< prev index next >

src/java.base/share/classes/sun/security/ssl/InputRecord.java

Print this page


   1 /*
   2  * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.io.Closeable;
  29 import java.io.IOException;
  30 import java.io.InputStream;
  31 import java.io.OutputStream;
  32 import java.nio.BufferUnderflowException;
  33 import java.nio.ByteBuffer;
  34 import java.util.concurrent.locks.ReentrantLock;
  35 import javax.crypto.BadPaddingException;
  36 import sun.security.ssl.SSLCipher.SSLReadCipher;
  37 
  38 /**
  39  * {@code InputRecord} takes care of the management of SSL/TLS/DTLS input
  40  * records, including buffering, decryption, handshake messages marshal, etc.
  41  *
  42  * @author David Brownell
  43  */
  44 abstract class InputRecord implements Record, Closeable {
  45     SSLReadCipher       readCipher;
  46     // Needed for KeyUpdate, used after Handshake.Finished
  47     TransportContext    tc;
  48 
  49     final HandshakeHash handshakeHash;
  50     volatile boolean    isClosed;
  51 
  52     // The ClientHello version to accept. If set to ProtocolVersion.SSL20Hello
  53     // and the first message we read is a ClientHello in V2 format, we convert
  54     // it to V3. Otherwise we throw an exception when encountering a V2 hello.
  55     ProtocolVersion     helloVersion;
  56 
  57     // fragment size
  58     int                 fragmentSize;
  59 
  60     final ReentrantLock recordLock = new ReentrantLock();
  61 
  62     InputRecord(HandshakeHash handshakeHash, SSLReadCipher readCipher) {
  63         this.readCipher = readCipher;
  64         this.helloVersion = ProtocolVersion.TLS10;
  65         this.handshakeHash = handshakeHash;
  66         this.isClosed = false;
  67         this.fragmentSize = Record.maxDataSize;
  68     }
  69 
  70     void setHelloVersion(ProtocolVersion helloVersion) {
  71         this.helloVersion = helloVersion;
  72     }
  73 
  74     boolean seqNumIsHuge() {
  75         return (readCipher.authenticator != null) &&
  76                         readCipher.authenticator.seqNumIsHuge();
  77     }
  78 
  79     boolean isEmpty() {
  80         return false;
  81     }
  82 
  83     // apply to DTLS SSLEngine
  84     void expectingFinishFlight() {
  85         // blank
  86     }
  87 
  88     // apply to DTLS SSLEngine
  89     void finishHandshake() {
  90         // blank
  91     }
  92 
  93     /**
  94      * Prevent any more data from being read into this record,
  95      * and flag the record as holding no data.
  96      */
  97     @Override
  98     public void close() throws IOException {
  99         recordLock.lock();
 100         try {
 101             if (!isClosed) {
 102                 isClosed = true;
 103                 readCipher.dispose();
 104             }
 105         } finally {
 106             recordLock.unlock();
 107         }
 108     }
 109 
 110     boolean isClosed() {
 111         return isClosed;
 112     }
 113 
 114     // apply to SSLSocket and SSLEngine
 115     void changeReadCiphers(SSLReadCipher readCipher) {
 116 
 117         /*
 118          * Dispose of any intermediate state in the underlying cipher.
 119          * For PKCS11 ciphers, this will release any attached sessions,
 120          * and thus make finalization faster.
 121          *
 122          * Since MAC's doFinal() is called for every SSL/TLS packet, it's
 123          * not necessary to do the same with MAC's.
 124          */
 125         readCipher.dispose();
 126 
 127         this.readCipher = readCipher;
 128     }
 129 
 130     // change fragment size


   1 /*
   2  * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.io.Closeable;
  29 import java.io.IOException;
  30 import java.io.InputStream;
  31 import java.io.OutputStream;
  32 import java.nio.BufferUnderflowException;
  33 import java.nio.ByteBuffer;

  34 import javax.crypto.BadPaddingException;
  35 import sun.security.ssl.SSLCipher.SSLReadCipher;
  36 
  37 /**
  38  * {@code InputRecord} takes care of the management of SSL/TLS/DTLS input
  39  * records, including buffering, decryption, handshake messages marshal, etc.
  40  *
  41  * @author David Brownell
  42  */
  43 abstract class InputRecord implements Record, Closeable {
  44     SSLReadCipher       readCipher;
  45     // Needed for KeyUpdate, used after Handshake.Finished
  46     TransportContext            tc;
  47 
  48     final HandshakeHash handshakeHash;
  49     boolean             isClosed;
  50 
  51     // The ClientHello version to accept. If set to ProtocolVersion.SSL20Hello
  52     // and the first message we read is a ClientHello in V2 format, we convert
  53     // it to V3. Otherwise we throw an exception when encountering a V2 hello.
  54     ProtocolVersion     helloVersion;
  55 
  56     // fragment size
  57     int                 fragmentSize;
  58 


  59     InputRecord(HandshakeHash handshakeHash, SSLReadCipher readCipher) {
  60         this.readCipher = readCipher;
  61         this.helloVersion = ProtocolVersion.TLS10;
  62         this.handshakeHash = handshakeHash;
  63         this.isClosed = false;
  64         this.fragmentSize = Record.maxDataSize;
  65     }
  66 
  67     void setHelloVersion(ProtocolVersion helloVersion) {
  68         this.helloVersion = helloVersion;
  69     }
  70 
  71     boolean seqNumIsHuge() {
  72         return (readCipher.authenticator != null) &&
  73                         readCipher.authenticator.seqNumIsHuge();
  74     }
  75 
  76     boolean isEmpty() {
  77         return false;
  78     }
  79 
  80     // apply to DTLS SSLEngine
  81     void expectingFinishFlight() {
  82         // blank
  83     }
  84 
  85     // apply to DTLS SSLEngine
  86     void finishHandshake() {
  87         // blank
  88     }
  89 
  90     /**
  91      * Prevent any more data from being read into this record,
  92      * and flag the record as holding no data.
  93      */
  94     @Override
  95     public synchronized void close() throws IOException {
  96         if (!isClosed) {
  97             isClosed = true;
  98             readCipher.dispose();





  99         }
 100     }
 101 
 102     synchronized boolean isClosed() {
 103         return isClosed;
 104     }
 105 
 106     // apply to SSLSocket and SSLEngine
 107     void changeReadCiphers(SSLReadCipher readCipher) {
 108 
 109         /*
 110          * Dispose of any intermediate state in the underlying cipher.
 111          * For PKCS11 ciphers, this will release any attached sessions,
 112          * and thus make finalization faster.
 113          *
 114          * Since MAC's doFinal() is called for every SSL/TLS packet, it's
 115          * not necessary to do the same with MAC's.
 116          */
 117         readCipher.dispose();
 118 
 119         this.readCipher = readCipher;
 120     }
 121 
 122     // change fragment size


< prev index next >