package com.hibegin.http.server.handler; /* * @(#)ChannelIOSecure.java 1.2 04/07/26 * * Copyright (c) 2004 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * -Redistribution of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * -Redistribution in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MIDROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed, licensed or intended * for use in the design, construction, operation or maintenance of any * nuclear facility. */ import com.hibegin.common.util.BytesUtil; import com.hibegin.common.util.LoggerUtil; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLEngineResult.HandshakeStatus; import javax.net.ssl.SSLEngineResult.Status; import javax.net.ssl.SSLException; import java.io.EOFException; import java.io.IOException; import java.nio.ByteBuffer; import java.nio.channels.SelectionKey; import java.nio.channels.SocketChannel; import java.util.logging.Level; import java.util.logging.Logger; /** * A helper class which performs I/O using the SSLEngine API. * <p> * Each connection has a SocketChannel and a SSLEngine that is * used through the lifetime of the Channel. We allocate byte buffers * for use as the outbound and inbound network buffers. * <p> * <PRE> * Application Data * src requestBB * | ^ * | | | * v | | * +----+-----|-----+----+ * | | | * | SSL|Engine | * wrap() | | | unwrap() * | OUTBOUND | INBOUND | * | | | * +----+-----|-----+----+ * | | ^ * | | | * v | * outNetBB inNetBB * Net data * </PRE> * <p> * These buffers handle all of the intermediary data for the SSL * connection. To make things easy, we'll require outNetBB be * completely flushed before trying to wrap any more data, but we * could certainly remove that restriction by using larger buffers. * <p> * There are many, many ways to handle compute and I/O strategies. * What follows is a relatively simple one. The reader is encouraged * to develop the strategy that best fits the application. * <p> * In most of the non-blocking operations in this class, we let the * Selector tell us when we're ready to attempt an I/O operation (by the * application repeatedly calling our methods). Another option would be * to attempt the operation and return from the method when no forward * progress can be made. * <p> * There's lots of room for enhancements and improvement in this example. * <p> * We're checking for SSL/TLS end-of-stream truncation attacks via * sslEngine.closeInbound(). When you reach the end of a input stream * via a read() returning -1 or an IOException, we call * sslEngine.closeInbound() to signal to the sslEngine that no more * input will be available. If the peer's close_notify message has not * yet been received, this could indicate a trucation attack, in which * an attacker is trying to prematurely close the connection. The * closeInbound() will throw an exception if this condition were * present. * * @author Brad R. Wetmore * @author Mark Reinhold * @version 1.2, 04/07/26 */ public class SslReadWriteSelectorHandler extends PlainReadWriteSelectorHandler { private static final Logger LOGGER = LoggerUtil.getLogger(SslReadWriteSelectorHandler.class); /** * An empty ByteBuffer for use when one isn't available, say * as a source buffer during initial handshake wraps or for close * operations. */ private static ByteBuffer hsBB = ByteBuffer.allocate(0); private SSLEngine sslEngine; /** * All I/O goes through these buffers. * <p> * It might be nice to use a cache of ByteBuffers so we're * not alloc/dealloc'ing ByteBuffer's for each new SSLEngine. * <p> * We use our superclass' requestBB for our application input buffer. * Outbound application data is supplied to us by our callers. */ private ByteBuffer inNetBB; private ByteBuffer outNetBB; /** * The FileChannel we're currently transferTo'ing (reading). */ private ByteBuffer fileChannelBB = null; /** * During our initial handshake, keep track of the next * SSLEngine operation that needs to occur: * <p> * NEED_WRAP/NEED_UNWRAP * <p> * Once the initial handshake has completed, we can short circuit * handshake checks with initialHSComplete. */ private HandshakeStatus initialHSStatus; private boolean initialHSComplete; /** * We have received the shutdown request by our caller, and have * closed our outbound side. */ private boolean shutdown = false; /** * Constructor for a secure ChannelIO variant. */ public SslReadWriteSelectorHandler(SocketChannel sc, SelectionKey selectionKey, SSLContext sslContext) throws IOException { super(sc); sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(false); initialHSStatus = HandshakeStatus.NEED_UNWRAP; initialHSComplete = false; int netBBSize = sslEngine.getSession().getPacketBufferSize(); inNetBB = ByteBuffer.allocate(netBBSize); outNetBB = ByteBuffer.allocate(netBBSize); outNetBB.position(0); outNetBB.limit(0); int appBBSize = sslEngine.getSession().getApplicationBufferSize(); requestBB = ByteBuffer.allocate(appBBSize); while (!doHandshake(selectionKey)) { } } /** * Writes bb to the SocketChannel. * <p> * Returns true when the ByteBuffer has no remaining data. */ private boolean tryFlush(ByteBuffer bb) throws IOException { sc.write(bb); return !bb.hasRemaining(); } /** * Perform any handshaking processing. * <p> * If a SelectionKey is passed, register for selectable * operations. * <p> * In the blocking case, our caller will keep calling us until * we finish the handshake. Our reads/writes will block as expected. * <p> * In the non-blocking case, we just received the selection notification * that this channel is ready for whatever the operation is, so give * it a try. * <p> * return: * true when handshake is done. * false while handshake is in progress */ boolean doHandshake(SelectionKey sk) throws IOException { SSLEngineResult result; if (initialHSComplete) { return true; } /* * Flush out the outgoing buffer, if there's anything left in * it. */ if (outNetBB.hasRemaining()) { if (!tryFlush(outNetBB)) { return false; } // See if we need to switch from write to read mode. switch (initialHSStatus) { /* * Is this the last buffer? */ case FINISHED: initialHSComplete = true; // Fall-through to reregister need for a Read. case NEED_UNWRAP: if (sk != null) { sk.interestOps(SelectionKey.OP_READ); } break; } return initialHSComplete; } switch (initialHSStatus) { case NEED_UNWRAP: if (sc.read(inNetBB) == -1) { sslEngine.closeInbound(); return initialHSComplete; } needIO: while (initialHSStatus == HandshakeStatus.NEED_UNWRAP) { /* * Don't need to resize requestBB, since no app data should * be generated here. */ inNetBB.flip(); result = sslEngine.unwrap(inNetBB, requestBB); inNetBB.compact(); initialHSStatus = result.getHandshakeStatus(); switch (result.getStatus()) { case OK: switch (initialHSStatus) { case NOT_HANDSHAKING: throw new IOException( "Not handshaking during initial handshake"); case NEED_TASK: initialHSStatus = doTasks(); break; case FINISHED: initialHSComplete = true; break needIO; } break; case BUFFER_UNDERFLOW: /* * Need to go reread the Channel for more data. */ if (sk != null) { sk.interestOps(SelectionKey.OP_READ); } break needIO; default: // BUFFER_OVERFLOW/CLOSED: throw new IOException("Received" + result.getStatus() + "during initial handshaking"); } } // "needIO" block. /* * Just transitioned from read to write. */ if (initialHSStatus != HandshakeStatus.NEED_WRAP) { break; } // Fall through and fill the write buffers. case NEED_WRAP: /* * The flush above guarantees the out buffer to be empty */ outNetBB.clear(); result = sslEngine.wrap(hsBB, outNetBB); outNetBB.flip(); initialHSStatus = result.getHandshakeStatus(); switch (result.getStatus()) { case OK: if (initialHSStatus == HandshakeStatus.NEED_TASK) { initialHSStatus = doTasks(); } if (sk != null) { sk.interestOps(SelectionKey.OP_WRITE); } break; default: // BUFFER_OVERFLOW/BUFFER_UNDERFLOW/CLOSED: throw new IOException("Received" + result.getStatus() + "during initial handshaking"); } break; default: // NOT_HANDSHAKING/NEED_TASK/FINISHED throw new RuntimeException("Invalid Handshaking State" + initialHSStatus); } // switch return initialHSComplete; } /** * Do all the outstanding handshake tasks in the current Thread. */ private SSLEngineResult.HandshakeStatus doTasks() { Runnable runnable; /* * We could run this in a separate thread, but * do in the current for now. */ while ((runnable = sslEngine.getDelegatedTask()) != null) { runnable.run(); } return sslEngine.getHandshakeStatus(); } /** * Read the channel for more information, then unwrap the * (hopefully application) data we get. * <p> * If we run out of data, we'll return to our caller (possibly using * a Selector) to get notification that more is available. * <p> * Each call to this method will perform at most one underlying read(). */ @Override public ByteBuffer handleRead() throws IOException { readLock.lock(); try { checkRequestBB(); SSLEngineResult result; if (!initialHSComplete) { throw new IllegalStateException(); } int pos = requestBB.position(); if (sc.read(inNetBB) == -1) { // probably throws exception sslEngine.closeInbound(); throw new EOFException(); } do { // guarantees enough room for unwrap resizeRequestBB(inNetBB.remaining()); inNetBB.flip(); result = sslEngine.unwrap(inNetBB, requestBB); inNetBB.compact(); /* * Could check here for a renegotation, but we're only * doing a simple read/write, and won't have enough state * transitions to do a complete handshake, so ignore that * possibility. */ switch (result.getStatus()) { case BUFFER_UNDERFLOW: case OK: if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { doTasks(); } break; default: throw new IOException("sslEngine error during data read: " + result.getStatus()); } } while ((inNetBB.position() != 0) && result.getStatus() != Status.BUFFER_UNDERFLOW); int readLength = requestBB.position() - pos; ByteBuffer byteBuffer = ByteBuffer.allocate(readLength); byteBuffer.put(BytesUtil.subBytes(requestBB.array(), pos, readLength)); return byteBuffer; } catch (IOException e) { close(); throw e; } finally { readLock.unlock(); } } /** * Try to flush out any existing outbound data, then try to wrap * anything new contained in the src buffer. * <p> * Return the number of bytes actually consumed from the buffer, * but the data may actually be still sitting in the output buffer, * waiting to be flushed. */ private int doWrite(ByteBuffer src) throws IOException { int retValue = 0; if (outNetBB.hasRemaining() && !tryFlush(outNetBB)) { return retValue; } /* * The data buffer is empty, we can reuse the entire buffer. */ outNetBB.clear(); SSLEngineResult result = sslEngine.wrap(src, outNetBB); retValue = result.bytesConsumed(); outNetBB.flip(); if (result.getStatus() == Status.OK) { if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { doTasks(); } } else { throw new IOException("sslEngine error during data write: " + result.getStatus()); } /* * Try to flush the data, regardless of whether or not * it's been selected. Odds of a write buffer being full * is less than a read buffer being empty. */ tryFlush(src); if (outNetBB.hasRemaining()) { tryFlush(outNetBB); } return retValue; } /** * Flush any remaining data. * <p> * Return true when the fileChannelBB and outNetBB are empty. */ private boolean dataFlush() throws IOException { boolean fileFlushed = true; if ((fileChannelBB != null) && fileChannelBB.hasRemaining()) { doWrite(fileChannelBB); fileFlushed = !fileChannelBB.hasRemaining(); } else if (outNetBB.hasRemaining()) { tryFlush(outNetBB); } return (fileFlushed && !outNetBB.hasRemaining()); } /** * Begin the shutdown process. * <p> * Close out the SSLEngine if not already done so, then * wrap our outgoing close_notify message and try to send it on. * <p> * Return true when we're done passing the shutdown messsages. */ private boolean shutdown() throws IOException { if (!shutdown) { sslEngine.closeOutbound(); shutdown = true; } if (outNetBB.hasRemaining() && tryFlush(outNetBB)) { return false; } /* * By RFC 2616, we can "fire and forget" our close_notify * message, so that's what we'll do here. */ outNetBB.clear(); SSLEngineResult result = sslEngine.wrap(hsBB, outNetBB); if (result.getStatus() != Status.CLOSED) { throw new SSLException("Improper close state"); } outNetBB.flip(); /* * We won't wait for a select here, but if this doesn't work, * we'll cycle back through on the next select. */ if (outNetBB.hasRemaining()) { tryFlush(outNetBB); } return (!outNetBB.hasRemaining() && (result.getHandshakeStatus() != HandshakeStatus.NEED_WRAP)); } @Override public void handleWrite(ByteBuffer byteBuffer) throws IOException { writeLock.lock(); try { while (byteBuffer.hasRemaining() && sc.isOpen()) { int len = doWrite(byteBuffer); if (len < 0) { throw new EOFException(); } } } finally { writeLock.unlock(); } } @Override public void close() { try { while (!dataFlush()) { } do { } while (!shutdown()); super.close(); } catch (IOException e) { LOGGER.log(Level.SEVERE, "", e); } } }