1 /* 2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 // 25 // SunJSSE does not support dynamic system properties, no way to re-use 26 // system properties in samevm/agentvm mode. 27 // 28 29 /* 30 * @test 31 * @bug 6956398 32 * @summary make ephemeral DH key match the length of the certificate key 33 * @run main/othervm 34 * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75 35 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched 36 * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75 37 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy 38 * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75 39 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024 40 * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75 41 * 42 * @run main/othervm 43 * DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA true 292 75 44 * 45 * @run main/othervm 46 * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1510 139 47 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy 48 * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1414 107 49 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched 50 * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1894 267 51 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024 52 * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1510 139 53 * 54 * @run main/othervm 55 * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 484 139 56 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy 57 * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 388 107 58 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched 59 * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 484 139 60 * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024 61 * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 484 139 62 */ 63 64 /* 65 * This is a simple hack to test key sizes of Diffie-Hellman key exchanging 66 * during SSL/TLS handshaking. 67 * 68 * The record length of DH ServerKeyExchange and ClientKeyExchange. 69 * ServerKeyExchange message are wrapped in ServerHello series messages, which 70 * contains ServerHello, Certificate and ServerKeyExchange message. 71 * 72 * struct { 73 * opaque dh_p<1..2^16-1>; 74 * opaque dh_g<1..2^16-1>; 75 * opaque dh_Ys<1..2^16-1>; 76 * } ServerDHParams; // Ephemeral DH parameters 77 * 78 * struct { 79 * select (PublicValueEncoding) { 80 * case implicit: struct { }; 81 * case explicit: opaque dh_Yc<1..2^16-1>; 82 * } dh_public; 83 * } ClientDiffieHellmanPublic; 84 * 85 * Fomr above structures, it is clear that if the DH key size increasing 128 86 * bits (16 bytes), the ServerHello series messages increases 48 bytes 87 * (becuase dh_p, dh_g and dh_Ys each increase 16 bytes) and ClientKeyExchange 88 * increases 16 bytes (because of the size increasing of dh_Yc). 89 * 90 * Here is a summary of the record length in the test case. 91 * 92 * | ServerHello Series | ClientKeyExchange | ServerHello Anon 93 * 512-bit | 1318 bytes | 75 bytes | 292 bytes 94 * 768-bit | 1414 bytes | 107 bytes | 388 bytes 95 * 1024-bit | 1510 bytes | 139 bytes | 484 bytes 96 * 2048-bit | 1894 bytes | 267 bytes | 484 bytes 97 */ 98 99 import javax.net.ssl.*; 100 import javax.net.ssl.SSLEngineResult.*; 101 import java.io.*; 102 import java.nio.*; 103 import java.security.KeyStore; 104 import java.security.KeyFactory; 105 import java.security.Security; 106 import java.security.cert.Certificate; 107 import java.security.cert.CertificateFactory; 108 import java.security.spec.PKCS8EncodedKeySpec; 109 import java.security.interfaces.*; 110 import java.util.Base64; 111 112 public class DHEKeySizing { 113 114 private final static boolean debug = true; 115 116 // key length bias because of the stripping of leading zero bytes of 117 // negotiated DH keys. 118 // 119 // This is an effort to mimum intermittent failure when we cannot 120 // estimate what's the exact number of leading zero bytes of 121 // negotiated DH keys. 122 private final static int KEY_LEN_BIAS = 6; 123 124 private SSLContext sslc; 125 private SSLEngine ssle1; // client 126 private SSLEngine ssle2; // server 127 128 private ByteBuffer appOut1; // write side of ssle1 129 private ByteBuffer appIn1; // read side of ssle1 130 private ByteBuffer appOut2; // write side of ssle2 131 private ByteBuffer appIn2; // read side of ssle2 132 133 private ByteBuffer oneToTwo; // "reliable" transport ssle1->ssle2 134 private ByteBuffer twoToOne; // "reliable" transport ssle2->ssle1 135 136 /* 137 * Where do we find the keystores? 138 */ 139 // Certificates and key used in the test. 140 static String trustedCertStr = 141 "-----BEGIN CERTIFICATE-----\n" + 142 "MIIC8jCCAdqgAwIBAgIEUjkuRzANBgkqhkiG9w0BAQUFADA7MR0wGwYDVQQLExRT\n" + 143 "dW5KU1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMw\n" + 144 "HhcNMTMwOTE4MDQzODMxWhcNMTMxMjE3MDQzODMxWjA7MR0wGwYDVQQLExRTdW5K\n" + 145 "U1NFIFRlc3QgU2VyaXZjZTENMAsGA1UEChMESmF2YTELMAkGA1UEBhMCVVMwggEi\n" + 146 "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCO+IGeaskJAvEcYc7pCl9neK3E\n" + 147 "a28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0LKXArpI3thLNK\n" + 148 "QLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO19FbjxAfInJqk\n" + 149 "3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ7MrIOqHPd+8r\n" + 150 "RbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTkM65T1hnnOv5n\n" + 151 "ZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+PqPgWNl3+/AgMB\n" + 152 "AAEwDQYJKoZIhvcNAQEFBQADggEBAAlrP6DFLRPSy0IgQhcI2i56tR/na8pezSte\n" + 153 "ZHcCdaCZPDy4UP8mpLJ9QCjEB5VJv8hPm4xdK7ULnKGOGHgYqDpV2ZHvQlhV1woQ\n" + 154 "TZGb/LM3c6kAs0j4j9KM2fq3iYUYexjIkS1KzsziflxMM6igS9BRMBR2LQyU+cYq\n" + 155 "YEsFzkF7Aj2ET4v/+tgot9mRr2NioJcaJkdsPDpMU3IKB1cczfu+OuLQ/GCG0Fqu\n" + 156 "6ijCeCqfnaAbemHbJeVZZ6Qgka3uC2YMntLBmLkhqEo1d9zGYLoh7oWL77y5ibQZ\n" + 157 "LK5/H/zikcu579TWjlDHcqL3arCwBcrtsjSaPrRSWMrWV/6c0qw=\n" + 158 "-----END CERTIFICATE-----"; 159 160 // Private key in the format of PKCS#8 161 static String targetPrivateKey = 162 "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCO+IGeaskJAvEc\n" + 163 "Yc7pCl9neK3Ea28fwWLtChufYNaC9hQfZlUdETWYjV7fZJVJKT/oLzdDNMWuVA0L\n" + 164 "KXArpI3thLNKQLXisdF9hKPlZRDazACL9kWUUtJ0FzpEySK4e8wW/z9FuU6e6iO1\n" + 165 "9FbjxAfInJqk3EDiEhB5g73S2vtvPCxgq2DvWw9TDl/LIqdKG2JCS93koXCCaHmQ\n" + 166 "7MrIOqHPd+8rRbGpatXT9qyHKppUv9ATxVygO4rA794mgCFxpT+fkhz+NEB0twTk\n" + 167 "M65T1hnnOv5nZIxkcjBggt85UlZtnP3b9P7SYxsWIa46Oc38Od2f3YejfVg6B+Pq\n" + 168 "PgWNl3+/AgMBAAECggEAPdb5Ycc4m4A9QBSCRcRpzbyiFLKPh0HDg1n65q4hOtYr\n" + 169 "kAVYTVFTSF/lqGS+Ob3w2YIKujQKSUQrvCc5UHdFuHXMgxKIWbymK0+DAMb9SlYw\n" + 170 "6lkkcWp9gx9E4dnJ/df2SAAxovvrKMuHlL1SFASHhVtPfH2URvSfUaANLDXxyYOs\n" + 171 "8BX0Nr6wazhWjLjXo9yIGnKSvFfB8XisYcA78kEgas43zhmIGCDPqaYyyffOfRbx\n" + 172 "pM1KNwGmlN86iWR1CbwA/wwhcMySWQueS+s7cHbpRqZIYJF9jEeELiwi0vxjealS\n" + 173 "EMuHYedIRFMWaDIq9XyjrvXamHb0Z25jlXBNZHaM0QKBgQDE9adl+zAezR/n79vw\n" + 174 "0XiX2Fx1UEo3ApZHuoA2Q/PcBk+rlKqqQ3IwTcy6Wo648wK7v6Nq7w5nEWcsf0dU\n" + 175 "QA2Ng/AJEev/IfF34x7sKGYxtk1gcE0EuSBA3R+ocEZxnNw1Ryd5nUU24s8d4jCP\n" + 176 "Mkothnyaim+zE2raDlEtVc0CaQKBgQC509av+02Uq5oMjzbQp5PBJfQFjATOQT15\n" + 177 "eefYnVYurkQ1kcVfixkrO2ORhg4SjmI2Z5hJDgGtXdwgidpzkad+R2epS5qLMyno\n" + 178 "lQVpY6bMpEZ7Mos0yQygxnm8uNohEcTExOe+nP5fNJVpzBsGmfeyYOhnPQlf6oqf\n" + 179 "0cHizedb5wKBgQC/l5LyMil6HOGHlhzmIm3jj7VI7QR0hJC5T6N+phVml8ESUDjA\n" + 180 "DYHbmSKouISTRtkG14FY+RiSjCxH7bvuKazFV2289PETquogTA/9e8MFYqfcQwG4\n" + 181 "sXi9gBxWlnj/9a2EKiYtOB5nKLR/BlNkSHA93tAA6N+FXEMZwMmYhxk42QKBgAuY\n" + 182 "HQgD3PZOsqDf+qKQIhbmAFCsSMx5o5VFtuJ8BpmJA/Z3ruHkMuDQpsi4nX4o5hXQ\n" + 183 "5t6AAjjH52kcUMXvK40kdWJJtk3DFnVNfvXxYsHX6hHbuHXFqYUKfSP6QJnZmvZP\n" + 184 "9smcz/4usLfWJUWHK740b6upUkFqx9Vq5/b3s9y3AoGAdM5TW7LkkOFsdMGVAUzR\n" + 185 "9iXmCWElHTK2Pcp/3yqDBHSfiQx6Yp5ANyPnE9NBM0yauCfOyBB2oxLO4Rdv3Rqk\n" + 186 "9V9kyR/YAGr7dJaPcQ7pZX0OpkzgueAOJYPrx5VUzPYUtklYV1ycFZTfKlpFCxT+\n" + 187 "Ei6KUo0NXSdUIcB4yib1J10="; 188 189 static char passphrase[] = "passphrase".toCharArray(); 190 191 /* 192 * Majority of the test case is here, setup is done below. 193 */ 194 195 private void createSSLEngines() throws Exception { 196 ssle1 = sslc.createSSLEngine("client", 1); 197 ssle1.setUseClientMode(true); 198 199 ssle2 = sslc.createSSLEngine("server", 2); 200 ssle2.setUseClientMode(false); 201 } 202 203 private boolean isHandshaking(SSLEngine e) { 204 return (e.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING); 205 } 206 207 private void checkResult(ByteBuffer bbIn, ByteBuffer bbOut, 208 SSLEngineResult result, 209 Status status, HandshakeStatus hsStatus, 210 int consumed, int produced) 211 throws Exception { 212 213 if ((status != null) && (result.getStatus() != status)) { 214 throw new Exception("Unexpected Status: need = " + status + 215 " got = " + result.getStatus()); 216 } 217 218 if ((hsStatus != null) && (result.getHandshakeStatus() != hsStatus)) { 219 throw new Exception("Unexpected hsStatus: need = " + hsStatus + 220 " got = " + result.getHandshakeStatus()); 221 } 222 223 if ((consumed != -1) && (consumed != result.bytesConsumed())) { 224 throw new Exception("Unexpected consumed: need = " + consumed + 225 " got = " + result.bytesConsumed()); 226 } 227 228 if ((produced != -1) && (produced != result.bytesProduced())) { 229 throw new Exception("Unexpected produced: need = " + produced + 230 " got = " + result.bytesProduced()); 231 } 232 233 if ((consumed != -1) && (bbIn.position() != result.bytesConsumed())) { 234 throw new Exception("Consumed " + bbIn.position() + 235 " != " + consumed); 236 } 237 238 if ((produced != -1) && (bbOut.position() != result.bytesProduced())) { 239 throw new Exception("produced " + bbOut.position() + 240 " != " + produced); 241 } 242 } 243 244 private void test(String cipherSuite, boolean exportable, 245 int lenServerKeyEx, int lenClientKeyEx) throws Exception { 246 247 createSSLEngines(); 248 createBuffers(); 249 250 SSLEngineResult result1; // ssle1's results from last operation 251 SSLEngineResult result2; // ssle2's results from last operation 252 253 String[] suites = new String [] {cipherSuite}; 254 255 ssle1.setEnabledCipherSuites(suites); 256 ssle2.setEnabledCipherSuites(suites); 257 258 log("======================================"); 259 log("==================="); 260 log("client hello"); 261 result1 = ssle1.wrap(appOut1, oneToTwo); 262 checkResult(appOut1, oneToTwo, result1, 263 Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1); 264 oneToTwo.flip(); 265 266 result2 = ssle2.unwrap(oneToTwo, appIn2); 267 checkResult(oneToTwo, appIn2, result2, 268 Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); 269 runDelegatedTasks(ssle2); 270 oneToTwo.compact(); 271 272 log("==================="); 273 log("ServerHello"); 274 result2 = ssle2.wrap(appOut2, twoToOne); 275 checkResult(appOut2, twoToOne, result2, 276 Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1); 277 twoToOne.flip(); 278 279 log("Message length of ServerHello series: " + twoToOne.remaining()); 280 if (twoToOne.remaining() < (lenServerKeyEx - KEY_LEN_BIAS) || 281 twoToOne.remaining() > lenServerKeyEx) { 282 throw new Exception( 283 "Expected to generate ServerHello series messages of " + 284 lenServerKeyEx + " bytes, but not " + twoToOne.remaining()); 285 } 286 287 result1 = ssle1.unwrap(twoToOne, appIn1); 288 checkResult(twoToOne, appIn1, result1, 289 Status.OK, HandshakeStatus.NEED_TASK, result2.bytesProduced(), 0); 290 runDelegatedTasks(ssle1); 291 twoToOne.compact(); 292 293 log("==================="); 294 log("Key Exchange"); 295 result1 = ssle1.wrap(appOut1, oneToTwo); 296 checkResult(appOut1, oneToTwo, result1, 297 Status.OK, HandshakeStatus.NEED_WRAP, 0, -1); 298 oneToTwo.flip(); 299 300 log("Message length of ClientKeyExchange: " + oneToTwo.remaining()); 301 if (oneToTwo.remaining() < (lenClientKeyEx - KEY_LEN_BIAS) || 302 oneToTwo.remaining() > lenClientKeyEx) { 303 throw new Exception( 304 "Expected to generate ClientKeyExchange message of " + 305 lenClientKeyEx + " bytes, but not " + oneToTwo.remaining()); 306 } 307 result2 = ssle2.unwrap(oneToTwo, appIn2); 308 checkResult(oneToTwo, appIn2, result2, 309 Status.OK, HandshakeStatus.NEED_TASK, result1.bytesProduced(), 0); 310 runDelegatedTasks(ssle2); 311 oneToTwo.compact(); 312 313 log("==================="); 314 log("Client CCS"); 315 result1 = ssle1.wrap(appOut1, oneToTwo); 316 checkResult(appOut1, oneToTwo, result1, 317 Status.OK, HandshakeStatus.NEED_WRAP, 0, -1); 318 oneToTwo.flip(); 319 320 result2 = ssle2.unwrap(oneToTwo, appIn2); 321 checkResult(oneToTwo, appIn2, result2, 322 Status.OK, HandshakeStatus.NEED_UNWRAP, 323 result1.bytesProduced(), 0); 324 oneToTwo.compact(); 325 326 log("==================="); 327 log("Client Finished"); 328 result1 = ssle1.wrap(appOut1, oneToTwo); 329 checkResult(appOut1, oneToTwo, result1, 330 Status.OK, HandshakeStatus.NEED_UNWRAP, 0, -1); 331 oneToTwo.flip(); 332 333 result2 = ssle2.unwrap(oneToTwo, appIn2); 334 checkResult(oneToTwo, appIn2, result2, 335 Status.OK, HandshakeStatus.NEED_WRAP, 336 result1.bytesProduced(), 0); 337 oneToTwo.compact(); 338 339 log("==================="); 340 log("Server CCS"); 341 result2 = ssle2.wrap(appOut2, twoToOne); 342 checkResult(appOut2, twoToOne, result2, 343 Status.OK, HandshakeStatus.NEED_WRAP, 0, -1); 344 twoToOne.flip(); 345 346 result1 = ssle1.unwrap(twoToOne, appIn1); 347 checkResult(twoToOne, appIn1, result1, 348 Status.OK, HandshakeStatus.NEED_UNWRAP, result2.bytesProduced(), 0); 349 twoToOne.compact(); 350 351 log("==================="); 352 log("Server Finished"); 353 result2 = ssle2.wrap(appOut2, twoToOne); 354 checkResult(appOut2, twoToOne, result2, 355 Status.OK, HandshakeStatus.FINISHED, 0, -1); 356 twoToOne.flip(); 357 358 result1 = ssle1.unwrap(twoToOne, appIn1); 359 checkResult(twoToOne, appIn1, result1, 360 Status.OK, HandshakeStatus.FINISHED, result2.bytesProduced(), 0); 361 twoToOne.compact(); 362 363 log("==================="); 364 log("Check Session/Ciphers"); 365 String cs = ssle1.getSession().getCipherSuite(); 366 if (!cs.equals(suites[0])) { 367 throw new Exception("suites not equal: " + cs + "/" + suites[0]); 368 } 369 370 cs = ssle2.getSession().getCipherSuite(); 371 if (!cs.equals(suites[0])) { 372 throw new Exception("suites not equal: " + cs + "/" + suites[0]); 373 } 374 375 log("==================="); 376 log("Done with SSL/TLS handshaking"); 377 } 378 379 public static void main(String args[]) throws Exception { 380 // reset the security property to make sure that the algorithms 381 // and keys used in this test are not disabled. 382 Security.setProperty("jdk.tls.disabledAlgorithms", ""); 383 384 if (args.length != 4) { 385 System.out.println( 386 "Usage: java DHEKeySizing cipher-suite " + 387 "exportable(true|false)\n" + 388 " size-of-server-hello-record size-of-client-key-exchange"); 389 throw new Exception("Incorrect usage!"); 390 } 391 392 (new DHEKeySizing()).test(args[0], 393 Boolean.parseBoolean(args[1]), 394 Integer.parseInt(args[2]), 395 Integer.parseInt(args[3])); 396 System.out.println("Test Passed."); 397 } 398 399 /* 400 * ********************************************************** 401 * Majority of the test case is above, below is just setup stuff 402 * ********************************************************** 403 */ 404 405 public DHEKeySizing() throws Exception { 406 sslc = getSSLContext(); 407 } 408 409 /* 410 * Create an initialized SSLContext to use for this test. 411 */ 412 private SSLContext getSSLContext() throws Exception { 413 414 // generate certificate from cert string 415 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 416 417 // create a key store 418 KeyStore ts = KeyStore.getInstance("JKS"); 419 KeyStore ks = KeyStore.getInstance("JKS"); 420 ts.load(null, null); 421 ks.load(null, null); 422 423 // import the trused cert 424 ByteArrayInputStream is = 425 new ByteArrayInputStream(trustedCertStr.getBytes()); 426 Certificate trusedCert = cf.generateCertificate(is); 427 is.close(); 428 ts.setCertificateEntry("rsa-trusted-2048", trusedCert); 429 430 // generate the private key. 431 String keySpecStr = targetPrivateKey; 432 PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( 433 Base64.getMimeDecoder().decode(keySpecStr)); 434 KeyFactory kf = KeyFactory.getInstance("RSA"); 435 RSAPrivateKey priKey = (RSAPrivateKey)kf.generatePrivate(priKeySpec); 436 437 Certificate[] chain = new Certificate[1]; 438 chain[0] = trusedCert; 439 440 // import the key entry. 441 ks.setKeyEntry("rsa-key-2048", priKey, passphrase, chain); 442 443 // create SSL context 444 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); 445 kmf.init(ks, passphrase); 446 447 TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); 448 tmf.init(ts); 449 450 SSLContext sslCtx = SSLContext.getInstance("TLSv1"); 451 sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 452 453 return sslCtx; 454 } 455 456 private void createBuffers() { 457 // Size the buffers as appropriate. 458 459 SSLSession session = ssle1.getSession(); 460 int appBufferMax = session.getApplicationBufferSize(); 461 int netBufferMax = session.getPacketBufferSize(); 462 463 appIn1 = ByteBuffer.allocateDirect(appBufferMax + 50); 464 appIn2 = ByteBuffer.allocateDirect(appBufferMax + 50); 465 466 oneToTwo = ByteBuffer.allocateDirect(netBufferMax); 467 twoToOne = ByteBuffer.allocateDirect(netBufferMax); 468 469 appOut1 = ByteBuffer.wrap("Hi Engine2, I'm SSLEngine1".getBytes()); 470 appOut2 = ByteBuffer.wrap("Hello Engine1, I'm SSLEngine2".getBytes()); 471 472 log("AppOut1 = " + appOut1); 473 log("AppOut2 = " + appOut2); 474 log(""); 475 } 476 477 private static void runDelegatedTasks(SSLEngine engine) throws Exception { 478 479 Runnable runnable; 480 while ((runnable = engine.getDelegatedTask()) != null) { 481 log("running delegated task..."); 482 runnable.run(); 483 } 484 } 485 486 private static void log(String str) { 487 if (debug) { 488 System.out.println(str); 489 } 490 } 491 }