Skip to content

Commit

Permalink
BCJSSE: Handle SSLEngine closure prior to handshake
Browse files Browse the repository at this point in the history
  • Loading branch information
@peterdettman
peterdettman committed Apr 30, 2019
1 parent c2813bf commit 34993a7
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 12 deletions.
1 change: 1 addition & 0 deletions docs/releasenotes.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ <h3>2.1.2 Defects Fixed</h3>
<li>DTLS: Retransmission timers now properly apply to flights monolithically.</li>
<li>BCJSSE: setEnabledCipherSuites ignores unsupported cipher suites.</li>
<li>BCJSSE: SSLSocket implementations store passed-in 'host' before connecting.</li>
<li>BCJSSE: Handle SSLEngine closure prior to handshake.</li>
</ul>
<h3>2.1.3 Additional Features and Functionality</h3>
<ul>
Expand Down
53 changes: 41 additions & 12 deletions tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLEngine.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
Expand Down Expand Up @@ -38,13 +40,16 @@ class ProvSSLEngine
extends SSLEngine
implements BCSSLEngine, ProvTlsManager
{
private static final Logger LOG = Logger.getLogger(ProvSSLEngine.class.getName());

protected final ProvSSLContextSpi context;
protected final ContextData contextData;
protected final ProvSSLParameters sslParameters;

protected boolean enableSessionCreation = true;
protected boolean useClientMode = false;

protected boolean closedEarly = false;
protected boolean initialHandshakeBegun = false;
protected HandshakeStatus handshakeStatus = HandshakeStatus.NOT_HANDSHAKING;
protected TlsProtocol protocol = null;
Expand Down Expand Up @@ -86,6 +91,10 @@ public ContextData getContextData()
public synchronized void beginHandshake()
throws SSLException
{
if (closedEarly)
{
throw new SSLException("Connection is already closed");
}
if (initialHandshakeBegun)
{
throw new UnsupportedOperationException("Renegotiation not supported");
Expand Down Expand Up @@ -166,28 +175,48 @@ public String chooseServerAlias(String keyType, Principal[] issuers)
public synchronized void closeInbound()
throws SSLException
{
// TODO How to behave when protocol is still null?
try
if (closedEarly)
{
protocol.closeInput();
// SSLEngine already closed before any handshake attempted
}
catch (IOException e)
else if (null == protocol)
{
throw new SSLException(e);
this.closedEarly = true;
}
else
{
try
{
protocol.closeInput();
}
catch (IOException e)
{
throw new SSLException(e);
}
}
}

@Override
public synchronized void closeOutbound()
{
// TODO How to behave when protocol is still null?
try
if (closedEarly)
{
protocol.close();
// SSLEngine already closed before any handshake attempted
}
catch (IOException e)
else if (null == protocol)
{
this.closedEarly = true;
}
else
{
// TODO[logging]
try
{
protocol.close();
}
catch (IOException e)
{
LOG.log(Level.WARNING, "Failed to close outbound", e);
}
}
}

Expand Down Expand Up @@ -306,13 +335,13 @@ public synchronized boolean getWantClientAuth()
@Override
public synchronized boolean isInboundDone()
{
return protocol != null && protocol.isClosed();
return closedEarly || (null != protocol && protocol.isClosed());
}

@Override
public synchronized boolean isOutboundDone()
{
return protocol != null && protocol.isClosed() && protocol.getAvailableOutputBytes() < 1;
return closedEarly || (null != protocol && protocol.isClosed() && protocol.getAvailableOutputBytes() < 1);
}

public synchronized void setBCHandshakeApplicationProtocolSelector(BCApplicationProtocolSelector<SSLEngine> selector)
Expand Down

0 comments on commit 34993a7

Please sign in to comment.