com.sun.grizzly.util
Class SSLUtils

java.lang.Object
  extended by com.sun.grizzly.util.SSLUtils

public class SSLUtils
extends Object

SSL over NIO utility class. The class handle the SSLEngine operations needed to support SSL over NIO. TODO: Create an object that Wrap SSLEngine and its associated buffers.

Author:
Jeanfrancois Arcand

Field Summary
static int DEFAULT_SSL_INACTIVITY_TIMEOUT
          The time to wait before timing out when reading bytes
protected static ByteBuffer hsBB
           
static int MAX_BB_SIZE
          The maximum size a ByteBuffer can take.
 
Constructor Summary
SSLUtils()
           
 
Method Summary
static void allocateThreadBuffers(int defaultBufferSize)
          Allocate the mandatory ByteBuffers.
static ByteBuffer doHandshake(SelectableChannel channel, ByteBuffer byteBuffer, ByteBuffer inputBB, ByteBuffer outputBB, SSLEngine sslEngine, SSLEngineResult.HandshakeStatus handshakeStatus)
          Perform an SSL handshake using the SSLEngine.
static ByteBuffer doHandshake(SelectableChannel channel, ByteBuffer byteBuffer, ByteBuffer inputBB, ByteBuffer outputBB, SSLEngine sslEngine, SSLEngineResult.HandshakeStatus handshakeStatus, int timeout)
          Perform an SSL handshake using the SSLEngine.
static ByteBuffer doHandshake(SelectableChannel channel, ByteBuffer byteBuffer, ByteBuffer inputBB, ByteBuffer outputBB, SSLEngine sslEngine, SSLEngineResult.HandshakeStatus handshakeStatus, int timeout, boolean useReadyBuffer)
          Perform an SSL handshake using the SSLEngine.
static Object[] doPeerCertificateChain(SelectableChannel channel, ByteBuffer byteBuffer, ByteBuffer inputBB, ByteBuffer outputBB, SSLEngine sslEngine, boolean needClientAuth, int timeout)
          Get the peer certificate list by initiating a new handshake.
static Utils.Result doRead(SelectableChannel channel, ByteBuffer inputBB, SSLEngine sslEngine, int timeout)
          Read encrypted bytes using anSSLEngine.
static Utils.Result doSecureRead(SelectableChannel channel, SSLEngine sslEngine, ByteBuffer byteBuffer, ByteBuffer inputBB)
          Read and decrypt bytes from the underlying SSL connections.
static Utils.Result doSecureRead(SelectableChannel channel, SSLEngine sslEngine, ByteBuffer byteBuffer, ByteBuffer inputBB, int timeout)
          Read and decrypt bytes from the underlying SSL connections.
static SSLEngineResult.HandshakeStatus executeDelegatedTask(SSLEngine sslEngine)
          Complete handshake operations.
static SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer inputBB, SSLEngine sslEngine)
          Unwrap available encrypted bytes from inputBB to ByteBuffer using theSSLEngine
static ByteBuffer unwrapAll(ByteBuffer byteBuffer, ByteBuffer inputBB, SSLEngine sslEngine)
          Unwrap all encrypted bytes from inputBB to ByteBuffer using theSSLEngine
static SSLEngineResult wrap(ByteBuffer byteBuffer, ByteBuffer outputBB, SSLEngine sslEngine)
          Encrypt bytes.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

MAX_BB_SIZE

public static final int MAX_BB_SIZE
The maximum size a ByteBuffer can take.

See Also:
Constant Field Values

hsBB

protected static final ByteBuffer hsBB

DEFAULT_SSL_INACTIVITY_TIMEOUT

public static int DEFAULT_SSL_INACTIVITY_TIMEOUT
The time to wait before timing out when reading bytes

Constructor Detail

SSLUtils

public SSLUtils()
Method Detail

doSecureRead

public static Utils.Result doSecureRead(SelectableChannel channel,
                                        SSLEngine sslEngine,
                                        ByteBuffer byteBuffer,
                                        ByteBuffer inputBB)
                                 throws IOException
Read and decrypt bytes from the underlying SSL connections.

Parameters:
channel - underlying socket channel
sslEngine{@link - SSLEngine}
byteBuffer - buffer for application decrypted data
inputBB - buffer for reading encrypted data from socket
Returns:
number of bytes produced
Throws:
IOException

doSecureRead

public static Utils.Result doSecureRead(SelectableChannel channel,
                                        SSLEngine sslEngine,
                                        ByteBuffer byteBuffer,
                                        ByteBuffer inputBB,
                                        int timeout)
                                 throws IOException
Read and decrypt bytes from the underlying SSL connections.

Parameters:
channel - underlying socket channel
sslEngine{@link - SSLEngine}
byteBuffer - buffer for application decrypted data
inputBB - buffer for reading encrypted data from socket
timeout - ssl inactivity timeout
Returns:
number of bytes produced
Throws:
IOException

doRead

public static Utils.Result doRead(SelectableChannel channel,
                                  ByteBuffer inputBB,
                                  SSLEngine sslEngine,
                                  int timeout)
Read encrypted bytes using anSSLEngine.

Parameters:
channel - The SelectableChannel
inputBB - The byteBuffer to store encrypted bytes
sslEngine - TheSSLEngine uses to manage the SSL operations.
timeout - The Selector.select() timeout value. A value of 0 will be executed as a Selector.selectNow();
Returns:
the bytes read.

unwrapAll

public static ByteBuffer unwrapAll(ByteBuffer byteBuffer,
                                   ByteBuffer inputBB,
                                   SSLEngine sslEngine)
                            throws IOException
Unwrap all encrypted bytes from inputBB to ByteBuffer using theSSLEngine

Parameters:
byteBuffer - the decrypted ByteBuffer
inputBB - the encrypted ByteBuffer
sslEngine - The SSLEngine used to manage the SSL operations.
Returns:
the decrypted ByteBuffer
Throws:
IOException

unwrap

public static SSLEngineResult unwrap(ByteBuffer byteBuffer,
                                     ByteBuffer inputBB,
                                     SSLEngine sslEngine)
                              throws IOException
Unwrap available encrypted bytes from inputBB to ByteBuffer using theSSLEngine

Parameters:
byteBuffer - the decrypted ByteBuffer
inputBB - the encrypted ByteBuffer
sslEngine - The SSLEngine used to manage the SSL operations.
Returns:
SSLEngineResult of the SSLEngine.unwrap operation.
Throws:
IOException

wrap

public static SSLEngineResult wrap(ByteBuffer byteBuffer,
                                   ByteBuffer outputBB,
                                   SSLEngine sslEngine)
                            throws IOException
Encrypt bytes.

Parameters:
byteBuffer - the decrypted ByteBuffer
outputBB - the encrypted ByteBuffer
sslEngine - The SSLEngine used to manage the SSL operations.
Returns:
SSLEngineResult of the SSLEngine.wrap operation.
Throws:
IOException

executeDelegatedTask

public static SSLEngineResult.HandshakeStatus executeDelegatedTask(SSLEngine sslEngine)
Complete handshake operations.

Parameters:
sslEngine - The SSLEngine used to manage the SSL operations.
Returns:
SSLEngineResult.HandshakeStatus

doHandshake

public static ByteBuffer doHandshake(SelectableChannel channel,
                                     ByteBuffer byteBuffer,
                                     ByteBuffer inputBB,
                                     ByteBuffer outputBB,
                                     SSLEngine sslEngine,
                                     SSLEngineResult.HandshakeStatus handshakeStatus)
                              throws IOException
Perform an SSL handshake using the SSLEngine. Note: If handshake was done successfully - outputBB will be cleared out, but this is *not* ready data to be written.

Parameters:
channel - the SelectableChannel
byteBuffer - The application ByteBuffer
inputBB - The encrypted input ByteBuffer
outputBB - The encrypted output ByteBuffer
sslEngine - The SSLEngine used.
handshakeStatus - The current handshake status
Returns:
byteBuffer the new ByteBuffer
Throws:
IOException

doHandshake

public static ByteBuffer doHandshake(SelectableChannel channel,
                                     ByteBuffer byteBuffer,
                                     ByteBuffer inputBB,
                                     ByteBuffer outputBB,
                                     SSLEngine sslEngine,
                                     SSLEngineResult.HandshakeStatus handshakeStatus,
                                     int timeout)
                              throws IOException
Perform an SSL handshake using the SSLEngine. Note: If handshake was done successfully - outputBB will be cleared out, but this is *not* ready data to be written.

Parameters:
channel - the SelectableChannel
byteBuffer - The application ByteBuffer
inputBB - The encrypted input ByteBuffer
outputBB - The encrypted output ByteBuffer
sslEngine - The SSLEngine used.
handshakeStatus - The current handshake status
timeout -
Returns:
byteBuffer the new ByteBuffer
Throws:
IOException
IOException - if the handshake fail.

doHandshake

public static ByteBuffer doHandshake(SelectableChannel channel,
                                     ByteBuffer byteBuffer,
                                     ByteBuffer inputBB,
                                     ByteBuffer outputBB,
                                     SSLEngine sslEngine,
                                     SSLEngineResult.HandshakeStatus handshakeStatus,
                                     int timeout,
                                     boolean useReadyBuffer)
                              throws IOException
Perform an SSL handshake using the SSLEngine. Note: If handshake was done successfully - outputBB will be cleared out, but this is *not* ready data to be written.

Parameters:
channel - the SelectableChannel
byteBuffer - The application ByteBuffer
inputBB - The encrypted input ByteBuffer
outputBB - The encrypted output ByteBuffer
sslEngine - The SSLEngine used.
handshakeStatus - The current handshake status
timeout -
useReadyBuffer - does method need to read data before UNWRAP or use a data from inputBB
Returns:
byteBuffer the new ByteBuffer
Throws:
IOException
IOException - if the handshake fail.

doPeerCertificateChain

public static Object[] doPeerCertificateChain(SelectableChannel channel,
                                              ByteBuffer byteBuffer,
                                              ByteBuffer inputBB,
                                              ByteBuffer outputBB,
                                              SSLEngine sslEngine,
                                              boolean needClientAuth,
                                              int timeout)
                                       throws IOException
Get the peer certificate list by initiating a new handshake.

Parameters:
channel - SelectableChannel
needClientAuth -
Returns:
Object[] An array of X509Certificate.
Throws:
IOException

allocateThreadBuffers

public static void allocateThreadBuffers(int defaultBufferSize)
Allocate the mandatory ByteBuffers. Since the ByteBuffer are maintained on the WorkerThread lazily, this method makes sure the ByteBuffers are properly allocated and configured.



Copyright © 2012 Oracle Corporation. All Rights Reserved.