|
1 /* |
|
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 package sun.security.ssl; |
|
27 |
|
28 import java.io.IOException; |
|
29 import java.nio.ByteBuffer; |
|
30 import javax.crypto.BadPaddingException; |
|
31 import javax.net.ssl.SSLHandshakeException; |
|
32 |
|
33 /** |
|
34 * Interface for SSL/(D)TLS transportation. |
|
35 */ |
|
36 interface SSLTransport { |
|
37 |
|
38 /** |
|
39 * Returns the host name of the peer. |
|
40 * |
|
41 * @return the host name of the peer, or null if nothing is |
|
42 * available. |
|
43 */ |
|
44 String getPeerHost(); |
|
45 |
|
46 /** |
|
47 * Returns the port number of the peer. |
|
48 * |
|
49 * @return the port number of the peer, or -1 if nothing is |
|
50 * available. |
|
51 */ |
|
52 int getPeerPort(); |
|
53 |
|
54 /** |
|
55 * Shutdown the transport. |
|
56 */ |
|
57 default void shutdown() throws IOException { |
|
58 // blank |
|
59 } |
|
60 |
|
61 /** |
|
62 * Return true if delegated tasks used for handshaking operations. |
|
63 * |
|
64 * @return true if delegated tasks used for handshaking operations. |
|
65 */ |
|
66 boolean useDelegatedTask(); |
|
67 |
|
68 /** |
|
69 * Decodes an array of SSL/(D)TLS network source data into the |
|
70 * destination application data buffers. |
|
71 * |
|
72 * For SSL/TLS connections, if no source data, the network data may be |
|
73 * received from the underlying underlying SSL/TLS input stream. |
|
74 * |
|
75 * @param context the transportation context |
|
76 * @param srcs an array of {@code ByteBuffers} containing the |
|
77 * inbound network data |
|
78 * @param srcsOffset The offset within the {@code srcs} buffer array |
|
79 * of the first buffer from which bytes are to be |
|
80 * retrieved; it must be non-negative and no larger |
|
81 * than {@code srcs.length}. |
|
82 * @param srcsLength The maximum number of {@code srcs} buffers to be |
|
83 * accessed; it must be non-negative and no larger than |
|
84 * {@code srcs.length} - {@code srcsOffset}. |
|
85 * @param dsts an array of {@code ByteBuffers} to hold inbound |
|
86 * application data |
|
87 * @param dstsOffset The offset within the {@code dsts} buffer array |
|
88 * of the first buffer from which bytes are to be |
|
89 * placed; it must be non-negative and no larger |
|
90 * than {@code dsts.length}. |
|
91 * @param dstsLength The maximum number of {@code dsts} buffers to be |
|
92 * accessed; it must be non-negative and no larger than |
|
93 * {@code dsts.length} - {@code dstsOffset}. |
|
94 * |
|
95 * @return a {@code Ciphertext} describing the result of |
|
96 * the operation |
|
97 * @throws IOException if a problem was encountered while receiving or |
|
98 * decoding networking data |
|
99 */ |
|
100 static Plaintext decode(TransportContext context, |
|
101 ByteBuffer[] srcs, int srcsOffset, int srcsLength, |
|
102 ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws IOException { |
|
103 |
|
104 Plaintext[] plaintexts = null; |
|
105 try { |
|
106 plaintexts = |
|
107 context.inputRecord.decode(srcs, srcsOffset, srcsLength); |
|
108 } catch (UnsupportedOperationException unsoe) { // SSLv2Hello |
|
109 // Hack code to deliver SSLv2 error message for SSL/TLS connections. |
|
110 if (!context.sslContext.isDTLS()) { |
|
111 context.outputRecord.encodeV2NoCipher(); |
|
112 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { |
|
113 SSLLogger.finest("may be talking to SSLv2"); |
|
114 } |
|
115 } |
|
116 |
|
117 context.fatal(Alert.UNEXPECTED_MESSAGE, unsoe); |
|
118 } catch (BadPaddingException bpe) { |
|
119 /* |
|
120 * The basic SSLv3 record protection involves (optional) |
|
121 * encryption for privacy, and an integrity check ensuring |
|
122 * data origin authentication. We do them both here, and |
|
123 * throw a fatal alert if the integrity check fails. |
|
124 */ |
|
125 Alert alert = (context.handshakeContext != null) ? |
|
126 Alert.HANDSHAKE_FAILURE : |
|
127 Alert.BAD_RECORD_MAC; |
|
128 context.fatal(alert, bpe); |
|
129 } catch (SSLHandshakeException she) { |
|
130 // may be record sequence number overflow |
|
131 context.fatal(Alert.HANDSHAKE_FAILURE, she); |
|
132 } catch (IOException ioe) { |
|
133 context.fatal(Alert.UNEXPECTED_MESSAGE, ioe); |
|
134 } |
|
135 |
|
136 if (plaintexts == null || plaintexts.length == 0) { |
|
137 // Connection closed or record should be discarded. |
|
138 return Plaintext.PLAINTEXT_NULL; |
|
139 } |
|
140 |
|
141 Plaintext finalPlaintext = Plaintext.PLAINTEXT_NULL; |
|
142 for (Plaintext plainText : plaintexts) { |
|
143 // plainText should never be null for TLS protocols |
|
144 if (plainText == Plaintext.PLAINTEXT_NULL) { |
|
145 // Only happens for DTLS protocols. |
|
146 // |
|
147 // Received a retransmitted flight, and need to retransmit the |
|
148 // previous delivered handshake flight messages. |
|
149 if (context.handshakeContext != null && |
|
150 context.handshakeContext.sslConfig.enableRetransmissions && |
|
151 context.sslContext.isDTLS()) { |
|
152 if (SSLLogger.isOn && SSLLogger.isOn("ssl,verbose")) { |
|
153 SSLLogger.finest("retransmited handshake flight"); |
|
154 } |
|
155 |
|
156 context.outputRecord.launchRetransmission(); |
|
157 } // Otherwise, discard the retransmitted flight. |
|
158 } else if (plainText != null && |
|
159 plainText.contentType != ContentType.APPLICATION_DATA.id) { |
|
160 context.dispatch(plainText); |
|
161 } |
|
162 |
|
163 if (plainText == null) { |
|
164 plainText = Plaintext.PLAINTEXT_NULL; |
|
165 } else { |
|
166 // File the destination buffers. |
|
167 if (dsts != null && dstsLength > 0 && |
|
168 plainText.contentType == ContentType.APPLICATION_DATA.id) { |
|
169 |
|
170 ByteBuffer fragment = plainText.fragment; |
|
171 int remains = fragment.remaining(); |
|
172 |
|
173 // Should have enough room in the destination buffers. |
|
174 int limit = dstsOffset + dstsLength; |
|
175 for (int i = dstsOffset; |
|
176 ((i < limit) && (remains > 0)); i++) { |
|
177 |
|
178 int amount = Math.min(dsts[i].remaining(), remains); |
|
179 fragment.limit(fragment.position() + amount); |
|
180 dsts[i].put(fragment); |
|
181 remains -= amount; |
|
182 |
|
183 if (!dsts[i].hasRemaining()) { |
|
184 dstsOffset++; |
|
185 } |
|
186 } |
|
187 |
|
188 if (remains > 0) { |
|
189 context.fatal(Alert.INTERNAL_ERROR, |
|
190 "no sufficient room in the destination buffers"); |
|
191 } |
|
192 } |
|
193 } |
|
194 |
|
195 finalPlaintext = plainText; |
|
196 } |
|
197 |
|
198 return finalPlaintext; |
|
199 } |
|
200 } |