Ejemplo n.º 1
0
/**
 * Handshaker ... processes handshake records from an SSL V3.0 data stream, handling all the details
 * of the handshake protocol.
 *
 * <p>Note that the real protocol work is done in two subclasses, the base class just provides the
 * control flow and key generation framework.
 *
 * @author David Brownell
 */
abstract class Handshaker {

  // protocol version being established using this Handshaker
  ProtocolVersion protocolVersion;

  // the currently active protocol version during a renegotiation
  ProtocolVersion activeProtocolVersion;

  // security parameters for secure renegotiation.
  boolean secureRenegotiation;
  byte[] clientVerifyData;
  byte[] serverVerifyData;

  // Is it an initial negotiation  or a renegotiation?
  boolean isInitialHandshake;

  // List of enabled protocols
  private ProtocolList enabledProtocols;

  // List of enabled CipherSuites
  private CipherSuiteList enabledCipherSuites;

  // The endpoint identification protocol
  String identificationProtocol;

  // The cryptographic algorithm constraints
  private AlgorithmConstraints algorithmConstraints = null;

  // Local supported signature and algorithms
  Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;

  // Peer supported signature and algorithms
  Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs;

  /*

  /*
   * List of active protocols
   *
   * Active protocols is a subset of enabled protocols, and will
   * contain only those protocols that have vaild cipher suites
   * enabled.
   */
  private ProtocolList activeProtocols;

  /*
   * List of active cipher suites
   *
   * Active cipher suites is a subset of enabled cipher suites, and will
   * contain only those cipher suites available for the active protocols.
   */
  private CipherSuiteList activeCipherSuites;

  private boolean isClient;
  private boolean needCertVerify;

  SSLSocketImpl conn = null;
  SSLEngineImpl engine = null;

  HandshakeHash handshakeHash;
  HandshakeInStream input;
  HandshakeOutStream output;
  int state;
  SSLContextImpl sslContext;
  RandomCookie clnt_random, svr_random;
  SSLSessionImpl session;

  // current CipherSuite. Never null, initially SSL_NULL_WITH_NULL_NULL
  CipherSuite cipherSuite;

  // current key exchange. Never null, initially K_NULL
  KeyExchange keyExchange;

  /* True if this session is being resumed (fast handshake) */
  boolean resumingSession;

  /* True if it's OK to start a new SSL session */
  boolean enableNewSession;

  // Temporary storage for the individual keys. Set by
  // calculateConnectionKeys() and cleared once the ciphers are
  // activated.
  private SecretKey clntWriteKey, svrWriteKey;
  private IvParameterSpec clntWriteIV, svrWriteIV;
  private SecretKey clntMacSecret, svrMacSecret;

  /*
   * Delegated task subsystem data structures.
   *
   * If thrown is set, we need to propagate this back immediately
   * on entry into processMessage().
   *
   * Data is protected by the SSLEngine.this lock.
   */
  private volatile boolean taskDelegated = false;
  private volatile DelegatedTask delegatedTask = null;
  private volatile Exception thrown = null;

  // Could probably use a java.util.concurrent.atomic.AtomicReference
  // here instead of using this lock.  Consider changing.
  private Object thrownLock = new Object();

  /* Class and subclass dynamic debugging support */
  static final Debug debug = Debug.getInstance("ssl");

  // By default, disable the unsafe legacy session renegotiation
  static final boolean allowUnsafeRenegotiation =
      Debug.getBooleanProperty("sun.security.ssl.allowUnsafeRenegotiation", false);

  // For maximum interoperability and backward compatibility, RFC 5746
  // allows server (or client) to accept ClientHello (or ServerHello)
  // message without the secure renegotiation_info extension or SCSV.
  //
  // For maximum security, RFC 5746 also allows server (or client) to
  // reject such message with a fatal "handshake_failure" alert.
  //
  // By default, allow such legacy hello messages.
  static final boolean allowLegacyHelloMessages =
      Debug.getBooleanProperty("sun.security.ssl.allowLegacyHelloMessages", true);

  // need to dispose the object when it is invalidated
  boolean invalidated;

  Handshaker(
      SSLSocketImpl c,
      SSLContextImpl context,
      ProtocolList enabledProtocols,
      boolean needCertVerify,
      boolean isClient,
      ProtocolVersion activeProtocolVersion,
      boolean isInitialHandshake,
      boolean secureRenegotiation,
      byte[] clientVerifyData,
      byte[] serverVerifyData) {
    this.conn = c;
    init(
        context,
        enabledProtocols,
        needCertVerify,
        isClient,
        activeProtocolVersion,
        isInitialHandshake,
        secureRenegotiation,
        clientVerifyData,
        serverVerifyData);
  }

  Handshaker(
      SSLEngineImpl engine,
      SSLContextImpl context,
      ProtocolList enabledProtocols,
      boolean needCertVerify,
      boolean isClient,
      ProtocolVersion activeProtocolVersion,
      boolean isInitialHandshake,
      boolean secureRenegotiation,
      byte[] clientVerifyData,
      byte[] serverVerifyData) {
    this.engine = engine;
    init(
        context,
        enabledProtocols,
        needCertVerify,
        isClient,
        activeProtocolVersion,
        isInitialHandshake,
        secureRenegotiation,
        clientVerifyData,
        serverVerifyData);
  }

  private void init(
      SSLContextImpl context,
      ProtocolList enabledProtocols,
      boolean needCertVerify,
      boolean isClient,
      ProtocolVersion activeProtocolVersion,
      boolean isInitialHandshake,
      boolean secureRenegotiation,
      byte[] clientVerifyData,
      byte[] serverVerifyData) {

    if (debug != null && Debug.isOn("handshake")) {
      System.out.println(
          "Allow unsafe renegotiation: "
              + allowUnsafeRenegotiation
              + "\nAllow legacy hello messages: "
              + allowLegacyHelloMessages
              + "\nIs initial handshake: "
              + isInitialHandshake
              + "\nIs secure renegotiation: "
              + secureRenegotiation);
    }

    this.sslContext = context;
    this.isClient = isClient;
    this.needCertVerify = needCertVerify;
    this.activeProtocolVersion = activeProtocolVersion;
    this.isInitialHandshake = isInitialHandshake;
    this.secureRenegotiation = secureRenegotiation;
    this.clientVerifyData = clientVerifyData;
    this.serverVerifyData = serverVerifyData;
    enableNewSession = true;
    invalidated = false;

    setCipherSuite(CipherSuite.C_NULL);
    setEnabledProtocols(enabledProtocols);

    if (conn != null) {
      algorithmConstraints = new SSLAlgorithmConstraints(conn, true);
    } else { // engine != null
      algorithmConstraints = new SSLAlgorithmConstraints(engine, true);
    }

    //
    // In addition to the connection state machine, controlling
    // how the connection deals with the different sorts of records
    // that get sent (notably handshake transitions!), there's
    // also a handshaking state machine that controls message
    // sequencing.
    //
    // It's a convenient artifact of the protocol that this can,
    // with only a couple of minor exceptions, be driven by the
    // type constant for the last message seen:  except for the
    // client's cert verify, those constants are in a convenient
    // order to drastically simplify state machine checking.
    //
    state = -2; // initialized but not activated
  }

  /*
   * Reroutes calls to the SSLSocket or SSLEngine (*SE).
   *
   * We could have also done it by extra classes
   * and letting them override, but this seemed much
   * less involved.
   */
  void fatalSE(byte b, String diagnostic) throws IOException {
    fatalSE(b, diagnostic, null);
  }

  void fatalSE(byte b, Throwable cause) throws IOException {
    fatalSE(b, null, cause);
  }

  void fatalSE(byte b, String diagnostic, Throwable cause) throws IOException {
    if (conn != null) {
      conn.fatal(b, diagnostic, cause);
    } else {
      engine.fatal(b, diagnostic, cause);
    }
  }

  void warningSE(byte b) {
    if (conn != null) {
      conn.warning(b);
    } else {
      engine.warning(b);
    }
  }

  String getRawHostnameSE() {
    if (conn != null) {
      return conn.getRawHostname();
    } else {
      return engine.getPeerHost();
    }
  }

  String getHostSE() {
    if (conn != null) {
      return conn.getHost();
    } else {
      return engine.getPeerHost();
    }
  }

  String getHostAddressSE() {
    if (conn != null) {
      return conn.getInetAddress().getHostAddress();
    } else {
      /*
       * This is for caching only, doesn't matter that's is really
       * a hostname.  The main thing is that it doesn't do
       * a reverse DNS lookup, potentially slowing things down.
       */
      return engine.getPeerHost();
    }
  }

  boolean isLoopbackSE() {
    if (conn != null) {
      return conn.getInetAddress().isLoopbackAddress();
    } else {
      return false;
    }
  }

  int getPortSE() {
    if (conn != null) {
      return conn.getPort();
    } else {
      return engine.getPeerPort();
    }
  }

  int getLocalPortSE() {
    if (conn != null) {
      return conn.getLocalPort();
    } else {
      return -1;
    }
  }

  AccessControlContext getAccSE() {
    if (conn != null) {
      return conn.getAcc();
    } else {
      return engine.getAcc();
    }
  }

  private void setVersionSE(ProtocolVersion protocolVersion) {
    if (conn != null) {
      conn.setVersion(protocolVersion);
    } else {
      engine.setVersion(protocolVersion);
    }
  }

  /**
   * Set the active protocol version and propagate it to the SSLSocket and our handshake streams.
   * Called from ClientHandshaker and ServerHandshaker with the negotiated protocol version.
   */
  void setVersion(ProtocolVersion protocolVersion) {
    this.protocolVersion = protocolVersion;
    setVersionSE(protocolVersion);

    output.r.setVersion(protocolVersion);
  }

  /**
   * Set the enabled protocols. Called from the constructor or
   * SSLSocketImpl/SSLEngineImpl.setEnabledProtocols() (if the handshake is not yet in progress).
   */
  void setEnabledProtocols(ProtocolList enabledProtocols) {
    activeCipherSuites = null;
    activeProtocols = null;

    this.enabledProtocols = enabledProtocols;
  }

  /**
   * Set the enabled cipher suites. Called from SSLSocketImpl/SSLEngineImpl.setEnabledCipherSuites()
   * (if the handshake is not yet in progress).
   */
  void setEnabledCipherSuites(CipherSuiteList enabledCipherSuites) {
    activeCipherSuites = null;
    activeProtocols = null;
    this.enabledCipherSuites = enabledCipherSuites;
  }

  /**
   * Set the algorithm constraints. Called from the constructor or
   * SSLSocketImpl/SSLEngineImpl.setAlgorithmConstraints() (if the handshake is not yet in
   * progress).
   */
  void setAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
    activeCipherSuites = null;
    activeProtocols = null;

    this.algorithmConstraints = new SSLAlgorithmConstraints(algorithmConstraints);
    this.localSupportedSignAlgs = null;
  }

  Collection<SignatureAndHashAlgorithm> getLocalSupportedSignAlgs() {
    if (localSupportedSignAlgs == null) {
      localSupportedSignAlgs =
          SignatureAndHashAlgorithm.getSupportedAlgorithms(algorithmConstraints);
    }

    return localSupportedSignAlgs;
  }

  void setPeerSupportedSignAlgs(Collection<SignatureAndHashAlgorithm> algorithms) {
    peerSupportedSignAlgs = new ArrayList<SignatureAndHashAlgorithm>(algorithms);
  }

  Collection<SignatureAndHashAlgorithm> getPeerSupportedSignAlgs() {
    return peerSupportedSignAlgs;
  }

  /**
   * Set the identification protocol. Called from the constructor or
   * SSLSocketImpl/SSLEngineImpl.setIdentificationProtocol() (if the handshake is not yet in
   * progress).
   */
  void setIdentificationProtocol(String protocol) {
    this.identificationProtocol = protocol;
  }

  /**
   * Prior to handshaking, activate the handshake and initialize the version, input stream and
   * output stream.
   */
  void activate(ProtocolVersion helloVersion) throws IOException {
    if (activeProtocols == null) {
      activeProtocols = getActiveProtocols();
    }

    if (activeProtocols.collection().isEmpty() || activeProtocols.max.v == ProtocolVersion.NONE.v) {
      throw new SSLHandshakeException("No appropriate protocol");
    }

    if (activeCipherSuites == null) {
      activeCipherSuites = getActiveCipherSuites();
    }

    if (activeCipherSuites.collection().isEmpty()) {
      throw new SSLHandshakeException("No appropriate cipher suite");
    }

    // temporary protocol version until the actual protocol version
    // is negotiated in the Hello exchange. This affects the record
    // version we sent with the ClientHello.
    if (!isInitialHandshake) {
      protocolVersion = activeProtocolVersion;
    } else {
      protocolVersion = activeProtocols.max;
    }

    if (helloVersion == null || helloVersion.v == ProtocolVersion.NONE.v) {
      helloVersion = activeProtocols.helloVersion;
    }

    // We accumulate digests of the handshake messages so that
    // we can read/write CertificateVerify and Finished messages,
    // getting assurance against some particular active attacks.
    Set<String> localSupportedHashAlgorithms =
        SignatureAndHashAlgorithm.getHashAlgorithmNames(getLocalSupportedSignAlgs());
    handshakeHash = new HandshakeHash(!isClient, needCertVerify, localSupportedHashAlgorithms);

    // Generate handshake input/output stream.
    input = new HandshakeInStream(handshakeHash);
    if (conn != null) {
      output = new HandshakeOutStream(protocolVersion, helloVersion, handshakeHash, conn);
      conn.getAppInputStream().r.setHandshakeHash(handshakeHash);
      conn.getAppInputStream().r.setHelloVersion(helloVersion);
      conn.getAppOutputStream().r.setHelloVersion(helloVersion);
    } else {
      output = new HandshakeOutStream(protocolVersion, helloVersion, handshakeHash, engine);
      engine.inputRecord.setHandshakeHash(handshakeHash);
      engine.inputRecord.setHelloVersion(helloVersion);
      engine.outputRecord.setHelloVersion(helloVersion);
    }

    // move state to activated
    state = -1;
  }

  /**
   * Set cipherSuite and keyExchange to the given CipherSuite. Does not perform any verification
   * that this is a valid selection, this must be done before calling this method.
   */
  void setCipherSuite(CipherSuite s) {
    this.cipherSuite = s;
    this.keyExchange = s.keyExchange;
  }

  /**
   * Check if the given ciphersuite is enabled and available. Does not check if the required server
   * certificates are available.
   */
  boolean isNegotiable(CipherSuite s) {
    if (activeCipherSuites == null) {
      activeCipherSuites = getActiveCipherSuites();
    }

    return activeCipherSuites.contains(s) && s.isNegotiable();
  }

  /** Check if the given protocol version is enabled and available. */
  boolean isNegotiable(ProtocolVersion protocolVersion) {
    if (activeProtocols == null) {
      activeProtocols = getActiveProtocols();
    }

    return activeProtocols.contains(protocolVersion);
  }

  /**
   * Select a protocol version from the list. Called from ServerHandshaker to negotiate protocol
   * version.
   *
   * <p>Return the lower of the protocol version suggested in the clien hello and the highest
   * supported by the server.
   */
  ProtocolVersion selectProtocolVersion(ProtocolVersion protocolVersion) {
    if (activeProtocols == null) {
      activeProtocols = getActiveProtocols();
    }

    return activeProtocols.selectProtocolVersion(protocolVersion);
  }

  /**
   * Get the active cipher suites.
   *
   * <p>In TLS 1.1, many weak or vulnerable cipher suites were obsoleted, such as
   * TLS_RSA_EXPORT_WITH_RC4_40_MD5. The implementation MUST NOT negotiate these cipher suites in
   * TLS 1.1 or later mode.
   *
   * <p>Therefore, when the active protocols only include TLS 1.1 or later, the client cannot
   * request to negotiate those obsoleted cipher suites. That is, the obsoleted suites should not be
   * included in the client hello. So we need to create a subset of the enabled cipher suites, the
   * active cipher suites, which does not contain obsoleted cipher suites of the minimum active
   * protocol.
   *
   * <p>Return empty list instead of null if no active cipher suites.
   */
  CipherSuiteList getActiveCipherSuites() {
    if (activeCipherSuites == null) {
      if (activeProtocols == null) {
        activeProtocols = getActiveProtocols();
      }

      ArrayList<CipherSuite> suites = new ArrayList<>();
      if (!(activeProtocols.collection().isEmpty())
          && activeProtocols.min.v != ProtocolVersion.NONE.v) {
        for (CipherSuite suite : enabledCipherSuites.collection()) {
          if (suite.obsoleted > activeProtocols.min.v && suite.supported <= activeProtocols.max.v) {
            if (algorithmConstraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), suite.name, null)) {
              suites.add(suite);
            }
          } else if (debug != null && Debug.isOn("verbose")) {
            if (suite.obsoleted <= activeProtocols.min.v) {
              System.out.println("Ignoring obsoleted cipher suite: " + suite);
            } else {
              System.out.println("Ignoring unsupported cipher suite: " + suite);
            }
          }
        }
      }
      activeCipherSuites = new CipherSuiteList(suites);
    }

    return activeCipherSuites;
  }

  /*
   * Get the active protocol versions.
   *
   * In TLS 1.1, many weak or vulnerable cipher suites were obsoleted,
   * such as TLS_RSA_EXPORT_WITH_RC4_40_MD5. The implementation MUST NOT
   * negotiate these cipher suites in TLS 1.1 or later mode.
   *
   * For example, if "TLS_RSA_EXPORT_WITH_RC4_40_MD5" is the
   * only enabled cipher suite, the client cannot request TLS 1.1 or
   * later, even though TLS 1.1 or later is enabled.  We need to create a
   * subset of the enabled protocols, called the active protocols, which
   * contains protocols appropriate to the list of enabled Ciphersuites.
   *
   * Return empty list instead of null if no active protocol versions.
   */
  ProtocolList getActiveProtocols() {
    if (activeProtocols == null) {
      ArrayList<ProtocolVersion> protocols = new ArrayList<>(4);
      for (ProtocolVersion protocol : enabledProtocols.collection()) {
        boolean found = false;
        for (CipherSuite suite : enabledCipherSuites.collection()) {
          if (suite.isAvailable()
              && suite.obsoleted > protocol.v
              && suite.supported <= protocol.v) {
            if (algorithmConstraints.permits(
                EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), suite.name, null)) {
              protocols.add(protocol);
              found = true;
              break;
            } else if (debug != null && Debug.isOn("verbose")) {
              System.out.println("Ignoring disabled cipher suite: " + suite + " for " + protocol);
            }
          } else if (debug != null && Debug.isOn("verbose")) {
            System.out.println("Ignoring unsupported cipher suite: " + suite + " for " + protocol);
          }
        }
        if (!found && (debug != null) && Debug.isOn("handshake")) {
          System.out.println("No available cipher suite for " + protocol);
        }
      }
      activeProtocols = new ProtocolList(protocols);
    }

    return activeProtocols;
  }

  /**
   * As long as handshaking has not activated, we can change whether session creations are allowed.
   *
   * <p>Callers should do their own checking if handshaking has activated.
   */
  void setEnableSessionCreation(boolean newSessions) {
    enableNewSession = newSessions;
  }

  /** Create a new read cipher and return it to caller. */
  CipherBox newReadCipher() throws NoSuchAlgorithmException {
    BulkCipher cipher = cipherSuite.cipher;
    CipherBox box;
    if (isClient) {
      box =
          cipher.newCipher(
              protocolVersion, svrWriteKey, svrWriteIV, sslContext.getSecureRandom(), false);
      svrWriteKey = null;
      svrWriteIV = null;
    } else {
      box =
          cipher.newCipher(
              protocolVersion, clntWriteKey, clntWriteIV, sslContext.getSecureRandom(), false);
      clntWriteKey = null;
      clntWriteIV = null;
    }
    return box;
  }

  /** Create a new write cipher and return it to caller. */
  CipherBox newWriteCipher() throws NoSuchAlgorithmException {
    BulkCipher cipher = cipherSuite.cipher;
    CipherBox box;
    if (isClient) {
      box =
          cipher.newCipher(
              protocolVersion, clntWriteKey, clntWriteIV, sslContext.getSecureRandom(), true);
      clntWriteKey = null;
      clntWriteIV = null;
    } else {
      box =
          cipher.newCipher(
              protocolVersion, svrWriteKey, svrWriteIV, sslContext.getSecureRandom(), true);
      svrWriteKey = null;
      svrWriteIV = null;
    }
    return box;
  }

  /** Create a new read MAC and return it to caller. */
  MAC newReadMAC() throws NoSuchAlgorithmException, InvalidKeyException {
    MacAlg macAlg = cipherSuite.macAlg;
    MAC mac;
    if (isClient) {
      mac = macAlg.newMac(protocolVersion, svrMacSecret);
      svrMacSecret = null;
    } else {
      mac = macAlg.newMac(protocolVersion, clntMacSecret);
      clntMacSecret = null;
    }
    return mac;
  }

  /** Create a new write MAC and return it to caller. */
  MAC newWriteMAC() throws NoSuchAlgorithmException, InvalidKeyException {
    MacAlg macAlg = cipherSuite.macAlg;
    MAC mac;
    if (isClient) {
      mac = macAlg.newMac(protocolVersion, clntMacSecret);
      clntMacSecret = null;
    } else {
      mac = macAlg.newMac(protocolVersion, svrMacSecret);
      svrMacSecret = null;
    }
    return mac;
  }

  /*
   * Returns true iff the handshake sequence is done, so that
   * this freshly created session can become the current one.
   */
  boolean isDone() {
    return state == HandshakeMessage.ht_finished;
  }

  /*
   * Returns the session which was created through this
   * handshake sequence ... should be called after isDone()
   * returns true.
   */
  SSLSessionImpl getSession() {
    return session;
  }

  /*
   * Set the handshake session
   */
  void setHandshakeSessionSE(SSLSessionImpl handshakeSession) {
    if (conn != null) {
      conn.setHandshakeSession(handshakeSession);
    } else {
      engine.setHandshakeSession(handshakeSession);
    }
  }

  /*
   * Returns true if renegotiation is in use for this connection.
   */
  boolean isSecureRenegotiation() {
    return secureRenegotiation;
  }

  /*
   * Returns the verify_data from the Finished message sent by the client.
   */
  byte[] getClientVerifyData() {
    return clientVerifyData;
  }

  /*
   * Returns the verify_data from the Finished message sent by the server.
   */
  byte[] getServerVerifyData() {
    return serverVerifyData;
  }

  /*
   * This routine is fed SSL handshake records when they become available,
   * and processes messages found therein.
   */
  void process_record(InputRecord r, boolean expectingFinished) throws IOException {

    checkThrown();

    /*
     * Store the incoming handshake data, then see if we can
     * now process any completed handshake messages
     */
    input.incomingRecord(r);

    /*
     * We don't need to create a separate delegatable task
     * for finished messages.
     */
    if ((conn != null) || expectingFinished) {
      processLoop();
    } else {
      delegateTask(
          new PrivilegedExceptionAction<Void>() {
            public Void run() throws Exception {
              processLoop();
              return null;
            }
          });
    }
  }

  /*
   * On input, we hash messages one at a time since servers may need
   * to access an intermediate hash to validate a CertificateVerify
   * message.
   *
   * Note that many handshake messages can come in one record (and often
   * do, to reduce network resource utilization), and one message can also
   * require multiple records (e.g. very large Certificate messages).
   */
  void processLoop() throws IOException {

    // need to read off 4 bytes at least to get the handshake
    // message type and length.
    while (input.available() >= 4) {
      byte messageType;
      int messageLen;

      /*
       * See if we can read the handshake message header, and
       * then the entire handshake message.  If not, wait till
       * we can read and process an entire message.
       */
      input.mark(4);

      messageType = (byte) input.getInt8();
      messageLen = input.getInt24();

      if (input.available() < messageLen) {
        input.reset();
        return;
      }

      /*
       * Process the messsage.  We require
       * that processMessage() consumes the entire message.  In
       * lieu of explicit error checks (how?!) we assume that the
       * data will look like garbage on encoding/processing errors,
       * and that other protocol code will detect such errors.
       *
       * Note that digesting is normally deferred till after the
       * message has been processed, though to process at least the
       * client's Finished message (i.e. send the server's) we need
       * to acccelerate that digesting.
       *
       * Also, note that hello request messages are never hashed;
       * that includes the hello request header, too.
       */
      if (messageType == HandshakeMessage.ht_hello_request) {
        input.reset();
        processMessage(messageType, messageLen);
        input.ignore(4 + messageLen);
      } else {
        input.mark(messageLen);
        processMessage(messageType, messageLen);
        input.digestNow();
      }
    }
  }

  /**
   * Returns true iff the handshaker has been activated.
   *
   * <p>In activated state, the handshaker may not send any messages out.
   */
  boolean activated() {
    return state >= -1;
  }

  /** Returns true iff the handshaker has sent any messages. */
  boolean started() {
    return state >= 0; // 0: HandshakeMessage.ht_hello_request
    // 1: HandshakeMessage.ht_client_hello
  }

  /*
   * Used to kickstart the negotiation ... either writing a
   * ClientHello or a HelloRequest as appropriate, whichever
   * the subclass returns.  NOP if handshaking's already started.
   */
  void kickstart() throws IOException {
    if (state >= 0) {
      return;
    }

    HandshakeMessage m = getKickstartMessage();

    if (debug != null && Debug.isOn("handshake")) {
      m.print(System.out);
    }
    m.write(output);
    output.flush();

    state = m.messageType();
  }

  /**
   * Both client and server modes can start handshaking; but the message they send to do so is
   * different.
   */
  abstract HandshakeMessage getKickstartMessage() throws SSLException;

  /*
   * Client and Server side protocols are each driven though this
   * call, which processes a single message and drives the appropriate
   * side of the protocol state machine (depending on the subclass).
   */
  abstract void processMessage(byte messageType, int messageLen) throws IOException;

  /*
   * Most alerts in the protocol relate to handshaking problems.
   * Alerts are detected as the connection reads data.
   */
  abstract void handshakeAlert(byte description) throws SSLProtocolException;

  /*
   * Sends a change cipher spec message and updates the write side
   * cipher state so that future messages use the just-negotiated spec.
   */
  void sendChangeCipherSpec(Finished mesg, boolean lastMessage) throws IOException {

    output.flush(); // i.e. handshake data

    /*
     * The write cipher state is protected by the connection write lock
     * so we must grab it while making the change. We also
     * make sure no writes occur between sending the ChangeCipherSpec
     * message, installing the new cipher state, and sending the
     * Finished message.
     *
     * We already hold SSLEngine/SSLSocket "this" by virtue
     * of this being called from the readRecord code.
     */
    OutputRecord r;
    if (conn != null) {
      r = new OutputRecord(Record.ct_change_cipher_spec);
    } else {
      r = new EngineOutputRecord(Record.ct_change_cipher_spec, engine);
    }

    r.setVersion(protocolVersion);
    r.write(1); // single byte of data

    if (conn != null) {
      conn.writeLock.lock();
      try {
        conn.writeRecord(r);
        conn.changeWriteCiphers();
        if (debug != null && Debug.isOn("handshake")) {
          mesg.print(System.out);
        }
        mesg.write(output);
        output.flush();
      } finally {
        conn.writeLock.unlock();
      }
    } else {
      synchronized (engine.writeLock) {
        engine.writeRecord((EngineOutputRecord) r);
        engine.changeWriteCiphers();
        if (debug != null && Debug.isOn("handshake")) {
          mesg.print(System.out);
        }
        mesg.write(output);

        if (lastMessage) {
          output.setFinishedMsg();
        }
        output.flush();
      }
    }
  }

  /*
   * Single access point to key calculation logic.  Given the
   * pre-master secret and the nonces from client and server,
   * produce all the keying material to be used.
   */
  void calculateKeys(SecretKey preMasterSecret, ProtocolVersion version) {
    SecretKey master = calculateMasterSecret(preMasterSecret, version);
    session.setMasterSecret(master);
    calculateConnectionKeys(master);
  }

  /*
   * Calculate the master secret from its various components.  This is
   * used for key exchange by all cipher suites.
   *
   * The master secret is the catenation of three MD5 hashes, each
   * consisting of the pre-master secret and a SHA1 hash.  Those three
   * SHA1 hashes are of (different) constant strings, the pre-master
   * secret, and the nonces provided by the client and the server.
   */
  private SecretKey calculateMasterSecret(
      SecretKey preMasterSecret, ProtocolVersion requestedVersion) {

    if (debug != null && Debug.isOn("keygen")) {
      HexDumpEncoder dump = new HexDumpEncoder();

      System.out.println("SESSION KEYGEN:");

      System.out.println("PreMaster Secret:");
      printHex(dump, preMasterSecret.getEncoded());

      // Nonces are dumped with connection keygen, no
      // benefit to doing it twice
    }

    // What algs/params do we need to use?
    String masterAlg;
    PRF prf;

    if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
      masterAlg = "SunTls12MasterSecret";
      prf = cipherSuite.prfAlg;
    } else {
      masterAlg = "SunTlsMasterSecret";
      prf = P_NONE;
    }

    String prfHashAlg = prf.getPRFHashAlg();
    int prfHashLength = prf.getPRFHashLength();
    int prfBlockSize = prf.getPRFBlockSize();

    TlsMasterSecretParameterSpec spec =
        new TlsMasterSecretParameterSpec(
            preMasterSecret,
            protocolVersion.major,
            protocolVersion.minor,
            clnt_random.random_bytes,
            svr_random.random_bytes,
            prfHashAlg,
            prfHashLength,
            prfBlockSize);

    SecretKey masterSecret;
    try {
      KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
      kg.init(spec);
      masterSecret = kg.generateKey();
    } catch (GeneralSecurityException e) {
      // For RSA premaster secrets, do not signal a protocol error
      // due to the Bleichenbacher attack. See comments further down.
      if (!preMasterSecret.getAlgorithm().equals("TlsRsaPremasterSecret")) {
        throw new ProviderException(e);
      }

      if (debug != null && Debug.isOn("handshake")) {
        System.out.println("RSA master secret generation error:");
        e.printStackTrace(System.out);
        System.out.println("Generating new random premaster secret");
      }

      if (requestedVersion != null) {
        preMasterSecret = RSAClientKeyExchange.generateDummySecret(requestedVersion);
      } else {
        preMasterSecret = RSAClientKeyExchange.generateDummySecret(protocolVersion);
      }

      // recursive call with new premaster secret
      return calculateMasterSecret(preMasterSecret, null);
    }

    // if no version check requested (client side handshake), or version
    // information is not available (not an RSA premaster secret),
    // return master secret immediately.
    if ((requestedVersion == null) || !(masterSecret instanceof TlsMasterSecret)) {
      return masterSecret;
    }

    // we have checked the ClientKeyExchange message when reading TLS
    // record, the following check is necessary to ensure that
    // JCE provider does not ignore the checking, or the previous
    // checking process bypassed the premaster secret version checking.
    TlsMasterSecret tlsKey = (TlsMasterSecret) masterSecret;
    int major = tlsKey.getMajorVersion();
    int minor = tlsKey.getMinorVersion();
    if ((major < 0) || (minor < 0)) {
      return masterSecret;
    }

    // check if the premaster secret version is ok
    // the specification says that it must be the maximum version supported
    // by the client from its ClientHello message. However, many
    // implementations send the negotiated version, so accept both
    // for SSL v3.0 and TLS v1.0.
    // NOTE that we may be comparing two unsupported version numbers, which
    // is why we cannot use object reference equality in this special case.
    ProtocolVersion premasterVersion = ProtocolVersion.valueOf(major, minor);
    boolean versionMismatch = (premasterVersion.v != requestedVersion.v);

    /*
     * we never checked the client_version in server side
     * for TLS v1.0 and SSL v3.0. For compatibility, we
     * maintain this behavior.
     */
    if (versionMismatch && requestedVersion.v <= ProtocolVersion.TLS10.v) {
      versionMismatch = (premasterVersion.v != protocolVersion.v);
    }

    if (versionMismatch == false) {
      // check passed, return key
      return masterSecret;
    }

    // Due to the Bleichenbacher attack, do not signal a protocol error.
    // Generate a random premaster secret and continue with the handshake,
    // which will fail when verifying the finished messages.
    // For more information, see comments in PreMasterSecret.
    if (debug != null && Debug.isOn("handshake")) {
      System.out.println(
          "RSA PreMasterSecret version error: expected"
              + protocolVersion
              + " or "
              + requestedVersion
              + ", decrypted: "
              + premasterVersion);
      System.out.println("Generating new random premaster secret");
    }
    preMasterSecret = RSAClientKeyExchange.generateDummySecret(requestedVersion);

    // recursive call with new premaster secret
    return calculateMasterSecret(preMasterSecret, null);
  }

  /*
   * Calculate the keys needed for this connection, once the session's
   * master secret has been calculated.  Uses the master key and nonces;
   * the amount of keying material generated is a function of the cipher
   * suite that's been negotiated.
   *
   * This gets called both on the "full handshake" (where we exchanged
   * a premaster secret and started a new session) as well as on the
   * "fast handshake" (where we just resumed a pre-existing session).
   */
  void calculateConnectionKeys(SecretKey masterKey) {
    /*
     * For both the read and write sides of the protocol, we use the
     * master to generate MAC secrets and cipher keying material.  Block
     * ciphers need initialization vectors, which we also generate.
     *
     * First we figure out how much keying material is needed.
     */
    int hashSize = cipherSuite.macAlg.size;
    boolean is_exportable = cipherSuite.exportable;
    BulkCipher cipher = cipherSuite.cipher;
    int expandedKeySize = is_exportable ? cipher.expandedKeySize : 0;

    // Which algs/params do we need to use?
    String keyMaterialAlg;
    PRF prf;

    if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
      keyMaterialAlg = "SunTls12KeyMaterial";
      prf = cipherSuite.prfAlg;
    } else {
      keyMaterialAlg = "SunTlsKeyMaterial";
      prf = P_NONE;
    }

    String prfHashAlg = prf.getPRFHashAlg();
    int prfHashLength = prf.getPRFHashLength();
    int prfBlockSize = prf.getPRFBlockSize();

    TlsKeyMaterialParameterSpec spec =
        new TlsKeyMaterialParameterSpec(
            masterKey,
            protocolVersion.major,
            protocolVersion.minor,
            clnt_random.random_bytes,
            svr_random.random_bytes,
            cipher.algorithm,
            cipher.keySize,
            expandedKeySize,
            cipher.ivSize,
            hashSize,
            prfHashAlg,
            prfHashLength,
            prfBlockSize);

    try {
      KeyGenerator kg = JsseJce.getKeyGenerator(keyMaterialAlg);
      kg.init(spec);
      TlsKeyMaterialSpec keySpec = (TlsKeyMaterialSpec) kg.generateKey();

      clntWriteKey = keySpec.getClientCipherKey();
      svrWriteKey = keySpec.getServerCipherKey();

      // Return null if IVs are not supposed to be generated.
      // e.g. TLS 1.1+.
      clntWriteIV = keySpec.getClientIv();
      svrWriteIV = keySpec.getServerIv();

      clntMacSecret = keySpec.getClientMacKey();
      svrMacSecret = keySpec.getServerMacKey();
    } catch (GeneralSecurityException e) {
      throw new ProviderException(e);
    }

    //
    // Dump the connection keys as they're generated.
    //
    if (debug != null && Debug.isOn("keygen")) {
      synchronized (System.out) {
        HexDumpEncoder dump = new HexDumpEncoder();

        System.out.println("CONNECTION KEYGEN:");

        // Inputs:
        System.out.println("Client Nonce:");
        printHex(dump, clnt_random.random_bytes);
        System.out.println("Server Nonce:");
        printHex(dump, svr_random.random_bytes);
        System.out.println("Master Secret:");
        printHex(dump, masterKey.getEncoded());

        // Outputs:
        System.out.println("Client MAC write Secret:");
        printHex(dump, clntMacSecret.getEncoded());
        System.out.println("Server MAC write Secret:");
        printHex(dump, svrMacSecret.getEncoded());

        if (clntWriteKey != null) {
          System.out.println("Client write key:");
          printHex(dump, clntWriteKey.getEncoded());
          System.out.println("Server write key:");
          printHex(dump, svrWriteKey.getEncoded());
        } else {
          System.out.println("... no encryption keys used");
        }

        if (clntWriteIV != null) {
          System.out.println("Client write IV:");
          printHex(dump, clntWriteIV.getIV());
          System.out.println("Server write IV:");
          printHex(dump, svrWriteIV.getIV());
        } else {
          if (protocolVersion.v >= ProtocolVersion.TLS11.v) {
            System.out.println("... no IV derived for this protocol");
          } else {
            System.out.println("... no IV used for this cipher");
          }
        }
        System.out.flush();
      }
    }
  }

  private static void printHex(HexDumpEncoder dump, byte[] bytes) {
    if (bytes == null) {
      System.out.println("(key bytes not available)");
    } else {
      try {
        dump.encodeBuffer(bytes, System.out);
      } catch (IOException e) {
        // just for debugging, ignore this
      }
    }
  }

  /**
   * Throw an SSLException with the specified message and cause. Shorthand until a new SSLException
   * constructor is added. This method never returns.
   */
  static void throwSSLException(String msg, Throwable cause) throws SSLException {
    SSLException e = new SSLException(msg);
    e.initCause(cause);
    throw e;
  }

  /*
   * Implement a simple task delegator.
   *
   * We are currently implementing this as a single delegator, may
   * try for parallel tasks later.  Client Authentication could
   * benefit from this, where ClientKeyExchange/CertificateVerify
   * could be carried out in parallel.
   */
  class DelegatedTask<E> implements Runnable {

    private PrivilegedExceptionAction<E> pea;

    DelegatedTask(PrivilegedExceptionAction<E> pea) {
      this.pea = pea;
    }

    public void run() {
      synchronized (engine) {
        try {
          AccessController.doPrivileged(pea, engine.getAcc());
        } catch (PrivilegedActionException pae) {
          thrown = pae.getException();
        } catch (RuntimeException rte) {
          thrown = rte;
        }
        delegatedTask = null;
        taskDelegated = false;
      }
    }
  }

  private <T> void delegateTask(PrivilegedExceptionAction<T> pea) {
    delegatedTask = new DelegatedTask<T>(pea);
    taskDelegated = false;
    thrown = null;
  }

  DelegatedTask getTask() {
    if (!taskDelegated) {
      taskDelegated = true;
      return delegatedTask;
    } else {
      return null;
    }
  }

  /*
   * See if there are any tasks which need to be delegated
   *
   * Locked by SSLEngine.this.
   */
  boolean taskOutstanding() {
    return (delegatedTask != null);
  }

  /*
   * The previous caller failed for some reason, report back the
   * Exception.  We won't worry about Error's.
   *
   * Locked by SSLEngine.this.
   */
  void checkThrown() throws SSLException {
    synchronized (thrownLock) {
      if (thrown != null) {

        String msg = thrown.getMessage();

        if (msg == null) {
          msg = "Delegated task threw Exception/Error";
        }

        /*
         * See what the underlying type of exception is.  We should
         * throw the same thing.  Chain thrown to the new exception.
         */
        Exception e = thrown;
        thrown = null;

        if (e instanceof RuntimeException) {
          throw (RuntimeException) new RuntimeException(msg).initCause(e);
        } else if (e instanceof SSLHandshakeException) {
          throw (SSLHandshakeException) new SSLHandshakeException(msg).initCause(e);
        } else if (e instanceof SSLKeyException) {
          throw (SSLKeyException) new SSLKeyException(msg).initCause(e);
        } else if (e instanceof SSLPeerUnverifiedException) {
          throw (SSLPeerUnverifiedException) new SSLPeerUnverifiedException(msg).initCause(e);
        } else if (e instanceof SSLProtocolException) {
          throw (SSLProtocolException) new SSLProtocolException(msg).initCause(e);
        } else {
          /*
           * If it's SSLException or any other Exception,
           * we'll wrap it in an SSLException.
           */
          throw (SSLException) new SSLException(msg).initCause(e);
        }
      }
    }
  }
}
Ejemplo n.º 2
0
/**
 * NEWT Utility class MainThread
 *
 * <p>This class provides a startup singleton <i>main thread</i>, from which a new thread with the
 * users main class is launched.<br>
 * Such behavior is necessary for native windowing toolkits, where the windowing management must
 * happen on the so called <i>main thread</i> e.g. for Mac OS X !<br>
 * Utilizing this class as a launchpad, now you are able to use a NEWT multithreaded application
 * with window handling within the different threads, even on these restricted platforms.<br>
 * To support your NEWT Window platform, you have to pass your <i>main thread</i> actions to {@link
 * #invoke invoke(..)}, have a look at the {@link com.jogamp.newt.macosx.MacWindow MacWindow}
 * implementation.<br>
 * <i>TODO</i>: Some hardcoded dependencies exist in this implementation, where you have to patch
 * this code or factor it out.
 *
 * <p>If your platform is not Mac OS X, but you want to test your code without modifying this class,
 * you have to set the system property <code>newt.MainThread.force</code> to <code>true</code>.
 *
 * <p>The code is compatible with all other platform, which support multithreaded windowing
 * handling. Since those platforms won't trigger the <i>main thread</i> serialization, the main
 * method will be simply executed, in case you haven't set <code>newt.MainThread.force</code> to
 * <code>true</code>.
 *
 * <p>Test case on Mac OS X (or any other platform):
 *
 * <PRE>
 * java -XstartOnFirstThread com.jogamp.newt.util.MainThread demos.es1.RedSquare -GL2 -GL2 -GL2 -GL2
 * </PRE>
 *
 * Which starts 4 threads, each with a window and OpenGL rendering.<br>
 */
public class MainThread implements EDTUtil {
  private static AccessControlContext localACC = AccessController.getContext();
  public static final boolean MAIN_THREAD_CRITERIA =
      (!NativeWindowFactory.isAWTAvailable()
              && NativeWindowFactory.TYPE_MACOSX.equals(
                  NativeWindowFactory.getNativeWindowType(false)))
          || Debug.getBooleanProperty("newt.MainThread.force", true, localACC);

  protected static final boolean DEBUG = Debug.debug("MainThread");

  private static MainThread singletonMainThread = new MainThread(); // one singleton MainThread

  private static boolean isExit = false;
  private static volatile boolean isRunning = false;
  private static Object taskWorkerLock = new Object();
  private static boolean shouldStop;
  private static ArrayList tasks;
  private static Thread mainThread;

  private static Timer pumpMessagesTimer = null;
  private static TimerTask pumpMessagesTimerTask = null;
  private static Map /*<Display, Runnable>*/ pumpMessageDisplayMap = new HashMap();

  private static boolean useMainThread = false;
  private static Class cAWTEventQueue = null;
  private static Method mAWTInvokeAndWait = null;
  private static Method mAWTInvokeLater = null;
  private static Method mAWTIsDispatchThread = null;

  static class MainAction extends Thread {
    private String mainClassName;
    private String[] mainClassArgs;

    private Class mainClass;
    private Method mainClassMain;

    public MainAction(String mainClassName, String[] mainClassArgs) {
      this.mainClassName = mainClassName;
      this.mainClassArgs = mainClassArgs;
    }

    public void run() {
      if (useMainThread) {
        // we have to start first to provide the service ..
        singletonMainThread.waitUntilRunning();
      }

      // start user app ..
      try {
        Class mainClass = ReflectionUtil.getClass(mainClassName, true, getClass().getClassLoader());
        if (null == mainClass) {
          throw new RuntimeException(
              new ClassNotFoundException("MainThread couldn't find main class " + mainClassName));
        }
        try {
          mainClassMain = mainClass.getDeclaredMethod("main", new Class[] {String[].class});
          mainClassMain.setAccessible(true);
        } catch (Throwable t) {
          throw new RuntimeException(t);
        }
        if (DEBUG)
          System.err.println(
              "MainAction.run(): " + Thread.currentThread().getName() + " invoke " + mainClassName);
        mainClassMain.invoke(null, new Object[] {mainClassArgs});
      } catch (InvocationTargetException ite) {
        ite.getTargetException().printStackTrace();
      } catch (Throwable t) {
        t.printStackTrace();
      }

      if (DEBUG)
        System.err.println(
            "MainAction.run(): " + Thread.currentThread().getName() + " user app fin");

      if (useMainThread) {
        singletonMainThread.stop();
        if (DEBUG)
          System.err.println(
              "MainAction.run(): " + Thread.currentThread().getName() + " MainThread fin - stop");
        System.exit(0);
      }
    }
  }

  private static MainAction mainAction;

  /** Your new java application main entry, which pipelines your application */
  public static void main(String[] args) {
    useMainThread = MAIN_THREAD_CRITERIA;

    if (DEBUG)
      System.err.println(
          "MainThread.main(): "
              + Thread.currentThread().getName()
              + " useMainThread "
              + useMainThread);

    if (args.length == 0) {
      return;
    }

    String mainClassName = args[0];
    String[] mainClassArgs = new String[args.length - 1];
    if (args.length > 1) {
      System.arraycopy(args, 1, mainClassArgs, 0, args.length - 1);
    }

    NEWTJNILibLoader.loadNEWT();

    mainAction = new MainAction(mainClassName, mainClassArgs);

    if (NativeWindowFactory.TYPE_MACOSX.equals(NativeWindowFactory.getNativeWindowType(false))) {
      ReflectionUtil.callStaticMethod(
          "com.jogamp.newt.impl.macosx.MacDisplay",
          "initSingleton",
          null,
          null,
          MainThread.class.getClassLoader());
    }

    if (useMainThread) {
      shouldStop = false;
      tasks = new ArrayList();
      mainThread = Thread.currentThread();

      // dispatch user's main thread ..
      mainAction.start();

      // do our main thread task scheduling
      singletonMainThread.run();
    } else {
      // run user's main in this thread
      mainAction.run();
    }
  }

  public static final MainThread getSingleton() {
    return singletonMainThread;
  }

  public static Runnable removePumpMessage(Display dpy) {
    synchronized (pumpMessageDisplayMap) {
      return (Runnable) pumpMessageDisplayMap.remove(dpy);
    }
  }

  public static void addPumpMessage(Display dpy, Runnable pumpMessage) {
    if (useMainThread) {
      return; // error ?
    }
    if (null == pumpMessagesTimer) {
      synchronized (MainThread.class) {
        if (null == pumpMessagesTimer) {
          pumpMessagesTimer = new Timer();
          pumpMessagesTimerTask =
              new TimerTask() {
                public void run() {
                  synchronized (pumpMessageDisplayMap) {
                    for (Iterator i = pumpMessageDisplayMap.values().iterator(); i.hasNext(); ) {
                      ((Runnable) i.next()).run();
                    }
                  }
                }
              };
          pumpMessagesTimer.scheduleAtFixedRate(
              pumpMessagesTimerTask, 0, defaultEDTPollGranularity);
        }
      }
    }
    synchronized (pumpMessageDisplayMap) {
      pumpMessageDisplayMap.put(dpy, pumpMessage);
    }
  }

  private void initAWTReflection() {
    if (null == cAWTEventQueue) {
      ClassLoader cl = MainThread.class.getClassLoader();
      cAWTEventQueue = ReflectionUtil.getClass("java.awt.EventQueue", true, cl);
      mAWTInvokeAndWait =
          ReflectionUtil.getMethod(
              cAWTEventQueue, "invokeAndWait", new Class[] {java.lang.Runnable.class}, cl);
      mAWTInvokeLater =
          ReflectionUtil.getMethod(
              cAWTEventQueue, "invokeLater", new Class[] {java.lang.Runnable.class}, cl);
      mAWTIsDispatchThread =
          ReflectionUtil.getMethod(cAWTEventQueue, "isDispatchThread", new Class[] {}, cl);
    }
  }

  public void start() {
    // nop
  }

  public void stop() {
    if (DEBUG)
      System.err.println("MainThread.stop(): " + Thread.currentThread().getName() + " start");
    synchronized (taskWorkerLock) {
      if (isRunning) {
        shouldStop = true;
      }
      taskWorkerLock.notifyAll();
    }
    if (DEBUG)
      System.err.println("MainThread.stop(): " + Thread.currentThread().getName() + " end");
  }

  public boolean isCurrentThreadEDT() {
    if (NativeWindowFactory.isAWTAvailable()) {
      initAWTReflection();
      return ((Boolean) ReflectionUtil.callMethod(null, mAWTIsDispatchThread, null)).booleanValue();
    }
    return isRunning() && mainThread == Thread.currentThread();
  }

  public boolean isRunning() {
    if (useMainThread) {
      synchronized (taskWorkerLock) {
        return isRunning;
      }
    }
    return true; // AWT is always running
  }

  private void invokeLater(Runnable task) {
    synchronized (taskWorkerLock) {
      if (isRunning() && mainThread != Thread.currentThread()) {
        tasks.add(task);
        taskWorkerLock.notifyAll();
      } else {
        // if !running or isEDTThread, do it right away
        task.run();
      }
    }
  }

  /** invokes the given Runnable */
  public void invoke(boolean wait, Runnable r) {
    if (r == null) {
      return;
    }

    if (NativeWindowFactory.isAWTAvailable()) {
      initAWTReflection();

      // handover to AWT MainThread ..
      try {
        if (((Boolean) ReflectionUtil.callMethod(null, mAWTIsDispatchThread, null))
            .booleanValue()) {
          r.run();
          return;
        }
        if (wait) {
          ReflectionUtil.callMethod(null, mAWTInvokeAndWait, new Object[] {r});
        } else {
          ReflectionUtil.callMethod(null, mAWTInvokeLater, new Object[] {r});
        }
      } catch (Exception e) {
        throw new NativeWindowException(e);
      }
      return;
    }

    // if this main thread is not being used or
    // if this is already the main thread .. just execute.
    if (!isRunning() || mainThread == Thread.currentThread()) {
      r.run();
      return;
    }

    boolean doWait = wait && isRunning() && mainThread != Thread.currentThread();
    Object lock = new Object();
    RunnableTask rTask = new RunnableTask(r, doWait ? lock : null, true);
    Throwable throwable = null;
    synchronized (lock) {
      invokeLater(rTask);
      if (doWait) {
        try {
          lock.wait();
        } catch (InterruptedException ie) {
          throwable = ie;
        }
      }
    }
    if (null == throwable) {
      throwable = rTask.getThrowable();
    }
    if (null != throwable) {
      throw new RuntimeException(throwable);
    }
  }

  public void waitUntilIdle() {}

  public void waitUntilStopped() {}

  private void waitUntilRunning() {
    synchronized (taskWorkerLock) {
      if (isExit) return;

      while (!isRunning) {
        try {
          taskWorkerLock.wait();
        } catch (InterruptedException e) {
          e.printStackTrace();
        }
      }
    }
  }

  public void run() {
    if (DEBUG) System.err.println("MainThread.run(): " + Thread.currentThread().getName());
    synchronized (taskWorkerLock) {
      isRunning = true;
      taskWorkerLock.notifyAll();
    }
    while (!shouldStop) {
      try {
        // wait for something todo ..
        synchronized (taskWorkerLock) {
          while (!shouldStop && tasks.size() == 0) {
            try {
              taskWorkerLock.wait();
            } catch (InterruptedException e) {
              e.printStackTrace();
            }
          }

          // take over the tasks ..
          if (!shouldStop && tasks.size() > 0) {
            Runnable task = (Runnable) tasks.remove(0);
            task.run(); // FIXME: could be run outside of lock
          }
          taskWorkerLock.notifyAll();
        }
      } catch (Throwable t) {
        // handle errors ..
        t.printStackTrace();
      } finally {
        // epilog - unlock locked stuff
      }
    }
    if (DEBUG) System.err.println("MainThread.run(): " + Thread.currentThread().getName() + " fin");
    synchronized (taskWorkerLock) {
      isRunning = false;
      isExit = true;
      taskWorkerLock.notifyAll();
    }
  }
}