Java Code Examples for org.apache.tomcat.jni.SSL#getHandshakeCount()
The following examples show how to use
org.apache.tomcat.jni.SSL#getHandshakeCount() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OpenSSLEngine.java From Tomcat8-Source-Read with MIT License | 6 votes |
private void handshake() throws SSLException { currentHandshake = SSL.getHandshakeCount(ssl); clearLastError(); int code = SSL.doHandshake(ssl); if (code <= 0) { checkLastError(); } else { if (alpn) { selectedProtocol = SSL.getAlpnSelected(ssl); if (selectedProtocol == null) { selectedProtocol = SSL.getNextProtoNegotiated(ssl); } } session.lastAccessedTime = System.currentTimeMillis(); // if SSL_do_handshake returns > 0 it means the handshake was finished. This means we can update // handshakeFinished directly and so eliminate unnecessary calls to SSL.isInInit(...) handshakeFinished = true; } }
Example 2
Source File: OpenSSLEngine.java From Tomcat8-Source-Read with MIT License | 6 votes |
private synchronized void renegotiate() throws SSLException { clearLastError(); int code; if (SSL.getVersion(ssl).equals(Constants.SSL_PROTO_TLSv1_3)) { code = SSL.verifyClientPostHandshake(ssl); } else { code = SSL.renegotiate(ssl); } if (code <= 0) { checkLastError(); } handshakeFinished = false; peerCerts = null; x509PeerCerts = null; currentHandshake = SSL.getHandshakeCount(ssl); int code2 = SSL.doHandshake(ssl); if (code2 <= 0) { checkLastError(); } }
Example 3
Source File: OpenSSLEngine.java From Tomcat8-Source-Read with MIT License | 4 votes |
@Override public synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() { if (accepted == Accepted.NOT || destroyed) { return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING; } // Check if we are in the initial handshake phase if (!handshakeFinished) { // There is pending data in the network BIO -- call wrap if (sendHandshakeError || SSL.pendingWrittenBytesInBIO(networkBIO) != 0) { if (sendHandshakeError) { // After a last wrap, consider it is going to be done sendHandshakeError = false; currentHandshake++; } return SSLEngineResult.HandshakeStatus.NEED_WRAP; } /* * Tomcat Native stores a count of the completed handshakes in the * SSL instance and increments it every time a handshake is * completed. Comparing the handshake count when the handshake * started to the current handshake count enables this code to * detect when the handshake has completed. * * Obtaining client certificates after the connection has been * established requires additional checks. We need to trigger * additional reads until the certificates have been read but we * don't know how many reads we will need as it depends on both * client and network behaviour. * * The additional reads are triggered by returning NEED_UNWRAP * rather than FINISHED. This allows the standard I/O code to be * used. * * For TLSv1.2 and below, the handshake completes before the * renegotiation. We therefore use SSL.renegotiatePending() to * check on the current status of the renegotiation and return * NEED_UNWRAP until it completes which means the client * certificates will have been read from the client. * * For TLSv1.3, Tomcat Native sets a flag when post handshake * authentication is started and updates it once the client * certificate has been received. We therefore use * SSL.getPostHandshakeAuthInProgress() to check the current status * and return NEED_UNWRAP until that methods indicates that PHA is * no longer in progress. */ // No pending data to be sent to the peer // Check to see if we have finished handshaking int handshakeCount = SSL.getHandshakeCount(ssl); if (handshakeCount != currentHandshake && SSL.renegotiatePending(ssl) == 0 && (SSL.getPostHandshakeAuthInProgress(ssl) == 0)) { if (alpn) { selectedProtocol = SSL.getAlpnSelected(ssl); if (selectedProtocol == null) { selectedProtocol = SSL.getNextProtoNegotiated(ssl); } } session.lastAccessedTime = System.currentTimeMillis(); version = SSL.getVersion(ssl); handshakeFinished = true; return SSLEngineResult.HandshakeStatus.FINISHED; } // No pending data // Still handshaking / renegotiation / post-handshake auth pending // Must be waiting on the peer to send more data return SSLEngineResult.HandshakeStatus.NEED_UNWRAP; } // Check if we are in the shutdown phase if (engineClosed) { // Waiting to send the close_notify message if (SSL.pendingWrittenBytesInBIO(networkBIO) != 0) { return SSLEngineResult.HandshakeStatus.NEED_WRAP; } // Must be waiting to receive the close_notify message return SSLEngineResult.HandshakeStatus.NEED_UNWRAP; } return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING; }