Java Code Examples for javax.net.ssl.SSLEngineResult#Status

The following examples show how to use javax.net.ssl.SSLEngineResult#Status . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SSLEngineResultTest.java    From j2objc with Apache License 2.0 6 votes vote down vote up
/**
 * Test for <code>bytesConsumed()</code> method
 */
public void test_bytesConsumed() {
    int[] pos = { 0, 1, 1000, Integer.MAX_VALUE, (Integer.MAX_VALUE - 1) };
    SSLEngineResult.Status [] enS =
        SSLEngineResult.Status.values();
    SSLEngineResult.HandshakeStatus [] enHS =
        SSLEngineResult.HandshakeStatus.values();
    for (int i = 0; i < enS.length; i++) {
        for (int j = 0; j < enHS.length; j++) {
            for (int n = 0; n < pos.length; n++) {
                for (int l = 0; l < pos.length; l++) {
                    SSLEngineResult res = new SSLEngineResult(enS[i],
                            enHS[j], pos[n], pos[l]);
                    assertEquals("Incorrect bytesConsumed", pos[n],
                            res.bytesConsumed());
                }
            }
        }
    }
}
 
Example 2
Source File: SslHandler.java    From neoscada with Eclipse Public License 1.0 6 votes vote down vote up
/**
 * @param res
 * @throws SSLException
 */
private void checkStatus(SSLEngineResult res) throws SSLException {

    SSLEngineResult.Status status = res.getStatus();

    /*
     * The status may be:
     * OK - Normal operation
     * OVERFLOW - Should never happen since the application buffer is sized to hold the maximum
     * packet size.
     * UNDERFLOW - Need to read more data from the socket. It's normal.
     * CLOSED - The other peer closed the socket. Also normal.
     */
    if (status == SSLEngineResult.Status.BUFFER_OVERFLOW) {
        throw new SSLException("SSLEngine error during decrypt: " + status + " inNetBuffer: " + inNetBuffer
                + "appBuffer: " + appBuffer);
    }
}
 
Example 3
Source File: SSLEngineResultTest.java    From j2objc with Apache License 2.0 6 votes vote down vote up
/**
 * Test for <code>getStatus()</code> method
 */
public void test_getStatus() {
    int[] pos = { 0, 1, 1000, Integer.MAX_VALUE, (Integer.MAX_VALUE - 1) };
    SSLEngineResult.Status [] enS =
        SSLEngineResult.Status.values();
    SSLEngineResult.HandshakeStatus [] enHS =
        SSLEngineResult.HandshakeStatus.values();
    for (int i = 0; i < enS.length; i++) {
        for (int j = 0; j < enHS.length; j++) {
            for (int n = 0; n < pos.length; n++) {
                for (int l = 0; l < pos.length; ++l) {
                    SSLEngineResult res = new SSLEngineResult(enS[i],
                            enHS[j], pos[n], pos[l]);
                    assertEquals("Incorrect Status", enS[i],
                            res.getStatus());
                }
            }
        }
    }
}
 
Example 4
Source File: SSLEngineResultTest.java    From j2objc with Apache License 2.0 6 votes vote down vote up
/**
 * Test for <code>bytesProduced()</code> method
 */
public void test_bytesProduced() {
    int[] pos = { 0, 1, 1000, Integer.MAX_VALUE, (Integer.MAX_VALUE - 1) };
    SSLEngineResult.Status [] enS =
        SSLEngineResult.Status.values();
    SSLEngineResult.HandshakeStatus [] enHS =
        SSLEngineResult.HandshakeStatus.values();
    for (int i = 0; i < enS.length; i++) {
        for (int j = 0; j < enHS.length; j++) {
            for (int n = 0; n < pos.length; n++) {
                for (int l = 0; l < pos.length; ++l) {
                    SSLEngineResult res = new SSLEngineResult(enS[i],
                            enHS[j], pos[n], pos[l]);
                    assertEquals("Incorrect bytesProduced", pos[l],
                            res.bytesProduced());
                }
            }
        }
    }
}
 
Example 5
Source File: SSLCodec.java    From NetBare with MIT License 6 votes vote down vote up
private SSLEngineResult handshakeWrap(SSLEngine engine, CodecCallback callback)
        throws IOException {
    SSLEngineResult result;
    SSLEngineResult.Status status;
    ByteBuffer output = allocate();
    while (true) {
        result = engineWrap(engine, allocate(0), output);
        status = result.getStatus();
        output.flip();
        if (output.hasRemaining()) {
            callback.onEncrypt(output);
        }
        if (status == SSLEngineResult.Status.BUFFER_OVERFLOW) {
            output = allocate(engine.getSession().getApplicationBufferSize());
        } else {
            if (status == SSLEngineResult.Status.CLOSED) {
                mEngineClosed = true;
            }
            break;
        }
    }
    return result;
}
 
Example 6
Source File: SSLCodec.java    From NetBare with MIT License 5 votes vote down vote up
private SSLEngineResult handshakeUnwrap(SSLEngine engine, ByteBuffer input,
                                        CodecCallback callback) throws IOException {
    SSLEngineResult result;
    SSLEngineResult.Status status;
    ByteBuffer output = allocate();
    while (true) {
        result = engineUnwrap(engine, input, output);
        status = result.getStatus();
        output.flip();
        int producedSize = output.remaining();
        if (producedSize > 0) {
            callback.onDecrypt(output);
        }
        if (status == SSLEngineResult.Status.BUFFER_OVERFLOW) {
            int bufferSize = engine.getSession().getApplicationBufferSize() - producedSize;
            if (bufferSize < 0) {
                bufferSize = engine.getSession().getApplicationBufferSize();
            }
            output = allocate(bufferSize);
        } else if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
            // Store the remaining packet and wait next encrypted buffer.
            if (input.hasRemaining()) {
                callback.onPending(ByteBuffer.wrap(input.array(), input.position(),
                        input.remaining()));
                // Clear all data.
                input.position(0);
                input.limit(0);
            }
            break;
        } else if (status == SSLEngineResult.Status.CLOSED) {
            mEngineClosed = true;
            break;
        } else {
            // It is status OK.
            break;
        }
    }
    return result;
}
 
Example 7
Source File: DiameterFirewall.java    From SigFW with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * DTLS encrypt byte buffer
 */
boolean diameterDTLSEncryptBuffer(SSLEngine engine, ByteBuffer source, ByteBuffer appNet) throws Exception {

    //printHex("Received application data for Encrypt", source);
    
    List<DatagramPacket> packets = new ArrayList<>();
    SSLEngineResult r = engine.wrap(source, appNet);
    appNet.flip();

    SSLEngineResult.Status rs = r.getStatus();
    if (rs == SSLEngineResult.Status.BUFFER_OVERFLOW) {
        // the client maximum fragment size config does not work?
        logger.warn("Buffer overflow: " + "incorrect server maximum fragment size");
        return false;
    } else if (rs == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
        // unlikely
        logger.warn("Buffer underflow during wraping");
        return false;
    } else if (rs == SSLEngineResult.Status.CLOSED) {
        logger.warn("SSLEngine has closed");
        return false;
    } else if (rs == SSLEngineResult.Status.OK) {
        // OK
    } else {
        logger.warn("Can't reach here, result is " + rs);
        return false;
    }

    // SSLEngineResult.Status.OK:
    // printHex("Produced application data by Encrypt", appNet);
    return true;
}
 
Example 8
Source File: GridNioSslHandler.java    From ignite with Apache License 2.0 5 votes vote down vote up
/**
 * @param res SSL engine result.
 * @throws SSLException If status is not acceptable.
 */
private void checkStatus(SSLEngineResult res)
    throws SSLException {

    SSLEngineResult.Status status = res.getStatus();

    if (status != Status.OK && status != CLOSED && status != BUFFER_UNDERFLOW)
        throw new SSLException("Failed to unwrap incoming data (SSL engine error) [ses" + ses + ", status=" +
            status + ']');
}
 
Example 9
Source File: SSLEngineTestCase.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks that status of result {@code r} is {@code wantedStatus}.
 *
 * @param r            - Result.
 * @param wantedStatus - Wanted status of the result.
 * @throws AssertionError - if status or {@code r} is not
 *                        {@code wantedStatus}.
 */
public static void checkResult(SSLEngineResult r,
                               SSLEngineResult.Status wantedStatus) {
    SSLEngineResult.Status rs = r.getStatus();
    if (!rs.equals(wantedStatus)) {
        throw new AssertionError("Unexpected status " + rs.name()
                + ", should be " + wantedStatus.name());
    }
}
 
Example 10
Source File: SSLCodec.java    From NetBare with MIT License 4 votes vote down vote up
private void unwrap(SSLEngine engine, ByteBuffer input, CodecCallback callback)
        throws IOException {
    ByteBuffer output = null;
    while (true) {
        if (output == null) {
            output = allocate();
        }
        SSLEngineResult result = engineUnwrap(engine, input, output);
        SSLEngineResult.Status status = result.getStatus();
        output.flip();
        int producedSize = output.remaining();
        if (producedSize > 0) {
            callback.onDecrypt(output);
            output = null;
        }
        if (status == SSLEngineResult.Status.BUFFER_OVERFLOW) {
            int bufferSize = engine.getSession().getApplicationBufferSize() - producedSize;
            if (bufferSize < 0) {
                bufferSize = engine.getSession().getApplicationBufferSize();
            }
            output = allocate(bufferSize);
        } else if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
            // Store the remaining packet and wait next encrypted buffer.
            if (input.hasRemaining()) {
                callback.onPending(ByteBuffer.wrap(input.array(), input.position(),
                        input.remaining()));
                // Clear all data.
                input.position(0);
                input.limit(0);
            }
            break;
        } else if (status == SSLEngineResult.Status.CLOSED) {
            mEngineClosed = true;
            break;
        } else {
            if (!input.hasRemaining()) {
                break;
            }
        }
    }
}
 
Example 11
Source File: DiameterFirewall.java    From SigFW with GNU Affero General Public License v3.0 4 votes vote down vote up
/**
 * DTLS produce handshake packets
 */
boolean dtls_produceHandshakePackets(SSLEngine engine, /*SocketAddress socketAddr,*/ String peer_realm,
        String side, List<DatagramOverDiameterPacket> packets) throws Exception {

    long _t = System.currentTimeMillis();
    long _end = _t + DTLS_MAX_HANDSHAKE_DURATION*1000;

    boolean endLoops = false;
    int loops = DTLS_MAX_HANDSHAKE_LOOPS / 2;
    while (!endLoops && System.currentTimeMillis() < _end/*&&
            (dtls_serverException == null) && (dtls_clientException == null)*/) {

        if (--loops < 0) {
            throw new RuntimeException(
                    "Too much loops to produce handshake packets");
        }

        ByteBuffer oNet = ByteBuffer.allocate(DTLS_BUFFER_SIZE);
        ByteBuffer oApp = ByteBuffer.allocate(0);
        SSLEngineResult r = engine.wrap(oApp, oNet);
        oNet.flip();

        SSLEngineResult.Status rs = r.getStatus();
        SSLEngineResult.HandshakeStatus hs = r.getHandshakeStatus();
        logger.debug("DTLS " + side + ": " + "----produce handshake packet(" +
                loops + ", " + rs + ", " + hs + ")----");
        if (rs == SSLEngineResult.Status.BUFFER_OVERFLOW) {
            // the client maximum fragment size config does not work?
            throw new Exception("Buffer overflow: " +
                        "incorrect server maximum fragment size");
        } else if (rs == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
            logger.debug("DTLS " + side + ": " +
                    "Produce handshake packets: BUFFER_UNDERFLOW occured");
            logger.debug("DTLS " + side + ": " +
                    "Produce handshake packets: Handshake status: " + hs);
            // bad packet, or the client maximum fragment size
            // config does not work?
            if (hs != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                throw new Exception("Buffer underflow: " +
                        "incorrect server maximum fragment size");
            } // otherwise, ignore this packet
        } else if (rs == SSLEngineResult.Status.CLOSED) {
            throw new Exception("SSLEngine has closed");
        } else if (rs == SSLEngineResult.Status.OK) {
            // OK
        } else {
            throw new Exception("Can't reach here, result is " + rs);
        }

        // SSLEngineResult.Status.OK:
        if (oNet.hasRemaining()) {
            byte[] ba = new byte[oNet.remaining()];
            oNet.get(ba);
            DatagramOverDiameterPacket packet = createHandshakePacket(ba, peer_realm);
            packets.add(packet);
        }

        if (hs == SSLEngineResult.HandshakeStatus.FINISHED) {
            logger.debug("DTLS " + side + ": " + "Produce handshake packets: "
                        + "Handshake status is FINISHED, finish the loop");
            return true;
        }

        boolean endInnerLoop = false;
        SSLEngineResult.HandshakeStatus nhs = hs;
        while (!endInnerLoop) {
            if (nhs == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                dtls_runDelegatedTasks(engine);
            } else if (nhs == SSLEngineResult.HandshakeStatus.NEED_UNWRAP ||
                nhs == SSLEngineResult.HandshakeStatus.NEED_UNWRAP_AGAIN ||
                nhs == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {

                endInnerLoop = true;
                endLoops = true;
            } else if (nhs == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                endInnerLoop = true;
            } else if (nhs == SSLEngineResult.HandshakeStatus.FINISHED) {
                throw new Exception(
                        "Unexpected status, SSLEngine.getHandshakeStatus() "
                                + "shouldn't return FINISHED");
            } else {
                throw new Exception("Can't reach here, handshake status is "
                        + nhs);
            }
            nhs = engine.getHandshakeStatus();
        }
    }

    return false;
}
 
Example 12
Source File: ReferenceCountedOpenSslEngine.java    From netty-4.1.22 with Apache License 2.0 4 votes vote down vote up
private SSLEngineResult newResultMayFinishHandshake(SSLEngineResult.Status status,
                                                    SSLEngineResult.HandshakeStatus hs,
                                                    int bytesConsumed, int bytesProduced) throws SSLException {
    return newResult(status, mayFinishHandshake(hs != FINISHED ? getHandshakeStatus() : FINISHED),
                     bytesConsumed, bytesProduced);
}
 
Example 13
Source File: OpenSSLEngine.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up
private SSLEngineResult.Status getEngineStatus() {
    return engineClosed ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK;
}
 
Example 14
Source File: SslHandler.java    From neoscada with Eclipse Public License 1.0 4 votes vote down vote up
/**
 * Perform any handshaking processing.
 */
/* no qualifier */void handshake(NextFilter nextFilter) throws SSLException {
    for (;;) {
        switch (handshakeStatus) {
        case FINISHED:
        case NOT_HANDSHAKING:
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("{} processing the FINISHED state", sslFilter.getSessionInfo(session));
            }

            session.setAttribute(SslFilter.SSL_SESSION, sslEngine.getSession());
            handshakeComplete = true;

            // Send the SECURE message only if it's the first SSL handshake
            if (firstSSLNegociation && session.containsAttribute(SslFilter.USE_NOTIFICATION)) {
                // SESSION_SECURED is fired only when it's the first handshake
                firstSSLNegociation = false;
                scheduleMessageReceived(nextFilter, SslFilter.SESSION_SECURED);
            }

            if (LOGGER.isDebugEnabled()) {
                if (!isOutboundDone()) {
                    LOGGER.debug("{} is now secured", sslFilter.getSessionInfo(session));
                } else {
                    LOGGER.debug("{} is not secured yet", sslFilter.getSessionInfo(session));
                }
            }

            return;

        case NEED_TASK:
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("{} processing the NEED_TASK state", sslFilter.getSessionInfo(session));
            }

            handshakeStatus = doTasks();
            break;

        case NEED_UNWRAP:
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("{} processing the NEED_UNWRAP state", sslFilter.getSessionInfo(session));
            }
            // we need more data read
            SSLEngineResult.Status status = unwrapHandshake(nextFilter);

            if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW
                    && handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED || isInboundDone()) {
                // We need more data or the session is closed
                return;
            }

            break;

        case NEED_WRAP:
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("{} processing the NEED_WRAP state", sslFilter.getSessionInfo(session));
            }

            // First make sure that the out buffer is completely empty.
            // Since we
            // cannot call wrap with data left on the buffer
            if (outNetBuffer != null && outNetBuffer.hasRemaining()) {
                return;
            }

            SSLEngineResult result;
            createOutNetBuffer(0);

            for (;;) {
                result = sslEngine.wrap(emptyBuffer.buf(), outNetBuffer.buf());
                if (result.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                    outNetBuffer.capacity(outNetBuffer.capacity() << 1);
                    outNetBuffer.limit(outNetBuffer.capacity());
                } else {
                    break;
                }
            }

            outNetBuffer.flip();
            handshakeStatus = result.getHandshakeStatus();
            writeNetBuffer(nextFilter);
            break;

        default:
            String msg = "Invalid Handshaking State" + handshakeStatus
                    + " while processing the Handshake for session " + session.getId();
            LOGGER.error(msg);
            throw new IllegalStateException(msg);
        }
    }
}
 
Example 15
Source File: SslHandler.java    From neoscada with Eclipse Public License 1.0 4 votes vote down vote up
private SSLEngineResult.Status unwrapHandshake(NextFilter nextFilter) throws SSLException {
    // Prepare the net data for reading.
    if (inNetBuffer != null) {
        inNetBuffer.flip();
    }

    if (inNetBuffer == null || !inNetBuffer.hasRemaining()) {
        // Need more data.
        return SSLEngineResult.Status.BUFFER_UNDERFLOW;
    }

    SSLEngineResult res = unwrap();
    handshakeStatus = res.getHandshakeStatus();

    checkStatus(res);

    // If handshake finished, no data was produced, and the status is still
    // ok, try to unwrap more
    if (handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED && res.getStatus() == SSLEngineResult.Status.OK
            && inNetBuffer.hasRemaining()) {
        res = unwrap();

        // prepare to be written again
        if (inNetBuffer.hasRemaining()) {
            inNetBuffer.compact();
        } else {
            inNetBuffer = null;
        }

        renegotiateIfNeeded(nextFilter, res);
    } else {
        // prepare to be written again
        if (inNetBuffer.hasRemaining()) {
            inNetBuffer.compact();
        } else {
            inNetBuffer = null;
        }
    }

    return res.getStatus();
}
 
Example 16
Source File: OpenSslEngine.java    From netty4.0.27Learn with Apache License 2.0 4 votes vote down vote up
private SSLEngineResult.Status getEngineStatus() {
    return engineClosed? CLOSED : OK;
}
 
Example 17
Source File: DefaultSslCodec.java    From craft-atom with MIT License 4 votes vote down vote up
private void handshake0() throws SSLException {
	for (;;) {
		switch (handshakeStatus) {
		case FINISHED:
		case NOT_HANDSHAKING:
			handshakeComplete = true;
			return;
		case NEED_TASK:
			handshakeStatus = doTasks();
               break;
		case NEED_UNWRAP:
			SSLEngineResult.Status status = unwrapHandshake();
			if (status == SSLEngineResult.Status.BUFFER_UNDERFLOW && handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED || isInboundDone()) {
				// Need more data
				return;
			}
			break;
		case NEED_WRAP:
			// First make sure that the out buffer is completely empty.Since we cannot call wrap with data left on the buffer
               if (outNetBuffer != null && outNetBuffer.hasRemaining()) {
               	return;
               }
               SSLEngineResult result;
               createOutNetBuffer(0);

               for (;;) {
                   result = sslEngine.wrap(emptyBuffer.buf(), outNetBuffer.buf());
                   if (result.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                       outNetBuffer.capacity(outNetBuffer.capacity() << 1);
                       outNetBuffer.limit(outNetBuffer.capacity());
                   } else {
                       break;
                   }
               }

               outNetBuffer.flip();
               handshakeStatus = result.getHandshakeStatus();
               writeNetBuffer();
               break;
		default:
			String msg = "Invalid handshaking state" + handshakeStatus + " while processing the Handshake for session.";
			throw new IllegalStateException(msg);
		}
	}
}
 
Example 18
Source File: DefaultSslCodec.java    From craft-atom with MIT License 4 votes vote down vote up
private SSLEngineResult.Status unwrapHandshake() throws SSLException {
	// Prepare the net data for reading.
	if (inNetBuffer != null) {
		inNetBuffer.flip();
	}

	if (inNetBuffer == null || !inNetBuffer.hasRemaining()) {
		// Need more data.
		return SSLEngineResult.Status.BUFFER_UNDERFLOW;
	}

	SSLEngineResult res = unwrap();
	handshakeStatus = res.getHandshakeStatus();

	checkStatus(res);

	// If handshake finished, no data was produced, and the status is still ok, try to unwrap more
	if (handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED
			&& res.getStatus() == SSLEngineResult.Status.OK
			&& inNetBuffer.hasRemaining()) {
		res = unwrap();

		// prepare to be written again
		if (inNetBuffer.hasRemaining()) {
			inNetBuffer.compact();
		} else {
			inNetBuffer = null;
		}

		renegotiateIfNeeded(res);
	} else {
		// prepare to be written again
		if (inNetBuffer.hasRemaining()) {
			inNetBuffer.compact();
		} else {
			inNetBuffer = null;
		}
	}

	return res.getStatus();
}
 
Example 19
Source File: SSLEngineTestCase.java    From openjdk-jdk9 with GNU General Public License v2.0 3 votes vote down vote up
/**
 * Wraps data with the specified engine.
 *
 * @param engine        - SSLEngine that wraps data.
 * @param wrapper       - Set wrapper id, e.g. "server" of "client".
 *                        Used for logging only.
 * @param maxPacketSize - Max packet size to check that MFLN extension
 *                        works or zero for no check.
 * @param app           - Buffer with data to wrap.
 * @param wantedStatus  - Specifies expected result status of wrapping.
 * @return - Buffer with wrapped data.
 * @throws SSLException - thrown on engine errors.
 */
public static ByteBuffer doWrap(SSLEngine engine, String wrapper,
                                int maxPacketSize, ByteBuffer app,
                                SSLEngineResult.Status wantedStatus)
        throws SSLException {
    return doWrap(engine, wrapper, maxPacketSize,
            app, wantedStatus, null);
}
 
Example 20
Source File: SSLEngineTestCase.java    From openjdk-jdk9 with GNU General Public License v2.0 2 votes vote down vote up
/**
 * Unwraps data with the specified engine.
 *
 * @param engine       - SSLEngine that unwraps data.
 * @param unwrapper    - Set unwrapper id, e.g. "server" of "client".
 *                     Used for logging only.
 * @param net          - Buffer with data to unwrap.
 * @param wantedStatus - Specifies expected result status of wrapping.
 * @return - Buffer with unwrapped data.
 * @throws SSLException - thrown on engine errors.
 */
public static ByteBuffer doUnWrap(SSLEngine engine, String unwrapper,
        ByteBuffer net,
        SSLEngineResult.Status wantedStatus) throws SSLException {
    return doUnWrap(engine, unwrapper, net, wantedStatus, null);
}