Le 12/07/16 à 16:36, Ashwini Mandhare a écrit : > Thanks Emmanuel for quick response. > > Yes We are trying to achieve same thing by using Bouncy castle API along with > mina. We are unable to integrate that. Could u help us with some sample code > how to go about it.
Basically, what you need to do folds into two parts : - reimplement the handshake protocol - deal with the encyrption/decryption of the data flow once the HS is completed (and also deal with teh SSL renegotiation). I'm pretty sur BC is already handling both part correctly, but in a syncrhone context (ie, in a blocking mode). I would have to check what BC has to offer in a non-blocking mode. In order to do that, the best would be to create a new Filter, which will handle the HS part and the encryption/decryption part. Most of it will be done in the messageReceived() method (which deals with incoming bytes) and filterWrite() method (for the outgoing data). Note that the SslFilter (which might be a good start if you want to have a look at how we process data with the JRE SslEngine) is fairly complex, and delegates most of the work to a SslHandler. I'm not sure that is necessarily teh best idea to follow teh same architecture. Sadly one would expect that the SslHandler class would be a perfect facade, masking the complexity of the SSL processing, but no, it's not that easy, because we expose and use teh SSLContext class, which is a JSSE class. That also mean you will have to deal with the Filter initialization. (see http://comments.gmane.org/gmane.comp.encryption.bouncy-castle.devel/12708, for instance) In any case, would you be successful in implementing TLS with compression on top of MINA, we would really appreciate a contribution of such a code to the project ! Thanks !
