|
1 /* |
|
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 package sun.security.ssl; |
|
27 |
|
28 import java.io.EOFException; |
|
29 import java.io.IOException; |
|
30 import java.nio.ByteBuffer; |
|
31 import javax.crypto.BadPaddingException; |
|
32 import javax.net.ssl.SSLHandshakeException; |
|
33 |
|
34 /** |
|
35 * Interface for SSL/(D)TLS transportation. |
|
36 */ |
|
37 interface SSLTransport { |
|
38 |
|
39 /** |
|
40 * Returns the host name of the peer. |
|
41 * |
|
42 * @return the host name of the peer, or null if nothing is |
|
43 * available. |
|
44 */ |
|
45 String getPeerHost(); |
|
46 |
|
47 /** |
|
48 * Returns the port number of the peer. |
|
49 * |
|
50 * @return the port number of the peer, or -1 if nothing is |
|
51 * available. |
|
52 */ |
|
53 int getPeerPort(); |
|
54 |
|
55 /** |
|
56 * Shutdown the transport. |
|
57 */ |
|
58 default void shutdown() throws IOException { |
|
59 // blank |
|
60 } |
|
61 |
|
62 /** |
|
63 * Return true if delegated tasks used for handshaking operations. |
|
64 * |
|
65 * @return true if delegated tasks used for handshaking operations. |
|
66 */ |
|
67 boolean useDelegatedTask(); |
|
68 |
|
69 /** |
|
70 * Decodes an array of SSL/(D)TLS network source data into the |
|
71 * destination application data buffers. |
|
72 * |
|
73 * For SSL/TLS connections, if no source data, the network data may be |
|
74 * received from the underlying underlying SSL/TLS input stream. |
|
75 * |
|
76 * @param context the transportation context |
|
77 * @param srcs an array of {@code ByteBuffers} containing the |
|
78 * inbound network data |
|
79 * @param srcsOffset The offset within the {@code srcs} buffer array |
|
80 * of the first buffer from which bytes are to be |
|
81 * retrieved; it must be non-negative and no larger |
|
82 * than {@code srcs.length}. |
|
83 * @param srcsLength The maximum number of {@code srcs} buffers to be |
|
84 * accessed; it must be non-negative and no larger than |
|
85 * {@code srcs.length} - {@code srcsOffset}. |
|
86 * @param dsts an array of {@code ByteBuffers} to hold inbound |
|
87 * application data |
|
88 * @param dstsOffset The offset within the {@code dsts} buffer array |
|
89 * of the first buffer from which bytes are to be |
|
90 * placed; it must be non-negative and no larger |
|
91 * than {@code dsts.length}. |
|
92 * @param dstsLength The maximum number of {@code dsts} buffers to be |
|
93 * accessed; it must be non-negative and no larger than |
|
94 * {@code dsts.length} - {@code dstsOffset}. |
|
95 * |
|
96 * @return a {@code Plaintext} describing the result of |
|
97 * the operation |
|
98 * @throws IOException if a problem was encountered while receiving or |
|
99 * decoding networking data |
|
100 */ |
|
101 static Plaintext decode(TransportContext context, |
|
102 ByteBuffer[] srcs, int srcsOffset, int srcsLength, |
|
103 ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws IOException { |
|
104 |
|
105 Plaintext[] plaintexts = null; |
|
106 try { |
|
107 plaintexts = |
|
108 context.inputRecord.decode(srcs, srcsOffset, srcsLength); |
|
109 } catch (UnsupportedOperationException unsoe) { // SSLv2Hello |
|
110 // Hack code to deliver SSLv2 error message for SSL/TLS connections. |
|
111 if (!context.sslContext.isDTLS()) { |
|
112 context.outputRecord.encodeV2NoCipher(); |
|
113 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { |
|
114 SSLLogger.finest("may be talking to SSLv2"); |
|
115 } |
|
116 } |
|
117 |
|
118 context.fatal(Alert.UNEXPECTED_MESSAGE, unsoe); |
|
119 } catch (BadPaddingException bpe) { |
|
120 /* |
|
121 * The basic SSLv3 record protection involves (optional) |
|
122 * encryption for privacy, and an integrity check ensuring |
|
123 * data origin authentication. We do them both here, and |
|
124 * throw a fatal alert if the integrity check fails. |
|
125 */ |
|
126 Alert alert = (context.handshakeContext != null) ? |
|
127 Alert.HANDSHAKE_FAILURE : |
|
128 Alert.BAD_RECORD_MAC; |
|
129 context.fatal(alert, bpe); |
|
130 } catch (SSLHandshakeException she) { |
|
131 // may be record sequence number overflow |
|
132 context.fatal(Alert.HANDSHAKE_FAILURE, she); |
|
133 } catch (EOFException eofe) { |
|
134 // rethrow EOFException, the call will handle it if neede. |
|
135 throw eofe; |
|
136 } catch (IOException ioe) { |
|
137 context.fatal(Alert.UNEXPECTED_MESSAGE, ioe); |
|
138 } |
|
139 |
|
140 if (plaintexts == null || plaintexts.length == 0) { |
|
141 // Connection closed or record should be discarded. |
|
142 return Plaintext.PLAINTEXT_NULL; |
|
143 } |
|
144 |
|
145 Plaintext finalPlaintext = Plaintext.PLAINTEXT_NULL; |
|
146 for (Plaintext plainText : plaintexts) { |
|
147 // plainText should never be null for TLS protocols |
|
148 if (plainText == Plaintext.PLAINTEXT_NULL) { |
|
149 // Only happens for DTLS protocols. |
|
150 // |
|
151 // Received a retransmitted flight, and need to retransmit the |
|
152 // previous delivered handshake flight messages. |
|
153 if (context.handshakeContext != null && |
|
154 context.handshakeContext.sslConfig.enableRetransmissions && |
|
155 context.sslContext.isDTLS()) { |
|
156 if (SSLLogger.isOn && SSLLogger.isOn("ssl,verbose")) { |
|
157 SSLLogger.finest("retransmited handshake flight"); |
|
158 } |
|
159 |
|
160 context.outputRecord.launchRetransmission(); |
|
161 } // Otherwise, discard the retransmitted flight. |
|
162 } else if (plainText != null && |
|
163 plainText.contentType != ContentType.APPLICATION_DATA.id) { |
|
164 context.dispatch(plainText); |
|
165 } |
|
166 |
|
167 if (plainText == null) { |
|
168 plainText = Plaintext.PLAINTEXT_NULL; |
|
169 } else { |
|
170 // File the destination buffers. |
|
171 if (dsts != null && dstsLength > 0 && |
|
172 plainText.contentType == ContentType.APPLICATION_DATA.id) { |
|
173 |
|
174 ByteBuffer fragment = plainText.fragment; |
|
175 int remains = fragment.remaining(); |
|
176 |
|
177 // Should have enough room in the destination buffers. |
|
178 int limit = dstsOffset + dstsLength; |
|
179 for (int i = dstsOffset; |
|
180 ((i < limit) && (remains > 0)); i++) { |
|
181 |
|
182 int amount = Math.min(dsts[i].remaining(), remains); |
|
183 fragment.limit(fragment.position() + amount); |
|
184 dsts[i].put(fragment); |
|
185 remains -= amount; |
|
186 |
|
187 if (!dsts[i].hasRemaining()) { |
|
188 dstsOffset++; |
|
189 } |
|
190 } |
|
191 |
|
192 if (remains > 0) { |
|
193 context.fatal(Alert.INTERNAL_ERROR, |
|
194 "no sufficient room in the destination buffers"); |
|
195 } |
|
196 } |
|
197 } |
|
198 |
|
199 finalPlaintext = plainText; |
|
200 } |
|
201 |
|
202 return finalPlaintext; |
|
203 } |
|
204 } |