javahandshakesslengine

Difference of getHandShakeStatus() in SSLEngine and SSLEngineResults in java


I am trying to create a Client/Server connection with SSLEngine in java. I would like to ask what is the difference between SSLEngine.getHandshakeStatus() and SSLEngineResults.getHandshakeStatus(). I have found a sample code of Nuno Santos about SSLEngine and multiplexing with NIO API.

The code I refer to is:

                    //some code here
                    SSLEngineResult.HandshakeStatus hs = engine.getHandshakeStatus();
                    String clientString = "";

                    while (hs != SSLEngineResult.HandshakeStatus.FINISHED && hs != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING)
                    {
                        switch (hs)
                        {
                        case NEED_UNWRAP:
                            if (socketChannel.read(peerNetData)< 0)
                            {
                                engine.closeInbound();
                            }
                            peerNetData.flip();
                            SSLEngineResult res = engine.unwrap(peerNetData, peerAppData);
                            peerNetData.compact();
                            hs = res.getHandshakeStatus();
                            switch (res.getStatus())
                            {
                            case OK:
                            //TODO something
                                break;
                            case BUFFER_UNDERFLOW:
                        //TODO something
                                break;
                            case BUFFER_OVERFLOW:
                            //TODO something
                                break;
                            case CLOSED:
                            //TODO something
                                engine.closeInbound();
                                break;
                            }
                            break;
                            //more code here

The link with the code I've found is: http://onjava.com/pub/a/onjava/2004/11/03/ssl-nio.html?page=last&x-order=date

The sample code is in Resources section

Thanks in advance!


Solution

  • They aren't the same. The status returned as SSLEngineResult.getHandshakeStatus() by calling wrap() or unwrap() can include FINISHED, but you will never get that from the status stored in the SSLEngine. The reason is that it's a transient status.

    NB poor quality code. There's not much point in trying an unwrap or anything else after you've just read end of stream.