Examples with SSLEngine javax.net.ssl.SSLEngine used on opensource projects

Example 1 with SSLEngine

use of javax.net.ssl.SSLEngine in project jetty.project by eclipse.

the class ALPNNegotiationTest method testAbruptCloseDuringHandshake.

@Test
public void testAbruptCloseDuringHandshake() throws Exception {
    InetSocketAddress address = prepare();
    SslContextFactory sslContextFactory = newSslContextFactory();
    sslContextFactory.start();
    SSLEngine sslEngine = sslContextFactory.newSSLEngine(address);
    sslEngine.setUseClientMode(true);
    ALPN.put(sslEngine, new ALPN.ClientProvider() {

        @Override
        public void unsupported() {
        }

        @Override
        public List<String> protocols() {
            return Arrays.asList("h2");
        }

        @Override
        public void selected(String s) {
        }
    });
    sslEngine.beginHandshake();
    ByteBuffer encrypted = ByteBuffer.allocate(sslEngine.getSession().getPacketBufferSize());
    sslEngine.wrap(BufferUtil.EMPTY_BUFFER, encrypted);
    encrypted.flip();
    try (SocketChannel channel = SocketChannel.open(address)) {
        // Send ClientHello, immediately followed by FIN (no TLS Close Alert)
        channel.write(encrypted);
        channel.shutdownOutput();
        // Read ServerHello from server
        encrypted.clear();
        int read = channel.read(encrypted);
        encrypted.flip();
        Assert.assertTrue(read > 0);
        ByteBuffer decrypted = ByteBuffer.allocate(sslEngine.getSession().getApplicationBufferSize());
        sslEngine.unwrap(encrypted, decrypted);
        // It may happen that the read() above read both the ServerHello and the TLS Close Alert.
        if (!encrypted.hasRemaining()) {
            // Now if we can read more, we should read the TLS Close Alert and then the TCP FIN.
            encrypted.clear();
            read = channel.read(encrypted);
            Assert.assertTrue(read > 0);
            encrypted.flip();
        }
        Assert.assertEquals(21, encrypted.get());
        encrypted.clear();
        Assert.assertEquals(-1, channel.read(encrypted));
    }
}

Example 2 with SSLEngine

use of javax.net.ssl.SSLEngine in project jetty.project by eclipse.

the class SelectChannelEndPointSslTest method checkSslEngineBehaviour.

@Test
public void checkSslEngineBehaviour() throws Exception {
    SSLEngine server = __sslCtxFactory.newSSLEngine();
    SSLEngine client = __sslCtxFactory.newSSLEngine();
    ByteBuffer netC2S = ByteBuffer.allocate(server.getSession().getPacketBufferSize());
    ByteBuffer netS2C = ByteBuffer.allocate(server.getSession().getPacketBufferSize());
    ByteBuffer serverIn = ByteBuffer.allocate(server.getSession().getApplicationBufferSize());
    ByteBuffer serverOut = ByteBuffer.allocate(server.getSession().getApplicationBufferSize());
    ByteBuffer clientIn = ByteBuffer.allocate(client.getSession().getApplicationBufferSize());
    SSLEngineResult result;
    // start the client
    client.setUseClientMode(true);
    client.beginHandshake();
    Assert.assertEquals(HandshakeStatus.NEED_WRAP, client.getHandshakeStatus());
    // what if we try an unwrap?
    netS2C.flip();
    result = client.unwrap(netS2C, clientIn);
    // unwrap is a noop
    assertEquals(SSLEngineResult.Status.OK, result.getStatus());
    assertEquals(0, result.bytesConsumed());
    assertEquals(0, result.bytesProduced());
    assertEquals(HandshakeStatus.NEED_WRAP, result.getHandshakeStatus());
    netS2C.clear();
    // do the needed WRAP of empty buffer
    result = client.wrap(BufferUtil.EMPTY_BUFFER, netC2S);
    // unwrap is a noop
    assertEquals(SSLEngineResult.Status.OK, result.getStatus());
    assertEquals(0, result.bytesConsumed());
    assertThat(result.bytesProduced(), greaterThan(0));
    assertEquals(HandshakeStatus.NEED_UNWRAP, result.getHandshakeStatus());
    netC2S.flip();
    assertEquals(netC2S.remaining(), result.bytesProduced());
    // start the server
    server.setUseClientMode(false);
    server.beginHandshake();
    Assert.assertEquals(HandshakeStatus.NEED_UNWRAP, server.getHandshakeStatus());
    // what if we try a needless wrap?
    serverOut.put(BufferUtil.toBuffer("Hello World"));
    serverOut.flip();
    result = server.wrap(serverOut, netS2C);
    // wrap is a noop
    assertEquals(SSLEngineResult.Status.OK, result.getStatus());
    assertEquals(0, result.bytesConsumed());
    assertEquals(0, result.bytesProduced());
    assertEquals(HandshakeStatus.NEED_UNWRAP, result.getHandshakeStatus());
    // Do the needed unwrap, to an empty buffer
    result = server.unwrap(netC2S, BufferUtil.EMPTY_BUFFER);
    assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
    assertEquals(0, result.bytesConsumed());
    assertEquals(0, result.bytesProduced());
    assertEquals(HandshakeStatus.NEED_UNWRAP, result.getHandshakeStatus());
    // Do the needed unwrap, to a full buffer
    serverIn.position(serverIn.limit());
    result = server.unwrap(netC2S, serverIn);
    assertEquals(SSLEngineResult.Status.BUFFER_OVERFLOW, result.getStatus());
    assertEquals(0, result.bytesConsumed());
    assertEquals(0, result.bytesProduced());
    assertEquals(HandshakeStatus.NEED_UNWRAP, result.getHandshakeStatus());
    // Do the needed unwrap, to an empty buffer
    serverIn.clear();
    result = server.unwrap(netC2S, serverIn);
    assertEquals(SSLEngineResult.Status.OK, result.getStatus());
    assertThat(result.bytesConsumed(), greaterThan(0));
    assertEquals(0, result.bytesProduced());
    assertEquals(HandshakeStatus.NEED_TASK, result.getHandshakeStatus());
    server.getDelegatedTask().run();
    assertEquals(HandshakeStatus.NEED_WRAP, server.getHandshakeStatus());
}

Example 3 with SSLEngine

use of javax.net.ssl.SSLEngine in project jetty.project by eclipse.

the class SslClientConnectionFactory method newConnection.

@Override
public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map<String, Object> context) throws IOException {
    String host = (String) context.get(SSL_PEER_HOST_CONTEXT_KEY);
    int port = (Integer) context.get(SSL_PEER_PORT_CONTEXT_KEY);
    SSLEngine engine = sslContextFactory.newSSLEngine(host, port);
    engine.setUseClientMode(true);
    context.put(SSL_ENGINE_CONTEXT_KEY, engine);
    SslConnection sslConnection = newSslConnection(byteBufferPool, executor, endPoint, engine);
    endPoint.setConnection(sslConnection);
    EndPoint appEndPoint = sslConnection.getDecryptedEndPoint();
    appEndPoint.setConnection(connectionFactory.newConnection(appEndPoint, context));
    customize(sslConnection, context);
    return sslConnection;
}

Example 4 with SSLEngine

use of javax.net.ssl.SSLEngine in project jetty.project by eclipse.

the class SelectChannelEndPointSslTest method newConnection.

@Override
protected Connection newConnection(SelectableChannel channel, EndPoint endpoint) {
    SSLEngine engine = __sslCtxFactory.newSSLEngine();
    engine.setUseClientMode(false);
    SslConnection sslConnection = new SslConnection(__byteBufferPool, _threadPool, endpoint, engine);
    sslConnection.setRenegotiationAllowed(__sslCtxFactory.isRenegotiationAllowed());
    Connection appConnection = super.newConnection(channel, sslConnection.getDecryptedEndPoint());
    sslConnection.getDecryptedEndPoint().setConnection(appConnection);
    return sslConnection;
}

Example 5 with SSLEngine

use of javax.net.ssl.SSLEngine in project jetty.project by eclipse.

the class SslContextFactoryTest method testSetIncludeCipherSuitesRegex.

@Test
public void testSetIncludeCipherSuitesRegex() throws Exception {
    cf.setIncludeCipherSuites(".*ECDHE.*", ".*WIBBLE.*");
    Assume.assumeFalse(JDK.IS_8);
    cf.start();
    SSLEngine sslEngine = cf.newSSLEngine();
    String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites();
    assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(1));
    for (String enabledCipherSuite : enabledCipherSuites) assertThat("CipherSuite contains ECDHE", enabledCipherSuite.contains("ECDHE"), equalTo(true));
}