jdk-sandbox: src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java@56aaa6cb3693 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	2	* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5195 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5195 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5195 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5195 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 5195 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	28	import java.io.IOException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	29	import java.io.InputStream;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	30	import java.io.InterruptedIOException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	31	import java.io.OutputStream;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	32	import java.net.InetAddress;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	33	import java.net.InetSocketAddress;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	34	import java.net.Socket;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	35	import java.net.SocketAddress;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	36	import java.net.SocketException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	37	import java.net.UnknownHostException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	38	import java.nio.ByteBuffer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	39	import java.util.List;
42706 796cf076d69b 8170282: Enable ALPN parameters to be supplied during the TLS handshake vinnie parents: 38865 diff changeset	40	import java.util.function.BiFunction;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	41	import javax.net.ssl.HandshakeCompletedListener;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	42	import javax.net.ssl.SSLException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	43	import javax.net.ssl.SSLHandshakeException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	44	import javax.net.ssl.SSLParameters;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	45	import javax.net.ssl.SSLProtocolException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	46	import javax.net.ssl.SSLServerSocket;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	47	import javax.net.ssl.SSLSession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	48	import javax.net.ssl.SSLSocket;
32834 e1dca5fe4de3 8137056: Move SharedSecrets and interface friends out of sun.misc chegar parents: 32649 diff changeset	49	import jdk.internal.misc.JavaNetInetAddressAccess;
e1dca5fe4de3 8137056: Move SharedSecrets and interface friends out of sun.misc chegar parents: 32649 diff changeset	50	import jdk.internal.misc.SharedSecrets;
31687 d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	51
2 90ce3da70b43 Initial load duke parents: diff changeset	52	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	53	* Implementation of an SSL socket.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	54	* <P>
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	55	* This is a normal connection type socket, implementing SSL over some lower
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	56	* level socket, such as TCP. Because it is layered over some lower level
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	57	* socket, it MUST override all default socket methods.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	58	* <P>
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	59	* This API offers a non-traditional option for establishing SSL
2 90ce3da70b43 Initial load duke parents: diff changeset	60	* connections. You may first establish the connection directly, then pass
90ce3da70b43 Initial load duke parents: diff changeset	61	* that connection to the SSL socket constructor with a flag saying which
90ce3da70b43 Initial load duke parents: diff changeset	62	* role should be taken in the handshake protocol. (The two ends of the
90ce3da70b43 Initial load duke parents: diff changeset	63	* connection must not choose the same role!) This allows setup of SSL
90ce3da70b43 Initial load duke parents: diff changeset	64	* proxying or tunneling, and also allows the kind of "role reversal"
90ce3da70b43 Initial load duke parents: diff changeset	65	* that is required for most FTP data transfers.
90ce3da70b43 Initial load duke parents: diff changeset	66	*
90ce3da70b43 Initial load duke parents: diff changeset	67	* @see javax.net.ssl.SSLSocket
90ce3da70b43 Initial load duke parents: diff changeset	68	* @see SSLServerSocket
90ce3da70b43 Initial load duke parents: diff changeset	69	*
90ce3da70b43 Initial load duke parents: diff changeset	70	* @author David Brownell
90ce3da70b43 Initial load duke parents: diff changeset	71	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	72	public final class SSLSocketImpl
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	73	extends BaseSSLSocketImpl implements SSLTransport {
2 90ce3da70b43 Initial load duke parents: diff changeset	74
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	75	final SSLContextImpl sslContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	76	final TransportContext conContext;
34380 2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension vinnie parents: 32834 diff changeset	77
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	78	private final AppInputStream appInput = new AppInputStream();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	79	private final AppOutputStream appOutput = new AppOutputStream();
2 90ce3da70b43 Initial load duke parents: diff changeset	80
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	81	private String peerHost;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	82	private boolean autoClose;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	83	private boolean isConnected = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	84	private boolean tlsIsClosed = false;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	85
31687 d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	86	/*
d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	87	* Is the local name service trustworthy?
d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	88	*
d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	89	* If the local name service is not trustworthy, reverse host name
d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	90	* resolution should not be performed for endpoint identification.
d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	91	*/
d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	92	static final boolean trustNameService =
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	93	Utilities.getBooleanProperty("jdk.tls.trustNameService", false);
31687 d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	94
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	95	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	96	* Package-private constructor used to instantiate an unconnected
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	97	* socket.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	98	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	99	* This instance is meant to set handshake state to use "client mode".
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	100	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	101	SSLSocketImpl(SSLContextImpl sslContext) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	102	super();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	103	this.sslContext = sslContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	104	HandshakeHash handshakeHash = new HandshakeHash();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	105	this.conContext = new TransportContext(sslContext, this,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	106	new SSLSocketInputRecord(handshakeHash),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	107	new SSLSocketOutputRecord(handshakeHash), true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	108	}
2 90ce3da70b43 Initial load duke parents: diff changeset	109
90ce3da70b43 Initial load duke parents: diff changeset	110	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	111	* Package-private constructor used to instantiate a server socket.
2 90ce3da70b43 Initial load duke parents: diff changeset	112	*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	113	* This instance is meant to set handshake state to use "server mode".
2 90ce3da70b43 Initial load duke parents: diff changeset	114	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	115	SSLSocketImpl(SSLContextImpl sslContext, SSLConfiguration sslConfig) {
2 90ce3da70b43 Initial load duke parents: diff changeset	116	super();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	117	this.sslContext = sslContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	118	HandshakeHash handshakeHash = new HandshakeHash();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	119	this.conContext = new TransportContext(sslContext, this, sslConfig,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	120	new SSLSocketInputRecord(handshakeHash),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	121	new SSLSocketOutputRecord(handshakeHash));
2 90ce3da70b43 Initial load duke parents: diff changeset	122	}
90ce3da70b43 Initial load duke parents: diff changeset	123
90ce3da70b43 Initial load duke parents: diff changeset	124	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	125	* Constructs an SSL connection to a named host at a specified
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	126	* port, using the authentication context provided.
2 90ce3da70b43 Initial load duke parents: diff changeset	127	*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	128	* This endpoint acts as the client, and may rejoin an existing SSL session
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	129	* if appropriate.
2 90ce3da70b43 Initial load duke parents: diff changeset	130	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	131	SSLSocketImpl(SSLContextImpl sslContext, String peerHost,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	132	int peerPort) throws IOException, UnknownHostException {
2 90ce3da70b43 Initial load duke parents: diff changeset	133	super();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	134	this.sslContext = sslContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	135	HandshakeHash handshakeHash = new HandshakeHash();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	136	this.conContext = new TransportContext(sslContext, this,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	137	new SSLSocketInputRecord(handshakeHash),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	138	new SSLSocketOutputRecord(handshakeHash), true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	139	this.peerHost = peerHost;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	140	SocketAddress socketAddress =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	141	peerHost != null ? new InetSocketAddress(peerHost, peerPort) :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	142	new InetSocketAddress(InetAddress.getByName(null), peerPort);
2 90ce3da70b43 Initial load duke parents: diff changeset	143	connect(socketAddress, 0);
90ce3da70b43 Initial load duke parents: diff changeset	144	}
90ce3da70b43 Initial load duke parents: diff changeset	145
90ce3da70b43 Initial load duke parents: diff changeset	146	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	147	* Constructs an SSL connection to a server at a specified
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	148	* address, and TCP port, using the authentication context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	149	* provided.
2 90ce3da70b43 Initial load duke parents: diff changeset	150	*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	151	* This endpoint acts as the client, and may rejoin an existing SSL
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	152	* session if appropriate.
2 90ce3da70b43 Initial load duke parents: diff changeset	153	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	154	SSLSocketImpl(SSLContextImpl sslContext,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	155	InetAddress address, int peerPort) throws IOException {
2 90ce3da70b43 Initial load duke parents: diff changeset	156	super();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	157	this.sslContext = sslContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	158	HandshakeHash handshakeHash = new HandshakeHash();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	159	this.conContext = new TransportContext(sslContext, this,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	160	new SSLSocketInputRecord(handshakeHash),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	161	new SSLSocketOutputRecord(handshakeHash), true);
2 90ce3da70b43 Initial load duke parents: diff changeset	162
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	163	SocketAddress socketAddress = new InetSocketAddress(address, peerPort);
2 90ce3da70b43 Initial load duke parents: diff changeset	164	connect(socketAddress, 0);
90ce3da70b43 Initial load duke parents: diff changeset	165	}
90ce3da70b43 Initial load duke parents: diff changeset	166
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	167	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	168	* Constructs an SSL connection to a named host at a specified
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	169	* port, using the authentication context provided.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	170	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	171	* This endpoint acts as the client, and may rejoin an existing SSL
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	172	* session if appropriate.
2 90ce3da70b43 Initial load duke parents: diff changeset	173	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	174	SSLSocketImpl(SSLContextImpl sslContext,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	175	String peerHost, int peerPort, InetAddress localAddr,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	176	int localPort) throws IOException, UnknownHostException {
2 90ce3da70b43 Initial load duke parents: diff changeset	177	super();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	178	this.sslContext = sslContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	179	HandshakeHash handshakeHash = new HandshakeHash();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	180	this.conContext = new TransportContext(sslContext, this,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	181	new SSLSocketInputRecord(handshakeHash),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	182	new SSLSocketOutputRecord(handshakeHash), true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	183	this.peerHost = peerHost;
2 90ce3da70b43 Initial load duke parents: diff changeset	184
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	185	bind(new InetSocketAddress(localAddr, localPort));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	186	SocketAddress socketAddress =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	187	peerHost != null ? new InetSocketAddress(peerHost, peerPort) :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	188	new InetSocketAddress(InetAddress.getByName(null), peerPort);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	189	connect(socketAddress, 0);
2 90ce3da70b43 Initial load duke parents: diff changeset	190	}
90ce3da70b43 Initial load duke parents: diff changeset	191
90ce3da70b43 Initial load duke parents: diff changeset	192	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	193	* Constructs an SSL connection to a server at a specified
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	194	* address, and TCP port, using the authentication context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	195	* provided.
2 90ce3da70b43 Initial load duke parents: diff changeset	196	*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	197	* This endpoint acts as the client, and may rejoin an existing SSL
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	198	* session if appropriate.
2 90ce3da70b43 Initial load duke parents: diff changeset	199	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	200	SSLSocketImpl(SSLContextImpl sslContext,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	201	InetAddress peerAddr, int peerPort,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	202	InetAddress localAddr, int localPort) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	203	super();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	204	this.sslContext = sslContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	205	HandshakeHash handshakeHash = new HandshakeHash();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	206	this.conContext = new TransportContext(sslContext, this,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	207	new SSLSocketInputRecord(handshakeHash),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	208	new SSLSocketOutputRecord(handshakeHash), true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	209
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	210	bind(new InetSocketAddress(localAddr, localPort));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	211	SocketAddress socketAddress = new InetSocketAddress(peerAddr, peerPort);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	212	connect(socketAddress, 0);
2 90ce3da70b43 Initial load duke parents: diff changeset	213	}
90ce3da70b43 Initial load duke parents: diff changeset	214
90ce3da70b43 Initial load duke parents: diff changeset	215	/**
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	216	* Creates a server mode {@link Socket} layered over an
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	217	* existing connected socket, and is able to read data which has
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	218	* already been consumed/removed from the {@link Socket}'s
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	219	* underlying {@link InputStream}.
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	220	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	221	SSLSocketImpl(SSLContextImpl sslContext, Socket sock,
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	222	InputStream consumed, boolean autoClose) throws IOException {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	223
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	224	super(sock, consumed);
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	225	// We always layer over a connected socket
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	226	if (!sock.isConnected()) {
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	227	throw new SocketException("Underlying socket is not connected");
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	228	}
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	229
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	230	this.sslContext = sslContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	231	HandshakeHash handshakeHash = new HandshakeHash();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	232	this.conContext = new TransportContext(sslContext, this,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	233	new SSLSocketInputRecord(handshakeHash),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	234	new SSLSocketOutputRecord(handshakeHash), false);
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	235	this.autoClose = autoClose;
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	236	doneConnect();
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	237	}
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	238
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	239	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	240	* Layer SSL traffic over an existing connection, rather than
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	241	* creating a new connection.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	242	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	243	* The existing connection may be used only for SSL traffic (using this
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	244	* SSLSocket) until the SSLSocket.close() call returns. However, if a
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	245	* protocol error is detected, that existing connection is automatically
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	246	* closed.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	247	* <p>
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	248	* This particular constructor always uses the socket in the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	249	* role of an SSL client. It may be useful in cases which start
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	250	* using SSL after some initial data transfers, for example in some
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	251	* SSL tunneling applications or as part of some kinds of application
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	252	* protocols which negotiate use of a SSL based security.
2 90ce3da70b43 Initial load duke parents: diff changeset	253	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	254	SSLSocketImpl(SSLContextImpl sslContext, Socket sock,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	255	String peerHost, int port, boolean autoClose) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	256	super(sock);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	257	// We always layer over a connected socket
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	258	if (!sock.isConnected()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	259	throw new SocketException("Underlying socket is not connected");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	260	}
2 90ce3da70b43 Initial load duke parents: diff changeset	261
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	262	this.sslContext = sslContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	263	HandshakeHash handshakeHash = new HandshakeHash();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	264	this.conContext = new TransportContext(sslContext, this,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	265	new SSLSocketInputRecord(handshakeHash),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	266	new SSLSocketOutputRecord(handshakeHash), true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	267	this.peerHost = peerHost;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	268	this.autoClose = autoClose;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	269	doneConnect();
2 90ce3da70b43 Initial load duke parents: diff changeset	270	}
90ce3da70b43 Initial load duke parents: diff changeset	271
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	272	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	273	public void connect(SocketAddress endpoint,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	274	int timeout) throws IOException {
2 90ce3da70b43 Initial load duke parents: diff changeset	275
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	276	if (isLayered()) {
2 90ce3da70b43 Initial load duke parents: diff changeset	277	throw new SocketException("Already connected");
90ce3da70b43 Initial load duke parents: diff changeset	278	}
90ce3da70b43 Initial load duke parents: diff changeset	279
90ce3da70b43 Initial load duke parents: diff changeset	280	if (!(endpoint instanceof InetSocketAddress)) {
90ce3da70b43 Initial load duke parents: diff changeset	281	throw new SocketException(
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	282	"Cannot handle non-Inet socket addresses.");
2 90ce3da70b43 Initial load duke parents: diff changeset	283	}
90ce3da70b43 Initial load duke parents: diff changeset	284
90ce3da70b43 Initial load duke parents: diff changeset	285	super.connect(endpoint, timeout);
90ce3da70b43 Initial load duke parents: diff changeset	286	doneConnect();
90ce3da70b43 Initial load duke parents: diff changeset	287	}
90ce3da70b43 Initial load duke parents: diff changeset	288
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	289	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	290	public String[] getSupportedCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	291	return CipherSuite.namesOf(sslContext.getSupportedCipherSuites());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	292	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	293
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	294	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	295	public synchronized String[] getEnabledCipherSuites() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	296	return CipherSuite.namesOf(conContext.sslConfig.enabledCipherSuites);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	297	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	298
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	299	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	300	public synchronized void setEnabledCipherSuites(String[] suites) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	301	if (suites == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	302	throw new IllegalArgumentException("CipherSuites cannot be null");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	303	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	304
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	305	conContext.sslConfig.enabledCipherSuites =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	306	CipherSuite.validValuesOf(suites);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	307	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	308
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	309	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	310	public String[] getSupportedProtocols() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	311	return ProtocolVersion.toStringArray(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	312	sslContext.getSuportedProtocolVersions());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	313	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	314
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	315	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	316	public synchronized String[] getEnabledProtocols() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	317	return ProtocolVersion.toStringArray(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	318	conContext.sslConfig.enabledProtocols);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	319	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	320
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	321	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	322	public synchronized void setEnabledProtocols(String[] protocols) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	323	if (protocols == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	324	throw new IllegalArgumentException("Protocols cannot be null");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	325	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	326
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	327	conContext.sslConfig.enabledProtocols =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	328	ProtocolVersion.namesOf(protocols);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	329	}
2 90ce3da70b43 Initial load duke parents: diff changeset	330
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	331	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	332	public synchronized SSLSession getSession() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	333	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	334	// start handshaking, if failed, the connection will be closed.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	335	ensureNegotiated();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	336	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	337	if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	338	SSLLogger.severe("handshake failed", ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	339	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	340
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	341	return SSLSessionImpl.nullSession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	342	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	343
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	344	return conContext.conSession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	345	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	346
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	347	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	348	public synchronized SSLSession getHandshakeSession() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	349	if (conContext.handshakeContext != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	350	return conContext.handshakeContext.handshakeSession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	351	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	352
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	353	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	354	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	355
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	356	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	357	public synchronized void addHandshakeCompletedListener(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	358	HandshakeCompletedListener listener) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	359	if (listener == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	360	throw new IllegalArgumentException("listener is null");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	361	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	362
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	363	conContext.sslConfig.addHandshakeCompletedListener(listener);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	364	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	365
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	366	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	367	public synchronized void removeHandshakeCompletedListener(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	368	HandshakeCompletedListener listener) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	369	if (listener == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	370	throw new IllegalArgumentException("listener is null");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	371	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	372
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	373	conContext.sslConfig.removeHandshakeCompletedListener(listener);
2 90ce3da70b43 Initial load duke parents: diff changeset	374	}
90ce3da70b43 Initial load duke parents: diff changeset	375
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	376	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	377	public synchronized void startHandshake() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	378	checkWrite();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	379	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	380	conContext.kickstart();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	381
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	382	// All initial handshaking goes through this operation until we
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	383	// have a valid SSL connection.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	384	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	385	// Handle handshake messages only, need no application data.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	386	if (!conContext.isNegotiated) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	387	readRecord();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	388	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	389	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	390	conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	391	"Couldn't kickstart handshaking", ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	392	} catch (Exception oe) { // including RuntimeException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	393	handleException(oe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	394	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	395	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	396
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	397	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	398	public synchronized void setUseClientMode(boolean mode) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	399	conContext.setUseClientMode(mode);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	400	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	401
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	402	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	403	public synchronized boolean getUseClientMode() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	404	return conContext.sslConfig.isClientMode;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	405	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	406
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	407	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	408	public synchronized void setNeedClientAuth(boolean need) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	409	conContext.sslConfig.clientAuthType =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	410	(need ? ClientAuthType.CLIENT_AUTH_REQUIRED :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	411	ClientAuthType.CLIENT_AUTH_NONE);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	412	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	413
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	414	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	415	public synchronized boolean getNeedClientAuth() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	416	return (conContext.sslConfig.clientAuthType ==
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	417	ClientAuthType.CLIENT_AUTH_REQUIRED);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	418	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	419
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	420	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	421	public synchronized void setWantClientAuth(boolean want) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	422	conContext.sslConfig.clientAuthType =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	423	(want ? ClientAuthType.CLIENT_AUTH_REQUESTED :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	424	ClientAuthType.CLIENT_AUTH_NONE);
2 90ce3da70b43 Initial load duke parents: diff changeset	425	}
90ce3da70b43 Initial load duke parents: diff changeset	426
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	427	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	428	public synchronized boolean getWantClientAuth() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	429	return (conContext.sslConfig.clientAuthType ==
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	430	ClientAuthType.CLIENT_AUTH_REQUESTED);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	431	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	432
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	433	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	434	public synchronized void setEnableSessionCreation(boolean flag) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	435	conContext.sslConfig.enableSessionCreation = flag;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	436	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	437
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	438	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	439	public synchronized boolean getEnableSessionCreation() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	440	return conContext.sslConfig.enableSessionCreation;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	441	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	442
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	443	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	444	public synchronized boolean isClosed() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	445	return tlsIsClosed && conContext.isClosed();
2 90ce3da70b43 Initial load duke parents: diff changeset	446	}
90ce3da70b43 Initial load duke parents: diff changeset	447
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	448	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	449	public synchronized void close() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	450	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	451	conContext.close();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	452	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	453	// ignore the exception
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	454	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	455	SSLLogger.warning("connection context closure failed", ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	456	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	457	} finally {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	458	tlsIsClosed = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	459	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	460	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	461
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	462	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	463	public synchronized InputStream getInputStream() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	464	if (isClosed() \|\| conContext.isInboundDone()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	465	throw new SocketException("Socket or inbound is closed");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	466	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	467
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	468	if (!isConnected) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	469	throw new SocketException("Socket is not connected");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	470	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	471
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	472	return appInput;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	473	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	474
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	475	private synchronized void ensureNegotiated() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	476	if (conContext.isNegotiated \|\| conContext.isClosed()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	477	return;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	478	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	479
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	480	startHandshake();
2 90ce3da70b43 Initial load duke parents: diff changeset	481	}
90ce3da70b43 Initial load duke parents: diff changeset	482
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	483	private class AppInputStream extends InputStream {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	484	// One element array used to implement the single byte read() method
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	485	private final byte[] oneByte = new byte[1];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	486
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	487	// the temporary buffer used to read network
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	488	private ByteBuffer buffer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	489
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	490	// Is application data available in the stream?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	491	private boolean appDataIsAvailable;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	492
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	493	AppInputStream() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	494	this.appDataIsAvailable = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	495	this.buffer = ByteBuffer.allocate(4096);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	496	}
2 90ce3da70b43 Initial load duke parents: diff changeset	497
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	498	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	499	* Return the minimum number of bytes that can be read
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	500	* without blocking.
2 90ce3da70b43 Initial load duke parents: diff changeset	501	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	502	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	503	public int available() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	504	// Currently not synchronized.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	505	if ((!appDataIsAvailable) \|\| checkEOF()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	506	return 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	507	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	508
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	509	return buffer.remaining();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	510	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	511
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	512	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	513	* Read a single byte, returning -1 on non-fault EOF status.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	514	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	515	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	516	public synchronized int read() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	517	int n = read(oneByte, 0, 1);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	518	if (n <= 0) { // EOF
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	519	return -1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	520	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	521
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	522	return oneByte[0] & 0xFF;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	523	}
2 90ce3da70b43 Initial load duke parents: diff changeset	524
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	525	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	526	* Reads up to {@code len} bytes of data from the input stream
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	527	* into an array of bytes.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	528	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	529	* An attempt is made to read as many as {@code len} bytes, but a
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	530	* smaller number may be read. The number of bytes actually read
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	531	* is returned as an integer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	532	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	533	* If the layer above needs more data, it asks for more, so we
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	534	* are responsible only for blocking to fill at most one buffer,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	535	* and returning "-1" on non-fault EOF status.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	536	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	537	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	538	public synchronized int read(byte[] b, int off, int len)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	539	throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	540	if (b == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	541	throw new NullPointerException("the target buffer is null");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	542	} else if (off < 0 \|\| len < 0 \|\| len > b.length - off) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	543	throw new IndexOutOfBoundsException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	544	"buffer length: " + b.length + ", offset; " + off +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	545	", bytes to read:" + len);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	546	} else if (len == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	547	return 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	548	}
2 90ce3da70b43 Initial load duke parents: diff changeset	549
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	550	if (checkEOF()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	551	return -1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	552	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	553
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	554	// start handshaking if the connection has not been negotiated.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	555	if (!conContext.isNegotiated && !conContext.isClosed()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	556	ensureNegotiated();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	557	}
2 90ce3da70b43 Initial load duke parents: diff changeset	558
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	559	// Read the available bytes at first.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	560	int remains = available();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	561	if (remains > 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	562	int howmany = Math.min(remains, len);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	563	buffer.get(b, off, howmany);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	564
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	565	return howmany;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	566	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	567
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	568	appDataIsAvailable = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	569	int volume = 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	570	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	571	while (volume == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	572	// Clear the buffer for a new record reading.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	573	buffer.clear();
2 90ce3da70b43 Initial load duke parents: diff changeset	574
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	575	// grow the buffer if needed
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	576	int inLen = conContext.inputRecord.bytesInCompletePacket();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	577	if (inLen < 0) { // EOF
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	578	// treat like receiving a close_notify warning message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	579	conContext.isInputCloseNotified = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	580	conContext.closeInbound();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	581	return -1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	582	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	583
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	584	// Is this packet bigger than SSL/TLS normally allows?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	585	if (inLen > SSLRecord.maxLargeRecordSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	586	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	587	"Illegal packet size: " + inLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	588	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	589
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	590	if (inLen > buffer.remaining()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	591	buffer = ByteBuffer.allocate(inLen);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	592	}
2 90ce3da70b43 Initial load duke parents: diff changeset	593
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	594	volume = readRecord(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	595	buffer.flip();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	596	if (volume < 0) { // EOF
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	597	// treat like receiving a close_notify warning message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	598	conContext.isInputCloseNotified = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	599	conContext.closeInbound();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	600	return -1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	601	} else if (volume > 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	602	appDataIsAvailable = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	603	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	604	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	605	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	606
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	607	// file the destination buffer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	608	int howmany = Math.min(len, volume);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	609	buffer.get(b, off, howmany);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	610	return howmany;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	611	} catch (Exception e) { // including RuntimeException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	612	// shutdown and rethrow (wrapped) exception as appropriate
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	613	handleException(e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	614
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	615	// dummy for compiler
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	616	return -1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	617	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	618	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	619
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	620	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	621	* Skip n bytes.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	622	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	623	* This implementation is somewhat less efficient than possible, but
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	624	* not badly so (redundant copy). We reuse the read() code to keep
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	625	* things simpler. Note that SKIP_ARRAY is static and may garbled by
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	626	* concurrent use, but we are not interested in the data anyway.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	627	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	628	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	629	public synchronized long skip(long n) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	630	// dummy array used to implement skip()
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	631	byte[] skipArray = new byte[256];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	632
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	633	long skipped = 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	634	while (n > 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	635	int len = (int)Math.min(n, skipArray.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	636	int r = read(skipArray, 0, len);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	637	if (r <= 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	638	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	639	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	640	n -= r;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	641	skipped += r;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	642	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	643
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	644	return skipped;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	645	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	646
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	647	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	648	public void close() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	649	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	650	SSLLogger.finest("Closing input stream");
2 90ce3da70b43 Initial load duke parents: diff changeset	651	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	652
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	653	conContext.closeInbound();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	654	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	655	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	656
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	657	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	658	public synchronized OutputStream getOutputStream() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	659	if (isClosed() \|\| conContext.isOutboundDone()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	660	throw new SocketException("Socket or outbound is closed");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	661	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	662
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	663	if (!isConnected) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	664	throw new SocketException("Socket is not connected");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	665	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	666
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	667	return appOutput;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	668	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	669
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	670	private class AppOutputStream extends OutputStream {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	671	// One element array used to implement the write(byte) method
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	672	private final byte[] oneByte = new byte[1];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	673
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	674	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	675	public void write(int i) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	676	oneByte[0] = (byte)i;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	677	write(oneByte, 0, 1);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	678	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	679
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	680	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	681	public synchronized void write(byte[] b,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	682	int off, int len) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	683	if (b == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	684	throw new NullPointerException("the source buffer is null");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	685	} else if (off < 0 \|\| len < 0 \|\| len > b.length - off) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	686	throw new IndexOutOfBoundsException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	687	"buffer length: " + b.length + ", offset; " + off +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	688	", bytes to read:" + len);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	689	} else if (len == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	690	return;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	691	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	692
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	693	// start handshaking if the connection has not been negotiated.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	694	if (!conContext.isNegotiated && !conContext.isClosed()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	695	ensureNegotiated();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	696	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	697
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	698	// check if the Socket is invalid (error or closed)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	699	checkWrite();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	700
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	701	// Delegate the writing to the underlying socket.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	702	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	703	writeRecord(b, off, len);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	704	checkWrite();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	705	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	706	// shutdown and rethrow (wrapped) exception as appropriate
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	707	handleException(ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	708	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	709	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	710
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	711	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	712	public void close() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	713	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	714	SSLLogger.finest("Closing output stream");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	715	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	716
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	717	conContext.closeOutbound();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	718	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	719	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	720
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	721	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	722	public synchronized SSLParameters getSSLParameters() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	723	return conContext.sslConfig.getSSLParameters();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	724	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	725
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	726	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	727	public synchronized void setSSLParameters(SSLParameters params) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	728	conContext.sslConfig.setSSLParameters(params);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	729
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	730	if (conContext.sslConfig.maximumPacketSize != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	731	conContext.outputRecord.changePacketSize(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	732	conContext.sslConfig.maximumPacketSize);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	733	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	734	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	735
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	736	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	737	public synchronized String getApplicationProtocol() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	738	return conContext.applicationProtocol;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	739	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	740
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	741	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	742	public synchronized String getHandshakeApplicationProtocol() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	743	if (conContext.handshakeContext != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	744	return conContext.handshakeContext.applicationProtocol;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	745	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	746
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	747	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	748	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	749
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	750	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	751	public synchronized void setHandshakeApplicationProtocolSelector(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	752	BiFunction<SSLSocket, List<String>, String> selector) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	753	conContext.sslConfig.socketAPSelector = selector;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	754	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	755
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	756	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	757	public synchronized BiFunction<SSLSocket, List<String>, String>
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	758	getHandshakeApplicationProtocolSelector() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	759	return conContext.sslConfig.socketAPSelector;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	760	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	761
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	762	private synchronized void writeRecord(byte[] source,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	763	int offset, int length) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	764	if (conContext.isOutboundDone()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	765	throw new SocketException("Socket or outbound closed");
2 90ce3da70b43 Initial load duke parents: diff changeset	766	}
90ce3da70b43 Initial load duke parents: diff changeset	767
90ce3da70b43 Initial load duke parents: diff changeset	768	//
90ce3da70b43 Initial load duke parents: diff changeset	769	// Don't bother to really write empty records. We went this
90ce3da70b43 Initial load duke parents: diff changeset	770	// far to drive the handshake machinery, for correctness; not
90ce3da70b43 Initial load duke parents: diff changeset	771	// writing empty records improves performance by cutting CPU
90ce3da70b43 Initial load duke parents: diff changeset	772	// time and network resource usage. However, some protocol
90ce3da70b43 Initial load duke parents: diff changeset	773	// implementations are fragile and don't like to see empty
90ce3da70b43 Initial load duke parents: diff changeset	774	// records, so this also increases robustness.
90ce3da70b43 Initial load duke parents: diff changeset	775	//
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	776	if (length > 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	777	try {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	778	conContext.outputRecord.deliver(source, offset, length);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	779	} catch (SSLHandshakeException she) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	780	// may be record sequence number overflow
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	781	conContext.fatal(Alert.HANDSHAKE_FAILURE, she);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	782	} catch (IOException e) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	783	conContext.fatal(Alert.UNEXPECTED_MESSAGE, e);
34528 279258fb670b 8141651: Deadlock in sun.security.ssl.SSLSocketImpl xuelei parents: 34380 diff changeset	784	}
2 90ce3da70b43 Initial load duke parents: diff changeset	785	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	786
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	787	// Is the sequence number is nearly overflow?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	788	if (conContext.outputRecord.seqNumIsHuge()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	789	tryKeyUpdate();
10915 1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 9514 diff changeset	790	}
1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 9514 diff changeset	791	}
2 90ce3da70b43 Initial load duke parents: diff changeset	792
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	793	private synchronized int readRecord() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	794	while (!conContext.isInboundDone()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	795	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	796	Plaintext plainText = decode(null);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	797	if ((plainText.contentType == ContentType.HANDSHAKE.id) &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	798	conContext.isNegotiated) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	799	return 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	800	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	801	} catch (SSLException ssle) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	802	throw ssle;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	803	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	804	throw new SSLException("readRecord", ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	805	}
2 90ce3da70b43 Initial load duke parents: diff changeset	806	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	807
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	808	return -1;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	809	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	810
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	811	private synchronized int readRecord(ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	812	while (!conContext.isInboundDone()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	813	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	814	* clean the buffer and check if it is too small, e.g. because
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	815	* the AppInputStream did not have the chance to see the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	816	* current packet length but rather something like that of the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	817	* handshake before. In that case we return 0 at this point to
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	818	* give the caller the chance to adjust the buffer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	819	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	820	buffer.clear();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	821	int inLen = conContext.inputRecord.bytesInCompletePacket();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	822	if (inLen < 0) { // EOF
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	823	return -1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	824	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	825
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	826	if (buffer.remaining() < inLen) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	827	return 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	828	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	829
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	830	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	831	Plaintext plainText = decode(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	832	if (plainText.contentType == ContentType.APPLICATION_DATA.id) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	833	return buffer.position();
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	834	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	835	} catch (SSLException ssle) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	836	throw ssle;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	837	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	838	throw new SSLException("readRecord", ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	839	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	840	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	841
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	842	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	843	// couldn't read, due to some kind of error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	844	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	845	return -1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	846	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	847
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	848	private Plaintext decode(ByteBuffer destination) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	849	Plaintext plainText;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	850	if (destination == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	851	plainText = SSLTransport.decode(conContext,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	852	null, 0, 0, null, 0, 0);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	853	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	854	plainText = SSLTransport.decode(conContext,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	855	null, 0, 0, new ByteBuffer[]{destination}, 0, 1);
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	856	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	857
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	858	// Is the sequence number is nearly overflow?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	859	if (plainText != Plaintext.PLAINTEXT_NULL &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	860	conContext.inputRecord.seqNumIsHuge()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	861	tryKeyUpdate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	862	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29923 diff changeset	863
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	864	return plainText;
2 90ce3da70b43 Initial load duke parents: diff changeset	865	}
90ce3da70b43 Initial load duke parents: diff changeset	866
90ce3da70b43 Initial load duke parents: diff changeset	867	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	868	* Try renegotiation or key update for sequence number wrap.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	869	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	870	* Note that in order to maintain the handshake status properly, we check
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	871	* the sequence number after the last record reading/writing process. As
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	872	* we request renegotiation or close the connection for wrapped sequence
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	873	* number when there is enough sequence number space left to handle a few
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	874	* more records, so the sequence number of the last record cannot be
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	875	* wrapped.
2 90ce3da70b43 Initial load duke parents: diff changeset	876	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	877	private void tryKeyUpdate() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	878	// Don't bother to kickstart the renegotiation or key update when the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	879	// local is asking for it.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	880	if ((conContext.handshakeContext == null) &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	881	!conContext.isClosed() && !conContext.isBroken) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	882	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	883	SSLLogger.finest("key update to wrap sequence number");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	884	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	885	conContext.keyUpdate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	886	}
2 90ce3da70b43 Initial load duke parents: diff changeset	887	}
90ce3da70b43 Initial load duke parents: diff changeset	888
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	889	private void closeSocket(boolean selfInitiated) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	890	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	891	SSLLogger.fine("close the ssl connection " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	892	(selfInitiated ? "(initiative)" : "(passive)"));
2 90ce3da70b43 Initial load duke parents: diff changeset	893	}
90ce3da70b43 Initial load duke parents: diff changeset	894
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	895	if (autoClose \|\| !isLayered()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	896	super.close();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	897	} else if (selfInitiated) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	898	// wait for close_notify alert to clear input stream.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	899	waitForClose();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	900	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	901	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	902
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	903	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	904	* Wait for close_notify alert for a graceful closure.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	905	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	906	* [RFC 5246] If the application protocol using TLS provides that any
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	907	* data may be carried over the underlying transport after the TLS
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	908	* connection is closed, the TLS implementation must receive the responding
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	909	* close_notify alert before indicating to the application layer that
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	910	* the TLS connection has ended. If the application protocol will not
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	911	* transfer any additional data, but will only close the underlying
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	912	* transport connection, then the implementation MAY choose to close the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	913	* transport without waiting for the responding close_notify.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	914	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	915	private void waitForClose() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	916	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	917	SSLLogger.fine("wait for close_notify or alert");
2 90ce3da70b43 Initial load duke parents: diff changeset	918	}
34380 2b2609379881 8144093: JEP 244/8051498 - TLS Application-Layer Protocol Negotiation Extension vinnie parents: 32834 diff changeset	919
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	920	while (!conContext.isInboundDone()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	921	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	922	Plaintext plainText = decode(null);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	923	// discard and continue
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	924	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	925	SSLLogger.finest(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	926	"discard plaintext while waiting for close", plainText);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	927	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	928	} catch (Exception e) { // including RuntimeException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	929	handleException(e);
2 90ce3da70b43 Initial load duke parents: diff changeset	930	}
90ce3da70b43 Initial load duke parents: diff changeset	931	}
90ce3da70b43 Initial load duke parents: diff changeset	932	}
90ce3da70b43 Initial load duke parents: diff changeset	933
90ce3da70b43 Initial load duke parents: diff changeset	934	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	935	* Initialize the handshaker and socket streams.
2 90ce3da70b43 Initial load duke parents: diff changeset	936	*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	937	* Called by connect, the layered constructor, and SSLServerSocket.
2 90ce3da70b43 Initial load duke parents: diff changeset	938	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	939	synchronized void doneConnect() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	940	// In server mode, it is not necessary to set host and serverNames.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	941	// Otherwise, would require a reverse DNS lookup to get the hostname.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	942	if ((peerHost == null) \|\| (peerHost.length() == 0)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	943	boolean useNameService =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	944	trustNameService && conContext.sslConfig.isClientMode;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	945	useImplicitHost(useNameService);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	946	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	947	conContext.sslConfig.serverNames =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	948	Utilities.addToSNIServerNameList(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	949	conContext.sslConfig.serverNames, peerHost);
2 90ce3da70b43 Initial load duke parents: diff changeset	950	}
90ce3da70b43 Initial load duke parents: diff changeset	951
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	952	InputStream sockInput = super.getInputStream();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	953	conContext.inputRecord.setReceiverStream(sockInput);
2 90ce3da70b43 Initial load duke parents: diff changeset	954
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	955	OutputStream sockOutput = super.getOutputStream();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	956	conContext.inputRecord.setDeliverStream(sockOutput);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	957	conContext.outputRecord.setDeliverStream(sockOutput);
2 90ce3da70b43 Initial load duke parents: diff changeset	958
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	959	this.isConnected = true;
2 90ce3da70b43 Initial load duke parents: diff changeset	960	}
90ce3da70b43 Initial load duke parents: diff changeset	961
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	962	private void useImplicitHost(boolean useNameService) {
37601 6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	963	// Note: If the local name service is not trustworthy, reverse
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	964	// host name resolution should not be performed for endpoint
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	965	// identification. Use the application original specified
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	966	// hostname or IP address instead.
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	967
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	968	// Get the original hostname via jdk.internal.misc.SharedSecrets
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	969	InetAddress inetAddress = getInetAddress();
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	970	if (inetAddress == null) { // not connected
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	971	return;
31687 d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	972	}
d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	973
37601 6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	974	JavaNetInetAddressAccess jna =
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	975	SharedSecrets.getJavaNetInetAddressAccess();
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	976	String originalHostname = jna.getOriginalHostName(inetAddress);
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	977	if ((originalHostname != null) &&
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	978	(originalHostname.length() != 0)) {
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	979
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	980	this.peerHost = originalHostname;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	981	if (conContext.sslConfig.serverNames.isEmpty() &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	982	!conContext.sslConfig.noSniExtension) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	983	conContext.sslConfig.serverNames =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	984	Utilities.addToSNIServerNameList(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	985	conContext.sslConfig.serverNames, peerHost);
37601 6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	986	}
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	987
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	988	return;
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	989	}
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	990
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	991	// No explicitly specified hostname, no server name indication.
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	992	if (!useNameService) {
37601 6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	993	// The local name service is not trustworthy, use IP address.
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	994	this.peerHost = inetAddress.getHostAddress();
37601 6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	995	} else {
6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	996	// Use the underlying reverse host name resolution service.
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	997	this.peerHost = getInetAddress().getHostName();
37601 6517589dcc94 8144566: Custom HostnameVerifier disables SNI extension xuelei parents: 36641 diff changeset	998	}
31687 d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	999	}
d6eb4f028c60 8067694: Improved certification checking xuelei parents: 30904 diff changeset	1000
5162 0dbedf4fdb8c 6614957: HttpsURLConnection not using the set SSLSocketFactory for creating all its Sockets chegar parents: 2068 diff changeset	1001	// ONLY used by HttpsClient to setup the URI specified hostname
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	1002	//
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	1003	// Please NOTE that this method MUST be called before calling to
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	1004	// SSLSocket.setSSLParameters(). Otherwise, the {@code host} parameter
971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	1005	// may override SNIHostName in the customized server name indication.
32649 2ee9017c7597 8136583: Core libraries should use blessed modifier order martin parents: 31918 diff changeset	1006	public synchronized void setHost(String host) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1007	this.peerHost = host;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1008	this.conContext.sslConfig.serverNames =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1009	Utilities.addToSNIServerNameList(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1010	conContext.sslConfig.serverNames, host);
2 90ce3da70b43 Initial load duke parents: diff changeset	1011	}
90ce3da70b43 Initial load duke parents: diff changeset	1012
90ce3da70b43 Initial load duke parents: diff changeset	1013	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1014	* Return whether we have reached end-of-file.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1015	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1016	* If the socket is not connected, has been shutdown because of an error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1017	* or has been closed, throw an Exception.
2 90ce3da70b43 Initial load duke parents: diff changeset	1018	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1019	synchronized boolean checkEOF() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1020	if (conContext.isClosed()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1021	throw new SocketException("Socket is closed");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1022	} else if (conContext.isInputCloseNotified \|\| conContext.isBroken) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1023	if (conContext.closeReason == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1024	return true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1025	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1026	throw new SSLException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1027	"Connection has been shutdown: " + conContext.closeReason,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1028	conContext.closeReason);
2 90ce3da70b43 Initial load duke parents: diff changeset	1029	}
90ce3da70b43 Initial load duke parents: diff changeset	1030	}
90ce3da70b43 Initial load duke parents: diff changeset	1031
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1032	return false;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1033	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1034
2 90ce3da70b43 Initial load duke parents: diff changeset	1035	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1036	* Check if we can write data to this socket.
2 90ce3da70b43 Initial load duke parents: diff changeset	1037	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1038	synchronized void checkWrite() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1039	if (checkEOF() \|\| conContext.isOutboundDone()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1040	// we are at EOF, write must throw Exception
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1041	throw new SocketException("Connection closed");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1042	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1043	if (!isConnected) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1044	throw new SocketException("Socket is not connected");
2 90ce3da70b43 Initial load duke parents: diff changeset	1045	}
90ce3da70b43 Initial load duke parents: diff changeset	1046	}
90ce3da70b43 Initial load duke parents: diff changeset	1047
90ce3da70b43 Initial load duke parents: diff changeset	1048	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1049	* Handle an exception.
2 90ce3da70b43 Initial load duke parents: diff changeset	1050	*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1051	* This method is called by top level exception handlers (in read(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1052	* write()) to make sure we always shutdown the connection correctly
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1053	* and do not pass runtime exception to the application.
2 90ce3da70b43 Initial load duke parents: diff changeset	1054	*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1055	* This method never returns normally, it always throws an IOException.
2 90ce3da70b43 Initial load duke parents: diff changeset	1056	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1057	private void handleException(Exception cause) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1058	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1059	SSLLogger.warning("handling exception", cause);
2 90ce3da70b43 Initial load duke parents: diff changeset	1060	}
90ce3da70b43 Initial load duke parents: diff changeset	1061
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1062	// Don't close the Socket in case of timeouts or interrupts.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1063	if (cause instanceof InterruptedIOException) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1064	throw (IOException)cause;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1065	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1066
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1067	// need to perform error shutdown
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1068	boolean isSSLException = (cause instanceof SSLException);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1069	Alert alert;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1070	if (isSSLException) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1071	if (cause instanceof SSLHandshakeException) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1072	alert = Alert.HANDSHAKE_FAILURE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1073	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1074	alert = Alert.UNEXPECTED_MESSAGE;
2 90ce3da70b43 Initial load duke parents: diff changeset	1075	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1076	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1077	if (cause instanceof IOException) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1078	alert = Alert.UNEXPECTED_MESSAGE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1079	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1080	// RuntimeException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1081	alert = Alert.INTERNAL_ERROR;
2 90ce3da70b43 Initial load duke parents: diff changeset	1082	}
90ce3da70b43 Initial load duke parents: diff changeset	1083	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1084	conContext.fatal(alert, cause);
2 90ce3da70b43 Initial load duke parents: diff changeset	1085	}
90ce3da70b43 Initial load duke parents: diff changeset	1086
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1087	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1088	public String getPeerHost() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1089	return peerHost;
2 90ce3da70b43 Initial load duke parents: diff changeset	1090	}
90ce3da70b43 Initial load duke parents: diff changeset	1091
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1092	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1093	public int getPeerPort() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1094	return getPort();
2 90ce3da70b43 Initial load duke parents: diff changeset	1095	}
90ce3da70b43 Initial load duke parents: diff changeset	1096
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1097	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1098	public boolean useDelegatedTask() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1099	return false;
2 90ce3da70b43 Initial load duke parents: diff changeset	1100	}
90ce3da70b43 Initial load duke parents: diff changeset	1101
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1102	@Override
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1103	public void shutdown() throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1104	if (!isClosed()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1105	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1106	SSLLogger.fine("close the underlying socket");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1107	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1108
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1109	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1110	if (conContext.isInputCloseNotified) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1111	// Close the connection, no wait for more peer response.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1112	closeSocket(false);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1113	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1114	// Close the connection, may wait for peer close_notify.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1115	closeSocket(true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1116	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1117	} finally {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47271 diff changeset	1118	tlsIsClosed = true;
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 13815 diff changeset	1119	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1120	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1121	}
90ce3da70b43 Initial load duke parents: diff changeset	1122	}

author	wetmore
	Fri, 11 May 2018 15:53:12 -0700
branch	JDK-8145252-TLS13-branch
changeset 56542	56aaa6cb3693
parent 47271	dc9b1da1314b
child 56571	9dfdc35eb270
permissions	-rw-r--r--