/* * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.ssl; import java.io.*; import java.nio.*; import java.net.*; import java.security.GeneralSecurityException; import java.security.AccessController; import java.security.AccessControlContext; import java.security.PrivilegedAction; import java.security.AlgorithmConstraints; import java.util.*; import java.util.concurrent.TimeUnit; import java.util.concurrent.locks.ReentrantLock; import java.util.function.BiFunction; import javax.crypto.BadPaddingException; import javax.net.ssl.*; import jdk.internal.misc.JavaNetInetAddressAccess; import jdk.internal.misc.SharedSecrets; /** * Implementation of an SSL socket. This is a normal connection type * socket, implementing SSL over some lower level socket, such as TCP. * Because it is layered over some lower level socket, it MUST override * all default socket methods. * *
This API offers a non-traditional option for establishing SSL
* connections. You may first establish the connection directly, then pass
* that connection to the SSL socket constructor with a flag saying which
* role should be taken in the handshake protocol. (The two ends of the
* connection must not choose the same role!) This allows setup of SSL
* proxying or tunneling, and also allows the kind of "role reversal"
* that is required for most FTP data transfers.
*
* @see javax.net.ssl.SSLSocket
* @see SSLServerSocket
*
* @author David Brownell
*/
public final class SSLSocketImpl extends BaseSSLSocketImpl {
/*
* ERROR HANDLING GUIDELINES
* (which exceptions to throw and catch and which not to throw and catch)
*
* . if there is an IOException (SocketException) when accessing the
* underlying Socket, pass it through
*
* . do not throw IOExceptions, throw SSLExceptions (or a subclass)
*
* . for internal errors (things that indicate a bug in JSSE or a
* grossly misconfigured J2RE), throw either an SSLException or
* a RuntimeException at your convenience.
*
* . handshaking code (Handshaker or HandshakeMessage) should generally
* pass through exceptions, but can handle them if they know what to
* do.
*
* . exception chaining should be used for all new code. If you happen
* to touch old code that does not use chaining, you should change it.
*
* . there is a top level exception handler that sits at all entry
* points from application code to SSLSocket read/write code. It
* makes sure that all errors are handled (see handleException()).
*
* . JSSE internal code should generally not call close(), call
* closeInternal().
*/
/*
* There's a state machine associated with each connection, which
* among other roles serves to negotiate session changes.
*
* - START with constructor, until the TCP connection's around.
* - HANDSHAKE picks session parameters before allowing traffic.
* There are many substates due to sequencing requirements
* for handshake messages.
* - DATA may be transmitted.
* - RENEGOTIATE state allows concurrent data and handshaking
* traffic ("same" substates as HANDSHAKE), and terminates
* in selection of new session (and connection) parameters
* - ERROR state immediately precedes abortive disconnect.
* - SENT_CLOSE sent a close_notify to the peer. For layered,
* non-autoclose socket, must now read close_notify
* from peer before closing the connection. For nonlayered or
* non-autoclose socket, close connection and go onto
* cs_CLOSED state.
* - CLOSED after sending close_notify alert, & socket is closed.
* SSL connection objects are not reused.
* - APP_CLOSED once the application calls close(). Then it behaves like
* a closed socket, e.g.. getInputStream() throws an Exception.
*
* State affects what SSL record types may legally be sent:
*
* - Handshake ... only in HANDSHAKE and RENEGOTIATE states
* - App Data ... only in DATA and RENEGOTIATE states
* - Alert ... in HANDSHAKE, DATA, RENEGOTIATE
*
* Re what may be received: same as what may be sent, except that
* HandshakeRequest handshaking messages can come from servers even
* in the application data state, to request entry to RENEGOTIATE.
*
* The state machine within HANDSHAKE and RENEGOTIATE states controls
* the pending session, not the connection state, until the change
* cipher spec and "Finished" handshake messages are processed and
* make the "new" session become the current one.
*
* NOTE: details of the SMs always need to be nailed down better.
* The text above illustrates the core ideas.
*
* +---->-------+------>--------->-------+
* | | |
* <-----< ^ ^ <-----< v
*START>----->HANDSHAKE>----->DATA>----->RENEGOTIATE SENT_CLOSE
* v v v | |
* | | | | v
* +------------+---------------+ v ERROR
* | | |
* v | |
* ERROR>------>----->CLOSED<--------<----+-- +
* |
* v
* APP_CLOSED
*
* ALSO, note that the purpose of handshaking (renegotiation is
* included) is to assign a different, and perhaps new, session to
* the connection. The SSLv3 spec is a bit confusing on that new
* protocol feature.
*/
private static final int cs_START = 0;
private static final int cs_HANDSHAKE = 1;
private static final int cs_DATA = 2;
private static final int cs_RENEGOTIATE = 3;
private static final int cs_ERROR = 4;
private static final int cs_SENT_CLOSE = 5;
private static final int cs_CLOSED = 6;
private static final int cs_APP_CLOSED = 7;
/*
* Drives the protocol state machine.
*/
private volatile int connectionState;
/*
* Flag indicating if the next record we receive MUST be a Finished
* message. Temporarily set during the handshake to ensure that
* a change cipher spec message is followed by a finished message.
*/
private boolean expectingFinished;
/*
* For improved diagnostics, we detail connection closure
* If the socket is closed (connectionState >= cs_ERROR),
* closeReason != null indicates if the socket was closed
* because of an error or because or normal shutdown.
*/
private SSLException closeReason;
/*
* Per-connection private state that doesn't change when the
* session is changed.
*/
private ClientAuthType doClientAuth =
ClientAuthType.CLIENT_AUTH_NONE;
private boolean roleIsServer;
private boolean enableSessionCreation = true;
private String host;
private boolean autoClose = true;
private AccessControlContext acc;
// The cipher suites enabled for use on this connection.
private CipherSuiteList enabledCipherSuites;
// The endpoint identification protocol
private String identificationProtocol = null;
// The cryptographic algorithm constraints
private AlgorithmConstraints algorithmConstraints = null;
// The server name indication and matchers
List This particular constructor always uses the socket in the
* role of an SSL client. It may be useful in cases which start
* using SSL after some initial data transfers, for example in some
* SSL tunneling applications or as part of some kinds of application
* protocols which negotiate use of a SSL based security.
*
* @param sock the existing connection
* @param context the authentication context to use
*/
SSLSocketImpl(SSLContextImpl context, Socket sock, String host,
int port, boolean autoClose) throws IOException {
super(sock);
// We always layer over a connected socket
if (!sock.isConnected()) {
throw new SocketException("Underlying socket is not connected");
}
this.host = host;
this.serverNames =
Utilities.addToSNIServerNameList(this.serverNames, this.host);
init(context, false);
this.autoClose = autoClose;
doneConnect();
}
/**
* Creates a server mode {@link Socket} layered over an
* existing connected socket, and is able to read data which has
* already been consumed/removed from the {@link Socket}'s
* underlying {@link InputStream}.
*/
SSLSocketImpl(SSLContextImpl context, Socket sock,
InputStream consumed, boolean autoClose) throws IOException {
super(sock, consumed);
// We always layer over a connected socket
if (!sock.isConnected()) {
throw new SocketException("Underlying socket is not connected");
}
// In server mode, it is not necessary to set host and serverNames.
// Otherwise, would require a reverse DNS lookup to get the hostname.
init(context, true);
this.autoClose = autoClose;
doneConnect();
}
/**
* Initializes the client socket.
*/
private void init(SSLContextImpl context, boolean isServer) {
sslContext = context;
sess = SSLSessionImpl.nullSession;
handshakeSession = null;
/*
* role is as specified, state is START until after
* the low level connection's established.
*/
roleIsServer = isServer;
connectionState = cs_START;
// initial security parameters for secure renegotiation
secureRenegotiation = false;
clientVerifyData = new byte[0];
serverVerifyData = new byte[0];
enabledCipherSuites =
sslContext.getDefaultCipherSuiteList(roleIsServer);
enabledProtocols =
sslContext.getDefaultProtocolList(roleIsServer);
inputRecord = new SSLSocketInputRecord();;
outputRecord = new SSLSocketOutputRecord();
maximumPacketSize = outputRecord.getMaxPacketSize();
// save the acc
acc = AccessController.getContext();
input = new AppInputStream(this);
output = new AppOutputStream(this);
}
/**
* Connects this socket to the server with a specified timeout
* value.
*
* This method is either called on an unconnected SSLSocketImpl by the
* application, or it is called in the constructor of a regular
* SSLSocketImpl. If we are layering on top on another socket, then
* this method should not be called, because we assume that the
* underlying socket is already connected by the time it is passed to
* us.
*
* @param endpoint the SocketAddress
* @param timeout the timeout value to be used, 0 is no timeout
* @throws IOException if an error occurs during the connection
* @throws SocketTimeoutException if timeout expires before connecting
*/
@Override
public void connect(SocketAddress endpoint, int timeout)
throws IOException {
if (isLayered()) {
throw new SocketException("Already connected");
}
if (!(endpoint instanceof InetSocketAddress)) {
throw new SocketException(
"Cannot handle non-Inet socket addresses.");
}
super.connect(endpoint, timeout);
if (host == null || host.length() == 0) {
useImplicitHost(false);
}
doneConnect();
}
/**
* Initialize the handshaker and socket streams.
*
* Called by connect, the layered constructor, and SSLServerSocket.
*/
void doneConnect() throws IOException {
/*
* Save the input and output streams. May be done only after
* java.net actually connects using the socket "self", else
* we get some pretty bizarre failure modes.
*/
sockInput = super.getInputStream();
sockOutput = super.getOutputStream();
inputRecord.setDeliverStream(sockOutput);
outputRecord.setDeliverStream(sockOutput);
/*
* Move to handshaking state, with pending session initialized
* to defaults and the appropriate kind of handshaker set up.
*/
initHandshaker();
}
private synchronized int getConnectionState() {
return connectionState;
}
private synchronized void setConnectionState(int state) {
connectionState = state;
}
AccessControlContext getAcc() {
return acc;
}
//
// READING AND WRITING RECORDS
//
/*
* Application data record output.
*
* Application data can't be sent until the first handshake establishes
* a session.
*/
void writeRecord(byte[] source, int offset, int length) throws IOException {
/*
* The loop is in case of HANDSHAKE --> ERROR transitions, etc
*/
// Don't bother to check the emptiness of source applicatoin data
// before the security connection established.
for (boolean readyForApp = false; !readyForApp;) {
/*
* Not all states support passing application data. We
* synchronize access to the connection state, so that
* synchronous handshakes can complete cleanly.
*/
switch (getConnectionState()) {
/*
* We've deferred the initial handshaking till just now,
* when presumably a thread's decided it's OK to block for
* longish periods of time for I/O purposes (as well as
* configured the cipher suites it wants to use).
*/
case cs_HANDSHAKE:
performInitialHandshake();
break;
case cs_DATA:
case cs_RENEGOTIATE:
readyForApp = true;
break;
case cs_ERROR:
fatal(Alerts.alert_close_notify,
"error while writing to socket");
break; // dummy
case cs_SENT_CLOSE:
case cs_CLOSED:
case cs_APP_CLOSED:
// we should never get here (check in AppOutputStream)
// this is just a fallback
if (closeReason != null) {
throw closeReason;
} else {
throw new SocketException("Socket closed");
}
/*
* Else something's goofy in this state machine's use.
*/
default:
throw new SSLProtocolException(
"State error, send app data");
}
}
//
// Don't bother to really write empty records. We went this
// far to drive the handshake machinery, for correctness; not
// writing empty records improves performance by cutting CPU
// time and network resource usage. However, some protocol
// implementations are fragile and don't like to see empty
// records, so this also increases robustness.
//
if (length > 0) {
IOException ioe = null;
byte description = 0; // 0: never used, make the compiler happy
writeLock.lock();
try {
outputRecord.deliver(source, offset, length);
} catch (SSLHandshakeException she) {
// may be record sequence number overflow
description = Alerts.alert_handshake_failure;
ioe = she;
} catch (IOException e) {
description = Alerts.alert_unexpected_message;
ioe = e;
} finally {
writeLock.unlock();
}
// Be care of deadlock. Please don't place the call to fatal()
// into the writeLock locked block.
if (ioe != null) {
fatal(description, ioe);
}
}
/*
* Check the sequence number state
*
* Note that in order to maintain the connection I/O
* properly, we check the sequence number after the last
* record writing process. As we request renegotiation
* or close the connection for wrapped sequence number
* when there is enough sequence number space left to
* handle a few more records, so the sequence number
* of the last record cannot be wrapped.
*
* Don't bother to kickstart the renegotiation when the
* local is asking for it.
*/
if ((connectionState == cs_DATA) && outputRecord.seqNumIsHuge()) {
/*
* Ask for renegotiation when need to renew sequence number.
*
* Don't bother to kickstart the renegotiation when the local is
* asking for it.
*/
if (debug != null && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", request renegotiation " +
"to avoid sequence number overflow");
}
startHandshake();
}
}
/*
* Alert record output.
*/
void writeAlert(byte level, byte description) throws IOException {
// If the record is a close notify alert, we need to honor
// socket option SO_LINGER. Note that we will try to send
// the close notify even if the SO_LINGER set to zero.
if ((description == Alerts.alert_close_notify) && getSoLinger() >= 0) {
// keep and clear the current thread interruption status.
boolean interrupted = Thread.interrupted();
try {
if (writeLock.tryLock(getSoLinger(), TimeUnit.SECONDS)) {
try {
outputRecord.encodeAlert(level, description);
} finally {
writeLock.unlock();
}
} else {
SSLException ssle = new SSLException(
"SO_LINGER timeout," +
" close_notify message cannot be sent.");
// For layered, non-autoclose sockets, we are not
// able to bring them into a usable state, so we
// treat it as fatal error.
if (isLayered() && !autoClose) {
// Note that the alert description is
// specified as -1, so no message will be send
// to peer anymore.
fatal((byte)(-1), ssle);
} else if ((debug != null) && Debug.isOn("ssl")) {
System.out.println(
Thread.currentThread().getName() +
", received Exception: " + ssle);
}
// RFC2246 requires that the session becomes
// unresumable if any connection is terminated
// without proper close_notify messages with
// level equal to warning.
//
// RFC4346 no longer requires that a session not be
// resumed if failure to properly close a connection.
//
// We choose to make the session unresumable if
// failed to send the close_notify message.
//
sess.invalidate();
}
} catch (InterruptedException ie) {
// keep interrupted status
interrupted = true;
}
// restore the interrupted status
if (interrupted) {
Thread.currentThread().interrupt();
}
} else {
writeLock.lock();
try {
outputRecord.encodeAlert(level, description);
} finally {
writeLock.unlock();
}
}
// Don't bother to check sequence number overlap here. If sequence
// number is huge, there should be enough sequence number space to
// request renegotiation in next application data read and write.
}
int bytesInCompletePacket() throws IOException {
if (getConnectionState() == cs_HANDSHAKE) {
performInitialHandshake();
}
synchronized (readLock) {
int state = getConnectionState();
if ((state == cs_CLOSED) ||
(state == cs_ERROR) || (state == cs_APP_CLOSED)) {
return -1;
}
try {
return inputRecord.bytesInCompletePacket(sockInput);
} catch (EOFException eofe) {
boolean handshaking = (connectionState <= cs_HANDSHAKE);
boolean rethrow = requireCloseNotify || handshaking;
if ((debug != null) && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", received EOFException: "
+ (rethrow ? "error" : "ignored"));
}
if (!rethrow) {
// treat as if we had received a close_notify
closeInternal(false);
} else {
SSLException e;
if (handshaking) {
e = new SSLHandshakeException(
"Remote host terminated the handshake");
} else {
e = new SSLProtocolException(
"Remote host terminated the handshake");
}
e.initCause(eofe);
throw e;
}
}
return -1;
}
}
// the caller have synchronized readLock
void expectingFinishFlight() {
inputRecord.expectingFinishFlight();
}
/*
* Read an application data record.
*
* Alerts and handshake messages are internally handled directly.
*/
int readRecord(ByteBuffer buffer) throws IOException {
if (getConnectionState() == cs_HANDSHAKE) {
performInitialHandshake();
}
return readRecord(buffer, true);
}
/*
* Read a record, no application data input required.
*
* Alerts and handshake messages are internally handled directly.
*/
int readRecord(boolean needAppData) throws IOException {
return readRecord(null, needAppData);
}
/*
* Clear the pipeline of records from the peer, optionally returning
* application data. Caller is responsible for knowing that it's
* possible to do this kind of clearing, if they don't want app
* data -- e.g. since it's the initial SSL handshake.
*
* Don't synchronize (this) during a blocking read() since it
* protects data which is accessed on the write side as well.
*/
private int readRecord(ByteBuffer buffer, boolean needAppData)
throws IOException {
int state;
// readLock protects reading and processing of an SSLInputRecord.
// It keeps the reading from sockInput and processing of the record
// atomic so that no two threads can be blocked on the
// read from the same input stream at the same time.
// This is required for example when a reader thread is
// blocked on the read and another thread is trying to
// close the socket. For a non-autoclose, layered socket,
// the thread performing the close needs to read the close_notify.
//
// Use readLock instead of 'this' for locking because
// 'this' also protects data accessed during writing.
synchronized (readLock) {
/*
* Read and handle records ... return application data
* ONLY if it's needed.
*/
Plaintext plainText = null;
while (((state = getConnectionState()) != cs_CLOSED) &&
(state != cs_ERROR) && (state != cs_APP_CLOSED)) {
/*
* clean the buffer and check if it is too small, e.g. because
* the AppInputStream did not have the chance to see the
* current packet length but rather something like that of the
* handshake before. In that case we return 0 at this point to
* give the caller the chance to adjust the buffer.
*/
if (buffer != null) {
buffer.clear();
if (buffer.remaining() <
inputRecord.bytesInCompletePacket(sockInput)) {
return 0;
}
}
/*
* Read a record ... maybe emitting an alert if we get a
* comprehensible but unsupported "hello" message during
* format checking (e.g. V2).
*/
try {
plainText = inputRecord.decode(sockInput, buffer);
} catch (BadPaddingException bpe) {
byte alertType = (state != cs_DATA) ?
Alerts.alert_handshake_failure :
Alerts.alert_bad_record_mac;
fatal(alertType, bpe.getMessage(), bpe);
} catch (SSLProtocolException spe) {
try {
fatal(Alerts.alert_unexpected_message, spe);
} catch (IOException x) {
// discard this exception, throw the original exception
}
throw spe;
} catch (SSLHandshakeException she) {
// may be record sequence number overflow
fatal(Alerts.alert_handshake_failure, she);
} catch (EOFException eof) {
boolean handshaking = (connectionState <= cs_HANDSHAKE);
boolean rethrow = requireCloseNotify || handshaking;
if ((debug != null) && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", received EOFException: "
+ (rethrow ? "error" : "ignored"));
}
if (rethrow) {
SSLException e;
if (handshaking) {
e = new SSLHandshakeException(
"Remote host terminated the handshake");
} else {
e = new SSLProtocolException(
"Remote host terminated the connection");
}
e.initCause(eof);
throw e;
} else {
// treat as if we had received a close_notify
closeInternal(false);
continue;
}
}
// PlainText should never be null. Process input record.
int volume = processInputRecord(plainText, needAppData);
if (plainText.contentType == Record.ct_application_data) {
return volume;
}
if (plainText.contentType == Record.ct_handshake) {
if (!needAppData && connectionState == cs_DATA) {
return volume;
} // otherwise, need to read more for app data.
}
// continue to read more net data
} // while
//
// couldn't read, due to some kind of error
//
return -1;
} // readLock synchronization
}
/*
* Process the plainText input record.
*/
private synchronized int processInputRecord(
Plaintext plainText, boolean needAppData) throws IOException {
/*
* Process the record.
*/
int volume = 0; // no application data
switch (plainText.contentType) {
case Record.ct_handshake:
/*
* Handshake messages always go to a pending session
* handshaker ... if there isn't one, create one. This
* must work asynchronously, for renegotiation.
*
* NOTE that handshaking will either resume a session
* which was in the cache (and which might have other
* connections in it already), or else will start a new
* session (new keys exchanged) with just this connection
* in it.
*/
initHandshaker();
if (!handshaker.activated()) {
// prior to handshaking, activate the handshake
if (connectionState == cs_RENEGOTIATE) {
// don't use SSLv2Hello when renegotiating
handshaker.activate(protocolVersion);
} else {
handshaker.activate(null);
}
}
/*
* process the handshake record ... may contain just
* a partial handshake message or multiple messages.
*
* The handshaker state machine will ensure that it's
* a finished message.
*/
handshaker.processRecord(plainText.fragment, expectingFinished);
expectingFinished = false;
if (handshaker.invalidated) {
handshaker = null;
inputRecord.setHandshakeHash(null);
outputRecord.setHandshakeHash(null);
// if state is cs_RENEGOTIATE, revert it to cs_DATA
if (connectionState == cs_RENEGOTIATE) {
connectionState = cs_DATA;
}
} else if (handshaker.isDone()) {
// reset the parameters for secure renegotiation.
secureRenegotiation =
handshaker.isSecureRenegotiation();
clientVerifyData = handshaker.getClientVerifyData();
serverVerifyData = handshaker.getServerVerifyData();
// set connection ALPN value
applicationProtocol =
handshaker.getHandshakeApplicationProtocol();
sess = handshaker.getSession();
handshakeSession = null;
handshaker = null;
inputRecord.setHandshakeHash(null);
outputRecord.setHandshakeHash(null);
connectionState = cs_DATA;
//
// Tell folk about handshake completion, but do
// it in a separate thread.
//
if (handshakeListeners != null) {
HandshakeCompletedEvent event =
new HandshakeCompletedEvent(this, sess);
Thread thread = new Thread(
null,
new NotifyHandshake(
handshakeListeners.entrySet(), event),
"HandshakeCompletedNotify-Thread",
0,
false);
thread.start();
}
}
break;
case Record.ct_application_data:
if (connectionState != cs_DATA
&& connectionState != cs_RENEGOTIATE
&& connectionState != cs_SENT_CLOSE) {
throw new SSLProtocolException(
"Data received in non-data state: " +
connectionState);
}
if (expectingFinished) {
throw new SSLProtocolException
("Expecting finished message, received data");
}
if (!needAppData) {
throw new SSLException("Discarding app data");
}
volume = plainText.fragment.remaining();
break;
case Record.ct_alert:
recvAlert(plainText.fragment);
break;
case Record.ct_change_cipher_spec:
if ((connectionState != cs_HANDSHAKE
&& connectionState != cs_RENEGOTIATE)) {
// For the CCS message arriving in the wrong state
fatal(Alerts.alert_unexpected_message,
"illegal change cipher spec msg, conn state = "
+ connectionState);
} else if (plainText.fragment.remaining() != 1
|| plainText.fragment.get() != 1) {
// For structural/content issues with the CCS
fatal(Alerts.alert_unexpected_message,
"Malformed change cipher spec msg");
}
//
// The first message after a change_cipher_spec
// record MUST be a "Finished" handshake record,
// else it's a protocol violation. We force this
// to be checked by a minor tweak to the state
// machine.
//
handshaker.receiveChangeCipherSpec();
CipherBox readCipher;
Authenticator readAuthenticator;
try {
readCipher = handshaker.newReadCipher();
readAuthenticator = handshaker.newReadAuthenticator();
} catch (GeneralSecurityException e) {
// can't happen
throw new SSLException("Algorithm missing: ", e);
}
inputRecord.changeReadCiphers(readAuthenticator, readCipher);
// next message MUST be a finished message
expectingFinished = true;
break;
default:
//
// TLS requires that unrecognized records be ignored.
//
if (debug != null && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", Received record type: " + plainText.contentType);
}
break;
}
/*
* Check the sequence number state
*
* Note that in order to maintain the connection I/O
* properly, we check the sequence number after the last
* record reading process. As we request renegotiation
* or close the connection for wrapped sequence number
* when there is enough sequence number space left to
* handle a few more records, so the sequence number
* of the last record cannot be wrapped.
*
* Don't bother to kickstart the renegotiation when the
* local is asking for it.
*/
if ((connectionState == cs_DATA) && inputRecord.seqNumIsHuge()) {
/*
* Ask for renegotiation when need to renew sequence number.
*
* Don't bother to kickstart the renegotiation when the local is
* asking for it.
*/
if (debug != null && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", request renegotiation " +
"to avoid sequence number overflow");
}
startHandshake();
}
return volume;
}
//
// HANDSHAKE RELATED CODE
//
/**
* Return the AppInputStream. For use by Handshaker only.
*/
AppInputStream getAppInputStream() {
return input;
}
/**
* Return the AppOutputStream. For use by Handshaker only.
*/
AppOutputStream getAppOutputStream() {
return output;
}
/**
* Initialize the handshaker object. This means:
*
* . if a handshake is already in progress (state is cs_HANDSHAKE
* or cs_RENEGOTIATE), do nothing and return
*
* . if the socket is already closed, throw an Exception (internal error)
*
* . otherwise (cs_START or cs_DATA), create the appropriate handshaker
* object, and advance the connection state (to cs_HANDSHAKE or
* cs_RENEGOTIATE, respectively).
*
* This method is called right after a new socket is created, when
* starting renegotiation, or when changing client/ server mode of the
* socket.
*/
private void initHandshaker() {
switch (connectionState) {
//
// Starting a new handshake.
//
case cs_START:
case cs_DATA:
break;
//
// We're already in the middle of a handshake.
//
case cs_HANDSHAKE:
case cs_RENEGOTIATE:
return;
//
// Anyone allowed to call this routine is required to
// do so ONLY if the connection state is reasonable...
//
default:
throw new IllegalStateException("Internal error");
}
// state is either cs_START or cs_DATA
if (connectionState == cs_START) {
connectionState = cs_HANDSHAKE;
} else { // cs_DATA
connectionState = cs_RENEGOTIATE;
}
if (roleIsServer) {
handshaker = new ServerHandshaker(this, sslContext,
enabledProtocols, doClientAuth,
protocolVersion, connectionState == cs_HANDSHAKE,
secureRenegotiation, clientVerifyData, serverVerifyData);
handshaker.setSNIMatchers(sniMatchers);
handshaker.setUseCipherSuitesOrder(preferLocalCipherSuites);
} else {
handshaker = new ClientHandshaker(this, sslContext,
enabledProtocols,
protocolVersion, connectionState == cs_HANDSHAKE,
secureRenegotiation, clientVerifyData, serverVerifyData);
handshaker.setSNIServerNames(serverNames);
}
handshaker.setMaximumPacketSize(maximumPacketSize);
handshaker.setEnabledCipherSuites(enabledCipherSuites);
handshaker.setEnableSessionCreation(enableSessionCreation);
handshaker.setApplicationProtocols(applicationProtocols);
handshaker.setApplicationProtocolSelectorSSLSocket(
applicationProtocolSelector);
}
/**
* Synchronously perform the initial handshake.
*
* If the handshake is already in progress, this method blocks until it
* is completed. If the initial handshake has already been completed,
* it returns immediately.
*/
private void performInitialHandshake() throws IOException {
// use handshakeLock and the state check to make sure only
// one thread performs the handshake
synchronized (handshakeLock) {
if (getConnectionState() == cs_HANDSHAKE) {
kickstartHandshake();
/*
* All initial handshaking goes through this operation
* until we have a valid SSL connection.
*
* Handle handshake messages only, need no application data.
*/
readRecord(false);
}
}
}
/**
* Starts an SSL handshake on this connection.
*/
@Override
public void startHandshake() throws IOException {
// start an ssl handshake that could be resumed from timeout exception
startHandshake(true);
}
/**
* Starts an ssl handshake on this connection.
*
* @param resumable indicates the handshake process is resumable from a
* certain exception. If resumable
, the socket will
* be reserved for exceptions like timeout; otherwise, the socket
* will be closed, no further communications could be done.
*/
private void startHandshake(boolean resumable) throws IOException {
checkWrite();
try {
if (getConnectionState() == cs_HANDSHAKE) {
// do initial handshake
performInitialHandshake();
} else {
// start renegotiation
kickstartHandshake();
}
} catch (Exception e) {
// shutdown and rethrow (wrapped) exception as appropriate
handleException(e, resumable);
}
}
/**
* Kickstart the handshake if it is not already in progress.
* This means:
*
* . if handshaking is already underway, do nothing and return
*
* . if the socket is not connected or already closed, throw an
* Exception.
*
* . otherwise, call initHandshake() to initialize the handshaker
* object and progress the state. Then, send the initial
* handshaking message if appropriate (always on clients and
* on servers when renegotiating).
*/
private synchronized void kickstartHandshake() throws IOException {
switch (connectionState) {
case cs_HANDSHAKE:
// handshaker already setup, proceed
break;
case cs_DATA:
if (!secureRenegotiation && !Handshaker.allowUnsafeRenegotiation) {
throw new SSLHandshakeException(
"Insecure renegotiation is not allowed");
}
if (!secureRenegotiation) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println(
"Warning: Using insecure renegotiation");
}
}
// initialize the handshaker, move to cs_RENEGOTIATE
initHandshaker();
break;
case cs_RENEGOTIATE:
// handshaking already in progress, return
return;
/*
* The only way to get a socket in the state is when
* you have an unconnected socket.
*/
case cs_START:
throw new SocketException(
"handshaking attempted on unconnected socket");
default:
throw new SocketException("connection is closed");
}
//
// Kickstart handshake state machine if we need to ...
//
// Note that handshaker.kickstart() writes the message
// to its HandshakeOutStream, which calls back into
// SSLSocketImpl.writeRecord() to send it.
//
if (!handshaker.activated()) {
// prior to handshaking, activate the handshake
if (connectionState == cs_RENEGOTIATE) {
// don't use SSLv2Hello when renegotiating
handshaker.activate(protocolVersion);
} else {
handshaker.activate(null);
}
if (handshaker instanceof ClientHandshaker) {
// send client hello
handshaker.kickstart();
} else {
if (connectionState == cs_HANDSHAKE) {
// initial handshake, no kickstart message to send
} else {
// we want to renegotiate, send hello request
handshaker.kickstart();
}
}
}
}
//
// CLOSURE RELATED CALLS
//
/**
* Return whether the socket has been explicitly closed by the application.
*/
@Override
public boolean isClosed() {
return connectionState == cs_APP_CLOSED;
}
/**
* Return whether we have reached end-of-file.
*
* If the socket is not connected, has been shutdown because of an error
* or has been closed, throw an Exception.
*/
boolean checkEOF() throws IOException {
switch (getConnectionState()) {
case cs_START:
throw new SocketException("Socket is not connected");
case cs_HANDSHAKE:
case cs_DATA:
case cs_RENEGOTIATE:
case cs_SENT_CLOSE:
return false;
case cs_APP_CLOSED:
throw new SocketException("Socket is closed");
case cs_ERROR:
case cs_CLOSED:
default:
// either closed because of error, or normal EOF
if (closeReason == null) {
return true;
}
IOException e = new SSLException
("Connection has been shutdown: " + closeReason);
e.initCause(closeReason);
throw e;
}
}
/**
* Check if we can write data to this socket. If not, throw an IOException.
*/
void checkWrite() throws IOException {
if (checkEOF() || (getConnectionState() == cs_SENT_CLOSE)) {
// we are at EOF, write must throw Exception
throw new SocketException("Connection closed by remote host");
}
}
private void closeSocket() throws IOException {
if ((debug != null) && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", called closeSocket()");
}
super.close();
}
private void closeSocket(boolean selfInitiated) throws IOException {
if ((debug != null) && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", called closeSocket(" + selfInitiated + ")");
}
if (!isLayered() || autoClose) {
super.close();
} else if (selfInitiated) {
// layered && non-autoclose
// read close_notify alert to clear input stream
waitForClose(false);
}
}
/*
* Closing the connection is tricky ... we can't officially close the
* connection until we know the other end is ready to go away too,
* and if ever the connection gets aborted we must forget session
* state (it becomes invalid).
*/
/**
* Closes the SSL connection. SSL includes an application level
* shutdown handshake; you should close SSL sockets explicitly
* rather than leaving it for finalization, so that your remote
* peer does not experience a protocol error.
*/
@Override
public void close() throws IOException {
if ((debug != null) && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", called close()");
}
closeInternal(true); // caller is initiating close
// Clearup the resources.
try {
synchronized (readLock) {
inputRecord.close();
}
writeLock.lock();
try {
outputRecord.close();
} finally {
writeLock.unlock();
}
} catch (IOException ioe) {
// ignore
}
setConnectionState(cs_APP_CLOSED);
}
/**
* Don't synchronize the whole method because waitForClose()
* (which calls readRecord()) might be called.
*
* @param selfInitiated Indicates which party initiated the close.
* If selfInitiated, this side is initiating a close; for layered and
* non-autoclose socket, wait for close_notify response.
* If !selfInitiated, peer sent close_notify; we reciprocate but
* no need to wait for response.
*/
private void closeInternal(boolean selfInitiated) throws IOException {
if ((debug != null) && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", called closeInternal(" + selfInitiated + ")");
}
int state = getConnectionState();
boolean closeSocketCalled = false;
Throwable cachedThrowable = null;
try {
switch (state) {
case cs_START:
// unconnected socket or handshaking has not been initialized
closeSocket(selfInitiated);
break;
/*
* If we're closing down due to error, we already sent (or else
* received) the fatal alert ... no niceties, blow the connection
* away as quickly as possible (even if we didn't allocate the
* socket ourselves; it's unusable, regardless).
*/
case cs_ERROR:
closeSocket();
break;
/*
* Sometimes close() gets called more than once.
*/
case cs_CLOSED:
case cs_APP_CLOSED:
break;
/*
* Otherwise we indicate clean termination.
*/
// case cs_HANDSHAKE:
// case cs_DATA:
// case cs_RENEGOTIATE:
// case cs_SENT_CLOSE:
default:
synchronized (this) {
if (((state = getConnectionState()) == cs_CLOSED) ||
(state == cs_ERROR) || (state == cs_APP_CLOSED)) {
return; // connection was closed while we waited
}
if (state != cs_SENT_CLOSE) {
try {
warning(Alerts.alert_close_notify);
connectionState = cs_SENT_CLOSE;
} catch (Throwable th) {
// we need to ensure socket is closed out
// if we encounter any errors.
connectionState = cs_ERROR;
// cache this for later use
cachedThrowable = th;
closeSocketCalled = true;
closeSocket(selfInitiated);
}
}
}
// If state was cs_SENT_CLOSE before, we don't do the actual
// closing since it is already in progress.
if (state == cs_SENT_CLOSE) {
if (debug != null && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", close invoked again; state = " +
getConnectionState());
}
if (selfInitiated == false) {
// We were called because a close_notify message was
// received. This may be due to another thread calling
// read() or due to our call to waitForClose() below.
// In either case, just return.
return;
}
// Another thread explicitly called close(). We need to
// wait for the closing to complete before returning.
synchronized (this) {
while (connectionState < cs_CLOSED) {
try {
this.wait();
} catch (InterruptedException e) {
// ignore
}
}
}
if ((debug != null) && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", after primary close; state = " +
getConnectionState());
}
return;
}
if (!closeSocketCalled) {
closeSocketCalled = true;
closeSocket(selfInitiated);
}
break;
}
} finally {
synchronized (this) {
// Upon exit from this method, the state is always >= cs_CLOSED
connectionState = (connectionState == cs_APP_CLOSED)
? cs_APP_CLOSED : cs_CLOSED;
// notify any threads waiting for the closing to finish
this.notifyAll();
}
if (cachedThrowable != null) {
/*
* Rethrow the error to the calling method
* The Throwable caught can only be an Error or RuntimeException
*/
if (cachedThrowable instanceof Error) {
throw (Error)cachedThrowable;
} else if (cachedThrowable instanceof RuntimeException) {
throw (RuntimeException)cachedThrowable;
} // Otherwise, unlikely
}
}
}
/**
* Reads a close_notify or a fatal alert from the input stream.
* Keep reading records until we get a close_notify or until
* the connection is otherwise closed. The close_notify or alert
* might be read by another reader,
* which will then process the close and set the connection state.
*/
void waitForClose(boolean rethrow) throws IOException {
if (debug != null && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", waiting for close_notify or alert: state "
+ getConnectionState());
}
try {
int state;
while (((state = getConnectionState()) != cs_CLOSED) &&
(state != cs_ERROR) && (state != cs_APP_CLOSED)) {
// Ask for app data and then throw it away
try {
readRecord(true);
} catch (SocketTimeoutException e) {
// if time out, ignore the exception and continue
}
}
} catch (IOException e) {
if (debug != null && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", Exception while waiting for close " +e);
}
if (rethrow) {
throw e; // pass exception up
}
}
}
//
// EXCEPTION AND ALERT HANDLING
//
/**
* Handle an exception. This method is called by top level exception
* handlers (in read(), write()) to make sure we always shutdown the
* connection correctly and do not pass runtime exception to the
* application.
*/
void handleException(Exception e) throws IOException {
handleException(e, true);
}
/**
* Handle an exception. This method is called by top level exception
* handlers (in read(), write(), startHandshake()) to make sure we
* always shutdown the connection correctly and do not pass runtime
* exception to the application.
*
* This method never returns normally, it always throws an IOException.
*
* We first check if the socket has already been shutdown because of an
* error. If so, we just rethrow the exception. If the socket has not
* been shutdown, we sent a fatal alert and remember the exception.
*
* @param e the Exception
* @param resumable indicates the caller process is resumable from the
* exception. If resumable
, the socket will be
* reserved for exceptions like timeout; otherwise, the socket
* will be closed, no further communications could be done.
*/
private synchronized void handleException(Exception e, boolean resumable)
throws IOException {
if ((debug != null) && Debug.isOn("ssl")) {
System.out.println(Thread.currentThread().getName() +
", handling exception: " + e.toString());
}
// don't close the Socket in case of timeouts or interrupts if
// the process is resumable.
if (e instanceof InterruptedIOException && resumable) {
throw (IOException)e;
}
// if we've already shutdown because of an error,
// there is nothing to do except rethrow the exception
if (closeReason != null) {
if (e instanceof IOException) { // includes SSLException
throw (IOException)e;
} else {
// this is odd, not an IOException.
// normally, this should not happen
// if closeReason has been already been set
throw Alerts.getSSLException(Alerts.alert_internal_error, e,
"Unexpected exception");
}
}
// need to perform error shutdown
boolean isSSLException = (e instanceof SSLException);
if ((!isSSLException) && (e instanceof IOException)) {
// IOException from the socket
// this means the TCP connection is already dead
// we call fatal just to set the error status
try {
fatal(Alerts.alert_unexpected_message, e);
} catch (IOException ee) {
// ignore (IOException wrapped in SSLException)
}
// rethrow original IOException
throw (IOException)e;
}
// must be SSLException or RuntimeException
byte alertType;
if (isSSLException) {
if (e instanceof SSLHandshakeException) {
alertType = Alerts.alert_handshake_failure;
} else {
alertType = Alerts.alert_unexpected_message;
}
} else {
alertType = Alerts.alert_internal_error;
}
fatal(alertType, e);
}
/*
* Send a warning alert.
*/
void warning(byte description) {
sendAlert(Alerts.alert_warning, description);
}
synchronized void fatal(byte description, String diagnostic)
throws IOException {
fatal(description, diagnostic, null);
}
synchronized void fatal(byte description, Throwable cause)
throws IOException {
fatal(description, null, cause);
}
/*
* Send a fatal alert, and throw an exception so that callers will
* need to stand on their heads to accidentally continue processing.
*/
synchronized void fatal(byte description, String diagnostic,
Throwable cause) throws IOException {
// Be care of deadlock. Please don't synchronize readLock.
try {
inputRecord.close();
} catch (IOException ioe) {
// ignore
}
sess.invalidate();
if (handshakeSession != null) {
handshakeSession.invalidate();
}
int oldState = connectionState;
if (connectionState < cs_ERROR) {
connectionState = cs_ERROR;
}
/*
* Has there been an error received yet? If not, remember it.
* By RFC 2246, we don't bother waiting for a response.
* Fatal errors require immediate shutdown.
*/
if (closeReason == null) {
/*
* Try to clear the kernel buffer to avoid TCP connection resets.
*/
if (oldState == cs_HANDSHAKE) {
sockInput.skip(sockInput.available());
}
// If the description equals -1, the alert won't be sent to peer.
if (description != -1) {
sendAlert(Alerts.alert_fatal, description);
}
if (cause instanceof SSLException) { // only true if != null
closeReason = (SSLException)cause;
} else {
closeReason =
Alerts.getSSLException(description, cause, diagnostic);
}
}
/*
* Clean up our side.
*/
closeSocket();
// Be care of deadlock. Please don't synchronize writeLock.
try {
outputRecord.close();
} catch (IOException ioe) {
// ignore
}
throw closeReason;
}
/*
* Process an incoming alert ... caller must already have synchronized
* access to "this".
*/
private void recvAlert(ByteBuffer fragment) throws IOException {
byte level = fragment.get();
byte description = fragment.get();
if (description == -1) { // check for short message
fatal(Alerts.alert_illegal_parameter, "Short alert message");
}
if (debug != null && (Debug.isOn("record") ||
Debug.isOn("handshake"))) {
synchronized (System.out) {
System.out.print(Thread.currentThread().getName());
System.out.print(", RECV " + protocolVersion + " ALERT: ");
if (level == Alerts.alert_fatal) {
System.out.print("fatal, ");
} else if (level == Alerts.alert_warning) {
System.out.print("warning, ");
} else {
System.out.print("