/* * Copyright (C) 2007 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.conscrypt; import dalvik.system.BlockGuard; import dalvik.system.CloseGuard; import java.io.FileDescriptor; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.InetAddress; import java.net.Socket; import java.net.SocketException; import java.security.InvalidKeyException; import java.security.PrivateKey; import java.security.SecureRandom; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; import java.util.Set; import javax.net.ssl.HandshakeCompletedEvent; import javax.net.ssl.HandshakeCompletedListener; import javax.net.ssl.SSLException; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLProtocolException; import javax.net.ssl.SSLSession; import javax.net.ssl.X509TrustManager; import javax.security.auth.x500.X500Principal; import static libcore.io.OsConstants.*; import libcore.io.ErrnoException; import libcore.io.Libcore; import libcore.io.Streams; import libcore.io.StructTimeval; /** * Implementation of the class OpenSSLSocketImpl based on OpenSSL. *

* Extensions to SSLSocket include: *

handshake timeout *
session tickets *
Server Name Indication *

*/ public class OpenSSLSocketImpl extends javax.net.ssl.SSLSocket implements NativeCrypto.SSLHandshakeCallbacks { private long sslNativePointer; private InputStream is; private OutputStream os; private final Object handshakeLock = new Object(); private final Object readLock = new Object(); private final Object writeLock = new Object(); private SSLParametersImpl sslParameters; private byte[] npnProtocols; private byte[] alpnProtocols; private String[] enabledProtocols; private String[] enabledCipherSuites; private boolean useSessionTickets; private String hostname; /** Whether the TLS Channel ID extension is enabled. This field is server-side only. */ private boolean channelIdEnabled; /** Private key for the TLS Channel ID extension. This field is client-side only. */ private OpenSSLKey channelIdPrivateKey; private OpenSSLSessionImpl sslSession; private final Socket socket; private boolean autoClose; private boolean handshakeStarted = false; private final CloseGuard guard = CloseGuard.get(); /** * Not set to true until the update from native that tells us the * full handshake is complete, since SSL_do_handshake can return * before the handshake is completely done due to * handshake_cutthrough support. */ private boolean handshakeCompleted = false; private ArrayList listeners; /** * Local cache of timeout to avoid getsockopt on every read and * write for non-wrapped sockets. Note that * OpenSSLSocketImplWrapper overrides setSoTimeout and * getSoTimeout to delegate to the wrapped socket. */ private int readTimeoutMilliseconds = 0; private int writeTimeoutMilliseconds = 0; private int handshakeTimeoutMilliseconds = -1; // -1 = same as timeout; 0 = infinite private String wrappedHost; private int wrappedPort; protected OpenSSLSocketImpl(SSLParametersImpl sslParameters) throws IOException { this.socket = this; init(sslParameters); } protected OpenSSLSocketImpl(SSLParametersImpl sslParameters, String[] enabledProtocols, String[] enabledCipherSuites) throws IOException { this.socket = this; init(sslParameters, enabledProtocols, enabledCipherSuites); } protected OpenSSLSocketImpl(String host, int port, SSLParametersImpl sslParameters) throws IOException { super(host, port); this.socket = this; init(sslParameters); } protected OpenSSLSocketImpl(InetAddress address, int port, SSLParametersImpl sslParameters) throws IOException { super(address, port); this.socket = this; init(sslParameters); } protected OpenSSLSocketImpl(String host, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws IOException { super(host, port, clientAddress, clientPort); this.socket = this; init(sslParameters); } protected OpenSSLSocketImpl(InetAddress address, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws IOException { super(address, port, clientAddress, clientPort); this.socket = this; init(sslParameters); } /** * Create an SSL socket that wraps another socket. Invoked by * OpenSSLSocketImplWrapper constructor. */ protected OpenSSLSocketImpl(Socket socket, String host, int port, boolean autoClose, SSLParametersImpl sslParameters) throws IOException { this.socket = socket; this.wrappedHost = host; this.wrappedPort = port; this.autoClose = autoClose; init(sslParameters); // this.timeout is not set intentionally. // OpenSSLSocketImplWrapper.getSoTimeout will delegate timeout // to wrapped socket } /** * Initialize the SSL socket and set the certificates for the * future handshaking. */ private void init(SSLParametersImpl sslParameters) throws IOException { init(sslParameters, NativeCrypto.getDefaultProtocols(), NativeCrypto.getDefaultCipherSuites()); } /** * Initialize the SSL socket and set the certificates for the * future handshaking. */ private void init(SSLParametersImpl sslParameters, String[] enabledProtocols, String[] enabledCipherSuites) throws IOException { this.sslParameters = sslParameters; this.enabledProtocols = enabledProtocols; this.enabledCipherSuites = enabledCipherSuites; } /** * Gets the suitable session reference from the session cache container. */ private OpenSSLSessionImpl getCachedClientSession(ClientSessionContext sessionContext) { String hostName = getPeerHostName(); int port = getPeerPort(); if (hostName == null) { return null; } OpenSSLSessionImpl session = (OpenSSLSessionImpl) sessionContext.getSession(hostName, port); if (session == null) { return null; } String protocol = session.getProtocol(); boolean protocolFound = false; for (String enabledProtocol : enabledProtocols) { if (protocol.equals(enabledProtocol)) { protocolFound = true; break; } } if (!protocolFound) { return null; } String cipherSuite = session.getCipherSuite(); boolean cipherSuiteFound = false; for (String enabledCipherSuite : enabledCipherSuites) { if (cipherSuite.equals(enabledCipherSuite)) { cipherSuiteFound = true; break; } } if (!cipherSuiteFound) { return null; } return session; } private void checkOpen() throws SocketException { if (isClosed()) { throw new SocketException("Socket is closed"); } } /** * Starts a TLS/SSL handshake on this connection using some native methods * from the OpenSSL library. It can negotiate new encryption keys, change * cipher suites, or initiate a new session. The certificate chain is * verified if the correspondent property in java.Security is set. All * listeners are notified at the end of the TLS/SSL handshake. */ @Override public synchronized void startHandshake() throws IOException { synchronized (handshakeLock) { checkOpen(); if (!handshakeStarted) { handshakeStarted = true; } else { return; } } // note that this modifies the global seed, not something specific to the connection final int seedLengthInBytes = NativeCrypto.RAND_SEED_LENGTH_IN_BYTES; final SecureRandom secureRandom = sslParameters.getSecureRandomMember(); if (secureRandom == null) { NativeCrypto.RAND_load_file("/dev/urandom", seedLengthInBytes); } else { NativeCrypto.RAND_seed(secureRandom.generateSeed(seedLengthInBytes)); } final boolean client = sslParameters.getUseClientMode(); final long sslCtxNativePointer = (client) ? sslParameters.getClientSessionContext().sslCtxNativePointer : sslParameters.getServerSessionContext().sslCtxNativePointer; this.sslNativePointer = 0; boolean exception = true; try { sslNativePointer = NativeCrypto.SSL_new(sslCtxNativePointer); guard.open("close"); if (npnProtocols != null) { NativeCrypto.SSL_CTX_enable_npn(sslCtxNativePointer); } if (client && alpnProtocols != null) { NativeCrypto.SSL_CTX_set_alpn_protos(sslCtxNativePointer, alpnProtocols); } // setup server certificates and private keys. // clients will receive a call back to request certificates. if (!client) { Set keyTypes = new HashSet(); for (String enabledCipherSuite : enabledCipherSuites) { if (enabledCipherSuite.equals(NativeCrypto.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { continue; } String keyType = CipherSuite.getByName(enabledCipherSuite).getServerKeyType(); if (keyType != null) { keyTypes.add(keyType); } } for (String keyType : keyTypes) { try { setCertificate(sslParameters.getKeyManager().chooseServerAlias(keyType, null, this)); } catch (CertificateEncodingException e) { throw new IOException(e); } } } NativeCrypto.setEnabledProtocols(sslNativePointer, enabledProtocols); NativeCrypto.setEnabledCipherSuites(sslNativePointer, enabledCipherSuites); if (useSessionTickets) { NativeCrypto.SSL_clear_options(sslNativePointer, NativeCrypto.SSL_OP_NO_TICKET); } if (hostname != null) { NativeCrypto.SSL_set_tlsext_host_name(sslNativePointer, hostname); } boolean enableSessionCreation = sslParameters.getEnableSessionCreation(); if (!enableSessionCreation) { NativeCrypto.SSL_set_session_creation_enabled(sslNativePointer, enableSessionCreation); } AbstractSessionContext sessionContext; OpenSSLSessionImpl sessionToReuse; if (client) { // look for client session to reuse ClientSessionContext clientSessionContext = sslParameters.getClientSessionContext(); sessionContext = clientSessionContext; sessionToReuse = getCachedClientSession(clientSessionContext); if (sessionToReuse != null) { NativeCrypto.SSL_set_session(sslNativePointer, sessionToReuse.sslSessionNativePointer); } } else { sessionContext = sslParameters.getServerSessionContext(); sessionToReuse = null; } // setup peer certificate verification if (client) { // TODO support for anonymous cipher would require us to // conditionally use SSL_VERIFY_NONE } else { // needing client auth takes priority... boolean certRequested; if (sslParameters.getNeedClientAuth()) { NativeCrypto.SSL_set_verify(sslNativePointer, NativeCrypto.SSL_VERIFY_PEER | NativeCrypto.SSL_VERIFY_FAIL_IF_NO_PEER_CERT); certRequested = true; // ... over just wanting it... } else if (sslParameters.getWantClientAuth()) { NativeCrypto.SSL_set_verify(sslNativePointer, NativeCrypto.SSL_VERIFY_PEER); certRequested = true; // ... and it defaults properly so don't call SSL_set_verify in the common case. } else { certRequested = false; } if (certRequested) { X509TrustManager trustManager = sslParameters.getTrustManager(); X509Certificate[] issuers = trustManager.getAcceptedIssuers(); if (issuers != null && issuers.length != 0) { byte[][] issuersBytes; try { issuersBytes = encodeIssuerX509Principals(issuers); } catch (CertificateEncodingException e) { throw new IOException("Problem encoding principals", e); } NativeCrypto.SSL_set_client_CA_list(sslNativePointer, issuersBytes); } } } // Temporarily use a different timeout for the handshake process int savedReadTimeoutMilliseconds = getSoTimeout(); int savedWriteTimeoutMilliseconds = getSoWriteTimeout(); if (handshakeTimeoutMilliseconds >= 0) { setSoTimeout(handshakeTimeoutMilliseconds); setSoWriteTimeout(handshakeTimeoutMilliseconds); } // TLS Channel ID if (channelIdEnabled) { if (client) { // Client-side TLS Channel ID if (channelIdPrivateKey == null) { throw new SSLHandshakeException("Invalid TLS channel ID key specified"); } NativeCrypto.SSL_set1_tls_channel_id(sslNativePointer, channelIdPrivateKey.getPkeyContext()); } else { // Server-side TLS Channel ID NativeCrypto.SSL_enable_tls_channel_id(sslNativePointer); } } int sslSessionNativePointer; try { sslSessionNativePointer = NativeCrypto.SSL_do_handshake(sslNativePointer, socket.getFileDescriptor$(), this, getSoTimeout(), client, npnProtocols, client ? null : alpnProtocols); } catch (CertificateException e) { SSLHandshakeException wrapper = new SSLHandshakeException(e.getMessage()); wrapper.initCause(e); throw wrapper; } byte[] sessionId = NativeCrypto.SSL_SESSION_session_id(sslSessionNativePointer); if (sessionToReuse != null && Arrays.equals(sessionToReuse.getId(), sessionId)) { this.sslSession = sessionToReuse; sslSession.lastAccessedTime = System.currentTimeMillis(); NativeCrypto.SSL_SESSION_free(sslSessionNativePointer); } else { if (!enableSessionCreation) { // Should have been prevented by NativeCrypto.SSL_set_session_creation_enabled throw new IllegalStateException("SSL Session may not be created"); } X509Certificate[] localCertificates = createCertChain(NativeCrypto.SSL_get_certificate(sslNativePointer)); X509Certificate[] peerCertificates = createCertChain(NativeCrypto.SSL_get_peer_cert_chain(sslNativePointer)); this.sslSession = new OpenSSLSessionImpl(sslSessionNativePointer, localCertificates, peerCertificates, getPeerHostName(), getPeerPort(), sessionContext); // if not, putSession later in handshakeCompleted() callback if (handshakeCompleted) { sessionContext.putSession(sslSession); } } // Restore the original timeout now that the handshake is complete if (handshakeTimeoutMilliseconds >= 0) { setSoTimeout(savedReadTimeoutMilliseconds); setSoWriteTimeout(savedWriteTimeoutMilliseconds); } // if not, notifyHandshakeCompletedListeners later in handshakeCompleted() callback if (handshakeCompleted) { notifyHandshakeCompletedListeners(); } exception = false; } catch (SSLProtocolException e) { throw new SSLHandshakeException(e); } finally { // on exceptional exit, treat the socket as closed if (exception) { close(); } } } private static byte[][] encodeIssuerX509Principals(X509Certificate[] certificates) throws CertificateEncodingException { byte[][] principalBytes = new byte[certificates.length][]; for (int i = 0; i < certificates.length; i++) { principalBytes[i] = certificates[i].getIssuerX500Principal().getEncoded(); } return principalBytes; } String getPeerHostName() { if (wrappedHost != null) { return wrappedHost; } InetAddress inetAddress = super.getInetAddress(); if (inetAddress != null) { return inetAddress.getHostName(); } return null; } int getPeerPort() { return wrappedHost == null ? super.getPort() : wrappedPort; } /** * Return a possibly null array of X509Certificates given the * possibly null array of DER encoded bytes. */ private static X509Certificate[] createCertChain(byte[][] certificatesBytes) throws IOException { if (certificatesBytes == null) { return null; } X509Certificate[] certificates = new X509Certificate[certificatesBytes.length]; for (int i = 0; i < certificatesBytes.length; i++) { certificates[i] = OpenSSLX509Certificate.fromX509Der(certificatesBytes[i]); } return certificates; } private void setCertificate(String alias) throws CertificateEncodingException, SSLException { if (alias == null) { return; } PrivateKey privateKey = sslParameters.getKeyManager().getPrivateKey(alias); if (privateKey == null) { return; } X509Certificate[] certificates = sslParameters.getKeyManager().getCertificateChain(alias); if (certificates == null) { return; } // Note that OpenSSL says to use SSL_use_certificate before SSL_use_PrivateKey. byte[][] certificateBytes = NativeCrypto.encodeCertificates(certificates); NativeCrypto.SSL_use_certificate(sslNativePointer, certificateBytes); try { final OpenSSLKey key = OpenSSLKey.fromPrivateKey(privateKey); NativeCrypto.SSL_use_PrivateKey(sslNativePointer, key.getPkeyContext()); } catch (InvalidKeyException e) { throw new SSLException(e); } // checks the last installed private key and certificate, // so need to do this once per loop iteration NativeCrypto.SSL_check_private_key(sslNativePointer); } @SuppressWarnings("unused") // used by NativeCrypto.SSLHandshakeCallbacks / client_cert_cb public void clientCertificateRequested(byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals) throws CertificateEncodingException, SSLException { String[] keyTypes = new String[keyTypeBytes.length]; for (int i = 0; i < keyTypeBytes.length; i++) { keyTypes[i] = CipherSuite.getClientKeyType(keyTypeBytes[i]); } X500Principal[] issuers; if (asn1DerEncodedPrincipals == null) { issuers = null; } else { issuers = new X500Principal[asn1DerEncodedPrincipals.length]; for (int i = 0; i < asn1DerEncodedPrincipals.length; i++) { issuers[i] = new X500Principal(asn1DerEncodedPrincipals[i]); } } setCertificate(sslParameters.getKeyManager().chooseClientAlias(keyTypes, issuers, this)); } @SuppressWarnings("unused") // used by NativeCrypto.SSLHandshakeCallbacks / info_callback public void handshakeCompleted() { handshakeCompleted = true; // If sslSession is null, the handshake was completed during // the call to NativeCrypto.SSL_do_handshake and not during a // later read operation. That means we do not need to fix up // the SSLSession and session cache or notify // HandshakeCompletedListeners, it will be done in // startHandshake. if (sslSession == null) { return; } // reset session id from the native pointer and update the // appropriate cache. sslSession.resetId(); AbstractSessionContext sessionContext = (sslParameters.getUseClientMode()) ? sslParameters.getClientSessionContext() : sslParameters.getServerSessionContext(); sessionContext.putSession(sslSession); // let listeners know we are finally done notifyHandshakeCompletedListeners(); } private void notifyHandshakeCompletedListeners() { if (listeners != null && !listeners.isEmpty()) { // notify the listeners HandshakeCompletedEvent event = new HandshakeCompletedEvent(this, sslSession); for (HandshakeCompletedListener listener : listeners) { try { listener.handshakeCompleted(event); } catch (RuntimeException e) { // The RI runs the handlers in a separate thread, // which we do not. But we try to preserve their // behavior of logging a problem and not killing // the handshaking thread just because a listener // has a problem. Thread thread = Thread.currentThread(); thread.getUncaughtExceptionHandler().uncaughtException(thread, e); } } } } @SuppressWarnings("unused") // used by NativeCrypto.SSLHandshakeCallbacks @Override public void verifyCertificateChain(byte[][] bytes, String authMethod) throws CertificateException { try { if (bytes == null || bytes.length == 0) { throw new SSLException("Peer sent no certificate"); } X509Certificate[] peerCertificateChain = new X509Certificate[bytes.length]; for (int i = 0; i < bytes.length; i++) { peerCertificateChain[i] = OpenSSLX509Certificate.fromX509Der(bytes[i]); } boolean client = sslParameters.getUseClientMode(); if (client) { X509TrustManager x509tm = sslParameters.getTrustManager(); if (x509tm instanceof TrustManagerImpl) { TrustManagerImpl tm = (TrustManagerImpl) x509tm; tm.checkServerTrusted(peerCertificateChain, authMethod, wrappedHost); } else { x509tm.checkServerTrusted(peerCertificateChain, authMethod); } } else { String authType = peerCertificateChain[0].getPublicKey().getAlgorithm(); sslParameters.getTrustManager().checkClientTrusted(peerCertificateChain, authType); } } catch (CertificateException e) { throw e; } catch (Exception e) { throw new CertificateException(e); } } @Override public InputStream getInputStream() throws IOException { checkOpen(); synchronized (this) { if (is == null) { is = new SSLInputStream(); } return is; } } @Override public OutputStream getOutputStream() throws IOException { checkOpen(); synchronized (this) { if (os == null) { os = new SSLOutputStream(); } return os; } } /** * This inner class provides input data stream functionality * for the OpenSSL native implementation. It is used to * read data received via SSL protocol. */ private class SSLInputStream extends InputStream { SSLInputStream() throws IOException { /* * Note: When startHandshake() throws an exception, no * SSLInputStream object will be created. */ OpenSSLSocketImpl.this.startHandshake(); } /** * Reads one byte. If there is no data in the underlying buffer, * this operation can block until the data will be * available. * @return read value. * @throws IOException */ @Override public int read() throws IOException { return Streams.readSingleByte(this); } /** * Method acts as described in spec for superclass. * @see java.io.InputStream#read(byte[],int,int) */ @Override public int read(byte[] buf, int offset, int byteCount) throws IOException { BlockGuard.getThreadPolicy().onNetwork(); synchronized (readLock) { checkOpen(); Arrays.checkOffsetAndCount(buf.length, offset, byteCount); if (byteCount == 0) { return 0; } return NativeCrypto.SSL_read(sslNativePointer, socket.getFileDescriptor$(), OpenSSLSocketImpl.this, buf, offset, byteCount, getSoTimeout()); } } } /** * This inner class provides output data stream functionality * for the OpenSSL native implementation. It is used to * write data according to the encryption parameters given in SSL context. */ private class SSLOutputStream extends OutputStream { SSLOutputStream() throws IOException { /* * Note: When startHandshake() throws an exception, no * SSLOutputStream object will be created. */ OpenSSLSocketImpl.this.startHandshake(); } /** * Method acts as described in spec for superclass. * @see java.io.OutputStream#write(int) */ @Override public void write(int oneByte) throws IOException { Streams.writeSingleByte(this, oneByte); } /** * Method acts as described in spec for superclass. * @see java.io.OutputStream#write(byte[],int,int) */ @Override public void write(byte[] buf, int offset, int byteCount) throws IOException { BlockGuard.getThreadPolicy().onNetwork(); synchronized (writeLock) { checkOpen(); Arrays.checkOffsetAndCount(buf.length, offset, byteCount); if (byteCount == 0) { return; } NativeCrypto.SSL_write(sslNativePointer, socket.getFileDescriptor$(), OpenSSLSocketImpl.this, buf, offset, byteCount, writeTimeoutMilliseconds); } } } @Override public SSLSession getSession() { if (sslSession == null) { try { startHandshake(); } catch (IOException e) { // return an invalid session with // invalid cipher suite of "SSL_NULL_WITH_NULL_NULL" return SSLSessionImpl.getNullSession(); } } return sslSession; } @Override public void addHandshakeCompletedListener( HandshakeCompletedListener listener) { if (listener == null) { throw new IllegalArgumentException("Provided listener is null"); } if (listeners == null) { listeners = new ArrayList(); } listeners.add(listener); } @Override public void removeHandshakeCompletedListener( HandshakeCompletedListener listener) { if (listener == null) { throw new IllegalArgumentException("Provided listener is null"); } if (listeners == null) { throw new IllegalArgumentException( "Provided listener is not registered"); } if (!listeners.remove(listener)) { throw new IllegalArgumentException( "Provided listener is not registered"); } } @Override public boolean getEnableSessionCreation() { return sslParameters.getEnableSessionCreation(); } @Override public void setEnableSessionCreation(boolean flag) { sslParameters.setEnableSessionCreation(flag); } @Override public String[] getSupportedCipherSuites() { return NativeCrypto.getSupportedCipherSuites(); } @Override public String[] getEnabledCipherSuites() { return enabledCipherSuites.clone(); } @Override public void setEnabledCipherSuites(String[] suites) { enabledCipherSuites = NativeCrypto.checkEnabledCipherSuites(suites); } @Override public String[] getSupportedProtocols() { return NativeCrypto.getSupportedProtocols(); } @Override public String[] getEnabledProtocols() { return enabledProtocols.clone(); } @Override public void setEnabledProtocols(String[] protocols) { enabledProtocols = NativeCrypto.checkEnabledProtocols(protocols); } /** * This method enables session ticket support. * * @param useSessionTickets True to enable session tickets */ public void setUseSessionTickets(boolean useSessionTickets) { this.useSessionTickets = useSessionTickets; } /** * This method enables Server Name Indication * * @param hostname the desired SNI hostname, or null to disable */ public void setHostname(String hostname) { this.hostname = hostname; } /** * Enables/disables TLS Channel ID for this server socket. * *

This method needs to be invoked before the handshake starts. * * @throws IllegalStateException if this is a client socket or if the handshake has already * started. */ public void setChannelIdEnabled(boolean enabled) { if (getUseClientMode()) { throw new IllegalStateException("Client mode"); } if (handshakeStarted) { throw new IllegalStateException( "Could not enable/disable Channel ID after the initial handshake has" + " begun."); } this.channelIdEnabled = enabled; } /** * Gets the TLS Channel ID for this server socket. Channel ID is only available once the * handshake completes. * * @return channel ID or {@code null} if not available. * * @throws IllegalStateException if this is a client socket or if the handshake has not yet * completed. * @throws SSLException if channel ID is available but could not be obtained. */ public byte[] getChannelId() throws SSLException { if (getUseClientMode()) { throw new IllegalStateException("Client mode"); } if (!handshakeCompleted) { throw new IllegalStateException( "Channel ID is only available after handshake completes"); } return NativeCrypto.SSL_get_tls_channel_id(sslNativePointer); } /** * Sets the {@link PrivateKey} to be used for TLS Channel ID by this client socket. * *

This method needs to be invoked before the handshake starts. * * @param privateKey private key (enables TLS Channel ID) or {@code null} for no key (disables * TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST * P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1). * * @throws IllegalStateException if this is a server socket or if the handshake has already * started. */ public void setChannelIdPrivateKey(PrivateKey privateKey) { if (!getUseClientMode()) { throw new IllegalStateException("Server mode"); } if (handshakeStarted) { throw new IllegalStateException( "Could not change Channel ID private key after the initial handshake has" + " begun."); } if (privateKey == null) { this.channelIdEnabled = false; this.channelIdPrivateKey = null; } else { this.channelIdEnabled = true; try { this.channelIdPrivateKey = OpenSSLKey.fromPrivateKey(privateKey); } catch (InvalidKeyException e) { // Will have error in startHandshake } } } @Override public boolean getUseClientMode() { return sslParameters.getUseClientMode(); } @Override public void setUseClientMode(boolean mode) { if (handshakeStarted) { throw new IllegalArgumentException( "Could not change the mode after the initial handshake has begun."); } sslParameters.setUseClientMode(mode); } @Override public boolean getWantClientAuth() { return sslParameters.getWantClientAuth(); } @Override public boolean getNeedClientAuth() { return sslParameters.getNeedClientAuth(); } @Override public void setNeedClientAuth(boolean need) { sslParameters.setNeedClientAuth(need); } @Override public void setWantClientAuth(boolean want) { sslParameters.setWantClientAuth(want); } @Override public void sendUrgentData(int data) throws IOException { throw new SocketException("Method sendUrgentData() is not supported."); } @Override public void setOOBInline(boolean on) throws SocketException { throw new SocketException("Methods sendUrgentData, setOOBInline are not supported."); } @Override public void setSoTimeout(int readTimeoutMilliseconds) throws SocketException { super.setSoTimeout(readTimeoutMilliseconds); this.readTimeoutMilliseconds = readTimeoutMilliseconds; } @Override public int getSoTimeout() throws SocketException { return readTimeoutMilliseconds; } /** * Note write timeouts are not part of the javax.net.ssl.SSLSocket API */ public void setSoWriteTimeout(int writeTimeoutMilliseconds) throws SocketException { this.writeTimeoutMilliseconds = writeTimeoutMilliseconds; StructTimeval tv = StructTimeval.fromMillis(writeTimeoutMilliseconds); try { Libcore.os.setsockoptTimeval(getFileDescriptor$(), SOL_SOCKET, SO_SNDTIMEO, tv); } catch (ErrnoException errnoException) { throw errnoException.rethrowAsSocketException(); } } /** * Note write timeouts are not part of the javax.net.ssl.SSLSocket API */ public int getSoWriteTimeout() throws SocketException { return writeTimeoutMilliseconds; } /** * Set the handshake timeout on this socket. This timeout is specified in * milliseconds and will be used only during the handshake process. */ public void setHandshakeTimeout(int handshakeTimeoutMilliseconds) throws SocketException { this.handshakeTimeoutMilliseconds = handshakeTimeoutMilliseconds; } @Override public void close() throws IOException { // TODO: Close SSL sockets using a background thread so they close gracefully. synchronized (handshakeLock) { if (!handshakeStarted) { // prevent further attempts to start handshake handshakeStarted = true; synchronized (this) { free(); if (socket != this) { if (autoClose && !socket.isClosed()) socket.close(); } else { if (!super.isClosed()) super.close(); } } return; } } synchronized (this) { // Interrupt any outstanding reads or writes before taking the writeLock and readLock NativeCrypto.SSL_interrupt(sslNativePointer); synchronized (writeLock) { synchronized (readLock) { // Shut down the SSL connection, per se. try { if (handshakeStarted) { BlockGuard.getThreadPolicy().onNetwork(); NativeCrypto.SSL_shutdown(sslNativePointer, socket.getFileDescriptor$(), this); } } catch (IOException ignored) { /* * Note that although close() can throw * IOException, the RI does not throw if there * is problem sending a "close notify" which * can happen if the underlying socket is closed. */ } finally { /* * Even if the above call failed, it is still safe to free * the native structs, and we need to do so lest we leak * memory. */ free(); if (socket != this) { if (autoClose && !socket.isClosed()) { socket.close(); } } else { if (!super.isClosed()) { super.close(); } } } } } } } private void free() { if (sslNativePointer == 0) { return; } NativeCrypto.SSL_free(sslNativePointer); sslNativePointer = 0; guard.close(); } @Override protected void finalize() throws Throwable { try { /* * Just worry about our own state. Notably we do not try and * close anything. The SocketImpl, either our own * PlainSocketImpl, or the Socket we are wrapping, will do * that. This might mean we do not properly SSL_shutdown, but * if you want to do that, properly close the socket yourself. * * The reason why we don't try to SSL_shutdown, is that there * can be a race between finalizers where the PlainSocketImpl * finalizer runs first and closes the socket. However, in the * meanwhile, the underlying file descriptor could be reused * for another purpose. If we call SSL_shutdown, the * underlying socket BIOs still have the old file descriptor * and will write the close notify to some unsuspecting * reader. */ if (guard != null) { guard.warnIfOpen(); } free(); } finally { super.finalize(); } } @Override public FileDescriptor getFileDescriptor$() { if (socket == this) { return super.getFileDescriptor$(); } else { return socket.getFileDescriptor$(); } } /** * Returns the protocol agreed upon by client and server, or null if no * protocol was agreed upon. */ public byte[] getNpnSelectedProtocol() { return NativeCrypto.SSL_get_npn_negotiated_protocol(sslNativePointer); } /** * Returns the protocol agreed upon by client and server, or {@code null} if * no protocol was agreed upon. */ public byte[] getAlpnSelectedProtocol() { return NativeCrypto.SSL_get0_alpn_selected(sslNativePointer); } /** * Sets the list of protocols this peer is interested in. If null no * protocols will be used. * * @param npnProtocols a non-empty array of protocol names. From * SSL_select_next_proto, "vector of 8-bit, length prefixed byte * strings. The length byte itself is not included in the length. A byte * string of length 0 is invalid. No byte string may be truncated.". */ public void setNpnProtocols(byte[] npnProtocols) { if (npnProtocols != null && npnProtocols.length == 0) { throw new IllegalArgumentException("npnProtocols.length == 0"); } this.npnProtocols = npnProtocols; } /** * Sets the list of protocols this peer is interested in. If the list is * {@code null}, no protocols will be used. * * @param alpnProtocols a non-empty array of protocol names. From * SSL_select_next_proto, "vector of 8-bit, length prefixed byte * strings. The length byte itself is not included in the length. * A byte string of length 0 is invalid. No byte string may be * truncated.". */ public void setAlpnProtocols(byte[] alpnProtocols) { if (alpnProtocols != null && alpnProtocols.length == 0) { throw new IllegalArgumentException("alpnProtocols.length == 0"); } this.alpnProtocols = alpnProtocols; } }