finish updating ssl network implementation

Author: JavaSaBr

rlib-network/src/loadTest/java/javasabr/rlib/network/StringSslNetworkLoadTest.java

@@ -198,7 +198,7 @@ private static void initReceivedMessagesTracker(
           .getThenReset();
       log.info(received, "Server receiving [%s] messages/sec"::formatted);
       if (received == 0) {
-       // finalWaiter.countDown();
+       finalWaiter.countDown();
       }
     }, 1, 1, TimeUnit.SECONDS);
     scheduledExecutor.scheduleAtFixedRate(() -> {
@@ -216,8 +216,6 @@ private static void initReceivedMessagesTracker(
   }
 
   private static StringWritableNetworkPacket newMessage(int minMessageLength, int maxMessageLength) {
-    String generate = StringUtils.generate(minMessageLength, maxMessageLength);
-    return new StringWritableNetworkPacket("a".repeat(generate.length()));
-    //return new StringWritableNetworkPacket(StringUtils.generate(minMessageLength, maxMessageLength));
+    return new StringWritableNetworkPacket(StringUtils.generate(minMessageLength, maxMessageLength));
   }
 }

rlib-network/src/main/java/javasabr/rlib/network/packet/impl/AbstractSslNetworkPacketReader.java

@@ -91,26 +91,11 @@ protected int readPackets(ByteBuffer readingBuffer) {
     }
   }
 
-  protected ByteBuffer moveDataToNetworkBuffer(ByteBuffer readingBuffer) {
-    log.debug(remoteAddress(), readingBuffer,
-        (address, buf) -> "[%s] Append new part of received data:\n%s".formatted(address, hexDump(buf)));
-    ByteBuffer sslNetworkBuffer = sslNetworkBuffer();
-    int availableSpace = sslNetworkBuffer.capacity() - sslNetworkBuffer.limit();
-    if (availableSpace >= readingBuffer.limit()) {
-      BufferUtils.appendAndClear(sslNetworkBuffer, readingBuffer);
-    } else {
-      sslNetworkBuffer = increaseNetworkBuffer(readingBuffer.limit());
-      BufferUtils.appendAndClear(sslNetworkBuffer, readingBuffer);
-    }
-    log.debug(remoteAddress(), sslNetworkBuffer,
-        (address, buf) -> "[%s] Result pending received network data:\n%s".formatted(address, hexDump(buf)));
-    return sslNetworkBuffer;
-  }
-
   protected int doHandshake(ByteBuffer networkBuffer, int receivedBytes) {
     HandshakeStatus handshakeStatus = sslEngine.getHandshakeStatus();
+    String remoteAddress = remoteAddress();
     while (SslUtils.needToProcess(handshakeStatus)) {
-      log.debug(remoteAddress(), handshakeStatus, "[%s] Do handshake with status:[%s] "::formatted);
+      log.debug(remoteAddress, handshakeStatus, "[%s] Do handshake with status:[%s] "::formatted);
       switch (handshakeStatus) {
         case NEED_UNWRAP: {
           SSLEngineResult result;
@@ -128,15 +113,14 @@ protected int doHandshake(ByteBuffer networkBuffer, int receivedBytes) {
             handshakeStatus = sslEngine.getHandshakeStatus();
             break;
           } else if (!networkBuffer.hasRemaining()) {
-            cleanNetworkBuffer(networkBuffer);
+            NetworkUtils.cleanNetworkBuffer(networkBuffer);
             return SKIP_READ_PACKETS;
           }
           try {
-            log.debug(remoteAddress(), networkBuffer,
-                (address, buff) -> "[%s] Try to unwrap data:\n%s".formatted(address, hexDump(buff)));
+            logDataBeforeUnwrap(remoteAddress, networkBuffer);
             result = sslEngine.unwrap(networkBuffer, EMPTY_BUFFERS);
             handshakeStatus = result.getHandshakeStatus();
-            log.debug(remoteAddress(), handshakeStatus, "[%s] Handshake status:[%s] after unwrapping"::formatted);
+            log.debug(remoteAddress, handshakeStatus, "[%s] Handshake status:[%s] after unwrapping"::formatted);
           } catch (SSLException sslException) {
             log.error("A problem was encountered while processing the data that caused the "
                 + "SSLEngine to abort. Will try to properly close connection...");
@@ -149,15 +133,11 @@ protected int doHandshake(ByteBuffer networkBuffer, int receivedBytes) {
               break;
             }
             case BUFFER_OVERFLOW: {
-              throw new IllegalStateException("Unexpected ssl engine result");
+              throw new IllegalStateException("Unexpected SSL Engine result:" + result.getStatus());
             }
             case BUFFER_UNDERFLOW: {
-              log.debug(remoteAddress(), "[%s] Wait for more received data..."::formatted);
-              if (networkBuffer.position() > 0) {
-                networkBuffer
-                    .compact()
-                    .limit(networkBuffer.position());
-              }
+              log.debug(remoteAddress, "[%s] Wait for more received data..."::formatted);
+              NetworkUtils.compactNetworkBufferIfNeed(networkBuffer);
               return SKIP_READ_PACKETS;
             }
             case CLOSED: {
@@ -170,92 +150,105 @@ protected int doHandshake(ByteBuffer networkBuffer, int receivedBytes) {
               }
             }
             default: {
-              throw new IllegalStateException("Invalid SSL status: " + result.getStatus());
+              throw new IllegalStateException("Invalid SSL Engine result:" + result.getStatus());
             }
           }
           break;
         }
         case NEED_WRAP: {
-          log.debug(remoteAddress(), "[%s] Send command to wrap data"::formatted);
-          packetWriter.accept(SslWritableNetworkPacket.getInstance());
-          cleanNetworkBuffer(networkBuffer);
+          log.debug(remoteAddress, "[%s] Send command to wrap data"::formatted);
+          packetWriter.accept(SslWrapRequestPacket.getInstance());
+          NetworkUtils.cleanNetworkBuffer(networkBuffer);
           return SKIP_READ_PACKETS;
         }
         case NEED_TASK: {
           handshakeStatus = SslUtils.executeSslTasks(sslEngine);
-          log.debug(remoteAddress(), handshakeStatus, "[%s] Handshake status:[%s] after engine tasks"::formatted);
+          log.debug(remoteAddress, handshakeStatus, "[%s] Handshake status:[%s] after engine tasks"::formatted);
           if (handshakeStatus == HandshakeStatus.NEED_UNWRAP && !networkBuffer.hasRemaining()) {
-            cleanNetworkBuffer(networkBuffer);
+            NetworkUtils.cleanNetworkBuffer(networkBuffer);
             return SKIP_READ_PACKETS;
           }
           break;
         }
         default: {
-          throw new IllegalStateException("Invalid SSL status: " + handshakeStatus);
+          throw new IllegalStateException("Invalid SSL status:" + handshakeStatus);
         }
       }
     }
 
     if (!networkBuffer.hasRemaining()) {
       // if buffer is empty and status is FINISHED then we can notify writer
       if (handshakeStatus == HandshakeStatus.FINISHED) {
-        packetWriter.accept(SslWritableNetworkPacket.getInstance());
+        packetWriter.accept(SslWrapRequestPacket.getInstance());
       }
-      cleanNetworkBuffer(networkBuffer);
+      NetworkUtils.cleanNetworkBuffer(networkBuffer);
       return SKIP_READ_PACKETS;
     }
 
     return decryptAndRead(networkBuffer);
   }
 
   protected int decryptAndRead(ByteBuffer receivedBuffer) {
+    String remoteAddress = remoteAddress();
     int total = 0;
     while (receivedBuffer.hasRemaining()) {
+      ByteBuffer sslDataBuffer = sslDataBuffer();
       SSLEngineResult result;
       try {
-        log.debug(remoteAddress(), receivedBuffer,
-            (address, buf) -> "[%s] Try to decrypt data:\n%s".formatted(address, hexDump(buf)));
+        logDataBeforeDecrypt(remoteAddress, receivedBuffer);
         result = sslEngine.unwrap(receivedBuffer, sslDataBuffer.clear());
       } catch (SSLException e) {
         throw new IllegalStateException(e);
       }
       switch (result.getStatus()) {
         case OK: {
           sslDataBuffer.flip();
-          log.debug(remoteAddress(), sslDataBuffer,
-              (address, buf) -> "[%s] Decrypted data:\n%s".formatted(address, hexDump(buf)));
+          logDataAfterDecrypt(remoteAddress, sslDataBuffer);
           total += readPackets(sslDataBuffer, sslDataPendingBuffer);
           break;
         }
         case BUFFER_OVERFLOW: {
-          log.debug(remoteAddress(), "Increase SSL data buffer and try again..."::formatted);
+          log.debug(remoteAddress, "[%s] Increase SSL data buffer and try again..."::formatted);
           increaseDataBuffer();
           return decryptAndRead(receivedBuffer);
         }
         case BUFFER_UNDERFLOW: {
-          log.debug(remoteAddress(), "[%s] Wait for more received data..."::formatted);
-          if (receivedBuffer.position() > 0) {
-            receivedBuffer
-                .compact()
-                .limit(receivedBuffer.position());
-          }
+          log.debug(remoteAddress, "[%s] Wait for more received data..."::formatted);
+          NetworkUtils.compactNetworkBufferIfNeed(receivedBuffer);
           return SKIP_READ_PACKETS;
         }
         case CLOSED: {
           connection.close();
           return SKIP_READ_PACKETS;
         }
         default: {
-          throw new IllegalStateException("Invalid SSL status: " + result.getStatus());
+          throw new IllegalStateException("Invalid SSL status:" + result.getStatus());
         }
       }
     }
 
-    log.debug(remoteAddress(), "[%s] Clear SSL network buffer"::formatted);
-    cleanNetworkBuffer(receivedBuffer);
+    log.debug(remoteAddress, "[%s] Clear SSL network buffer"::formatted);
+    NetworkUtils.cleanNetworkBuffer(receivedBuffer);
     return total;
   }
 
+  protected ByteBuffer moveDataToNetworkBuffer(ByteBuffer readingBuffer) {
+    String remoteAddress = remoteAddress();
+    logAcceptedNewDataPart(remoteAddress, readingBuffer);
+
+    ByteBuffer sslNetworkBuffer = sslNetworkBuffer();
+    int availableSpace = sslNetworkBuffer.capacity() - sslNetworkBuffer.limit();
+    if (availableSpace >= readingBuffer.limit()) {
+      BufferUtils.appendAndClear(sslNetworkBuffer, readingBuffer);
+    } else {
+      sslNetworkBuffer = increaseNetworkBuffer(readingBuffer.limit());
+      BufferUtils.appendAndClear(sslNetworkBuffer, readingBuffer);
+    }
+
+    logPendingNetworkData(remoteAddress, sslNetworkBuffer);
+    return sslNetworkBuffer;
+  }
+
   protected synchronized ByteBuffer increaseNetworkBuffer(int extra) {
     ByteBuffer current = sslNetworkBuffer();
     int newSize = (int) Math.max(current.capacity() * 1.3, current.capacity() + extra);
@@ -287,7 +280,28 @@ public void close() {
     super.close();
   }
 
-  protected static void cleanNetworkBuffer(ByteBuffer networkBuffer) {
-    networkBuffer.clear().limit(0);
+  private static void logDataBeforeUnwrap(String remoteAddress, ByteBuffer networkBuffer) {
+    log.debug(remoteAddress, networkBuffer,
+        (address, buff) -> "[%s] Try to unwrap data:\n%s".formatted(address, hexDump(buff)));
+  }
+
+  private static void logDataBeforeDecrypt(String remoteAddress, ByteBuffer receivedBuffer) {
+    log.debug(remoteAddress, receivedBuffer,
+        (address, buf) -> "[%s] Try to decrypt data:\n%s".formatted(address, hexDump(buf)));
+  }
+
+  private static void logDataAfterDecrypt(String remoteAddress, ByteBuffer sslDataBuffer) {
+    log.debug(remoteAddress, sslDataBuffer,
+        (address, buf) -> "[%s] Decrypted data:\n%s".formatted(address, hexDump(buf)));
+  }
+
+  private static void logAcceptedNewDataPart(String remoteAddress, ByteBuffer readingBuffer) {
+    log.debug(remoteAddress, readingBuffer,
+        (address, buf) -> "[%s] Append new part of received data:\n%s".formatted(address, hexDump(buf)));
+  }
+
+  private static void logPendingNetworkData(String remoteAddress, ByteBuffer sslNetworkBuffer) {
+    log.debug(remoteAddress, sslNetworkBuffer,
+        (address, buf) -> "[%s] Result pending received network data:\n%s".formatted(address, hexDump(buf)));
   }
 }

rlib-network/src/main/java/javasabr/rlib/network/packet/impl/AbstractSslNetworkPacketWriter.java

@@ -95,36 +95,45 @@ protected boolean tryToSendNextPacketImpl() {
 
   @Override
   protected ByteBuffer serialize(WritableNetworkPacket packet) {
-    if (packet instanceof SslWritableNetworkPacket) {
+    if (packet instanceof SslWrapRequestPacket) {
       return EMPTY_BUFFER;
     }
 
+    String remoteAddress = remoteAddress();
     ByteBuffer serialized = super.serialize(packet);
-    log.debug(remoteAddress(), serialized, (address, buff) ->
-        "[%s] Try to encrypt data:\n%s".formatted(address, hexDump(buff)));
+    logDataBeforeEncrypt(remoteAddress, serialized);
 
     ByteBuffer bufferToSend = sslNetworkBuffer();
     SSLEngineResult result = tryEncrypt(serialized, bufferToSend);
 
     if (result.getStatus() == SSLEngineResult.Status.OK && serialized.hasRemaining()) {
+      log.debug(remoteAddress, serialized.remaining(),
+          "[%s] Has remaining [%s] bytes after encrypting, will create temp big buffer"::formatted);
+
       int tempBufferSize = (int) ((bufferToSend.limit() + serialized.remaining()) * 1.2);
       ByteBuffer tempBuffer = bufferAllocator.takeBuffer(tempBufferSize);
       tempBuffer.put(bufferToSend.flip());
+
       while (serialized.hasRemaining()) {
         result = tryEncrypt(serialized, bufferToSend);
         if (result.getStatus() != SSLEngineResult.Status.OK) {
           break;
         }
         tempBuffer.put(bufferToSend.flip());
       }
+
       bufferToSend = tempBuffer;
       this.sslTempBuffer = tempBuffer;
     }
 
     return switch (result.getStatus()) {
-      case BUFFER_UNDERFLOW -> increaseAndTryAgain(packet);
-      case BUFFER_OVERFLOW -> throw new IllegalStateException("Unexpected ssl engine result");
-      case OK -> bufferToSend.flip();
+      case BUFFER_UNDERFLOW, BUFFER_OVERFLOW ->
+          throw new IllegalStateException("Unexpected ssl engine result");
+      case OK -> {
+        bufferToSend.flip();
+        logEncryptedData(remoteAddress, bufferToSend);
+        yield bufferToSend;
+      }
       case CLOSED -> closeAndReturn();
     };
   }
@@ -134,12 +143,6 @@ protected ByteBuffer closeAndReturn() {
     return EMPTY_BUFFER;
   }
 
-  protected ByteBuffer increaseAndTryAgain(WritableNetworkPacket packet) {
-    log.debug(remoteAddress(), "[%s] Increase network buffer and try again..."::formatted);
-    increaseNetworkBuffer();
-    return serialize(packet);
-  }
-
   protected SSLEngineResult tryEncrypt(ByteBuffer source, ByteBuffer destination) {
     try {
       return sslEngine.wrap(source, destination.clear());
@@ -151,14 +154,15 @@ protected SSLEngineResult tryEncrypt(ByteBuffer source, ByteBuffer destination)
 
   @Nullable
   protected ByteBuffer doHandshake(HandshakeStatus handshakeStatus) {
+    String remoteAddress = remoteAddress();
     while (SslUtils.needToProcess(handshakeStatus)) {
-      log.debug(remoteAddress(), handshakeStatus, "[%s] Do handshake with status:[%s] "::formatted);
+      log.debug(remoteAddress, handshakeStatus, "[%s] Do handshake with status:[%s] "::formatted);
+      ByteBuffer sslNetworkBuffer = sslNetworkBuffer();
       switch (handshakeStatus) {
         case NEED_WRAP: {
           SSLEngineResult result;
           try {
             result = sslEngine.wrap(EMPTY_BUFFERS, sslNetworkBuffer.clear());
-            handshakeStatus = result.getHandshakeStatus();
           } catch (SSLException sslException) {
             log.error("A problem was encountered while processing the data that caused the SSLEngine "
                 + "to abort. Will try to properly close connection...");
@@ -168,16 +172,11 @@ protected ByteBuffer doHandshake(HandshakeStatus handshakeStatus) {
           }
           switch (result.getStatus()) {
             case OK:
-              log.debug(remoteAddress(), sslNetworkBuffer, result,
-                  (address, buf, res) -> "[%s] Send wrapped data:\n%s".formatted(address, hexDump(buf, res)));
-              return sslNetworkBuffer.flip();
-            case BUFFER_OVERFLOW: {
-              log.debug(remoteAddress(), "[%s] Increase network buffer"::formatted);
-              increaseNetworkBuffer();
-              break;
-            }
-            case BUFFER_UNDERFLOW: {
-              throw new IllegalStateException("Unexpected ssl engine result");
+              sslNetworkBuffer.flip();
+              logWrappedData(remoteAddress, sslNetworkBuffer, result);
+              return sslNetworkBuffer;
+            case BUFFER_OVERFLOW, BUFFER_UNDERFLOW: {
+              throw new RuntimeException("Unexpected SSL result:" + result);
             }
             case CLOSED: {
               try {
@@ -189,7 +188,7 @@ protected ByteBuffer doHandshake(HandshakeStatus handshakeStatus) {
               break;
             }
             default: {
-              throw new IllegalStateException("Invalid SSL status: " + result.getStatus());
+              throw new IllegalStateException("Invalid SSL result:" + result);
             }
           }
           break;
@@ -202,7 +201,7 @@ protected ByteBuffer doHandshake(HandshakeStatus handshakeStatus) {
           break;
         }
         default: {
-          throw new IllegalStateException("Invalid SSL status: " + handshakeStatus);
+          throw new IllegalStateException("Invalid SSL status:" + handshakeStatus);
         }
       }
     }
@@ -220,15 +219,25 @@ protected void clearTempBuffers() {
     }
   }
 
-  protected synchronized void increaseNetworkBuffer() {
-    sslNetworkBuffer = NetworkUtils
-        .increasePacketBuffer(sslNetworkBuffer, bufferAllocator, sslEngine);
-  }
-
   @Override
   public void close() {
     sslEngine.closeOutbound();
     bufferAllocator.putBuffer(sslNetworkBuffer);
     super.close();
   }
+
+  private static void logDataBeforeEncrypt(String remoteAddress, ByteBuffer serialized) {
+    log.debug(remoteAddress, serialized,
+        (address, buff) -> "[%s] Try to encrypt data:\n%s".formatted(address, hexDump(buff)));
+  }
+
+  private static void logEncryptedData(String remoteAddress, ByteBuffer bufferToSend) {
+    log.debug(remoteAddress, bufferToSend,
+        (address, buff) -> "[%s] Result encrypted data:\n%s".formatted(address, hexDump(buff)));
+  }
+
+  private static void logWrappedData(String remoteAddress, ByteBuffer sslNetworkBuffer, SSLEngineResult result) {
+    log.debug(remoteAddress, sslNetworkBuffer, result,
+        (address, buf, res) -> "[%s] Send wrapped data:\n%s".formatted(address, hexDump(buf, res)));
+  }
 }