Tomcat处理Https流程
2021-10-09 17:42:52 0 举报AI智能生成
jdk中tls的消息复用原理
作者其他创作
大纲/内容
handshake
HandshakeStatus
NEED_UNWRAP
handshakeUnwrap
result = sslEngine.unwrap(netInBuffer, getBufHandler().getReadBuffer());解密
ensureNegotiated- startHandshake
readHandshakeRecord-decode
context.inputRecord.decode
SSLSocketInputRecord.decodeInputRecord
this.readCipher.decrypt(数据解密)
context.dispatch(plainText)
case-consume
HANDSHAKE
ALERT
AlertConsumer.consume
CLOSE_NOTIFY
throw 异常
USER_CANCELED
throw 异常
根据异常修改各自属性
closeReason
isBroken
根据不同异常对当前请求做处理
close
task
other
throw 异常
default - consumers.get(var1.contentType)
Subtopic
tasks()消息处理
DelegatedAction.run().dispatch
consume
ClientKeyExchangeConsumer.comsume
ClientHelloConsumer.comsume
onClientHello
if(ClientHelloMessage.sessionId.length() != 0)
进行session信息判断验证
engineGetServerSessionContext()).get(var4.sessionId.getId())根据浏览器传递的sessionId查询是否存在对应信息
var7 != var3.negotiatedProtocol
对比本次消息的tls版本和session中的是否一致
客户端身份验证类型var3.sslConfig.clientAuthType == ClientAuthType.CLIENT_AUTH_REQUIRED
CLIENT_AUTH_NONE 目前看到的只有
密码套件认证
对比请求中的密码套件组与缓存中的密码套件
isResumption 赋值 = session信息判断验证结果
var3.handshakeProducers循环处理消息
T12ServerHelloProducer.produce
判断是否可以重用
可以重用
将缓存中的信息复制出来等待使用
resumingSession中的信息直接赋值给外层
var3.handshakeSession = var3.resumingSession;
var3.negotiatedProtocol = var3.resumingSession.getProtocolVersion();
var3.negotiatedCipherSuite = var3.resumingSession.getSuite();
var3.handshakeHash.determine(var3.negotiatedProtocol, var3.negotiatedCipherSuite);
var3.negotiatedProtocol = var3.resumingSession.getProtocolVersion();
var3.negotiatedCipherSuite = var3.resumingSession.getSuite();
var3.handshakeHash.determine(var3.negotiatedProtocol, var3.negotiatedCipherSuite);
不可以重用则新建session
新建session
SSLSessionImpl var5 = new SSLSessionImpl(var3, CipherSuite.C_NULL);
SSLKeyExchange = chooseCipherSuite(var3, var4)
如果客户端请求方式不等于ClientAuthType.CLIENT_AUTH_NONE
var3.handshakeProducers.put(SSLHandshake.CERTIFICATE_REQUEST.id, SSLHandshake.CERTIFICATE_REQUEST);
添加SERVER_HELLO_DONE处理消息去进行下一步处理
var3.handshakeProducers.put(SSLHandshake.SERVER_HELLO_DONE.id, SSLHandshake.SERVER_HELLO_DONE);
如果可以重用
生成解密handshakeKeyDerivation
createKeyDerivation(HandshakeContext,var3.resumingSession.getMasterSecret())获取session中的masterkey
LegacyTrafficKeyDerivation
KeyGenerator var15 = JsseJce.getKeyGenerator(var9)
var15.init(var14)
this.keyMaterialSpec = (TlsKeyMaterialSpec)var15.generateKey()
添加FINISHED处理消息
ServerHelloDoneProducer.produce
var3.handshakeConsumers.put
FINISHED
CLIENT_KEY_EXCHANGE
T12FinishedConsumer.comsume
onConsumeFinished
onProduceFinished
isResumption如果是复用更新信息
不是复用
添加session到缓存中
consume中所有的异常被捕获后
this.engine.conContext.delegatedThrown = 异常
this.engine.conContext.closeReason = getTaskThrown(异常)
NEED_TASK
NEED_WRAP
handshake = handshakeWrap(write)
SSLEngineImpl.wrap
checkTaskThrown检查是否有异常
delegatedThrown如果有值就抛出异常并清空异常
writeRecord如果上面没有抛异常会进入此函数
返回不同的
new SSLEngineResult(Status.OK, HandshakeStatus.FINISHED, 0, 0);
new SSLEngineResult(Status.CLOSED, this.getHandshakeStatus(), 0, 0);
。。。。。。
handshake.getStatus() == Status.OK
handshakeStatus == HandshakeStatus.NEED_TASK
task
handshake.getStatus() == Status.CLOSED
flush(netOutBuffer);返回消息发送
FINISHED
收藏
0 条评论
下一页
为你推荐
查看更多
