0

我使用DTLS1.0的是 java 9 提供的。它成功生成Client Hello并返回服务器响应

 1. Server Hello
 2. Certificate
 3. Server Key Exchange
 4. Certificate Request
 5. Server Hello Done

然后 SSLEngine 给出NEED_UNWRAP. 在打开包含它的数据包后,Server Hello Done它再次给出NEED_UNWRAP。展开下一次重新传输后Server Hello Done,它再次给出NEED_UNWRAP。它一次又一次地发生。但我认为它应该通过给产生下一个握手信号NEED_WRAP

如果我错了,请纠正我。否则为什么会这样?

信托经理:

    final TrustManager[] trustAllCerts = new TrustManager[] {
        new X509TrustManager() {

            public X509Certificate[] getAcceptedIssuers() {
                // TODO Auto-generated method stub
                return null;
            }

            public void checkServerTrusted(X509Certificate[] arg0, String arg1)
                    throws CertificateException {
                // TODO Auto-generated method stub

            }

            public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                    throws CertificateException {
                // TODO Auto-generated method stub

            }
        }
    };

SSL引擎: 

        char[] passphrase = "123456".toCharArray();//This is the password

        // First initialize the key and trust material
        KeyStore ksKeys = KeyStore.getInstance("JKS");
        ksKeys.load(new FileInputStream("keystore"), passphrase);

        // KeyManagers decide which key material to use
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(ksKeys, passphrase);


        SSLContext sslContext = SSLContext.getInstance("DTLSv1.0");
        sslContext.init(kmf.getKeyManagers(), trustAllCerts, null);


        int port2 = Queuemanager.switchMediaHandler.get("192.168.19.148").realPort;
        // Create the engine
        engine = sslContext.createSSLEngine("192.168.19.148", port2);

        // Use as client
        engine.setUseClientMode(true);
        engine.setEnableSessionCreation(true);

握手:

    void doHandshake(){
    engine.beginHandshake();        
    SSLEngineResult result; 
    HandshakeStatus handshakeStatus;        
    int appBufferSize = engine.getSession().getApplicationBufferSize();
    ByteBuffer myAppData = ByteBuffer.allocate(appBufferSize);
    ByteBuffer peerAppData = ByteBuffer.allocate(appBufferSize);
    myNetData.clear();
    peerNetData.clear();

    handshakeStatus = engine.getHandshakeStatus();
    while (handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED && handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {             
        switch (handshakeStatus) {
        case NEED_UNWRAP_AGAIN:
            logger.debug("NEED_UNWRAP_AGAIN");
        case NEED_UNWRAP:
            logger.debug("NEED_UNWRAP");
            DatagramPacket packet = null;
           if(handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP ) {
            try {
                byte[] buf = new byte[1024];
                packet = new DatagramPacket(buf, buf.length);
                socket.receive(packet);
                peerNetData = ByteBuffer.wrap(buf, 0, packet.getLength());
                peerAppData =  ByteBuffer.allocate(appBufferSize);
            } catch (IOException e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            }
          }else{
               peerNetData = ByteBuffer.allocate(0);
               peerAppData =  ByteBuffer.allocate(appBufferSize);
           }


            SSLEngineResult.Status rs;
            result = null;
            try {

                handshakeStatus = engine.getHandshakeStatus();
                while(handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP || handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP_AGAIN) {
                    result = engine.unwrap(peerNetData, peerAppData);
                    peerNetData.compact();  
                    handshakeStatus = result.getHandshakeStatus();
                 }

                handshakeStatus = result.getHandshakeStatus();

                rs = result.getStatus();

            } catch (SSLException sslException) {
                engine.closeOutbound();                    
                break;
            }
            switch (rs) {
            case OK:
                break;
            case BUFFER_OVERFLOW:
                break;
            case BUFFER_UNDERFLOW:
                break;
            case CLOSED:
            default:
                throw new IllegalStateException("Invalid SSL status: " + result.getStatus());
            }
            break;
        case NEED_WRAP:
            logger.debug("NEED_WRAP");
            myNetData.clear();
            try {
                result = engine.wrap(myAppData, myNetData);
                handshakeStatus = result.getHandshakeStatus();
            } catch (SSLException sslException) {
                engine.closeOutbound();
                handshakeStatus = engine.getHandshakeStatus();
                break;
            }
            switch (result.getStatus()) {
            case OK :                                       

                while (myNetData.hasRemaining()) {
                    //String str = myNetData.toString();
                    byte[] arr = new byte[myNetData.remaining()];
                    myNetData.get(arr);
                    recvPacket = new DatagramPacket(arr, arr.length);
                    recvPacket.setData(arr);

                    try {
                        int port2 = Queuemanager.switchMediaHandler.get("192.168.19.148").realPort;

                        InetAddress ip = InetAddress.getByName("192.168.19.148");       

                        recvPacket.setAddress(ip);
                        recvPacket.setPort(port2);     

                        socket.send(recvPacket);

                    } catch (IOException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                    }
                    //socketChannel.write(myNetData);
                }

            case BUFFER_OVERFLOW:
            case BUFFER_UNDERFLOW:
            case CLOSED:
            case NEED_TASK:
                 Runnable task;
                 while ((task = engine.getDelegatedTask()) != null) {
                      new Thread(task).start();
                 }
                 handshakeStatus = engine.getHandshakeStatus();
                 break;
    }           
}
4

1 回答 1

1

你从头到尾做这件事。当引擎说 NEED_UNWRAP 时,进行解包。然后,如果返回 BUFFER_UNDERFLOW,请执行读取并再次尝试解包。不要只是假设您需要再次阅读 NEED_UNWRAP。您可能会从您peerNetData的操作方式中丢失数据。并且不要创建一个新的peerNetDataviaByteBuffer.wrap().allocate()任何一个:继续使用同一个,并使用put()将数据报数据放入其中。然后compact()在每次成功的引擎展开之后。

换句话说,只做它告诉你做的事情。

SSLEngine是一件非常困难的事情。许多人尝试过:很少有人成功。对于一个工作上的成功,这是商业产品的基础,请参阅我的《 Java 中的基础网络SSLEngineManager》一书的源代码中的类,Springer 2006,这里

于 2018-04-03T02:41:12.833 回答