Package org.conscrypt
Class Platform
- java.lang.Object
-
- org.conscrypt.Platform
-
final class Platform extends java.lang.Object
Platform-specific methods for OpenJDK. Uses reflection to implement Java 8 SSL features for backwards compatibility.
-
-
Field Summary
Fields Modifier and Type Field Description private static java.lang.reflect.Method
GET_CURVE_NAME_METHOD
private static int
JAVA_VERSION
-
Constructor Summary
Constructors Modifier Constructor Description private
Platform()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description (package private) static void
blockGuardOnNetwork()
(package private) static boolean
canExecuteExecutable(java.io.File file)
(package private) static void
checkClientTrusted(javax.net.ssl.X509TrustManager tm, java.security.cert.X509Certificate[] chain, java.lang.String authType, AbstractConscryptSocket socket)
(package private) static void
checkClientTrusted(javax.net.ssl.X509TrustManager tm, java.security.cert.X509Certificate[] chain, java.lang.String authType, ConscryptEngine engine)
(package private) static void
checkServerTrusted(javax.net.ssl.X509TrustManager tm, java.security.cert.X509Certificate[] chain, java.lang.String authType, AbstractConscryptSocket socket)
(package private) static void
checkServerTrusted(javax.net.ssl.X509TrustManager tm, java.security.cert.X509Certificate[] chain, java.lang.String authType, ConscryptEngine engine)
(package private) static void
closeGuardClose(java.lang.Object guardObj)
(package private) static java.lang.Object
closeGuardGet()
(package private) static void
closeGuardOpen(java.lang.Object guardObj, java.lang.String message)
(package private) static void
closeGuardWarnIfOpen(java.lang.Object guardObj)
(package private) static ConscryptEngineSocket
createEngineSocket(java.lang.String hostname, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters)
(package private) static ConscryptEngineSocket
createEngineSocket(java.lang.String hostname, int port, SSLParametersImpl sslParameters)
(package private) static ConscryptEngineSocket
createEngineSocket(java.net.InetAddress address, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters)
(package private) static ConscryptEngineSocket
createEngineSocket(java.net.InetAddress address, int port, SSLParametersImpl sslParameters)
(package private) static ConscryptEngineSocket
createEngineSocket(java.net.Socket socket, java.lang.String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters)
(package private) static ConscryptEngineSocket
createEngineSocket(SSLParametersImpl sslParameters)
(package private) static ConscryptFileDescriptorSocket
createFileDescriptorSocket(java.lang.String hostname, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters)
(package private) static ConscryptFileDescriptorSocket
createFileDescriptorSocket(java.lang.String hostname, int port, SSLParametersImpl sslParameters)
(package private) static ConscryptFileDescriptorSocket
createFileDescriptorSocket(java.net.InetAddress address, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters)
(package private) static ConscryptFileDescriptorSocket
createFileDescriptorSocket(java.net.InetAddress address, int port, SSLParametersImpl sslParameters)
(package private) static ConscryptFileDescriptorSocket
createFileDescriptorSocket(java.net.Socket socket, java.lang.String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters)
(package private) static ConscryptFileDescriptorSocket
createFileDescriptorSocket(SSLParametersImpl sslParameters)
(package private) static java.io.File
createTempFile(java.lang.String prefix, java.lang.String suffix, java.io.File directory)
Approximates the behavior of File.createTempFile without depending on SecureRandom.(package private) static java.security.spec.AlgorithmParameterSpec
fromGCMParameters(java.security.AlgorithmParameters params)
Convert from an opaque AlgorithmParameters to the platform's GCMParameterSpec.(package private) static GCMParameters
fromGCMParameterSpec(java.security.spec.AlgorithmParameterSpec params)
Convert from platform's GCMParameterSpec to our internal version.(package private) static java.lang.String
getCurveName(java.security.spec.ECParameterSpec spec)
(package private) static java.security.KeyStore
getDefaultCertKeyStore()
static ConscryptHostnameVerifier
getDefaultHostnameVerifier()
(package private) static java.lang.String
getDefaultProviderName()
Default name used in theJCE system
byOpenSSLProvider
if the default constructor is used.(package private) static java.lang.String
getEndpointIdentificationAlgorithm(javax.net.ssl.SSLParameters params)
(package private) static java.io.FileDescriptor
getFileDescriptor(java.net.Socket s)
(package private) static java.io.FileDescriptor
getFileDescriptorFromSSLSocket(AbstractConscryptSocket socket)
(package private) static java.lang.String
getHostStringFromInetSocketAddress(java.net.InetSocketAddress addr)
static java.lang.String
getOriginalHostNameFromInetAddress(java.net.InetAddress addr)
(package private) static void
getSSLParameters(javax.net.ssl.SSLParameters params, SSLParametersImpl impl, AbstractConscryptSocket socket)
(package private) static void
getSSLParameters(javax.net.ssl.SSLParameters params, SSLParametersImpl impl, ConscryptEngine engine)
private static java.lang.ClassLoader
getSystemClassLoader()
private static boolean
isAndroid()
(package private) static boolean
isCTVerificationRequired(java.lang.String hostname)
Check if SCT verification is required for a given hostname.(package private) static boolean
isSniEnabledByDefault()
For unbundled versions, SNI is always enabled by default.(package private) static int
javaVersion()
private static int
javaVersion0()
(package private) static void
logEvent(java.lang.String message)
Logs to the system EventLog system.private static int
majorVersion(java.lang.String javaSpecVersion)
private static int
majorVersionFromJavaSpecificationVersion()
(package private) static CertBlocklist
newDefaultBlocklist()
(package private) static ConscryptCertStore
newDefaultCertStore()
(package private) static CTLogStore
newDefaultLogStore()
(package private) static CTPolicy
newDefaultPolicy(CTLogStore logStore)
(package private) static java.lang.String
oidToAlgorithmName(java.lang.String oid)
OID to Algorithm Name mapping.(package private) static boolean
provideTrustManagerByDefault()
(package private) static boolean
serverNamePermitted(SSLParametersImpl parameters, java.lang.String serverName)
(package private) static void
setCurveName(java.security.spec.ECParameterSpec spec, java.lang.String curveName)
(package private) static void
setEndpointIdentificationAlgorithm(javax.net.ssl.SSLParameters params, java.lang.String endpointIdentificationAlgorithm)
(package private) static void
setSocketWriteTimeout(java.net.Socket s, long timeoutMillis)
(package private) static void
setSSLParameters(javax.net.ssl.SSLParameters params, SSLParametersImpl impl, AbstractConscryptSocket socket)
(package private) static void
setSSLParameters(javax.net.ssl.SSLParameters params, SSLParametersImpl impl, ConscryptEngine engine)
(package private) static void
setup()
(package private) static boolean
supportsConscryptCertStore()
(package private) static boolean
supportsX509ExtendedTrustManager()
(package private) static java.security.spec.AlgorithmParameterSpec
toGCMParameterSpec(int tagLenInBits, byte[] iv)
Creates a platform version ofGCMParameterSpec
.(package private) static javax.net.ssl.SSLEngine
unwrapEngine(javax.net.ssl.SSLEngine engine)
(package private) static javax.net.ssl.SSLEngine
wrapEngine(ConscryptEngine engine)
(package private) static OpenSSLKey
wrapRsaKey(java.security.PrivateKey javaKey)
Wraps an old AndroidOpenSSL key instance.(package private) static javax.net.ssl.SSLSocketFactory
wrapSocketFactoryIfNeeded(OpenSSLSocketFactoryImpl factory)
Currently we don't wrap anything from the RI.(package private) static javax.net.ssl.SSLSession
wrapSSLSession(ExternalSession sslSession)
-
-
-
Method Detail
-
setup
static void setup()
-
createTempFile
static java.io.File createTempFile(java.lang.String prefix, java.lang.String suffix, java.io.File directory) throws java.io.IOException
Approximates the behavior of File.createTempFile without depending on SecureRandom.- Throws:
java.io.IOException
-
getDefaultProviderName
static java.lang.String getDefaultProviderName()
Default name used in theJCE system
byOpenSSLProvider
if the default constructor is used.
-
provideTrustManagerByDefault
static boolean provideTrustManagerByDefault()
-
canExecuteExecutable
static boolean canExecuteExecutable(java.io.File file) throws java.io.IOException
- Throws:
java.io.IOException
-
getFileDescriptor
static java.io.FileDescriptor getFileDescriptor(java.net.Socket s)
-
getFileDescriptorFromSSLSocket
static java.io.FileDescriptor getFileDescriptorFromSSLSocket(AbstractConscryptSocket socket)
-
getCurveName
static java.lang.String getCurveName(java.security.spec.ECParameterSpec spec)
-
setCurveName
static void setCurveName(java.security.spec.ECParameterSpec spec, java.lang.String curveName)
-
setSocketWriteTimeout
static void setSocketWriteTimeout(java.net.Socket s, long timeoutMillis) throws java.net.SocketException
- Throws:
java.net.SocketException
-
setSSLParameters
static void setSSLParameters(javax.net.ssl.SSLParameters params, SSLParametersImpl impl, AbstractConscryptSocket socket)
-
getSSLParameters
static void getSSLParameters(javax.net.ssl.SSLParameters params, SSLParametersImpl impl, AbstractConscryptSocket socket)
-
setSSLParameters
static void setSSLParameters(javax.net.ssl.SSLParameters params, SSLParametersImpl impl, ConscryptEngine engine)
-
getSSLParameters
static void getSSLParameters(javax.net.ssl.SSLParameters params, SSLParametersImpl impl, ConscryptEngine engine)
-
setEndpointIdentificationAlgorithm
static void setEndpointIdentificationAlgorithm(javax.net.ssl.SSLParameters params, java.lang.String endpointIdentificationAlgorithm)
-
getEndpointIdentificationAlgorithm
static java.lang.String getEndpointIdentificationAlgorithm(javax.net.ssl.SSLParameters params)
-
checkClientTrusted
static void checkClientTrusted(javax.net.ssl.X509TrustManager tm, java.security.cert.X509Certificate[] chain, java.lang.String authType, AbstractConscryptSocket socket) throws java.security.cert.CertificateException
- Throws:
java.security.cert.CertificateException
-
checkServerTrusted
static void checkServerTrusted(javax.net.ssl.X509TrustManager tm, java.security.cert.X509Certificate[] chain, java.lang.String authType, AbstractConscryptSocket socket) throws java.security.cert.CertificateException
- Throws:
java.security.cert.CertificateException
-
checkClientTrusted
static void checkClientTrusted(javax.net.ssl.X509TrustManager tm, java.security.cert.X509Certificate[] chain, java.lang.String authType, ConscryptEngine engine) throws java.security.cert.CertificateException
- Throws:
java.security.cert.CertificateException
-
checkServerTrusted
static void checkServerTrusted(javax.net.ssl.X509TrustManager tm, java.security.cert.X509Certificate[] chain, java.lang.String authType, ConscryptEngine engine) throws java.security.cert.CertificateException
- Throws:
java.security.cert.CertificateException
-
wrapRsaKey
static OpenSSLKey wrapRsaKey(java.security.PrivateKey javaKey)
Wraps an old AndroidOpenSSL key instance. This is not needed on RI.
-
logEvent
static void logEvent(java.lang.String message)
Logs to the system EventLog system.
-
isSniEnabledByDefault
static boolean isSniEnabledByDefault()
For unbundled versions, SNI is always enabled by default.
-
wrapEngine
static javax.net.ssl.SSLEngine wrapEngine(ConscryptEngine engine)
-
unwrapEngine
static javax.net.ssl.SSLEngine unwrapEngine(javax.net.ssl.SSLEngine engine)
-
createEngineSocket
static ConscryptEngineSocket createEngineSocket(SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createEngineSocket
static ConscryptEngineSocket createEngineSocket(java.lang.String hostname, int port, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createEngineSocket
static ConscryptEngineSocket createEngineSocket(java.net.InetAddress address, int port, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createEngineSocket
static ConscryptEngineSocket createEngineSocket(java.lang.String hostname, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createEngineSocket
static ConscryptEngineSocket createEngineSocket(java.net.InetAddress address, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createEngineSocket
static ConscryptEngineSocket createEngineSocket(java.net.Socket socket, java.lang.String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createFileDescriptorSocket
static ConscryptFileDescriptorSocket createFileDescriptorSocket(SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createFileDescriptorSocket
static ConscryptFileDescriptorSocket createFileDescriptorSocket(java.lang.String hostname, int port, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createFileDescriptorSocket
static ConscryptFileDescriptorSocket createFileDescriptorSocket(java.net.InetAddress address, int port, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createFileDescriptorSocket
static ConscryptFileDescriptorSocket createFileDescriptorSocket(java.lang.String hostname, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createFileDescriptorSocket
static ConscryptFileDescriptorSocket createFileDescriptorSocket(java.net.InetAddress address, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
createFileDescriptorSocket
static ConscryptFileDescriptorSocket createFileDescriptorSocket(java.net.Socket socket, java.lang.String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
wrapSocketFactoryIfNeeded
static javax.net.ssl.SSLSocketFactory wrapSocketFactoryIfNeeded(OpenSSLSocketFactoryImpl factory)
Currently we don't wrap anything from the RI.
-
fromGCMParameterSpec
static GCMParameters fromGCMParameterSpec(java.security.spec.AlgorithmParameterSpec params)
Convert from platform's GCMParameterSpec to our internal version.
-
fromGCMParameters
static java.security.spec.AlgorithmParameterSpec fromGCMParameters(java.security.AlgorithmParameters params)
Convert from an opaque AlgorithmParameters to the platform's GCMParameterSpec.
-
toGCMParameterSpec
static java.security.spec.AlgorithmParameterSpec toGCMParameterSpec(int tagLenInBits, byte[] iv)
Creates a platform version ofGCMParameterSpec
.
-
closeGuardGet
static java.lang.Object closeGuardGet()
-
closeGuardOpen
static void closeGuardOpen(java.lang.Object guardObj, java.lang.String message)
-
closeGuardClose
static void closeGuardClose(java.lang.Object guardObj)
-
closeGuardWarnIfOpen
static void closeGuardWarnIfOpen(java.lang.Object guardObj)
-
blockGuardOnNetwork
static void blockGuardOnNetwork()
-
oidToAlgorithmName
static java.lang.String oidToAlgorithmName(java.lang.String oid)
OID to Algorithm Name mapping.
-
wrapSSLSession
static javax.net.ssl.SSLSession wrapSSLSession(ExternalSession sslSession)
-
getOriginalHostNameFromInetAddress
public static java.lang.String getOriginalHostNameFromInetAddress(java.net.InetAddress addr)
-
getHostStringFromInetSocketAddress
static java.lang.String getHostStringFromInetSocketAddress(java.net.InetSocketAddress addr)
-
supportsX509ExtendedTrustManager
static boolean supportsX509ExtendedTrustManager()
-
isCTVerificationRequired
static boolean isCTVerificationRequired(java.lang.String hostname)
Check if SCT verification is required for a given hostname. SCT Verification is enabled usingSecurity
properties. The "conscrypt.ct.enable" property must be true, as well as a per domain property. The reverse notation of the domain name, prefixed with "conscrypt.ct.enforce." is used as the property name. Basic globbing is also supported. For example, for the domain foo.bar.com, the following properties will be looked up, in order of precedence. - conscrypt.ct.enforce.com.bar.foo - conscrypt.ct.enforce.com.bar.* - conscrypt.ct.enforce.com.* - conscrypt.ct.enforce.*
-
supportsConscryptCertStore
static boolean supportsConscryptCertStore()
-
getDefaultCertKeyStore
static java.security.KeyStore getDefaultCertKeyStore() throws java.security.KeyStoreException
- Throws:
java.security.KeyStoreException
-
newDefaultCertStore
static ConscryptCertStore newDefaultCertStore()
-
newDefaultBlocklist
static CertBlocklist newDefaultBlocklist()
-
newDefaultLogStore
static CTLogStore newDefaultLogStore()
-
newDefaultPolicy
static CTPolicy newDefaultPolicy(CTLogStore logStore)
-
serverNamePermitted
static boolean serverNamePermitted(SSLParametersImpl parameters, java.lang.String serverName)
-
isAndroid
private static boolean isAndroid()
-
javaVersion
static int javaVersion()
-
javaVersion0
private static int javaVersion0()
-
majorVersionFromJavaSpecificationVersion
private static int majorVersionFromJavaSpecificationVersion()
-
majorVersion
private static int majorVersion(java.lang.String javaSpecVersion)
-
getSystemClassLoader
private static java.lang.ClassLoader getSystemClassLoader()
-
getDefaultHostnameVerifier
public static ConscryptHostnameVerifier getDefaultHostnameVerifier()
-
-