Package org.conscrypt

Class Platform


  • final class Platform
    extends java.lang.Object
    Platform-specific methods for OpenJDK. Uses reflection to implement Java 8 SSL features for backwards compatibility.
    • Field Detail

      • JAVA_VERSION

        private static final int JAVA_VERSION
      • GET_CURVE_NAME_METHOD

        private static final java.lang.reflect.Method GET_CURVE_NAME_METHOD
    • Constructor Detail

      • Platform

        private Platform()
    • Method Detail

      • setup

        static void setup()
      • createTempFile

        static java.io.File createTempFile​(java.lang.String prefix,
                                           java.lang.String suffix,
                                           java.io.File directory)
                                    throws java.io.IOException
        Approximates the behavior of File.createTempFile without depending on SecureRandom.
        Throws:
        java.io.IOException
      • getDefaultProviderName

        static java.lang.String getDefaultProviderName()
        Default name used in the JCE system by OpenSSLProvider if the default constructor is used.
      • provideTrustManagerByDefault

        static boolean provideTrustManagerByDefault()
      • canExecuteExecutable

        static boolean canExecuteExecutable​(java.io.File file)
                                     throws java.io.IOException
        Throws:
        java.io.IOException
      • getFileDescriptor

        static java.io.FileDescriptor getFileDescriptor​(java.net.Socket s)
      • getFileDescriptorFromSSLSocket

        static java.io.FileDescriptor getFileDescriptorFromSSLSocket​(AbstractConscryptSocket socket)
      • getCurveName

        static java.lang.String getCurveName​(java.security.spec.ECParameterSpec spec)
      • setCurveName

        static void setCurveName​(java.security.spec.ECParameterSpec spec,
                                 java.lang.String curveName)
      • setSocketWriteTimeout

        static void setSocketWriteTimeout​(java.net.Socket s,
                                          long timeoutMillis)
                                   throws java.net.SocketException
        Throws:
        java.net.SocketException
      • setEndpointIdentificationAlgorithm

        static void setEndpointIdentificationAlgorithm​(javax.net.ssl.SSLParameters params,
                                                       java.lang.String endpointIdentificationAlgorithm)
      • getEndpointIdentificationAlgorithm

        static java.lang.String getEndpointIdentificationAlgorithm​(javax.net.ssl.SSLParameters params)
      • checkClientTrusted

        static void checkClientTrusted​(javax.net.ssl.X509TrustManager tm,
                                       java.security.cert.X509Certificate[] chain,
                                       java.lang.String authType,
                                       AbstractConscryptSocket socket)
                                throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException
      • checkServerTrusted

        static void checkServerTrusted​(javax.net.ssl.X509TrustManager tm,
                                       java.security.cert.X509Certificate[] chain,
                                       java.lang.String authType,
                                       AbstractConscryptSocket socket)
                                throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException
      • checkClientTrusted

        static void checkClientTrusted​(javax.net.ssl.X509TrustManager tm,
                                       java.security.cert.X509Certificate[] chain,
                                       java.lang.String authType,
                                       ConscryptEngine engine)
                                throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException
      • checkServerTrusted

        static void checkServerTrusted​(javax.net.ssl.X509TrustManager tm,
                                       java.security.cert.X509Certificate[] chain,
                                       java.lang.String authType,
                                       ConscryptEngine engine)
                                throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException
      • wrapRsaKey

        static OpenSSLKey wrapRsaKey​(java.security.PrivateKey javaKey)
        Wraps an old AndroidOpenSSL key instance. This is not needed on RI.
      • logEvent

        static void logEvent​(java.lang.String message)
        Logs to the system EventLog system.
      • isSniEnabledByDefault

        static boolean isSniEnabledByDefault()
        For unbundled versions, SNI is always enabled by default.
      • wrapEngine

        static javax.net.ssl.SSLEngine wrapEngine​(ConscryptEngine engine)
      • unwrapEngine

        static javax.net.ssl.SSLEngine unwrapEngine​(javax.net.ssl.SSLEngine engine)
      • createEngineSocket

        static ConscryptEngineSocket createEngineSocket​(java.lang.String hostname,
                                                        int port,
                                                        SSLParametersImpl sslParameters)
                                                 throws java.io.IOException
        Throws:
        java.io.IOException
      • createEngineSocket

        static ConscryptEngineSocket createEngineSocket​(java.net.InetAddress address,
                                                        int port,
                                                        SSLParametersImpl sslParameters)
                                                 throws java.io.IOException
        Throws:
        java.io.IOException
      • createEngineSocket

        static ConscryptEngineSocket createEngineSocket​(java.lang.String hostname,
                                                        int port,
                                                        java.net.InetAddress clientAddress,
                                                        int clientPort,
                                                        SSLParametersImpl sslParameters)
                                                 throws java.io.IOException
        Throws:
        java.io.IOException
      • createEngineSocket

        static ConscryptEngineSocket createEngineSocket​(java.net.InetAddress address,
                                                        int port,
                                                        java.net.InetAddress clientAddress,
                                                        int clientPort,
                                                        SSLParametersImpl sslParameters)
                                                 throws java.io.IOException
        Throws:
        java.io.IOException
      • createEngineSocket

        static ConscryptEngineSocket createEngineSocket​(java.net.Socket socket,
                                                        java.lang.String hostname,
                                                        int port,
                                                        boolean autoClose,
                                                        SSLParametersImpl sslParameters)
                                                 throws java.io.IOException
        Throws:
        java.io.IOException
      • createFileDescriptorSocket

        static ConscryptFileDescriptorSocket createFileDescriptorSocket​(java.lang.String hostname,
                                                                        int port,
                                                                        java.net.InetAddress clientAddress,
                                                                        int clientPort,
                                                                        SSLParametersImpl sslParameters)
                                                                 throws java.io.IOException
        Throws:
        java.io.IOException
      • createFileDescriptorSocket

        static ConscryptFileDescriptorSocket createFileDescriptorSocket​(java.net.InetAddress address,
                                                                        int port,
                                                                        java.net.InetAddress clientAddress,
                                                                        int clientPort,
                                                                        SSLParametersImpl sslParameters)
                                                                 throws java.io.IOException
        Throws:
        java.io.IOException
      • createFileDescriptorSocket

        static ConscryptFileDescriptorSocket createFileDescriptorSocket​(java.net.Socket socket,
                                                                        java.lang.String hostname,
                                                                        int port,
                                                                        boolean autoClose,
                                                                        SSLParametersImpl sslParameters)
                                                                 throws java.io.IOException
        Throws:
        java.io.IOException
      • wrapSocketFactoryIfNeeded

        static javax.net.ssl.SSLSocketFactory wrapSocketFactoryIfNeeded​(OpenSSLSocketFactoryImpl factory)
        Currently we don't wrap anything from the RI.
      • fromGCMParameterSpec

        static GCMParameters fromGCMParameterSpec​(java.security.spec.AlgorithmParameterSpec params)
        Convert from platform's GCMParameterSpec to our internal version.
      • fromGCMParameters

        static java.security.spec.AlgorithmParameterSpec fromGCMParameters​(java.security.AlgorithmParameters params)
        Convert from an opaque AlgorithmParameters to the platform's GCMParameterSpec.
      • toGCMParameterSpec

        static java.security.spec.AlgorithmParameterSpec toGCMParameterSpec​(int tagLenInBits,
                                                                            byte[] iv)
        Creates a platform version of GCMParameterSpec.
      • closeGuardGet

        static java.lang.Object closeGuardGet()
      • closeGuardOpen

        static void closeGuardOpen​(java.lang.Object guardObj,
                                   java.lang.String message)
      • closeGuardClose

        static void closeGuardClose​(java.lang.Object guardObj)
      • closeGuardWarnIfOpen

        static void closeGuardWarnIfOpen​(java.lang.Object guardObj)
      • blockGuardOnNetwork

        static void blockGuardOnNetwork()
      • oidToAlgorithmName

        static java.lang.String oidToAlgorithmName​(java.lang.String oid)
        OID to Algorithm Name mapping.
      • wrapSSLSession

        static javax.net.ssl.SSLSession wrapSSLSession​(ExternalSession sslSession)
      • getOriginalHostNameFromInetAddress

        public static java.lang.String getOriginalHostNameFromInetAddress​(java.net.InetAddress addr)
      • getHostStringFromInetSocketAddress

        static java.lang.String getHostStringFromInetSocketAddress​(java.net.InetSocketAddress addr)
      • supportsX509ExtendedTrustManager

        static boolean supportsX509ExtendedTrustManager()
      • isCTVerificationRequired

        static boolean isCTVerificationRequired​(java.lang.String hostname)
        Check if SCT verification is required for a given hostname. SCT Verification is enabled using Security properties. The "conscrypt.ct.enable" property must be true, as well as a per domain property. The reverse notation of the domain name, prefixed with "conscrypt.ct.enforce." is used as the property name. Basic globbing is also supported. For example, for the domain foo.bar.com, the following properties will be looked up, in order of precedence. - conscrypt.ct.enforce.com.bar.foo - conscrypt.ct.enforce.com.bar.* - conscrypt.ct.enforce.com.* - conscrypt.ct.enforce.*
      • supportsConscryptCertStore

        static boolean supportsConscryptCertStore()
      • getDefaultCertKeyStore

        static java.security.KeyStore getDefaultCertKeyStore()
                                                      throws java.security.KeyStoreException
        Throws:
        java.security.KeyStoreException
      • newDefaultBlocklist

        static CertBlocklist newDefaultBlocklist()
      • newDefaultLogStore

        static CTLogStore newDefaultLogStore()
      • serverNamePermitted

        static boolean serverNamePermitted​(SSLParametersImpl parameters,
                                           java.lang.String serverName)
      • isAndroid

        private static boolean isAndroid()
      • javaVersion

        static int javaVersion()
      • javaVersion0

        private static int javaVersion0()
      • majorVersionFromJavaSpecificationVersion

        private static int majorVersionFromJavaSpecificationVersion()
      • majorVersion

        private static int majorVersion​(java.lang.String javaSpecVersion)
      • getSystemClassLoader

        private static java.lang.ClassLoader getSystemClassLoader()