Java Code Examples for javax.net.ssl.SSLSession#getPacketBufferSize()

The following examples show how to use javax.net.ssl.SSLSession#getPacketBufferSize() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TLSWrapper.java    From Openfire with Apache License 2.0 6 votes vote down vote up
public TLSWrapper(ConnectionConfiguration configuration, boolean clientMode ) {

        try
        {
            final EncryptionArtifactFactory factory = new EncryptionArtifactFactory( configuration );
            if ( clientMode )
            {
                tlsEngine = factory.createClientModeSSLEngine();
            }
            else
            {
                tlsEngine = factory .createServerModeSSLEngine();
            }

            final SSLSession sslSession = tlsEngine.getSession();

            netBuffSize = sslSession.getPacketBufferSize();
            appBuffSize = sslSession.getApplicationBufferSize();
        }
        catch ( NoSuchAlgorithmException | KeyManagementException | KeyStoreException | UnrecoverableKeyException ex )
        {
            Log.error("TLSHandler startup problem. SSLContext initialisation failed.", ex );
        }
    }
 
Example 2
Source File: SSLSocketChannel2.java    From Slyther with MIT License 6 votes vote down vote up
protected void createBuffers( SSLSession session ) {
	int netBufferMax = session.getPacketBufferSize();
	int appBufferMax = Math.max(session.getApplicationBufferSize(), netBufferMax);

	if( inData == null ) {
		inData = ByteBuffer.allocate( appBufferMax );
		outCrypt = ByteBuffer.allocate( netBufferMax );
		inCrypt = ByteBuffer.allocate( netBufferMax );
	} else {
		if( inData.capacity() != appBufferMax )
			inData = ByteBuffer.allocate( appBufferMax );
		if( outCrypt.capacity() != netBufferMax )
			outCrypt = ByteBuffer.allocate( netBufferMax );
		if( inCrypt.capacity() != netBufferMax )
			inCrypt = ByteBuffer.allocate( netBufferMax );
	}
	inData.rewind();
	inData.flip();
	inCrypt.rewind();
	inCrypt.flip();
	outCrypt.rewind();
	outCrypt.flip();
	bufferallocations++;
}
 
Example 3
Source File: SSLSocketChannel2.java    From RipplePower with Apache License 2.0 6 votes vote down vote up
protected void createBuffers( SSLSession session ) {
	int netBufferMax = session.getPacketBufferSize();
	int appBufferMax = Math.max(session.getApplicationBufferSize(), netBufferMax);

	if( inData == null ) {
		inData = ByteBuffer.allocate( appBufferMax );
		outCrypt = ByteBuffer.allocate( netBufferMax );
		inCrypt = ByteBuffer.allocate( netBufferMax );
	} else {
		if( inData.capacity() != appBufferMax )
			inData = ByteBuffer.allocate( appBufferMax );
		if( outCrypt.capacity() != netBufferMax )
			outCrypt = ByteBuffer.allocate( netBufferMax );
		if( inCrypt.capacity() != netBufferMax )
			inCrypt = ByteBuffer.allocate( netBufferMax );
	}
	inData.rewind();
	inData.flip();
	inCrypt.rewind();
	inCrypt.flip();
	outCrypt.rewind();
	outCrypt.flip();
	bufferallocations++;
}
 
Example 4
Source File: XmppTcpTransportModule.java    From Smack with Apache License 2.0 6 votes vote down vote up
private TlsState(SmackTlsContext smackTlsContext) throws IOException {
    this.smackTlsContext = smackTlsContext;

    // Call createSSLEngine()'s variant with two parameters as this allows for TLS session resumption.

    // Note that it is not really clear what the value of peer host should be. It could be A) the XMPP service's
    // domainpart or B) the DNS name of the host we are connecting to (usually the DNS SRV RR target name). While
    // the javadoc of createSSLEngine(String, int) indicates with "Some cipher suites (such as Kerberos) require
    // remote hostname information, in which case peerHost needs to be specified." that A should be used. TLS
    // session resumption may would need or at least benefit from B. Variant A would also be required if the
    // String is used for certificate verification. And it appears at least likely that TLS session resumption
    // would not be hurt by using variant A. Therefore we currently use variant A.
    // TODO: Should we use the ACE representation of the XMPP service domain? Compare with f60e4055ec529f0b8160acedf13275592ab10a4b
    // If yes, then we should probably introduce getXmppServiceDomainAceEncodedIfPossible().
    String peerHost = connectionInternal.connection.getConfiguration().getXMPPServiceDomain().toString();
    engine = smackTlsContext.sslContext.createSSLEngine(peerHost, remoteAddress.getPort());
    engine.setUseClientMode(true);

    SSLSession session = engine.getSession();
    int applicationBufferSize = session.getApplicationBufferSize();
    int packetBufferSize = session.getPacketBufferSize();

    myNetData = ByteBuffer.allocateDirect(packetBufferSize);
    peerAppData = ByteBuffer.allocate(applicationBufferSize);
}
 
Example 5
Source File: AcceptLargeFragments.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main (String[] args) throws Exception {
    SSLContext context = SSLContext.getDefault();

    // set the property before initialization SSLEngine.
    System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");

    SSLEngine cliEngine = context.createSSLEngine();
    cliEngine.setUseClientMode(true);

    SSLEngine srvEngine = context.createSSLEngine();
    srvEngine.setUseClientMode(false);

    SSLSession cliSession = cliEngine.getSession();
    SSLSession srvSession = srvEngine.getSession();

    // check packet buffer sizes.
    if (cliSession.getPacketBufferSize() < 33049 ||
        srvSession.getPacketBufferSize() < 33049) {
            throw new Exception("Don't accept large SSL/TLS fragments");
    }

    // check application data buffer sizes.
    if (cliSession.getApplicationBufferSize() < 32768 ||
        srvSession.getApplicationBufferSize() < 32768) {
            throw new Exception(
                    "Don't accept large SSL/TLS application data ");
    }
}
 
Example 6
Source File: AcceptLargeFragments.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main (String[] args) throws Exception {
    SSLContext context = SSLContext.getDefault();

    // set the property before initialization SSLEngine.
    System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");

    SSLEngine cliEngine = context.createSSLEngine();
    cliEngine.setUseClientMode(true);

    SSLEngine srvEngine = context.createSSLEngine();
    srvEngine.setUseClientMode(false);

    SSLSession cliSession = cliEngine.getSession();
    SSLSession srvSession = srvEngine.getSession();

    // check packet buffer sizes.
    if (cliSession.getPacketBufferSize() < 33049 ||
        srvSession.getPacketBufferSize() < 33049) {
            throw new Exception("Don't accept large SSL/TLS fragments");
    }

    // check application data buffer sizes.
    if (cliSession.getApplicationBufferSize() < 32768 ||
        srvSession.getApplicationBufferSize() < 32768) {
            throw new Exception(
                    "Don't accept large SSL/TLS application data ");
    }
}
 
Example 7
Source File: SSLSocketChannel2.java    From clevertap-android-sdk with MIT License 5 votes vote down vote up
protected void createBuffers( SSLSession session ) {
    int netBufferMax = session.getPacketBufferSize();
    int appBufferMax = Math.max(session.getApplicationBufferSize(), netBufferMax);

    if( inData == null ) {
        inData = ByteBuffer.allocate( appBufferMax );
        outCrypt = ByteBuffer.allocate( netBufferMax );
        inCrypt = ByteBuffer.allocate( netBufferMax );
    } else {
        if( inData.capacity() != appBufferMax )
            inData = ByteBuffer.allocate( appBufferMax );
        if( outCrypt.capacity() != netBufferMax )
            outCrypt = ByteBuffer.allocate( netBufferMax );
        if( inCrypt.capacity() != netBufferMax )
            inCrypt = ByteBuffer.allocate( netBufferMax );
    }
    if (inData.remaining() != 0) {
        // no-op
    }
    inData.rewind();
    inData.flip();
    if (inCrypt.remaining() != 0) {
        // no-op
    }
    inCrypt.rewind();
    inCrypt.flip();
    outCrypt.rewind();
    outCrypt.flip();
    bufferallocations++;
}
 
Example 8
Source File: AcceptLargeFragments.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
public static void main (String[] args) throws Exception {
    SSLContext context = SSLContext.getDefault();

    // set the property before initialization SSLEngine.
    System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");

    SSLEngine cliEngine = context.createSSLEngine();
    cliEngine.setUseClientMode(true);

    SSLEngine srvEngine = context.createSSLEngine();
    srvEngine.setUseClientMode(false);

    SSLSession cliSession = cliEngine.getSession();
    SSLSession srvSession = srvEngine.getSession();

    // check packet buffer sizes.
    if (cliSession.getPacketBufferSize() < 33049 ||
        srvSession.getPacketBufferSize() < 33049) {
            throw new Exception("Don't accept large SSL/TLS fragments");
    }

    // check application data buffer sizes.
    if (cliSession.getApplicationBufferSize() < 32768 ||
        srvSession.getApplicationBufferSize() < 32768) {
            throw new Exception(
                    "Don't accept large SSL/TLS application data ");
    }
}
 
Example 9
Source File: AcceptLargeFragments.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public static void main (String[] args) throws Exception {
    SSLContext context = SSLContext.getDefault();

    // set the property before initialization SSLEngine.
    System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");

    SSLEngine cliEngine = context.createSSLEngine();
    cliEngine.setUseClientMode(true);

    SSLEngine srvEngine = context.createSSLEngine();
    srvEngine.setUseClientMode(false);

    SSLSession cliSession = cliEngine.getSession();
    SSLSession srvSession = srvEngine.getSession();

    // check packet buffer sizes.
    if (cliSession.getPacketBufferSize() < 33049 ||
        srvSession.getPacketBufferSize() < 33049) {
            throw new Exception("Don't accept large SSL/TLS fragments");
    }

    // check application data buffer sizes.
    if (cliSession.getApplicationBufferSize() < 32768 ||
        srvSession.getApplicationBufferSize() < 32768) {
            throw new Exception(
                    "Don't accept large SSL/TLS application data ");
    }
}
 
Example 10
Source File: TlsOrPlainConnectionFactory.java    From qpid-broker-j with Apache License 2.0 5 votes vote down vote up
@Override
protected void doStart() throws Exception
{
    super.doStart();

    final SSLEngine engine = _sslContextFactory.newSSLEngine();
    engine.setUseClientMode(false);
    final SSLSession session = engine.getSession();
    if (session.getPacketBufferSize() > this.getInputBufferSize())
    {
        this.setInputBufferSize(session.getPacketBufferSize());
    }
    engine.closeInbound();
    engine.closeOutbound();
}
 
Example 11
Source File: AcceptLargeFragments.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main (String[] args) throws Exception {
    SSLContext context = SSLContext.getDefault();

    // set the property before initialization SSLEngine.
    System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");

    SSLEngine cliEngine = context.createSSLEngine();
    cliEngine.setUseClientMode(true);

    SSLEngine srvEngine = context.createSSLEngine();
    srvEngine.setUseClientMode(false);

    SSLSession cliSession = cliEngine.getSession();
    SSLSession srvSession = srvEngine.getSession();

    // check packet buffer sizes.
    if (cliSession.getPacketBufferSize() < 33049 ||
        srvSession.getPacketBufferSize() < 33049) {
            throw new Exception("Don't accept large SSL/TLS fragments");
    }

    // check application data buffer sizes.
    if (cliSession.getApplicationBufferSize() < 32768 ||
        srvSession.getApplicationBufferSize() < 32768) {
            throw new Exception(
                    "Don't accept large SSL/TLS application data ");
    }
}
 
Example 12
Source File: AcceptLargeFragments.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public static void main (String[] args) throws Exception {
    SSLContext context = SSLContext.getDefault();

    // set the property before initialization SSLEngine.
    System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");

    SSLEngine cliEngine = context.createSSLEngine();
    cliEngine.setUseClientMode(true);

    SSLEngine srvEngine = context.createSSLEngine();
    srvEngine.setUseClientMode(false);

    SSLSession cliSession = cliEngine.getSession();
    SSLSession srvSession = srvEngine.getSession();

    // check packet buffer sizes.
    if (cliSession.getPacketBufferSize() < 33049 ||
        srvSession.getPacketBufferSize() < 33049) {
            throw new Exception("Don't accept large SSL/TLS fragments");
    }

    // check application data buffer sizes.
    if (cliSession.getApplicationBufferSize() < 32768 ||
        srvSession.getApplicationBufferSize() < 32768) {
            throw new Exception(
                    "Don't accept large SSL/TLS application data ");
    }
}
 
Example 13
Source File: AcceptLargeFragments.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main (String[] args) throws Exception {
    SSLContext context = SSLContext.getDefault();

    // set the property before initialization SSLEngine.
    System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");

    SSLEngine cliEngine = context.createSSLEngine();
    cliEngine.setUseClientMode(true);

    SSLEngine srvEngine = context.createSSLEngine();
    srvEngine.setUseClientMode(false);

    SSLSession cliSession = cliEngine.getSession();
    SSLSession srvSession = srvEngine.getSession();

    // check packet buffer sizes.
    if (cliSession.getPacketBufferSize() < 33049 ||
        srvSession.getPacketBufferSize() < 33049) {
            throw new Exception("Don't accept large SSL/TLS fragments");
    }

    // check application data buffer sizes.
    if (cliSession.getApplicationBufferSize() < 32768 ||
        srvSession.getApplicationBufferSize() < 32768) {
            throw new Exception(
                    "Don't accept large SSL/TLS application data ");
    }
}
 
Example 14
Source File: AcceptLargeFragments.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public static void main (String[] args) throws Exception {
    SSLContext context = SSLContext.getDefault();

    // set the property before initialization SSLEngine.
    System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");

    SSLEngine cliEngine = context.createSSLEngine();
    cliEngine.setUseClientMode(true);

    SSLEngine srvEngine = context.createSSLEngine();
    srvEngine.setUseClientMode(false);

    SSLSession cliSession = cliEngine.getSession();
    SSLSession srvSession = srvEngine.getSession();

    // check packet buffer sizes.
    if (cliSession.getPacketBufferSize() < 33049 ||
        srvSession.getPacketBufferSize() < 33049) {
            throw new Exception("Don't accept large SSL/TLS fragments");
    }

    // check application data buffer sizes.
    if (cliSession.getApplicationBufferSize() < 32768 ||
        srvSession.getApplicationBufferSize() < 32768) {
            throw new Exception(
                    "Don't accept large SSL/TLS application data ");
    }
}
 
Example 15
Source File: AcceptLargeFragments.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public static void main (String[] args) throws Exception {
    SSLContext context = SSLContext.getDefault();

    // set the property before initialization SSLEngine.
    System.setProperty("jsse.SSLEngine.acceptLargeFragments", "true");

    SSLEngine cliEngine = context.createSSLEngine();
    cliEngine.setUseClientMode(true);

    SSLEngine srvEngine = context.createSSLEngine();
    srvEngine.setUseClientMode(false);

    SSLSession cliSession = cliEngine.getSession();
    SSLSession srvSession = srvEngine.getSession();

    // check packet buffer sizes.
    if (cliSession.getPacketBufferSize() < 33049 ||
        srvSession.getPacketBufferSize() < 33049) {
            throw new Exception("Don't accept large SSL/TLS fragments");
    }

    // check application data buffer sizes.
    if (cliSession.getApplicationBufferSize() < 32768 ||
        srvSession.getApplicationBufferSize() < 32768) {
            throw new Exception(
                    "Don't accept large SSL/TLS application data ");
    }
}
 
Example 16
Source File: TestTLS12.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void run() throws Exception {
    SSLEngine[][] enginesToTest = getSSLEnginesToTest();

    for (SSLEngine[] engineToTest : enginesToTest) {

        SSLEngine clientSSLEngine = engineToTest[0];
        SSLEngine serverSSLEngine = engineToTest[1];

        // SSLEngine code based on RedhandshakeFinished.java

        boolean dataDone = false;

        ByteBuffer clientOut = null;
        ByteBuffer clientIn = null;
        ByteBuffer serverOut = null;
        ByteBuffer serverIn = null;
        ByteBuffer cTOs;
        ByteBuffer sTOc;

        SSLSession session = clientSSLEngine.getSession();
        int appBufferMax = session.getApplicationBufferSize();
        int netBufferMax = session.getPacketBufferSize();

        clientIn = ByteBuffer.allocate(appBufferMax + 50);
        serverIn = ByteBuffer.allocate(appBufferMax + 50);

        cTOs = ByteBuffer.allocateDirect(netBufferMax);
        sTOc = ByteBuffer.allocateDirect(netBufferMax);

        clientOut = ByteBuffer.wrap(
                "Hi Server, I'm Client".getBytes());
        serverOut = ByteBuffer.wrap(
                "Hello Client, I'm Server".getBytes());

        SSLEngineResult clientResult;
        SSLEngineResult serverResult;

        while (!dataDone) {
            clientResult = clientSSLEngine.wrap(clientOut, cTOs);
            runDelegatedTasks(clientResult, clientSSLEngine);
            serverResult = serverSSLEngine.wrap(serverOut, sTOc);
            runDelegatedTasks(serverResult, serverSSLEngine);
            cTOs.flip();
            sTOc.flip();

            if (enableDebug) {
                System.out.println("Client -> Network");
                printTlsNetworkPacket("", cTOs);
                System.out.println("");
                System.out.println("Server -> Network");
                printTlsNetworkPacket("", sTOc);
                System.out.println("");
            }

            clientResult = clientSSLEngine.unwrap(sTOc, clientIn);
            runDelegatedTasks(clientResult, clientSSLEngine);
            serverResult = serverSSLEngine.unwrap(cTOs, serverIn);
            runDelegatedTasks(serverResult, serverSSLEngine);

            cTOs.compact();
            sTOc.compact();

            if (!dataDone &&
                    (clientOut.limit() == serverIn.position()) &&
                    (serverOut.limit() == clientIn.position())) {
                checkTransfer(serverOut, clientIn);
                checkTransfer(clientOut, serverIn);
                dataDone = true;
            }
        }
    }
}
 
Example 17
Source File: TestTLS12.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
public static void run() throws Exception {
    SSLEngine[][] enginesToTest = getSSLEnginesToTest();

    for (SSLEngine[] engineToTest : enginesToTest) {

        SSLEngine clientSSLEngine = engineToTest[0];
        SSLEngine serverSSLEngine = engineToTest[1];

        // SSLEngine code based on RedhandshakeFinished.java

        boolean dataDone = false;

        ByteBuffer clientOut = null;
        ByteBuffer clientIn = null;
        ByteBuffer serverOut = null;
        ByteBuffer serverIn = null;
        ByteBuffer cTOs;
        ByteBuffer sTOc;

        SSLSession session = clientSSLEngine.getSession();
        int appBufferMax = session.getApplicationBufferSize();
        int netBufferMax = session.getPacketBufferSize();

        clientIn = ByteBuffer.allocate(appBufferMax + 50);
        serverIn = ByteBuffer.allocate(appBufferMax + 50);

        cTOs = ByteBuffer.allocateDirect(netBufferMax);
        sTOc = ByteBuffer.allocateDirect(netBufferMax);

        clientOut = ByteBuffer.wrap(
                "Hi Server, I'm Client".getBytes());
        serverOut = ByteBuffer.wrap(
                "Hello Client, I'm Server".getBytes());

        SSLEngineResult clientResult;
        SSLEngineResult serverResult;

        while (!dataDone) {
            clientResult = clientSSLEngine.wrap(clientOut, cTOs);
            runDelegatedTasks(clientResult, clientSSLEngine);
            serverResult = serverSSLEngine.wrap(serverOut, sTOc);
            runDelegatedTasks(serverResult, serverSSLEngine);
            cTOs.flip();
            sTOc.flip();

            if (enableDebug) {
                System.out.println("Client -> Network");
                printTlsNetworkPacket("", cTOs);
                System.out.println("");
                System.out.println("Server -> Network");
                printTlsNetworkPacket("", sTOc);
                System.out.println("");
            }

            clientResult = clientSSLEngine.unwrap(sTOc, clientIn);
            runDelegatedTasks(clientResult, clientSSLEngine);
            serverResult = serverSSLEngine.unwrap(cTOs, serverIn);
            runDelegatedTasks(serverResult, serverSSLEngine);

            cTOs.compact();
            sTOc.compact();

            if (!dataDone &&
                    (clientOut.limit() == serverIn.position()) &&
                    (serverOut.limit() == clientIn.position())) {
                checkTransfer(serverOut, clientIn);
                checkTransfer(clientOut, serverIn);
                dataDone = true;
            }
        }
    }
}
 
Example 18
Source File: TestTLS12.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void run() throws Exception {
    SSLEngine[][] enginesToTest = getSSLEnginesToTest();

    for (SSLEngine[] engineToTest : enginesToTest) {

        SSLEngine clientSSLEngine = engineToTest[0];
        SSLEngine serverSSLEngine = engineToTest[1];

        // SSLEngine code based on RedhandshakeFinished.java

        boolean dataDone = false;

        ByteBuffer clientOut = null;
        ByteBuffer clientIn = null;
        ByteBuffer serverOut = null;
        ByteBuffer serverIn = null;
        ByteBuffer cTOs;
        ByteBuffer sTOc;

        SSLSession session = clientSSLEngine.getSession();
        int appBufferMax = session.getApplicationBufferSize();
        int netBufferMax = session.getPacketBufferSize();

        clientIn = ByteBuffer.allocate(appBufferMax + 50);
        serverIn = ByteBuffer.allocate(appBufferMax + 50);

        cTOs = ByteBuffer.allocateDirect(netBufferMax);
        sTOc = ByteBuffer.allocateDirect(netBufferMax);

        clientOut = ByteBuffer.wrap(
                "Hi Server, I'm Client".getBytes());
        serverOut = ByteBuffer.wrap(
                "Hello Client, I'm Server".getBytes());

        SSLEngineResult clientResult;
        SSLEngineResult serverResult;

        while (!dataDone) {
            clientResult = clientSSLEngine.wrap(clientOut, cTOs);
            runDelegatedTasks(clientResult, clientSSLEngine);
            serverResult = serverSSLEngine.wrap(serverOut, sTOc);
            runDelegatedTasks(serverResult, serverSSLEngine);
            cTOs.flip();
            sTOc.flip();

            if (enableDebug) {
                System.out.println("Client -> Network");
                printTlsNetworkPacket("", cTOs);
                System.out.println("");
                System.out.println("Server -> Network");
                printTlsNetworkPacket("", sTOc);
                System.out.println("");
            }

            clientResult = clientSSLEngine.unwrap(sTOc, clientIn);
            runDelegatedTasks(clientResult, clientSSLEngine);
            serverResult = serverSSLEngine.unwrap(cTOs, serverIn);
            runDelegatedTasks(serverResult, serverSSLEngine);

            cTOs.compact();
            sTOc.compact();

            if (!dataDone &&
                    (clientOut.limit() == serverIn.position()) &&
                    (serverOut.limit() == clientIn.position())) {
                checkTransfer(serverOut, clientIn);
                checkTransfer(clientOut, serverIn);
                dataDone = true;
            }
        }
    }
}
 
Example 19
Source File: TlsCryptoSocket.java    From vespa with Apache License 2.0 4 votes vote down vote up
private HandshakeState processHandshakeState(HandshakeState state) throws IOException {
    try {
        switch (state) {
            case NOT_STARTED:
                log.fine(() -> "Initiating handshake");
                sslEngine.beginHandshake();
                break;
            case NEED_WRITE:
                channelWrite();
                break;
            case NEED_READ:
                channelRead();
                break;
            case NEED_WORK:
                if (authorizationResult == null) {
                    PeerAuthorizerTrustManager.getAuthorizationResult(sslEngine) // only available during handshake
                            .ifPresent(result ->  {
                                if (!result.succeeded()) {
                                    metrics.incrementPeerAuthorizationFailures();
                                }
                                authorizationResult = result;
                            });
                }
                break;
            case COMPLETED:
                return HandshakeState.COMPLETED;
            default:
                throw unhandledStateException(state);
        }
        while (true) {
            log.fine(() -> "SSLEngine.getHandshakeStatus(): " + sslEngine.getHandshakeStatus());
            switch (sslEngine.getHandshakeStatus()) {
                case NOT_HANDSHAKING:
                    if (wrapBuffer.bytes() > 0) return HandshakeState.NEED_WRITE;
                    sslEngine.setEnableSessionCreation(false); // disable renegotiation
                    handshakeDummyBuffer = null;
                    SSLSession session = sslEngine.getSession();
                    sessionApplicationBufferSize = session.getApplicationBufferSize();
                    sessionPacketBufferSize = session.getPacketBufferSize();
                    log.fine(() -> String.format("Handshake complete: protocol=%s, cipherSuite=%s", session.getProtocol(), session.getCipherSuite()));
                    if (sslEngine.getUseClientMode()) {
                        metrics.incrementClientTlsConnectionsEstablished();
                    } else {
                        metrics.incrementServerTlsConnectionsEstablished();
                    }
                    return HandshakeState.COMPLETED;
                case NEED_TASK:
                    return HandshakeState.NEED_WORK;
                case NEED_UNWRAP:
                    if (wrapBuffer.bytes() > 0) return HandshakeState.NEED_WRITE;
                    if (!handshakeUnwrap()) return HandshakeState.NEED_READ;
                    break;
                case NEED_WRAP:
                    if (!handshakeWrap()) return HandshakeState.NEED_WRITE;
                    break;
                default:
                    throw new IllegalStateException("Unexpected handshake status: " + sslEngine.getHandshakeStatus());
            }
        }
    } catch (SSLHandshakeException e) {
        // sslEngine.getDelegatedTask().run() and handshakeWrap() may throw SSLHandshakeException, potentially handshakeUnwrap() and sslEngine.beginHandshake() as well.
        if (authorizationResult == null || authorizationResult.succeeded()) { // don't include handshake failures due from PeerAuthorizerTrustManager
            metrics.incrementTlsCertificateVerificationFailures();
        }
        throw e;
    }
}
 
Example 20
Source File: TestTLS12.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
public static void run() throws Exception {
    SSLEngine[][] enginesToTest = getSSLEnginesToTest();

    for (SSLEngine[] engineToTest : enginesToTest) {

        SSLEngine clientSSLEngine = engineToTest[0];
        SSLEngine serverSSLEngine = engineToTest[1];

        // SSLEngine code based on RedhandshakeFinished.java

        boolean dataDone = false;

        ByteBuffer clientOut = null;
        ByteBuffer clientIn = null;
        ByteBuffer serverOut = null;
        ByteBuffer serverIn = null;
        ByteBuffer cTOs;
        ByteBuffer sTOc;

        SSLSession session = clientSSLEngine.getSession();
        int appBufferMax = session.getApplicationBufferSize();
        int netBufferMax = session.getPacketBufferSize();

        clientIn = ByteBuffer.allocate(appBufferMax + 50);
        serverIn = ByteBuffer.allocate(appBufferMax + 50);

        cTOs = ByteBuffer.allocateDirect(netBufferMax);
        sTOc = ByteBuffer.allocateDirect(netBufferMax);

        clientOut = ByteBuffer.wrap(
                "Hi Server, I'm Client".getBytes());
        serverOut = ByteBuffer.wrap(
                "Hello Client, I'm Server".getBytes());

        SSLEngineResult clientResult;
        SSLEngineResult serverResult;

        while (!dataDone) {
            clientResult = clientSSLEngine.wrap(clientOut, cTOs);
            runDelegatedTasks(clientResult, clientSSLEngine);
            serverResult = serverSSLEngine.wrap(serverOut, sTOc);
            runDelegatedTasks(serverResult, serverSSLEngine);
            cTOs.flip();
            sTOc.flip();

            if (enableDebug) {
                System.out.println("Client -> Network");
                printTlsNetworkPacket("", cTOs);
                System.out.println("");
                System.out.println("Server -> Network");
                printTlsNetworkPacket("", sTOc);
                System.out.println("");
            }

            clientResult = clientSSLEngine.unwrap(sTOc, clientIn);
            runDelegatedTasks(clientResult, clientSSLEngine);
            serverResult = serverSSLEngine.unwrap(cTOs, serverIn);
            runDelegatedTasks(serverResult, serverSSLEngine);

            cTOs.compact();
            sTOc.compact();

            if (!dataDone &&
                    (clientOut.limit() == serverIn.position()) &&
                    (serverOut.limit() == clientIn.position())) {
                checkTransfer(serverOut, clientIn);
                checkTransfer(clientOut, serverIn);
                dataDone = true;
            }
        }
    }
}