8224829: AsyncSSLSocketClose.java has timing issue

Reviewed-by: jnimeh, dfuchs

src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java

@@ -38,6 +38,7 @@ import java.net.SocketException;
 import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
 import java.util.List;
+import java.util.concurrent.TimeUnit;
 import java.util.concurrent.locks.ReentrantLock;
 import java.util.function.BiFunction;
 import javax.net.ssl.HandshakeCompletedListener;
@@ -618,27 +619,76 @@ public final class SSLSocketImpl
 
         // Need a lock here so that the user_canceled alert and the
         // close_notify alert can be delivered together.
-        conContext.outputRecord.recordLock.lock();
-        try {
+        int linger = getSoLinger();
+        if (linger >= 0) {
+            // don't wait more than SO_LINGER for obtaining the
+            // the lock.
+            //
+            // keep and clear the current thread interruption status.
+            boolean interrupted = Thread.interrupted();
             try {
-                // send a user_canceled alert if needed.
-                if (useUserCanceled) {
-                    conContext.warning(Alert.USER_CANCELED);
-                }
+                if (conContext.outputRecord.recordLock.tryLock() ||
+                        conContext.outputRecord.recordLock.tryLock(
+                                linger, TimeUnit.SECONDS)) {
+                    try {
+                        handleClosedNotifyAlert(useUserCanceled);
+                    } finally {
+                        conContext.outputRecord.recordLock.unlock();
+                    }
+                } else {
+                    // For layered, non-autoclose sockets, we are not
+                    // able to bring them into a usable state, so we
+                    // treat it as fatal error.
+                    if (!super.isOutputShutdown()) {
+                        if (isLayered() && !autoClose) {
+                            throw new SSLException(
+                                    "SO_LINGER timeout, " +
+                                    "close_notify message cannot be sent.");
+                        } else {
+                            super.shutdownOutput();
+                            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                                SSLLogger.warning(
+                                    "SSLSocket output duplex close failed: " +
+                                    "SO_LINGER timeout, " +
+                                    "close_notify message cannot be sent.");
+                            }
+                        }
+                    }
 
-                // send a close_notify alert
-                conContext.warning(Alert.CLOSE_NOTIFY);
-            } finally {
-                if (!conContext.isOutboundClosed()) {
-                    conContext.outputRecord.close();
-                }
-
-                if ((autoClose || !isLayered()) && !super.isOutputShutdown()) {
-                    super.shutdownOutput();
+                    // RFC2246 requires that the session becomes
+                    // unresumable if any connection is terminated
+                    // without proper close_notify messages with
+                    // level equal to warning.
+                    //
+                    // RFC4346 no longer requires that a session not be
+                    // resumed if failure to properly close a connection.
+                    //
+                    // We choose to make the session unresumable if
+                    // failed to send the close_notify message.
+                    //
+                    conContext.conSession.invalidate();
+                    if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                        SSLLogger.warning(
+                                "Invalidate the session: SO_LINGER timeout, " +
+                                "close_notify message cannot be sent.");
+                    }
                 }
+            } catch (InterruptedException ex) {
+                // keep interrupted status
+                interrupted = true;
+            }
+
+            // restore the interrupted status
+            if (interrupted) {
+                Thread.currentThread().interrupt();
+            }
+        } else {
+            conContext.outputRecord.recordLock.lock();
+            try {
+                handleClosedNotifyAlert(useUserCanceled);
+            } finally {
+                conContext.outputRecord.recordLock.unlock();
             }
-        } finally {
-            conContext.outputRecord.recordLock.unlock();
         }
 
         if (!isInputShutdown()) {
@@ -646,6 +696,28 @@ public final class SSLSocketImpl
         }
     }
 
+    private void handleClosedNotifyAlert(
+            boolean useUserCanceled) throws IOException {
+        try {
+            // send a user_canceled alert if needed.
+            if (useUserCanceled) {
+                conContext.warning(Alert.USER_CANCELED);
+            }
+
+            // send a close_notify alert
+            conContext.warning(Alert.CLOSE_NOTIFY);
+        } finally {
+            if (!conContext.isOutboundClosed()) {
+                conContext.outputRecord.close();
+            }
+
+            if (!super.isOutputShutdown() &&
+                    (autoClose || !isLayered())) {
+                super.shutdownOutput();
+            }
+        }
+    }
+
     /**
      * Duplex close, start from closing inbound.
      *

test/jdk/javax/net/ssl/SSLSocket/Tls13PacketSize.java

@@ -53,6 +53,9 @@ public class Tls13PacketSize extends SSLSocketTemplate {
 
     @Override
     protected void runServerApplication(SSLSocket socket) throws Exception {
+        // Set SO_LINGER in case of slow socket
+        socket.setSoLinger(true, 10);
+
         // here comes the test logic
         InputStream sslIS = socket.getInputStream();
         OutputStream sslOS = socket.getOutputStream();
@@ -81,6 +84,9 @@ public class Tls13PacketSize extends SSLSocketTemplate {
      * @see #isCustomizedClientConnection()
      */
     protected void runClientApplication(SSLSocket socket) throws Exception {
+        // Set SO_LINGER in case of slow socket
+        socket.setSoLinger(true, 10);
+
         socket.setEnabledProtocols(new String[] {"TLSv1.3"});
         InputStream sslIS = socket.getInputStream();
         OutputStream sslOS = socket.getOutputStream();

test/jdk/sun/security/ssl/SSLSocketImpl/BlockedAsyncClose.java

@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
+/*
+ * @test
+ * @bug 8224829
+ * @summary AsyncSSLSocketClose.java has timing issue
+ * @run main/othervm BlockedAsyncClose
+ */
+
+import javax.net.ssl.*;
+import java.io.*;
+import java.net.SocketException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
+public class BlockedAsyncClose implements Runnable {
+    SSLSocket socket;
+    SSLServerSocket ss;
+
+    // Is the socket ready to close?
+    private final CountDownLatch closeCondition = new CountDownLatch(1);
+
+    // Where do we find the keystores?
+    static String pathToStores = "../../../../javax/net/ssl/etc";
+    static String keyStoreFile = "keystore";
+    static String trustStoreFile = "truststore";
+    static String passwd = "passphrase";
+
+    public static void main(String[] args) throws Exception {
+        String keyFilename =
+            System.getProperty("test.src", "./") + "/" + pathToStores +
+                "/" + keyStoreFile;
+        String trustFilename =
+            System.getProperty("test.src", "./") + "/" + pathToStores +
+                "/" + trustStoreFile;
+
+        System.setProperty("javax.net.ssl.keyStore", keyFilename);
+        System.setProperty("javax.net.ssl.keyStorePassword", passwd);
+        System.setProperty("javax.net.ssl.trustStore", trustFilename);
+        System.setProperty("javax.net.ssl.trustStorePassword", passwd);
+
+        new BlockedAsyncClose();
+    }
+
+    public BlockedAsyncClose() throws Exception {
+        SSLServerSocketFactory sslssf =
+                (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
+        InetAddress loopback = InetAddress.getLoopbackAddress();
+        ss = (SSLServerSocket)sslssf.createServerSocket();
+        ss.bind(new InetSocketAddress(loopback, 0));
+
+        SSLSocketFactory sslsf =
+            (SSLSocketFactory)SSLSocketFactory.getDefault();
+        socket = (SSLSocket)sslsf.createSocket(loopback, ss.getLocalPort());
+        SSLSocket serverSoc = (SSLSocket)ss.accept();
+        ss.close();
+
+        (new Thread(this)).start();
+        serverSoc.startHandshake();
+
+        boolean closeIsReady = closeCondition.await(90L, TimeUnit.SECONDS);
+        if (!closeIsReady) {
+            System.out.println(
+                    "Ignore, the closure is not ready yet in 90 seconds.");
+            return;
+        }
+
+        socket.setSoLinger(true, 10);
+        System.out.println("Calling Socket.close");
+
+        // Sleep for a while so that the write thread blocks by hitting the
+        // output stream buffer limit.
+        Thread.sleep(1000);
+
+        socket.close();
+        System.out.println("ssl socket get closed");
+        System.out.flush();
+    }
+
+    // block in write
+    public void run() {
+        byte[] ba = new byte[1024];
+        for (int i = 0; i < ba.length; i++) {
+            ba[i] = 0x7A;
+        }
+
+        try {
+            OutputStream os = socket.getOutputStream();
+            int count = 0;
+
+            // 1st round write
+            count += ba.length;
+            System.out.println(count + " bytes to be written");
+            os.write(ba);
+            System.out.println(count + " bytes written");
+
+            // Signal, ready to close.
+            closeCondition.countDown();
+
+            // write more
+            while (true) {
+                count += ba.length;
+                System.out.println(count + " bytes to be written");
+                os.write(ba);
+                System.out.println(count + " bytes written");
+            }
+        } catch (SocketException se) {
+            // the closing may be in progress
+            System.out.println("interrupted? " + se);
+        } catch (Exception e) {
+            if (socket.isClosed() || socket.isOutputShutdown()) {
+                System.out.println("interrupted, the socket is closed");
+            } else {
+                throw new RuntimeException("interrupted?", e);
+            }
+        }
+    }
+}
+