1/* 2 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24import javax.net.ssl.*; 25import javax.net.ssl.SSLEngineResult.*; 26import java.io.*; 27import java.nio.*; 28import java.security.KeyStore; 29import java.security.PrivateKey; 30import java.security.KeyFactory; 31import java.security.cert.Certificate; 32import java.security.cert.CertificateFactory; 33import java.security.spec.*; 34import java.util.Base64; 35 36public abstract class ClientHelloInterOp { 37 38 /* 39 * Certificates and keys used in the test. 40 */ 41 // Trusted certificates. 42 private final static String[] trustedCertStrs = { 43 // SHA256withECDSA, curve prime256v1 44 // Validity 45 // Not Before: Nov 9 03:24:05 2016 GMT 46 // Not After : Oct 20 03:24:05 2037 GMT 47 "-----BEGIN CERTIFICATE-----\n" + 48 "MIICHDCCAcGgAwIBAgIJAM83C/MVp9F5MAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + 49 "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 50 "ZTAeFw0xNjExMDkwMzI0MDVaFw0zNzEwMjAwMzI0MDVaMDsxCzAJBgNVBAYTAlVT\n" + 51 "MQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZjZTBZ\n" + 52 "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABGeQXwyeNyU4UAATfwUbMO5zaREI21Wh\n" + 53 "bds6WDu+PmfK8SWsTgsgpYxBRui+fZtYqSmbdjkurvAQ3j2fvN++BtWjga0wgaow\n" + 54 "HQYDVR0OBBYEFDF/OeJ82qBSRkAm1rdZUPbWfDzyMGsGA1UdIwRkMGKAFDF/OeJ8\n" + 55 "2qBSRkAm1rdZUPbWfDzyoT+kPTA7MQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2\n" + 56 "YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2WCCQDPNwvzFafReTAPBgNV\n" + 57 "HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNJADBGAiEAlHQY\n" + 58 "QFPlODOsjLVQYSxgeSUvYzMp0vP8naeVB9bfFG8CIQCFfrKZvhq9z3bOtlYKxs2a\n" + 59 "EWUjUZ82a1JTqkP+lgHY5A==\n" + 60 "-----END CERTIFICATE-----", 61 62 // SHA256withRSA, 2048 bits 63 // Validity 64 // Not Before: Nov 9 03:24:16 2016 GMT 65 // Not After : Oct 20 03:24:16 2037 GMT 66 "-----BEGIN CERTIFICATE-----\n" + 67 "MIIDpzCCAo+gAwIBAgIJAJAYpR2aIlA1MA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + 68 "BAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2Vy\n" + 69 "aXZjZTAeFw0xNjExMDkwMzI0MTZaFw0zNzEwMjAwMzI0MTZaMDsxCzAJBgNVBAYT\n" + 70 "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 71 "ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+F/FTPODYzsU0Pakfp\n" + 72 "lsh88YoQWZPjABhCU+HPsCTMYc8UBkaiduUzregwwVBW3D7kmec2K408krGQsxdy\n" + 73 "oKJA12GL/XX1YgzDEsyBRk/gvex5lPaBIZiJ5IZlUfjLuRDGxPjtRelBTpZ7SUet\n" + 74 "PJVZz6zV6hMPGO6kQzCtbzzET515EE0okIS40LkAmtWoOmVm3gRldomaZTrZ0V2L\n" + 75 "MMaJGzrXYqk0SX+PYul8v+2EEHeMuaXG/XpK5xsg9gZvzpKqFQcBOdENoJHB07go\n" + 76 "jCmRC328ALqr+bMyktKAuYfB+mhjmN2AU8TQx72WPpvNTXxFDYcwo+8254cCAVKB\n" + 77 "e98CAwEAAaOBrTCBqjAdBgNVHQ4EFgQUlJQlQTbi8YIyiNf+SqF7LtH+gicwawYD\n" + 78 "VR0jBGQwYoAUlJQlQTbi8YIyiNf+SqF7LtH+giehP6Q9MDsxCzAJBgNVBAYTAlVT\n" + 79 "MQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZjZYIJ\n" + 80 "AJAYpR2aIlA1MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3\n" + 81 "DQEBCwUAA4IBAQAI0lTY0YAKQ2VdoIQ6dnqolphLVWdNGiC9drHEYSn7+hmAD2r2\n" + 82 "v1U/9m752TkcT74a65xKbEVuVtleD/w6i+QjALW2PYt6ivjOnnY0a9Y9a9UCa00j\n" + 83 "C9415sCw84Tp9VoKtuYqzhN87bBUeABOw5dsW3z32C2N/YhprkqeF/vdx4JxulPr\n" + 84 "PKze5BREXnKLA1ISoDioCPphvNMKrSpkAofb1rTCwtgt5V/WFls283L52ORmpRGO\n" + 85 "Ja88ztXOz00ZGu0RQLwlmpN7m8tNgA/5MPrldyYIwegP4RSkkJlF/8+hxvvqfJhK\n" + 86 "FFDa0HHQSJfR2b9628Iniw1UHOMMT6qx5EHr\n" + 87 "-----END CERTIFICATE-----" 88 }; 89 90 // End entity certificate. 91 private final static String[] endEntityCertStrs = { 92 // SHA256withECDSA, curve prime256v1 93 // Validity 94 // Not Before: Nov 9 03:24:05 2016 GMT 95 // Not After : Jul 27 03:24:05 2036 GMT 96 "-----BEGIN CERTIFICATE-----\n" + 97 "MIIB1DCCAXmgAwIBAgIJAKVa+4dIUjaLMAoGCCqGSM49BAMCMDsxCzAJBgNVBAYT\n" + 98 "AlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 99 "ZTAeFw0xNjExMDkwMzI0MDVaFw0zNjA3MjcwMzI0MDVaMFIxCzAJBgNVBAYTAlVT\n" + 100 "MQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZjZTEV\n" + 101 "MBMGA1UEAwwMSW50ZXJPcCBUZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n" + 102 "h4vXNUJzULq4e7fAOvF0WiWU6cllOAMus1GqTFvcnRPOChl8suZsvksO0CpZqL3h\n" + 103 "jXmVX9dp1FV/rUBGLo1aG6NPME0wCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBSO8V5+\n" + 104 "bj0ik0T9BtJc4jLJt7m6wjAfBgNVHSMEGDAWgBQxfznifNqgUkZAJta3WVD21nw8\n" + 105 "8jAKBggqhkjOPQQDAgNJADBGAiEAk7MF+L9bFRwUsbPsBCbCqH9DMdzBQR+kFDNf\n" + 106 "lfn8Rs4CIQD9qWvBXd+EJqwraxiX6cftaFchn+T2HpvMboy+irMFow==\n" + 107 "-----END CERTIFICATE-----", 108 109 // SHA256withRSA, 2048 bits 110 // Validity 111 // Not Before: Nov 9 03:24:16 2016 GMT 112 // Not After : Jul 27 03:24:16 2036 GMT 113 "-----BEGIN CERTIFICATE-----\n" + 114 "MIIDczCCAlugAwIBAgIJAPhM2oUKx0aJMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNV\n" + 115 "BAYTAlVTMQ0wCwYDVQQKEwRKYXZhMR0wGwYDVQQLExRTdW5KU1NFIFRlc3QgU2Vy\n" + 116 "aXZjZTAeFw0xNjExMDkwMzI0MTZaFw0zNjA3MjcwMzI0MTZaMFIxCzAJBgNVBAYT\n" + 117 "AlVTMQ0wCwYDVQQKDARKYXZhMR0wGwYDVQQLDBRTdW5KU1NFIFRlc3QgU2VyaXZj\n" + 118 "ZTEVMBMGA1UEAwwMSW50ZXJPcCBUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\n" + 119 "MIIBCgKCAQEA36tJaXfJ2B/AFvES+tnueyQPSNABVu9nfMdU+NEPamJ+FH7cEF8Z\n" + 120 "1Spr1vlQgNzCpDUVrfnmT75rCapgz5ldA9+y+3hdfUyHjZBzzfx+6GHXLB4u6eU2\n" + 121 "NATa7vqSLNbcLcfZ7/QmkFqg4JRJbX4F42kKkRJrWdKZ8UoCYC8WXWvDaZ3nUs05\n" + 122 "XHe+mBJ8qMNPTbYST1jpzXPyH5CljlFGYi2mKJDTImDhwht7mu2+zvwvbJ81Gj2X\n" + 123 "JUSTSf9fu0zxFcCk6RmJPw9nSVqePVlOwtNNBodfKN+k4yr+gOz1v8NmMtmEtklV\n" + 124 "Sulr/J4QxI+E2Zar/C+4XjxkvstIS+PNKQIDAQABo2MwYTALBgNVHQ8EBAMCA+gw\n" + 125 "HQYDVR0OBBYEFHt19CItAz0VOF0WKGWwaT4DtEsSMB8GA1UdIwQYMBaAFJSUJUE2\n" + 126 "4vGCMojX/kqhey7R/oInMBIGA1UdEQEB/wQIMAaHBH8AAAEwDQYJKoZIhvcNAQEL\n" + 127 "BQADggEBACKYZWvo9B9IEpCCdBba2sNo4X1NI/VEY3fyUx1lkw+Kna+1d2Ab+RCZ\n" + 128 "cf3Y85fcwv03hNE///wNBp+Nde4NQRDK/oiQARzWwWslfinm5d83eQwzC3cpSzt+\n" + 129 "7ts6M5UlOblGsLXZI7THWO1tkgoEra9p+zezxLMmf/2MpNyZMZlVoJPM2YGxU9cN\n" + 130 "ws0AyeY1gpBEdT21vjsBPdxxj6qklXVMnzS3zF8YwXyOndDYQWdjmFEknRK/qmQ2\n" + 131 "gkLHrzpSpyCziecna5mGuDRdCU2dpsWiq1npEPXTq+PQGwWYcoaFTtXF8DDqhfPC\n" + 132 "4Abe8gPm6MfzerdmS3RFTj9b/DIIENM=\n" + 133 "-----END CERTIFICATE-----" 134 }; 135 136 // Private key in the format of PKCS#8. 137 private final static String[] endEntityPrivateKeys = { 138 // 139 // EC private key related to cert endEntityCertStrs[0]. 140 // 141 "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgA3pmS+OrIjGyUv2F\n" + 142 "K/PkyayJIePM2RTFYxNoQqmJGnihRANCAASHi9c1QnNQurh7t8A68XRaJZTpyWU4\n" + 143 "Ay6zUapMW9ydE84KGXyy5my+Sw7QKlmoveGNeZVf12nUVX+tQEYujVob", 144 145 // 146 // RSA private key related to cert endEntityCertStrs[1]. 147 // 148 "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfq0lpd8nYH8AW\n" + 149 "8RL62e57JA9I0AFW72d8x1T40Q9qYn4UftwQXxnVKmvW+VCA3MKkNRWt+eZPvmsJ\n" + 150 "qmDPmV0D37L7eF19TIeNkHPN/H7oYdcsHi7p5TY0BNru+pIs1twtx9nv9CaQWqDg\n" + 151 "lEltfgXjaQqREmtZ0pnxSgJgLxZda8NpnedSzTlcd76YEnyow09NthJPWOnNc/If\n" + 152 "kKWOUUZiLaYokNMiYOHCG3ua7b7O/C9snzUaPZclRJNJ/1+7TPEVwKTpGYk/D2dJ\n" + 153 "Wp49WU7C000Gh18o36TjKv6A7PW/w2Yy2YS2SVVK6Wv8nhDEj4TZlqv8L7hePGS+\n" + 154 "y0hL480pAgMBAAECggEBAJyP1zk+IkloIBtu7+wrdCU6HoDHKMjjlzrehHoOTI4Z\n" + 155 "F0vdaMkE6J4vrYCyz0kEPjKW/e/jxvT2wxHm8xEdtuApS61+mWJFmXTcMlNzdJnR\n" + 156 "Mr6s+gW67fAHngA94OgGFeTtyX2PFxdgeM/6vFMqLZD7S+w0SnR7WEpvla4iB7On\n" + 157 "lXqhJKVQeVc+IpByg/S4MmJb91jck73GltCaCL/b6BTrsz+zc/AY5tb8JInxjMZ9\n" + 158 "jmjmA+s6l7tnBrFQfJHlF9a374lxCOtZTxyxVJjD7tQcGpsUpSHXZGdpDcT34qYT\n" + 159 "UGh0yp2Mc/1PfWni5gS/6UGLrYmT57RRCn5YJBJTEkkCgYEA/XPCNehFaOMSxOZh\n" + 160 "OGBVhQ+eRAmdpJfMhSUsDdEdQLZyWGmZsMTHjZZrwevBX/D0dxQYDv/sAl0GZomJ\n" + 161 "d6iRCHlscycwx5Q0U/EpacsgRlYHz1nMRzXqS3Ry+8O8qQlliqCLUM7SfVgzdI5/\n" + 162 "ll9JMrng9NnRl8ccjEdOGK8g/MMCgYEA4eriKMfRslGY4uOQoTPbuEJSMMwQ2X4k\n" + 163 "lPj1p+xSQfU9QBaWJake67oBj3vpCxqN7/VkvCIeC6LCjhLpWHCn4EkdGiqkEdWz\n" + 164 "m5CHzpzVIgznzWnbt0rCVL2KdL+ihgY8KPDdsZ6tZrABHuYhsWkAu10wyvuQYM88\n" + 165 "3u6yOIQn36MCgYEAk5qR1UEzAxWTPbaJkgKQa5Cf9DHBbDS3eCcg098f8SsPxquh\n" + 166 "RRAkwzGCCgqZsJ0sUhkStdGXifzRGHAq7dPuuwe0ABAn2WNXYjeFjcYtQqkhnUFH\n" + 167 "tYURsOXdfQAOZEdDqos691GrxjHSraO7bECL6Y3VE+Oyq3jbCFsSgU+kn28CgYBT\n" + 168 "mrXZO6FJqVK33FlAns1YEgsSjeJKapklHEDkxNroF9Zz6ifkhgKwX6SGMefbORd/\n" + 169 "zsNZsBKIYdI3+52pIf+uS8BeV5tiEkCmeEUZ3AYv1LDP3rX1zc++xmn/rI97o8EN\n" + 170 "sZ2JRtyK3OV9RtL/MYmYzPLqm1Ah02+GXLVNnvKWmwKBgE8Ble8CzrXYuuPdGxXz\n" + 171 "BZU6HnXQrmTUcgeze0tj8SDHzCfsGsaG6pHrVNkT7CKsRuCHTZLM0kXmUijLFKuP\n" + 172 "5xyE257z4IbbEbs+tcbB3p28n4/47MzZkSR3kt8+FrsEMZq5oOHbFTGzgp9dhZCC\n" + 173 "dKUqlw5BPHdbxoWB/JpSHGCV" 174 }; 175 176 // Private key names of endEntityPrivateKeys. 177 private final static String[] endEntityPrivateKeyNames = { 178 "EC", 179 "RSA" 180 }; 181 182 /* 183 * Run the test case. 184 */ 185 public void run() throws Exception { 186 SSLEngine serverEngine = createServerEngine(); 187 188 // 189 // Create and size the buffers appropriately. 190 // 191 SSLSession session = serverEngine.getSession(); 192 ByteBuffer serverAppInbound = 193 ByteBuffer.allocate(session.getApplicationBufferSize()); 194 ByteBuffer clientHello = 195 ByteBuffer.allocate(session.getPacketBufferSize()); 196 197 // 198 // Generate a ClientHello message, and check if the server 199 // engine can read it or not. 200 // 201 clientHello.put(createClientHelloMessage()); 202 clientHello.flip(); 203 204 SSLEngineResult serverResult = 205 serverEngine.unwrap(clientHello, serverAppInbound); 206 log("Server unwrap: ", serverResult); 207 runDelegatedTasks(serverResult, serverEngine); 208 209 // 210 // Generate server responses to the ClientHello request. 211 // 212 ByteBuffer clientNetInbound = 213 ByteBuffer.allocate(session.getPacketBufferSize()); 214 ByteBuffer clientAppInbound = 215 ByteBuffer.wrap("Hello Client, I'm Server".getBytes()); 216 217 serverResult = serverEngine.wrap(clientAppInbound, clientNetInbound); 218 log("Server wrap: ", serverResult); 219 runDelegatedTasks(serverResult, serverEngine); 220 } 221 222 /* 223 * Create a ClientHello message. 224 */ 225 abstract protected byte[] createClientHelloMessage(); 226 227 /* 228 * Create an instance of SSLContext for client use. 229 */ 230 protected SSLContext createClientSSLContext() throws Exception { 231 return createSSLContext(trustedCertStrs, null, null, null); 232 } 233 234 /* 235 * Create an instance of SSLContext for server use. 236 */ 237 protected SSLContext createServerSSLContext() throws Exception { 238 return createSSLContext(null, 239 endEntityCertStrs, endEntityPrivateKeys, 240 endEntityPrivateKeyNames); 241 } 242 243 /* 244 * Create an instance of SSLContext with the specified trust/key materials. 245 */ 246 protected SSLContext createSSLContext( 247 String[] trustedMaterials, 248 String[] keyMaterialCerts, 249 String[] keyMaterialKeys, 250 String[] keyMaterialKeyAlgs) throws Exception { 251 252 KeyStore ts = null; // trust store 253 KeyStore ks = null; // key store 254 char passphrase[] = "passphrase".toCharArray(); 255 256 // Generate certificate from cert string. 257 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 258 259 // Import the trused certs. 260 ByteArrayInputStream is; 261 if (trustedMaterials != null && trustedMaterials.length != 0) { 262 ts = KeyStore.getInstance("JKS"); 263 ts.load(null, null); 264 265 Certificate[] trustedCert = 266 new Certificate[trustedMaterials.length]; 267 for (int i = 0; i < trustedMaterials.length; i++) { 268 String trustedCertStr = trustedMaterials[i]; 269 270 is = new ByteArrayInputStream(trustedCertStr.getBytes()); 271 try { 272 trustedCert[i] = cf.generateCertificate(is); 273 } finally { 274 is.close(); 275 } 276 277 ts.setCertificateEntry("trusted-cert-" + i, trustedCert[i]); 278 } 279 } 280 281 // Import the key materials. 282 // 283 // Note that certification pathes bigger than one are not supported yet. 284 boolean hasKeyMaterials = 285 (keyMaterialCerts != null) && (keyMaterialCerts.length != 0) && 286 (keyMaterialKeys != null) && (keyMaterialKeys.length != 0) && 287 (keyMaterialKeyAlgs != null) && (keyMaterialKeyAlgs.length != 0) && 288 (keyMaterialCerts.length == keyMaterialKeys.length) && 289 (keyMaterialCerts.length == keyMaterialKeyAlgs.length); 290 if (hasKeyMaterials) { 291 ks = KeyStore.getInstance("JKS"); 292 ks.load(null, null); 293 294 for (int i = 0; i < keyMaterialCerts.length; i++) { 295 String keyCertStr = keyMaterialCerts[i]; 296 297 // generate the private key. 298 PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( 299 Base64.getMimeDecoder().decode(keyMaterialKeys[i])); 300 KeyFactory kf = 301 KeyFactory.getInstance(keyMaterialKeyAlgs[i]); 302 PrivateKey priKey = kf.generatePrivate(priKeySpec); 303 304 // generate certificate chain 305 is = new ByteArrayInputStream(keyCertStr.getBytes()); 306 Certificate keyCert = null; 307 try { 308 keyCert = cf.generateCertificate(is); 309 } finally { 310 is.close(); 311 } 312 313 Certificate[] chain = new Certificate[] { keyCert }; 314 315 // import the key entry. 316 ks.setKeyEntry("cert-" + i, priKey, passphrase, chain); 317 } 318 } 319 320 // Create an SSLContext object. 321 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); 322 tmf.init(ts); 323 324 SSLContext context = SSLContext.getInstance("TLS"); 325 if (hasKeyMaterials && ks != null) { 326 KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509"); 327 kmf.init(ks, passphrase); 328 329 context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 330 } else { 331 context.init(null, tmf.getTrustManagers(), null); 332 } 333 334 return context; 335 } 336 337 /* 338 * Create an instance of SSLEngine in client mode. 339 */ 340 protected SSLEngine createClientEngine() throws Exception { 341 return createClientEngine(createClientSSLContext()); 342 } 343 344 /* 345 * Create an instance of SSLEngine in client mode with the 346 * specified SSLContext object. 347 */ 348 protected SSLEngine createClientEngine( 349 SSLContext context) throws Exception { 350 351 SSLEngine engine = context.createSSLEngine(); 352 engine.setUseClientMode(true); 353 354 /* 355 * Customize the SSLEngine object. 356 */ 357 // blank 358 359 return engine; 360 } 361 362 /* 363 * Create an instance of SSLEngine in server mode. 364 */ 365 protected SSLEngine createServerEngine() throws Exception { 366 return createServerEngine(createServerSSLContext()); 367 } 368 369 /* 370 * Create an instance of SSLEngine in server mode with the 371 * specified SSLContext object. 372 */ 373 protected SSLEngine createServerEngine( 374 SSLContext context) throws Exception { 375 376 SSLEngine engine = context.createSSLEngine(); 377 engine.setUseClientMode(false); 378 379 /* 380 * Customize the SSLEngine object. 381 */ 382 engine.setNeedClientAuth(false); 383 384 return engine; 385 } 386 387 /* 388 * Run the delagayed tasks if any. 389 * 390 * If the result indicates that we have outstanding tasks to do, 391 * go ahead and run them in this thread. 392 */ 393 protected static void runDelegatedTasks(SSLEngineResult result, 394 SSLEngine engine) throws Exception { 395 396 if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { 397 Runnable runnable; 398 while ((runnable = engine.getDelegatedTask()) != null) { 399 log("\trunning delegated task..."); 400 runnable.run(); 401 } 402 HandshakeStatus hsStatus = engine.getHandshakeStatus(); 403 if (hsStatus == HandshakeStatus.NEED_TASK) { 404 throw new Exception( 405 "handshake shouldn't need additional tasks"); 406 } 407 log("\tnew HandshakeStatus: " + hsStatus); 408 } 409 } 410 411 /* 412 * Logging the specificated message and the SSLEngine operation result. 413 */ 414 protected static void log(String str, SSLEngineResult result) { 415 HandshakeStatus hsStatus = result.getHandshakeStatus(); 416 log(str + 417 result.getStatus() + "/" + hsStatus + ", consumed: " + 418 result.bytesConsumed() + "/produced: " + result.bytesProduced() + 419 " bytes"); 420 421 if (hsStatus == HandshakeStatus.FINISHED) { 422 log("\t...ready for application data"); 423 } 424 } 425 426 /* 427 * Logging the specificated message. 428 */ 429 protected static void log(String str) { 430 System.out.println(str); 431 } 432} 433