(final SocketChannel socketChannel, final SSLEngine sslEngine,
ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize)
| 480 | } |
| 481 | |
| 482 | private static HandshakeHolder doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, |
| 483 | ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { |
| 484 | if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { |
| 485 | return new HandshakeHolder(peerAppData, peerNetData, false); |
| 486 | } |
| 487 | if (socketChannel.read(peerNetData) < 0) { |
| 488 | if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { |
| 489 | return new HandshakeHolder(peerAppData, peerNetData, false); |
| 490 | } |
| 491 | try { |
| 492 | sslEngine.closeInbound(); |
| 493 | } catch (SSLException e) { |
| 494 | LOGGER.warn("This SSL engine was forced to close inbound due to end of stream.", e); |
| 495 | } |
| 496 | sslEngine.closeOutbound(); |
| 497 | // After closeOutbound the engine will be set to WRAP state, |
| 498 | // in order to try to send a close message to the client. |
| 499 | return new HandshakeHolder(peerAppData, peerNetData, true); |
| 500 | } |
| 501 | peerNetData.flip(); |
| 502 | SSLEngineResult result = null; |
| 503 | try { |
| 504 | result = sslEngine.unwrap(peerNetData, peerAppData); |
| 505 | peerNetData.compact(); |
| 506 | } catch (final SSLException sslException) { |
| 507 | LOGGER.error(String.format("SSL error caught during unwrap data: %s, for local address=%s, remote address=%s. The client may have invalid ca-certificates.", |
| 508 | sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress())); |
| 509 | sslEngine.closeOutbound(); |
| 510 | return new HandshakeHolder(peerAppData, peerNetData, false); |
| 511 | } |
| 512 | if (result == null) { |
| 513 | return new HandshakeHolder(peerAppData, peerNetData, false); |
| 514 | } |
| 515 | switch (result.getStatus()) { |
| 516 | case OK: |
| 517 | break; |
| 518 | case BUFFER_OVERFLOW: |
| 519 | // Will occur when peerAppData's capacity is smaller than the data derived from peerNetData's unwrap. |
| 520 | peerAppData = enlargeBuffer(peerAppData, appBufferSize); |
| 521 | break; |
| 522 | case BUFFER_UNDERFLOW: |
| 523 | // Will occur either when no data was read from the peer or when the peerNetData buffer |
| 524 | // was too small to hold all peer's data. |
| 525 | peerNetData = handleBufferUnderflow(sslEngine, peerNetData); |
| 526 | break; |
| 527 | case CLOSED: |
| 528 | if (sslEngine.isOutboundDone()) { |
| 529 | return new HandshakeHolder(peerAppData, peerNetData, false); |
| 530 | } else { |
| 531 | sslEngine.closeOutbound(); |
| 532 | } |
| 533 | break; |
| 534 | default: |
| 535 | throw new IllegalStateException("Invalid SSL status: " + result.getStatus()); |
| 536 | } |
| 537 | return new HandshakeHolder(peerAppData, peerNetData, true); |
| 538 | } |
| 539 |
no test coverage detected