Package org.conscrypt
Class ConscryptFileDescriptorSocket
- java.lang.Object
-
- java.net.Socket
-
- javax.net.ssl.SSLSocket
-
- org.conscrypt.AbstractConscryptSocket
-
- org.conscrypt.OpenSSLSocketImpl
-
- org.conscrypt.ConscryptFileDescriptorSocket
-
- All Implemented Interfaces:
java.io.Closeable
,java.lang.AutoCloseable
,NativeCrypto.SSLHandshakeCallbacks
,SSLParametersImpl.AliasChooser
,SSLParametersImpl.PSKCallbacks
- Direct Known Subclasses:
Java8FileDescriptorSocket
class ConscryptFileDescriptorSocket extends OpenSSLSocketImpl implements NativeCrypto.SSLHandshakeCallbacks, SSLParametersImpl.PSKCallbacks, SSLParametersImpl.AliasChooser
Implementation of the class OpenSSLSocketImpl based on OpenSSL.Extensions to SSLSocket include:
- handshake timeout
- session tickets
- Server Name Indication
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private class
ConscryptFileDescriptorSocket.SSLInputStream
This inner class provides input data stream functionality for the OpenSSL native implementation.private class
ConscryptFileDescriptorSocket.SSLOutputStream
This inner class provides output data stream functionality for the OpenSSL native implementation.
-
Field Summary
Fields Modifier and Type Field Description private ActiveSession
activeSession
private OpenSSLKey
channelIdPrivateKey
Private key for the TLS Channel ID extension.private SessionSnapshot
closedSession
A snapshot of the active session when the engine was closed.private static boolean
DBG_STATE
private javax.net.ssl.SSLSession
externalSession
The session object exposed externally from this class.private java.lang.Object
guard
private int
handshakeTimeoutMilliseconds
private ConscryptFileDescriptorSocket.SSLInputStream
is
Protected by synchronizing on ssl.private ConscryptFileDescriptorSocket.SSLOutputStream
os
Protected by synchronizing on ssl.private NativeSsl
ssl
Wrapper around the underlying SSL object.private SSLParametersImpl
sslParameters
private int
state
private int
writeTimeoutMilliseconds
-
Fields inherited from class org.conscrypt.AbstractConscryptSocket
socket
-
-
Constructor Summary
Constructors Constructor Description ConscryptFileDescriptorSocket(java.lang.String hostname, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters)
ConscryptFileDescriptorSocket(java.lang.String hostname, int port, SSLParametersImpl sslParameters)
ConscryptFileDescriptorSocket(java.net.InetAddress address, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters)
ConscryptFileDescriptorSocket(java.net.InetAddress address, int port, SSLParametersImpl sslParameters)
ConscryptFileDescriptorSocket(java.net.Socket socket, java.lang.String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters)
ConscryptFileDescriptorSocket(SSLParametersImpl sslParameters)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private void
assertReadableOrWriteableState()
java.lang.String
chooseClientAlias(javax.net.ssl.X509KeyManager keyManager, javax.security.auth.x500.X500Principal[] issuers, java.lang.String[] keyTypes)
java.lang.String
chooseClientPSKIdentity(PSKKeyManager keyManager, java.lang.String identityHint)
java.lang.String
chooseServerAlias(javax.net.ssl.X509KeyManager keyManager, java.lang.String keyType)
java.lang.String
chooseServerPSKIdentityHint(PSKKeyManager keyManager)
void
clientCertificateRequested(byte[] keyTypeBytes, int[] signatureAlgs, byte[][] asn1DerEncodedPrincipals)
Called on an SSL client when the server requests (or requires a certificate).int
clientPSKKeyRequested(java.lang.String identityHint, byte[] identity, byte[] key)
Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.private ClientSessionContext
clientSessionContext()
void
close()
private void
closeUnderlyingSocket()
(package private) byte[]
exportKeyingMaterial(java.lang.String label, byte[] context, int length)
Exports a value derived from the TLS master secret as described in RFC 5705.protected void
finalize()
private void
free()
(package private) javax.net.ssl.SSLSession
getActiveSession()
Called byAbstractConscryptSocket.notifyHandshakeCompletedListeners()
to get the currently active session.java.lang.String
getApplicationProtocol()
(package private) java.lang.String[]
getApplicationProtocols()
Returns the list of supported ALPN protocols.byte[]
getChannelId()
Gets the TLS Channel ID for this server socket.java.lang.String[]
getEnabledCipherSuites()
java.lang.String[]
getEnabledProtocols()
boolean
getEnableSessionCreation()
java.lang.String
getHandshakeApplicationProtocol()
javax.net.ssl.SSLSession
getHandshakeSession()
java.io.InputStream
getInputStream()
boolean
getNeedClientAuth()
java.io.OutputStream
getOutputStream()
javax.crypto.SecretKey
getPSKKey(PSKKeyManager keyManager, java.lang.String identityHint, java.lang.String identity)
javax.net.ssl.SSLSession
getSession()
int
getSoWriteTimeout()
Note write timeouts are not part of the javax.net.ssl.SSLSocket APIjavax.net.ssl.SSLParameters
getSSLParameters()
java.lang.String[]
getSupportedCipherSuites()
java.lang.String[]
getSupportedProtocols()
(package private) byte[]
getTlsUnique()
Returns the tls-unique channel binding value for this connection, per RFC 5929.boolean
getUseClientMode()
boolean
getWantClientAuth()
private static NativeSsl
newSsl(SSLParametersImpl sslParameters, ConscryptFileDescriptorSocket engine)
void
onNewSessionEstablished(long sslSessionNativePtr)
Called when a new session has been established and may be added to the session cache.void
onSSLStateChange(int type, int val)
Called when SSL state changes.private ConscryptSession
provideAfterHandshakeSession()
private ConscryptSession
provideHandshakeSession()
private ConscryptSession
provideSession()
int
selectApplicationProtocol(byte[] protocols)
Called when acting as a server, the socket has anApplicationProtocolSelectorAdapter
associated with it, and the application protocol needs to be selected.void
serverCertificateRequested()
Called when acting as a server during ClientHello processing before a decision to resume a session is made.int
serverPSKKeyRequested(java.lang.String identityHint, java.lang.String identity, byte[] key)
Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.long
serverSessionRequested(byte[] id)
Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than application session caches).private AbstractSessionContext
sessionContext()
(package private) void
setApplicationProtocols(java.lang.String[] protocols)
Sets the list of ALPN protocols.void
setApplicationProtocolSelector(ApplicationProtocolSelector selector)
Sets an application-provided ALPN protocol selector.(package private) void
setApplicationProtocolSelector(ApplicationProtocolSelectorAdapter selector)
void
setChannelIdEnabled(boolean enabled)
Enables/disables TLS Channel ID for this server socket.void
setChannelIdPrivateKey(java.security.PrivateKey privateKey)
Sets thePrivateKey
to be used for TLS Channel ID by this client socket.void
setEnabledCipherSuites(java.lang.String[] suites)
void
setEnabledProtocols(java.lang.String[] protocols)
void
setEnableSessionCreation(boolean flag)
void
setHandshakeTimeout(int handshakeTimeoutMilliseconds)
Set the handshake timeout on this socket.void
setHostname(java.lang.String hostname)
This method enables Server Name Indication.void
setNeedClientAuth(boolean need)
void
setSoWriteTimeout(int writeTimeoutMilliseconds)
Note write timeouts are not part of the javax.net.ssl.SSLSocket APIvoid
setSSLParameters(javax.net.ssl.SSLParameters p)
void
setUseClientMode(boolean mode)
void
setUseSessionTickets(boolean useSessionTickets)
This method enables session ticket support.void
setWantClientAuth(boolean want)
private void
shutdownAndFreeSslNative()
void
startHandshake()
Starts a TLS/SSL handshake on this connection using some native methods from the OpenSSL library.private void
transitionTo(int newState)
void
verifyCertificateChain(byte[][] certChain, java.lang.String authMethod)
Verify that the certificate chain is trusted.private void
waitForHandshake()
-
Methods inherited from class org.conscrypt.OpenSSLSocketImpl
getAlpnSelectedProtocol, getFileDescriptor$, getHostname, getHostnameOrIP, getNpnSelectedProtocol, setAlpnProtocols, setAlpnProtocols, setNpnProtocols
-
Methods inherited from class org.conscrypt.AbstractConscryptSocket
addHandshakeCompletedListener, bind, checkOpen, connect, connect, getChannel, getInetAddress, getKeepAlive, getLocalAddress, getLocalPort, getLocalSocketAddress, getOOBInline, getPort, getReceiveBufferSize, getRemoteSocketAddress, getReuseAddress, getSendBufferSize, getSoLinger, getSoTimeout, getTcpNoDelay, getTrafficClass, isBound, isClosed, isConnected, isInputShutdown, isOutputShutdown, notifyHandshakeCompletedListeners, peerInfoProvider, removeHandshakeCompletedListener, sendUrgentData, setKeepAlive, setOOBInline, setPerformancePreferences, setReceiveBufferSize, setReuseAddress, setSendBufferSize, setSoLinger, setSoTimeout, setTcpNoDelay, setTrafficClass, shutdownInput, shutdownOutput, toString
-
Methods inherited from class javax.net.ssl.SSLSocket
getHandshakeApplicationProtocolSelector, setHandshakeApplicationProtocolSelector
-
-
-
-
Field Detail
-
DBG_STATE
private static final boolean DBG_STATE
- See Also:
- Constant Field Values
-
state
private int state
-
ssl
private final NativeSsl ssl
Wrapper around the underlying SSL object.
-
is
private ConscryptFileDescriptorSocket.SSLInputStream is
Protected by synchronizing on ssl. Starts as null, set by getInputStream.
-
os
private ConscryptFileDescriptorSocket.SSLOutputStream os
Protected by synchronizing on ssl. Starts as null, set by getInputStream.
-
sslParameters
private final SSLParametersImpl sslParameters
-
guard
private final java.lang.Object guard
-
channelIdPrivateKey
private OpenSSLKey channelIdPrivateKey
Private key for the TLS Channel ID extension. This field is client-side only. Set during startHandshake.
-
activeSession
private final ActiveSession activeSession
-
closedSession
private SessionSnapshot closedSession
A snapshot of the active session when the engine was closed.
-
externalSession
private final javax.net.ssl.SSLSession externalSession
The session object exposed externally from this class.
-
writeTimeoutMilliseconds
private int writeTimeoutMilliseconds
-
handshakeTimeoutMilliseconds
private int handshakeTimeoutMilliseconds
-
-
Constructor Detail
-
ConscryptFileDescriptorSocket
ConscryptFileDescriptorSocket(SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
ConscryptFileDescriptorSocket
ConscryptFileDescriptorSocket(java.lang.String hostname, int port, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
ConscryptFileDescriptorSocket
ConscryptFileDescriptorSocket(java.net.InetAddress address, int port, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
ConscryptFileDescriptorSocket
ConscryptFileDescriptorSocket(java.lang.String hostname, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
ConscryptFileDescriptorSocket
ConscryptFileDescriptorSocket(java.net.InetAddress address, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
ConscryptFileDescriptorSocket
ConscryptFileDescriptorSocket(java.net.Socket socket, java.lang.String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
-
Method Detail
-
newSsl
private static NativeSsl newSsl(SSLParametersImpl sslParameters, ConscryptFileDescriptorSocket engine) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
startHandshake
public final void startHandshake() throws java.io.IOException
Starts a TLS/SSL handshake on this connection using some native methods from the OpenSSL library. It can negotiate new encryption keys, change cipher suites, or initiate a new session. The certificate chain is verified if the correspondent property in java.Security is set. All listeners are notified at the end of the TLS/SSL handshake.- Specified by:
startHandshake
in classjavax.net.ssl.SSLSocket
- Throws:
java.io.IOException
-
clientCertificateRequested
public final void clientCertificateRequested(byte[] keyTypeBytes, int[] signatureAlgs, byte[][] asn1DerEncodedPrincipals) throws java.security.cert.CertificateEncodingException, javax.net.ssl.SSLException
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called on an SSL client when the server requests (or requires a certificate). The client can respond by using SSL_use_certificate and SSL_use_PrivateKey to set a certificate if has an appropriate one available, similar to how the server provides its certificate.- Specified by:
clientCertificateRequested
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
keyTypeBytes
- key types supported by the server, convertible to strings with #keyTypeasn1DerEncodedPrincipals
- CAs known to the server- Throws:
java.security.cert.CertificateEncodingException
javax.net.ssl.SSLException
-
clientPSKKeyRequested
public final int clientPSKKeyRequested(java.lang.String identityHint, byte[] identity, byte[] key)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.- Specified by:
clientPSKKeyRequested
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
identityHint
- PSK identity hint provided by the server ornull
if no hint provided.identity
- buffer to be populated with PSK identity (NULL-terminated modified UTF-8) by this method. This identity will be provided to the server.key
- buffer to be populated with key material by this method.- Returns:
- number of bytes this method stored in the
key
buffer or0
if an error occurred in which case the handshake will be aborted.
-
serverPSKKeyRequested
public final int serverPSKKeyRequested(java.lang.String identityHint, java.lang.String identity, byte[] key)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.- Specified by:
serverPSKKeyRequested
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
identityHint
- PSK identity hint provided by this server to the client ornull
if no hint was provided.identity
- PSK identity provided by the client.key
- buffer to be populated with key material by this method.- Returns:
- number of bytes this method stored in the
key
buffer or0
if an error occurred in which case the handshake will be aborted.
-
onSSLStateChange
public final void onSSLStateChange(int type, int val)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called when SSL state changes. This could be handshake completion.- Specified by:
onSSLStateChange
in interfaceNativeCrypto.SSLHandshakeCallbacks
-
onNewSessionEstablished
public final void onNewSessionEstablished(long sslSessionNativePtr)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called when a new session has been established and may be added to the session cache. The callee is responsible for incrementing the reference count on the returned session.- Specified by:
onNewSessionEstablished
in interfaceNativeCrypto.SSLHandshakeCallbacks
-
serverSessionRequested
public final long serverSessionRequested(byte[] id)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called for servers where TLS < 1.3 (TLS 1.3 uses session tickets rather than application session caches). Looks up the session by ID in the application's session cache. If a valid session is returned, this callback is responsible for incrementing the reference count (and any required synchronization).- Specified by:
serverSessionRequested
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
id
- the ID of the session to find.- Returns:
- the cached session or
0
if no session was found matching the given ID.
-
serverCertificateRequested
public final void serverCertificateRequested() throws java.io.IOException
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called when acting as a server during ClientHello processing before a decision to resume a session is made. This allows the selection of the correct server certificate based on things like Server Name Indication (SNI).- Specified by:
serverCertificateRequested
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Throws:
java.io.IOException
- if there was an error during certificate selection.
-
verifyCertificateChain
public final void verifyCertificateChain(byte[][] certChain, java.lang.String authMethod) throws java.security.cert.CertificateException
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Verify that the certificate chain is trusted.- Specified by:
verifyCertificateChain
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
certChain
- chain of X.509 certificates in their encoded formauthMethod
- auth algorithm name- Throws:
java.security.cert.CertificateException
- if the certificate is untrusted
-
getInputStream
public final java.io.InputStream getInputStream() throws java.io.IOException
- Overrides:
getInputStream
in classAbstractConscryptSocket
- Throws:
java.io.IOException
-
getOutputStream
public final java.io.OutputStream getOutputStream() throws java.io.IOException
- Overrides:
getOutputStream
in classAbstractConscryptSocket
- Throws:
java.io.IOException
-
assertReadableOrWriteableState
private void assertReadableOrWriteableState()
-
waitForHandshake
private void waitForHandshake() throws java.io.IOException
- Throws:
java.io.IOException
-
getSession
public final javax.net.ssl.SSLSession getSession()
- Specified by:
getSession
in classjavax.net.ssl.SSLSocket
-
provideSession
private ConscryptSession provideSession()
-
provideAfterHandshakeSession
private ConscryptSession provideAfterHandshakeSession()
-
provideHandshakeSession
private ConscryptSession provideHandshakeSession()
-
getActiveSession
final javax.net.ssl.SSLSession getActiveSession()
Description copied from class:AbstractConscryptSocket
Called byAbstractConscryptSocket.notifyHandshakeCompletedListeners()
to get the currently active session. UnlikeSSLSocket.getSession()
, this method must not block.- Specified by:
getActiveSession
in classAbstractConscryptSocket
-
getHandshakeSession
public final javax.net.ssl.SSLSession getHandshakeSession()
- Specified by:
getHandshakeSession
in classOpenSSLSocketImpl
-
getEnableSessionCreation
public final boolean getEnableSessionCreation()
- Specified by:
getEnableSessionCreation
in classjavax.net.ssl.SSLSocket
-
setEnableSessionCreation
public final void setEnableSessionCreation(boolean flag)
- Specified by:
setEnableSessionCreation
in classjavax.net.ssl.SSLSocket
-
getSupportedCipherSuites
public final java.lang.String[] getSupportedCipherSuites()
- Specified by:
getSupportedCipherSuites
in classjavax.net.ssl.SSLSocket
-
getEnabledCipherSuites
public final java.lang.String[] getEnabledCipherSuites()
- Specified by:
getEnabledCipherSuites
in classjavax.net.ssl.SSLSocket
-
setEnabledCipherSuites
public final void setEnabledCipherSuites(java.lang.String[] suites)
- Specified by:
setEnabledCipherSuites
in classjavax.net.ssl.SSLSocket
-
getSupportedProtocols
public final java.lang.String[] getSupportedProtocols()
- Specified by:
getSupportedProtocols
in classjavax.net.ssl.SSLSocket
-
getEnabledProtocols
public final java.lang.String[] getEnabledProtocols()
- Specified by:
getEnabledProtocols
in classjavax.net.ssl.SSLSocket
-
setEnabledProtocols
public final void setEnabledProtocols(java.lang.String[] protocols)
- Specified by:
setEnabledProtocols
in classjavax.net.ssl.SSLSocket
-
setUseSessionTickets
public final void setUseSessionTickets(boolean useSessionTickets)
This method enables session ticket support.- Specified by:
setUseSessionTickets
in classOpenSSLSocketImpl
- Parameters:
useSessionTickets
- True to enable session tickets
-
setHostname
public final void setHostname(java.lang.String hostname)
This method enables Server Name Indication. If the hostname is not a valid SNI hostname, the SNI extension will be omitted from the handshake.- Overrides:
setHostname
in classOpenSSLSocketImpl
- Parameters:
hostname
- the desired SNI hostname, or null to disable
-
setChannelIdEnabled
public final void setChannelIdEnabled(boolean enabled)
Enables/disables TLS Channel ID for this server socket.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdEnabled
in classOpenSSLSocketImpl
- Throws:
java.lang.IllegalStateException
- if this is a client socket or if the handshake has already started.
-
getChannelId
public final byte[] getChannelId() throws javax.net.ssl.SSLException
Gets the TLS Channel ID for this server socket. Channel ID is only available once the handshake completes.- Specified by:
getChannelId
in classOpenSSLSocketImpl
- Returns:
- channel ID or
null
if not available. - Throws:
java.lang.IllegalStateException
- if this is a client socket or if the handshake has not yet completed.javax.net.ssl.SSLException
- if channel ID is available but could not be obtained.
-
setChannelIdPrivateKey
public final void setChannelIdPrivateKey(java.security.PrivateKey privateKey)
Sets thePrivateKey
to be used for TLS Channel ID by this client socket.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdPrivateKey
in classOpenSSLSocketImpl
- Parameters:
privateKey
- private key (enables TLS Channel ID) ornull
for no key (disables TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).- Throws:
java.lang.IllegalStateException
- if this is a server socket or if the handshake has already started.
-
getTlsUnique
byte[] getTlsUnique()
Description copied from class:AbstractConscryptSocket
Returns the tls-unique channel binding value for this connection, per RFC 5929. This will returnnull
if there is no such value available, such as if the handshake has not yet completed or this connection is closed.- Specified by:
getTlsUnique
in classAbstractConscryptSocket
-
exportKeyingMaterial
byte[] exportKeyingMaterial(java.lang.String label, byte[] context, int length) throws javax.net.ssl.SSLException
Description copied from class:AbstractConscryptSocket
Exports a value derived from the TLS master secret as described in RFC 5705.- Specified by:
exportKeyingMaterial
in classAbstractConscryptSocket
- Parameters:
label
- the label to use in calculating the exported value. This must be an ASCII-only string.context
- the application-specific context value to use in calculating the exported value. This may benull
to use no application context, which is treated differently than an empty byte array.length
- the number of bytes of keying material to return.- Returns:
- a value of the specified length, or
null
if the handshake has not yet completed or the connection has been closed. - Throws:
javax.net.ssl.SSLException
- if the value could not be exported.
-
getUseClientMode
public final boolean getUseClientMode()
- Specified by:
getUseClientMode
in classjavax.net.ssl.SSLSocket
-
setUseClientMode
public final void setUseClientMode(boolean mode)
- Specified by:
setUseClientMode
in classjavax.net.ssl.SSLSocket
-
getWantClientAuth
public final boolean getWantClientAuth()
- Specified by:
getWantClientAuth
in classjavax.net.ssl.SSLSocket
-
getNeedClientAuth
public final boolean getNeedClientAuth()
- Specified by:
getNeedClientAuth
in classjavax.net.ssl.SSLSocket
-
setNeedClientAuth
public final void setNeedClientAuth(boolean need)
- Specified by:
setNeedClientAuth
in classjavax.net.ssl.SSLSocket
-
setWantClientAuth
public final void setWantClientAuth(boolean want)
- Specified by:
setWantClientAuth
in classjavax.net.ssl.SSLSocket
-
setSoWriteTimeout
public final void setSoWriteTimeout(int writeTimeoutMilliseconds) throws java.net.SocketException
Note write timeouts are not part of the javax.net.ssl.SSLSocket API- Overrides:
setSoWriteTimeout
in classOpenSSLSocketImpl
- Throws:
java.net.SocketException
-
getSoWriteTimeout
public final int getSoWriteTimeout() throws java.net.SocketException
Note write timeouts are not part of the javax.net.ssl.SSLSocket API- Overrides:
getSoWriteTimeout
in classOpenSSLSocketImpl
- Throws:
java.net.SocketException
-
setHandshakeTimeout
public final void setHandshakeTimeout(int handshakeTimeoutMilliseconds) throws java.net.SocketException
Set the handshake timeout on this socket. This timeout is specified in milliseconds and will be used only during the handshake process.- Overrides:
setHandshakeTimeout
in classOpenSSLSocketImpl
- Throws:
java.net.SocketException
-
close
public final void close() throws java.io.IOException
- Specified by:
close
in interfacejava.lang.AutoCloseable
- Specified by:
close
in interfacejava.io.Closeable
- Overrides:
close
in classAbstractConscryptSocket
- Throws:
java.io.IOException
-
shutdownAndFreeSslNative
private void shutdownAndFreeSslNative() throws java.io.IOException
- Throws:
java.io.IOException
-
closeUnderlyingSocket
private void closeUnderlyingSocket() throws java.io.IOException
- Throws:
java.io.IOException
-
free
private void free()
-
finalize
protected final void finalize() throws java.lang.Throwable
- Overrides:
finalize
in classjava.lang.Object
- Throws:
java.lang.Throwable
-
setApplicationProtocolSelector
public final void setApplicationProtocolSelector(ApplicationProtocolSelector selector)
Description copied from class:AbstractConscryptSocket
Sets an application-provided ALPN protocol selector. If provided, this will override the list of protocols set byAbstractConscryptSocket.setApplicationProtocols(String[])
.- Specified by:
setApplicationProtocolSelector
in classAbstractConscryptSocket
-
setApplicationProtocolSelector
final void setApplicationProtocolSelector(ApplicationProtocolSelectorAdapter selector)
- Specified by:
setApplicationProtocolSelector
in classAbstractConscryptSocket
-
selectApplicationProtocol
public int selectApplicationProtocol(byte[] protocols)
Description copied from interface:NativeCrypto.SSLHandshakeCallbacks
Called when acting as a server, the socket has anApplicationProtocolSelectorAdapter
associated with it, and the application protocol needs to be selected.- Specified by:
selectApplicationProtocol
in interfaceNativeCrypto.SSLHandshakeCallbacks
- Parameters:
protocols
- list of application protocols in length-prefix format- Returns:
- the index offset of the selected protocol
-
setApplicationProtocols
final void setApplicationProtocols(java.lang.String[] protocols)
Description copied from class:AbstractConscryptSocket
Sets the list of ALPN protocols.- Specified by:
setApplicationProtocols
in classAbstractConscryptSocket
- Parameters:
protocols
- the list of ALPN protocols
-
getApplicationProtocols
final java.lang.String[] getApplicationProtocols()
Description copied from class:AbstractConscryptSocket
Returns the list of supported ALPN protocols.- Specified by:
getApplicationProtocols
in classAbstractConscryptSocket
-
getApplicationProtocol
public final java.lang.String getApplicationProtocol()
- Specified by:
getApplicationProtocol
in classAbstractConscryptSocket
-
getHandshakeApplicationProtocol
public final java.lang.String getHandshakeApplicationProtocol()
- Specified by:
getHandshakeApplicationProtocol
in classAbstractConscryptSocket
-
getSSLParameters
public final javax.net.ssl.SSLParameters getSSLParameters()
- Overrides:
getSSLParameters
in classjavax.net.ssl.SSLSocket
-
setSSLParameters
public final void setSSLParameters(javax.net.ssl.SSLParameters p)
- Overrides:
setSSLParameters
in classjavax.net.ssl.SSLSocket
-
chooseServerPSKIdentityHint
public final java.lang.String chooseServerPSKIdentityHint(PSKKeyManager keyManager)
- Specified by:
chooseServerPSKIdentityHint
in interfaceSSLParametersImpl.PSKCallbacks
-
chooseClientPSKIdentity
public final java.lang.String chooseClientPSKIdentity(PSKKeyManager keyManager, java.lang.String identityHint)
- Specified by:
chooseClientPSKIdentity
in interfaceSSLParametersImpl.PSKCallbacks
-
getPSKKey
public final javax.crypto.SecretKey getPSKKey(PSKKeyManager keyManager, java.lang.String identityHint, java.lang.String identity)
- Specified by:
getPSKKey
in interfaceSSLParametersImpl.PSKCallbacks
-
chooseServerAlias
public final java.lang.String chooseServerAlias(javax.net.ssl.X509KeyManager keyManager, java.lang.String keyType)
- Specified by:
chooseServerAlias
in interfaceSSLParametersImpl.AliasChooser
-
chooseClientAlias
public final java.lang.String chooseClientAlias(javax.net.ssl.X509KeyManager keyManager, javax.security.auth.x500.X500Principal[] issuers, java.lang.String[] keyTypes)
- Specified by:
chooseClientAlias
in interfaceSSLParametersImpl.AliasChooser
-
clientSessionContext
private ClientSessionContext clientSessionContext()
-
sessionContext
private AbstractSessionContext sessionContext()
-
transitionTo
private void transitionTo(int newState)
-
-