TASK; 1108 } 1109 break; 1110 1111 case Record.ct_application_data: 1112 // Pass this right back up to the application. 1113 if ((connectionState != cs_DATA) 1114 && (connectionState != cs_RENEGOTIATE) 1115 && (connectionState != cs_CLOSED)) { 1116 throw new SSLProtocolException( 1117 "Data received in non-data state: " + 1118 connectionState); 1119 } 1120 1121 if (expectingFinished) { 1122 throw new SSLProtocolException 1123 ("Expecting finished message, received data"); 1124 } 1125 1126 if (!inboundDone) { 1127 ByteBuffer fragment = plainText.fragment; 1128 int remains = fragment.remaining(); 1129 1130 // Should have enough room in appData. 1131 for (int i = offset; 1132 ((i < (offset + length)) && (remains > 0)); i++) { 1133 int amount = Math.min(appData[i].remaining(), remains); 1134 fragment.limit(fragment.position() + amount); 1135 appData[i].put(fragment); 1136 remains -= amount; 1137 } 1138 } 1139 1140 break; 1141 1142 case Record.ct_alert: 1143 recvAlert(plainText.fragment); 1144 break; 1145 1146 case Record.ct_change_cipher_spec: 1147 if ((connectionState != cs_HANDSHAKE 1148 && connectionState != cs_RENEGOTIATE)) { 1149 // For the CCS message arriving in the wrong state 1150 fatal(Alerts.alert_unexpected_message, 1151 "illegal change cipher spec msg, conn state = " 1152 + connectionState); 1153 } else if (plainText.fragment.remaining() != 1 1154 || plainText.fragment.get() != 1) { 1155 // For structural/content issues with the CCS 1156 fatal(Alerts.alert_unexpected_message, 1157 "Malformed change cipher spec msg"); 1158 } 1159 1160 // 1161 // The first message after a change_cipher_spec 1162 // record MUST be a "Finished" handshake record, 1163 // else it's a protocol violation. We force this 1164 // to be checked by a minor tweak to the state 1165 // machine. 1166 // 1167 handshaker.receiveChangeCipherSpec(); 1168 1169 CipherBox readCipher; 1170 Authenticator readAuthenticator; 1171 try { 1172 readCipher = handshaker.newReadCipher(); 1173 readAuthenticator = handshaker.newReadAuthenticator(); 1174 } catch (GeneralSecurityException e) { 1175 // can't happen 1176 throw new SSLException("Algorithm missing: ", e); 1177 } 1178 inputRecord.changeReadCiphers(readAuthenticator, readCipher); 1179 1180 // next message MUST be a finished message 1181 expectingFinished = true; 1182 break; 1183 1184 default: 1185 // 1186 // TLS requires that unrecognized records be ignored. 1187 // 1188 if (debug != null && Debug.isOn("ssl")) { 1189 System.out.println(Thread.currentThread().getName() + 1190 ", Received record type: " + plainText.contentType); 1191 } 1192 break; 1193 } // switch 1194 1195 /* 1196 * We only need to check the sequence number state for 1197 * non-handshaking record. 1198 * 1199 * Note that in order to maintain the handshake status 1200 * properly, we check the sequence number after the last 1201 * record reading process. As we request renegotiation 1202 * or close the connection for wrapped sequence number 1203 * when there is enough sequence number space left to 1204 * handle a few more records, so the sequence number 1205 * of the last record cannot be wrapped. 1206 */ 1207 hsStatus = getHSStatus(hsStatus); 1208 if (connectionState < cs_ERROR && !isInboundDone() && 1209 (hsStatus == HandshakeStatus.NOT_HANDSHAKING) && 1210 (inputRecord.seqNumIsHuge())) { 1211 /* 1212 * Ask for renegotiation when need to renew sequence number. 1213 * 1214 * Don't bother to kickstart the renegotiation when the local is 1215 * asking for it. 1216 */ 1217 if (debug != null && Debug.isOn("ssl")) { 1218 System.out.println(Thread.currentThread().getName() + 1219 ", request renegotiation " + 1220 "to avoid sequence number overflow"); 1221 } 1222 1223 beginHandshake(); 1224 1225 hsStatus = getHSStatus(null); 1226 } 1227 1228 return hsStatus; 1229 } 1230 1231 1232 // 1233 // write/wrap side 1234 // 1235 1236 1237 /** 1238 * Wraps a buffer. Does a variety of checks before grabbing 1239 * the wrapLock, which blocks multiple wraps from occurring. 1240 */ 1241 @Override 1242 public SSLEngineResult wrap(ByteBuffer[] appData, 1243 int offset, int length, ByteBuffer netData) throws SSLException { 1244 1245 // check engine parameters 1246 checkEngineParas(netData, appData, offset, length, true); 1247 1248 /* 1249 * We can be smarter about using smaller buffer sizes later. 1250 * For now, force it to be large enough to handle any valid record. 1251 */ 1252 if (netData.remaining() < sess.getPacketBufferSize()) { 1253 return new SSLEngineResult( 1254 Status.BUFFER_OVERFLOW, getHSStatus(null), 0, 0); 1255 } 1256 1257 try { 1258 synchronized (wrapLock) { 1259 return writeAppRecord(appData, offset, length, netData); 1260 } 1261 } catch (SSLProtocolException spe) { 1262 // may be an unexpected handshake message 1263 fatal(Alerts.alert_unexpected_message, spe.getMessage(), spe); 1264 return null; // make compiler happy 1265 } catch (Exception e) { 1266 fatal(Alerts.alert_internal_error, 1267 "problem wrapping app data", e); 1268 return null; // make compiler happy 1269 } 1270 } 1271 1272 /* 1273 * Makes additional checks for unwrap, but this time more 1274 * specific to this packet and the current state of the machine. 1275 */ 1276 private SSLEngineResult writeAppRecord(ByteBuffer[] appData, 1277 int offset, int length, ByteBuffer netData) throws IOException { 1278 1279 Status status = null; 1280 HandshakeStatus hsStatus = null; 1281 1282 /* 1283 * See if the handshaker needs to report back some SSLException. 1284 */ 1285 checkTaskThrown(); 1286 1287 /* 1288 * short circuit if we're closed/closing. 1289 */ 1290 if (isOutboundDone()) { 1291 return new SSLEngineResult(Status.CLOSED, getHSStatus(null), 0, 0); 1292 } 1293 1294 /* 1295 * If we're still in cs_HANDSHAKE, make sure it's been 1296 * started. 1297 */ 1298 synchronized (this) { 1299 if ((connectionState == cs_HANDSHAKE) || 1300 (connectionState == cs_START)) { 1301 1302 kickstartHandshake(); 1303 1304 /* 1305 * If there's no HS data available to write, we can return 1306 * without trying to wrap anything. 1307 */ 1308 hsStatus = getHSStatus(null); 1309 if (hsStatus == HandshakeStatus.NEED_UNWRAP) { 1310 /* 1311 * For DTLS, if the handshake state is 1312 * HandshakeStatus.NEED_UNWRAP, a call to SSLEngine.wrap() 1313 * means that the previous handshake packets (if delivered) 1314 * get lost, and need retransmit the handshake messages. 1315 */ 1316 if (!isDTLS || !enableRetransmissions || 1317 (handshaker == null) || outputRecord.firstMessage) { 1318 1319 return new SSLEngineResult(Status.OK, hsStatus, 0, 0); 1320 } // otherwise, need retransmission 1321 } 1322 } 1323 } 1324 1325 /* 1326 * Grab a copy of this if it doesn't already exist, 1327 * and we can use it several places before anything major 1328 * happens on this side. Races aren't critical 1329 * here. 1330 */ 1331 if (hsStatus == null) { 1332 hsStatus = getHSStatus(null); 1333 } 1334 1335 /* 1336 * If we have a task outstanding, this *MUST* be done before 1337 * doing any more wrapping, because we could be in the middle 1338 * of receiving a handshake message, for example, a finished 1339 * message which would change the ciphers. 1340 */ 1341 if (hsStatus == HandshakeStatus.NEED_TASK) { 1342 return new SSLEngineResult(Status.OK, hsStatus, 0, 0); 1343 } 1344 1345 /* 1346 * This will obtain any waiting outbound data, or will 1347 * process the outbound appData. 1348 */ 1349 int netPos = netData.position(); 1350 int appRemains = 0; 1351 for (int i = offset; i < offset + length; i++) { 1352 if (appData[i] == null) { 1353 throw new IllegalArgumentException( 1354 "appData[" + i + "] == null"); 1355 } 1356 appRemains += appData[i].remaining(); 1357 } 1358 1359 Ciphertext ciphertext = null; 1360 try { 1361 if (appRemains != 0) { 1362 synchronized (writeLock) { 1363 ciphertext = writeRecord(appData, offset, length, netData); 1364 } 1365 } else { 1366 synchronized (writeLock) { 1367 ciphertext = writeRecord(null, 0, 0, netData); 1368 } 1369 } 1370 } catch (SSLException e) { 1371 throw e; 1372 } catch (IOException e) { 1373 throw new SSLException("Write problems", e); 1374 } 1375 1376 /* 1377 * writeRecord might have reported some status. 1378 * Now check for the remaining cases. 1379 * 1380 * status above should cover: NEED_WRAP/FINISHED 1381 */ 1382 status = (isOutboundDone() ? Status.CLOSED : Status.OK); 1383 hsStatus = getHSStatus(ciphertext.handshakeStatus); 1384 1385 int deltaNet = netData.position() - netPos; 1386 int deltaApp = appRemains; 1387 for (int i = offset; i < offset + length; i++) { 1388 deltaApp -= appData[i].remaining(); 1389 } 1390 1391 return new SSLEngineResult( 1392 status, hsStatus, deltaApp, deltaNet, ciphertext.recordSN); 1393 } 1394 1395 /* 1396 * Central point to write/get all of the outgoing data. 1397 */ 1398 private Ciphertext writeRecord(ByteBuffer[] appData, 1399 int offset, int length, ByteBuffer netData) throws IOException { 1400 1401 Ciphertext ciphertext = null; 1402 try { 1403 // Acquire the buffered to-be-delivered records or retransmissions. 1404 // 1405 // May have buffered records, or need retransmission if handshaking. 1406 if (!outputRecord.isEmpty() || 1407 (enableRetransmissions && handshaker != null)) { 1408 ciphertext = outputRecord.acquireCiphertext(netData); 1409 } 1410 1411 if ((ciphertext == null) && (appData != null)) { 1412 ciphertext = outputRecord.encode( 1413 appData, offset, length, netData); 1414 } 1415 } catch (SSLHandshakeException she) { 1416 // may be record sequence number overflow 1417 fatal(Alerts.alert_handshake_failure, she); 1418 1419 return Ciphertext.CIPHERTEXT_NULL; // make the complier happy 1420 } catch (IOException e) { 1421 fatal(Alerts.alert_unexpected_message, e); 1422 1423 return Ciphertext.CIPHERTEXT_NULL; // make the complier happy 1424 } 1425 1426 if (ciphertext == null) { 1427 return Ciphertext.CIPHERTEXT_NULL; 1428 } 1429 1430 HandshakeStatus hsStatus = null; 1431 Ciphertext.RecordType recordType = ciphertext.recordType; 1432 if ((recordType.contentType == Record.ct_handshake) && 1433 (recordType.handshakeType == HandshakeMessage.ht_finished) && 1434 outputRecord.isEmpty()) { 1435 1436 if (handshaker == null) { 1437 hsStatus = HandshakeStatus.FINISHED; 1438 } else if (handshaker.isDone()) { 1439 hsStatus = finishHandshake(); 1440 connectionState = cs_DATA; 1441 1442 // Retransmit the last flight twice. 1443 // 1444 // The application data transactions may begin immediately 1445 // after the last flight. If the last flight get lost, the 1446 // application data may be discarded accordingly. As could 1447 // be an issue for some applications. This impact can be 1448 // mitigated by sending the last fligth twice. 1449 if (isDTLS && enableRetransmissions) { 1450 if (debug != null && Debug.isOn("verbose")) { 1451 Debug.log( 1452 "Retransmit the last flight messages."); 1453 } 1454 1455 synchronized (this) { 1456 outputRecord.launchRetransmission(); 1457 } 1458 1459 hsStatus = HandshakeStatus.NEED_WRAP; 1460 } 1461 } 1462 } // Otherwise, the followed call to getHSStatus() will help. 1463 1464 /* 1465 * We only need to check the sequence number state for 1466 * non-handshaking record. 1467 * 1468 * Note that in order to maintain the handshake status 1469 * properly, we check the sequence number after the last 1470 * record writing process. As we request renegotiation 1471 * or close the connection for wrapped sequence number 1472 * when there is enough sequence number space left to 1473 * handle a few more records, so the sequence number 1474 * of the last record cannot be wrapped. 1475 */ 1476 hsStatus = getHSStatus(hsStatus); 1477 if (connectionState < cs_ERROR && !isOutboundDone() && 1478 (hsStatus == HandshakeStatus.NOT_HANDSHAKING) && 1479 (outputRecord.seqNumIsHuge())) { 1480 /* 1481 * Ask for renegotiation when need to renew sequence number. 1482 * 1483 * Don't bother to kickstart the renegotiation when the local is 1484 * asking for it. 1485 */ 1486 if (debug != null && Debug.isOn("ssl")) { 1487 System.out.println(Thread.currentThread().getName() + 1488 ", request renegotiation " + 1489 "to avoid sequence number overflow"); 1490 } 1491 1492 beginHandshake(); 1493 1494 hsStatus = getHSStatus(null); 1495 } 1496 ciphertext.handshakeStatus = hsStatus; 1497 1498 return ciphertext; 1499 } 1500 1501 private HandshakeStatus finishHandshake() { 1502 handshaker = null; 1503 inputRecord.setHandshakeHash(null); 1504 outputRecord.setHandshakeHash(null); 1505 connectionState = cs_DATA; 1506 1507 return HandshakeStatus.FINISHED; 1508 } 1509 1510 // 1511 // Close code 1512 // 1513 1514 /** 1515 * Signals that no more outbound application data will be sent 1516 * on this <code>SSLEngine</code>. 1517 */ 1518 private void closeOutboundInternal() { 1519 1520 if ((debug != null) && Debug.isOn("ssl")) { 1521 System.out.println(Thread.currentThread().getName() + 1522 ", closeOutboundInternal()"); 1523 } 1524 1525 /* 1526 * Already closed, ignore 1527 */ 1528 if (outboundDone) { 1529 return; 1530 } 1531 1532 switch (connectionState) { 1533 1534 /* 1535 * If we haven't even started yet, don't bother reading inbound. 1536 */ 1537 case cs_START: 1538 try { 1539 outputRecord.close(); 1540 } catch (IOException ioe) { 1541 // ignore 1542 } 1543 outboundDone = true; 1544 1545 try { 1546 inputRecord.close(); 1547 } catch (IOException ioe) { 1548 // ignore 1549 } 1550 inboundDone = true; 1551 break; 1552 1553 case cs_ERROR: 1554 case cs_CLOSED: 1555 break; 1556 1557 /* 1558 * Otherwise we indicate clean termination. 1559 */ 1560 // case cs_HANDSHAKE: 1561 // case cs_DATA: 1562 // case cs_RENEGOTIATE: 1563 default: 1564 warning(Alerts.alert_close_notify); 1565 try { 1566 outputRecord.close(); 1567 } catch (IOException ioe) { 1568 // ignore 1569 } 1570 outboundDone = true; 1571 break; 1572 } 1573 1574 connectionState = cs_CLOSED; 1575 } 1576 1577 @Override 1578 public synchronized void closeOutbound() { 1579 /* 1580 * Dump out a close_notify to the remote side 1581 */ 1582 if ((debug != null) && Debug.isOn("ssl")) { 1583 System.out.println(Thread.currentThread().getName() + 1584 ", called closeOutbound()"); 1585 } 1586 1587 closeOutboundInternal(); 1588 } 1589 1590 /** 1591 * Returns the outbound application data closure state 1592 */ 1593 @Override 1594 public boolean isOutboundDone() { 1595 return outboundDone && outputRecord.isEmpty(); 1596 } 1597 1598 /** 1599 * Signals that no more inbound network data will be sent 1600 * to this <code>SSLEngine</code>. 1601 */ 1602 private void closeInboundInternal() { 1603 1604 if ((debug != null) && Debug.isOn("ssl")) { 1605 System.out.println(Thread.currentThread().getName() + 1606 ", closeInboundInternal()"); 1607 } 1608 1609 /* 1610 * Already closed, ignore 1611 */ 1612 if (inboundDone) { 1613 return; 1614 } 1615 1616 closeOutboundInternal(); 1617 1618 try { 1619 inputRecord.close(); 1620 } catch (IOException ioe) { 1621 // ignore 1622 } 1623 inboundDone = true; 1624 1625 connectionState = cs_CLOSED; 1626 } 1627 1628 /* 1629 * Close the inbound side of the connection. We grab the 1630 * lock here, and do the real work in the internal verison. 1631 * We do check for truncation attacks. 1632 */ 1633 @Override 1634 public synchronized void closeInbound() throws SSLException { 1635 /* 1636 * Currently closes the outbound side as well. The IETF TLS 1637 * working group has expressed the opinion that 1/2 open 1638 * connections are not allowed by the spec. May change 1639 * someday in the future. 1640 */ 1641 if ((debug != null) && Debug.isOn("ssl")) { 1642 System.out.println(Thread.currentThread().getName() + 1643 ", called closeInbound()"); 1644 } 1645 1646 /* 1647 * No need to throw an Exception if we haven't even started yet. 1648 */ 1649 if ((connectionState != cs_START) && !recvCN) { 1650 recvCN = true; // Only receive the Exception once 1651 fatal(Alerts.alert_internal_error, 1652 "Inbound closed before receiving peer's close_notify: " + 1653 "possible truncation attack?"); 1654 } else { 1655 /* 1656 * Currently, this is a no-op, but in case we change 1657 * the close inbound code later. 1658 */ 1659 closeInboundInternal(); 1660 } 1661 } 1662 1663 /** 1664 * Returns the network inbound data closure state 1665 */ 1666 @Override 1667 public synchronized boolean isInboundDone() { 1668 return inboundDone; 1669 } 1670 1671 1672 // 1673 // Misc stuff 1674 // 1675 1676 1677 /** 1678 * Returns the current <code>SSLSession</code> for this 1679 * <code>SSLEngine</code> 1680 * <P> 1681 * These can be long lived, and frequently correspond to an 1682 * entire login session for some user. 1683 */ 1684 @Override 1685 public synchronized SSLSession getSession() { 1686 return sess; 1687 } 1688 1689 @Override 1690 public synchronized SSLSession getHandshakeSession() { 1691 return handshakeSession; 1692 } 1693 1694 synchronized void setHandshakeSession(SSLSessionImpl session) { 1695 // update the fragment size, which may be negotiated during handshaking 1696 inputRecord.changeFragmentSize(session.getNegotiatedMaxFragSize()); 1697 outputRecord.changeFragmentSize(session.getNegotiatedMaxFragSize()); 1698 1699 handshakeSession = session; 1700 } 1701 1702 /** 1703 * Returns a delegated <code>Runnable</code> task for 1704 * this <code>SSLEngine</code>. 1705 */ 1706 @Override 1707 public synchronized Runnable getDelegatedTask() { 1708 if (handshaker != null) { 1709 return handshaker.getTask(); 1710 } 1711 return null; 1712 } 1713 1714 1715 // 1716 // EXCEPTION AND ALERT HANDLING 1717 // 1718 1719 /* 1720 * Send a warning alert. 1721 */ 1722 void warning(byte description) { 1723 sendAlert(Alerts.alert_warning, description); 1724 } 1725 1726 synchronized void fatal(byte description, String diagnostic) 1727 throws SSLException { 1728 fatal(description, diagnostic, null, false); 1729 } 1730 1731 synchronized void fatal(byte description, Throwable cause) 1732 throws SSLException { 1733 fatal(description, null, cause, false); 1734 } 1735 1736 synchronized void fatal(byte description, String diagnostic, 1737 Throwable cause) throws SSLException { 1738 fatal(description, diagnostic, cause, false); 1739 } 1740 1741 /* 1742 * We've got a fatal error here, so start the shutdown process. 1743 * 1744 * Because of the way the code was written, we have some code 1745 * calling fatal directly when the "description" is known 1746 * and some throwing Exceptions which are then caught by higher 1747 * levels which then call here. This code needs to determine 1748 * if one of the lower levels has already started the process. 1749 * 1750 * We won't worry about Errors, if we have one of those, 1751 * we're in worse trouble. Note: the networking code doesn't 1752 * deal with Errors either. 1753 */ 1754 synchronized void fatal(byte description, String diagnostic, 1755 Throwable cause, boolean recvFatalAlert) throws SSLException { 1756 1757 /* 1758 * If we have no further information, make a general-purpose 1759 * message for folks to see. We generally have one or the other. 1760 */ 1761 if (diagnostic == null) { 1762 diagnostic = "General SSLEngine problem"; 1763 } 1764 if (cause == null) { 1765 cause = Alerts.getSSLException(description, cause, diagnostic); 1766 } 1767 1768 /* 1769 * If we've already shutdown because of an error, 1770 * there is nothing we can do except rethrow the exception. 1771 * 1772 * Most exceptions seen here will be SSLExceptions. 1773 * We may find the occasional Exception which hasn't been 1774 * converted to a SSLException, so we'll do it here. 1775 */ 1776 if (closeReason != null) { 1777 if ((debug != null) && Debug.isOn("ssl")) { 1778 System.out.println(Thread.currentThread().getName() + 1779 ", fatal: engine already closed. Rethrowing " + 1780 cause.toString()); 1781 } 1782 if (cause instanceof RuntimeException) { 1783 throw (RuntimeException)cause; 1784 } else if (cause instanceof SSLException) { 1785 throw (SSLException)cause; 1786 } else if (cause instanceof Exception) { 1787 throw new SSLException("fatal SSLEngine condition", cause); 1788 } 1789 } 1790 1791 if ((debug != null) && Debug.isOn("ssl")) { 1792 System.out.println(Thread.currentThread().getName() 1793 + ", fatal error: " + description + 1794 ": " + diagnostic + "\n" + cause.toString()); 1795 } 1796 1797 /* 1798 * Ok, this engine's going down. 1799 */ 1800 int oldState = connectionState; 1801 connectionState = cs_ERROR; 1802 1803 try { 1804 inputRecord.close(); 1805 } catch (IOException ioe) { 1806 // ignore 1807 } 1808 inboundDone = true; 1809 1810 sess.invalidate(); 1811 if (handshakeSession != null) { 1812 handshakeSession.invalidate(); 1813 } 1814 1815 /* 1816 * If we haven't even started handshaking yet, or we are the 1817 * recipient of a fatal alert, no need to generate a fatal close 1818 * alert. 1819 */ 1820 if (oldState != cs_START && !recvFatalAlert) { 1821 sendAlert(Alerts.alert_fatal, description); 1822 } 1823 1824 if (cause instanceof SSLException) { // only true if != null 1825 closeReason = (SSLException)cause; 1826 } else { 1827 /* 1828 * Including RuntimeExceptions, but we'll throw those 1829 * down below. The closeReason isn't used again, 1830 * except for null checks. 1831 */ 1832 closeReason = 1833 Alerts.getSSLException(description, cause, diagnostic); 1834 } 1835 1836 try { 1837 outputRecord.close(); 1838 } catch (IOException ioe) { 1839 // ignore 1840 } 1841 outboundDone = true; 1842 1843 connectionState = cs_CLOSED; 1844 1845 if (cause instanceof RuntimeException) { 1846 throw (RuntimeException)cause; 1847 } else { 1848 throw closeReason; 1849 } 1850 } 1851 1852 /* 1853 * Process an incoming alert ... caller must already have synchronized 1854 * access to "this". 1855 */ 1856 private void recvAlert(ByteBuffer fragment) throws IOException { 1857 byte level = fragment.get(); 1858 byte description = fragment.get(); 1859 1860 if (debug != null && (Debug.isOn("record") || 1861 Debug.isOn("handshake"))) { 1862 synchronized (System.out) { 1863 System.out.print(Thread.currentThread().getName()); 1864 System.out.print(", RECV " + protocolVersion + " ALERT: "); 1865 if (level == Alerts.alert_fatal) { 1866 System.out.print("fatal, "); 1867 } else if (level == Alerts.alert_warning) { 1868 System.out.print("warning, "); 1869 } else { 1870 System.out.print("<level " + (0x0ff & level) + ">, "); 1871 } 1872 System.out.println(Alerts.alertDescription(description)); 1873 } 1874 } 1875 1876 if (level == Alerts.alert_warning) { 1877 if (description == -1) { // check for short message 1878 fatal(Alerts.alert_illegal_parameter, "Short alert message"); 1879 } else if (description == Alerts.alert_close_notify) { 1880 if (connectionState == cs_HANDSHAKE) { 1881 fatal(Alerts.alert_unexpected_message, 1882 "Received close_notify during handshake"); 1883 } else { 1884 recvCN = true; 1885 closeInboundInternal(); // reply to close 1886 } 1887 } else { 1888 1889 // 1890 // The other legal warnings relate to certificates, 1891 // e.g. no_certificate, bad_certificate, etc; these 1892 // are important to the handshaking code, which can 1893 // also handle illegal protocol alerts if needed. 1894 // 1895 if (handshaker != null) { 1896 handshaker.handshakeAlert(description); 1897 } 1898 } 1899 } else { // fatal or unknown level 1900 String reason = "Received fatal alert: " 1901 + Alerts.alertDescription(description); 1902 1903 // The inbound and outbound queues will be closed as part of 1904 // the call to fatal. The handhaker to needs to be set to null 1905 // so subsequent calls to getHandshakeStatus will return 1906 // NOT_HANDSHAKING. 1907 handshaker = null; 1908 Throwable cause = Alerts.getSSLException(description, reason); 1909 fatal(description, null, cause, true); 1910 } 1911 } 1912 1913 1914 /* 1915 * Emit alerts. Caller must have synchronized with "this". 1916 */ 1917 private void sendAlert(byte level, byte description) { 1918 // the connectionState cannot be cs_START 1919 if (connectionState >= cs_CLOSED) { 1920 return; 1921 } 1922 1923 // For initial handshaking, don't send alert message to peer if 1924 // handshaker has not started. 1925 // 1926 // Shall we send an fatal alter to terminate the connection gracefully? 1927 if (connectionState <= cs_HANDSHAKE && 1928 (handshaker == null || !handshaker.started() || 1929 !handshaker.activated())) { 1930 return; 1931 } 1932 1933 try { 1934 outputRecord.encodeAlert(level, description); 1935 } catch (IOException ioe) { 1936 // ignore 1937 } 1938 } 1939 1940 1941 // 1942 // VARIOUS OTHER METHODS (COMMON TO SSLSocket) 1943 // 1944 1945 1946 /** 1947 * Controls whether new connections may cause creation of new SSL 1948 * sessions. 1949 * 1950 * As long as handshaking has not started, we can change 1951 * whether we enable session creations. Otherwise, 1952 * we will need to wait for the next handshake. 1953 */ 1954 @Override 1955 public synchronized void setEnableSessionCreation(boolean flag) { 1956 enableSessionCreation = flag; 1957 1958 if ((handshaker != null) && !handshaker.activated()) { 1959 handshaker.setEnableSessionCreation(enableSessionCreation); 1960 } 1961 } 1962 1963 /** 1964 * Returns true if new connections may cause creation of new SSL 1965 * sessions. 1966 */ 1967 @Override 1968 public synchronized boolean getEnableSessionCreation() { 1969 return enableSessionCreation; 1970 } 1971 1972 1973 /** 1974 * Sets the flag controlling whether a server mode engine 1975 * *REQUIRES* SSL client authentication. 1976 * 1977 * As long as handshaking has not started, we can change 1978 * whether client authentication is needed. Otherwise, 1979 * we will need to wait for the next handshake. 1980 */ 1981 @Override 1982 public synchronized void setNeedClientAuth(boolean flag) { 1983 doClientAuth = (flag ? 1984 ClientAuthType.CLIENT_AUTH_REQUIRED : 1985 ClientAuthType.CLIENT_AUTH_NONE); 1986 1987 if ((handshaker != null) && 1988 (handshaker instanceof ServerHandshaker) && 1989 !handshaker.activated()) { 1990 ((ServerHandshaker) handshaker).setClientAuth(doClientAuth); 1991 } 1992 } 1993 1994 @Override 1995 public synchronized boolean getNeedClientAuth() { 1996 return (doClientAuth == ClientAuthType.CLIENT_AUTH_REQUIRED); 1997 } 1998 1999 /** 2000 * Sets the flag controlling whether a server mode engine 2001 * *REQUESTS* SSL client authentication. 2002 * 2003 * As long as handshaking has not started, we can change 2004 * whether client authentication is requested. Otherwise, 2005 * we will need to wait for the next handshake. 2006 */ 2007 @Override 2008 public synchronized void setWantClientAuth(boolean flag) { 2009 doClientAuth = (flag ? 2010 ClientAuthType.CLIENT_AUTH_REQUESTED : 2011 ClientAuthType.CLIENT_AUTH_NONE); 2012 2013 if ((handshaker != null) && 2014 (handshaker instanceof ServerHandshaker) && 2015 !handshaker.activated()) { 2016 ((ServerHandshaker) handshaker).setClientAuth(doClientAuth); 2017 } 2018 } 2019 2020 @Override 2021 public synchronized boolean getWantClientAuth() { 2022 return (doClientAuth == ClientAuthType.CLIENT_AUTH_REQUESTED); 2023 } 2024 2025 2026 /** 2027 * Sets the flag controlling whether the engine is in SSL 2028 * client or server mode. Must be called before any SSL 2029 * traffic has started. 2030 */ 2031 @Override 2032 @SuppressWarnings("fallthrough") 2033 public synchronized void setUseClientMode(boolean flag) { 2034 switch (connectionState) { 2035 2036 case cs_START: 2037 /* 2038 * If we need to change the socket mode and the enabled 2039 * protocols and cipher suites haven't specifically been 2040 * set by the user, change them to the corresponding 2041 * default ones. 2042 */ 2043 if (roleIsServer != (!flag)) { 2044 if (sslContext.isDefaultProtocolList(enabledProtocols)) { 2045 enabledProtocols = 2046 sslContext.getDefaultProtocolList(!flag); 2047 } 2048 2049 if (sslContext.isDefaultCipherSuiteList(enabledCipherSuites)) { 2050 enabledCipherSuites = 2051 sslContext.getDefaultCipherSuiteList(!flag); 2052 } 2053 } 2054 2055 roleIsServer = !flag; 2056 serverModeSet = true; 2057 break; 2058 2059 case cs_HANDSHAKE: 2060 /* 2061 * If we have a handshaker, but haven't started 2062 * SSL traffic, we can throw away our current 2063 * handshaker, and start from scratch. Don't 2064 * need to call doneConnect() again, we already 2065 * have the streams. 2066 */ 2067 assert(handshaker != null); 2068 if (!handshaker.activated()) { 2069 /* 2070 * If we need to change the socket mode and the enabled 2071 * protocols and cipher suites haven't specifically been 2072 * set by the user, change them to the corresponding 2073 * default ones. 2074 */ 2075 if (roleIsServer != (!flag)) { 2076 if (sslContext.isDefaultProtocolList(enabledProtocols)) { 2077 enabledProtocols = 2078 sslContext.getDefaultProtocolList(!flag); 2079 } 2080 2081 if (sslContext.isDefaultCipherSuiteList( 2082 enabledCipherSuites)) { 2083 enabledCipherSuites = 2084 sslContext.getDefaultCipherSuiteList(!flag); 2085 } 2086 } 2087 2088 roleIsServer = !flag; 2089 connectionState = cs_START; 2090 initHandshaker(); 2091 break; 2092 } 2093 2094 // If handshake has started, that's an error. Fall through... 2095 2096 default: 2097 if (debug != null && Debug.isOn("ssl")) { 2098 System.out.println(Thread.currentThread().getName() + 2099 ", setUseClientMode() invoked in state = " + 2100 connectionState); 2101 } 2102 2103 /* 2104 * We can let them continue if they catch this correctly, 2105 * we don't need to shut this down. 2106 */ 2107 throw new IllegalArgumentException( 2108 "Cannot change mode after SSL traffic has started"); 2109 } 2110 } 2111 2112 @Override 2113 public synchronized boolean getUseClientMode() { 2114 return !roleIsServer; 2115 } 2116 2117 2118 /** 2119 * Returns the names of the cipher suites which could be enabled for use 2120 * on an SSL connection. Normally, only a subset of these will actually 2121 * be enabled by default, since this list may include cipher suites which 2122 * do not support the mutual authentication of servers and clients, or 2123 * which do not protect data confidentiality. Servers may also need 2124 * certain kinds of certificates to use certain cipher suites. 2125 * 2126 * @return an array of cipher suite names 2127 */ 2128 @Override 2129 public String[] getSupportedCipherSuites() { 2130 return sslContext.getSupportedCipherSuiteList().toStringArray(); 2131 } 2132 2133 /** 2134 * Controls which particular cipher suites are enabled for use on 2135 * this connection. The cipher suites must have been listed by 2136 * getCipherSuites() as being supported. Even if a suite has been 2137 * enabled, it might never be used if no peer supports it or the 2138 * requisite certificates (and private keys) are not available. 2139 * 2140 * @param suites Names of all the cipher suites to enable. 2141 */ 2142 @Override 2143 public synchronized void setEnabledCipherSuites(String[] suites) { 2144 enabledCipherSuites = new CipherSuiteList(suites); 2145 if ((handshaker != null) && !handshaker.activated()) { 2146 handshaker.setEnabledCipherSuites(enabledCipherSuites); 2147 } 2148 } 2149 2150 /** 2151 * Returns the names of the SSL cipher suites which are currently enabled 2152 * for use on this connection. When an SSL engine is first created, 2153 * all enabled cipher suites <em>(a)</em> protect data confidentiality, 2154 * by traffic encryption, and <em>(b)</em> can mutually authenticate 2155 * both clients and servers. Thus, in some environments, this value 2156 * might be empty. 2157 * 2158 * @return an array of cipher suite names 2159 */ 2160 @Override 2161 public synchronized String[] getEnabledCipherSuites() { 2162 return enabledCipherSuites.toStringArray(); 2163 } 2164 2165 2166 /** 2167 * Returns the protocols that are supported by this implementation. 2168 * A subset of the supported protocols may be enabled for this connection 2169 * @return an array of protocol names. 2170 */ 2171 @Override 2172 public String[] getSupportedProtocols() { 2173 return sslContext.getSuportedProtocolList().toStringArray(); 2174 } 2175 2176 /** 2177 * Controls which protocols are enabled for use on 2178 * this connection. The protocols must have been listed by 2179 * getSupportedProtocols() as being supported. 2180 * 2181 * @param protocols protocols to enable. 2182 * @exception IllegalArgumentException when one of the protocols 2183 * named by the parameter is not supported. 2184 */ 2185 @Override 2186 public synchronized void setEnabledProtocols(String[] protocols) { 2187 enabledProtocols = new ProtocolList(protocols); 2188 if ((handshaker != null) && !handshaker.activated()) { 2189 handshaker.setEnabledProtocols(enabledProtocols); 2190 } 2191 } 2192 2193 @Override 2194 public synchronized String[] getEnabledProtocols() { 2195 return enabledProtocols.toStringArray(); 2196 } 2197 2198 /** 2199 * Returns the SSLParameters in effect for this SSLEngine. 2200 */ 2201 @Override 2202 public synchronized SSLParameters getSSLParameters() { 2203 SSLParameters params = super.getSSLParameters(); 2204 2205 // the super implementation does not handle the following parameters 2206 params.setEndpointIdentificationAlgorithm(identificationProtocol); 2207 params.setAlgorithmConstraints(algorithmConstraints); 2208 params.setSNIMatchers(sniMatchers); 2209 params.setServerNames(serverNames); 2210 params.setUseCipherSuitesOrder(preferLocalCipherSuites); 2211 params.setEnableRetransmissions(enableRetransmissions); 2212 params.setMaximumPacketSize(maximumPacketSize); 2213 params.setApplicationProtocols(applicationProtocols); 2214 params.setUseCertificateAuthorities(useCertificateAuthorities); 2215 return params; 2216 } 2217 2218 /** 2219 * Applies SSLParameters to this engine. 2220 */ 2221 @Override 2222 public synchronized void setSSLParameters(SSLParameters params) { 2223 super.setSSLParameters(params); 2224 2225 // the super implementation does not handle the following parameters 2226 identificationProtocol = params.getEndpointIdentificationAlgorithm(); 2227 algorithmConstraints = params.getAlgorithmConstraints(); 2228 preferLocalCipherSuites = params.getUseCipherSuitesOrder(); 2229 enableRetransmissions = params.getEnableRetransmissions(); 2230 maximumPacketSize = params.getMaximumPacketSize(); 2231 2232 if (maximumPacketSize != 0) { 2233 outputRecord.changePacketSize(maximumPacketSize); 2234 } else { 2235 // use the implicit maximum packet size. 2236 maximumPacketSize = outputRecord.getMaxPacketSize(); 2237 } 2238 2239 useCertificateAuthorities = params.getUseCertificateAuthorities(); 2240 2241 List<SNIServerName> sniNames = params.getServerNames(); 2242 if (sniNames != null) { 2243 serverNames = sniNames; 2244 } 2245 2246 Collection<SNIMatcher> matchers = params.getSNIMatchers(); 2247 if (matchers != null) { 2248 sniMatchers = matchers; 2249 } 2250 applicationProtocols = params.getApplicationProtocols(); 2251 2252 if ((handshaker != null) && !handshaker.activated()) { 2253 handshaker.setIdentificationProtocol(identificationProtocol); 2254 handshaker.setAlgorithmConstraints(algorithmConstraints); 2255 handshaker.setMaximumPacketSize(maximumPacketSize); 2256 handshaker.setApplicationProtocols(applicationProtocols); 2257 if (roleIsServer) { 2258 handshaker.setSNIMatchers(sniMatchers); 2259 handshaker.setUseCipherSuitesOrder(preferLocalCipherSuites); 2260 } else { 2261 handshaker.setSNIServerNames(serverNames); 2262 } 2263 } 2264 } 2265 2266 @Override 2267 public synchronized String getApplicationProtocol() { 2268 return applicationProtocol; 2269 } 2270 2271 @Override 2272 public synchronized String getHandshakeApplicationProtocol() { 2273 if ((handshaker != null) && handshaker.started()) { 2274 return handshaker.getHandshakeApplicationProtocol(); 2275 } 2276 return null; 2277 } 2278 2279 @Override 2280 public synchronized void setHandshakeApplicationProtocolSelector( 2281 BiFunction<SSLEngine, List<String>, String> selector) { 2282 applicationProtocolSelector = selector; 2283 if ((handshaker != null) && !handshaker.activated()) { 2284 handshaker.setApplicationProtocolSelectorSSLEngine(selector); 2285 } 2286 } 2287 2288 @Override 2289 public synchronized BiFunction<SSLEngine, List<String>, String> 2290 getHandshakeApplicationProtocolSelector() { 2291 return this.applicationProtocolSelector; 2292 } 2293 2294 /** 2295 * Returns a printable representation of this end of the connection. 2296 */ 2297 @Override 2298 public String toString() { 2299 StringBuilder retval = new StringBuilder(80); 2300 2301 retval.append(Integer.toHexString(hashCode())); 2302 retval.append("["); 2303 retval.append("SSLEngine[hostname="); 2304 String host = getPeerHost(); 2305 retval.append((host == null) ? "null" : host); 2306 retval.append(" port="); 2307 retval.append(Integer.toString(getPeerPort())); 2308 retval.append(" role=" + (roleIsServer ? "Server" : "Client")); 2309 retval.append("] "); 2310 retval.append(getSession().getCipherSuite()); 2311 retval.append("]"); 2312 2313 return retval.toString(); 2314 } 2315 }