安卓的SSLEngine例子 [英] Android SSLEngine example
问题描述
我需要通过TLS TCP套接字一个应用程序,我正在工作。我经历过的几十个例子,虽然我没有问题,通过握手饶人,我似乎无法通过任何方法来读取输入流(尝试了很多,包括的ReadLine(),读到字符数组,等等)。每次我尝试,应用程序死机的那个地方。如果我调试,它从来不以code中的下一行。
在一个尝试性解决方案,我决定了转移到使用的SSLEngine,因为这应该是在Java 1.5的答案java.nio中的SSL。然而,我发现的一个的例子(此处为:<一href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/samples/sslengine/SSLEngineSimpleDemo.java" rel="nofollow">http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/samples/sslengine/SSLEngineSimpleDemo.java)这是多有点混乱给我,我也没有成功实现它。当我的展开()调用产生一个空的缓冲区,在那里我知道(从使用OpenSSL命令行),在服务问题推数据回落管道。
建议是受欢迎的,我烧了太多的时间在这了。以下是有关code:
的SSLEngine引擎= sslContext.createSSLEngine(uri.getHost(),uri.getPort());
engine.setUseClientMode(真正的);
engine.beginHandshake();
的SSLSession会话= engine.getSession();
INT bufferMax = session.getPacketBufferSize();
INT appBufferMax = session.getApplicationBufferSize()+ 50;
ByteBuffer的CTO = ByteBuffer.allocateDirect(bufferMax);
ByteBuffer的STO = ByteBuffer.allocateDirect(bufferMax);
ByteBuffer的OUT = ByteBuffer.wrap(sessionId.getBytes());
ByteBuffer的时间= ByteBuffer.allocate(appBufferMax);
调试(送秘密);
的SSLEngineResult RSLT = engine.wrap(满分,CTO);
调试(第一个结果:+ rslt.toString());
sTo.flip();
RSLT = engine.unwrap(申通快递,中);
调试(下一结果+ rslt.toString());
本实施缺少一些关键件。即握手可以在多个国家之间的反弹NEED_WRAP,NEED_UNWRAP,NEED_TASK协商的连接。这意味着你不能只叫一个,然后另一个。您将需要循环状态,直到握手已经完成。
而(握手){
开关(州){
案例NEED_WRAP:
doWrap();
打破;
案例NEED_UNWRAP:
doUnwrap();
打破;
案例NEED_TASK:
doTask();
打破;
}
}
现在这么说,你应该知道在的的SSLEngine Android的坏。谷歌建议,根据该线程使用线程和阻塞插座。
I need to work with a TCP socket over TLS for an app I'm working on. I've been through dozens of examples and while I have no problem getting through the handshake, I can't seem to read the input stream through any means (tried a lot, including readline(), reading to character array, etc). every time I try, the app freezes on that spot. If I debug, it never goes to the next line of code.
In an attempted solution, I decided to move over to using an SSLEngine, since that's supposed to be the Java 1.5 answer to java.nio for SSL. However, I have found one example (here: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/samples/sslengine/SSLEngineSimpleDemo.java) which is more than a little confusing to me, and I've not been successful implementing it. When I try, the unwrap() call yields an empty buffer, where I know (from using OpenSSL on the command line) that the service in question pushes data back down the pipe.
Suggestions are welcome, I've burned way too much time on this already. Here's the relevant code:
SSLEngine engine = sslContext.createSSLEngine(uri.getHost(), uri.getPort());
engine.setUseClientMode(true);
engine.beginHandshake();
SSLSession session = engine.getSession();
int bufferMax = session.getPacketBufferSize();
int appBufferMax = session.getApplicationBufferSize() + 50;
ByteBuffer cTo = ByteBuffer.allocateDirect(bufferMax);
ByteBuffer sTo = ByteBuffer.allocateDirect(bufferMax);
ByteBuffer out = ByteBuffer.wrap(sessionId.getBytes());
ByteBuffer in = ByteBuffer.allocate(appBufferMax);
debug("sending secret");
SSLEngineResult rslt = engine.wrap(out, cTo);
debug("first result: " + rslt.toString());
sTo.flip();
rslt = engine.unwrap(sTo, in);
debug("next result" + rslt.toString());
This implementation is missing some key pieces. Namely the handshake can bounce between several states NEED_WRAP, NEED_UNWRAP, NEED_TASK to negotiate a connection. This means you cannot just call one and then the other. You will need to loop over the states until a handshake has completed.
while (handshaking) {
switch (state) {
case NEED_WRAP:
doWrap();
break;
case NEED_UNWRAP:
doUnwrap();
break;
case NEED_TASK:
doTask();
break;
}
}
A full working example of Java SSL and NIO
Now that said, you should be aware the SSLEngine on Android is broken. Google recommends using threads and blocking sockets according to that thread.
这篇关于安卓的SSLEngine例子的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
