Java Code Examples for javax.net.ssl.SSLEngine#closeInbound()

The following examples show how to use javax.net.ssl.SSLEngine#closeInbound() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SSLEngineTest.java    From netty-4.1.22 with Apache License 2.0 6 votes vote down vote up
@Test
public void testBeginHandshakeAfterEngineClosed() throws SSLException {
    clientSslCtx = SslContextBuilder
            .forClient()
            .sslProvider(sslClientProvider())
            .build();
    SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);

    try {
        client.closeInbound();
        client.closeOutbound();
        try {
            client.beginHandshake();
            fail();
        } catch (SSLException expected) {
            // expected
        }
    } finally {
        cleanupClientSslEngine(client);
    }
}
 
Example 2
Source File: SslContextBuilderTest.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up
private static void testClientContextFromFile(SslProvider provider) throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    SslContextBuilder builder = SslContextBuilder.forClient()
                                                 .sslProvider(provider)
                                                 .keyManager(cert.certificate(),
                                                         cert.privateKey())
                                                 .trustManager(cert.certificate())
                                                 .clientAuth(ClientAuth.OPTIONAL);
    SslContext context = builder.build();
    SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    assertFalse(engine.getWantClientAuth());
    assertFalse(engine.getNeedClientAuth());
    engine.closeInbound();
    engine.closeOutbound();
}
 
Example 3
Source File: SslContextBuilderTest.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up
private static void testClientContext(SslProvider provider) throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    SslContextBuilder builder = SslContextBuilder.forClient()
                                                 .sslProvider(provider)
                                                 .keyManager(cert.key(), cert.cert())
                                                 .trustManager(cert.cert())
                                                 .clientAuth(ClientAuth.OPTIONAL);
    SslContext context = builder.build();
    SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    assertFalse(engine.getWantClientAuth());
    assertFalse(engine.getNeedClientAuth());
    engine.closeInbound();
    engine.closeOutbound();
}
 
Example 4
Source File: SslContextBuilderTest.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up
private static void testServerContextFromFile(SslProvider provider) throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    SslContextBuilder builder = SslContextBuilder.forServer(cert.certificate(), cert.privateKey())
                                                 .sslProvider(provider)
                                                 .trustManager(cert.certificate())
                                                 .clientAuth(ClientAuth.OPTIONAL);
    SslContext context = builder.build();
    SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    assertTrue(engine.getWantClientAuth());
    assertFalse(engine.getNeedClientAuth());
    engine.closeInbound();
    engine.closeOutbound();
}
 
Example 5
Source File: SslContextBuilderTest.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up
private static void testServerContext(SslProvider provider) throws Exception {
    SelfSignedCertificate cert = new SelfSignedCertificate();
    SslContextBuilder builder = SslContextBuilder.forServer(cert.key(), cert.cert())
                                                 .sslProvider(provider)
                                                 .trustManager(cert.cert())
                                                 .clientAuth(ClientAuth.REQUIRE);
    SslContext context = builder.build();
    SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    assertFalse(engine.getWantClientAuth());
    assertTrue(engine.getNeedClientAuth());
    engine.closeInbound();
    engine.closeOutbound();
}
 
Example 6
Source File: SSLEngineTest.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up
protected void testEnablingAnAlreadyDisabledSslProtocol(String[] protocols1, String[] protocols2) throws Exception {
    SSLEngine sslEngine = null;
    try {
        File serverKeyFile = new File(getClass().getResource("test_unencrypted.pem").getFile());
        File serverCrtFile = new File(getClass().getResource("test.crt").getFile());
        serverSslCtx = SslContextBuilder.forServer(serverCrtFile, serverKeyFile)
           .sslProvider(sslServerProvider())
           .sslContextProvider(serverSslContextProvider())
           .build();

        sslEngine = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);

        // Disable all protocols
        sslEngine.setEnabledProtocols(EmptyArrays.EMPTY_STRINGS);

        // The only protocol that should be enabled is SSLv2Hello
        String[] enabledProtocols = sslEngine.getEnabledProtocols();
        assertArrayEquals(protocols1, enabledProtocols);

        // Enable a protocol that is currently disabled
        sslEngine.setEnabledProtocols(new String[]{ PROTOCOL_TLS_V1_2 });

        // The protocol that was just enabled should be returned
        enabledProtocols = sslEngine.getEnabledProtocols();
        assertEquals(protocols2.length, enabledProtocols.length);
        assertArrayEquals(protocols2, enabledProtocols);
    } finally {
        if (sslEngine != null) {
            sslEngine.closeInbound();
            sslEngine.closeOutbound();
            cleanupServerSslEngine(sslEngine);
        }
    }
}
 
Example 7
Source File: SSLEngineTest.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up
private static void testCloseInboundAfterBeginHandshake(SSLEngine engine) throws SSLException {
    engine.beginHandshake();
    try {
        engine.closeInbound();
        fail();
    } catch (SSLException expected) {
        // expected
    }
}
 
Example 8
Source File: SslContextGMBuilderTest.java    From julongchain with Apache License 2.0 5 votes vote down vote up
@Test
public void testClientContext() throws Exception {
    SslContextGMBuilder builder = SslContextGMBuilder.forClient()
                                                 .keyManager(ENC_CERT, ENC_KEY, SIGN_CERT, SIGN_KEY, null)
                                                 .trustManager(TRUST_CERT)
                                                 .clientAuth(ClientAuth.OPTIONAL);
    SslContext context = builder.build();
    SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    assertFalse(engine.getWantClientAuth());
    assertFalse(engine.getNeedClientAuth());
    engine.closeInbound();
    engine.closeOutbound();
}
 
Example 9
Source File: SslContextGMBuilderTest.java    From julongchain with Apache License 2.0 5 votes vote down vote up
@Test
public void testServerContext() throws Exception {
    SslContextGMBuilder builder = SslContextGMBuilder.forServer(ENC_CERT, ENC_KEY, SIGN_CERT, SIGN_KEY, null)
                                                 .trustManager(TRUST_CERT)
                                                 .clientAuth(ClientAuth.REQUIRE);
    SslContext context = builder.build();
    SSLEngine engine = context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    assertFalse(engine.getWantClientAuth());
    assertTrue(engine.getNeedClientAuth());
    engine.closeInbound();
    engine.closeOutbound();
}
 
Example 10
Source File: TlsOrPlainConnectionFactory.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
@Override
protected void doStart() throws Exception
{
    super.doStart();

    final SSLEngine engine = _sslContextFactory.newSSLEngine();
    engine.setUseClientMode(false);
    final SSLSession session = engine.getSession();
    if (session.getPacketBufferSize() > this.getInputBufferSize())
    {
        this.setInputBufferSize(session.getPacketBufferSize());
    }
    engine.closeInbound();
    engine.closeOutbound();
}
 
Example 11
Source File: SSLEngineTestCase.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Close engines by sending "close outbound" message from one SSLEngine to
 * another.
 *
 * @param fromEngine - Sending engine.
 * @param toEngine   - Receiving engine.
 * @throws SSLException - thrown on engine errors.
 */
public static void closeEngines(SSLEngine fromEngine,
                                SSLEngine toEngine) throws SSLException {
    String from = null;
    String to = null;
    ByteBuffer app;
    if (fromEngine.getUseClientMode() && !toEngine.getUseClientMode()) {
        from = "Client";
        to = "Server";
    } else if (toEngine.getUseClientMode() &&
            !fromEngine.getUseClientMode()) {
        from = "Server";
        to = "Client";
    } else {
        throw new Error("Both engines are in the same mode");
    }
    System.out.println("=============================================");
    System.out.println(
            "Trying to close engines from " + from + " to " + to);
    // Sending close outbound request to peer
    fromEngine.closeOutbound();
    app = ByteBuffer.allocate(
            fromEngine.getSession().getApplicationBufferSize());
    net = doWrap(fromEngine, from, 0, app, SSLEngineResult.Status.CLOSED);
    doUnWrap(toEngine, to, net, SSLEngineResult.Status.CLOSED);
    app = ByteBuffer.allocate(
            fromEngine.getSession().getApplicationBufferSize());
    net = doWrap(toEngine, to, 0, app, SSLEngineResult.Status.CLOSED);
    doUnWrap(fromEngine, from, net, SSLEngineResult.Status.CLOSED);
    if (!toEngine.isInboundDone()) {
        throw new AssertionError(from + " sent close request to " + to
                + ", but " + to + "did not close inbound.");
    }
    // Executing close inbound
    fromEngine.closeInbound();
    app = ByteBuffer.allocate(
            fromEngine.getSession().getApplicationBufferSize());
    net = doWrap(fromEngine, from, 0, app, SSLEngineResult.Status.CLOSED);
    doUnWrap(toEngine, to, net, SSLEngineResult.Status.CLOSED);
    if (!toEngine.isOutboundDone()) {
        throw new AssertionError(from + "sent close request to " + to
                + ", but " + to + "did not close outbound.");
    }
    System.out.println("Successful closing from " + from + " to " + to);
}
 
Example 12
Source File: Link.java    From cloudstack with Apache License 2.0 4 votes vote down vote up
private static HandshakeHolder doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine,
                                         ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException {
    if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) {
        return new HandshakeHolder(peerAppData, peerNetData, false);
    }
    if (socketChannel.read(peerNetData) < 0) {
        if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
            return new HandshakeHolder(peerAppData, peerNetData, false);
        }
        try {
            sslEngine.closeInbound();
        } catch (SSLException e) {
            s_logger.warn("This SSL engine was forced to close inbound due to end of stream.", e);
        }
        sslEngine.closeOutbound();
        // After closeOutbound the engine will be set to WRAP state,
        // in order to try to send a close message to the client.
        return new HandshakeHolder(peerAppData, peerNetData, true);
    }
    peerNetData.flip();
    SSLEngineResult result = null;
    try {
        result = sslEngine.unwrap(peerNetData, peerAppData);
        peerNetData.compact();
    } catch (final SSLException sslException) {
        s_logger.error(String.format("SSL error caught during unwrap data: %s, for local address=%s, remote address=%s. The client may have invalid ca-certificates.",
                sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress()));
        sslEngine.closeOutbound();
        return new HandshakeHolder(peerAppData, peerNetData, false);
    }
    if (result == null) {
        return new HandshakeHolder(peerAppData, peerNetData, false);
    }
    switch (result.getStatus()) {
        case OK:
            break;
        case BUFFER_OVERFLOW:
            // Will occur when peerAppData's capacity is smaller than the data derived from peerNetData's unwrap.
            peerAppData = enlargeBuffer(peerAppData, appBufferSize);
            break;
        case BUFFER_UNDERFLOW:
            // Will occur either when no data was read from the peer or when the peerNetData buffer
            // was too small to hold all peer's data.
            peerNetData = handleBufferUnderflow(sslEngine, peerNetData);
            break;
        case CLOSED:
            if (sslEngine.isOutboundDone()) {
                return new HandshakeHolder(peerAppData, peerNetData, false);
            } else {
                sslEngine.closeOutbound();
            }
            break;
        default:
            throw new IllegalStateException("Invalid SSL status: " + result.getStatus());
    }
    return new HandshakeHolder(peerAppData, peerNetData, true);
}