1 /*
2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // SunJSSE does not support dynamic system properties, no way to re-use
26 // system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 6956398
32 * @summary make ephemeral DH key match the length of the certificate key
33 * @run main/othervm
34 * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
35 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
36 * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
37 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
38 * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
39 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
40 * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
41 *
42 * @run main/othervm
43 * DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA true 292 75
44 *
45 * @run main/othervm
46 * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1510 139
47 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
48 * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1414 107
49 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
50 * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1894 267
51 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
52 * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1510 139
53 *
54 * @run main/othervm
55 * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 484 139
56 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
57 * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 388 107
58 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
59 * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 484 139
60 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
61 * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 484 139
62 */
63
64 /*
65 * This is a simple hack to test key sizes of Diffie-Hellman key exchanging
66 * during SSL/TLS handshaking.
67 *
68 * The record length of DH ServerKeyExchange and ClientKeyExchange.
69 * ServerKeyExchange message are wrapped in ServerHello series messages, which
70 * contains ServerHello, Certificate and ServerKeyExchange message.
71 *
72 * struct {
73 * opaque dh_p<1..2^16-1>;
74 * opaque dh_g<1..2^16-1>;
75 * opaque dh_Ys<1..2^16-1>;
76 * } ServerDHParams; // Ephemeral DH parameters
77 *
78 * struct {
79 * select (PublicValueEncoding) {
80 * case implicit: struct { };
81 * case explicit: opaque dh_Yc<1..2^16-1>;
82 * } dh_public;
83 * } ClientDiffieHellmanPublic;
84 *
85 * Fomr above structures, it is clear that if the DH key size increasing 128
86 * bits (16 bytes), the ServerHello series messages increases 48 bytes
87 * (becuase dh_p, dh_g and dh_Ys each increase 16 bytes) and ClientKeyExchange
88 * increases 16 bytes (because of the size increasing of dh_Yc).
89 *
90 * Here is a summary of the record length in the test case.
91 *
92 * | ServerHello Series | ClientKeyExchange | ServerHello Anon
93 * 512-bit | 1318 bytes | 75 bytes | 292 bytes
94 * 768-bit | 1414 bytes | 107 bytes | 388 bytes
95 * 1024-bit | 1510 bytes | 139 bytes | 484 bytes
96 * 2048-bit | 1894 bytes | 267 bytes | 484 bytes
97 */
98
99 import javax.net.ssl.*;
100 import javax.net.ssl.SSLEngineResult.*;
101 import java.io.*;
102 import java.nio.*;
103 import java.security.KeyStore;
104 import java.security.KeyFactory;
105 import java.security.Security;
106 import java.security.cert.Certificate;
107 import java.security.cert.CertificateFactory;
108 import java.security.spec.PKCS8EncodedKeySpec;
109 import java.security.interfaces.*;
110 import java.util.Base64;
111
112 public class DHEKeySizing {
113
114 private final static boolean debug = true;
115
116 // key length bias because of the stripping of leading zero bytes of
117 // negotiated DH keys.
118 //
119 // This is an effort to mimum intermittent failure when we cannot
120 // estimate what's the exact number of leading zero bytes of
121 // negotiated DH keys.
122 private final static int KEY_LEN_BIAS = 6;
123
124 private SSLContext sslc;
125 private SSLEngine ssle1; // client
126 private SSLEngine ssle2; // server
127
128 private ByteBuffer appOut1; // write side of ssle1
129 private ByteBuffer appIn1; // read side of ssle1
130 private ByteBuffer appOut2; // write side of ssle2
131 private ByteBuffer appIn2; // read side of ssle2
132
133 private ByteBuffer oneToTwo; // "reliable" transport ssle1->ssle2
134 private ByteBuffer twoToOne; // "reliable" transport ssle2->ssle1
135
136 /*
137 * Where do we find the keystores?
138 */
139 // Certificates and key used in the test.
140 static String trustedCertStr =
141 "-----BEGIN CERTIFICATE-----\n" +
142 "MIIC8jCCAdqgAwIBAgIEUjkuRzANBgkqhkiG9w0BAQUFADA7MR0wGwYDVQQLExRT\n" +
143 "dW5KU1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMw\n" +
144 "HhcNMTMwOTE4MDQzODMxWhcNMTMxMjE3MDQzODMxWjA7MR0wGwYDVQQLExRTdW5K\n" +
145 "U1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMwggEi\n" +
146 "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCO+IGeaskJAvEcYc7pCl9neK3E\n" +
147 "a28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0LKXArpI3thLNK\n" +
148 "QLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO19FbjxAfInJqk\n" +
149 "3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ7MrIOqHPd+8r\n" +
150 "RbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTkM65T1hnnOv5n\n" +
151 "ZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+PqPgWNl3+/AgMB\n" +
152 "AAEwDQYJKoZIhvcNAQEFBQADggEBAAlrP6DFLRPSy0IgQhcI2i56tR/na8pezSte\n" +
153 "ZHcCdaCZPDy4UP8mpLJ9QCjEB5VJv8hPm4xdK7ULnKGOGHgYqDpV2ZHvQlhV1woQ\n" +
154 "TZGb/LM3c6kAs0j4j9KM2fq3iYUYexjIkS1KzsziflxMM6igS9BRMBR2LQyU+cYq\n" +
155 "YEsFzkF7Aj2ET4v/+tgot9mRr2NioJcaJkdsPDpMU3IKB1cczfu+OuLQ/GCG0Fqu\n" +
156 "6ijCeCqfnaAbemHbJeVZZ6Qgka3uC2YMntLBmLkhqEo1d9zGYLoh7oWL77y5ibQZ\n" +
157 "LK5/H/zikcu579TWjlDHcqL3arCwBcrtsjSaPrRSWMrWV/6c0qw=\n" +
158 "-----END CERTIFICATE-----";
159
160 // Private key in the format of PKCS#8
161 static String targetPrivateKey =
162 "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO+IGeaskJAvEc\n" +
163 "Yc7pCl9neK3Ea28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0L\n" +
164 "KXArpI3thLNKQLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO1\n" +
165 "9FbjxAfInJqk3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ\n" +
166 "7MrIOqHPd+8rRbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTk\n" +
167 "M65T1hnnOv5nZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+Pq\n" +
168 "PgWNl3+/AgMBAAECggEAPdb5Ycc4m4A9QBSCRcRpzbyiFLKPh0HDg1n65q4hOtYr\n" +
169 "kAVYTVFTSF/lqGS+Ob3w2YIKujQKSUQrvCc5UHdFuHXMgxKIWbymK0+DAMb9SlYw\n" +
170 "6lkkcWp9gx9E4dnJ/df2SAAxovvrKMuHlL1SFASHhVtPfH2URvSfUaANLDXxyYOs\n" +
171 "8BX0Nr6wazhWjLjXo9yIGnKSvFfB8XisYcA78kEgas43zhmIGCDPqaYyyffOfRbx\n" +
172 "pM1KNwGmlN86iWR1CbwA/wwhcMySWQueS+s7cHbpRqZIYJF9jEeELiwi0vxjealS\n" +
173 "EMuHYedIRFMWaDIq9XyjrvXamHb0Z25jlXBNZHaM0QKBgQDE9adl+zAezR/n79vw\n" +
174 "0XiX2Fx1UEo3ApZHuoA2Q/PcBk+rlKqqQ3IwTcy6Wo648wK7v6Nq7w5nEWcsf0dU\n" +
175 "QA2Ng/AJEev/IfF34x7sKGYxtk1gcE0EuSBA3R+ocEZxnNw1Ryd5nUU24s8d4jCP\n" +
176 "Mkothnyaim+zE2raDlEtVc0CaQKBgQC509av+02Uq5oMjzbQp5PBJfQFjATOQT15\n" +
177 "eefYnVYurkQ1kcVfixkrO2ORhg4SjmI2Z5hJDgGtXdwgidpzkad+R2epS5qLMyno\n" +
178 "lQVpY6bMpEZ7Mos0yQygxnm8uNohEcTExOe+nP5fNJVpzBsGmfeyYOhnPQlf6oqf\n" +
179 "0cHizedb5wKBgQC/l5LyMil6HOGHlhzmIm3jj7VI7QR0hJC5T6N+phVml8ESUDjA\n" +
180 "DYHbmSKouISTRtkG14FY+RiSjCxH7bvuKazFV2289PETquogTA/9e8MFYqfcQwG4\n" +
181 "sXi9gBxWlnj/9a2EKiYtOB5nKLR/BlNkSHA93tAA6N+FXEMZwMmYhxk42QKBgAuY\n" +
182 "HQgD3PZOsqDf+qKQIhbmAFCsSMx5o5VFtuJ8BpmJA/Z3ruHkMuDQpsi4nX4o5hXQ\n" +
183 "5t6AAjjH52kcUMXvK40kdWJJtk3DFnVNfvXxYsHX6hHbuHXFqYUKfSP6QJnZmvZP\n" +
184 "9smcz/4usLfWJUWHK740b6upUkFqx9Vq5/b3s9y3AoGAdM5TW7LkkOFsdMGVAUzR\n" +
185 "9iXmCWElHTK2Pcp/3yqDBHSfiQx6Yp5ANyPnE9NBM0yauCfOyBB2oxLO4Rdv3Rqk\n" +
186 "9V9kyR/YAGr7dJaPcQ7pZX0OpkzgueAOJYPrx5VUzPYUtklYV1ycFZTfKlpFCxT+\n" +
187 "Ei6KUo0NXSdUIcB4yib1J10=";
188
189 static char passphrase[] = "passphrase".toCharArray();
190
191 /*
192 * Majority of the test case is here, setup is done below.
193 */
194
195 private void createSSLEngines() throws Exception {
196 ssle1 = sslc.createSSLEngine("client", 1);
197 ssle1.setUseClientMode(true);
198
199 ssle2 = sslc.createSSLEngine("server", 2);
200 ssle2.setUseClientMode(false);
201 }
202
203 private boolean isHandshaking(SSLEngine e) {
204 return (e.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING);
205 }
206
207 private void checkResult(ByteBuffer bbIn, ByteBuffer bbOut,
208 SSLEngineResult result,
209 Status status, HandshakeStatus hsStatus,
210 int consumed, int produced)
211 throws Exception {
212
213 if ((status != null) && (result.getStatus() != status)) {
214 throw new Exception("Unexpected Status: need = " + status +
215 " got = " + result.getStatus());
216 }
217
218 if ((hsStatus != null) && (result.getHandshakeStatus() != hsStatus)) {
219 throw new Exception("Unexpected hsStatus: need = " + hsStatus +
220 " got = " + result.getHandshakeStatus());
221 }
222
223 if ((consumed != -1) && (consumed != result.bytesConsumed())) {
224 throw new Exception("Unexpected consumed: need = " + consumed +
225 " got = " + result.bytesConsumed());
226 }
227
228 if ((produced != -1) && (produced != result.bytesProduced())) {
229 throw new Exception("Unexpected produced: need = " + produced +
230 " got = " + result.bytesProduced());
231 }
232
233 if ((consumed != -1) && (bbIn.position() != result.bytesConsumed())) {
234 throw new Exception("Consumed " + bbIn.position() +
235 " != " + consumed);
236 }
237
238 if ((produced != -1) && (bbOut.position() != result.bytesProduced())) {
239 throw new Exception("produced " + bbOut.position() +
240 " != " + produced);
241 }
242 }
243
244 private void test(String cipherSuite, boolean exportable,
245 int lenServerKeyEx, int lenClientKeyEx) throws Exception {
246
247 createSSLEngines();
248 createBuffers();
249
250 SSLEngineResult result1; // ssle1's results from last operation
251 SSLEngineResult result2; // ssle2's results from last operation
252
253 String[] suites = new String [] {cipherSuite};
254
255 ssle1.setEnabledCipherSuites(suites);
256 ssle2.setEnabledCipherSuites(suites);
257
258 log("======================================");
259 log("===================");
260 log("client hello");
261 result1 = ssle1.wrap(appOut1, oneToTwo);
262 checkResult(appOut1, oneToTwo, result1,
263 Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);
264 oneToTwo.flip();
265
266 result2 = ssle2.unwrap(oneToTwo, appIn2);
267 checkResult(oneToTwo, appIn2, result2,
268 Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);
269 runDelegatedTasks(ssle2);
270 oneToTwo.compact();
271
272 log("===================");
273 log("ServerHello");
274 result2 = ssle2.wrap(appOut2, twoToOne);
275 checkResult(appOut2, twoToOne, result2,
276 Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);
277 twoToOne.flip();
278
279 log("Message length of ServerHello series: " + twoToOne.remaining());
280 if (twoToOne.remaining() < (lenServerKeyEx - KEY_LEN_BIAS) ||
281 twoToOne.remaining() > lenServerKeyEx) {
282 throw new Exception(
283 "Expected to generate ServerHello series messages of " +
284 lenServerKeyEx + " bytes, but not " + twoToOne.remaining());
285 }
286
287 result1 = ssle1.unwrap(twoToOne, appIn1);
288 checkResult(twoToOne, appIn1, result1,
289 Status.OK, HandshakeStatus.NEED_TASK, result2.bytesProduced(), 0);
290 runDelegatedTasks(ssle1);
291 twoToOne.compact();
292
293 log("===================");
294 log("Key Exchange");
295 result1 = ssle1.wrap(appOut1, oneToTwo);
296 checkResult(appOut1, oneToTwo, result1,
297 Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);
298 oneToTwo.flip();
299
300 log("Message length of ClientKeyExchange: " + oneToTwo.remaining());
301 if (oneToTwo.remaining() < (lenClientKeyEx - KEY_LEN_BIAS) ||
302 oneToTwo.remaining() > lenClientKeyEx) {
303 throw new Exception(
304 "Expected to generate ClientKeyExchange message of " +
305 lenClientKeyEx + " bytes, but not " + oneToTwo.remaining());
306 }
307 result2 = ssle2.unwrap(oneToTwo, appIn2);
308 checkResult(oneToTwo, appIn2, result2,
309 Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0);
310 runDelegatedTasks(ssle2);
311 oneToTwo.compact();
312
313 log("===================");
314 log("Client CCS");
315 result1 = ssle1.wrap(appOut1, oneToTwo);
316 checkResult(appOut1, oneToTwo, result1,
317 Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);
318 oneToTwo.flip();
319
320 result2 = ssle2.unwrap(oneToTwo, appIn2);
321 checkResult(oneToTwo, appIn2, result2,
322 Status.OK, HandshakeStatus.NEED_UNWRAP,
323 result1.bytesProduced(), 0);
324 oneToTwo.compact();
325
326 log("===================");
327 log("Client Finished");
328 result1 = ssle1.wrap(appOut1, oneToTwo);
329 checkResult(appOut1, oneToTwo, result1,
330 Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1);
331 oneToTwo.flip();
332
333 result2 = ssle2.unwrap(oneToTwo, appIn2);
334 checkResult(oneToTwo, appIn2, result2,
335 Status.OK, HandshakeStatus.NEED_WRAP,
336 result1.bytesProduced(), 0);
337 oneToTwo.compact();
338
339 log("===================");
340 log("Server CCS");
341 result2 = ssle2.wrap(appOut2, twoToOne);
342 checkResult(appOut2, twoToOne, result2,
343 Status.OK, HandshakeStatus.NEED_WRAP, 0, -1);
344 twoToOne.flip();
345
346 result1 = ssle1.unwrap(twoToOne, appIn1);
347 checkResult(twoToOne, appIn1, result1,
348 Status.OK, HandshakeStatus.NEED_UNWRAP, result2.bytesProduced(), 0);
349 twoToOne.compact();
350
351 log("===================");
352 log("Server Finished");
353 result2 = ssle2.wrap(appOut2, twoToOne);
354 checkResult(appOut2, twoToOne, result2,
355 Status.OK, HandshakeStatus.FINISHED, 0, -1);
356 twoToOne.flip();
357
358 result1 = ssle1.unwrap(twoToOne, appIn1);
359 checkResult(twoToOne, appIn1, result1,
360 Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0);
361 twoToOne.compact();
362
363 log("===================");
364 log("Check Session/Ciphers");
365 String cs = ssle1.getSession().getCipherSuite();
366 if (!cs.equals(suites[0])) {
367 throw new Exception("suites not equal: " + cs + "/" + suites[0]);
368 }
369
370 cs = ssle2.getSession().getCipherSuite();
371 if (!cs.equals(suites[0])) {
372 throw new Exception("suites not equal: " + cs + "/" + suites[0]);
373 }
374
375 log("===================");
376 log("Done with SSL/TLS handshaking");
377 }
378
379 public static void main(String args[]) throws Exception {
380 // reset the security property to make sure that the algorithms
381 // and keys used in this test are not disabled.
382 Security.setProperty("jdk.tls.disabledAlgorithms", "");
383
384 if (args.length != 4) {
385 System.out.println(
386 "Usage: java DHEKeySizing cipher-suite " +
387 "exportable(true|false)\n" +
388 " size-of-server-hello-record size-of-client-key-exchange");
389 throw new Exception("Incorrect usage!");
390 }
391
392 (new DHEKeySizing()).test(args[0],
393 Boolean.parseBoolean(args[1]),
394 Integer.parseInt(args[2]),
395 Integer.parseInt(args[3]));
396 System.out.println("Test Passed.");
397 }
398
399 /*
400 * **********************************************************
401 * Majority of the test case is above, below is just setup stuff
402 * **********************************************************
403 */
404
405 public DHEKeySizing() throws Exception {
406 sslc = getSSLContext();
407 }
408
409 /*
410 * Create an initialized SSLContext to use for this test.
411 */
412 private SSLContext getSSLContext() throws Exception {
413
414 // generate certificate from cert string
415 CertificateFactory cf = CertificateFactory.getInstance("X.509");
416
417 // create a key store
418 KeyStore ts = KeyStore.getInstance("JKS");
419 KeyStore ks = KeyStore.getInstance("JKS");
420 ts.load(null, null);
421 ks.load(null, null);
422
423 // import the trused cert
424 ByteArrayInputStream is =
425 new ByteArrayInputStream(trustedCertStr.getBytes());
426 Certificate trusedCert = cf.generateCertificate(is);
427 is.close();
428 ts.setCertificateEntry("rsa-trusted-2048", trusedCert);
429
430 // generate the private key.
431 String keySpecStr = targetPrivateKey;
432 PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
433 Base64.getMimeDecoder().decode(keySpecStr));
434 KeyFactory kf = KeyFactory.getInstance("RSA");
435 RSAPrivateKey priKey = (RSAPrivateKey)kf.generatePrivate(priKeySpec);
436
437 Certificate[] chain = new Certificate[1];
438 chain[0] = trusedCert;
439
440 // import the key entry.
441 ks.setKeyEntry("rsa-key-2048", priKey, passphrase, chain);
442
443 // create SSL context
444 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
445 kmf.init(ks, passphrase);
446
447 TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
448 tmf.init(ts);
449
450 SSLContext sslCtx = SSLContext.getInstance("TLSv1");
451 sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
452
453 return sslCtx;
454 }
455
456 private void createBuffers() {
457 // Size the buffers as appropriate.
458
459 SSLSession session = ssle1.getSession();
460 int appBufferMax = session.getApplicationBufferSize();
461 int netBufferMax = session.getPacketBufferSize();
462
463 appIn1 = ByteBuffer.allocateDirect(appBufferMax + 50);
464 appIn2 = ByteBuffer.allocateDirect(appBufferMax + 50);
465
466 oneToTwo = ByteBuffer.allocateDirect(netBufferMax);
467 twoToOne = ByteBuffer.allocateDirect(netBufferMax);
468
469 appOut1 = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes());
470 appOut2 = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes());
471
472 log("AppOut1 = " + appOut1);
473 log("AppOut2 = " + appOut2);
474 log("");
475 }
476
477 private static void runDelegatedTasks(SSLEngine engine) throws Exception {
478
479 Runnable runnable;
480 while ((runnable = engine.getDelegatedTask()) != null) {
481 log("running delegated task...");
482 runnable.run();
483 }
484 }
485
486 private static void log(String str) {
487 if (debug) {
488 System.out.println(str);
489 }
490 }
491 }