jdk-sandbox: src/java.base/share/classes/sun/security/ssl/TransportContext.java@9c3209ff7550 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
54443 dfba4e321ab3 8221882: Use fiber-friendly java.util.concurrent.locks in JSSE xuelei parents: 53289 diff changeset	2	* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.security.AccessControlContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.AccessController;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.PrivilegedAction;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.util.HashMap;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.HashSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.util.Map;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.util.Set;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import javax.net.ssl.HandshakeCompletedEvent;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import javax.net.ssl.HandshakeCompletedListener;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import javax.net.ssl.SSLEngineResult.HandshakeStatus;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import javax.net.ssl.SSLException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import javax.net.ssl.SSLSocket;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	* SSL/(D)TLS transportation context.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	*/
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	46	class TransportContext implements ConnectionContext {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	final SSLTransport transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	// registered plaintext consumers
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	final Map<Byte, SSLConsumer> consumers;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	final AccessControlContext acc;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	final SSLContextImpl sslContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	final SSLConfiguration sslConfig;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	final InputRecord inputRecord;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	final OutputRecord outputRecord;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	// connection status
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	boolean isUnsureMode;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	boolean isNegotiated = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	boolean isBroken = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	boolean isInputCloseNotified = false;
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	63	boolean peerUserCanceled = false;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	Exception closeReason = null;
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 51407 diff changeset	65	Exception delegatedThrown = null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	// negotiated security parameters
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	SSLSessionImpl conSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	ProtocolVersion protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	String applicationProtocol= null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	// handshake context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	HandshakeContext handshakeContext = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	// connection reserved status for handshake.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	boolean secureRenegotiation = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	byte[] clientVerifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	byte[] serverVerifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	// connection sensitive configuration
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	List<NamedGroup> serverRequestedNamedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	CipherSuite cipherSuite;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	private static final byte[] emptyByteArray = new byte[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	// Please never use the transport parameter other than storing a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	// reference to this object.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	// Called by SSLEngineImpl
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	TransportContext(SSLContextImpl sslContext, SSLTransport transport,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	InputRecord inputRecord, OutputRecord outputRecord) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	this(sslContext, transport, new SSLConfiguration(sslContext, true),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	inputRecord, outputRecord, true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	// Please never use the transport parameter other than storing a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	// reference to this object.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	// Called by SSLSocketImpl
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	TransportContext(SSLContextImpl sslContext, SSLTransport transport,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	InputRecord inputRecord, OutputRecord outputRecord,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	boolean isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	this(sslContext, transport,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	new SSLConfiguration(sslContext, isClientMode),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	inputRecord, outputRecord, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	// Please never use the transport parameter other than storing a
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	// reference to this object.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	// Called by SSLSocketImpl with an existing SSLConfig
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	TransportContext(SSLContextImpl sslContext, SSLTransport transport,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	SSLConfiguration sslConfig,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	InputRecord inputRecord, OutputRecord outputRecord) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	this(sslContext, transport, (SSLConfiguration)sslConfig.clone(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	inputRecord, outputRecord, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	private TransportContext(SSLContextImpl sslContext, SSLTransport transport,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	SSLConfiguration sslConfig, InputRecord inputRecord,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	OutputRecord outputRecord, boolean isUnsureMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	this.transport = transport;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	this.sslContext = sslContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	this.inputRecord = inputRecord;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	this.outputRecord = outputRecord;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	this.sslConfig = sslConfig;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	if (this.sslConfig.maximumPacketSize == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	this.sslConfig.maximumPacketSize = outputRecord.getMaxPacketSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	this.isUnsureMode = isUnsureMode;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	// initial security parameters
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	this.conSession = SSLSessionImpl.nullSession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	this.protocolVersion = this.sslConfig.maximumProtocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	this.clientVerifyData = emptyByteArray;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	this.serverVerifyData = emptyByteArray;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	this.acc = AccessController.getContext();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	this.consumers = new HashMap<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	// Dispatch plaintext to a specific consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	void dispatch(Plaintext plaintext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	if (plaintext == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	ContentType ct = ContentType.valueOf(plaintext.contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	if (ct == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	150	throw fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	"Unknown content type: " + plaintext.contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	switch (ct) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	case HANDSHAKE:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	byte type = HandshakeContext.getHandshakeType(this,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	plaintext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	if (handshakeContext == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	if (type == SSLHandshake.KEY_UPDATE.id \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	type == SSLHandshake.NEW_SESSION_TICKET.id) {
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54443 diff changeset	161	if (!isNegotiated) {
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54443 diff changeset	162	throw fatal(Alert.UNEXPECTED_MESSAGE,
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54443 diff changeset	163	"Unexpected unnegotiated post-handshake" +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54443 diff changeset	164	" message: " +
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54443 diff changeset	165	SSLHandshake.nameOf(type));
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54443 diff changeset	166	}
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54443 diff changeset	167	if (type == SSLHandshake.KEY_UPDATE.id &&
c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54443 diff changeset	168	!protocolVersion.useTLS13PlusSpec()) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	169	throw fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	"Unexpected post-handshake message: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	SSLHandshake.nameOf(type));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	}
55336 c2398053ee90 8211018: Session Resumption without Server-Side State ascarpino parents: 54443 diff changeset	173	handshakeContext = new PostHandshakeContext(this);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	handshakeContext = sslConfig.isClientMode ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	new ClientHandshakeContext(sslContext, this) :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	new ServerHandshakeContext(sslContext, this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	outputRecord.initHandshaker();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	handshakeContext.dispatch(type, plaintext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	case ALERT:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	Alert.alertConsumer.consume(this, plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	SSLConsumer consumer = consumers.get(plaintext.contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	if (consumer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	consumer.consume(this, plaintext.fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	} else {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	191	throw fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	"Unexpected content: " + plaintext.contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	void kickstart() throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	if (isUnsureMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	throw new IllegalStateException("Client/Server mode not yet set.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	if (outputRecord.isClosed() \|\| inputRecord.isClosed() \|\| isBroken) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	if (closeReason != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	throw new SSLException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	"Cannot kickstart, the connection is broken or closed",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	closeReason);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	throw new SSLException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	"Cannot kickstart, the connection is broken or closed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	// initialize the handshaker if necessary
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	if (handshakeContext == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	// TLS1.3 post-handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	if (isNegotiated && protocolVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	handshakeContext = new PostHandshakeContext(this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	handshakeContext = sslConfig.isClientMode ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	new ClientHandshakeContext(sslContext, this) :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	new ServerHandshakeContext(sslContext, this);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	outputRecord.initHandshaker();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	// kickstart the handshake if needed
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	// Need no kickstart message on server side unless the connection
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	// has been established.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	if(isNegotiated \|\| sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	handshakeContext.kickstart();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	boolean isPostHandshakeContext() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	return handshakeContext != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	(handshakeContext instanceof PostHandshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	// Note: close_notify is delivered as a warning alert.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	void warning(Alert alert) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	// For initial handshaking, don't send a warning alert message to peer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	// if handshaker has not started.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	if (isNegotiated \|\| handshakeContext != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	outputRecord.encodeAlert(Alert.Level.WARNING.level, alert.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	"Warning: failed to send warning alert " + alert, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	256	SSLException fatal(Alert alert,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	String diagnostic) throws SSLException {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	258	return fatal(alert, diagnostic, null);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	261	SSLException fatal(Alert alert, Throwable cause) throws SSLException {
103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	262	return fatal(alert, null, cause);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	265	SSLException fatal(Alert alert,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	String diagnostic, Throwable cause) throws SSLException {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	267	return fatal(alert, diagnostic, false, cause);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	// Note: close_notify is not delivered via fatal() methods.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	271	SSLException fatal(Alert alert, String diagnostic,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	boolean recvFatalAlert, Throwable cause) throws SSLException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	// If we've already shutdown because of an error, there is nothing we
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	// can do except rethrow the exception.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	// Most exceptions seen here will be SSLExceptions. We may find the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	// occasional Exception which hasn't been converted to a SSLException,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	// so we'll do it here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	if (closeReason != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	if (cause == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	"Closed transport, general or untracked problem");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	throw alert.createSSLException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	"Closed transport, general or untracked problem");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	if (cause instanceof SSLException) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	throw (SSLException)cause;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	} else { // unlikely, but just in case.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	"Closed transport, unexpected rethrowing", cause);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	throw alert.createSSLException("Unexpected rethrowing", cause);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	// If we have no further information, make a general-purpose
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	// message for folks to see. We generally have one or the other.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	if (diagnostic == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	if (cause == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	diagnostic = "General/Untracked problem";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	diagnostic = cause.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	if (cause == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	cause = alert.createSSLException(diagnostic);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	// shutdown the transport
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	SSLLogger.severe("Fatal (" + alert + "): " + diagnostic, cause);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	// remember the close reason
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	if (cause instanceof SSLException) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	closeReason = (SSLException)cause;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	// Including RuntimeException, but we'll throw those down below.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	closeReason = alert.createSSLException(diagnostic, cause);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	// close inbound
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	inputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	SSLLogger.warning("Fatal: input record closure failed", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	}
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 51574 diff changeset	334
9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 51574 diff changeset	335	closeReason.addSuppressed(ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	// invalidate the session
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	if (conSession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	conSession.invalidate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	if (handshakeContext != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	handshakeContext.handshakeSession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	handshakeContext.handshakeSession.invalidate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	// send fatal alert
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	// If we haven't even started handshaking yet, or we are the recipient
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	// of a fatal alert, no need to generate a fatal close alert.
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	352	if (!recvFatalAlert && !isOutboundClosed() && !isBroken &&
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	(isNegotiated \|\| handshakeContext != null)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	outputRecord.encodeAlert(Alert.Level.FATAL.level, alert.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	"Fatal: failed to send fatal alert " + alert, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	}
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 51574 diff changeset	361
9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 51574 diff changeset	362	closeReason.addSuppressed(ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	// close outbound
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	outputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	SSLLogger.warning("Fatal: output record closure failed", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	}
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 51574 diff changeset	373
9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 51574 diff changeset	374	closeReason.addSuppressed(ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 51407 diff changeset	377	// terminate the handshake context
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	if (handshakeContext != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	handshakeContext = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 51407 diff changeset	382	// terminate the transport
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	transport.shutdown();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	SSLLogger.warning("Fatal: transport closure failed", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	}
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 51574 diff changeset	389
9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 51574 diff changeset	390	closeReason.addSuppressed(ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	} finally {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	isBroken = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	if (closeReason instanceof SSLException) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	throw (SSLException)closeReason;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	throw (RuntimeException)closeReason;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	void setUseClientMode(boolean useClientMode) {
51141 2dd2d73c52f6 8207250: setUseClientMode post handshake with the same value as before does not throw IAE weijun parents: 50768 diff changeset	403	// Once handshaking has begun, the mode can not be reset for the
2dd2d73c52f6 8207250: setUseClientMode post handshake with the same value as before does not throw IAE weijun parents: 50768 diff changeset	404	// life of this engine.
2dd2d73c52f6 8207250: setUseClientMode post handshake with the same value as before does not throw IAE weijun parents: 50768 diff changeset	405	if (handshakeContext != null \|\| isNegotiated) {
2dd2d73c52f6 8207250: setUseClientMode post handshake with the same value as before does not throw IAE weijun parents: 50768 diff changeset	406	throw new IllegalArgumentException(
2dd2d73c52f6 8207250: setUseClientMode post handshake with the same value as before does not throw IAE weijun parents: 50768 diff changeset	407	"Cannot change mode after SSL traffic has started");
2dd2d73c52f6 8207250: setUseClientMode post handshake with the same value as before does not throw IAE weijun parents: 50768 diff changeset	408	}
2dd2d73c52f6 8207250: setUseClientMode post handshake with the same value as before does not throw IAE weijun parents: 50768 diff changeset	409
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	* If we need to change the client mode and the enabled
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	* protocols and cipher suites haven't specifically been
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	* set by the user, change them to the corresponding
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	* default ones.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	if (sslConfig.isClientMode != useClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	if (sslContext.isDefaultProtocolVesions(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	sslConfig.enabledProtocols)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	sslConfig.enabledProtocols =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	sslContext.getDefaultProtocolVersions(!useClientMode);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	if (sslContext.isDefaultCipherSuiteList(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	sslConfig.enabledCipherSuites)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	sslConfig.enabledCipherSuites =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	sslContext.getDefaultCipherSuites(!useClientMode);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	sslConfig.isClientMode = useClientMode;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432	isUnsureMode = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	// The OutputRecord is closed and not buffered output record.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	boolean isOutboundDone() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	return outputRecord.isClosed() && outputRecord.isEmpty();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	// The OutputRecord is closed, but buffered output record may be still
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	// waiting for delivery to the underlying connection.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	boolean isOutboundClosed() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	return outputRecord.isClosed();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	446	boolean isInboundClosed() {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	return inputRecord.isClosed();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	450	// Close inbound, no more data should be delivered to the underlying
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	451	// transportation connection.
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	452	void closeInbound() throws SSLException {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	453	if (isInboundClosed()) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	try {
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	458	// Important note: check if the initial handshake is started at
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	459	// first so that the passiveInboundClose() implementation need not
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	460	// to consider the case any more.
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	461	if (!isInputCloseNotified) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	462	// the initial handshake is not started
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	463	initiateInboundClose();
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	464	} else {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	passiveInboundClose();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	SSLLogger.warning("inbound closure failed", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	474	// Close the connection passively. The closure could be kickoff by
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	475	// receiving a close_notify alert or reaching end_of_file of the socket.
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	476	//
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	477	// Note that this method is called only if the initial handshake has
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	478	// started or completed.
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	479	private void passiveInboundClose() throws IOException {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	480	if (!isInboundClosed()) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	481	inputRecord.close();
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	482	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	483
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	484	// For TLS 1.2 and prior version, it is required to respond with
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	485	// a close_notify alert of its own and close down the connection
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	486	// immediately, discarding any pending writes.
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	487	if (!isOutboundClosed()) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	488	boolean needCloseNotify = SSLConfiguration.acknowledgeCloseNotify;
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	489	if (!needCloseNotify) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	490	if (isNegotiated) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	491	if (!protocolVersion.useTLS13PlusSpec()) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	492	needCloseNotify = true;
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	493	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	494	} else if (handshakeContext != null) { // initial handshake
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	495	ProtocolVersion pv = handshakeContext.negotiatedProtocol;
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	496	if (pv == null \|\| (!pv.useTLS13PlusSpec())) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	497	needCloseNotify = true;
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	498	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	499	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	500	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	501
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	502	if (needCloseNotify) {
54443 dfba4e321ab3 8221882: Use fiber-friendly java.util.concurrent.locks in JSSE xuelei parents: 53289 diff changeset	503	outputRecord.recordLock.lock();
dfba4e321ab3 8221882: Use fiber-friendly java.util.concurrent.locks in JSSE xuelei parents: 53289 diff changeset	504	try {
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	505	try {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	506	// send a close_notify alert
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	507	warning(Alert.CLOSE_NOTIFY);
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	508	} finally {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	509	outputRecord.close();
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	510	}
54443 dfba4e321ab3 8221882: Use fiber-friendly java.util.concurrent.locks in JSSE xuelei parents: 53289 diff changeset	511	} finally {
dfba4e321ab3 8221882: Use fiber-friendly java.util.concurrent.locks in JSSE xuelei parents: 53289 diff changeset	512	outputRecord.recordLock.unlock();
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	513	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	514	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	515	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	516	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	517
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	518	// Initiate a inbound close when the handshake is not started.
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	519	private void initiateInboundClose() throws IOException {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	520	if (!isInboundClosed()) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	521	inputRecord.close();
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	522	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	523	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	524
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	525	// Close outbound, no more data should be received from the underlying
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	526	// transportation connection.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	void closeOutbound() {
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	528	if (isOutboundClosed()) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	initiateOutboundClose();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	SSLLogger.warning("outbound closure failed", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	541	// Initiate a close by sending a close_notify alert.
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	542	private void initiateOutboundClose() throws IOException {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	543	boolean useUserCanceled = false;
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	544	if (!isNegotiated && (handshakeContext != null) && !peerUserCanceled) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	545	// initial handshake
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	546	useUserCanceled = true;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	549	// Need a lock here so that the user_canceled alert and the
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	550	// close_notify alert can be delivered together.
54443 dfba4e321ab3 8221882: Use fiber-friendly java.util.concurrent.locks in JSSE xuelei parents: 53289 diff changeset	551	outputRecord.recordLock.lock();
dfba4e321ab3 8221882: Use fiber-friendly java.util.concurrent.locks in JSSE xuelei parents: 53289 diff changeset	552	try {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	try {
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	554	// send a user_canceled alert if needed.
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	555	if (useUserCanceled) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	556	warning(Alert.USER_CANCELED);
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	557	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	// send a close_notify alert
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	warning(Alert.CLOSE_NOTIFY);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	} finally {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	outputRecord.close();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563	}
54443 dfba4e321ab3 8221882: Use fiber-friendly java.util.concurrent.locks in JSSE xuelei parents: 53289 diff changeset	564	} finally {
dfba4e321ab3 8221882: Use fiber-friendly java.util.concurrent.locks in JSSE xuelei parents: 53289 diff changeset	565	outputRecord.recordLock.unlock();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569	// Note; HandshakeStatus.FINISHED status is retrieved in other places.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	HandshakeStatus getHandshakeStatus() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	if (!outputRecord.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	// If no handshaking, special case to wrap alters or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573	// post-handshake messages.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574	return HandshakeStatus.NEED_WRAP;
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	575	} else if (isOutboundClosed() && isInboundClosed()) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	576	return HandshakeStatus.NOT_HANDSHAKING;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	} else if (handshakeContext != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	if (!handshakeContext.delegatedActions.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	return HandshakeStatus.NEED_TASK;
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	580	} else if (!isInboundClosed()) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	581	if (sslContext.isDTLS() &&
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	582	!inputRecord.isEmpty()) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	583	return HandshakeStatus.NEED_UNWRAP_AGAIN;
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	584	} else {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	585	return HandshakeStatus.NEED_UNWRAP;
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	586	}
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	587	} else if (!isOutboundClosed()) {
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	588	// Special case that the inbound was closed, but outbound open.
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	589	return HandshakeStatus.NEED_WRAP;
53289 5022a4915fe9 8214418: half-closed SSLEngine status may cause application dead loop xuelei parents: 53064 diff changeset	590	} // Otherwise, both inbound and outbound are closed.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	return HandshakeStatus.NOT_HANDSHAKING;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	HandshakeStatus finishHandshake() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	if (protocolVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	outputRecord.tc = this;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599	inputRecord.tc = this;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	cipherSuite = handshakeContext.negotiatedCipherSuite;
51407 910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	601	inputRecord.readCipher.baseSecret =
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	602	handshakeContext.baseReadSecret;
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	603	outputRecord.writeCipher.baseSecret =
910f7b56592f 8207009: TLS 1.3 half-close and synchronization issues xuelei parents: 51141 diff changeset	604	handshakeContext.baseWriteSecret;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	handshakeContext = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	outputRecord.handshakeHash.finish();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609	inputRecord.finishHandshake();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	outputRecord.finishHandshake();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611	isNegotiated = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	// Tell folk about handshake completion, but do it in a separate thread.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614	if (transport instanceof SSLSocket &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615	sslConfig.handshakeListeners != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	!sslConfig.handshakeListeners.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	HandshakeCompletedEvent hce =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	new HandshakeCompletedEvent((SSLSocket)transport, conSession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619	Thread thread = new Thread(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	null,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	new NotifyHandshake(sslConfig.handshakeListeners, hce),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	"HandshakeCompletedNotify-Thread",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623	0,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624	false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	thread.start();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	return HandshakeStatus.FINISHED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	HandshakeStatus finishPostHandshake() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	handshakeContext = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	// Note: May need trigger handshake completion even for post-handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	// authentication in the future.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637	return HandshakeStatus.FINISHED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	// A separate thread is allocated to deliver handshake completion
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	// events.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	private static class NotifyHandshake implements Runnable {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643	private final Set<Map.Entry<HandshakeCompletedListener,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	AccessControlContext>> targets; // who gets notified
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645	private final HandshakeCompletedEvent event; // the notification
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	NotifyHandshake(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	Map<HandshakeCompletedListener,AccessControlContext> listeners,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	HandshakeCompletedEvent event) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650	this.targets = new HashSet<>(listeners.entrySet()); // clone
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	this.event = event;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	public void run() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	// Don't need to synchronize, as it only runs in one thread.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	for (Map.Entry<HandshakeCompletedListener,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658	AccessControlContext> entry : targets) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	final HandshakeCompletedListener listener = entry.getKey();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	AccessControlContext acc = entry.getValue();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661	AccessController.doPrivileged(new PrivilegedAction<Void>() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	public Void run() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	listener.handshakeCompleted(event);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	}, acc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671	}

author	chegar
	Thu, 17 Oct 2019 20:54:25 +0100
branch	datagramsocketimpl-branch
changeset 58679	9c3209ff7550
parent 58678	9cf78a70fa4f
parent 55353	946f7f2d321c
permissions	-rw-r--r--