I am trying to use SSLengine with SocketChannels in non-blocking mode.
The handshake is done correctly but when i try to read & decrypt http posts from channelsocket, only the headers are decrypted and the body disapear:
<code>
int num=0;
while(num==0){
num=socketChannel.read(peerNetData);
if(num==-1)
break;
}
if (num == -1) {
System.out.println("channel closed");
} else if (num == 0) {
System.out.println("no bytes to read");
} else {
// Process incoming data
peerNetData.flip();
SSLEngineResult res = engine.unwrap(peerNetData, peerAppData);
//return a ok status
peerNetData.flip();
peerAppData.flip();
System.out.println(new String(peerNetData.array()));
System.out.println(new String(peerAppData.array()));
</code>
when printing the encrypted data in peerNetData i am getting :
?>.//POST test HTTP/1.1 Cache-Control: no-cache Content-Length: 20 Content-Type: application/octet-stream Host: 192.168.X.X
?>.//?>.//?>.//?>.//?>.//?>.//?>.//?>.//?>.//?>.//?>.// <--- encrypted chars here
but when i print the decrypted data in peerAppData i am getting
POST test HTTP/1.1/ Cache-Control: no-cache Content-Length: 20 Content-Type: application/octet-stream Host: 192.168.X.X // and then three empty lines here.
is this a decryption problem with SSlengine??
Thanks
Also i would like to add that unwrap method return an OK status.
It could well be that the actual POST content was empty except for the 2 empty lines (one line is standard after the header, if I'm not mistaken). Because of PKCS#7 padding, at least 16 bytes of data (one block, 16 bytes for AES) will be encrypted at the minimum.
Besides that the data will also contain a MAC as SSL usually uses MAC-then-encrypt (also known as the wrong way around according to most).
So it may look like there is data, even if it is just overhead.