Package org.conscrypt
Class ConscryptEngineSocket
- java.lang.Object
-
- java.net.Socket
-
- javax.net.ssl.SSLSocket
-
- org.conscrypt.AbstractConscryptSocket
-
- org.conscrypt.OpenSSLSocketImpl
-
- org.conscrypt.ConscryptEngineSocket
-
- All Implemented Interfaces:
java.io.Closeable
,java.lang.AutoCloseable
,SSLParametersImpl.AliasChooser
- Direct Known Subclasses:
Java8EngineSocket
class ConscryptEngineSocket extends OpenSSLSocketImpl implements SSLParametersImpl.AliasChooser
Implements crypto handling by delegating toConscryptEngine
.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private class
ConscryptEngineSocket.SSLInputStream
Unwrap bytes read from the underlying socket.private class
ConscryptEngineSocket.SSLOutputStream
Wrap bytes written to the underlying socket.
-
Field Summary
Fields Modifier and Type Field Description private BufferAllocator
bufferAllocator
private static java.nio.ByteBuffer
EMPTY_BUFFER
private ConscryptEngine
engine
private java.lang.Object
handshakeLock
private ConscryptEngineSocket.SSLInputStream
in
private ConscryptEngineSocket.SSLOutputStream
out
private int
state
private java.lang.Object
stateLock
-
Fields inherited from class org.conscrypt.AbstractConscryptSocket
socket
-
-
Constructor Summary
Constructors Constructor Description ConscryptEngineSocket(java.lang.String hostname, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters)
ConscryptEngineSocket(java.lang.String hostname, int port, SSLParametersImpl sslParameters)
ConscryptEngineSocket(java.net.InetAddress address, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters)
ConscryptEngineSocket(java.net.InetAddress address, int port, SSLParametersImpl sslParameters)
ConscryptEngineSocket(java.net.Socket socket, java.lang.String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters)
ConscryptEngineSocket(SSLParametersImpl sslParameters)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
chooseClientAlias(javax.net.ssl.X509KeyManager keyManager, javax.security.auth.x500.X500Principal[] issuers, java.lang.String[] keyTypes)
java.lang.String
chooseServerAlias(javax.net.ssl.X509KeyManager keyManager, java.lang.String keyType)
void
close()
private void
doHandshake()
private void
drainOutgoingQueue()
(package private) byte[]
exportKeyingMaterial(java.lang.String label, byte[] context, int length)
Exports a value derived from the TLS master secret as described in RFC 5705.(package private) javax.net.ssl.SSLSession
getActiveSession()
Called byAbstractConscryptSocket.notifyHandshakeCompletedListeners()
to get the currently active session.java.lang.String
getApplicationProtocol()
(package private) java.lang.String[]
getApplicationProtocols()
Returns the list of supported ALPN protocols.byte[]
getChannelId()
Gets the TLS Channel ID for this server socket.private static javax.net.ssl.X509TrustManager
getDelegatingTrustManager(javax.net.ssl.X509TrustManager delegate, ConscryptEngineSocket socket)
java.lang.String[]
getEnabledCipherSuites()
java.lang.String[]
getEnabledProtocols()
boolean
getEnableSessionCreation()
java.lang.String
getHandshakeApplicationProtocol()
javax.net.ssl.SSLSession
getHandshakeSession()
java.io.InputStream
getInputStream()
boolean
getNeedClientAuth()
java.io.OutputStream
getOutputStream()
javax.net.ssl.SSLSession
getSession()
javax.net.ssl.SSLParameters
getSSLParameters()
java.lang.String[]
getSupportedCipherSuites()
java.lang.String[]
getSupportedProtocols()
(package private) byte[]
getTlsUnique()
Returns the tls-unique channel binding value for this connection, per RFC 5929.private java.io.InputStream
getUnderlyingInputStream()
private java.io.OutputStream
getUnderlyingOutputStream()
boolean
getUseClientMode()
boolean
getWantClientAuth()
private static ConscryptEngine
newEngine(SSLParametersImpl sslParameters, ConscryptEngineSocket socket)
private void
onHandshakeFinished()
(package private) void
setApplicationProtocols(java.lang.String[] protocols)
Sets the list of ALPN protocols.void
setApplicationProtocolSelector(ApplicationProtocolSelector selector)
Sets an application-provided ALPN protocol selector.(package private) void
setApplicationProtocolSelector(ApplicationProtocolSelectorAdapter selector)
(package private) void
setBufferAllocator(BufferAllocator bufferAllocator)
void
setChannelIdEnabled(boolean enabled)
Enables/disables TLS Channel ID for this server socket.void
setChannelIdPrivateKey(java.security.PrivateKey privateKey)
Sets thePrivateKey
to be used for TLS Channel ID by this client socket.void
setEnabledCipherSuites(java.lang.String[] suites)
void
setEnabledProtocols(java.lang.String[] protocols)
void
setEnableSessionCreation(boolean flag)
void
setHandshakeTimeout(int handshakeTimeoutMilliseconds)
Set the handshake timeout on this socket.void
setHostname(java.lang.String hostname)
This method enables Server Name Indication.void
setNeedClientAuth(boolean need)
void
setSSLParameters(javax.net.ssl.SSLParameters sslParameters)
void
setUseClientMode(boolean mode)
void
setUseSessionTickets(boolean useSessionTickets)
This method enables session ticket support.void
setWantClientAuth(boolean want)
void
startHandshake()
private void
waitForHandshake()
Waits for the handshake to complete.-
Methods inherited from class org.conscrypt.OpenSSLSocketImpl
getAlpnSelectedProtocol, getFileDescriptor$, getHostname, getHostnameOrIP, getNpnSelectedProtocol, getSoWriteTimeout, setAlpnProtocols, setAlpnProtocols, setNpnProtocols, setSoWriteTimeout
-
Methods inherited from class org.conscrypt.AbstractConscryptSocket
addHandshakeCompletedListener, bind, checkOpen, connect, connect, getChannel, getInetAddress, getKeepAlive, getLocalAddress, getLocalPort, getLocalSocketAddress, getOOBInline, getPort, getReceiveBufferSize, getRemoteSocketAddress, getReuseAddress, getSendBufferSize, getSoLinger, getSoTimeout, getTcpNoDelay, getTrafficClass, isBound, isClosed, isConnected, isInputShutdown, isOutputShutdown, notifyHandshakeCompletedListeners, peerInfoProvider, removeHandshakeCompletedListener, sendUrgentData, setKeepAlive, setOOBInline, setPerformancePreferences, setReceiveBufferSize, setReuseAddress, setSendBufferSize, setSoLinger, setSoTimeout, setTcpNoDelay, setTrafficClass, shutdownInput, shutdownOutput, toString
-
Methods inherited from class javax.net.ssl.SSLSocket
getHandshakeApplicationProtocolSelector, setHandshakeApplicationProtocolSelector
-
-
-
-
Field Detail
-
EMPTY_BUFFER
private static final java.nio.ByteBuffer EMPTY_BUFFER
-
engine
private final ConscryptEngine engine
-
stateLock
private final java.lang.Object stateLock
-
handshakeLock
private final java.lang.Object handshakeLock
-
out
private ConscryptEngineSocket.SSLOutputStream out
-
in
private ConscryptEngineSocket.SSLInputStream in
-
bufferAllocator
private BufferAllocator bufferAllocator
-
state
private int state
-
-
Constructor Detail
-
ConscryptEngineSocket
ConscryptEngineSocket(SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(java.lang.String hostname, int port, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(java.net.InetAddress address, int port, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(java.lang.String hostname, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(java.net.InetAddress address, int port, java.net.InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(java.net.Socket socket, java.lang.String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters) throws java.io.IOException
- Throws:
java.io.IOException
-
-
Method Detail
-
newEngine
private static ConscryptEngine newEngine(SSLParametersImpl sslParameters, ConscryptEngineSocket socket)
-
getDelegatingTrustManager
private static javax.net.ssl.X509TrustManager getDelegatingTrustManager(javax.net.ssl.X509TrustManager delegate, ConscryptEngineSocket socket)
-
getSSLParameters
public final javax.net.ssl.SSLParameters getSSLParameters()
- Overrides:
getSSLParameters
in classjavax.net.ssl.SSLSocket
-
setSSLParameters
public final void setSSLParameters(javax.net.ssl.SSLParameters sslParameters)
- Overrides:
setSSLParameters
in classjavax.net.ssl.SSLSocket
-
startHandshake
public final void startHandshake() throws java.io.IOException
- Specified by:
startHandshake
in classjavax.net.ssl.SSLSocket
- Throws:
java.io.IOException
-
doHandshake
private void doHandshake() throws java.io.IOException
- Throws:
java.io.IOException
-
getInputStream
public final java.io.InputStream getInputStream() throws java.io.IOException
- Overrides:
getInputStream
in classAbstractConscryptSocket
- Throws:
java.io.IOException
-
getOutputStream
public final java.io.OutputStream getOutputStream() throws java.io.IOException
- Overrides:
getOutputStream
in classAbstractConscryptSocket
- Throws:
java.io.IOException
-
getHandshakeSession
public final javax.net.ssl.SSLSession getHandshakeSession()
- Specified by:
getHandshakeSession
in classOpenSSLSocketImpl
-
getSession
public final javax.net.ssl.SSLSession getSession()
- Specified by:
getSession
in classjavax.net.ssl.SSLSocket
-
getActiveSession
final javax.net.ssl.SSLSession getActiveSession()
Description copied from class:AbstractConscryptSocket
Called byAbstractConscryptSocket.notifyHandshakeCompletedListeners()
to get the currently active session. UnlikeSSLSocket.getSession()
, this method must not block.- Specified by:
getActiveSession
in classAbstractConscryptSocket
-
getEnableSessionCreation
public final boolean getEnableSessionCreation()
- Specified by:
getEnableSessionCreation
in classjavax.net.ssl.SSLSocket
-
setEnableSessionCreation
public final void setEnableSessionCreation(boolean flag)
- Specified by:
setEnableSessionCreation
in classjavax.net.ssl.SSLSocket
-
getSupportedCipherSuites
public final java.lang.String[] getSupportedCipherSuites()
- Specified by:
getSupportedCipherSuites
in classjavax.net.ssl.SSLSocket
-
getEnabledCipherSuites
public final java.lang.String[] getEnabledCipherSuites()
- Specified by:
getEnabledCipherSuites
in classjavax.net.ssl.SSLSocket
-
setEnabledCipherSuites
public final void setEnabledCipherSuites(java.lang.String[] suites)
- Specified by:
setEnabledCipherSuites
in classjavax.net.ssl.SSLSocket
-
getSupportedProtocols
public final java.lang.String[] getSupportedProtocols()
- Specified by:
getSupportedProtocols
in classjavax.net.ssl.SSLSocket
-
getEnabledProtocols
public final java.lang.String[] getEnabledProtocols()
- Specified by:
getEnabledProtocols
in classjavax.net.ssl.SSLSocket
-
setEnabledProtocols
public final void setEnabledProtocols(java.lang.String[] protocols)
- Specified by:
setEnabledProtocols
in classjavax.net.ssl.SSLSocket
-
setHostname
public final void setHostname(java.lang.String hostname)
This method enables Server Name Indication. If the hostname is not a valid SNI hostname, the SNI extension will be omitted from the handshake.- Overrides:
setHostname
in classOpenSSLSocketImpl
- Parameters:
hostname
- the desired SNI hostname, or null to disable
-
setUseSessionTickets
public final void setUseSessionTickets(boolean useSessionTickets)
Description copied from class:AbstractConscryptSocket
This method enables session ticket support.- Specified by:
setUseSessionTickets
in classOpenSSLSocketImpl
- Parameters:
useSessionTickets
- True to enable session tickets
-
setChannelIdEnabled
public final void setChannelIdEnabled(boolean enabled)
Description copied from class:AbstractConscryptSocket
Enables/disables TLS Channel ID for this server socket.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdEnabled
in classOpenSSLSocketImpl
-
getChannelId
public final byte[] getChannelId() throws javax.net.ssl.SSLException
Description copied from class:AbstractConscryptSocket
Gets the TLS Channel ID for this server socket. Channel ID is only available once the handshake completes.- Specified by:
getChannelId
in classOpenSSLSocketImpl
- Returns:
- channel ID or
null
if not available. - Throws:
javax.net.ssl.SSLException
- if channel ID is available but could not be obtained.
-
setChannelIdPrivateKey
public final void setChannelIdPrivateKey(java.security.PrivateKey privateKey)
Description copied from class:AbstractConscryptSocket
Sets thePrivateKey
to be used for TLS Channel ID by this client socket.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdPrivateKey
in classOpenSSLSocketImpl
- Parameters:
privateKey
- private key (enables TLS Channel ID) ornull
for no key (disables TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).
-
getTlsUnique
byte[] getTlsUnique()
Description copied from class:AbstractConscryptSocket
Returns the tls-unique channel binding value for this connection, per RFC 5929. This will returnnull
if there is no such value available, such as if the handshake has not yet completed or this connection is closed.- Specified by:
getTlsUnique
in classAbstractConscryptSocket
-
exportKeyingMaterial
byte[] exportKeyingMaterial(java.lang.String label, byte[] context, int length) throws javax.net.ssl.SSLException
Description copied from class:AbstractConscryptSocket
Exports a value derived from the TLS master secret as described in RFC 5705.- Specified by:
exportKeyingMaterial
in classAbstractConscryptSocket
- Parameters:
label
- the label to use in calculating the exported value. This must be an ASCII-only string.context
- the application-specific context value to use in calculating the exported value. This may benull
to use no application context, which is treated differently than an empty byte array.length
- the number of bytes of keying material to return.- Returns:
- a value of the specified length, or
null
if the handshake has not yet completed or the connection has been closed. - Throws:
javax.net.ssl.SSLException
- if the value could not be exported.
-
getUseClientMode
public final boolean getUseClientMode()
- Specified by:
getUseClientMode
in classjavax.net.ssl.SSLSocket
-
setUseClientMode
public final void setUseClientMode(boolean mode)
- Specified by:
setUseClientMode
in classjavax.net.ssl.SSLSocket
-
getWantClientAuth
public final boolean getWantClientAuth()
- Specified by:
getWantClientAuth
in classjavax.net.ssl.SSLSocket
-
getNeedClientAuth
public final boolean getNeedClientAuth()
- Specified by:
getNeedClientAuth
in classjavax.net.ssl.SSLSocket
-
setNeedClientAuth
public final void setNeedClientAuth(boolean need)
- Specified by:
setNeedClientAuth
in classjavax.net.ssl.SSLSocket
-
setWantClientAuth
public final void setWantClientAuth(boolean want)
- Specified by:
setWantClientAuth
in classjavax.net.ssl.SSLSocket
-
close
public final void close() throws java.io.IOException
- Specified by:
close
in interfacejava.lang.AutoCloseable
- Specified by:
close
in interfacejava.io.Closeable
- Overrides:
close
in classAbstractConscryptSocket
- Throws:
java.io.IOException
-
setHandshakeTimeout
public void setHandshakeTimeout(int handshakeTimeoutMilliseconds) throws java.net.SocketException
Description copied from class:AbstractConscryptSocket
Set the handshake timeout on this socket. This timeout is specified in milliseconds and will be used only during the handshake process.- Overrides:
setHandshakeTimeout
in classOpenSSLSocketImpl
- Throws:
java.net.SocketException
-
setApplicationProtocols
final void setApplicationProtocols(java.lang.String[] protocols)
Description copied from class:AbstractConscryptSocket
Sets the list of ALPN protocols.- Specified by:
setApplicationProtocols
in classAbstractConscryptSocket
- Parameters:
protocols
- the list of ALPN protocols
-
getApplicationProtocols
final java.lang.String[] getApplicationProtocols()
Description copied from class:AbstractConscryptSocket
Returns the list of supported ALPN protocols.- Specified by:
getApplicationProtocols
in classAbstractConscryptSocket
-
getApplicationProtocol
public final java.lang.String getApplicationProtocol()
- Specified by:
getApplicationProtocol
in classAbstractConscryptSocket
-
getHandshakeApplicationProtocol
public final java.lang.String getHandshakeApplicationProtocol()
- Specified by:
getHandshakeApplicationProtocol
in classAbstractConscryptSocket
-
setApplicationProtocolSelector
public final void setApplicationProtocolSelector(ApplicationProtocolSelector selector)
Description copied from class:AbstractConscryptSocket
Sets an application-provided ALPN protocol selector. If provided, this will override the list of protocols set byAbstractConscryptSocket.setApplicationProtocols(String[])
.- Specified by:
setApplicationProtocolSelector
in classAbstractConscryptSocket
-
setApplicationProtocolSelector
final void setApplicationProtocolSelector(ApplicationProtocolSelectorAdapter selector)
- Specified by:
setApplicationProtocolSelector
in classAbstractConscryptSocket
-
setBufferAllocator
void setBufferAllocator(BufferAllocator bufferAllocator)
-
onHandshakeFinished
private void onHandshakeFinished()
-
waitForHandshake
private void waitForHandshake() throws java.io.IOException
Waits for the handshake to complete.- Throws:
java.io.IOException
-
drainOutgoingQueue
private void drainOutgoingQueue()
-
getUnderlyingOutputStream
private java.io.OutputStream getUnderlyingOutputStream() throws java.io.IOException
- Throws:
java.io.IOException
-
getUnderlyingInputStream
private java.io.InputStream getUnderlyingInputStream() throws java.io.IOException
- Throws:
java.io.IOException
-
chooseServerAlias
public final java.lang.String chooseServerAlias(javax.net.ssl.X509KeyManager keyManager, java.lang.String keyType)
- Specified by:
chooseServerAlias
in interfaceSSLParametersImpl.AliasChooser
-
chooseClientAlias
public final java.lang.String chooseClientAlias(javax.net.ssl.X509KeyManager keyManager, javax.security.auth.x500.X500Principal[] issuers, java.lang.String[] keyTypes)
- Specified by:
chooseClientAlias
in interfaceSSLParametersImpl.AliasChooser
-
-