Package com.yahoo.jrt

Interface CryptoSocket

  • All Known Implementing Classes:
    MaybeTlsCryptoSocket, NullCryptoSocket, TlsCryptoSocket, XorCryptoSocket
    public interface CryptoSocket
    Abstraction of a low-level async network socket which can produce io events and allows encrypting written data and decrypting read data. The interface is complexified to handle the use of internal buffers that may mask io events and pending work. The interface is simplified by assuming there will be no mid-stream re-negotiation (no read/write cross-dependencies). Handshaking is explicit and up-front. This interface is initially designed for persistent transport connections where closing the connection has no application-level semantics.

    • Method Detail

      • channel

        java.nio.channels.SocketChannel channel()
        Obtain the underlying socket channel used by this CryptoSocket.

      • handshake

        CryptoSocket.HandshakeResult handshake()
                                throws java.io.IOException
        Try to progress the initial connection handshake. Handshaking will be done once, before any normal reads or writes are performed. Re-negotiation at a later stage will not be permitted. This function will be called multiple times until the status is either DONE or an IOException is thrown. When NEED_READ or NEED_WRITE is returned, the handshake function will be called again when the appropriate io event has triggered. When NEED_WORK is returned, the doHandshakeWork() will be called (possibly in another thread) before this function is called again.
        Throws:
        java.io.IOException

      • getMinimumReadBufferSize

        int getMinimumReadBufferSize()
        This function should be called after handshaking has completed before calling the read function. It dictates the minimum size of the application read buffer presented to the read function. This is needed to support frame-based stateless decryption of incoming data.

      • read

        int read​(java.nio.ByteBuffer dst)
  throws java.io.IOException
        Called when the underlying socket has available data. Read through the entire input pipeline. The semantics are the same as with a normal socket read except it can also fail for cryptographic reasons.
        Throws:
        java.io.IOException

      • drain

        int drain​(java.nio.ByteBuffer dst)
   throws java.io.IOException
        Similar to read, but this function is not allowed to read from the underlying socket. This is to enable the application to make sure that there is no more input data in the read pipeline that is independent of data not yet read from the actual socket. Draining data from the input pipeline is done to prevent masking read events.
        Throws:
        java.io.IOException

      • write

        int write​(java.nio.ByteBuffer src)
   throws java.io.IOException
        Called when the application has data it wants to write. Write through the entire output pipeline. The semantics are the same as with a normal socket write.
        Throws:
        java.io.IOException

      • flush

        CryptoSocket.FlushResult flush()
                        throws java.io.IOException
        Try to flush data in the write pipeline that is not depenedent on data not yet written by the application into the underlying socket. This is to enable the application to identify pending work that may not be completed until the underlying socket is ready for writing more data. When NEED_WRITE is returned, either write or flush will be called again when the appropriate io event has triggered.
        Throws:
        java.io.IOException

      • getSecurityContext

        default java.util.Optional<SecurityContext> getSecurityContext()
        Returns the security context for the current connection (given handshake completed), or empty if the current connection is not secure.