我在NIO SSL握手时遇到以下异常。在握手过程中,
在客户端,
a)NEED_WRAP
b)NEED_UNWRAP
c)NEED_TASK
d)NEED_UNWRAP - 在调用unwrap时获得以下异常。
javax.net.ssl.SSLProtocolException: Handshake message sequence violation, 1
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1371)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at com.ipay.ssl.SSlClientNio.doHandshake(SSlClientNio.java:65)
at com.ipay.ssl.SSlClientNio.main(SSlClientNio.java:220)
javax.net.ssl.SSLProtocolException: Handshake message sequence violation, 1
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:133)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:808)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:806)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1299)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
请告诉我,我所关注的握手顺序是否正确。我完全停留在握手部分。
// Editied
以下是握手代码。
void doHandshake(SelectionKey key, SSLEngine engine,
ByteBuffer myNetData, ByteBuffer peerNetData) throws Exception {
SocketChannel socketChannel = (SocketChannel)key.channel();
// Create byte buffers to use for holding application data
int appBufferSize = engine.getSession().getApplicationBufferSize();
ByteBuffer myAppData = ByteBuffer.allocate(appBufferSize);
// Begin handshake
engine.beginHandshake();
SSLEngineResult.HandshakeStatus hs = engine.getHandshakeStatus();
System.out.println("handshake"+hs);
// Process handshaking message
while (hs != SSLEngineResult.HandshakeStatus.FINISHED &&
hs != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
switch (hs) {
case NEED_UNWRAP:
System.out.println("Reached NEED UNWRAP");
// Receive handshaking data from peer
if (socketChannel.read(myNetData) < 0) {
// Handle closed channel
System.out.println("not able toRead data from channel to buffer at client");
}
myNetData.flip();
// Process incoming handshaking data
if(myNetData.limit() == 0)
{
myNetData.clear();
break;
}
myAppData.clear();
System.out.println("checking limit"+myNetData.limit());
SSLEngineResult res = engine.unwrap(myNetData, myAppData);
myNetData.compact();
// Getting handshake status
hs = res.getHandshakeStatus();
System.out.println("Debugging in NEED_UNWRAP-->"+hs);
// Check status
switch (res.getStatus()) {
case OK :
// Handle OK status
System.out.println("OK");
break;
case BUFFER_OVERFLOW:
System.out.println("BUFFER OVERFLOW");
break;
case BUFFER_UNDERFLOW:
System.out.println("BUFFER UNDERFLOW");
break;
case CLOSED:
System.out.println("CLOSED");
break;
// Handle other status: BUFFER_UNDERFLOW, BUFFER_OVERFLOW, CLOSED
// ...
}
break;
case NEED_WRAP :
System.out.println("Reached NEED WRAP");
// Empty the local network packet buffer.
myNetData.clear();
// Generate handshaking data
res = engine.wrap(myAppData, myNetData);
// Getting handshake status
hs = res.getHandshakeStatus();
System.out.println("Debugging in NEED_WRAP-->"+hs);
System.out.println(engine.getSession().getApplicationBufferSize());
System.out.println(myNetData.capacity());
// Check status
switch (res.getStatus()) {
case OK :
System.out.println("OK");
myNetData.flip();
// Send the handshaking data to peer
while (myNetData.hasRemaining()) {
if (socketChannel.write(myNetData) < 0) {
// closing socket channel
}
}
break;
case BUFFER_OVERFLOW:
System.out.println("BUFFER OVERFLOW");
break;
case BUFFER_UNDERFLOW:
System.out.println("BUFFER UNDERFLOW");
break;
case CLOSED:
System.out.println("CLOSED");
break;
// Handle other status: BUFFER_OVERFLOW, BUFFER_UNDERFLOW, CLOSED
// ...
}
break;
case NEED_TASK :
System.out.println("NEED TASK");
System.out.println("Debugging in NEED_TASK-->"+hs);
Runnable task;
while((task=engine.getDelegatedTask()) != null)
{
System.out.println("Inside while loop");
ExecutorService executorService = Executors.newFixedThreadPool(1);
executorService.execute(task);
// Handle blocking tasks
}
// Whether following code is required
hs=engine.getHandshakeStatus();
System.out.println("Printing"+engine.getHandshakeStatus());
break;
case FINISHED:
System.out.println("Debugging in FINISHED-->"+hs);
System.out.println("handshake done");
break;
//...
}
}
// Processes after handshaking
//...
}
//更新EXCEPTION ...
我在服务器端遇到异常。 我用Google搜索了。但是不知道。
请帮我这一部分..
javax.net.ssl.SSLProtocolException: Handshake message sequence violation, state = 1, type=1
javax.net.ssl.SSLProtocolException: Handshake message sequence violation, state = 1, type = 1
at sun.security.ssl.Handshaker.checkThrown(Unknown Source)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
at com.ipay.ssl.SSLServerNio.doHandshake(SSLServerNio.java:55)
at com.ipay.ssl.SSLServerNio.main(SSLServerNio.java:216)
Caused by: javax.net.ssl.SSLProtocolException: Handshake message sequence violation, state = 1, type = 1
at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at sun.security.ssl.Handshaker$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Varghese分析
答案 0 :(得分:2)
你不应该跟随&#39;一个&#39;序列&#39;使用SSLEngine时。您应该对其提供的状态和例外做出反应:
NEED_WRAP:从应用程序发送缓冲区向网络发送缓冲区执行wrap() NEED_UNWRAP:从网络接收缓冲区向应用程序接收缓冲区执行unwrap() BUFFER_OVERFLOW:在网络发送缓冲区上执行flip()/write()/compact(),或在应用程序接收缓冲区上执行flip()/get()/compact() BUFFER_UNDERFLOW:在网络接收缓冲区上执行read(),或者在应用程序发送缓冲区中没有任何内容。编辑这是什么?
if(myNetData.limit() == 0)
{
myNetData.clear();
}
这个?
case NEED_WRAP:
myNetData.clear();
你不能丢弃引擎数据。完全摆脱这些。除了flip(), compact(), wrap(),和unwrap().之外,您无法对网络发送或接收缓冲区执行任何操作。此外,您还没有单独的网络发送和接收缓冲区。你需要两者。您需要四个:net send,net receive,application send和application receive。网络缓冲区需要具有SSLEngine.
除此之外,你并没有像我上面所说的那样完全做出反应。例如,走NEED_UNWRAP路径。你应该:
unwrap()从net recv缓冲区到应用程序接收缓冲区。BUFFER_UNDERFLOW,read()进入净接收缓冲区并重复(1)。 NEED_WRAP:
wrap()从应用程序发送缓冲区到网络发送缓冲区。BUFFER_OVERFLOW,write()并重复3。当您需要阅读申请数据时:
flip()/get()/compact()。BufferUnderflowException,unwrap()并重复,请注意unwrap()可能导致NEED_WRAP或NEED_WRAP或{{1} }或BUFFER_UNDERFLOW 当您需要编写应用程序数据时:
BUFFER_OVERFLOW.进入应用程序发送缓冲区。put(),BufferOverflowException,请注意flip()/wrap()/compact()可能导致wrap()或NEED_WRAP或NEED_WRAP或BUFFER_UNDERFLOW。