1 /* 2 * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 27 package sun.security.ssl; 28 29 import java.io.OutputStream; 30 import java.io.IOException; 31 32 /* 33 * Output stream for application data. This is the kind of stream 34 * that's handed out via SSLSocket.getOutputStream(). It's all the application 35 * ever sees. 36 * 37 * Once the initial handshake has completed, application data may be 38 * interleaved with handshake data. That is handled internally and remains 39 * transparent to the application. 40 * 41 * @author David Brownell 42 */ 43 class AppOutputStream extends OutputStream { 44 45 private SSLSocketImpl c; 46 OutputRecord r; 47 48 // One element array used to implement the write(byte) method 49 private final byte[] oneByte = new byte[1]; 50 51 AppOutputStream(SSLSocketImpl conn) { 52 r = new OutputRecord(Record.ct_application_data); 53 c = conn; 54 } 55 56 /** 57 * Write the data out, NOW. 58 */ 59 @Override 60 synchronized public void write(byte b[], int off, int len) 61 throws IOException { 62 if (b == null) { 63 throw new NullPointerException(); 64 } else if (off < 0 || len < 0 || len > b.length - off) { 65 throw new IndexOutOfBoundsException(); 66 } else if (len == 0) { 67 return; 68 } 69 70 // check if the Socket is invalid (error or closed) 71 c.checkWrite(); 72 73 /* 74 * By default, we counter chosen plaintext issues on CBC mode 75 * ciphersuites in SSLv3/TLS1.0 by sending one byte of application 76 * data in the first record of every payload, and the rest in 77 * subsequent record(s). Note that the issues have been solved in 78 * TLS 1.1 or later. 79 * 80 * It is not necessary to split the very first application record of 81 * a freshly negotiated TLS session, as there is no previous 82 * application data to guess. To improve compatibility, we will not 83 * split such records. 84 * 85 * This avoids issues in the outbound direction. For a full fix, 86 * the peer must have similar protections. 87 */ 88 boolean isFirstRecordOfThePayload = true; 89 90 // Always flush at the end of each application level record. 91 // This lets application synchronize read and write streams 92 // however they like; if we buffered here, they couldn't. 93 try { 94 do { 95 boolean holdRecord = false; 96 int howmuch; 97 if (isFirstRecordOfThePayload && c.needToSplitPayload()) { 98 howmuch = Math.min(0x01, r.availableDataBytes()); 99 /* 100 * Nagle's algorithm (TCP_NODELAY) was coming into 101 * play here when writing short (split) packets. 102 * Signal to the OutputRecord code to internally 103 * buffer this small packet until the next outbound 104 * packet (of any type) is written. 105 */ 106 if ((len != 1) && (howmuch == 1)) { 107 holdRecord = true; 108 } 109 } else { 110 howmuch = Math.min(len, r.availableDataBytes()); 111 } 112 113 if (isFirstRecordOfThePayload && howmuch != 0) { 114 isFirstRecordOfThePayload = false; 115 } 116 117 // NOTE: *must* call c.writeRecord() even for howmuch == 0 118 if (howmuch > 0) { 119 r.write(b, off, howmuch); 120 off += howmuch; 121 len -= howmuch; 122 } 123 c.writeRecord(r, holdRecord); 124 c.checkWrite(); 125 } while (len > 0); 126 } catch (Exception e) { 127 // shutdown and rethrow (wrapped) exception as appropriate 128 c.handleException(e); 129 } 130 } 131 132 /** 133 * Write one byte now. 134 */ 135 @Override 136 synchronized public void write(int i) throws IOException { 137 oneByte[0] = (byte)i; 138 write(oneByte, 0, 1); 139 } 140 141 /* 142 * Socket close is already synchronized, no need to block here. 143 */ 144 @Override 145 public void close() throws IOException { 146 c.close(); 147 } 148 149 // inherit no-op flush() 150 }