Path: blob/master/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
41159 views
/*1* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package javax.net.ssl;2627/**28* An encapsulation of the result state produced by29* {@code SSLEngine} I/O calls.30*31* <p> A {@code SSLEngine} provides a means for establishing32* secure communication sessions between two peers. {@code SSLEngine}33* operations typically consume bytes from an input buffer and produce34* bytes in an output buffer. This class provides operational result35* values describing the state of the {@code SSLEngine}, including36* indications of what operations are needed to finish an37* ongoing handshake. Lastly, it reports the number of bytes consumed38* and produced as a result of this operation.39*40* @see SSLEngine41* @see SSLEngine#wrap(ByteBuffer, ByteBuffer)42* @see SSLEngine#unwrap(ByteBuffer, ByteBuffer)43*44* @author Brad R. Wetmore45* @since 1.546*/4748public class SSLEngineResult {4950/**51* An {@code SSLEngineResult} enum describing the overall result52* of the {@code SSLEngine} operation.53*54* The {@code Status} value does not reflect the55* state of a {@code SSLEngine} handshake currently56* in progress. The {@code SSLEngineResult's HandshakeStatus}57* should be consulted for that information.58*59* @author Brad R. Wetmore60* @since 1.561*/62public static enum Status {6364/**65* The {@code SSLEngine} was not able to unwrap the66* incoming data because there were not enough source bytes67* available to make a complete packet.68*69* <P>70* Repeat the call once more bytes are available.71*/72BUFFER_UNDERFLOW,7374/**75* The {@code SSLEngine} was not able to process the76* operation because there are not enough bytes available in the77* destination buffer to hold the result.78* <P>79* Repeat the call once more bytes are available.80*81* @see SSLSession#getPacketBufferSize()82* @see SSLSession#getApplicationBufferSize()83*/84BUFFER_OVERFLOW,8586/**87* The {@code SSLEngine} completed the operation, and88* is available to process similar calls.89*/90OK,9192/**93* The operation just closed this side of the94* {@code SSLEngine}, or the operation95* could not be completed because it was already closed.96*/97CLOSED;98}99100/**101* An {@code SSLEngineResult} enum describing the current102* handshaking state of this {@code SSLEngine}.103*104* @author Brad R. Wetmore105* @since 1.5106*/107public static enum HandshakeStatus {108109/**110* The {@code SSLEngine} is not currently handshaking.111*/112NOT_HANDSHAKING,113114/**115* The {@code SSLEngine} has just finished handshaking.116* <P>117* This value is only generated by a call to118* {@code SSLEngine.wrap()/unwrap()} when that call119* finishes a handshake. It is never generated by120* {@code SSLEngine.getHandshakeStatus()}.121*122* @see SSLEngine#wrap(ByteBuffer, ByteBuffer)123* @see SSLEngine#unwrap(ByteBuffer, ByteBuffer)124* @see SSLEngine#getHandshakeStatus()125*/126FINISHED,127128/**129* The {@code SSLEngine} needs the results of one (or more)130* delegated tasks before handshaking can continue.131*132* @see SSLEngine#getDelegatedTask()133*/134NEED_TASK,135136/**137* The {@code SSLEngine} must send data to the remote side138* before handshaking can continue, so {@code SSLEngine.wrap()}139* should be called.140*141* @see SSLEngine#wrap(ByteBuffer, ByteBuffer)142*/143NEED_WRAP,144145/**146* The {@code SSLEngine} needs to receive data from the147* remote side before handshaking can continue.148*/149NEED_UNWRAP,150151/**152* The {@code SSLEngine} needs to unwrap before handshaking can153* continue.154* <P>155* This value is used to indicate that not-yet-interpreted data156* has been previously received from the remote side, and does157* not need to be received again.158* <P>159* This handshake status only applies to DTLS.160*161* @since 9162*/163NEED_UNWRAP_AGAIN;164}165166167private final Status status;168private final HandshakeStatus handshakeStatus;169private final int bytesConsumed;170private final int bytesProduced;171private final long sequenceNumber;172173/**174* Initializes a new instance of this class.175*176* @param status177* the return value of the operation.178*179* @param handshakeStatus180* the current handshaking status.181*182* @param bytesConsumed183* the number of bytes consumed from the source ByteBuffer184*185* @param bytesProduced186* the number of bytes placed into the destination ByteBuffer187*188* @throws IllegalArgumentException189* if the {@code status} or {@code handshakeStatus}190* arguments are null, or if {@code bytesConsumed} or191* {@code bytesProduced} is negative.192*/193public SSLEngineResult(Status status, HandshakeStatus handshakeStatus,194int bytesConsumed, int bytesProduced) {195this(status, handshakeStatus, bytesConsumed, bytesProduced, -1);196}197198/**199* Initializes a new instance of this class.200*201* @param status202* the return value of the operation.203*204* @param handshakeStatus205* the current handshaking status.206*207* @param bytesConsumed208* the number of bytes consumed from the source ByteBuffer209*210* @param bytesProduced211* the number of bytes placed into the destination ByteBuffer212*213* @param sequenceNumber214* the sequence number (unsigned long) of the produced or215* consumed SSL/TLS/DTLS record, or {@code -1L} if no record216* produced or consumed217*218* @throws IllegalArgumentException219* if the {@code status} or {@code handshakeStatus}220* arguments are null, or if {@code bytesConsumed} or221* {@code bytesProduced} is negative222*223* @since 9224*/225public SSLEngineResult(Status status, HandshakeStatus handshakeStatus,226int bytesConsumed, int bytesProduced, long sequenceNumber) {227228if ((status == null) || (handshakeStatus == null) ||229(bytesConsumed < 0) || (bytesProduced < 0)) {230throw new IllegalArgumentException("Invalid Parameter(s)");231}232233this.status = status;234this.handshakeStatus = handshakeStatus;235this.bytesConsumed = bytesConsumed;236this.bytesProduced = bytesProduced;237this.sequenceNumber = sequenceNumber;238}239240/**241* Gets the return value of this {@code SSLEngine} operation.242*243* @return the return value244*/245public final Status getStatus() {246return status;247}248249/**250* Gets the handshake status of this {@code SSLEngine}251* operation.252*253* @return the handshake status254*/255public final HandshakeStatus getHandshakeStatus() {256return handshakeStatus;257}258259/**260* Returns the number of bytes consumed from the input buffer.261*262* @return the number of bytes consumed.263*/264public final int bytesConsumed() {265return bytesConsumed;266}267268/**269* Returns the number of bytes written to the output buffer.270*271* @return the number of bytes produced272*/273public final int bytesProduced() {274return bytesProduced;275}276277/**278* Returns the sequence number of the produced or consumed SSL/TLS/DTLS279* record (optional operation).280*281* @apiNote Note that sequence number is an unsigned long and cannot282* exceed {@code -1L}. It is desired to use the unsigned283* long comparing mode for comparison of unsigned long values284* (see also {@link java.lang.Long#compareUnsigned(long, long)285* Long.compareUnsigned()}).286* <P>287* For DTLS protocols, the first 16 bits of the sequence288* number is a counter value (epoch) that is incremented on289* every cipher state change. The remaining 48 bits on the290* right side of the sequence number represents the sequence291* of the record, which is maintained separately for each epoch.292*293* @implNote It is recommended that providers should never allow the294* sequence number incremented to {@code -1L}. If the sequence295* number is close to wrapping, renegotiate should be requested,296* otherwise the connection should be closed immediately.297* This should be carried on automatically by the underlying298* implementation.299*300* @return the sequence number of the produced or consumed SSL/TLS/DTLS301* record; or {@code -1L} if no record is produced or consumed,302* or this operation is not supported by the underlying provider303*304* @see java.lang.Long#compareUnsigned(long, long)305*306* @since 9307*/308public final long sequenceNumber() {309return sequenceNumber;310}311312/**313* Returns a String representation of this object.314*/315@Override316public String toString() {317return ("Status = " + status +318" HandshakeStatus = " + handshakeStatus +319"\nbytesConsumed = " + bytesConsumed +320" bytesProduced = " + bytesProduced +321(sequenceNumber == -1 ? "" :322" sequenceNumber = " + Long.toUnsignedString(sequenceNumber)));323}324}325326327