Author: elecharny
Date: Fri Jan 8 18:29:03 2010
New Revision: 897288
URL: http://svn.apache.org/viewvc?rev=897288&view=rev
Log:
SSL code cleanup (Javadoc typo, reorg)
Modified:
mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java
mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
Modified:
mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java
URL:
http://svn.apache.org/viewvc/mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java?rev=897288&r1=897287&r2=897288&view=diff
==============================================================================
--- mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java
(original)
+++ mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslFilter.java Fri
Jan 8 18:29:03 2010
@@ -226,8 +226,8 @@
/**
* Returns <tt>true</tt> if and only if the specified <tt>session</tt> is
* encrypted/decrypted over SSL/TLS currently. This method will start
- * to retun <tt>false</tt> after TLS <tt>close_notify</tt> message
- * is sent and any messages written after then is not goinf to get
encrypted.
+ * to return <tt>false</tt> after TLS <tt>close_notify</tt> message
+ * is sent and any messages written after then is not going to get
encrypted.
*/
public boolean isSslStarted(IoSession session) {
SslHandler handler = (SslHandler) session.getAttribute(SSL_HANDLER);
@@ -368,7 +368,7 @@
@Override
public void onPostAdd(IoFilterChain parent, String name,
NextFilter nextFilter) throws SSLException {
- if (autoStart) {
+ if (autoStart == START_HANDSHAKE) {
initiateHandshake(nextFilter, parent.getSession());
}
}
@@ -404,11 +404,13 @@
public void messageReceived(NextFilter nextFilter, IoSession session,
Object message) throws SSLException {
SslHandler handler = getSslSessionHandler(session);
+
synchronized (handler) {
if (!isSslStarted(session) && handler.isInboundDone()) {
handler.scheduleMessageReceived(nextFilter, message);
} else {
IoBuffer buf = (IoBuffer) message;
+
try {
// forward read encrypted data to SSL handler
handler.messageReceived(nextFilter, buf.buf());
Modified:
mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
URL:
http://svn.apache.org/viewvc/mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java?rev=897288&r1=897287&r2=897288&view=diff
==============================================================================
--- mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
(original)
+++ mina/trunk/core/src/main/java/org/apache/mina/filter/ssl/SslHandler.java
Fri Jan 8 18:29:03 2010
@@ -77,7 +77,7 @@
private IoBuffer outNetBuffer;
/**
- * Applicaton cleartext data to be read by application
+ * Application cleartext data to be read by application
*/
private IoBuffer appBuffer;
@@ -277,15 +277,12 @@
}
/**
- * Call when data read from net. Will perform inial hanshake or decrypt
- * provided Buffer. Decrytpted data reurned by getAppBuffer(), if any.
+ * Call when data are read from net. It will perform the initial hanshake
or decrypt
+ * the data if SSL has been initialiaed.
*
- * @param buf
- * buffer to decrypt
- * @param nextFilter
- * Next filter in chain
- * @throws SSLException
- * on errors
+ * @param buf buffer to decrypt
+ * @param nextFilter Next filter in chain
+ * @throws SSLException on errors
*/
public void messageReceived(NextFilter nextFilter, ByteBuffer buf) throws
SSLException {
// append buf to inNetBuffer
@@ -294,10 +291,29 @@
}
inNetBuffer.put(buf);
+
if (!handshakeComplete) {
handshake(nextFilter);
} else {
- decrypt(nextFilter);
+ // Prepare the net data for reading.
+ inNetBuffer.flip();
+
+ if (!inNetBuffer.hasRemaining()) {
+ return;
+ }
+
+ SSLEngineResult res = decrypt(!HANDSHAKE_FINISHED);
+
+ // prepare to be written again
+ if (inNetBuffer.hasRemaining()) {
+ inNetBuffer.compact();
+ } else {
+ inNetBuffer = null;
+ }
+
+ checkStatus(res);
+
+ renegotiateIfNeeded(nextFilter, res);
}
if (isInboundDone()) {
@@ -412,20 +428,6 @@
}
/**
- * Decrypt in net buffer. Result is stored in app buffer.
- *
- * @throws SSLException
- */
- private void decrypt(NextFilter nextFilter) throws SSLException {
-
- if (!handshakeComplete) {
- throw new IllegalStateException();
- }
-
- unwrap(nextFilter);
- }
-
- /**
* @param res
* @throws SSLException
*/
@@ -569,30 +571,6 @@
return writeFuture;
}
- private void unwrap(NextFilter nextFilter) throws SSLException {
- // Prepare the net data for reading.
- if (inNetBuffer != null) {
- inNetBuffer.flip();
- }
-
- if (inNetBuffer == null || !inNetBuffer.hasRemaining()) {
- return;
- }
-
- SSLEngineResult res = unwrap0(!HANDSHAKE_FINISHED);
-
- // prepare to be written again
- if (inNetBuffer.hasRemaining()) {
- inNetBuffer.compact();
- } else {
- inNetBuffer = null;
- }
-
- checkStatus(res);
-
- renegotiateIfNeeded(nextFilter, res);
- }
-
private SSLEngineResult.Status unwrapHandshake(NextFilter nextFilter)
throws SSLException {
// Prepare the net data for reading.
if (inNetBuffer != null) {
@@ -604,7 +582,7 @@
return SSLEngineResult.Status.BUFFER_UNDERFLOW;
}
- SSLEngineResult res = unwrap0(!HANDSHAKE_FINISHED);
+ SSLEngineResult res = decrypt(!HANDSHAKE_FINISHED);
handshakeStatus = res.getHandshakeStatus();
checkStatus(res);
@@ -614,7 +592,7 @@
// try to unwrap more
if (handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED &&
res.getStatus() == SSLEngineResult.Status.OK
&& inNetBuffer.hasRemaining()) {
- res = unwrap0(HANDSHAKE_FINISHED);
+ res = decrypt(HANDSHAKE_FINISHED);
// prepare to be written again
if (inNetBuffer.hasRemaining()) {
@@ -637,8 +615,9 @@
}
private void renegotiateIfNeeded(NextFilter nextFilter, SSLEngineResult
res) throws SSLException {
- if (res.getStatus() != SSLEngineResult.Status.CLOSED &&
res.getStatus() != SSLEngineResult.Status.BUFFER_UNDERFLOW
- && res.getHandshakeStatus() !=
SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
+ if ( ( res.getStatus() != SSLEngineResult.Status.CLOSED ) &&
+ ( res.getStatus() != SSLEngineResult.Status.BUFFER_UNDERFLOW ) &&
+ ( res.getHandshakeStatus() !=
SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING ) ) {
// Renegotiation required.
handshakeComplete = false;
handshakeStatus = res.getHandshakeStatus();
@@ -646,7 +625,7 @@
}
}
- private SSLEngineResult unwrap0(boolean finished) throws SSLException {
+ private SSLEngineResult decrypt(boolean finished) throws SSLException {
if (appBuffer == null) {
appBuffer = IoBuffer.allocate(inNetBuffer.remaining());
} else {
@@ -668,8 +647,22 @@
appBuffer.limit(appBuffer.capacity());
continue;
}
- } while (((status == SSLEngineResult.Status.OK) || (status ==
SSLEngineResult.Status.BUFFER_OVERFLOW))
- && (((finished || handshakeComplete) && (handshakeStatus ==
SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING)) || (handshakeStatus ==
SSLEngineResult.HandshakeStatus.NEED_UNWRAP)));
+ } while (
+ (
+ (status == SSLEngineResult.Status.OK) ||
+ (status == SSLEngineResult.Status.BUFFER_OVERFLOW)
+ )
+ &&
+ (
+ (
+ (finished || handshakeComplete)
+ &&
+ (handshakeStatus ==
SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING)
+ )
+ ||
+ (handshakeStatus ==
SSLEngineResult.HandshakeStatus.NEED_UNWRAP)
+ )
+ );
return res;
}
