jdk-sandbox: comparison src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java

equal deleted inserted replaced

-:356eaea05bf0
+:68fa3d4026ea
 /*
-* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * questions.
 */
 package sun.security.ssl;
-import java.io.*;
+import java.io.ByteArrayInputStream;
-import java.nio.*;
+import java.io.IOException;
-import java.util.Arrays;
+import java.io.OutputStream;
+import java.nio.ByteBuffer;
-import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLHandshakeException;
-import sun.security.util.HexDumpEncoder;
+import sun.security.ssl.KeyUpdate.KeyUpdateMessage;
+import sun.security.ssl.KeyUpdate.KeyUpdateRequest;
 /**
 * {@code OutputRecord} implementation for {@code SSLSocket}.
 */
 final class SSLSocketOutputRecord extends OutputRecord implements SSLRecord {
 private OutputStream deliverStream = null;
-SSLSocketOutputRecord() {
+SSLSocketOutputRecord(HandshakeHash handshakeHash) {
-this.writeAuthenticator = MAC.TLS_NULL;
+this(handshakeHash, null);
+}
+SSLSocketOutputRecord(HandshakeHash handshakeHash,
+TransportContext tc) {
+super(handshakeHash, SSLCipher.SSLWriteCipher.nullTlsWriteCipher());
+this.tc = tc;
 this.packetSize = SSLRecord.maxRecordSize;
-this.protocolVersion = ProtocolVersion.DEFAULT_TLS;
+this.protocolVersion = ProtocolVersion.NONE;
 }
 @Override
 void encodeAlert(byte level, byte description) throws IOException {
 // use the buf of ByteArrayOutputStream
 int position = headerSize + writeCipher.getExplicitNonceSize();
 count = position;
 write(level);
 write(description);
+if (SSLLogger.isOn && SSLLogger.isOn("record")) {
-if (debug != null && Debug.isOn("record")) {
+SSLLogger.fine("WRITE: " + protocolVersion +
-System.out.println(Thread.currentThread().getName() +
+" " + ContentType.ALERT.name +
-", WRITE: " + protocolVersion +
-" " + Record.contentName(Record.ct_alert) +
 ", length = " + (count - headerSize));
 }
 // Encrypt the fragment and wrap up a record.
-encrypt(writeAuthenticator, writeCipher,
+encrypt(writeCipher, ContentType.ALERT.id, headerSize);
-Record.ct_alert, headerSize);
 // deliver this message
 deliverStream.write(buf, 0, count);    // may throw IOException
 deliverStream.flush();                 // may throw IOException
-if (debug != null && Debug.isOn("packet")) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
-Debug.printHex(
+SSLLogger.fine("Raw write",
-"[Raw write]: length = " + count, buf, 0, count);
+(new ByteArrayInputStream(buf, 0, count)));
 }
 // reset the internal buffer
 count = 0;
 }
 @Override
 void encodeHandshake(byte[] source,
 int offset, int length) throws IOException {
 if (firstMessage) {
 firstMessage = false;
 if ((helloVersion == ProtocolVersion.SSL20Hello) &&
-(source[offset] == HandshakeMessage.ht_client_hello) &&
+(source[offset] == SSLHandshake.CLIENT_HELLO.id) &&
 //  5: recode header size
 (source[offset + 4 + 2 + 32] == 0)) {
 // V3 session ID is empty
 //  4: handshake header size
 //  2: client_version in ClientHello
 ByteBuffer v2ClientHello = encodeV2ClientHello(
 source, (offset + 4), (length - 4));
 byte[] record = v2ClientHello.array();  // array offset is zero
 int limit = v2ClientHello.limit();
-handshakeHash.update(record, 2, (limit - 2));
+handshakeHash.deliver(record, 2, (limit - 2));
-if (debug != null && Debug.isOn("record")) {
+if (SSLLogger.isOn && SSLLogger.isOn("record")) {
-System.out.println(Thread.currentThread().getName() +
+SSLLogger.fine(
-", WRITE: SSLv2 ClientHello message" +
+"WRITE: SSLv2 ClientHello message" +
 ", length = " + limit);
 }
 // deliver this message
 //
 // Version 2 ClientHello message should be plaintext.
 //
 // No max fragment length negotiation.
 deliverStream.write(record, 0, limit);
 deliverStream.flush();
-if (debug != null && Debug.isOn("packet")) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
-Debug.printHex(
+SSLLogger.fine("Raw write",
-"[Raw write]: length = " + count, record, 0, limit);
+(new ByteArrayInputStream(record, 0, limit)));
 }
 return;
 }
 }
 byte handshakeType = source[0];
-if (handshakeType != HandshakeMessage.ht_hello_request) {
+if (handshakeHash.isHashable(handshakeType)) {
-handshakeHash.update(source, offset, length);
+handshakeHash.deliver(source, offset, length);
 }
 int fragLimit = getFragLimit();
 int position = headerSize + writeCipher.getExplicitNonceSize();
 if (count == 0) {
 write(source, offset, fragLen);
 if (remains < fragLimit) {
 return;
 }
-if (debug != null && Debug.isOn("record")) {
+if (SSLLogger.isOn && SSLLogger.isOn("record")) {
-System.out.println(Thread.currentThread().getName() +
+SSLLogger.fine(
-", WRITE: " + protocolVersion +
+"WRITE: " + protocolVersion +
-" " + Record.contentName(Record.ct_handshake) +
+" " + ContentType.HANDSHAKE.name +
 ", length = " + (count - headerSize));
 }
 // Encrypt the fragment and wrap up a record.
-encrypt(writeAuthenticator, writeCipher,
+encrypt(writeCipher, ContentType.HANDSHAKE.id, headerSize);
-Record.ct_handshake, headerSize);
 // deliver this message
 deliverStream.write(buf, 0, count);    // may throw IOException
 deliverStream.flush();                 // may throw IOException
-if (debug != null && Debug.isOn("packet")) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
-Debug.printHex(
+SSLLogger.fine("Raw write",
-"[Raw write]: length = " + count, buf, 0, count);
+(new ByteArrayInputStream(buf, 0, count)));
 }
 // reset the offset
 offset += fragLen;
 int position = headerSize + writeCipher.getExplicitNonceSize();
 count = position;
 write((byte)1);         // byte 1: change_cipher_spec(
-if (debug != null && Debug.isOn("record")) {
-System.out.println(Thread.currentThread().getName() +
-", WRITE: " + protocolVersion +
-" " + Record.contentName(Record.ct_change_cipher_spec) +
-", length = " + (count - headerSize));
-}
 // Encrypt the fragment and wrap up a record.
-encrypt(writeAuthenticator, writeCipher,
+encrypt(writeCipher, ContentType.CHANGE_CIPHER_SPEC.id, headerSize);
-Record.ct_change_cipher_spec, headerSize);
 // deliver this message
 deliverStream.write(buf, 0, count);        // may throw IOException
 // deliverStream.flush();                  // flush in Finished
-if (debug != null && Debug.isOn("packet")) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
-Debug.printHex(
+SSLLogger.fine("Raw write",
-"[Raw write]: length = " + count, buf, 0, count);
+(new ByteArrayInputStream(buf, 0, count)));
 }
 // reset the internal buffer
 count = 0;
 }
 int position = headerSize + writeCipher.getExplicitNonceSize();
 if (count <= position) {
 return;
 }
-if (debug != null && Debug.isOn("record")) {
+if (SSLLogger.isOn && SSLLogger.isOn("record")) {
-System.out.println(Thread.currentThread().getName() +
+SSLLogger.fine(
-", WRITE: " + protocolVersion +
+"WRITE: " + protocolVersion +
-" " + Record.contentName(Record.ct_handshake) +
+" " + ContentType.HANDSHAKE.name +
 ", length = " + (count - headerSize));
 }
 // Encrypt the fragment and wrap up a record.
-encrypt(writeAuthenticator, writeCipher,
+encrypt(writeCipher, ContentType.HANDSHAKE.id, headerSize);
-Record.ct_handshake, headerSize);
 // deliver this message
 deliverStream.write(buf, 0, count);    // may throw IOException
 deliverStream.flush();                 // may throw IOException
-if (debug != null && Debug.isOn("packet")) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
-Debug.printHex(
+SSLLogger.fine("Raw write",
-"[Raw write]: length = " + count, buf, 0, count);
+(new ByteArrayInputStream(buf, 0, count)));
 }
 // reset the internal buffer
 count = 0;      // DON'T use position
 }
 @Override
 void deliver(byte[] source, int offset, int length) throws IOException {
+if (writeCipher.authenticator.seqNumOverflow()) {
-if (writeAuthenticator.seqNumOverflow()) {
+if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
-if (debug != null && Debug.isOn("ssl")) {
+SSLLogger.fine(
-System.out.println(Thread.currentThread().getName() +
+"sequence number extremely close to overflow " +
-", sequence number extremely close to overflow " +
 "(2^64-1 packets). Closing connection.");
 }
 throw new SSLHandshakeException("sequence number overflow");
 }
 boolean isFirstRecordOfThePayload = true;
 for (int limit = (offset + length); offset < limit;) {
-int macLen = 0;
-if (writeAuthenticator instanceof MAC) {
-macLen = ((MAC)writeAuthenticator).MAClen();
-}
 int fragLen;
 if (packetSize > 0) {
 fragLen = Math.min(maxRecordSize, packetSize);
-fragLen = writeCipher.calculateFragmentSize(
+fragLen =
-fragLen, macLen, headerSize);
+writeCipher.calculateFragmentSize(fragLen, headerSize);
 fragLen = Math.min(fragLen, Record.maxDataSize);
 } else {
 fragLen = Record.maxDataSize;
 }
 // use the buf of ByteArrayOutputStream
 int position = headerSize + writeCipher.getExplicitNonceSize();
 count = position;
 write(source, offset, fragLen);
-if (debug != null && Debug.isOn("record")) {
+if (SSLLogger.isOn && SSLLogger.isOn("record")) {
-System.out.println(Thread.currentThread().getName() +
+SSLLogger.fine(
-", WRITE: " + protocolVersion +
+"WRITE: " + protocolVersion +
-" " + Record.contentName(Record.ct_application_data) +
+" " + ContentType.APPLICATION_DATA.name +
-", length = " + (count - headerSize));
+", length = " + (count - position));
 }
 // Encrypt the fragment and wrap up a record.
-encrypt(writeAuthenticator, writeCipher,
+encrypt(writeCipher, ContentType.APPLICATION_DATA.id, headerSize);
-Record.ct_application_data, headerSize);
 // deliver this message
 deliverStream.write(buf, 0, count);    // may throw IOException
 deliverStream.flush();                 // may throw IOException
-if (debug != null && Debug.isOn("packet")) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
-Debug.printHex(
+SSLLogger.fine("Raw write",
-"[Raw write]: length = " + count, buf, 0, count);
+(new ByteArrayInputStream(buf, 0, count)));
 }
 // reset the internal buffer
 count = 0;
 if (isFirstAppOutputRecord) {
 isFirstAppOutputRecord = false;
 }
 offset += fragLen;
+// atKeyLimit() inactive when limits not checked, tc set when limits
+// are active.
+if (writeCipher.atKeyLimit()) {
+if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+SSLLogger.fine("KeyUpdate: triggered, write side.");
+}
+PostHandshakeContext p = new PostHandshakeContext(tc);
+KeyUpdate.handshakeProducer.produce(p,
+new KeyUpdateMessage(p, KeyUpdateRequest.REQUESTED));
+}
 }
 }
 @Override
 void setDeliverStream(OutputStream outputStream) {
 writeCipher.isCBCMode() && !isFirstAppOutputRecord &&
 Record.enableCBCProtection;
 }
 private int getFragLimit() {
-int macLen = 0;
-if (writeAuthenticator instanceof MAC) {
-macLen = ((MAC)writeAuthenticator).MAClen();
-}
 int fragLimit;
 if (packetSize > 0) {
 fragLimit = Math.min(maxRecordSize, packetSize);
-fragLimit = writeCipher.calculateFragmentSize(
+fragLimit =
-fragLimit, macLen, headerSize);
+writeCipher.calculateFragmentSize(fragLimit, headerSize);
 fragLimit = Math.min(fragLimit, Record.maxDataSize);
 } else {
 fragLimit = Record.maxDataSize;
 }

changeset 50768	68fa3d4026ea
parent 47216	71c04702a3d5
child 51407	910f7b56592f