org.conscrypt

Class OpenSSLEngineImpl

java.lang.Object

javax.net.ssl.SSLEngine

org.conscrypt.OpenSSLEngineImpl

All Implemented Interfaces:

NativeCrypto.SSLHandshakeCallbacks, SSLParametersImpl.AliasChooser, SSLParametersImpl.PSKCallbacks

public final class OpenSSLEngineImpl
extends SSLEngine
implements NativeCrypto.SSLHandshakeCallbacks, SSLParametersImpl.AliasChooser, SSLParametersImpl.PSKCallbacks

Implements the SSLEngine API using OpenSSL's non-blocking interfaces.

Constructor Summary

Constructors

Constructor and Description
OpenSSLEngineImpl(SSLParametersImpl sslParameters)
OpenSSLEngineImpl(String host, int port, SSLParametersImpl sslParameters)

Method Summary

Modifier and Type	Method and Description
void	beginHandshake()
String	chooseClientAlias(X509KeyManager keyManager, X500Principal[] issuers, String[] keyTypes)
String	chooseClientPSKIdentity(PSKKeyManager keyManager, String identityHint)
String	chooseServerAlias(X509KeyManager keyManager, String keyType)
String	chooseServerPSKIdentityHint(PSKKeyManager keyManager)
void	clientCertificateRequested(byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals) Called on an SSL client when the server requests (or requires a certificate).
int	clientPSKKeyRequested(String identityHint, byte[] identity, byte[] key) Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.
void	closeInbound()
void	closeOutbound()
protected void	finalize()
byte[]	getAlpnSelectedProtocol() Returns the protocol agreed upon by client and server, or null if no protocol was agreed upon.
Runnable	getDelegatedTask()
String[]	getEnabledCipherSuites()
String[]	getEnabledProtocols()
boolean	getEnableSessionCreation()
SSLSession	getHandshakeSession()
SSLEngineResult.HandshakeStatus	getHandshakeStatus()
boolean	getNeedClientAuth()
byte[]	getNpnSelectedProtocol() Returns null always for backward compatibility.
SecretKey	getPSKKey(PSKKeyManager keyManager, String identityHint, String identity)
SSLSession	getSession()
String[]	getSupportedCipherSuites()
String[]	getSupportedProtocols()
boolean	getUseClientMode()
boolean	getWantClientAuth()
boolean	isInboundDone()
boolean	isOutboundDone()
void	onSSLStateChange(int type, int val) Called when SSL state changes.
int	serverPSKKeyRequested(String identityHint, String identity, byte[] key) Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.
void	setAlpnProtocols(byte[] alpnProtocols) Sets the list of protocols this peer is interested in.
void	setEnabledCipherSuites(String[] suites)
void	setEnabledProtocols(String[] protocols)
void	setEnableSessionCreation(boolean flag)
void	setNeedClientAuth(boolean need)
void	setNpnProtocols(byte[] npnProtocols) This method does nothing and is kept for backward compatibility.
void	setUseClientMode(boolean mode)
void	setUseSessionTickets(boolean useSessionTickets) This method enables session ticket support.
void	setWantClientAuth(boolean want)
SSLEngineResult	unwrap(ByteBuffer[] srcs, ByteBuffer[] dsts)
SSLEngineResult	unwrap(ByteBuffer[] srcs, int srcsOffset, int srcsLength, ByteBuffer[] dsts, int dstsOffset, int dstsLength)
SSLEngineResult	unwrap(ByteBuffer src, ByteBuffer dst)
SSLEngineResult	unwrap(ByteBuffer src, ByteBuffer[] dsts)
SSLEngineResult	unwrap(ByteBuffer src, ByteBuffer[] dsts, int offset, int length)
void	verifyCertificateChain(long[] certRefs, String authMethod) Verify that we trust the certificate chain is trusted.
SSLEngineResult	wrap(ByteBuffer[] srcs, int offset, int length, ByteBuffer dst)
SSLEngineResult	wrap(ByteBuffer src, ByteBuffer dst)

Methods inherited from class javax.net.ssl.SSLEngine

getPeerHost, getPeerPort, getSSLParameters, setSSLParameters, wrap

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OpenSSLEngineImpl

public OpenSSLEngineImpl(SSLParametersImpl sslParameters)

OpenSSLEngineImpl

public OpenSSLEngineImpl(String host,
                         int port,
                         SSLParametersImpl sslParameters)

Method Detail

beginHandshake

public void beginHandshake()
                    throws SSLException

Specified by:

beginHandshake in class SSLEngine

Throws:

SSLException

closeInbound

public void closeInbound()
                  throws SSLException

Specified by:

closeInbound in class SSLEngine

Throws:

SSLException

closeOutbound

public void closeOutbound()

Specified by:

closeOutbound in class SSLEngine

getDelegatedTask

public Runnable getDelegatedTask()

Specified by:

getDelegatedTask in class SSLEngine

getEnabledCipherSuites

public String[] getEnabledCipherSuites()

Specified by:

getEnabledCipherSuites in class SSLEngine

getEnabledProtocols

public String[] getEnabledProtocols()

Specified by:

getEnabledProtocols in class SSLEngine

getEnableSessionCreation

public boolean getEnableSessionCreation()

Specified by:

getEnableSessionCreation in class SSLEngine

getHandshakeStatus

public SSLEngineResult.HandshakeStatus getHandshakeStatus()

Specified by:

getHandshakeStatus in class SSLEngine

getNeedClientAuth

public boolean getNeedClientAuth()

Specified by:

getNeedClientAuth in class SSLEngine

getSession

public SSLSession getSession()

Specified by:

getSession in class SSLEngine

getSupportedCipherSuites

public String[] getSupportedCipherSuites()

Specified by:

getSupportedCipherSuites in class SSLEngine

getSupportedProtocols

public String[] getSupportedProtocols()

Specified by:

getSupportedProtocols in class SSLEngine

getUseClientMode

public boolean getUseClientMode()

Specified by:

getUseClientMode in class SSLEngine

getWantClientAuth

public boolean getWantClientAuth()

Specified by:

getWantClientAuth in class SSLEngine

isInboundDone

public boolean isInboundDone()

Specified by:

isInboundDone in class SSLEngine

isOutboundDone

public boolean isOutboundDone()

Specified by:

isOutboundDone in class SSLEngine

setEnabledCipherSuites

public void setEnabledCipherSuites(String[] suites)

Specified by:

setEnabledCipherSuites in class SSLEngine

setEnabledProtocols

public void setEnabledProtocols(String[] protocols)

Specified by:

setEnabledProtocols in class SSLEngine

setEnableSessionCreation

public void setEnableSessionCreation(boolean flag)

Specified by:

setEnableSessionCreation in class SSLEngine

setNeedClientAuth

public void setNeedClientAuth(boolean need)

Specified by:

setNeedClientAuth in class SSLEngine

setUseClientMode

public void setUseClientMode(boolean mode)

Specified by:

setUseClientMode in class SSLEngine

setWantClientAuth

public void setWantClientAuth(boolean want)

Specified by:

setWantClientAuth in class SSLEngine

unwrap

public SSLEngineResult unwrap(ByteBuffer src,
                              ByteBuffer dst)
                       throws SSLException

Overrides:

unwrap in class SSLEngine

Throws:

SSLException

unwrap

public SSLEngineResult unwrap(ByteBuffer src,
                              ByteBuffer[] dsts)
                       throws SSLException

Overrides:

unwrap in class SSLEngine

Throws:

SSLException

unwrap

public SSLEngineResult unwrap(ByteBuffer src,
                              ByteBuffer[] dsts,
                              int offset,
                              int length)
                       throws SSLException

Specified by:

unwrap in class SSLEngine

Throws:

SSLException

unwrap

public SSLEngineResult unwrap(ByteBuffer[] srcs,
                              ByteBuffer[] dsts)
                       throws SSLException

Throws:

SSLException

unwrap

public SSLEngineResult unwrap(ByteBuffer[] srcs,
                              int srcsOffset,
                              int srcsLength,
                              ByteBuffer[] dsts,
                              int dstsOffset,
                              int dstsLength)
                       throws SSLException

Throws:

SSLException

wrap

public final SSLEngineResult wrap(ByteBuffer src,
                                  ByteBuffer dst)
                           throws SSLException

Overrides:

wrap in class SSLEngine

Throws:

SSLException

wrap

public SSLEngineResult wrap(ByteBuffer[] srcs,
                            int offset,
                            int length,
                            ByteBuffer dst)
                     throws SSLException

Specified by:

wrap in class SSLEngine

Throws:

SSLException

clientPSKKeyRequested

public int clientPSKKeyRequested(String identityHint,
                                 byte[] identity,
                                 byte[] key)

Description copied from interface: NativeCrypto.SSLHandshakeCallbacks

Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.

Specified by:

clientPSKKeyRequested in interface NativeCrypto.SSLHandshakeCallbacks

Parameters:

identityHint - PSK identity hint provided by the server or null if no hint provided.

identity - buffer to be populated with PSK identity (NULL-terminated modified UTF-8) by this method. This identity will be provided to the server.

key - buffer to be populated with key material by this method.

Returns:

number of bytes this method stored in the key buffer or 0 if an error occurred in which case the handshake will be aborted.

serverPSKKeyRequested

public int serverPSKKeyRequested(String identityHint,
                                 String identity,
                                 byte[] key)

Description copied from interface: NativeCrypto.SSLHandshakeCallbacks

Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.

Specified by:

serverPSKKeyRequested in interface NativeCrypto.SSLHandshakeCallbacks

Parameters:

identityHint - PSK identity hint provided by this server to the client or null if no hint was provided.

identity - PSK identity provided by the client.

key - buffer to be populated with key material by this method.

Returns:

number of bytes this method stored in the key buffer or 0 if an error occurred in which case the handshake will be aborted.

onSSLStateChange

public void onSSLStateChange(int type,
                             int val)

Description copied from interface: NativeCrypto.SSLHandshakeCallbacks

Called when SSL state changes. This could be handshake completion.

Specified by:

onSSLStateChange in interface NativeCrypto.SSLHandshakeCallbacks

verifyCertificateChain

public void verifyCertificateChain(long[] certRefs,
                                   String authMethod)
                            throws CertificateException

Description copied from interface: NativeCrypto.SSLHandshakeCallbacks

Verify that we trust the certificate chain is trusted.

Specified by:

verifyCertificateChain in interface NativeCrypto.SSLHandshakeCallbacks

Parameters:

certRefs - chain of X.509 certificate references

authMethod - auth algorithm name

Throws:

CertificateException - if the certificate is untrusted

clientCertificateRequested

public void clientCertificateRequested(byte[] keyTypeBytes,
                                       byte[][] asn1DerEncodedPrincipals)
                                throws CertificateEncodingException,
                                       SSLException

Description copied from interface: NativeCrypto.SSLHandshakeCallbacks

Called on an SSL client when the server requests (or requires a certificate). The client can respond by using SSL_use_certificate and SSL_use_PrivateKey to set a certificate if has an appropriate one available, similar to how the server provides its certificate.

Specified by:

clientCertificateRequested in interface NativeCrypto.SSLHandshakeCallbacks

Parameters:

keyTypeBytes - key types supported by the server, convertible to strings with #keyType

asn1DerEncodedPrincipals - CAs known to the server

Throws:

CertificateEncodingException

SSLException

finalize

protected void finalize()
                 throws Throwable

Overrides:

finalize in class Object

Throws:

Throwable

getHandshakeSession

public SSLSession getHandshakeSession()

Overrides:

getHandshakeSession in class SSLEngine

chooseServerAlias

public String chooseServerAlias(X509KeyManager keyManager,
                                String keyType)

Specified by:

chooseServerAlias in interface SSLParametersImpl.AliasChooser

chooseClientAlias

public String chooseClientAlias(X509KeyManager keyManager,
                                X500Principal[] issuers,
                                String[] keyTypes)

Specified by:

chooseClientAlias in interface SSLParametersImpl.AliasChooser

chooseServerPSKIdentityHint

public String chooseServerPSKIdentityHint(PSKKeyManager keyManager)

Specified by:

chooseServerPSKIdentityHint in interface SSLParametersImpl.PSKCallbacks

chooseClientPSKIdentity

public String chooseClientPSKIdentity(PSKKeyManager keyManager,
                                      String identityHint)

Specified by:

chooseClientPSKIdentity in interface SSLParametersImpl.PSKCallbacks

getPSKKey

public SecretKey getPSKKey(PSKKeyManager keyManager,
                           String identityHint,
                           String identity)

Specified by:

getPSKKey in interface SSLParametersImpl.PSKCallbacks

setUseSessionTickets

public void setUseSessionTickets(boolean useSessionTickets)

This method enables session ticket support.

Parameters:

useSessionTickets - True to enable session tickets

setNpnProtocols

public void setNpnProtocols(byte[] npnProtocols)

This method does nothing and is kept for backward compatibility.

setAlpnProtocols

public void setAlpnProtocols(byte[] alpnProtocols)

Sets the list of protocols this peer is interested in. If the list is null, no protocols will be used.

Parameters:

alpnProtocols - a non-empty array of protocol names. From SSL_select_next_proto, "vector of 8-bit, length prefixed byte strings. The length byte itself is not included in the length. A byte string of length 0 is invalid. No byte string may be truncated.".

getNpnSelectedProtocol

public byte[] getNpnSelectedProtocol()

Returns null always for backward compatibility.

getAlpnSelectedProtocol

public byte[] getAlpnSelectedProtocol()

Returns the protocol agreed upon by client and server, or null if no protocol was agreed upon.