com.sun.grizzly.util
Class SSLUtils

java.lang.Object
  com.sun.grizzly.util.SSLUtils

public class SSLUtils
extends Object

SSL over NIO utility class. The class handle the SSLEngine operations needed to support SSL over NIO. TODO: Create an object that Wrap SSLEngine and its associated buffers.

Author:

Jeanfrancois Arcand

Field Summary

protected static ByteBuffer	hsBB
static int	MAX_BB_SIZE The maximum size a ByteBuffer can take.

Constructor Summary

SSLUtils()

Method Summary

static void	allocateThreadBuffers(int defaultBufferSize) Allocate themandatory ByteBuffers.
static ByteBuffer	doHandshake(SelectableChannel channel, ByteBuffer byteBuffer, ByteBuffer inputBB, ByteBuffer outputBB, SSLEngine sslEngine, SSLEngineResult.HandshakeStatus handshakeStatus) Perform an SSL handshake using the SSLEngine.
static ByteBuffer	doHandshake(SelectableChannel channel, ByteBuffer byteBuffer, ByteBuffer inputBB, ByteBuffer outputBB, SSLEngine sslEngine, SSLEngineResult.HandshakeStatus handshakeStatus, int timeout) Perform an SSL handshake using the SSLEngine.
static ByteBuffer	doHandshake(SelectableChannel channel, ByteBuffer byteBuffer, ByteBuffer inputBB, ByteBuffer outputBB, SSLEngine sslEngine, SSLEngineResult.HandshakeStatus handshakeStatus, int timeout, boolean useReadyBuffer) Perform an SSL handshake using the SSLEngine.
static Object[]	doPeerCertificateChain(SelectableChannel channel, ByteBuffer byteBuffer, ByteBuffer inputBB, ByteBuffer outputBB, SSLEngine sslEngine, boolean needClientAuth, int timeout) Get the peer certificate list by initiating a new handshake.
static Utils.Result	doRead(SelectableChannel channel, ByteBuffer inputBB, SSLEngine sslEngine, int timeout) Read encrypted bytes using anSSLEngine.
static Utils.Result	doSecureRead(SelectableChannel channel, SSLEngine sslEngine, ByteBuffer byteBuffer, ByteBuffer inputBB) Read and decrypt bytes from the underlying SSL connections.
static SSLEngineResult.HandshakeStatus	executeDelegatedTask(SSLEngine sslEngine) Complete hanshakes operations.
static int	getReadTimeout()
static void	setReadTimeout(int aReadTimeout)
static SSLEngineResult	unwrap(ByteBuffer byteBuffer, ByteBuffer inputBB, SSLEngine sslEngine) Unwrap available encrypted bytes from inputBB to ByteBuffer using theSSLEngine
static ByteBuffer	unwrapAll(ByteBuffer byteBuffer, ByteBuffer inputBB, SSLEngine sslEngine) Unwrap all encrypted bytes from inputBB to ByteBuffer using theSSLEngine
static SSLEngineResult	wrap(ByteBuffer byteBuffer, ByteBuffer outputBB, SSLEngine sslEngine) Encrypt bytes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MAX_BB_SIZE

public static final int MAX_BB_SIZE

The maximum size a ByteBuffer can take.

See Also:

Constant Field Values

hsBB

protected static final ByteBuffer hsBB

Constructor Detail

SSLUtils

public SSLUtils()

Method Detail

doSecureRead

public static Utils.Result doSecureRead(SelectableChannel channel,
                                        SSLEngine sslEngine,
                                        ByteBuffer byteBuffer,
                                        ByteBuffer inputBB)
                                 throws IOException

Read and decrypt bytes from the underlying SSL connections.

Parameters:

socketChannel - underlying socket channel

sslEngine{@link - SSLEngine}

byteBuffer - buffer for application decrypted data

inputBB - buffer for reading enrypted data from socket

Returns:

number of bytes produced

Throws:

IOException

doRead

public static Utils.Result doRead(SelectableChannel channel,
                                  ByteBuffer inputBB,
                                  SSLEngine sslEngine,
                                  int timeout)

Read encrypted bytes using anSSLEngine.

Parameters:

channel - The SelectableChannel

inputBB - The byteBuffer to store encrypted bytes

sslEngine - TheSSLEngine uses to manage the SSL operations.

timeout - The Selector.select() timeout value. A value of 0 will be exectuted as a Selector.selectNow();

Returns:

the bytes read.

unwrapAll

public static ByteBuffer unwrapAll(ByteBuffer byteBuffer,
                                   ByteBuffer inputBB,
                                   SSLEngine sslEngine)
                            throws IOException

Unwrap all encrypted bytes from inputBB to ByteBuffer using theSSLEngine

Parameters:

byteBuffer - the decrypted ByteBuffer

inputBB - the encrypted ByteBuffer

sslEngine - The SSLEngine used to manage the SSL operations.

Returns:

the decrypted ByteBuffer

Throws:

IOException

unwrap

public static SSLEngineResult unwrap(ByteBuffer byteBuffer,
                                     ByteBuffer inputBB,
                                     SSLEngine sslEngine)
                              throws IOException

Unwrap available encrypted bytes from inputBB to ByteBuffer using theSSLEngine

Parameters:

byteBuffer - the decrypted ByteBuffer

inputBB - the encrypted ByteBuffer

sslEngine - The SSLEngine used to manage the SSL operations.

Returns:

SSLEngineResult of the SSLEngine.unwrap operation.

Throws:

IOException

wrap

public static SSLEngineResult wrap(ByteBuffer byteBuffer,
                                   ByteBuffer outputBB,
                                   SSLEngine sslEngine)
                            throws IOException

Encrypt bytes.

Parameters:

byteBuffer - the decrypted ByteBuffer

outputBB - the encrypted ByteBuffer

sslEngine - The SSLEngine used to manage the SSL operations.

Returns:

SSLEngineResult of the SSLEngine.wrap operation.

Throws:

IOException

executeDelegatedTask

public static SSLEngineResult.HandshakeStatus executeDelegatedTask(SSLEngine sslEngine)

Complete hanshakes operations.

Parameters:

sslEngine - The SSLEngine used to manage the SSL operations.

Returns:

SSLEngineResult.HandshakeStatus

doHandshake

public static ByteBuffer doHandshake(SelectableChannel channel,
                                     ByteBuffer byteBuffer,
                                     ByteBuffer inputBB,
                                     ByteBuffer outputBB,
                                     SSLEngine sslEngine,
                                     SSLEngineResult.HandshakeStatus handshakeStatus)
                              throws IOException

Perform an SSL handshake using the SSLEngine. Note: If handshake was done successfully - outputBB will be cleared out, but this is *not* ready data to be written.

Parameters:

channel - the SelectableChannel

byteBuffer - The application ByteBuffer

inputBB - The encrypted input ByteBuffer

outputBB - The encrypted output ByteBuffer

sslEngine - The SSLEngine used.

handshakeStatus - The current handshake status

Returns:

byteBuffer the new ByteBuffer

Throws:

IOException

doHandshake

public static ByteBuffer doHandshake(SelectableChannel channel,
                                     ByteBuffer byteBuffer,
                                     ByteBuffer inputBB,
                                     ByteBuffer outputBB,
                                     SSLEngine sslEngine,
                                     SSLEngineResult.HandshakeStatus handshakeStatus,
                                     int timeout)
                              throws IOException

Perform an SSL handshake using the SSLEngine. Note: If handshake was done successfully - outputBB will be cleared out, but this is *not* ready data to be written.

Parameters:

channel - the SelectableChannel

byteBuffer - The application ByteBuffer

inputBB - The encrypted input ByteBuffer

outputBB - The encrypted output ByteBuffer

sslEngine - The SSLEngine used.

handshakeStatus - The current handshake status

timeout -

Returns:

byteBuffer the new ByteBuffer

Throws:

IOException

IOException - if the handshake fail.

doHandshake

public static ByteBuffer doHandshake(SelectableChannel channel,
                                     ByteBuffer byteBuffer,
                                     ByteBuffer inputBB,
                                     ByteBuffer outputBB,
                                     SSLEngine sslEngine,
                                     SSLEngineResult.HandshakeStatus handshakeStatus,
                                     int timeout,
                                     boolean useReadyBuffer)
                              throws IOException

Perform an SSL handshake using the SSLEngine. Note: If handshake was done successfully - outputBB will be cleared out, but this is *not* ready data to be written.

Parameters:

channel - the SelectableChannel

byteBuffer - The application ByteBuffer

inputBB - The encrypted input ByteBuffer

outputBB - The encrypted output ByteBuffer

sslEngine - The SSLEngine used.

handshakeStatus - The current handshake status

timeout -

useReadyBuffer - does method need to read data before UNWRAP or use a data from inputBB

Returns:

byteBuffer the new ByteBuffer

Throws:

IOException

IOException - if the handshake fail.

doPeerCertificateChain

public static Object[] doPeerCertificateChain(SelectableChannel channel,
                                              ByteBuffer byteBuffer,
                                              ByteBuffer inputBB,
                                              ByteBuffer outputBB,
                                              SSLEngine sslEngine,
                                              boolean needClientAuth,
                                              int timeout)
                                       throws IOException

Get the peer certificate list by initiating a new handshake.

Parameters:

channel - SelectableChannel

needClientAuth -

Returns:

Object[] An array of X509Certificate.

Throws:

IOException

allocateThreadBuffers

public static void allocateThreadBuffers(int defaultBufferSize)

Allocate themandatory ByteBuffers. Since the ByteBuffer are maintaned on the WorkerThread lazily, this method makes sure the ByteBuffers are properly allocated and configured.

getReadTimeout

public static int getReadTimeout()

setReadTimeout

public static void setReadTimeout(int aReadTimeout)