SSLEngine
I/O calls.
A SSLEngine
provides a means for establishing
secure communication sessions between two peers. SSLEngine
operations typically consume bytes from an input buffer and produce
bytes in an output buffer. This class provides operational result
values describing the state of the SSLEngine
, including
indications of what operations are needed to finish an
ongoing handshake. Lastly, it reports the number of bytes consumed
and produced as a result of this operation.
- Since:
- 1.5
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
AnSSLEngineResult
enum describing the current handshaking state of thisSSLEngine
.static enum
AnSSLEngineResult
enum describing the overall result of theSSLEngine
operation. -
Constructor Summary
ConstructorDescriptionSSLEngineResult
(SSLEngineResult.Status status, SSLEngineResult.HandshakeStatus handshakeStatus, int bytesConsumed, int bytesProduced) Initializes a new instance of this class.SSLEngineResult
(SSLEngineResult.Status status, SSLEngineResult.HandshakeStatus handshakeStatus, int bytesConsumed, int bytesProduced, long sequenceNumber) Initializes a new instance of this class. -
Method Summary
Modifier and TypeMethodDescriptionfinal int
Returns the number of bytes consumed from the input buffer.final int
Returns the number of bytes written to the output buffer.Gets the handshake status of thisSSLEngine
operation.final SSLEngineResult.Status
Gets the return value of thisSSLEngine
operation.final long
Returns the sequence number of the produced or consumed SSL/TLS/DTLS record (optional operation).toString()
Returns a String representation of this object.
-
Constructor Details
-
SSLEngineResult
public SSLEngineResult(SSLEngineResult.Status status, SSLEngineResult.HandshakeStatus handshakeStatus, int bytesConsumed, int bytesProduced) Initializes a new instance of this class.- Parameters:
status
- the return value of the operation.handshakeStatus
- the current handshaking status.bytesConsumed
- the number of bytes consumed from the source ByteBufferbytesProduced
- the number of bytes placed into the destination ByteBuffer- Throws:
IllegalArgumentException
- if thestatus
orhandshakeStatus
arguments are null, or ifbytesConsumed
orbytesProduced
is negative.
-
SSLEngineResult
public SSLEngineResult(SSLEngineResult.Status status, SSLEngineResult.HandshakeStatus handshakeStatus, int bytesConsumed, int bytesProduced, long sequenceNumber) Initializes a new instance of this class.- Parameters:
status
- the return value of the operation.handshakeStatus
- the current handshaking status.bytesConsumed
- the number of bytes consumed from the source ByteBufferbytesProduced
- the number of bytes placed into the destination ByteBuffersequenceNumber
- the sequence number (unsigned long) of the produced or consumed SSL/TLS/DTLS record, or-1L
if no record produced or consumed- Throws:
IllegalArgumentException
- if thestatus
orhandshakeStatus
arguments are null, or ifbytesConsumed
orbytesProduced
is negative- Since:
- 9
-
-
Method Details
-
getStatus
Gets the return value of thisSSLEngine
operation.- Returns:
- the return value
-
getHandshakeStatus
Gets the handshake status of thisSSLEngine
operation.- Returns:
- the handshake status
-
bytesConsumed
public final int bytesConsumed()Returns the number of bytes consumed from the input buffer.- Returns:
- the number of bytes consumed.
-
bytesProduced
public final int bytesProduced()Returns the number of bytes written to the output buffer.- Returns:
- the number of bytes produced
-
sequenceNumber
public final long sequenceNumber()Returns the sequence number of the produced or consumed SSL/TLS/DTLS record (optional operation).- API Note:
- Note that sequence number is an unsigned long and cannot
exceed
-1L
. It is desired to use the unsigned long comparing mode for comparison of unsigned long values (see alsoLong.compareUnsigned()
).For DTLS protocols, the first 16 bits of the sequence number is a counter value (epoch) that is incremented on every cipher state change. The remaining 48 bits on the right side of the sequence number represents the sequence of the record, which is maintained separately for each epoch.
- Implementation Note:
- It is recommended that providers should never allow the
sequence number incremented to
-1L
. If the sequence number is close to wrapping, renegotiate should be requested, otherwise the connection should be closed immediately. This should be carried on automatically by the underlying implementation. - Returns:
- the sequence number of the produced or consumed SSL/TLS/DTLS
record; or
-1L
if no record is produced or consumed, or this operation is not supported by the underlying provider - Since:
- 9
- See Also:
-
toString
-