/* * Begin the shutdown process. * <P> * Close out the SSLEngine if not already done so, then * wrap our outgoing close_notify message and try to send it on. * <P> * Return true when we're done passing the shutdown messsages. */ boolean shutdown() throws IOException { if (!shutdown) { sslEngine.closeOutbound(); shutdown = true; } if (outNetBB.hasRemaining() && tryFlush(outNetBB)) { return false; } /* * By RFC 2616, we can "fire and forget" our close_notify * message, so that's what we'll do here. */ outNetBB.clear(); SSLEngineResult result = sslEngine.wrap(hsBB, outNetBB); if (result.getStatus() != Status.CLOSED) { throw new SSLException("Improper close state"); } outNetBB.flip(); /* * We won't wait for a select here, but if this doesn't work, * we'll cycle back through on the next select. */ if (outNetBB.hasRemaining()) { tryFlush(outNetBB); } return (!outNetBB.hasRemaining() && (result.getHandshakeStatus() != HandshakeStatus.NEED_WRAP)); }
private static void log(String str, SSLEngineResult result) { if (!logging) { return; } if (resultOnce) { resultOnce = false; System.out.println( "The format of the SSLEngineResult is: \n" + "\t\"getStatus() / getHandshakeStatus()\" +\n" + "\t\"bytesConsumed() / bytesProduced()\"\n"); } HandshakeStatus hsStatus = result.getHandshakeStatus(); log( str + result.getStatus() + "/" + hsStatus + ", " + result.bytesConsumed() + "/" + result.bytesProduced() + " bytes"); if (hsStatus == HandshakeStatus.FINISHED) { log("\t...ready for application data"); } }
/* * Read the channel for more information, then unwrap the * (hopefully application) data we get. * <P> * If we run out of data, we'll return to our caller (possibly using * a Selector) to get notification that more is available. * <P> * Each call to this method will perform at most one underlying read(). */ int read() throws IOException { SSLEngineResult result; if (!initialHSComplete) { throw new IllegalStateException(); } int pos = requestBB.position(); if (sc.read(inNetBB) == -1) { sslEngine.closeInbound(); // probably throws exception return -1; } do { resizeRequestBB(); // expected room for unwrap inNetBB.flip(); result = sslEngine.unwrap(inNetBB, requestBB); inNetBB.compact(); /* * Could check here for a renegotation, but we're only * doing a simple read/write, and won't have enough state * transitions to do a complete handshake, so ignore that * possibility. */ switch (result.getStatus()) { case BUFFER_OVERFLOW: // Reset the application buffer size. appBBSize = sslEngine.getSession().getApplicationBufferSize(); break; case BUFFER_UNDERFLOW: // Resize buffer if needed. netBBSize = sslEngine.getSession().getPacketBufferSize(); if (netBBSize > inNetBB.capacity()) { resizeResponseBB(); break; // break, next read will support larger buffer. } case OK: if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { doTasks(); } break; default: throw new IOException("sslEngine error during data read: " + result.getStatus()); } } while ((inNetBB.position() != 0) && result.getStatus() != Status.BUFFER_UNDERFLOW); return (requestBB.position() - pos); }
private void checkResult( SSLEngine engine, SSLEngineResult result, HandshakeStatus rqdHsStatus, boolean consumed, boolean produced) throws Exception { HandshakeStatus hsStatus = result.getHandshakeStatus(); if (hsStatus == HandshakeStatus.NEED_TASK) { Runnable runnable; while ((runnable = engine.getDelegatedTask()) != null) { runnable.run(); } hsStatus = engine.getHandshakeStatus(); } if (hsStatus != rqdHsStatus) { throw new Exception("Required " + rqdHsStatus + ", got " + hsStatus); } int bc = result.bytesConsumed(); int bp = result.bytesProduced(); if (consumed) { if (bc <= 0) { throw new Exception("Should have consumed bytes"); } } else { if (bc > 0) { throw new Exception("Should not have consumed bytes"); } } if (produced) { if (bp <= 0) { throw new Exception("Should have produced bytes"); } } else { if (bp > 0) { throw new Exception("Should not have produced bytes"); } } }
private ByteBuffer unwrap(ByteBuffer b) throws SSLException { in.clear(); while (b.hasRemaining()) { sslEngineResult = sslEngine.unwrap(b, in); if (sslEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) { if (DEBUG) { log("Handshake NEED TASK"); } Runnable task; while ((task = sslEngine.getDelegatedTask()) != null) { if (DEBUG) { log("Running task: " + task); } task.run(); } } else if (sslEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED || sslEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) { return in; } } return in; }
/* * Try to flush out any existing outbound data, then try to wrap * anything new contained in the src buffer. * <P> * Return the number of bytes actually consumed from the buffer, * but the data may actually be still sitting in the output buffer, * waiting to be flushed. */ private int doWrite(ByteBuffer src) throws IOException { int retValue = 0; if (outNetBB.hasRemaining() && !tryFlush(outNetBB)) { return retValue; } /* * The data buffer is empty, we can reuse the entire buffer. */ outNetBB.clear(); SSLEngineResult result = sslEngine.wrap(src, outNetBB); retValue = result.bytesConsumed(); outNetBB.flip(); switch (result.getStatus()) { case OK: if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { doTasks(); } break; default: throw new IOException("sslEngine error during data write: " + result.getStatus()); } /* * Try to flush the data, regardless of whether or not * it's been selected. Odds of a write buffer being full * is less than a read buffer being empty. */ if (outNetBB.hasRemaining()) { tryFlush(outNetBB); } return retValue; }
/* * If the result indicates that we have outstanding tasks to do, * go ahead and run them in this thread. */ private static void runDelegatedTasks(SSLEngineResult result, SSLEngine engine) throws Exception { if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { Runnable runnable; while ((runnable = engine.getDelegatedTask()) != null) { log("\trunning delegated task..."); runnable.run(); } HandshakeStatus hsStatus = engine.getHandshakeStatus(); if (hsStatus == HandshakeStatus.NEED_TASK) { throw new Exception("handshake shouldn't need additional tasks"); } log("\tnew HandshakeStatus: " + hsStatus); } }
public int read(ByteBuffer output) throws IOException { if (!handshakeCompleted) { handshake(); } int readBytesCount = 0; int limit; if (in.hasRemaining()) { limit = Math.min(in.remaining(), output.remaining()); for (int i = 0; i < limit; i++) { output.put(in.get()); readBytesCount++; } return readBytesCount; } if (netInBuffer.hasRemaining()) { unwrap(netInBuffer); in.flip(); limit = Math.min(in.remaining(), output.remaining()); for (int i = 0; i < limit; i++) { output.put(in.get()); readBytesCount++; } if (sslEngineResult.getStatus() != SSLEngineResult.Status.BUFFER_UNDERFLOW) { netInBuffer.clear(); netInBuffer.flip(); return readBytesCount; } } if (netInBuffer.hasRemaining()) { netInBuffer.compact(); } else { netInBuffer.clear(); } if (socketChannel.read(netInBuffer) == -1) { netInBuffer.clear(); netInBuffer.flip(); return -1; } netInBuffer.flip(); unwrap(netInBuffer); in.flip(); limit = Math.min(in.remaining(), output.remaining()); for (int i = 0; i < limit; i++) { output.put(in.get()); readBytesCount++; } return readBytesCount; }
private void handshake() throws IOException { if (handshakeCompleted) { return; } if (DEBUG) { log("Starting handshake..."); } synchronized (this) { if (handshakeCompleted) { if (DEBUG) { log("Handshake already completed..."); } return; } int counter = 0; if (DEBUG) { log("Begin handshake"); } sslEngine.beginHandshake(); writeInternal(emptyBuffer); while (counter++ < 250 && sslEngineResult.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.FINISHED) { if (DEBUG) { log("Handshake status: " + sslEngineResult.getHandshakeStatus()); } if (sslEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) { if (DEBUG) { log("Begin UNWRAP"); } netInBuffer.clear(); while (socketChannel.read(netInBuffer) < 1) { try { if (DEBUG) { log("Spinning on channel read..."); } Thread.sleep(50); } catch (InterruptedException e) { throw new IOException(e); } } netInBuffer.flip(); unwrap(netInBuffer); if (DEBUG) { log("Done UNWRAP: " + sslEngineResult.getHandshakeStatus()); } if (sslEngineResult.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.FINISHED) { emptyBuffer.clear(); writeInternal(emptyBuffer); if (DEBUG) { log("Done WRAP after UNWRAP: " + sslEngineResult.getHandshakeStatus()); } } } else if (sslEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP) { if (DEBUG) { log("Begin WRAP"); } emptyBuffer.clear(); writeInternal(emptyBuffer); if (DEBUG) { log("Done WRAP: " + sslEngineResult.getHandshakeStatus()); } } else { try { if (DEBUG) { log("Sleeping... Status: " + sslEngineResult.getHandshakeStatus()); } Thread.sleep(500); } catch (InterruptedException e) { throw new IOException(e); } } } if (sslEngineResult.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.FINISHED) { throw new SSLHandshakeException( "SSL handshake failed after " + counter + " trials! -> " + sslEngineResult.getHandshakeStatus()); } if (DEBUG) { log("Handshake completed!"); } in.clear(); in.flip(); handshakeCompleted = true; } }
/* * Perform any handshaking processing. * <P> * If a SelectionKey is passed, register for selectable * operations. * <P> * In the blocking case, our caller will keep calling us until * we finish the handshake. Our reads/writes will block as expected. * <P> * In the non-blocking case, we just received the selection notification * that this channel is ready for whatever the operation is, so give * it a try. * <P> * return: * true when handshake is done. * false while handshake is in progress */ boolean doHandshake(SelectionKey sk) throws IOException { SSLEngineResult result; if (initialHSComplete) { return initialHSComplete; } /* * Flush out the outgoing buffer, if there's anything left in * it. */ if (outNetBB.hasRemaining()) { if (!tryFlush(outNetBB)) { return false; } // See if we need to switch from write to read mode. switch (initialHSStatus) { /* * Is this the last buffer? */ case FINISHED: initialHSComplete = true; // Fall-through to reregister need for a Read. case NEED_UNWRAP: if (sk != null) { sk.interestOps(SelectionKey.OP_READ); } break; } return initialHSComplete; } switch (initialHSStatus) { case NEED_UNWRAP: if (sc.read(inNetBB) == -1) { sslEngine.closeInbound(); return initialHSComplete; } needIO: while (initialHSStatus == HandshakeStatus.NEED_UNWRAP) { resizeRequestBB(); // expected room for unwrap inNetBB.flip(); result = sslEngine.unwrap(inNetBB, requestBB); inNetBB.compact(); initialHSStatus = result.getHandshakeStatus(); switch (result.getStatus()) { case OK: switch (initialHSStatus) { case NOT_HANDSHAKING: throw new IOException("Not handshaking during initial handshake"); case NEED_TASK: initialHSStatus = doTasks(); break; case FINISHED: initialHSComplete = true; break needIO; } break; case BUFFER_UNDERFLOW: // Resize buffer if needed. netBBSize = sslEngine.getSession().getPacketBufferSize(); if (netBBSize > inNetBB.capacity()) { resizeResponseBB(); } /* * Need to go reread the Channel for more data. */ if (sk != null) { sk.interestOps(SelectionKey.OP_READ); } break needIO; case BUFFER_OVERFLOW: // Reset the application buffer size. appBBSize = sslEngine.getSession().getApplicationBufferSize(); break; default: // CLOSED: throw new IOException("Received" + result.getStatus() + "during initial handshaking"); } } // "needIO" block. /* * Just transitioned from read to write. */ if (initialHSStatus != HandshakeStatus.NEED_WRAP) { break; } // Fall through and fill the write buffers. case NEED_WRAP: /* * The flush above guarantees the out buffer to be empty */ outNetBB.clear(); result = sslEngine.wrap(hsBB, outNetBB); outNetBB.flip(); initialHSStatus = result.getHandshakeStatus(); switch (result.getStatus()) { case OK: if (initialHSStatus == HandshakeStatus.NEED_TASK) { initialHSStatus = doTasks(); } if (sk != null) { sk.interestOps(SelectionKey.OP_WRITE); } break; default: // BUFFER_OVERFLOW/BUFFER_UNDERFLOW/CLOSED: throw new IOException("Received" + result.getStatus() + "during initial handshaking"); } break; default: // NOT_HANDSHAKING/NEED_TASK/FINISHED throw new RuntimeException("Invalid Handshaking State" + initialHSStatus); } // switch return initialHSComplete; }