Refine search
/** * Performs the WRAP function * @param doWrite boolean * @return SSLEngineResult * @throws IOException */ private SSLEngineResult handshakeWrap(boolean doWrite) throws IOException { log.trace("SSLHandshake handshakeWrap {}", channelId); if (netWriteBuffer.hasRemaining()) throw new IllegalStateException("handshakeWrap called with netWriteBuffer not empty"); //this should never be called with a network buffer that contains data //so we can clear it here. netWriteBuffer.clear(); SSLEngineResult result = sslEngine.wrap(emptyBuf, netWriteBuffer); //prepare the results to be written netWriteBuffer.flip(); handshakeStatus = result.getHandshakeStatus(); if (result.getStatus() == SSLEngineResult.Status.OK && result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { handshakeStatus = runDelegatedTasks(); } if (doWrite) flush(netWriteBuffer); return result; }
/** * Performs raw unwrap from network read buffer. * * @return Result. * @throws SSLException If SSL exception occurs. */ private SSLEngineResult unwrap0() throws SSLException { SSLEngineResult res; do { res = sslEngine.unwrap(inNetBuf, appBuf); if (log.isDebugEnabled()) log.debug("Unwrapped raw data [status=" + res.getStatus() + ", handshakeStatus=" + res.getHandshakeStatus() + ", ses=" + ses + ']'); if (res.getStatus() == Status.BUFFER_OVERFLOW) appBuf = expandBuffer(appBuf, appBuf.capacity() * 2); } while ((res.getStatus() == Status.OK || res.getStatus() == Status.BUFFER_OVERFLOW) && (handshakeFinished && res.getHandshakeStatus() == NOT_HANDSHAKING || res.getHandshakeStatus() == NEED_UNWRAP)); return res; }
switch (result.getHandshakeStatus()) { case FINISHED: { clearNeedUnwrap(); final ByteBuffer unwrappedBuffer = readBuffer.getResource(); if (result.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP && engine.isOutboundDone()) { synchronized (getUnwrapLock()) { buffer.compact(); sourceConduit.read(buffer); buffer.flip(); if (buffer.hasRemaining() && sourceConduit.isReadResumed()) { sourceConduit.wakeupReads(); if(result.getHandshakeStatus() != HandshakeStatus.NEED_UNWRAP || result.bytesConsumed() > 0) { clearNeedUnwrap(); continue; } else if (unwrapResult == -1 && result.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP) { if (!allAreSet(state, READ_SHUT_DOWN)) { throw msg.unexpectedHandshakeStatus(result.getHandshakeStatus());
netReadBuffer.flip(); result = sslEngine.unwrap(netReadBuffer, appReadBuffer); netReadBuffer.compact(); handshakeStatus = result.getHandshakeStatus(); if (result.getStatus() == SSLEngineResult.Status.OK && result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { handshakeStatus = runDelegatedTasks(); cont = (result.getStatus() == SSLEngineResult.Status.OK && handshakeStatus == HandshakeStatus.NEED_UNWRAP) || (ignoreHandshakeStatus && netReadBuffer.position() != position); log.trace("SSLHandshake handshakeUnwrap: handshakeStatus {} status {}", handshakeStatus, result.getStatus()); } while (netReadBuffer.position() != 0 && cont);
outNetBuf.flip(); ChannelBuffer msg = ctx.getChannel().getConfig().getBufferFactory().getBuffer(outNetBuf.remaining()); final HandshakeStatus handshakeStatus = result.getHandshakeStatus(); handleRenegotiation(handshakeStatus); switch (handshakeStatus) {
/** * Performs raw unwrap from network read buffer. * * @return Result. * @throws SSLException If SSL exception occurs. */ private SSLEngineResult unwrap0() throws SSLException { SSLEngineResult res; do { res = sslEngine.unwrap(inNetBuf, appBuf); if (log.isDebugEnabled()) log.debug("Unwrapped raw data [status=" + res.getStatus() + ", handshakeStatus=" + res.getHandshakeStatus() + ']'); if (res.getStatus() == Status.BUFFER_OVERFLOW) appBuf = expandBuffer(appBuf, appBuf.capacity() * 2); } while ((res.getStatus() == OK || res.getStatus() == Status.BUFFER_OVERFLOW) && (handshakeFinished && res.getHandshakeStatus() == NOT_HANDSHAKING || res.getHandshakeStatus() == NEED_UNWRAP)); return res; }
if (peerEngine.netBuffer.position() == 0) // no data to unwrap, return to process peer return; peerEngine.netBuffer.flip(); // unwrap the data from peer handshakeResult = sslEngine.unwrap(peerEngine.netBuffer, appBuffer); peerEngine.netBuffer.compact(); handshakeStatus = handshakeResult.getHandshakeStatus(); switch (handshakeResult.getStatus()) { case OK: break; case BUFFER_OVERFLOW: return; case NOT_HANDSHAKING: if (handshakeResult.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.FINISHED) throw new SSLException("Did not finish handshake"); return;
private int wrapAndWrite() throws SSLException, IOException { SSLEngineResult _hRes; if (cipherSendBuffer.position() != 0) { cipherSendBuffer.compact(); } _hRes = sslEngine.wrap(appSendBuffer, cipherSendBuffer); hStatus = _hRes.getHandshakeStatus(); cipherSendBuffer.flip(); return sChannel.write(cipherSendBuffer); }
/** * Check status and retry the negotiation process if needed. * * @param res Result. * @throws GridNioException If exception occurred during handshake. * @throws SSLException If failed to process SSL data */ private void renegotiateIfNeeded(SSLEngineResult res) throws IgniteCheckedException, SSLException { if (res.getStatus() != CLOSED && res.getStatus() != BUFFER_UNDERFLOW && res.getHandshakeStatus() != NOT_HANDSHAKING) { // Renegotiation required. handshakeStatus = res.getHandshakeStatus(); if (log.isDebugEnabled()) log.debug("Renegotiation requested [status=" + res.getStatus() + ", handshakeStatus = " + handshakeStatus + "ses=" + ses + ']'); handshakeFinished = false; handshake(); } }
netWriteBuffer.flip(); if (wrapResult.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING && wrapResult.getStatus() == Status.OK) throw renegotiationException(); if (wrapResult.getStatus() == Status.OK) { written = wrapResult.bytesConsumed(); flush(netWriteBuffer); } else if (wrapResult.getStatus() == Status.BUFFER_OVERFLOW) { int currentNetWriteBufferSize = netWriteBufferSize(); netWriteBuffer.compact(); netWriteBuffer = Utils.ensureCapacity(netWriteBuffer, currentNetWriteBufferSize); netWriteBuffer.flip(); if (netWriteBuffer.limit() >= currentNetWriteBufferSize) throw new IllegalStateException("SSL BUFFER_OVERFLOW when available data size (" + netWriteBuffer.limit() + ") >= network buffer size (" + currentNetWriteBufferSize + ")");
private void wrap() throws IOException { ArrayList<ByteBuffer> wrapped = new ArrayList<>(); while (true) { // TODO(bgallagher) buffer pooling ByteBuffer out = ByteBuffer.allocate(engine.getSession().getPacketBufferSize()); SSLEngineResult result = engine.wrap(pending(), out); if (result.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) { throw new SSLException("renegotiation not supported"); } if (result.bytesProduced() > 0) { out.flip(); wrapped.add(out); } else { break; } } setPending(wrapped.toArray(new ByteBuffer[wrapped.size()])); }
/** * Convert a {@link SSLEngineResult} into a {@link String}, this is needed * because the supplied method includes a log-breaking newline. */ public static String resultToString(final SSLEngineResult result) { return String.format("status=%s,handshakeStatus=%s,bytesConsumed=%d,bytesConsumed=%d", result.getStatus(), result.getHandshakeStatus(), result.bytesProduced(), result.bytesConsumed()); }
/** * Writes close_notify message to the network output buffer. * * @throws SSLException If wrap failed or SSL engine does not get closed * after wrap. * @return {@code True} if <tt>close_notify</tt> message was encoded, {@code false} if outbound * stream was already closed. */ boolean closeOutbound() throws SSLException { assert isHeldByCurrentThread(); if (!sslEngine.isOutboundDone()) { sslEngine.closeOutbound(); outNetBuf.clear(); SSLEngineResult res = sslEngine.wrap(handshakeBuf, outNetBuf); if (res.getStatus() != CLOSED) throw new SSLException("Incorrect SSL engine status after closeOutbound call [status=" + res.getStatus() + ", handshakeStatus=" + res.getHandshakeStatus() + ", ses=" + ses + ']'); outNetBuf.flip(); return true; } return false; }
/** * Performs the WRAP function * @param doWrite boolean * @return SSLEngineResult * @throws IOException */ protected SSLEngineResult handshakeWrap(boolean doWrite) throws IOException { //this should never be called with a network buffer that contains data //so we can clear it here. netOutBuffer.clear(); //perform the wrap SSLEngineResult result = sslEngine.wrap(bufHandler.getWriteBuffer(), netOutBuffer); //prepare the results to be written netOutBuffer.flip(); //set the status handshakeStatus = result.getHandshakeStatus(); //optimization, if we do have a writable channel, write it now if ( doWrite ) flush(netOutBuffer); return result; }
/** * Check status and retry the negotiation process if needed. * * @param res Result. * @throws GridNioException If exception occurred during handshake. * @throws SSLException If failed to process SSL data */ private void renegotiateIfNeeded(SSLEngineResult res) throws IgniteCheckedException, SSLException { if (res.getStatus() != CLOSED && res.getStatus() != BUFFER_UNDERFLOW && res.getHandshakeStatus() != NOT_HANDSHAKING) { // Renegotiation required. handshakeStatus = res.getHandshakeStatus(); if (log.isDebugEnabled()) log.debug("Renegotiation requested [status=" + res.getStatus() + ", handshakeStatus = " + handshakeStatus + ']'); handshakeFinished = false; handshake(); } }
/** * Unwraps handshake data and processes it. * * @return Status. * @throws SSLException If SSL exception occurred while unwrapping. * @throws GridNioException If failed to pass event to the next filter. */ private Status unwrapHandshake() throws SSLException, IgniteCheckedException { // Flip input buffer so we can read the collected data. inNetBuf.flip(); SSLEngineResult res = unwrap0(); handshakeStatus = res.getHandshakeStatus(); checkStatus(res); // If handshake finished, no data was produced, and the status is still ok, // try to unwrap more if (handshakeStatus == FINISHED && res.getStatus() == Status.OK && inNetBuf.hasRemaining()) { res = unwrap0(); handshakeStatus = res.getHandshakeStatus(); // prepare to be written again inNetBuf.compact(); renegotiateIfNeeded(res); } else // prepare to be written again inNetBuf.compact(); return res.getStatus(); }
/** * Performs the WRAP function * @param doWrite boolean * @return SSLEngineResult * @throws IOException */ protected SSLEngineResult handshakeWrap(boolean doWrite) throws IOException { //this should never be called with a network buffer that contains data //so we can clear it here. netOutBuffer.clear(); //perform the wrap SSLEngineResult result = sslEngine.wrap(bufHandler.getWriteBuffer(), netOutBuffer); //prepare the results to be written netOutBuffer.flip(); //set the status initHandshakeStatus = result.getHandshakeStatus(); //optimization, if we do have a writable channel, write it now if ( doWrite ) flush(netOutBuffer); return result; }
private void log(String str, SSLEngineResult result) { if (!logging) { return; } if (resultOnce) { resultOnce = false; Log.info("The format of the SSLEngineResult is: \n" + "\t\"getStatus() / getHandshakeStatus()\" +\n" + "\t\"bytesConsumed() / bytesProduced()\"\n"); } HandshakeStatus hsStatus = result.getHandshakeStatus(); Log.info(str + result.getStatus() + "/" + hsStatus + ", " + result.bytesConsumed() + "/" + result.bytesProduced() + " bytes"); if (hsStatus == HandshakeStatus.FINISHED) { Log.info("\t...ready for application data"); } }
log.debug("Encrypted data [status=" + res.getStatus() + ", handshakeStaus=" + res.getHandshakeStatus() + ']'); if (res.getStatus() == OK) { if (res.getHandshakeStatus() == NEED_TASK) runTasks(); throw new SSLException("Failed to encrypt data (SSL engine error) [status=" + res.getStatus() + ", handshakeStatus=" + res.getHandshakeStatus() + ']'); outNetBuf.flip();
/** * Performs the WRAP function * @param doWrite boolean * @return SSLEngineResult * @throws IOException */ protected SSLEngineResult handshakeWrap(boolean doWrite) throws IOException { //this should never be called with a network buffer that contains data //so we can clear it here. netOutBuffer.clear(); //perform the wrap SSLEngineResult result = sslEngine.wrap(bufHandler.getWriteBuffer(), netOutBuffer); //prepare the results to be written netOutBuffer.flip(); //set the status handshakeStatus = result.getHandshakeStatus(); //optimization, if we do have a writable channel, write it now if ( doWrite ) flush(netOutBuffer); return result; }