Introduce helper method to detect if a buffer is encrypted. See #657

2012-10-16 13:44:30 +02:00 · 2012-10-16 13:44:30 +02:00 · 9e6c616c35
commit 9e6c616c35
parent 303fb80d34
1 changed files with 65 additions and 22 deletions
--- a/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
+++ b/handler/src/main/java/io/netty/handler/ssl/SslHandler.java
@ -646,17 +646,45 @@ public class SslHandler
        return false;
    }

-    @Override
-    public void inboundBufferUpdated(final ChannelHandlerContext ctx) throws Exception {
-        final ByteBuf in = ctx.inboundByteBuffer();
+    /**
+     * Returns <code>true</code> if the given {@link ByteBuf} is encrypted. Be aware that this method
+     * will not increase the readerIndex of the given {@link ByteBuf}.
+     *
+     * @param   buffer
+     *                  The {@link ByteBuf} to read from. Be aware that it must have at least 5 bytes to read,
+     *                  otherwise it will throw an {@link IllegalArgumentException}.
+     * @return  encrypted
+     *                  <code>true</code> if the {@link ByteBuf} is encrypted, <code>false</code> otherwise.
+     * @throws IllegalArgumentException
+     *                  Is thrown if the given {@link ByteBuf} has not at least 5 bytes to read.
+     */
+    public static boolean isEncrypted(ByteBuf buffer) {
+        return getEncryptedPacketLength(buffer) != -1;
+    }

-        if (in.readableBytes() < 5) {
-            return;
+    /**
+     * Return how much bytes can be read out of the encrypted data. Be aware that this method will not increase
+     * the readerIndex of the given {@link ByteBuf}.
+     *
+     * @param   buffer
+     *                  The {@link ByteBuf} to read from. Be aware that it must have at least 5 bytes to read,
+     *                  otherwise it will throw an {@link IllegalArgumentException}.
+     * @return  length
+     *                  The length of the encrypted packet that is included in the buffer. This will
+     *                  return <code>-1</code> if the given {@link ByteBuf} is not encrypted at all.
+     * @throws IllegalArgumentException
+     *                  Is thrown if the given {@link ByteBuf} has not at least 5 bytes to read.
+     */
+    private static int getEncryptedPacketLength(ByteBuf buffer) {
+        if (buffer.readableBytes() < 5) {
+            throw new IllegalArgumentException("buffer must have at least 5 readable bytes");
        }

+        int packetLength = 0;
+
        // SSLv3 or TLS - Check ContentType
        boolean tls;
-        switch (in.getUnsignedByte(in.readerIndex())) {
+        switch (buffer.getUnsignedByte(buffer.readerIndex())) {
        case 20:  // change_cipher_spec
        case 21:  // alert
        case 22:  // handshake
@ -668,13 +696,12 @@ public class SslHandler
            tls = false;
        }

-        int packetLength = -1;
        if (tls) {
            // SSLv3 or TLS - Check ProtocolVersion
-            int majorVersion = in.getUnsignedByte(in.readerIndex() + 1);
+            int majorVersion = buffer.getUnsignedByte(buffer.readerIndex() + 1);
            if (majorVersion == 3) {
                // SSLv3 or TLS
-                packetLength = (getShort(in, in.readerIndex() + 3) & 0xFFFF) + 5;
+                packetLength = (getShort(buffer, buffer.readerIndex() + 3) & 0xFFFF) + 5;
                if (packetLength <= 5) {
                    // Neither SSLv3 or TLSv1 (i.e. SSLv2 or bad data)
                    tls = false;
@ -688,16 +715,16 @@ public class SslHandler
        if (!tls) {
            // SSLv2 or bad data - Check the version
            boolean sslv2 = true;
-            int headerLength = (in.getUnsignedByte(
-                    in.readerIndex()) & 0x80) != 0 ? 2 : 3;
-            int majorVersion = in.getUnsignedByte(
-                    in.readerIndex() + headerLength + 1);
+            int headerLength = (buffer.getUnsignedByte(
+                    buffer.readerIndex()) & 0x80) != 0 ? 2 : 3;
+            int majorVersion = buffer.getUnsignedByte(
+                    buffer.readerIndex() + headerLength + 1);
            if (majorVersion == 2 || majorVersion == 3) {
                // SSLv2
                if (headerLength == 2) {
-                    packetLength = (getShort(in, in.readerIndex()) & 0x7FFF) + 2;
+                    packetLength = (getShort(buffer, buffer.readerIndex()) & 0x7FFF) + 2;
                } else {
-                    packetLength = (getShort(in, in.readerIndex()) & 0x3FFF) + 3;
+                    packetLength = (getShort(buffer, buffer.readerIndex()) & 0x3FFF) + 3;
                }
                if (packetLength <= headerLength) {
                    sslv2 = false;
@ -707,15 +734,31 @@ public class SslHandler
            }

            if (!sslv2) {
-                // Bad data - discard the buffer and raise an exception.
-                NotSslRecordException e = new NotSslRecordException(
-                        "not an SSL/TLS record: " + ByteBufUtil.hexDump(in));
-                in.skipBytes(in.readableBytes());
-                ctx.fireExceptionCaught(e);
-                setHandshakeFailure(e);
-                return;
+                return -1;
            }
        }
+        return packetLength;
+    }
+
+    @Override
+    public void inboundBufferUpdated(final ChannelHandlerContext ctx) throws Exception {
+        final ByteBuf in = ctx.inboundByteBuffer();
+
+        if (in.readableBytes() < 5) {
+            return;
+        }
+
+        int packetLength = getEncryptedPacketLength(in);
+
+        if (packetLength == -1) {
+            // Bad data - discard the buffer and raise an exception.
+            NotSslRecordException e = new NotSslRecordException(
+                    "not an SSL/TLS record: " + ByteBufUtil.hexDump(in));
+            in.skipBytes(in.readableBytes());
+            ctx.fireExceptionCaught(e);
+            setHandshakeFailure(e);
+            return;
+        }

        assert packetLength > 0;