| /* |
| * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| import javax.net.ssl.*; |
| import javax.net.ssl.SSLEngineResult.*; |
| import java.io.*; |
| import java.nio.*; |
| import java.security.KeyStore; |
| import java.security.PrivateKey; |
| import java.security.KeyFactory; |
| import java.security.cert.Certificate; |
| import java.security.cert.CertificateFactory; |
| import java.security.spec.*; |
| import java.util.Base64; |
| |
| public abstract class ClientHelloInterOp { |
| |
| /* |
| * Certificates and keys used in the test. |
| */ |
| // Trusted certificates. |
| private final static String[] trustedCertStrs = { |
| // SHA256withECDSA, curve prime256v1 |
| // Validity |
| // Not Before: Nov 9 03:24:05 2016 GMT |
| // Not After : Oct 20 03:24:05 2037 GMT |
| "-----BEGIN CERTIFICATE-----\n" + |
| "MIICHDCCAcGgAwIBAgIJAM83C/MVp9F5MAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + |
| "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + |
| "ZTAeFw0xNjExMDkwMzI0MDVaFw0zNzEwMjAwMzI0MDVaMDsxCzAJBgNVBAYTAlVT\n" + |
| "MQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + |
| "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABGeQXwyeNyU4UAATfwUbMO5zaREI21Wh\n" + |
| "bds6WDu+PmfK8SWsTgsgpYxBRui+fZtYqSmbdjkurvAQ3j2fvN++BtWjga0wgaow\n" + |
| "HQYDVR0OBBYEFDF/OeJ82qBSRkAm1rdZUPbWfDzyMGsGA1UdIwRkMGKAFDF/OeJ8\n" + |
| "2qBSRkAm1rdZUPbWfDzyoT+kPTA7MQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2\n" + |
| "YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2WCCQDPNwvzFafReTAPBgNV\n" + |
| "HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNJADBGAiEAlHQY\n" + |
| "QFPlODOsjLVQYSxgeSUvYzMp0vP8naeVB9bfFG8CIQCFfrKZvhq9z3bOtlYKxs2a\n" + |
| "EWUjUZ82a1JTqkP+lgHY5A==\n" + |
| "-----END CERTIFICATE-----", |
| |
| // SHA256withRSA, 2048 bits |
| // Validity |
| // Not Before: Nov 9 03:24:16 2016 GMT |
| // Not After : Oct 20 03:24:16 2037 GMT |
| "-----BEGIN CERTIFICATE-----\n" + |
| "MIIDpzCCAo+gAwIBAgIJAJAYpR2aIlA1MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + |
| "BAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2Vy\n" + |
| "aXZjZTAeFw0xNjExMDkwMzI0MTZaFw0zNzEwMjAwMzI0MTZaMDsxCzAJBgNVBAYT\n" + |
| "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + |
| "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+F/FTPODYzsU0Pakfp\n" + |
| "lsh88YoQWZPjABhCU+HPsCTMYc8UBkaiduUzregwwVBW3D7kmec2K408krGQsxdy\n" + |
| "oKJA12GL/XX1YgzDEsyBRk/gvex5lPaBIZiJ5IZlUfjLuRDGxPjtRelBTpZ7SUet\n" + |
| "PJVZz6zV6hMPGO6kQzCtbzzET515EE0okIS40LkAmtWoOmVm3gRldomaZTrZ0V2L\n" + |
| "MMaJGzrXYqk0SX+PYul8v+2EEHeMuaXG/XpK5xsg9gZvzpKqFQcBOdENoJHB07go\n" + |
| "jCmRC328ALqr+bMyktKAuYfB+mhjmN2AU8TQx72WPpvNTXxFDYcwo+8254cCAVKB\n" + |
| "e98CAwEAAaOBrTCBqjAdBgNVHQ4EFgQUlJQlQTbi8YIyiNf+SqF7LtH+gicwawYD\n" + |
| "VR0jBGQwYoAUlJQlQTbi8YIyiNf+SqF7LtH+giehP6Q9MDsxCzAJBgNVBAYTAlVT\n" + |
| "MQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZjZYIJ\n" + |
| "AJAYpR2aIlA1MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3\n" + |
| "DQEBCwUAA4IBAQAI0lTY0YAKQ2VdoIQ6dnqolphLVWdNGiC9drHEYSn7+hmAD2r2\n" + |
| "v1U/9m752TkcT74a65xKbEVuVtleD/w6i+QjALW2PYt6ivjOnnY0a9Y9a9UCa00j\n" + |
| "C9415sCw84Tp9VoKtuYqzhN87bBUeABOw5dsW3z32C2N/YhprkqeF/vdx4JxulPr\n" + |
| "PKze5BREXnKLA1ISoDioCPphvNMKrSpkAofb1rTCwtgt5V/WFls283L52ORmpRGO\n" + |
| "Ja88ztXOz00ZGu0RQLwlmpN7m8tNgA/5MPrldyYIwegP4RSkkJlF/8+hxvvqfJhK\n" + |
| "FFDa0HHQSJfR2b9628Iniw1UHOMMT6qx5EHr\n" + |
| "-----END CERTIFICATE-----" |
| }; |
| |
| // End entity certificate. |
| private final static String[] endEntityCertStrs = { |
| // SHA256withECDSA, curve prime256v1 |
| // Validity |
| // Not Before: Nov 9 03:24:05 2016 GMT |
| // Not After : Jul 27 03:24:05 2036 GMT |
| "-----BEGIN CERTIFICATE-----\n" + |
| "MIIB1DCCAXmgAwIBAgIJAKVa+4dIUjaLMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + |
| "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + |
| "ZTAeFw0xNjExMDkwMzI0MDVaFw0zNjA3MjcwMzI0MDVaMFIxCzAJBgNVBAYTAlVT\n" + |
| "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEV\n" + |
| "MBMGA1UEAwwMSW50ZXJPcCBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n" + |
| "h4vXNUJzULq4e7fAOvF0WiWU6cllOAMus1GqTFvcnRPOChl8suZsvksO0CpZqL3h\n" + |
| "jXmVX9dp1FV/rUBGLo1aG6NPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSO8V5+\n" + |
| "bj0ik0T9BtJc4jLJt7m6wjAfBgNVHSMEGDAWgBQxfznifNqgUkZAJta3WVD21nw8\n" + |
| "8jAKBggqhkjOPQQDAgNJADBGAiEAk7MF+L9bFRwUsbPsBCbCqH9DMdzBQR+kFDNf\n" + |
| "lfn8Rs4CIQD9qWvBXd+EJqwraxiX6cftaFchn+T2HpvMboy+irMFow==\n" + |
| "-----END CERTIFICATE-----", |
| |
| // SHA256withRSA, 2048 bits |
| // Validity |
| // Not Before: Nov 9 03:24:16 2016 GMT |
| // Not After : Jul 27 03:24:16 2036 GMT |
| "-----BEGIN CERTIFICATE-----\n" + |
| "MIIDczCCAlugAwIBAgIJAPhM2oUKx0aJMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + |
| "BAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2Vy\n" + |
| "aXZjZTAeFw0xNjExMDkwMzI0MTZaFw0zNjA3MjcwMzI0MTZaMFIxCzAJBgNVBAYT\n" + |
| "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + |
| "ZTEVMBMGA1UEAwwMSW50ZXJPcCBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\n" + |
| "MIIBCgKCAQEA36tJaXfJ2B/AFvES+tnueyQPSNABVu9nfMdU+NEPamJ+FH7cEF8Z\n" + |
| "1Spr1vlQgNzCpDUVrfnmT75rCapgz5ldA9+y+3hdfUyHjZBzzfx+6GHXLB4u6eU2\n" + |
| "NATa7vqSLNbcLcfZ7/QmkFqg4JRJbX4F42kKkRJrWdKZ8UoCYC8WXWvDaZ3nUs05\n" + |
| "XHe+mBJ8qMNPTbYST1jpzXPyH5CljlFGYi2mKJDTImDhwht7mu2+zvwvbJ81Gj2X\n" + |
| "JUSTSf9fu0zxFcCk6RmJPw9nSVqePVlOwtNNBodfKN+k4yr+gOz1v8NmMtmEtklV\n" + |
| "Sulr/J4QxI+E2Zar/C+4XjxkvstIS+PNKQIDAQABo2MwYTALBgNVHQ8EBAMCA+gw\n" + |
| "HQYDVR0OBBYEFHt19CItAz0VOF0WKGWwaT4DtEsSMB8GA1UdIwQYMBaAFJSUJUE2\n" + |
| "4vGCMojX/kqhey7R/oInMBIGA1UdEQEB/wQIMAaHBH8AAAEwDQYJKoZIhvcNAQEL\n" + |
| "BQADggEBACKYZWvo9B9IEpCCdBba2sNo4X1NI/VEY3fyUx1lkw+Kna+1d2Ab+RCZ\n" + |
| "cf3Y85fcwv03hNE///wNBp+Nde4NQRDK/oiQARzWwWslfinm5d83eQwzC3cpSzt+\n" + |
| "7ts6M5UlOblGsLXZI7THWO1tkgoEra9p+zezxLMmf/2MpNyZMZlVoJPM2YGxU9cN\n" + |
| "ws0AyeY1gpBEdT21vjsBPdxxj6qklXVMnzS3zF8YwXyOndDYQWdjmFEknRK/qmQ2\n" + |
| "gkLHrzpSpyCziecna5mGuDRdCU2dpsWiq1npEPXTq+PQGwWYcoaFTtXF8DDqhfPC\n" + |
| "4Abe8gPm6MfzerdmS3RFTj9b/DIIENM=\n" + |
| "-----END CERTIFICATE-----" |
| }; |
| |
| // Private key in the format of PKCS#8. |
| private final static String[] endEntityPrivateKeys = { |
| // |
| // EC private key related to cert endEntityCertStrs[0]. |
| // |
| "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgA3pmS+OrIjGyUv2F\n" + |
| "K/PkyayJIePM2RTFYxNoQqmJGnihRANCAASHi9c1QnNQurh7t8A68XRaJZTpyWU4\n" + |
| "Ay6zUapMW9ydE84KGXyy5my+Sw7QKlmoveGNeZVf12nUVX+tQEYujVob", |
| |
| // |
| // RSA private key related to cert endEntityCertStrs[1]. |
| // |
| "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfq0lpd8nYH8AW\n" + |
| "8RL62e57JA9I0AFW72d8x1T40Q9qYn4UftwQXxnVKmvW+VCA3MKkNRWt+eZPvmsJ\n" + |
| "qmDPmV0D37L7eF19TIeNkHPN/H7oYdcsHi7p5TY0BNru+pIs1twtx9nv9CaQWqDg\n" + |
| "lEltfgXjaQqREmtZ0pnxSgJgLxZda8NpnedSzTlcd76YEnyow09NthJPWOnNc/If\n" + |
| "kKWOUUZiLaYokNMiYOHCG3ua7b7O/C9snzUaPZclRJNJ/1+7TPEVwKTpGYk/D2dJ\n" + |
| "Wp49WU7C000Gh18o36TjKv6A7PW/w2Yy2YS2SVVK6Wv8nhDEj4TZlqv8L7hePGS+\n" + |
| "y0hL480pAgMBAAECggEBAJyP1zk+IkloIBtu7+wrdCU6HoDHKMjjlzrehHoOTI4Z\n" + |
| "F0vdaMkE6J4vrYCyz0kEPjKW/e/jxvT2wxHm8xEdtuApS61+mWJFmXTcMlNzdJnR\n" + |
| "Mr6s+gW67fAHngA94OgGFeTtyX2PFxdgeM/6vFMqLZD7S+w0SnR7WEpvla4iB7On\n" + |
| "lXqhJKVQeVc+IpByg/S4MmJb91jck73GltCaCL/b6BTrsz+zc/AY5tb8JInxjMZ9\n" + |
| "jmjmA+s6l7tnBrFQfJHlF9a374lxCOtZTxyxVJjD7tQcGpsUpSHXZGdpDcT34qYT\n" + |
| "UGh0yp2Mc/1PfWni5gS/6UGLrYmT57RRCn5YJBJTEkkCgYEA/XPCNehFaOMSxOZh\n" + |
| "OGBVhQ+eRAmdpJfMhSUsDdEdQLZyWGmZsMTHjZZrwevBX/D0dxQYDv/sAl0GZomJ\n" + |
| "d6iRCHlscycwx5Q0U/EpacsgRlYHz1nMRzXqS3Ry+8O8qQlliqCLUM7SfVgzdI5/\n" + |
| "ll9JMrng9NnRl8ccjEdOGK8g/MMCgYEA4eriKMfRslGY4uOQoTPbuEJSMMwQ2X4k\n" + |
| "lPj1p+xSQfU9QBaWJake67oBj3vpCxqN7/VkvCIeC6LCjhLpWHCn4EkdGiqkEdWz\n" + |
| "m5CHzpzVIgznzWnbt0rCVL2KdL+ihgY8KPDdsZ6tZrABHuYhsWkAu10wyvuQYM88\n" + |
| "3u6yOIQn36MCgYEAk5qR1UEzAxWTPbaJkgKQa5Cf9DHBbDS3eCcg098f8SsPxquh\n" + |
| "RRAkwzGCCgqZsJ0sUhkStdGXifzRGHAq7dPuuwe0ABAn2WNXYjeFjcYtQqkhnUFH\n" + |
| "tYURsOXdfQAOZEdDqos691GrxjHSraO7bECL6Y3VE+Oyq3jbCFsSgU+kn28CgYBT\n" + |
| "mrXZO6FJqVK33FlAns1YEgsSjeJKapklHEDkxNroF9Zz6ifkhgKwX6SGMefbORd/\n" + |
| "zsNZsBKIYdI3+52pIf+uS8BeV5tiEkCmeEUZ3AYv1LDP3rX1zc++xmn/rI97o8EN\n" + |
| "sZ2JRtyK3OV9RtL/MYmYzPLqm1Ah02+GXLVNnvKWmwKBgE8Ble8CzrXYuuPdGxXz\n" + |
| "BZU6HnXQrmTUcgeze0tj8SDHzCfsGsaG6pHrVNkT7CKsRuCHTZLM0kXmUijLFKuP\n" + |
| "5xyE257z4IbbEbs+tcbB3p28n4/47MzZkSR3kt8+FrsEMZq5oOHbFTGzgp9dhZCC\n" + |
| "dKUqlw5BPHdbxoWB/JpSHGCV" |
| }; |
| |
| // Private key names of endEntityPrivateKeys. |
| private final static String[] endEntityPrivateKeyNames = { |
| "EC", |
| "RSA" |
| }; |
| |
| /* |
| * Run the test case. |
| */ |
| public void run() throws Exception { |
| SSLEngine serverEngine = createServerEngine(); |
| |
| // |
| // Create and size the buffers appropriately. |
| // |
| SSLSession session = serverEngine.getSession(); |
| ByteBuffer serverAppInbound = |
| ByteBuffer.allocate(session.getApplicationBufferSize()); |
| ByteBuffer clientHello = |
| ByteBuffer.allocate(session.getPacketBufferSize()); |
| |
| // |
| // Generate a ClientHello message, and check if the server |
| // engine can read it or not. |
| // |
| clientHello.put(createClientHelloMessage()); |
| clientHello.flip(); |
| |
| SSLEngineResult serverResult = |
| serverEngine.unwrap(clientHello, serverAppInbound); |
| log("Server unwrap: ", serverResult); |
| runDelegatedTasks(serverResult, serverEngine); |
| |
| // |
| // Generate server responses to the ClientHello request. |
| // |
| ByteBuffer clientNetInbound = |
| ByteBuffer.allocate(session.getPacketBufferSize()); |
| ByteBuffer clientAppInbound = |
| ByteBuffer.wrap("Hello Client, I'm Server".getBytes()); |
| |
| serverResult = serverEngine.wrap(clientAppInbound, clientNetInbound); |
| log("Server wrap: ", serverResult); |
| runDelegatedTasks(serverResult, serverEngine); |
| } |
| |
| /* |
| * Create a ClientHello message. |
| */ |
| abstract protected byte[] createClientHelloMessage(); |
| |
| /* |
| * Create an instance of SSLContext for client use. |
| */ |
| protected SSLContext createClientSSLContext() throws Exception { |
| return createSSLContext(trustedCertStrs, null, null, null); |
| } |
| |
| /* |
| * Create an instance of SSLContext for server use. |
| */ |
| protected SSLContext createServerSSLContext() throws Exception { |
| return createSSLContext(null, |
| endEntityCertStrs, endEntityPrivateKeys, |
| endEntityPrivateKeyNames); |
| } |
| |
| /* |
| * Create an instance of SSLContext with the specified trust/key materials. |
| */ |
| protected SSLContext createSSLContext( |
| String[] trustedMaterials, |
| String[] keyMaterialCerts, |
| String[] keyMaterialKeys, |
| String[] keyMaterialKeyAlgs) throws Exception { |
| |
| KeyStore ts = null; // trust store |
| KeyStore ks = null; // key store |
| char passphrase[] = "passphrase".toCharArray(); |
| |
| // Generate certificate from cert string. |
| CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
| |
| // Import the trused certs. |
| ByteArrayInputStream is; |
| if (trustedMaterials != null && trustedMaterials.length != 0) { |
| ts = KeyStore.getInstance("JKS"); |
| ts.load(null, null); |
| |
| Certificate[] trustedCert = |
| new Certificate[trustedMaterials.length]; |
| for (int i = 0; i < trustedMaterials.length; i++) { |
| String trustedCertStr = trustedMaterials[i]; |
| |
| is = new ByteArrayInputStream(trustedCertStr.getBytes()); |
| try { |
| trustedCert[i] = cf.generateCertificate(is); |
| } finally { |
| is.close(); |
| } |
| |
| ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]); |
| } |
| } |
| |
| // Import the key materials. |
| // |
| // Note that certification pathes bigger than one are not supported yet. |
| boolean hasKeyMaterials = |
| (keyMaterialCerts != null) && (keyMaterialCerts.length != 0) && |
| (keyMaterialKeys != null) && (keyMaterialKeys.length != 0) && |
| (keyMaterialKeyAlgs != null) && (keyMaterialKeyAlgs.length != 0) && |
| (keyMaterialCerts.length == keyMaterialKeys.length) && |
| (keyMaterialCerts.length == keyMaterialKeyAlgs.length); |
| if (hasKeyMaterials) { |
| ks = KeyStore.getInstance("JKS"); |
| ks.load(null, null); |
| |
| for (int i = 0; i < keyMaterialCerts.length; i++) { |
| String keyCertStr = keyMaterialCerts[i]; |
| |
| // generate the private key. |
| PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( |
| Base64.getMimeDecoder().decode(keyMaterialKeys[i])); |
| KeyFactory kf = |
| KeyFactory.getInstance(keyMaterialKeyAlgs[i]); |
| PrivateKey priKey = kf.generatePrivate(priKeySpec); |
| |
| // generate certificate chain |
| is = new ByteArrayInputStream(keyCertStr.getBytes()); |
| Certificate keyCert = null; |
| try { |
| keyCert = cf.generateCertificate(is); |
| } finally { |
| is.close(); |
| } |
| |
| Certificate[] chain = new Certificate[] { keyCert }; |
| |
| // import the key entry. |
| ks.setKeyEntry("cert-" + i, priKey, passphrase, chain); |
| } |
| } |
| |
| // Create an SSLContext object. |
| TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); |
| tmf.init(ts); |
| |
| SSLContext context = SSLContext.getInstance("TLS"); |
| if (hasKeyMaterials && ks != null) { |
| KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509"); |
| kmf.init(ks, passphrase); |
| |
| context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
| } else { |
| context.init(null, tmf.getTrustManagers(), null); |
| } |
| |
| return context; |
| } |
| |
| /* |
| * Create an instance of SSLEngine in client mode. |
| */ |
| protected SSLEngine createClientEngine() throws Exception { |
| return createClientEngine(createClientSSLContext()); |
| } |
| |
| /* |
| * Create an instance of SSLEngine in client mode with the |
| * specified SSLContext object. |
| */ |
| protected SSLEngine createClientEngine( |
| SSLContext context) throws Exception { |
| |
| SSLEngine engine = context.createSSLEngine(); |
| engine.setUseClientMode(true); |
| |
| /* |
| * Customize the SSLEngine object. |
| */ |
| // blank |
| |
| return engine; |
| } |
| |
| /* |
| * Create an instance of SSLEngine in server mode. |
| */ |
| protected SSLEngine createServerEngine() throws Exception { |
| return createServerEngine(createServerSSLContext()); |
| } |
| |
| /* |
| * Create an instance of SSLEngine in server mode with the |
| * specified SSLContext object. |
| */ |
| protected SSLEngine createServerEngine( |
| SSLContext context) throws Exception { |
| |
| SSLEngine engine = context.createSSLEngine(); |
| engine.setUseClientMode(false); |
| |
| /* |
| * Customize the SSLEngine object. |
| */ |
| engine.setNeedClientAuth(false); |
| |
| return engine; |
| } |
| |
| /* |
| * Run the delagayed tasks if any. |
| * |
| * If the result indicates that we have outstanding tasks to do, |
| * go ahead and run them in this thread. |
| */ |
| protected static void runDelegatedTasks(SSLEngineResult result, |
| SSLEngine engine) throws Exception { |
| |
| if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { |
| Runnable runnable; |
| while ((runnable = engine.getDelegatedTask()) != null) { |
| log("\trunning delegated task..."); |
| runnable.run(); |
| } |
| HandshakeStatus hsStatus = engine.getHandshakeStatus(); |
| if (hsStatus == HandshakeStatus.NEED_TASK) { |
| throw new Exception( |
| "handshake shouldn't need additional tasks"); |
| } |
| log("\tnew HandshakeStatus: " + hsStatus); |
| } |
| } |
| |
| /* |
| * Logging the specificated message and the SSLEngine operation result. |
| */ |
| protected static void log(String str, SSLEngineResult result) { |
| HandshakeStatus hsStatus = result.getHandshakeStatus(); |
| log(str + |
| result.getStatus() + "/" + hsStatus + ", consumed: " + |
| result.bytesConsumed() + "/produced: " + result.bytesProduced() + |
| " bytes"); |
| |
| if (hsStatus == HandshakeStatus.FINISHED) { |
| log("\t...ready for application data"); |
| } |
| } |
| |
| /* |
| * Logging the specificated message. |
| */ |
| protected static void log(String str) { |
| System.out.println(str); |
| } |
| } |