jdk-sandbox: src/java.base/share/classes/sun/security/ssl/TransportContext.java@68fa3d4026ea (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.Closeable;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.AccessControlContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.AccessController;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.security.PrivilegedAction;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.HashMap;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.util.HashSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.util.Map;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.util.Set;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import javax.net.ssl.HandshakeCompletedEvent;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import javax.net.ssl.HandshakeCompletedListener;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import javax.net.ssl.SSLEngineResult.HandshakeStatus;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import javax.net.ssl.SSLException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import javax.net.ssl.SSLSocket;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	* SSL/(D)TLS transportation context.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	class TransportContext implements ConnectionContext, Closeable {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	final SSLTransport transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	// registered plaintext consumers
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	final Map<Byte, SSLConsumer> consumers;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	final AccessControlContext acc;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	final SSLContextImpl sslContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	final SSLConfiguration sslConfig;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	final InputRecord inputRecord;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	final OutputRecord outputRecord;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	// connection status
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	boolean isUnsureMode;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	boolean isNegotiated = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	boolean isBroken = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	boolean isInputCloseNotified = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	boolean isOutputCloseNotified = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	Exception closeReason = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	// negotiated security parameters
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	SSLSessionImpl conSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	ProtocolVersion protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	String applicationProtocol= null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	// handshake context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	HandshakeContext handshakeContext = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	// connection reserved status for handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	boolean secureRenegotiation = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	byte[] clientVerifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	byte[] serverVerifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	// connection sensitive configuration
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	List<NamedGroup> serverRequestedNamedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	CipherSuite cipherSuite;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	private static final byte[] emptyByteArray = new byte[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	// Please never use the transport parameter other than storing a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	// reference to this object.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	// Called by SSLEngineImpl
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	TransportContext(SSLContextImpl sslContext, SSLTransport transport,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	InputRecord inputRecord, OutputRecord outputRecord) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	this(sslContext, transport, new SSLConfiguration(sslContext, true),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	inputRecord, outputRecord, true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	// Please never use the transport parameter other than storing a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	// reference to this object.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	// Called by SSLSocketImpl
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	TransportContext(SSLContextImpl sslContext, SSLTransport transport,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	InputRecord inputRecord, OutputRecord outputRecord,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	boolean isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	this(sslContext, transport,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	new SSLConfiguration(sslContext, isClientMode),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	inputRecord, outputRecord, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	// Please never use the transport parameter other than storing a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	// reference to this object.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	// Called by SSLSocketImpl with an existing SSLConfig
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	TransportContext(SSLContextImpl sslContext, SSLTransport transport,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	SSLConfiguration sslConfig,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	InputRecord inputRecord, OutputRecord outputRecord) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	this(sslContext, transport, (SSLConfiguration)sslConfig.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	inputRecord, outputRecord, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	private TransportContext(SSLContextImpl sslContext, SSLTransport transport,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	SSLConfiguration sslConfig, InputRecord inputRecord,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	OutputRecord outputRecord, boolean isUnsureMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	this.transport = transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	this.sslContext = sslContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	this.inputRecord = inputRecord;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	this.outputRecord = outputRecord;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	this.sslConfig = sslConfig;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	if (this.sslConfig.maximumPacketSize == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	this.sslConfig.maximumPacketSize = outputRecord.getMaxPacketSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	this.isUnsureMode = isUnsureMode;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	// initial security parameters
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	this.conSession = SSLSessionImpl.nullSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	this.protocolVersion = this.sslConfig.maximumProtocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	this.clientVerifyData = emptyByteArray;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	this.serverVerifyData = emptyByteArray;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	this.acc = AccessController.getContext();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	this.consumers = new HashMap<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	// Dispatch plaintext to a specific consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	void dispatch(Plaintext plaintext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	if (plaintext == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	ContentType ct = ContentType.valueOf(plaintext.contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	if (ct == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	"Unknown content type: " + plaintext.contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	switch (ct) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	case HANDSHAKE:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	byte type = HandshakeContext.getHandshakeType(this,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	plaintext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	if (handshakeContext == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	if (type == SSLHandshake.KEY_UPDATE.id \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	type == SSLHandshake.NEW_SESSION_TICKET.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	if (isNegotiated &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	protocolVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	handshakeContext = new PostHandshakeContext(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	"Unexpected post-handshake message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	SSLHandshake.nameOf(type));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	handshakeContext = sslConfig.isClientMode ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	new ClientHandshakeContext(sslContext, this) :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	new ServerHandshakeContext(sslContext, this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	outputRecord.initHandshaker();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	handshakeContext.dispatch(type, plaintext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	case ALERT:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	Alert.alertConsumer.consume(this, plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	SSLConsumer consumer = consumers.get(plaintext.contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	if (consumer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	consumer.consume(this, plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	"Unexpected content: " + plaintext.contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	void kickstart() throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	if (isUnsureMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	throw new IllegalStateException("Client/Server mode not yet set.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	if (outputRecord.isClosed() \|\| inputRecord.isClosed() \|\| isBroken) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	if (closeReason != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	throw new SSLException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	"Cannot kickstart, the connection is broken or closed",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	closeReason);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	throw new SSLException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	"Cannot kickstart, the connection is broken or closed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	// initialize the handshaker if necessary
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	if (handshakeContext == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	// TLS1.3 post-handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	if (isNegotiated && protocolVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	handshakeContext = new PostHandshakeContext(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	handshakeContext = sslConfig.isClientMode ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	new ClientHandshakeContext(sslContext, this) :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	new ServerHandshakeContext(sslContext, this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	outputRecord.initHandshaker();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	// kickstart the handshake if needed
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	// Need no kickstart message on server side unless the connection
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	// has been established.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	if(isNegotiated \|\| sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	handshakeContext.kickstart();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	void keyUpdate() throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	kickstart();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	boolean isPostHandshakeContext() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	return handshakeContext != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	(handshakeContext instanceof PostHandshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	// Note: close_notify is delivered as a warning alert.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	void warning(Alert alert) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	// For initial handshaking, don't send a warning alert message to peer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	// if handshaker has not started.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	if (isNegotiated \|\| handshakeContext != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	outputRecord.encodeAlert(Alert.Level.WARNING.level, alert.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	"Warning: failed to send warning alert " + alert, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	void fatal(Alert alert,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	String diagnostic) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	fatal(alert, diagnostic, null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	void fatal(Alert alert, Throwable cause) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	fatal(alert, null, cause);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	void fatal(Alert alert,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	String diagnostic, Throwable cause) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	fatal(alert, diagnostic, false, cause);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	// Note: close_notify is not delivered via fatal() methods.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	void fatal(Alert alert, String diagnostic,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	boolean recvFatalAlert, Throwable cause) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	// If we've already shutdown because of an error, there is nothing we
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	// can do except rethrow the exception.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	// Most exceptions seen here will be SSLExceptions. We may find the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	// occasional Exception which hasn't been converted to a SSLException,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	// so we'll do it here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	if (closeReason != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	if (cause == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	"Closed transport, general or untracked problem");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	throw alert.createSSLException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	"Closed transport, general or untracked problem");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	if (cause instanceof SSLException) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	throw (SSLException)cause;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	} else { // unlikely, but just in case.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	"Closed transport, unexpected rethrowing", cause);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	throw alert.createSSLException("Unexpected rethrowing", cause);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	// If we have no further information, make a general-purpose
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	// message for folks to see. We generally have one or the other.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	if (diagnostic == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	if (cause == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	diagnostic = "General/Untracked problem";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	diagnostic = cause.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	if (cause == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	cause = alert.createSSLException(diagnostic);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	// shutdown the transport
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	SSLLogger.severe("Fatal (" + alert + "): " + diagnostic, cause);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	// remember the close reason
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	if (cause instanceof SSLException) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	closeReason = (SSLException)cause;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	// Including RuntimeException, but we'll throw those down below.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	closeReason = alert.createSSLException(diagnostic, cause);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	// close inbound
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	inputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	SSLLogger.warning("Fatal: input record closure failed", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	// invalidate the session
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	if (conSession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	conSession.invalidate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	if (handshakeContext != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	handshakeContext.handshakeSession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	handshakeContext.handshakeSession.invalidate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	// send fatal alert
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	// If we haven't even started handshaking yet, or we are the recipient
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	// of a fatal alert, no need to generate a fatal close alert.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	if (!recvFatalAlert && !isOutboundDone() && !isBroken &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	(isNegotiated \|\| handshakeContext != null)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	outputRecord.encodeAlert(Alert.Level.FATAL.level, alert.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	"Fatal: failed to send fatal alert " + alert, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	// close outbound
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	outputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	SSLLogger.warning("Fatal: output record closure failed", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	// terminal handshake context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	if (handshakeContext != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	handshakeContext = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	// terminal the transport
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	transport.shutdown();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	SSLLogger.warning("Fatal: transport closure failed", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	} finally {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	isBroken = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	if (closeReason instanceof SSLException) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	throw (SSLException)closeReason;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	throw (RuntimeException)closeReason;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	void setUseClientMode(boolean useClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	* If we need to change the client mode and the enabled
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	* protocols and cipher suites haven't specifically been
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	* set by the user, change them to the corresponding
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	* default ones.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	if (sslConfig.isClientMode != useClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	// Once handshaking has begun, the mode can not be reset for the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	// life of this engine.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	if (handshakeContext != null \|\| isNegotiated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	throw new IllegalArgumentException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	"Cannot change mode after SSL traffic has started");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	if (sslContext.isDefaultProtocolVesions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	sslConfig.enabledProtocols)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	sslConfig.enabledProtocols =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	sslContext.getDefaultProtocolVersions(!useClientMode);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	if (sslContext.isDefaultCipherSuiteList(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	sslConfig.enabledCipherSuites)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	sslConfig.enabledCipherSuites =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	sslContext.getDefaultCipherSuites(!useClientMode);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	sslConfig.isClientMode = useClientMode;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	isUnsureMode = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	// The OutputRecord is closed and not buffered output record.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	boolean isOutboundDone() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	return outputRecord.isClosed() && outputRecord.isEmpty();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	// The OutputRecord is closed, but buffered output record may be still
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	// waiting for delivery to the underlying connection.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	boolean isOutboundClosed() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	return outputRecord.isClosed();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	boolean isInboundDone() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	return inputRecord.isClosed();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	boolean isClosed() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	return isOutboundClosed() && isInboundDone();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	public void close() throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	if (!isOutboundDone()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	closeOutbound();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	if (!isInboundDone()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	closeInbound();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	void closeInbound() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	if (isInboundDone()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	if (isInputCloseNotified) { // passive close
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	passiveInboundClose();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	} else { // initiative close
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	initiateInboundClose();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	SSLLogger.warning("inbound closure failed", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	void closeOutbound() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477	if (isOutboundDone()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	initiateOutboundClose();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	SSLLogger.warning("outbound closure failed", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	// Close the connection passively. The closure could be kickoff by
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	// receiving a close_notify alert or reaching end_of_file of the socket.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	private void passiveInboundClose() throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493	if (!isInboundDone()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	inputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	// For TLS 1.2 and prior version, it is required to respond with
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	// a close_notify alert of its own and close down the connection
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	// immediately, discarding any pending writes.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	if (!isOutboundDone() && !isOutputCloseNotified) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	// send a close_notify alert
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	warning(Alert.CLOSE_NOTIFY);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	} finally {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	// any data received after a closure alert is ignored.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	isOutputCloseNotified = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507	outputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	transport.shutdown();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	// Initiate a close by sending a close_notify alert.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	private void initiateInboundClose() throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516	// TLS 1.3 does not define how to initiate and close a TLS connection
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517	// gracefully. We will always send a close_notify alert, and close
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	// the underlying transportation layer if needed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	if (!isInboundDone() && !isInputCloseNotified) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	// send a close_notify alert
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	warning(Alert.CLOSE_NOTIFY);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	} finally {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	// any data received after a closure alert is ignored.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	isInputCloseNotified = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	inputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	// For TLS 1.3, input closure is independent from output closure. Both
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	// parties need not wait to receive a "close_notify" alert before
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	// closing their read side of the connection.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	// For TLS 1.2 and prior version, it is not required for the initiator
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	// of the close to wait for the responding close_notify alert before
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	// closing the read side of the connection.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	transport.shutdown();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	} finally {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	if (!isOutboundDone()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	outputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	// Initiate a close by sending a close_notify alert.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	private void initiateOutboundClose() throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	if (!isOutboundDone() && !isOutputCloseNotified) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	try { // close outputRecord
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	// send a close_notify alert
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	warning(Alert.CLOSE_NOTIFY);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	} finally {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	// any data received after a closure alert is ignored.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	isOutputCloseNotified = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	outputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	// It is not required for the initiator of the close to wait for the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	// responding close_notify alert before closing the read side of the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	// connection. However, if the application protocol using TLS
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	// provides that any data may be carried over the underlying transport
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563	// after the TLS connection is closed, the TLS implementation MUST
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	// receive a "close_notify" alert before indicating end-of-data to the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	// application-layer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567	transport.shutdown();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	} finally {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569	if (!isInboundDone()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	inputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575	// Note; HandshakeStatus.FINISHED status is retrieved in other places.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576	HandshakeStatus getHandshakeStatus() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	if (!outputRecord.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	// If no handshaking, special case to wrap alters or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	// post-handshake messages.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	return HandshakeStatus.NEED_WRAP;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581	} else if (handshakeContext != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582	if (!handshakeContext.delegatedActions.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	return HandshakeStatus.NEED_TASK;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584	} else if (sslContext.isDTLS() &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585	!inputRecord.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586	return HandshakeStatus.NEED_UNWRAP_AGAIN;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	588	return HandshakeStatus.NEED_UNWRAP;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590	} else if (isOutboundDone() && !isInboundDone()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592	* Special case where we're closing, but
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	* still need the close_notify before we
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	* can officially be closed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	* Note isOutboundDone is taken care of by
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	* hasOutboundData() above.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599	return HandshakeStatus.NEED_UNWRAP;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602	return HandshakeStatus.NOT_HANDSHAKING;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605	HandshakeStatus finishHandshake() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606	if (protocolVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	outputRecord.tc = this;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	inputRecord.tc = this;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609	cipherSuite = handshakeContext.negotiatedCipherSuite;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	inputRecord.readCipher.baseSecret = handshakeContext.baseReadSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611	outputRecord.writeCipher.baseSecret = handshakeContext.baseWriteSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614	handshakeContext = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615	outputRecord.handshakeHash.finish();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	inputRecord.finishHandshake();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	outputRecord.finishHandshake();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	isNegotiated = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	// Tell folk about handshake completion, but do it in a separate thread.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	if (transport instanceof SSLSocket &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	sslConfig.handshakeListeners != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623	!sslConfig.handshakeListeners.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624	HandshakeCompletedEvent hce =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	new HandshakeCompletedEvent((SSLSocket)transport, conSession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	Thread thread = new Thread(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	null,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	new NotifyHandshake(sslConfig.handshakeListeners, hce),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	"HandshakeCompletedNotify-Thread",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	0,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	thread.start();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	return HandshakeStatus.FINISHED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	HandshakeStatus finishPostHandshake() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639	handshakeContext = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	// Note: May need trigger handshake completion even for post-handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	// authentication in the future.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	return HandshakeStatus.FINISHED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	// A separate thread is allocated to deliver handshake completion
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	// events.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	private static class NotifyHandshake implements Runnable {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650	private final Set<Map.Entry<HandshakeCompletedListener,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	AccessControlContext>> targets; // who gets notified
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	private final HandshakeCompletedEvent event; // the notification
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	NotifyHandshake(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	Map<HandshakeCompletedListener,AccessControlContext> listeners,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	HandshakeCompletedEvent event) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	this.targets = new HashSet<>(listeners.entrySet()); // clone
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658	this.event = event;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	public void run() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	// Don't need to synchronize, as it only runs in one thread.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	for (Map.Entry<HandshakeCompletedListener,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665	AccessControlContext> entry : targets) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	final HandshakeCompletedListener listener = entry.getKey();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	AccessControlContext acc = entry.getValue();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	AccessController.doPrivileged(new PrivilegedAction<Void>() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	public Void run() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671	listener.handshakeCompleted(event);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	}, acc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
child 51141	2dd2d73c52f6
permissions	-rw-r--r--