sslhandler.html

MINA+API 关于MINA的API

<a name="399" href="#399">399</a>     <em class="jxr_javadoccomment">/**</em>
<a name="400" href="#400">400</a> <em class="jxr_javadoccomment">     * Decrypt in net buffer. Result is stored in app buffer.</em>
<a name="401" href="#401">401</a> <em class="jxr_javadoccomment">     *</em>
<a name="402" href="#402">402</a> <em class="jxr_javadoccomment">     * @throws SSLException</em>
<a name="403" href="#403">403</a> <em class="jxr_javadoccomment">     */</em>
<a name="404" href="#404">404</a>     <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> decrypt(<a href="../../../../../org/apache/mina/common/IoFilter.html">NextFilter</a> nextFilter) <strong class="jxr_keyword">throws</strong> SSLException {
<a name="405" href="#405">405</a> 
<a name="406" href="#406">406</a>         <strong class="jxr_keyword">if</strong> (!handshakeComplete) {
<a name="407" href="#407">407</a>             <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalStateException();
<a name="408" href="#408">408</a>         }
<a name="409" href="#409">409</a> 
<a name="410" href="#410">410</a>         unwrap(nextFilter);
<a name="411" href="#411">411</a>     }
<a name="412" href="#412">412</a> 
<a name="413" href="#413">413</a>     <em class="jxr_javadoccomment">/**</em>
<a name="414" href="#414">414</a> <em class="jxr_javadoccomment">     * @param res</em>
<a name="415" href="#415">415</a> <em class="jxr_javadoccomment">     * @throws SSLException</em>
<a name="416" href="#416">416</a> <em class="jxr_javadoccomment">     */</em>
<a name="417" href="#417">417</a>     <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> checkStatus(SSLEngineResult res)
<a name="418" href="#418">418</a>             <strong class="jxr_keyword">throws</strong> SSLException {
<a name="419" href="#419">419</a> 
<a name="420" href="#420">420</a>         SSLEngineResult.Status status = res.getStatus();
<a name="421" href="#421">421</a> 
<a name="422" href="#422">422</a>         <em class="jxr_comment">/*</em>
<a name="423" href="#423">423</a> <em class="jxr_comment">        * The status may be:</em>
<a name="424" href="#424">424</a> <em class="jxr_comment">        * OK - Normal operation</em>
<a name="425" href="#425">425</a> <em class="jxr_comment">        * OVERFLOW - Should never happen since the application buffer is</em>
<a name="426" href="#426">426</a> <em class="jxr_comment">        *      sized to hold the maximum packet size.</em>
<a name="427" href="#427">427</a> <em class="jxr_comment">        * UNDERFLOW - Need to read more data from the socket. It's normal.</em>
<a name="428" href="#428">428</a> <em class="jxr_comment">        * CLOSED - The other peer closed the socket. Also normal.</em>
<a name="429" href="#429">429</a> <em class="jxr_comment">        */</em>
<a name="430" href="#430">430</a>         <strong class="jxr_keyword">if</strong> (status != SSLEngineResult.Status.OK
<a name="431" href="#431">431</a>                 &amp;&amp; status != SSLEngineResult.Status.CLOSED
<a name="432" href="#432">432</a>                 &amp;&amp; status != SSLEngineResult.Status.BUFFER_UNDERFLOW) {
<a name="433" href="#433">433</a>             <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> SSLException(<span class="jxr_string">"SSLEngine error during decrypt: "</span> + status
<a name="434" href="#434">434</a>                     + <span class="jxr_string">" inNetBuffer: "</span> + inNetBuffer + <span class="jxr_string">"appBuffer: "</span>
<a name="435" href="#435">435</a>                     + appBuffer);
<a name="436" href="#436">436</a>         }
<a name="437" href="#437">437</a>     }
<a name="438" href="#438">438</a> 
<a name="439" href="#439">439</a>     <em class="jxr_javadoccomment">/**</em>
<a name="440" href="#440">440</a> <em class="jxr_javadoccomment">     * Perform any handshaking processing.</em>
<a name="441" href="#441">441</a> <em class="jxr_javadoccomment">     */</em>
<a name="442" href="#442">442</a>     <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">void</strong> handshake(<a href="../../../../../org/apache/mina/common/IoFilter.html">NextFilter</a> nextFilter) <strong class="jxr_keyword">throws</strong> SSLException {
<a name="443" href="#443">443</a>         <strong class="jxr_keyword">for</strong> (; ;) {
<a name="444" href="#444">444</a>             <strong class="jxr_keyword">if</strong> (handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
<a name="445" href="#445">445</a>                 session.setAttribute(
<a name="446" href="#446">446</a>                         SslFilter.SSL_SESSION, sslEngine.getSession());
<a name="447" href="#447">447</a>                 handshakeComplete = <strong class="jxr_keyword">true</strong>;
<a name="448" href="#448">448</a>                 <strong class="jxr_keyword">if</strong> (!initialHandshakeComplete
<a name="449" href="#449">449</a>                         &amp;&amp; session.containsAttribute(SslFilter.USE_NOTIFICATION)) {
<a name="450" href="#450">450</a>                     <em class="jxr_comment">// SESSION_SECURED is fired only when it's the first handshake.</em>
<a name="451" href="#451">451</a>                     <em class="jxr_comment">// (i.e. renegotiation shouldn't trigger SESSION_SECURED.)</em>
<a name="452" href="#452">452</a>                     initialHandshakeComplete = <strong class="jxr_keyword">true</strong>;
<a name="453" href="#453">453</a>                     scheduleMessageReceived(nextFilter,
<a name="454" href="#454">454</a>                             SslFilter.SESSION_SECURED);
<a name="455" href="#455">455</a>                 }
<a name="456" href="#456">456</a>                 <strong class="jxr_keyword">break</strong>;
<a name="457" href="#457">457</a>             } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK) {
<a name="458" href="#458">458</a>                 handshakeStatus = doTasks();
<a name="459" href="#459">459</a>             } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
<a name="460" href="#460">460</a>                 <em class="jxr_comment">// we need more data read</em>
<a name="461" href="#461">461</a>                 SSLEngineResult.Status status = unwrapHandshake(nextFilter);
<a name="462" href="#462">462</a>                 <strong class="jxr_keyword">if</strong> (status == SSLEngineResult.Status.BUFFER_UNDERFLOW
<a name="463" href="#463">463</a>                         || isInboundDone()) {
<a name="464" href="#464">464</a>                     <em class="jxr_comment">// We need more data or the session is closed</em>
<a name="465" href="#465">465</a>                     <strong class="jxr_keyword">break</strong>;
<a name="466" href="#466">466</a>                 }
<a name="467" href="#467">467</a>             } <strong class="jxr_keyword">else</strong> <strong class="jxr_keyword">if</strong> (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
<a name="468" href="#468">468</a>                 <em class="jxr_comment">// First make sure that the out buffer is completely empty. Since we</em>
<a name="469" href="#469">469</a>                 <em class="jxr_comment">// cannot call wrap with data left on the buffer</em>
<a name="470" href="#470">470</a>                 <strong class="jxr_keyword">if</strong> (outNetBuffer != <strong class="jxr_keyword">null</strong> &amp;&amp; outNetBuffer.hasRemaining()) {
<a name="471" href="#471">471</a>                     <strong class="jxr_keyword">break</strong>;
<a name="472" href="#472">472</a>                 }
<a name="473" href="#473">473</a>                 
<a name="474" href="#474">474</a>                 SSLEngineResult result;
<a name="475" href="#475">475</a>                 createOutNetBuffer(0);
<a name="476" href="#476">476</a>                 <strong class="jxr_keyword">for</strong> (;;) {
<a name="477" href="#477">477</a>                     result = sslEngine.wrap(emptyBuffer.buf(), outNetBuffer.buf());
<a name="478" href="#478">478</a>                     <strong class="jxr_keyword">if</strong> (result.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
<a name="479" href="#479">479</a>                         outNetBuffer.capacity(outNetBuffer.capacity() &lt;&lt; 1);
<a name="480" href="#480">480</a>                         outNetBuffer.limit(outNetBuffer.capacity());
<a name="481" href="#481">481</a>                     } <strong class="jxr_keyword">else</strong> {
<a name="482" href="#482">482</a>                         <strong class="jxr_keyword">break</strong>;
<a name="483" href="#483">483</a>                     }
<a name="484" href="#484">484</a>                 }
<a name="485" href="#485">485</a> 
<a name="486" href="#486">486</a>                 outNetBuffer.flip();
<a name="487" href="#487">487</a>                 handshakeStatus = result.getHandshakeStatus();
<a name="488" href="#488">488</a>                 writeNetBuffer(nextFilter);
<a name="489" href="#489">489</a>             } <strong class="jxr_keyword">else</strong> {
<a name="490" href="#490">490</a>                 <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalStateException(<span class="jxr_string">"Invalid Handshaking State"</span>
<a name="491" href="#491">491</a>                         + handshakeStatus);
<a name="492" href="#492">492</a>             }
<a name="493" href="#493">493</a>         }
<a name="494" href="#494">494</a>     }
<a name="495" href="#495">495</a> 
<a name="496" href="#496">496</a>     <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">void</strong> createOutNetBuffer(<strong class="jxr_keyword">int</strong> expectedRemaining) {
<a name="497" href="#497">497</a>         <em class="jxr_comment">// SSLEngine requires us to allocate unnecessarily big buffer</em>
<a name="498" href="#498">498</a>         <em class="jxr_comment">// even for small data.  *Shrug*</em>
<a name="499" href="#499">499</a>         <strong class="jxr_keyword">int</strong> capacity = Math.max(
<a name="500" href="#500">500</a>                 expectedRemaining,
<a name="501" href="#501">501</a>                 sslEngine.getSession().getPacketBufferSize());
<a name="502" href="#502">502</a>         
<a name="503" href="#503">503</a>         <strong class="jxr_keyword">if</strong> (outNetBuffer != <strong class="jxr_keyword">null</strong>) {
<a name="504" href="#504">504</a>             outNetBuffer.capacity(capacity);
<a name="505" href="#505">505</a>         } <strong class="jxr_keyword">else</strong> {
<a name="506" href="#506">506</a>             outNetBuffer = IoBuffer.allocate(capacity).minimumCapacity(0);
<a name="507" href="#507">507</a>         }
<a name="508" href="#508">508</a>     }
<a name="509" href="#509">509</a> 
<a name="510" href="#510">510</a>     <strong class="jxr_keyword">public</strong> <a href="../../../../../org/apache/mina/common/WriteFuture.html">WriteFuture</a> writeNetBuffer(<a href="../../../../../org/apache/mina/common/IoFilter.html">NextFilter</a> nextFilter)
<a name="511" href="#511">511</a>             <strong class="jxr_keyword">throws</strong> SSLException {
<a name="512" href="#512">512</a>         <em class="jxr_comment">// Check if any net data needed to be writen</em>
<a name="513" href="#513">513</a>         <strong class="jxr_keyword">if</strong> (outNetBuffer == <strong class="jxr_keyword">null</strong> || !outNetBuffer.hasRemaining()) {
<a name="514" href="#514">514</a>             <em class="jxr_comment">// no; bail out</em>
<a name="515" href="#515">515</a>             <strong class="jxr_keyword">return</strong> <strong class="jxr_keyword">null</strong>;
<a name="516" href="#516">516</a>         }
<a name="517" href="#517">517</a> 
<a name="518" href="#518">518</a>         <em class="jxr_comment">// set flag that we are writing encrypted data</em>
<a name="519" href="#519">519</a>         <em class="jxr_comment">// (used in SSLFilter.filterWrite())</em>
<a name="520" href="#520">520</a>         writingEncryptedData = <strong class="jxr_keyword">true</strong>;
<a name="521" href="#521">521</a> 
<a name="522" href="#522">522</a>         <em class="jxr_comment">// write net data</em>
<a name="523" href="#523">523</a>         <a href="../../../../../org/apache/mina/common/WriteFuture.html">WriteFuture</a> writeFuture = <strong class="jxr_keyword">null</strong>;
<a name="524" href="#524">524</a> 
<a name="525" href="#525">525</a>         <strong class="jxr_keyword">try</strong> {
<a name="526" href="#526">526</a>             <a href="../../../../../org/apache/mina/common/IoBuffer.html">IoBuffer</a> writeBuffer = fetchOutNetBuffer();
<a name="527" href="#527">527</a>             writeFuture = <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/mina/common/DefaultWriteFuture.html">DefaultWriteFuture</a>(session);
<a name="528" href="#528">528</a>             parent.filterWrite(nextFilter, session, <strong class="jxr_keyword">new</strong> <a href="../../../../../org/apache/mina/common/DefaultWriteRequest.html">DefaultWriteRequest</a>(
<a name="529" href="#529">529</a>                     writeBuffer, writeFuture));
<a name="530" href="#530">530</a> 
<a name="531" href="#531">531</a>             <em class="jxr_comment">// loop while more writes required to complete handshake</em>
<a name="532" href="#532">532</a>             <strong class="jxr_keyword">while</strong> (needToCompleteHandshake()) {
<a name="533" href="#533">533</a>                 <strong class="jxr_keyword">try</strong> {
<a name="534" href="#534">534</a>                     handshake(nextFilter);