简体繁体 English

Java NIO2 AsynchronousSocketChannel / AsynchronousServerSocketChannel和TLS / SSL

[英]Java NIO2 AsynchronousSocketChannel/AsynchronousServerSocketChannel and TLS/SSL

原文 2012-10-12 07:28:50 3 2 java/ java-7/ grizzly/ nio2

All the sources/samples on the INTERNET that available on NIO2 are without TLS/SSL support, 在NIO2上可用的INTERNET上的所有源/样本都没有TLS / SSL支持，

java.nio.channels.AsynchronousSocketChannel java.nio.channels.AsynchronousServerSocketChannel java.nio.channels.AsynchronousSocketChannel java.nio.channels.AsynchronousServerSocketChannel

As I understand the SSLEngine life-cycle of connection differ from AsynchronousSocketChannel.connect && AsynchronousServerSocketChanne.accept, TLS/SSL should be encapsulated inside the AIO implementation, so how can I use them both...? 据我所知，连接的SSLEngine生命周期与AsynchronousSocketChannel.connect && AsynchronousServerSocketChanne.accept不同，TLS / SSL应该封装在AIO实现中，所以我怎样才能使用它们......？ NOTE: I so in the Grizzly project a video that talk about they already implement it, I look on the source code, but I saw AIO but not TLS/SSL integration... 注意：我在Grizzly项目中是一个视频，谈论他们已经实现了它，我查看了源代码，但是我看到了AIO而不是TLS / SSL集成......

Thanks in advance! 提前致谢！

2 个解决方案

The comment on the original question is indeed correct. 对原始问题的评论确实是正确的。 SSLEngine operates using ByteBuffer directly. SSLEngine直接使用ByteBuffer 。

This means it is compatible with AIO. 这意味着它与AIO兼容。 You start by accepting a connection. 首先接受连接。 The client then connects and performs the initial write. 然后客户端连接并执行初始写入。 To determine if you have enough data buffered use the handshake status and status . 要确定您是否有足够的数据缓冲，请使用握手状态和状态。 The engine will keep telling you "NEED_UNWRAP" if more data needs to be supplied from the other end. 如果需要从另一端提供更多数据，引擎会一直告诉你“NEED_UNWRAP”。 So you need to keep a queue of ByteBuffer objects. 所以你需要保留一个ByteBuffer对象的队列。 Same thing, the engine will keep telling you "NEED_WRAP" if more data needs to sent to the other end before it can continue. 同样的事情，引擎会一直告诉你“NEED_WRAP”，如果有更多的数据需要发送到另一端才能继续。 You keep going until you get "Finished" from the handshake status. 你继续前进，直到你从握手状态“完成”。

I would recommend however you use something like Netty which makes this much simpler. 我建议你使用像Netty这样的东西，这样可以简单得多。 It should be noted that Netty did have support for AIO in the alpha stages of 4. However, it was shown that AIO was slower than NIO. 值得注意的是，Netty在4阶段的alpha阶段确实支持AIO。然而，事实证明AIO比NIO慢。 Hence, it was removed. 因此，它被删除了。

However, not only will Netty make things simpler than trying to use NIO or AIO directly but will also make it easy to switch between the two if ever AIO is re-introduced. 然而，Netty不仅会让事情比直接使用NIO或AIO更简单，而且如果重新引入AIO，也可以轻松地在两者之间切换。

A full example of using SSL with Netty can be found here . 可以在此处找到使用SSL与Netty的完整示例。

The standard way of doing TLS in Java is using SSLEngine. 在Java中执行TLS的标准方法是使用SSLEngine。 But that class is seriously hard to use. 但这类是认真刻苦使用。 There are some tutorials around, but for a typical application, using SSLEngine should be out of the question. 有一些教程，但对于典型的应用程序，使用SSLEngine应该是不可能的。 ByteChannel and their friends are not supported directly, and imply a lot of work. ByteChannel和他们的朋友不直接支持，并暗示了很多工作。

I came across the same problem some time ago and ended up writing my own library. 我前段时间遇到了同样的问题，最后编写了自己的库。 There are some examples out there and of course there is also the code inside projects like Netty, etc. But neither option is robust or easily reusable. 有一些例子，当然还有像Netty等项目中的代码。但是这两个选项都不健壮或者很容易重用。

TLS Channel wraps an SSLEngine in a ByteBuffer and allows to use it just like normal SocketChannels. TLS Channel将SSLEngine包装在ByteBuffer中，并允许像普通的SocketChannel一样使用它。 AsynchronousByteChannels are a higher level abstraction that hides the selector loop; AsynchronousByteChannels是一个隐藏选择器循环的更高级抽象; the library also supports that. 图书馆也支持这一点。