MCPcopy Create free account
hub / github.com/apache/cloudstack / doHandshakeUnwrap

Method doHandshakeUnwrap

utils/src/main/java/com/cloud/utils/nio/Link.java:482–538  ·  view source on GitHub ↗
(final SocketChannel socketChannel, final SSLEngine sslEngine,
                                             ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize)

Source from the content-addressed store, hash-verified

480 }
481
482 private static HandshakeHolder doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine,
483 ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException {
484 if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) {
485 return new HandshakeHolder(peerAppData, peerNetData, false);
486 }
487 if (socketChannel.read(peerNetData) < 0) {
488 if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) {
489 return new HandshakeHolder(peerAppData, peerNetData, false);
490 }
491 try {
492 sslEngine.closeInbound();
493 } catch (SSLException e) {
494 LOGGER.warn("This SSL engine was forced to close inbound due to end of stream.", e);
495 }
496 sslEngine.closeOutbound();
497 // After closeOutbound the engine will be set to WRAP state,
498 // in order to try to send a close message to the client.
499 return new HandshakeHolder(peerAppData, peerNetData, true);
500 }
501 peerNetData.flip();
502 SSLEngineResult result = null;
503 try {
504 result = sslEngine.unwrap(peerNetData, peerAppData);
505 peerNetData.compact();
506 } catch (final SSLException sslException) {
507 LOGGER.error(String.format("SSL error caught during unwrap data: %s, for local address=%s, remote address=%s. The client may have invalid ca-certificates.",
508 sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress()));
509 sslEngine.closeOutbound();
510 return new HandshakeHolder(peerAppData, peerNetData, false);
511 }
512 if (result == null) {
513 return new HandshakeHolder(peerAppData, peerNetData, false);
514 }
515 switch (result.getStatus()) {
516 case OK:
517 break;
518 case BUFFER_OVERFLOW:
519 // Will occur when peerAppData's capacity is smaller than the data derived from peerNetData's unwrap.
520 peerAppData = enlargeBuffer(peerAppData, appBufferSize);
521 break;
522 case BUFFER_UNDERFLOW:
523 // Will occur either when no data was read from the peer or when the peerNetData buffer
524 // was too small to hold all peer's data.
525 peerNetData = handleBufferUnderflow(sslEngine, peerNetData);
526 break;
527 case CLOSED:
528 if (sslEngine.isOutboundDone()) {
529 return new HandshakeHolder(peerAppData, peerNetData, false);
530 } else {
531 sslEngine.closeOutbound();
532 }
533 break;
534 default:
535 throw new IllegalStateException("Invalid SSL status: " + result.getStatus());
536 }
537 return new HandshakeHolder(peerAppData, peerNetData, true);
538 }
539

Callers 1

doHandshakeMethod · 0.95

Calls 8

enlargeBufferMethod · 0.95
handleBufferUnderflowMethod · 0.95
flipMethod · 0.80
formatMethod · 0.80
getStatusMethod · 0.65
readMethod · 0.45
errorMethod · 0.45
getMessageMethod · 0.45

Tested by

no test coverage detected