Author: elecharny Date: Fri Jan 8 18:29:03 2010 New Revision: 897288 URL: http://svn.apache.org/viewvc?rev=897288&view=rev Log: SSL code cleanup (Javadoc typo, reorg)
Modified: mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java Modified: mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java URL: http://svn.apache.org/viewvc/mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java?rev=897288&r1=897287&r2=897288&view=diff ============================================================================== --- mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java (original) +++ mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java Fri Jan 8 18:29:03 2010 @@ -226,8 +226,8 @@ /** * Returns <tt>true</tt> if and only if the specified <tt>session</tt> is * encrypted/decrypted over SSL/TLS currently. This method will start - * to retun <tt>false</tt> after TLS <tt>close_notify</tt> message - * is sent and any messages written after then is not goinf to get encrypted. + * to return <tt>false</tt> after TLS <tt>close_notify</tt> message + * is sent and any messages written after then is not going to get encrypted. */ public boolean isSslStarted(IoSession session) { SslHandler handler = (SslHandler) session.getAttribute(SSL_HANDLER); @@ -368,7 +368,7 @@ @Override public void onPostAdd(IoFilterChain parent, String name, NextFilter nextFilter) throws SSLException { - if (autoStart) { + if (autoStart == START_HANDSHAKE) { initiateHandshake(nextFilter, parent.getSession()); } } @@ -404,11 +404,13 @@ public void messageReceived(NextFilter nextFilter, IoSession session, Object message) throws SSLException { SslHandler handler = getSslSessionHandler(session); + synchronized (handler) { if (!isSslStarted(session) && handler.isInboundDone()) { handler.scheduleMessageReceived(nextFilter, message); } else { IoBuffer buf = (IoBuffer) message; + try { // forward read encrypted data to SSL handler handler.messageReceived(nextFilter, buf.buf()); Modified: mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java URL: http://svn.apache.org/viewvc/mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java?rev=897288&r1=897287&r2=897288&view=diff ============================================================================== --- mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java (original) +++ mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java Fri Jan 8 18:29:03 2010 @@ -77,7 +77,7 @@ private IoBuffer outNetBuffer; /** - * Applicaton cleartext data to be read by application + * Application cleartext data to be read by application */ private IoBuffer appBuffer; @@ -277,15 +277,12 @@ } /** - * Call when data read from net. Will perform inial hanshake or decrypt - * provided Buffer. Decrytpted data reurned by getAppBuffer(), if any. + * Call when data are read from net. It will perform the initial hanshake or decrypt + * the data if SSL has been initialiaed. * - * @param buf - * buffer to decrypt - * @param nextFilter - * Next filter in chain - * @throws SSLException - * on errors + * @param buf buffer to decrypt + * @param nextFilter Next filter in chain + * @throws SSLException on errors */ public void messageReceived(NextFilter nextFilter, ByteBuffer buf) throws SSLException { // append buf to inNetBuffer @@ -294,10 +291,29 @@ } inNetBuffer.put(buf); + if (!handshakeComplete) { handshake(nextFilter); } else { - decrypt(nextFilter); + // Prepare the net data for reading. + inNetBuffer.flip(); + + if (!inNetBuffer.hasRemaining()) { + return; + } + + SSLEngineResult res = decrypt(!HANDSHAKE_FINISHED); + + // prepare to be written again + if (inNetBuffer.hasRemaining()) { + inNetBuffer.compact(); + } else { + inNetBuffer = null; + } + + checkStatus(res); + + renegotiateIfNeeded(nextFilter, res); } if (isInboundDone()) { @@ -412,20 +428,6 @@ } /** - * Decrypt in net buffer. Result is stored in app buffer. - * - * @throws SSLException - */ - private void decrypt(NextFilter nextFilter) throws SSLException { - - if (!handshakeComplete) { - throw new IllegalStateException(); - } - - unwrap(nextFilter); - } - - /** * @param res * @throws SSLException */ @@ -569,30 +571,6 @@ return writeFuture; } - private void unwrap(NextFilter nextFilter) throws SSLException { - // Prepare the net data for reading. - if (inNetBuffer != null) { - inNetBuffer.flip(); - } - - if (inNetBuffer == null || !inNetBuffer.hasRemaining()) { - return; - } - - SSLEngineResult res = unwrap0(!HANDSHAKE_FINISHED); - - // prepare to be written again - if (inNetBuffer.hasRemaining()) { - inNetBuffer.compact(); - } else { - inNetBuffer = null; - } - - checkStatus(res); - - renegotiateIfNeeded(nextFilter, res); - } - private SSLEngineResult.Status unwrapHandshake(NextFilter nextFilter) throws SSLException { // Prepare the net data for reading. if (inNetBuffer != null) { @@ -604,7 +582,7 @@ return SSLEngineResult.Status.BUFFER_UNDERFLOW; } - SSLEngineResult res = unwrap0(!HANDSHAKE_FINISHED); + SSLEngineResult res = decrypt(!HANDSHAKE_FINISHED); handshakeStatus = res.getHandshakeStatus(); checkStatus(res); @@ -614,7 +592,7 @@ // try to unwrap more if (handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED && res.getStatus() == SSLEngineResult.Status.OK && inNetBuffer.hasRemaining()) { - res = unwrap0(HANDSHAKE_FINISHED); + res = decrypt(HANDSHAKE_FINISHED); // prepare to be written again if (inNetBuffer.hasRemaining()) { @@ -637,8 +615,9 @@ } private void renegotiateIfNeeded(NextFilter nextFilter, SSLEngineResult res) throws SSLException { - if (res.getStatus() != SSLEngineResult.Status.CLOSED && res.getStatus() != SSLEngineResult.Status.BUFFER_UNDERFLOW - && res.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) { + if ( ( res.getStatus() != SSLEngineResult.Status.CLOSED ) && + ( res.getStatus() != SSLEngineResult.Status.BUFFER_UNDERFLOW ) && + ( res.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING ) ) { // Renegotiation required. handshakeComplete = false; handshakeStatus = res.getHandshakeStatus(); @@ -646,7 +625,7 @@ } } - private SSLEngineResult unwrap0(boolean finished) throws SSLException { + private SSLEngineResult decrypt(boolean finished) throws SSLException { if (appBuffer == null) { appBuffer = IoBuffer.allocate(inNetBuffer.remaining()); } else { @@ -668,8 +647,22 @@ appBuffer.limit(appBuffer.capacity()); continue; } - } while (((status == SSLEngineResult.Status.OK) || (status == SSLEngineResult.Status.BUFFER_OVERFLOW)) - && (((finished || handshakeComplete) && (handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING)) || (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP))); + } while ( + ( + (status == SSLEngineResult.Status.OK) || + (status == SSLEngineResult.Status.BUFFER_OVERFLOW) + ) + && + ( + ( + (finished || handshakeComplete) + && + (handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) + ) + || + (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) + ) + ); return res; }