Package org.conscrypt
Class ConscryptEngine
- java.lang.Object
-
- javax.net.ssl.SSLEngine
-
- org.conscrypt.AbstractConscryptEngine
-
- org.conscrypt.ConscryptEngine
-
- All Implemented Interfaces:
NativeCrypto.SSLHandshakeCallbacks
,SSLParametersImpl.AliasChooser
,SSLParametersImpl.PSKCallbacks
final class ConscryptEngine extends AbstractConscryptEngine implements NativeCrypto.SSLHandshakeCallbacks, SSLParametersImpl.AliasChooser, SSLParametersImpl.PSKCallbacks
Implements theSSLEngine
API using OpenSSL's non-blocking interfaces.
-
-
Field Summary
Fields Modifier and Type Field Description private ActiveSession
activeSession
Set during startHandshake.private BufferAllocator
bufferAllocator
private OpenSSLKey
channelIdPrivateKey
Private key for the TLS Channel ID extension.private static javax.net.ssl.SSLEngineResult
CLOSED_NOT_HANDSHAKING
private SessionSnapshot
closedSession
A snapshot of the active session when the engine was closed.private static BufferAllocator
defaultBufferAllocator
private javax.net.ssl.SSLSession
externalSession
The session object exposed externally from this class.private boolean
handshakeFinished
private HandshakeListener
handshakeListener
private java.nio.ByteBuffer
lazyDirectBuffer
A lazy-created direct buffer used as a bridge between heap buffers provided by the application and JNI.private int
maxSealOverhead
private static javax.net.ssl.SSLEngineResult
NEED_UNWRAP_CLOSED
private static javax.net.ssl.SSLEngineResult
NEED_UNWRAP_OK
private static javax.net.ssl.SSLEngineResult
NEED_WRAP_CLOSED
private static javax.net.ssl.SSLEngineResult
NEED_WRAP_OK
private NativeSsl.BioWrapper
networkBio
The BIO used for reading/writing encrypted bytes.private java.lang.String
peerHostname
Hostname used with the TLS extension SNI hostname.private PeerInfoProvider
peerInfoProvider
private java.nio.ByteBuffer[]
singleDstBuffer
private java.nio.ByteBuffer[]
singleSrcBuffer
private NativeSsl
ssl
Wrapper around the underlying SSL object.private SSLParametersImpl
sslParameters
private int
state
-
Constructor Summary
Constructors Constructor Description ConscryptEngine(java.lang.String host, int port, SSLParametersImpl sslParameters)
ConscryptEngine(SSLParametersImpl sslParameters)
ConscryptEngine(SSLParametersImpl sslParameters, PeerInfoProvider peerInfoProvider, SSLParametersImpl.AliasChooser aliasChooser)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
beginHandshake()
private void
beginHandshakeInternal()
private static int
calcDstsLength(java.nio.ByteBuffer[] dsts, int dstsOffset, int dstsLength)
private static long
calcSrcsLength(java.nio.ByteBuffer[] srcs, int srcsOffset, int srcsEndOffset)
java.lang.String
chooseClientAlias(javax.net.ssl.X509KeyManager keyManager, javax.security.auth.x500.X500Principal[] issuers, java.lang.String[] keyTypes)
java.lang.String
chooseClientPSKIdentity(PSKKeyManager keyManager, java.lang.String identityHint)
java.lang.String
chooseServerAlias(javax.net.ssl.X509KeyManager keyManager, java.lang.String keyType)
java.lang.String
chooseServerPSKIdentityHint(PSKKeyManager keyManager)
void
clientCertificateRequested(byte[] keyTypeBytes, int[] signatureAlgs, byte[][] asn1DerEncodedPrincipals)
Called on an SSL client when the server requests (or requires a certificate).int
clientPSKKeyRequested(java.lang.String identityHint, byte[] identity, byte[] key)
Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.private ClientSessionContext
clientSessionContext()
private void
closeAll()
private void
closeAndFreeResources()
void
closeInbound()
void
closeOutbound()
private javax.net.ssl.SSLException
convertException(java.lang.Throwable e)
private long
directByteBufferAddress(java.nio.ByteBuffer directBuffer, int pos)
(package private) byte[]
exportKeyingMaterial(java.lang.String label, byte[] context, int length)
Exports a value derived from the TLS master secret as described in RFC 5705.protected void
finalize()
private void
finishHandshake()
private void
freeIfDone()
java.lang.String
getApplicationProtocol()
(package private) java.lang.String[]
getApplicationProtocols()
Returns the list of supported ALPN protocols.(package private) byte[]
getChannelId()
Gets the TLS Channel ID for this server engine.(package private) static BufferAllocator
getDefaultBufferAllocator()
Returns the defaultBufferAllocator
, which may benull
if no default has been explicitly set.java.lang.Runnable
getDelegatedTask()
java.lang.String[]
getEnabledCipherSuites()
java.lang.String[]
getEnabledProtocols()
boolean
getEnableSessionCreation()
private javax.net.ssl.SSLEngineResult.Status
getEngineStatus()
java.lang.String
getHandshakeApplicationProtocol()
javax.net.ssl.SSLEngineResult.HandshakeStatus
getHandshakeStatus()
private javax.net.ssl.SSLEngineResult.HandshakeStatus
getHandshakeStatus(int pending)
private javax.net.ssl.SSLEngineResult.HandshakeStatus
getHandshakeStatusInternal()
(package private) java.lang.String
getHostname()
Returns the hostname fromsetHostname(String)
or supplied by thePeerInfoProvider
upon creation.boolean
getNeedClientAuth()
private java.nio.ByteBuffer
getOrCreateLazyDirectBuffer()
java.lang.String
getPeerHost()
int
getPeerPort()
javax.crypto.SecretKey
getPSKKey(PSKKeyManager keyManager, java.lang.String identityHint, java.lang.String identity)
javax.net.ssl.SSLSession
getSession()
javax.net.ssl.SSLParameters
getSSLParameters()
java.lang.String[]
getSupportedCipherSuites()
java.lang.String[]
getSupportedProtocols()
(package private) byte[]
getTlsUnique()
Returns the tls-unique channel binding value for this connection, per RFC 5929.boolean
getUseClientMode()
boolean
getWantClientAuth()
private javax.net.ssl.SSLEngineResult.HandshakeStatus
handshake()
(package private) javax.net.ssl.SSLSession
handshakeSession()
Work-around to allow this method to be called on older versions of Android.private boolean
isHandshakeStarted()
boolean
isInboundDone()
boolean
isOutboundDone()
(package private) int
maxSealOverhead()
Returns the maximum overhead, in bytes, of sealing a record with SSL.private javax.net.ssl.SSLEngineResult.HandshakeStatus
mayFinishHandshake(javax.net.ssl.SSLEngineResult.HandshakeStatus status)
private javax.net.ssl.SSLEngineResult
newResult(int bytesConsumed, int bytesProduced, javax.net.ssl.SSLEngineResult.HandshakeStatus status)
private static NativeSsl
newSsl(SSLParametersImpl sslParameters, ConscryptEngine engine, SSLParametersImpl.AliasChooser aliasChooser)
private javax.net.ssl.SSLException
newSslExceptionWithMessage(java.lang.String err)
void
onNewSessionEstablished(long sslSessionNativePtr)
Called when a new session has been established and may be added to the session cache.void
onSSLStateChange(int type, int val)
Called when SSL state changes.private int
pendingInboundCleartextBytes()
(package private) int
pendingOutboundEncryptedBytes()
private static javax.net.ssl.SSLEngineResult.HandshakeStatus
pendingStatus(int pendingOutboundBytes)
private ConscryptSession
provideAfterHandshakeSession()
private ConscryptSession
provideHandshakeSession()
private ConscryptSession
provideSession()
private int
readEncryptedData(java.nio.ByteBuffer dst, int pending)
Read encrypted data from the OpenSSL network BIOprivate int
readEncryptedDataDirect(java.nio.ByteBuffer dst, int pos, int len)
private int
readEncryptedDataHeap(java.nio.ByteBuffer dst, int len)
private javax.net.ssl.SSLEngineResult
readPendingBytesFromBIO(java.nio.ByteBuffer dst, int bytesConsumed, int bytesProduced, javax.net.ssl.SSLEngineResult.HandshakeStatus status)
private int
readPlaintextData(java.nio.ByteBuffer dst)
Read plaintext data from the OpenSSL internal BIOprivate int
readPlaintextDataDirect(java.nio.ByteBuffer dst, int pos, int len)
private int
readPlaintextDataHeap(java.nio.ByteBuffer dst, int len)
private void
resetSingleDstBuffer()
private void
resetSingleSrcBuffer()
int
selectApplicationProtocol(byte[] protocols)
Called when acting as a server, the socket has anApplicationProtocolSelectorAdapter
associated with it, and the application protocol needs to be selected.private void
sendSSLShutdown()
void
serverCertificateRequested()
Called when acting as a server during ClientHello processing before a decision to resume a session is made.int
serverPSKKeyRequested(java.lang.String identityHint, java.lang.String identity, byte[] key)
Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.long
serverSessionRequested(byte[] id)
Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than application session caches).private AbstractSessionContext
sessionContext()
(package private) void
setApplicationProtocols(java.lang.String[] protocols)
Sets the list of ALPN protocols.(package private) void
setApplicationProtocolSelector(ApplicationProtocolSelector selector)
Sets an application-provided ALPN protocol selector.(package private) void
setApplicationProtocolSelector(ApplicationProtocolSelectorAdapter adapter)
(package private) void
setBufferAllocator(BufferAllocator bufferAllocator)
(package private) void
setChannelIdEnabled(boolean enabled)
Enables/disables TLS Channel ID for this server engine.(package private) void
setChannelIdPrivateKey(java.security.PrivateKey privateKey)
Sets thePrivateKey
to be used for TLS Channel ID by this client engine.(package private) static void
setDefaultBufferAllocator(BufferAllocator bufferAllocator)
Configures the defaultBufferAllocator
to be used by all futureSSLEngine
andConscryptEngineSocket
instances from this provider.void
setEnabledCipherSuites(java.lang.String[] suites)
void
setEnabledProtocols(java.lang.String[] protocols)
void
setEnableSessionCreation(boolean flag)
(package private) void
setHandshakeListener(HandshakeListener handshakeListener)
Sets the listener for the completion of the TLS handshake.(package private) void
setHostname(java.lang.String hostname)
This method enables Server Name Indication (SNI) and overrides thePeerInfoProvider
supplied during engine creation.void
setNeedClientAuth(boolean need)
void
setSSLParameters(javax.net.ssl.SSLParameters p)
void
setUseClientMode(boolean mode)
(package private) void
setUseSessionTickets(boolean useSessionTickets)
This method enables session ticket support.void
setWantClientAuth(boolean want)
private java.nio.ByteBuffer[]
singleDstBuffer(java.nio.ByteBuffer src)
private java.nio.ByteBuffer[]
singleSrcBuffer(java.nio.ByteBuffer src)
private void
transitionTo(int newState)
(package private) javax.net.ssl.SSLEngineResult
unwrap(java.nio.ByteBuffer[] srcs, int srcsOffset, int srcsLength, java.nio.ByteBuffer[] dsts, int dstsOffset, int dstsLength)
(package private) javax.net.ssl.SSLEngineResult
unwrap(java.nio.ByteBuffer[] srcs, java.nio.ByteBuffer[] dsts)
javax.net.ssl.SSLEngineResult
unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer dst)
javax.net.ssl.SSLEngineResult
unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer[] dsts)
javax.net.ssl.SSLEngineResult
unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer[] dsts, int offset, int length)
void
verifyCertificateChain(byte[][] certChain, java.lang.String authMethod)
Verify that the certificate chain is trusted.javax.net.ssl.SSLEngineResult
wrap(java.nio.ByteBuffer[] srcs, int srcsOffset, int srcsLength, java.nio.ByteBuffer dst)
javax.net.ssl.SSLEngineResult
wrap(java.nio.ByteBuffer src, java.nio.ByteBuffer dst)
private int
writeEncryptedData(java.nio.ByteBuffer src, int len)
Write encrypted data to the OpenSSL network BIO.private int
writeEncryptedDataDirect(java.nio.ByteBuffer src, int pos, int len)
private int
writeEncryptedDataHeap(java.nio.ByteBuffer src, int pos, int len)
private int
writePlaintextData(java.nio.ByteBuffer src, int len)
Write plaintext data to the OpenSSL internal BIO Calling this function with src.remaining == 0 is undefined.private int
writePlaintextDataDirect(java.nio.ByteBuffer src, int pos, int len)
private int
writePlaintextDataHeap(java.nio.ByteBuffer src, int pos, int len)
-
Methods inherited from class org.conscrypt.AbstractConscryptEngine
getHandshakeSession
-
-
-
-
Field Detail
-
NEED_UNWRAP_OK
private static final javax.net.ssl.SSLEngineResult NEED_UNWRAP_OK
-
NEED_UNWRAP_CLOSED
private static final javax.net.ssl.SSLEngineResult NEED_UNWRAP_CLOSED
-
NEED_WRAP_OK
private static final javax.net.ssl.SSLEngineResult NEED_WRAP_OK
-
NEED_WRAP_CLOSED
private static final javax.net.ssl.SSLEngineResult NEED_WRAP_CLOSED
-
CLOSED_NOT_HANDSHAKING
private static final javax.net.ssl.SSLEngineResult CLOSED_NOT_HANDSHAKING
-
defaultBufferAllocator
private static BufferAllocator defaultBufferAllocator
-
sslParameters
private final SSLParametersImpl sslParameters
-
bufferAllocator
private BufferAllocator bufferAllocator
-
lazyDirectBuffer
private java.nio.ByteBuffer lazyDirectBuffer
A lazy-created direct buffer used as a bridge between heap buffers provided by the application and JNI. This avoids the overhead of calling JNI with heap buffers. Used only when nobufferAllocator
has been provided.
-
peerHostname
private java.lang.String peerHostname
Hostname used with the TLS extension SNI hostname.
-
state
private int state
-
handshakeFinished
private boolean handshakeFinished
-
ssl
private final NativeSsl ssl
Wrapper around the underlying SSL object.
-
networkBio
private final NativeSsl.BioWrapper networkBio
The BIO used for reading/writing encrypted bytes.
-
activeSession
private ActiveSession activeSession
Set during startHandshake.
-
closedSession
private SessionSnapshot closedSession
A snapshot of the active session when the engine was closed.
-
externalSession
private final javax.net.ssl.SSLSession externalSession
The session object exposed externally from this class.
-
channelIdPrivateKey
private OpenSSLKey channelIdPrivateKey
Private key for the TLS Channel ID extension. This field is client-side only. Set during startHandshake.
-
maxSealOverhead
private int maxSealOverhead
-
handshakeListener
private HandshakeListener handshakeListener
-
singleSrcBuffer
private final java.nio.ByteBuffer[] singleSrcBuffer
-
singleDstBuffer
private final java.nio.ByteBuffer[] singleDstBuffer
-
peerInfoProvider
private final PeerInfoProvider peerInfoProvider
-
-
Constructor Detail
-
ConscryptEngine
ConscryptEngine(SSLParametersImpl sslParameters)
-
ConscryptEngine
ConscryptEngine(java.lang.String host, int port, SSLParametersImpl sslParameters)
-
ConscryptEngine
ConscryptEngine(SSLParametersImpl sslParameters, PeerInfoProvider peerInfoProvider, SSLParametersImpl.AliasChooser aliasChooser)
-
-
Method Detail
-
newSsl
private static NativeSsl newSsl(SSLParametersImpl sslParameters, ConscryptEngine engine, SSLParametersImpl.AliasChooser aliasChooser)
-
setDefaultBufferAllocator
static void setDefaultBufferAllocator(BufferAllocator bufferAllocator)
Configures the defaultBufferAllocator
to be used by all futureSSLEngine
andConscryptEngineSocket
instances from this provider.
-
getDefaultBufferAllocator
static BufferAllocator getDefaultBufferAllocator()
Returns the defaultBufferAllocator
, which may benull
if no default has been explicitly set.
-
setBufferAllocator
void setBufferAllocator(BufferAllocator bufferAllocator)
- Specified by:
setBufferAllocator
in classAbstractConscryptEngine
-
maxSealOverhead
int maxSealOverhead()
Returns the maximum overhead, in bytes, of sealing a record with SSL.- Specified by:
maxSealOverhead
in classAbstractConscryptEngine
-
setChannelIdEnabled
void setChannelIdEnabled(boolean enabled)
Enables/disables TLS Channel ID for this server engine.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdEnabled
in classAbstractConscryptEngine
- Throws:
java.lang.IllegalStateException
- if this is a client engine or if the handshake has already started.
-
getChannelId
byte[] getChannelId() throws javax.net.ssl.SSLException
Gets the TLS Channel ID for this server engine. Channel ID is only available once the handshake completes.- Specified by:
getChannelId
in classAbstractConscryptEngine
- Returns:
- channel ID or
null
if not available. - Throws:
java.lang.IllegalStateException
- if this is a client engine or if the handshake has not yet completed.javax.net.ssl.SSLException
- if channel ID is available but could not be obtained.
-
setChannelIdPrivateKey
void setChannelIdPrivateKey(java.security.PrivateKey privateKey)
Sets thePrivateKey
to be used for TLS Channel ID by this client engine.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdPrivateKey
in classAbstractConscryptEngine
- Parameters:
privateKey
- private key (enables TLS Channel ID) ornull
for no key (disables TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).- Throws:
java.lang.IllegalStateException
- if this is a server engine or if the handshake has already started.
-
setHandshakeListener
void setHandshakeListener(HandshakeListener handshakeListener)
Sets the listener for the completion of the TLS handshake.- Specified by:
setHandshakeListener
in classAbstractConscryptEngine
-
isHandshakeStarted
private boolean isHandshakeStarted()
-
setHostname
void setHostname(java.lang.String hostname)
This method enables Server Name Indication (SNI) and overrides thePeerInfoProvider
supplied during engine creation. If the hostname is not a valid SNI hostname, the SNI extension will be omitted from the handshake.- Specified by:
setHostname
in classAbstractConscryptEngine
-
getHostname
java.lang.String getHostname()
Returns the hostname fromsetHostname(String)
or supplied by thePeerInfoProvider
upon creation. No DNS resolution is attempted before returning the hostname.- Specified by:
getHostname
in classAbstractConscryptEngine
-
getPeerHost
public java.lang.String getPeerHost()
- Specified by:
getPeerHost
in classAbstractConscryptEngine
-
getPeerPort
public int getPeerPort()
- Specified by:
getPeerPort
in classAbstractConscryptEngine
-
beginHandshake
public void beginHandshake() throws javax.net.ssl.SSLException
- Specified by:
beginHandshake
in classjavax.net.ssl.SSLEngine
- Throws:
javax.net.ssl.SSLException
-
beginHandshakeInternal
private void beginHandshakeInternal() throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
closeInbound
public void closeInbound()
- Specified by:
closeInbound
in classjavax.net.ssl.SSLEngine
-
closeOutbound
public void closeOutbound()
- Specified by:
closeOutbound
in classjavax.net.ssl.SSLEngine
-
getDelegatedTask
public java.lang.Runnable getDelegatedTask()
- Specified by:
getDelegatedTask
in classjavax.net.ssl.SSLEngine
-
getEnabledCipherSuites
public java.lang.String[] getEnabledCipherSuites()
- Specified by:
getEnabledCipherSuites
in classjavax.net.ssl.SSLEngine
-
getEnabledProtocols
public java.lang.String[] getEnabledProtocols()
- Specified by:
getEnabledProtocols
in classjavax.net.ssl.SSLEngine
-
getEnableSessionCreation
public boolean getEnableSessionCreation()
- Specified by:
getEnableSessionCreation
in classjavax.net.ssl.SSLEngine
-
getSSLParameters
public javax.net.ssl.SSLParameters getSSLParameters()
- Overrides:
getSSLParameters
in classjavax.net.ssl.SSLEngine
-
setSSLParameters
public void setSSLParameters(javax.net.ssl.SSLParameters p)
- Overrides:
setSSLParameters
in classjavax.net.ssl.SSLEngine
-
getHandshakeStatus
public javax.net.ssl.SSLEngineResult.HandshakeStatus getHandshakeStatus()
- Specified by:
getHandshakeStatus
in classjavax.net.ssl.SSLEngine
-
getHandshakeStatusInternal
private javax.net.ssl.SSLEngineResult.HandshakeStatus getHandshakeStatusInternal()
-
pendingOutboundEncryptedBytes
int pendingOutboundEncryptedBytes()
-
pendingInboundCleartextBytes
private int pendingInboundCleartextBytes()
-
pendingStatus
private static javax.net.ssl.SSLEngineResult.HandshakeStatus pendingStatus(int pendingOutboundBytes)
-
getNeedClientAuth
public boolean getNeedClientAuth()
- Specified by:
getNeedClientAuth
in classjavax.net.ssl.SSLEngine
-
handshakeSession
javax.net.ssl.SSLSession handshakeSession()
Work-around to allow this method to be called on older versions of Android.- Specified by:
handshakeSession
in classAbstractConscryptEngine
-
getSession
public javax.net.ssl.SSLSession getSession()
- Specified by:
getSession
in classjavax.net.ssl.SSLEngine
-
provideSession
private ConscryptSession provideSession()
-
provideHandshakeSession
private ConscryptSession provideHandshakeSession()
-
provideAfterHandshakeSession
private ConscryptSession provideAfterHandshakeSession()
-
getSupportedCipherSuites
public java.lang.String[] getSupportedCipherSuites()
- Specified by:
getSupportedCipherSuites
in classjavax.net.ssl.SSLEngine
-
getSupportedProtocols
public java.lang.String[] getSupportedProtocols()
- Specified by:
getSupportedProtocols
in classjavax.net.ssl.SSLEngine
-
getUseClientMode
public boolean getUseClientMode()
- Specified by:
getUseClientMode
in classjavax.net.ssl.SSLEngine
-
getWantClientAuth
public boolean getWantClientAuth()
- Specified by:
getWantClientAuth
in classjavax.net.ssl.SSLEngine
-
isInboundDone
public boolean isInboundDone()
- Specified by:
isInboundDone
in classjavax.net.ssl.SSLEngine
-
isOutboundDone
public boolean isOutboundDone()
- Specified by:
isOutboundDone
in classjavax.net.ssl.SSLEngine
-
setEnabledCipherSuites
public void setEnabledCipherSuites(java.lang.String[] suites)
- Specified by:
setEnabledCipherSuites
in classjavax.net.ssl.SSLEngine
-
setEnabledProtocols
public void setEnabledProtocols(java.lang.String[] protocols)
- Specified by:
setEnabledProtocols
in classjavax.net.ssl.SSLEngine
-
setEnableSessionCreation
public void setEnableSessionCreation(boolean flag)
- Specified by:
setEnableSessionCreation
in classjavax.net.ssl.SSLEngine
-
setNeedClientAuth
public void setNeedClientAuth(boolean need)
- Specified by:
setNeedClientAuth
in classjavax.net.ssl.SSLEngine
-
setUseClientMode
public void setUseClientMode(boolean mode)
- Specified by:
setUseClientMode
in classjavax.net.ssl.SSLEngine
-
setWantClientAuth
public void setWantClientAuth(boolean want)
- Specified by:
setWantClientAuth
in classjavax.net.ssl.SSLEngine
-
unwrap
public javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer dst) throws javax.net.ssl.SSLException
- Specified by:
unwrap
in classAbstractConscryptEngine
- Throws:
javax.net.ssl.SSLException
-
unwrap
public javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer[] dsts) throws javax.net.ssl.SSLException
- Specified by:
unwrap
in classAbstractConscryptEngine
- Throws:
javax.net.ssl.SSLException
-
unwrap
public javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer[] dsts, int offset, int length) throws javax.net.ssl.SSLException
- Specified by:
unwrap
in classAbstractConscryptEngine
- Throws:
javax.net.ssl.SSLException
-
unwrap
javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer[] srcs, java.nio.ByteBuffer[] dsts) throws javax.net.ssl.SSLException
- Specified by:
unwrap
in classAbstractConscryptEngine
- Throws:
javax.net.ssl.SSLException
-
unwrap
javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer[] srcs, int srcsOffset, int srcsLength, java.nio.ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws javax.net.ssl.SSLException
- Specified by:
unwrap
in classAbstractConscryptEngine
- Throws:
javax.net.ssl.SSLException
-
calcDstsLength
private static int calcDstsLength(java.nio.ByteBuffer[] dsts, int dstsOffset, int dstsLength)
-
calcSrcsLength
private static long calcSrcsLength(java.nio.ByteBuffer[] srcs, int srcsOffset, int srcsEndOffset)
-
handshake
private javax.net.ssl.SSLEngineResult.HandshakeStatus handshake() throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
finishHandshake
private void finishHandshake() throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
writePlaintextData
private int writePlaintextData(java.nio.ByteBuffer src, int len) throws javax.net.ssl.SSLException
Write plaintext data to the OpenSSL internal BIO Calling this function with src.remaining == 0 is undefined.- Throws:
javax.net.ssl.SSLException
-
writePlaintextDataDirect
private int writePlaintextDataDirect(java.nio.ByteBuffer src, int pos, int len) throws java.io.IOException
- Throws:
java.io.IOException
-
writePlaintextDataHeap
private int writePlaintextDataHeap(java.nio.ByteBuffer src, int pos, int len) throws java.io.IOException
- Throws:
java.io.IOException
-
readPlaintextData
private int readPlaintextData(java.nio.ByteBuffer dst) throws java.io.IOException
Read plaintext data from the OpenSSL internal BIO- Throws:
java.io.IOException
-
readPlaintextDataDirect
private int readPlaintextDataDirect(java.nio.ByteBuffer dst, int pos, int len) throws java.io.IOException, java.security.cert.CertificateException
- Throws:
java.io.IOException
java.security.cert.CertificateException
-
readPlaintextDataHeap
private int readPlaintextDataHeap(java.nio.ByteBuffer dst, int len) throws java.io.IOException, java.security.cert.CertificateException
- Throws:
java.io.IOException
java.security.cert.CertificateException
-
convertException
private javax.net.ssl.SSLException convertException(java.lang.Throwable e)
-
writeEncryptedData
private int writeEncryptedData(java.nio.ByteBuffer src, int len) throws javax.net.ssl.SSLException
Write encrypted data to the OpenSSL network BIO.- Throws:
javax.net.ssl.SSLException
-
writeEncryptedDataDirect
private int writeEncryptedDataDirect(java.nio.ByteBuffer src, int pos, int len) throws java.io.IOException
- Throws:
java.io.IOException
-
writeEncryptedDataHeap
private int writeEncryptedDataHeap(java.nio.ByteBuffer src, int pos, int len) throws java.io.IOException
- Throws:
java.io.IOException
-
getOrCreateLazyDirectBuffer
private java.nio.ByteBuffer getOrCreateLazyDirectBuffer()
-
directByteBufferAddress
private long directByteBufferAddress(java.nio.ByteBuffer directBuffer, int pos)
-
readPendingBytesFromBIO
private javax.net.ssl.SSLEngineResult readPendingBytesFromBIO(java.nio.ByteBuffer dst, int bytesConsumed, int bytesProduced, javax.net.ssl.SSLEngineResult.HandshakeStatus status) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
readEncryptedData
private int readEncryptedData(java.nio.ByteBuffer dst, int pending) throws javax.net.ssl.SSLException
Read encrypted data from the OpenSSL network BIO- Throws:
javax.net.ssl.SSLException
-
readEncryptedDataDirect
private int readEncryptedDataDirect(java.nio.ByteBuffer dst, int pos, int len) throws java.io.IOException
- Throws:
java.io.IOException
-
readEncryptedDataHeap
private int readEncryptedDataHeap(java.nio.ByteBuffer dst, int len) throws java.io.IOException
- Throws:
java.io.IOException
-
mayFinishHandshake
private javax.net.ssl.SSLEngineResult.HandshakeStatus mayFinishHandshake(javax.net.ssl.SSLEngineResult.HandshakeStatus status) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
getHandshakeStatus
private javax.net.ssl.SSLEngineResult.HandshakeStatus getHandshakeStatus(int pending)
-
getEngineStatus
private javax.net.ssl.SSLEngineResult.Status getEngineStatus()
-
closeAll
private void closeAll()
-
freeIfDone
private void freeIfDone()
-
newSslExceptionWithMessage
private javax.net.ssl.SSLException newSslExceptionWithMessage(java.lang.String err)
-
newResult
private javax.net.ssl.SSLEngineResult newResult(int bytesConsumed, int bytesProduced, javax.net.ssl.SSLEngineResult.HandshakeStatus status) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
wrap
public javax.net.ssl.SSLEngineResult wrap(java.nio.ByteBuffer src, java.nio.ByteBuffer dst) throws javax.net.ssl.SSLException
- Specified by:
wrap
in classAbstractConscryptEngine
- Throws:
javax.net.ssl.SSLException
-
wrap
public javax.net.ssl.SSLEngineResult wrap(java.nio.ByteBuffer[] srcs, int srcsOffset, int srcsLength, java.nio.ByteBuffer dst) throws javax.net.ssl.SSLException
- Specified by:
wrap
in classAbstractConscryptEngine
- Throws:
javax.net.ssl.SSLException
-
clientPSKKeyRequested
public int clientPSKKeyRequested(java.lang.String identityHint, byte[] identity, byte[] key)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.- Specified by:
clientPSKKeyRequested
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
identityHint
- PSK identity hint provided by the server ornull
if no hint provided.identity
- buffer to be populated with PSK identity (NULL-terminated modified UTF-8) by this method. This identity will be provided to the server.key
- buffer to be populated with key material by this method.- Returns:
- number of bytes this method stored in the
key
buffer or0
if an error occurred in which case the handshake will be aborted.
-
serverPSKKeyRequested
public int serverPSKKeyRequested(java.lang.String identityHint, java.lang.String identity, byte[] key)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.- Specified by:
serverPSKKeyRequested
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
identityHint
- PSK identity hint provided by this server to the client ornull
if no hint was provided.identity
- PSK identity provided by the client.key
- buffer to be populated with key material by this method.- Returns:
- number of bytes this method stored in the
key
buffer or0
if an error occurred in which case the handshake will be aborted.
-
onSSLStateChange
public void onSSLStateChange(int type, int val)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called when SSL state changes. This could be handshake completion.- Specified by:
onSSLStateChange
in interfaceNativeCrypto.SSLHandshakeCallbacks
-
serverCertificateRequested
public void serverCertificateRequested() throws java.io.IOException
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called when acting as a server during ClientHello processing before a decision to resume a session is made. This allows the selection of the correct server certificate based on things like Server Name Indication (SNI).- Specified by:
serverCertificateRequested
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Throws:
java.io.IOException
- if there was an error during certificate selection.
-
onNewSessionEstablished
public void onNewSessionEstablished(long sslSessionNativePtr)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called when a new session has been established and may be added to the session cache. The callee is responsible for incrementing the reference count on the returned session.- Specified by:
onNewSessionEstablished
in interfaceNativeCrypto.SSLHandshakeCallbacks
-
serverSessionRequested
public long serverSessionRequested(byte[] id)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than application session caches). Looks up the session by ID in the application's session cache. If a valid session is returned, this callback is responsible for incrementing the reference count (and any required synchronization).- Specified by:
serverSessionRequested
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
id
- the ID of the session to find.- Returns:
- the cached session or
0
if no session was found matching the given ID.
-
verifyCertificateChain
public void verifyCertificateChain(byte[][] certChain, java.lang.String authMethod) throws java.security.cert.CertificateException
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Verify that the certificate chain is trusted.- Specified by:
verifyCertificateChain
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
certChain
- chain of X.509 certificates in their encoded formauthMethod
- auth algorithm name- Throws:
java.security.cert.CertificateException
- if the certificate is untrusted
-
clientCertificateRequested
public void clientCertificateRequested(byte[] keyTypeBytes, int[] signatureAlgs, byte[][] asn1DerEncodedPrincipals) throws java.security.cert.CertificateEncodingException, javax.net.ssl.SSLException
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called on an SSL client when the server requests (or requires a certificate). The client can respond by using SSL_use_certificate and SSL_use_PrivateKey to set a certificate if has an appropriate one available, similar to how the server provides its certificate.- Specified by:
clientCertificateRequested
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
keyTypeBytes
- key types supported by the server, convertible to strings with #keyTypeasn1DerEncodedPrincipals
- CAs known to the server- Throws:
java.security.cert.CertificateEncodingException
javax.net.ssl.SSLException
-
sendSSLShutdown
private void sendSSLShutdown()
-
closeAndFreeResources
private void closeAndFreeResources()
-
finalize
protected void finalize() throws java.lang.Throwable
- Overrides:
finalize
in classjava.lang.Object
- Throws:
java.lang.Throwable
-
chooseServerAlias
public java.lang.String chooseServerAlias(javax.net.ssl.X509KeyManager keyManager, java.lang.String keyType)
- Specified by:
chooseServerAlias
in interfaceSSLParametersImpl.AliasChooser
-
chooseClientAlias
public java.lang.String chooseClientAlias(javax.net.ssl.X509KeyManager keyManager, javax.security.auth.x500.X500Principal[] issuers, java.lang.String[] keyTypes)
- Specified by:
chooseClientAlias
in interfaceSSLParametersImpl.AliasChooser
-
chooseServerPSKIdentityHint
public java.lang.String chooseServerPSKIdentityHint(PSKKeyManager keyManager)
- Specified by:
chooseServerPSKIdentityHint
in interfaceSSLParametersImpl.PSKCallbacks
-
chooseClientPSKIdentity
public java.lang.String chooseClientPSKIdentity(PSKKeyManager keyManager, java.lang.String identityHint)
- Specified by:
chooseClientPSKIdentity
in interfaceSSLParametersImpl.PSKCallbacks
-
getPSKKey
public javax.crypto.SecretKey getPSKKey(PSKKeyManager keyManager, java.lang.String identityHint, java.lang.String identity)
- Specified by:
getPSKKey
in interfaceSSLParametersImpl.PSKCallbacks
-
setUseSessionTickets
void setUseSessionTickets(boolean useSessionTickets)
This method enables session ticket support.- Specified by:
setUseSessionTickets
in classAbstractConscryptEngine
- Parameters:
useSessionTickets
- True to enable session tickets
-
getApplicationProtocols
java.lang.String[] getApplicationProtocols()
Description copied from class:AbstractConscryptEngine
Returns the list of supported ALPN protocols.- Specified by:
getApplicationProtocols
in classAbstractConscryptEngine
-
setApplicationProtocols
void setApplicationProtocols(java.lang.String[] protocols)
Description copied from class:AbstractConscryptEngine
Sets the list of ALPN protocols.- Specified by:
setApplicationProtocols
in classAbstractConscryptEngine
- Parameters:
protocols
- the list of ALPN protocols
-
setApplicationProtocolSelector
void setApplicationProtocolSelector(ApplicationProtocolSelector selector)
Description copied from class:AbstractConscryptEngine
Sets an application-provided ALPN protocol selector. If provided, this will override the list of protocols set byAbstractConscryptEngine.setApplicationProtocols(String[])
.- Specified by:
setApplicationProtocolSelector
in classAbstractConscryptEngine
-
getTlsUnique
byte[] getTlsUnique()
Description copied from class:AbstractConscryptEngine
Returns the tls-unique channel binding value for this connection, per RFC 5929. This will returnnull
if there is no such value available, such as if the handshake has not yet completed or this connection is closed.- Specified by:
getTlsUnique
in classAbstractConscryptEngine
-
exportKeyingMaterial
byte[] exportKeyingMaterial(java.lang.String label, byte[] context, int length) throws javax.net.ssl.SSLException
Description copied from class:AbstractConscryptEngine
Exports a value derived from the TLS master secret as described in RFC 5705.- Specified by:
exportKeyingMaterial
in classAbstractConscryptEngine
- Parameters:
label
- the label to use in calculating the exported value. This must be an ASCII-only string.context
- the application-specific context value to use in calculating the exported value. This may benull
to use no application context, which is treated differently than an empty byte array.length
- the number of bytes of keying material to return.- Returns:
- a value of the specified length, or
null
if the handshake has not yet completed or the connection has been closed. - Throws:
javax.net.ssl.SSLException
- if the value could not be exported.
-
setApplicationProtocolSelector
void setApplicationProtocolSelector(ApplicationProtocolSelectorAdapter adapter)
-
selectApplicationProtocol
public int selectApplicationProtocol(byte[] protocols)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called when acting as a server, the socket has anApplicationProtocolSelectorAdapter
associated with it, and the application protocol needs to be selected.- Specified by:
selectApplicationProtocol
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
protocols
- list of application protocols in length-prefix format- Returns:
- the index offset of the selected protocol
-
getApplicationProtocol
public java.lang.String getApplicationProtocol()
- Specified by:
getApplicationProtocol
in classAbstractConscryptEngine
-
getHandshakeApplicationProtocol
public java.lang.String getHandshakeApplicationProtocol()
- Specified by:
getHandshakeApplicationProtocol
in classAbstractConscryptEngine
-
singleSrcBuffer
private java.nio.ByteBuffer[] singleSrcBuffer(java.nio.ByteBuffer src)
-
resetSingleSrcBuffer
private void resetSingleSrcBuffer()
-
singleDstBuffer
private java.nio.ByteBuffer[] singleDstBuffer(java.nio.ByteBuffer src)
-
resetSingleDstBuffer
private void resetSingleDstBuffer()
-
clientSessionContext
private ClientSessionContext clientSessionContext()
-
sessionContext
private AbstractSessionContext sessionContext()
-
transitionTo
private void transitionTo(int newState)
-
-