users@grizzly.java.net

Re: Problem with SSL

From: quende <skrinnikov_at_gmail.com>
Date: Thu, 2 Oct 2008 09:14:06 -0700 (PDT)

Hello John!

Excellent! This approach solved all of my problems at once!
Though I did this check and attachment update in onRead and not on Connect.
After this, the exception on client side vanished. Then i did a similar
thing on the server-side,
and the exception with flushChannel when executing sending in a pipeline
disappeared too
(though, in this case it was gone when i used not
SSLOutputWriter.flushChannel(SelectableChannel channel, ByteBuffer bb)
but
SSLOutputWriter. flushChannel(SelectableChannel channel, ByteBuffer bb,
ByteBuffer outputBB, SSLEngine sslEngine)
)

All problems are solved.
Thanks John, thanks everybody!

WBR,
-- Quende



John ROM wrote:
>
> Hello quende,
> it is just an idea, maybe Jeanfrancois or Alexey
> could also check because I have not done much so far with Grizzly SSL and
> I do not
> want to mislead you:
>
> From looking at your client code this may be a problem:
>
> 1) connectorHandler uses SSLEngine which does ssl handshake.
> 2) connectorhandler writes message to server
> 2) message is received by server.
> 3) server echos message back
> 4) Because no SSLEngine has been attached to client's Connection
> selectionKey
> ClientSSLReadFilter tries to create a new SSLEngine and do a new
> handshake.
>
> So to make sure that the client ReadFilter uses the connectorHandler's
> SSLEngine
> I would do the following in your CallbackHandler:
>
> public class ClientCallbackHandlerToProtocolChain {
>
>
> public void onConnect(IOEvent<Context> ioEvent) {
> readBB = ((WorkerThread) Thread.currentThread()).getByteBuffer();
> readBB.flip();
> SelectionKey _key = ioEvent.attachment().getSelectionKey();
> try {
> _connectorHandler.finishConnect(_key);
>
> if (_connectorHandler.handshake(readBB, false)) {
> onHandshake(ioEvent);
> }
> } catch (Exception e) {
> }
> WorkerThread workerThread= (WorkerThread)Thread.currentThread();
> SSLEngine sslEngine = workerThread.getSSLEngine();
>
> if(sslEngine==null) {
> sslEngine=_connectorHandler.getSSLEngine();
> workerThread.setSSLEngine(sslEngine);
> ThreadAttachment attachment =
> workerThread.updateAttachment(Mode.SSL_ENGINE);
> SelectionKey key = ioEvent.attachment().getSelectionKey();
> key.attach(attachment);
> }
> // ...
>
>
> }
> }
>
> But I am not sure if this solves your problem
> because you should have gotten a diffenrent Exception.
>
> Anyway many Greetings
> John
>
>
>
>
>
>
>
>
> -------- Original-Nachricht --------
>> Datum: Wed, 1 Oct 2008 03:39:27 -0700 (PDT)
>> Von: quende <skrinnikov_at_gmail.com>
>> An: users_at_grizzly.dev.java.net
>> Betreff: Re: Problem with SSL
>
>>
>> Here it goes.
>> That's how I start it:
>>
>> //...
>> //keystore, etc.
>> SSLConfig.DEFAULT_CONFIG = _sslConfig;
>> _started = new CountDownLatch(1);
>> _connectorHandler = new SSLConnectorHandler();
>> SSLEngine _engine = _sslConfig.createSSLContext().createSSLEngine();
>> _engine.setUseClientMode(true);
>>
>> _connectorHandler.configure(_sslConfig);
>> _connectorHandler.setSSLEngine(_engine);
>> _connectorHandler.setController(_controller);
>>
>> final SSLReadFilter readFilter = new SSLReadFilter();
>> readFilter.setSSLContext(SSLConfig.DEFAULT_CONFIG.createSSLContext());
>> _controller.addSelectorHandler(_selectorHandler);
>>
>> _controller.setProtocolChainInstanceHandler(new
>> DefaultProtocolChainInstanceHandler()
>> {
>> @Override
>> public ProtocolChain poll()
>> {
>> ProtocolChain protocolChain = protocolChains.poll();
>> if (protocolChain == null)
>> {
>> protocolChain = new DefaultProtocolChain();
>> protocolChain.addFilter(readFilter);
>> protocolChain.addFilter(new ClientDispatchFilter());
>> }
>> return protocolChain;
>> }
>> });
>> _controller.addStateListener(new ClientControllerState());
>>
>> _controllerThread = new Thread(_controller);
>> _controllerThread.start();
>> try
>> {
>> _started.await();
>> }
>> catch(Exception e)
>> {
>> e.printStackTrace();
>> }
>>
>> try
>> {
>> _connectorHandler.connect(new
>> InetSocketAddress(InetAddress.getByName(ClientParams.getServerIP()),
>> ClientParams.getServerPort()), new
>> ClientCallbackHandlerToProtocolChain(_connectorHandler));
>>
>> // wait for a successfull handshake
>> //...
>> // send data to server via _connectorHandler.write(myByteBuffer, false);
>>
>> -----------------------------------------------------
>> The callback hadler is:
>>
>> public class ClientCallbackHandlerToProtocolChain implements
>> SSLCallbackHandler<Context>
>> {
>> private SSLConnectorHandler _connectorHandler;
>> private ByteBuffer readBB;
>>
>> public ClientCallbackHandlerToProtocolChain(SSLConnectorHandler
>> connH)
>> {
>> _connectorHandler = connH;
>> readBB.wrap(new
>> byte[_connectorHandler.getApplicationBufferSize()]);
>> }
>>
>> public void onConnect(IOEvent<Context> ioEvent)
>> {
>> readBB = ((WorkerThread)
>> Thread.currentThread()).getByteBuffer();
>> readBB.flip();
>> SelectionKey _key = ioEvent.attachment().getSelectionKey();
>> try
>> {
>> _connectorHandler.finishConnect(_key);
>>
>> if (_connectorHandler.handshake(readBB, false))
>> {
>> onHandshake(ioEvent);
>> }
>> //...
>> }
>>
>> public void onRead(IOEvent<Context> ioEvent)
>> {
>> try
>> {
>> Context ctx = ioEvent.attachment();
>> ctx.getProtocolChain().execute(ctx);
>> }
>> catch(Exception e)
>> {
>> //...
>> }
>>
>> public void onHandshake(IOEvent<Context> context)
>> {
>>
>> context.attachment().getSelectorHandler().register(context.attachment().getSelectionKey(),
>> SelectionKey.OP_READ );
>> // deal with CountDownLatch
>> //...
>> }
>>
>> -----------------------------------------
>>
>> The message, that i send after connect and handshake successfully reaches
>> the server, but the echoed messages produces exception from the post
>> above.
>> --
>> View this message in context:
>> http://www.nabble.com/Problem-with-SSL-tp19709902p19757913.html
>> Sent from the Grizzly - Users mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
>> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>
> --
> Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen:
> http://www.gmx.net/de/go/multimessenger
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_grizzly.dev.java.net
> For additional commands, e-mail: users-help_at_grizzly.dev.java.net
>
>
> 

-- 
View this message in context: http://www.nabble.com/Problem-with-SSL-tp19709902p19782509.html
Sent from the Grizzly - Users mailing list archive at Nabble.com.
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.