javax.net.ssl.SSLEngineResult.HandshakeStatus Java Examples

private HandshakeStatus tryToFinishHandshake(byte contentType) {
    HandshakeStatus hsStatus = null;
    if ((contentType == ContentType.HANDSHAKE.id) &&
            conContext.outputRecord.isEmpty()) {
        if (conContext.handshakeContext == null) {
            hsStatus = HandshakeStatus.FINISHED;
        } else if (conContext.isPostHandshakeContext()) {
            // unlikely, but just in case.
            hsStatus = conContext.finishPostHandshake();
        } else if (conContext.handshakeContext.handshakeFinished) {
            hsStatus = conContext.finishHandshake();
        }
    }   // Otherwise, the followed call to getHSStatus() will help.

    return hsStatus;
}
 

/**
 * Runs all tasks needed to continue SSL work.
 *
 * @return Handshake status after running all tasks.
 */
private HandshakeStatus runTasks() {
    Runnable runnable;

    while ((runnable = sslEngine.getDelegatedTask()) != null) {
        if (log.isDebugEnabled())
            log.debug("Running SSL engine task: " + runnable + '.');

        runnable.run();
    }

    if (log.isDebugEnabled())
        log.debug("Finished running SSL engine tasks. HandshakeStatus: " + sslEngine.getHandshakeStatus());

    return sslEngine.getHandshakeStatus();
}
 

private static void runDelegatedTasks(SSLEngineResult result,
		SSLEngine engine) throws Exception {

	if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
		Runnable runnable;
		while ((runnable = engine.getDelegatedTask()) != null) {
			log("\trunning delegated task...");
			runnable.run();
		}
		HandshakeStatus hsStatus = engine.getHandshakeStatus();
		if (hsStatus == HandshakeStatus.NEED_TASK) {
			throw new Exception("handshake shouldn't need additional tasks");
		}
		log("\tnew HandshakeStatus: " + hsStatus);
	}
}
 

/**
 * Perform handshake unwrap
 * @return the result
 * @throws IOException An IO error occurred
 */
protected SSLEngineResult handshakeUnwrap() throws IOException {
    SSLEngineResult result;
    boolean cont = false;
    //loop while we can perform pure SSLEngine data
    do {
        //prepare the buffer with the incoming data
        netInBuffer.flip();
        //call unwrap
        getBufHandler().configureReadBufferForWrite();
        result = sslEngine.unwrap(netInBuffer, getBufHandler().getReadBuffer());
        //compact the buffer, this is an optional method, wonder what would happen if we didn't
        netInBuffer.compact();
        //read in the status
        handshakeStatus = result.getHandshakeStatus();
        if (result.getStatus() == SSLEngineResult.Status.OK &&
             result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
            //execute tasks if we need to
            handshakeStatus = tasks();
        }
        //perform another unwrap?
        cont = result.getStatus() == SSLEngineResult.Status.OK &&
               handshakeStatus == HandshakeStatus.NEED_UNWRAP;
    } while (cont);
    return result;
}
 

/**
 * performs the unwrap operation by unwrapping from {@link #inCrypt} to {@link #inData}
 **/
private synchronized ByteBuffer unwrap() throws SSLException {
    int rem;
    //There are some ssl test suites, which get around the selector.select() call, which
    // cause an infinite unwrap and 100% cpu usage (see #459 and #458)
    if (readEngineResult.getStatus() == Status.CLOSED
            && sslEngine.getHandshakeStatus() == HandshakeStatus.NOT_HANDSHAKING) {
        try {
            close();
        } catch (IOException e) {
            //Not really interesting
        }
    }
    do {
        rem = inData.remaining();
        readEngineResult = sslEngine.unwrap(inCrypt, inData);
    } while (readEngineResult.getStatus() == Status.OK && (rem != inData.remaining()
            || sslEngine.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP));
    inData.flip();
    return inData;
}
 

/**
 * Sends a SSL close message, will not physically close the connection here.<br>
 * To close the connection, you could do something like
 * <pre><code>
 *   close();
 *   while (isOpen() && !myTimeoutFunction()) Thread.sleep(25);
 *   if ( isOpen() ) close(true); //forces a close if you timed out
 * </code></pre>
 * @throws IOException if an I/O error occurs
 * @throws IOException if there is data on the outgoing network buffer and we are unable to flush it
 * TODO Implement this java.io.Closeable method
 */
@Override
public void close() throws IOException {
    if (closing) return;
    closing = true;
    sslEngine.closeOutbound();

    if (!flush(netOutBuffer)) {
        throw new IOException("Remaining data in the network buffer, can't send SSL close message, force a close with close(true) instead");
    }
    //prep the buffer for the close message
    netOutBuffer.clear();
    //perform the close, since we called sslEngine.closeOutbound
    SSLEngineResult handshake = sslEngine.wrap(getEmptyBuf(), netOutBuffer);
    //we should be in a close state
    if (handshake.getStatus() != SSLEngineResult.Status.CLOSED) {
        throw new IOException("Invalid close state, will not send network data.");
    }
    //prepare the buffer for writing
    netOutBuffer.flip();
    //if there is data to be written
    flush(netOutBuffer);

    //is the channel closed?
    closed = (!netOutBuffer.hasRemaining() && (handshake.getHandshakeStatus() != HandshakeStatus.NEED_WRAP));
}
 

private void log(String str, SSLEngineResult result) {
    if (!logging) {
        return;
    }
    if (resultOnce) {
        resultOnce = false;
        Log.info("The format of the SSLEngineResult is: \n"
                + "\t\"getStatus() / getHandshakeStatus()\" +\n"
                + "\t\"bytesConsumed() / bytesProduced()\"\n");
    }
    HandshakeStatus hsStatus = result.getHandshakeStatus();
    Log.info(str + result.getStatus() + "/" + hsStatus + ", " + result.bytesConsumed() + "/"
            + result.bytesProduced() + " bytes");
    if (hsStatus == HandshakeStatus.FINISHED) {
        Log.info("\t...ready for application data");
    }
}
 

/**
 * read data thru the engine into the given ByteBuffer. If the
 * given buffer was not large enough, a new one is allocated
 * and returned. This call handles handshaking automatically.
 * Caller should check if engine has been closed.
 */
WrapperResult recvData (ByteBuffer dst) throws IOException {
    /* we wait until some user data arrives */
    int mark = dst.position();
    WrapperResult r = null;
    int pos = dst.position();
    while (dst.position() == pos) {
        r = wrapper.recvAndUnwrap (dst);
        dst = (r.buf != dst) ? r.buf: dst;
        Status status = r.result.getStatus();
        if (status == Status.CLOSED) {
            doClosure ();
            return r;
        }

        HandshakeStatus hs_status = r.result.getHandshakeStatus();
        if (hs_status != HandshakeStatus.FINISHED &&
            hs_status != HandshakeStatus.NOT_HANDSHAKING)
        {
            doHandshake (hs_status);
        }
    }
    Utils.flipToMark(dst, mark);
    return r;
}
 

synchronized void writeRecord(EngineOutputRecord outputRecord,
        Authenticator authenticator,
        CipherBox writeCipher) throws IOException {

    /*
     * Only output if we're still open.
     */
    if (outboundClosed) {
        throw new IOException("writer side was already closed.");
    }

    outputRecord.write(authenticator, writeCipher);

    /*
     * Did our handshakers notify that we just sent the
     * Finished message?
     *
     * Add an "I'm finished" message to the queue.
     */
    if (outputRecord.isFinishedMsg()) {
        outboundList.addLast(HandshakeStatus.FINISHED);
    }
}
 

private void runDelegatedTasks(SSLEngineResult result)
{
    if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK)
    {
        Runnable runnable;
        while ((runnable = _sslEngine.getDelegatedTask()) != null)
        {
            runnable.run();
        }

        HandshakeStatus hsStatus = _sslEngine.getHandshakeStatus();
        if (hsStatus == HandshakeStatus.NEED_TASK)
        {
            throw new RuntimeException("handshake shouldn't need additional tasks");
        }
    }
}
 

synchronized void writeRecord(EngineOutputRecord outputRecord,
        Authenticator authenticator,
        CipherBox writeCipher) throws IOException {

    /*
     * Only output if we're still open.
     */
    if (outboundClosed) {
        throw new IOException("writer side was already closed.");
    }

    outputRecord.write(authenticator, writeCipher);

    /*
     * Did our handshakers notify that we just sent the
     * Finished message?
     *
     * Add an "I'm finished" message to the queue.
     */
    if (outputRecord.isFinishedMsg()) {
        outboundList.addLast(HandshakeStatus.FINISHED);
    }
}
 

/**
 * performs the unwrap operation by unwrapping from {@link #inCrypt} to {@link #inData}
 **/
private synchronized ByteBuffer unwrap() throws SSLException {
	int rem;
	//There are some ssl test suites, which get around the selector.select() call, which cause an infinite unwrap and 100% cpu usage (see #459 and #458)
	if(readEngineResult.getStatus() == SSLEngineResult.Status.CLOSED && sslEngine.getHandshakeStatus() == HandshakeStatus.NOT_HANDSHAKING){
		try {
			close();
		} catch (IOException e) {
			//Not really interesting
		}
	}
	do {
		rem = inData.remaining();
		readEngineResult = sslEngine.unwrap( inCrypt, inData );
	} while ( readEngineResult.getStatus() == SSLEngineResult.Status.OK && ( rem != inData.remaining() || sslEngine.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP ) );
	inData.flip();
	return inData;
}
 

/**
 * 处理握手 Warp;
 *
 * @return
 * @throws IOException
 * @throws Exception
 */
private synchronized HandshakeStatus doHandShakeWarp() throws IOException {

	if(!session.isConnected()){
		return null;
	}

	try {
		clearBuffer();
		appData.flip();
		if (warpData(appData) == null) {
			return null;
		}
		//如果有 HandShake Task 则执行
		HandshakeStatus handshakeStatus = runDelegatedTasks();
		return handshakeStatus;
	} catch (SSLException e) {
		Logger.error("HandShakeWarp error:", e);
		return null;
	}
}
 

private HandshakeStatus tryNewSessionTicket(
        HandshakeStatus currentHandshakeStatus) throws IOException {
    // Don't bother to kickstart if handshaking is in progress, or if the
    // connection is not duplex-open.
    if ((conContext.handshakeContext == null) &&
            conContext.protocolVersion.useTLS13PlusSpec() &&
            !conContext.isOutboundClosed() &&
            !conContext.isInboundClosed() &&
            !conContext.isBroken) {
        if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
            SSLLogger.finest("trigger NST");
        }
        conContext.conSession.updateNST = false;
        NewSessionTicket.kickstartProducer.produce(
                new PostHandshakeContext(conContext));
        return conContext.getHandshakeStatus();
    }

    return currentHandshakeStatus;
}
 

synchronized void writeRecord(EngineOutputRecord outputRecord,
        Authenticator authenticator,
        CipherBox writeCipher) throws IOException {

    /*
     * Only output if we're still open.
     */
    if (outboundClosed) {
        throw new IOException("writer side was already closed.");
    }

    outputRecord.write(authenticator, writeCipher);

    /*
     * Did our handshakers notify that we just sent the
     * Finished message?
     *
     * Add an "I'm finished" message to the queue.
     */
    if (outputRecord.isFinishedMsg()) {
        outboundList.addLast(HandshakeStatus.FINISHED);
    }
}
 

synchronized void writeRecord(EngineOutputRecord outputRecord,
        Authenticator authenticator,
        CipherBox writeCipher) throws IOException {

    /*
     * Only output if we're still open.
     */
    if (outboundClosed) {
        throw new IOException("writer side was already closed.");
    }

    outputRecord.write(authenticator, writeCipher);

    /*
     * Did our handshakers notify that we just sent the
     * Finished message?
     *
     * Add an "I'm finished" message to the queue.
     */
    if (outputRecord.isFinishedMsg()) {
        outboundList.addLast(HandshakeStatus.FINISHED);
    }
}
 

synchronized void writeRecord(EngineOutputRecord outputRecord,
        Authenticator authenticator,
        CipherBox writeCipher) throws IOException {

    /*
     * Only output if we're still open.
     */
    if (outboundClosed) {
        throw new IOException("writer side was already closed.");
    }

    outputRecord.write(authenticator, writeCipher);

    /*
     * Did our handshakers notify that we just sent the
     * Finished message?
     *
     * Add an "I'm finished" message to the queue.
     */
    if (outputRecord.isFinishedMsg()) {
        outboundList.addLast(HandshakeStatus.FINISHED);
    }
}
 

private static void log(String str, SSLEngineResult result) {
	if (!logging) {
		return;
	}
	if (resultOnce) {
		resultOnce = false;
		Logger.simple("The format of the SSLEngineResult is: \n"
				+ "\t\"getStatus() / getHandshakeStatus()\" +\n"
				+ "\t\"bytesConsumed() / bytesProduced()\"\n");
	}
	HandshakeStatus hsStatus = result.getHandshakeStatus();
	log(str + result.getStatus() + "/" + hsStatus + ", "
			+ result.bytesConsumed() + "/" + result.bytesProduced()
			+ " bytes");
	if (hsStatus == HandshakeStatus.FINISHED) {
		log("\t...ready for application data");
	}
}
 

synchronized void writeRecord(EngineOutputRecord outputRecord,
        Authenticator authenticator,
        CipherBox writeCipher) throws IOException {

    /*
     * Only output if we're still open.
     */
    if (outboundClosed) {
        throw new IOException("writer side was already closed.");
    }

    outputRecord.write(authenticator, writeCipher);

    /*
     * Did our handshakers notify that we just sent the
     * Finished message?
     *
     * Add an "I'm finished" message to the queue.
     */
    if (outputRecord.isFinishedMsg()) {
        outboundList.addLast(HandshakeStatus.FINISHED);
    }
}
 

public SSLStreams.WrapperResult sendData(ByteBuffer src) throws IOException {
   SSLStreams.WrapperResult r = null;

   while(src.remaining() > 0) {
      r = this.wrapper.wrapAndSend(src);
      Status status = r.result.getStatus();
      if (status == Status.CLOSED) {
         this.doClosure();
         return r;
      }

      HandshakeStatus hs_status = r.result.getHandshakeStatus();
      if (hs_status != HandshakeStatus.FINISHED && hs_status != HandshakeStatus.NOT_HANDSHAKING) {
         this.doHandshake(hs_status);
      }
   }

   return r;
}
 

/**
 * Perform handshake unwrap
 * @param doread boolean
 * @return SSLEngineResult
 * @throws IOException
 */
protected SSLEngineResult handshakeUnwrap(boolean doread) throws IOException {

    if (netInBuffer.position() == netInBuffer.limit()) {
        //clear the buffer if we have emptied it out on data
        netInBuffer.clear();
    }
    if ( doread )  {
        //if we have data to read, read it
        int read = sc.read(netInBuffer);
        if (read == -1) throw new IOException("EOF encountered during handshake.");
    }
    SSLEngineResult result;
    boolean cont = false;
    //loop while we can perform pure SSLEngine data
    do {
        //prepare the buffer with the incoming data
        netInBuffer.flip();
        //call unwrap
        result = sslEngine.unwrap(netInBuffer, bufHandler.getReadBuffer());
        //compact the buffer, this is an optional method, wonder what would happen if we didn't
        netInBuffer.compact();
        //read in the status
        handshakeStatus = result.getHandshakeStatus();
        if ( result.getStatus() == SSLEngineResult.Status.OK &&
             result.getHandshakeStatus() == HandshakeStatus.NEED_TASK ) {
            //execute tasks if we need to
            handshakeStatus = tasks();
        }
        //perform another unwrap?
        cont = result.getStatus() == SSLEngineResult.Status.OK &&
               handshakeStatus == HandshakeStatus.NEED_UNWRAP;
    }while ( cont );
    return result;
}
 

private HandshakeStatus getOutboundData(ByteBuffer dstBB) {

        Object msg = outboundList.removeFirst();
        assert(msg instanceof ByteBuffer);

        ByteBuffer bbIn = (ByteBuffer) msg;
        assert(dstBB.remaining() >= bbIn.remaining());

        dstBB.put(bbIn);

        /*
         * If we have more data in the queue, it's either
         * a finished message, or an indication that we need
         * to call wrap again.
         */
        if (hasOutboundDataInternal()) {
            msg = outboundList.getFirst();
            if (msg == HandshakeStatus.FINISHED) {
                outboundList.removeFirst();     // consume the message
                return HandshakeStatus.FINISHED;
            } else {
                return HandshakeStatus.NEED_WRAP;
            }
        } else {
            return null;
        }
    }
 

/**
 * performs the unwrap operation by unwrapping from {@link #inCrypt} to {@link #inData}
 **/
private synchronized ByteBuffer unwrap() throws SSLException {
	int rem;
	do {
		rem = inData.remaining();
		readEngineResult = sslEngine.unwrap( inCrypt, inData );
	} while ( readEngineResult.getStatus() == SSLEngineResult.Status.OK && ( rem != inData.remaining() || sslEngine.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP ) );
	inData.flip();
	return inData;
}
 

/**
 * Do all the outstanding handshake tasks in the current Thread.
 */
private SSLEngineResult.HandshakeStatus doTasks() {
    /*
     * We could run this in a separate thread, but I don't see the need for
     * this when used from SSLFilter. Use thread filters in MINA instead?
     */
    Runnable runnable;
    while ((runnable = sslEngine.getDelegatedTask()) != null) {
        // TODO : we may have to use a thread pool here to improve the
        // performances
        runnable.run();
    }
    return sslEngine.getHandshakeStatus();
}
 

private void renegotiateIfNeeded(NextFilter nextFilter, SSLEngineResult res) throws Exception {
	if (res.getStatus() != Status.CLOSED && res.getStatus() != Status.BUFFER_UNDERFLOW
			&& res.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING) {
		// Renegotiation required.
		handshakeComplete = false;
		handshakeStatus = res.getHandshakeStatus();
		handshake(nextFilter);
	}
}
 

/**
 * Executes all the tasks needed on the same thread.
 * @return HandshakeStatus
 */
protected SSLEngineResult.HandshakeStatus tasks() {
    Runnable r = null;
    while ( (r = sslEngine.getDelegatedTask()) != null) {
        r.run();
    }
    return sslEngine.getHandshakeStatus();
}
 

private HandshakeStatus getOutboundData(ByteBuffer dstBB) {

        Object msg = outboundList.removeFirst();
        assert(msg instanceof ByteBuffer);

        ByteBuffer bbIn = (ByteBuffer) msg;
        assert(dstBB.remaining() >= bbIn.remaining());

        dstBB.put(bbIn);

        /*
         * If we have more data in the queue, it's either
         * a finished message, or an indication that we need
         * to call wrap again.
         */
        if (hasOutboundDataInternal()) {
            msg = outboundList.getFirst();
            if (msg == HandshakeStatus.FINISHED) {
                outboundList.removeFirst();     // consume the message
                return HandshakeStatus.FINISHED;
            } else {
                return HandshakeStatus.NEED_WRAP;
            }
        } else {
            return null;
        }
    }
 

/**
 * Begin the shutdown process.
 * <p>
 * Close out the SSLEngine if not already done so, then
 * wrap our outgoing close_notify message and try to send it on.
 * <p>
 * Return true when we're done passing the shutdown messsages.
 */
private boolean shutdown() throws IOException {

    if (!shutdown) {
        sslEngine.closeOutbound();
        shutdown = true;
    }

    if (outNetBB.hasRemaining() && tryFlush(outNetBB)) {
        return false;
    }

    /*
     * By RFC 2616, we can "fire and forget" our close_notify
     * message, so that's what we'll do here.
     */
    outNetBB.clear();
    SSLEngineResult result = sslEngine.wrap(hsBB, outNetBB);
    if (result.getStatus() != Status.CLOSED) {
        throw new SSLException("Improper close state");
    }
    outNetBB.flip();

    /*
     * We won't wait for a select here, but if this doesn't work,
     * we'll cycle back through on the next select.
     */
    if (outNetBB.hasRemaining()) {
        tryFlush(outNetBB);
    }

    return (!outNetBB.hasRemaining() &&
            (result.getHandshakeStatus() != HandshakeStatus.NEED_WRAP));
}
 

private static void dumpResult(String str, SSLEngineResult result) {
    System.err.println("The format of the SSLEngineResult is: \n" +
        "\t\"getStatus() / getHandshakeStatus()\" +\n" +
        "\t\"bytesConsumed() / bytesProduced()\"\n");
    HandshakeStatus hsStatus = result.getHandshakeStatus();
    System.err.println(str + result.getStatus() + "/" + hsStatus + ", " +
        result.bytesConsumed() + "/" + result.bytesProduced() + " bytes");
    if (hsStatus == HandshakeStatus.FINISHED) {
        System.err.println("\t...ready for application data");
    }
}
 

/**
 * This method is used for handling handshake routine as well as sending close_notify message to recipient
 */
private void doHandshake() throws SSLException {
	SSLEngineResult result = null;
	while (!isClosed()) {
		if (result != null && result.getStatus() == CLOSED) {
			close();
			return;
		}

		HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
		if (handshakeStatus == NEED_WRAP) {
			result = tryToWrap();
		} else if (handshakeStatus == NEED_UNWRAP) {
			result = tryToUnwrap();
			if (result.getStatus() == BUFFER_UNDERFLOW) {
				doRead();
				return;
			}
		} else if (handshakeStatus == NEED_TASK) {
			executeTasks();
			return;
		} else {
			doSync();
			return;
		}
	}
}