Java Code Examples for org.apache.tomcat.jni.SSL#getHandshakeCount()

The following examples show how to use org.apache.tomcat.jni.SSL#getHandshakeCount() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OpenSSLEngine.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
private void handshake() throws SSLException {
    currentHandshake = SSL.getHandshakeCount(ssl);
    clearLastError();
    int code = SSL.doHandshake(ssl);
    if (code <= 0) {
        checkLastError();
    } else {
        if (alpn) {
            selectedProtocol = SSL.getAlpnSelected(ssl);
            if (selectedProtocol == null) {
                selectedProtocol = SSL.getNextProtoNegotiated(ssl);
            }
        }
        session.lastAccessedTime = System.currentTimeMillis();
        // if SSL_do_handshake returns > 0 it means the handshake was finished. This means we can update
        // handshakeFinished directly and so eliminate unnecessary calls to SSL.isInInit(...)
        handshakeFinished = true;
    }
}
 
Example 2
Source File: OpenSSLEngine.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
private synchronized void renegotiate() throws SSLException {
    clearLastError();
    int code;
    if (SSL.getVersion(ssl).equals(Constants.SSL_PROTO_TLSv1_3)) {
        code = SSL.verifyClientPostHandshake(ssl);
    } else {
        code = SSL.renegotiate(ssl);
    }
    if (code <= 0) {
        checkLastError();
    }
    handshakeFinished = false;
    peerCerts = null;
    x509PeerCerts = null;
    currentHandshake = SSL.getHandshakeCount(ssl);
    int code2 = SSL.doHandshake(ssl);
    if (code2 <= 0) {
        checkLastError();
    }
}
 
Example 3
Source File: OpenSSLEngine.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up
@Override
public synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() {
    if (accepted == Accepted.NOT || destroyed) {
        return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
    }

    // Check if we are in the initial handshake phase
    if (!handshakeFinished) {

        // There is pending data in the network BIO -- call wrap
        if (sendHandshakeError || SSL.pendingWrittenBytesInBIO(networkBIO) != 0) {
            if (sendHandshakeError) {
                // After a last wrap, consider it is going to be done
                sendHandshakeError = false;
                currentHandshake++;
            }
            return SSLEngineResult.HandshakeStatus.NEED_WRAP;
        }

        /*
         * Tomcat Native stores a count of the completed handshakes in the
         * SSL instance and increments it every time a handshake is
         * completed. Comparing the handshake count when the handshake
         * started to the current handshake count enables this code to
         * detect when the handshake has completed.
         *
         * Obtaining client certificates after the connection has been
         * established requires additional checks. We need to trigger
         * additional reads until the certificates have been read but we
         * don't know how many reads we will need as it depends on both
         * client and network behaviour.
         *
         * The additional reads are triggered by returning NEED_UNWRAP
         * rather than FINISHED. This allows the standard I/O code to be
         * used.
         *
         * For TLSv1.2 and below, the handshake completes before the
         * renegotiation. We therefore use SSL.renegotiatePending() to
         * check on the current status of the renegotiation and return
         * NEED_UNWRAP until it completes which means the client
         * certificates will have been read from the client.
         *
         * For TLSv1.3, Tomcat Native sets a flag when post handshake
         * authentication is started and updates it once the client
         * certificate has been received. We therefore use
         * SSL.getPostHandshakeAuthInProgress() to check the current status
         * and return NEED_UNWRAP until that methods indicates that PHA is
         * no longer in progress.
         */

        // No pending data to be sent to the peer
        // Check to see if we have finished handshaking
        int handshakeCount = SSL.getHandshakeCount(ssl);
        if (handshakeCount != currentHandshake && SSL.renegotiatePending(ssl) == 0 &&
                (SSL.getPostHandshakeAuthInProgress(ssl) == 0)) {
            if (alpn) {
                selectedProtocol = SSL.getAlpnSelected(ssl);
                if (selectedProtocol == null) {
                    selectedProtocol = SSL.getNextProtoNegotiated(ssl);
                }
            }
            session.lastAccessedTime = System.currentTimeMillis();
            version = SSL.getVersion(ssl);
            handshakeFinished = true;
            return SSLEngineResult.HandshakeStatus.FINISHED;
        }

        // No pending data
        // Still handshaking / renegotiation / post-handshake auth pending
        // Must be waiting on the peer to send more data
        return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
    }

    // Check if we are in the shutdown phase
    if (engineClosed) {
        // Waiting to send the close_notify message
        if (SSL.pendingWrittenBytesInBIO(networkBIO) != 0) {
            return SSLEngineResult.HandshakeStatus.NEED_WRAP;
        }

        // Must be waiting to receive the close_notify message
        return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
    }

    return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
}