org.conscrypt

Class OpenSSLEngineSocketImpl

java.lang.Object

java.net.Socket

javax.net.ssl.SSLSocket

org.conscrypt.OpenSSLSocketImpl

org.conscrypt.OpenSSLSocketImplWrapper

org.conscrypt.OpenSSLEngineSocketImpl

All Implemented Interfaces:

Closeable, AutoCloseable, NativeCrypto.SSLHandshakeCallbacks, SSLParametersImpl.AliasChooser, SSLParametersImpl.PSKCallbacks

public final class OpenSSLEngineSocketImpl
extends OpenSSLSocketImplWrapper

Implements crypto handling by delegating to OpenSSLEngine. Used for socket implementations that are not backed by a real OS socket.

Constructor Summary

Constructors

Constructor and Description
OpenSSLEngineSocketImpl(Socket socket, String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters)

Method Summary

Modifier and Type	Method and Description
String	chooseClientAlias(X509KeyManager keyManager, X500Principal[] issuers, String[] keyTypes)
String	chooseClientPSKIdentity(PSKKeyManager keyManager, String identityHint)
String	chooseServerAlias(X509KeyManager keyManager, String keyType)
String	chooseServerPSKIdentityHint(PSKKeyManager keyManager)
void	close()
protected void	finalize()
byte[]	getAlpnSelectedProtocol() Returns the protocol agreed upon by client and server, or null if no protocol was agreed upon.
SocketChannel	getChannel()
byte[]	getChannelId() Gets the TLS Channel ID for this server socket.
String[]	getEnabledCipherSuites()
String[]	getEnabledProtocols()
boolean	getEnableSessionCreation()
FileDescriptor	getFileDescriptor$()
InputStream	getInputStream()
boolean	getNeedClientAuth()
byte[]	getNpnSelectedProtocol() Returns null always for backward compatibility.
OutputStream	getOutputStream()
SecretKey	getPSKKey(PSKKeyManager keyManager, String identityHint, String identity)
SSLSession	getSession()
int	getSoWriteTimeout() Note write timeouts are not part of the javax.net.ssl.SSLSocket API
String[]	getSupportedCipherSuites()
String[]	getSupportedProtocols()
boolean	getUseClientMode()
boolean	getWantClientAuth()
void	onSSLStateChange(int type, int val) Called when SSL state changes.
void	sendUrgentData(int data)
void	setAlpnProtocols(byte[] alpnProtocols) Sets the list of protocols this peer is interested in.
void	setChannelIdEnabled(boolean enabled) Enables/disables TLS Channel ID for this server socket.
void	setChannelIdPrivateKey(PrivateKey privateKey) Sets the PrivateKey to be used for TLS Channel ID by this client socket.
void	setEnabledCipherSuites(String[] suites)
void	setEnabledProtocols(String[] protocols)
void	setEnableSessionCreation(boolean flag)
void	setHandshakeTimeout(int handshakeTimeoutMilliseconds) Set the handshake timeout on this socket.
void	setHostname(String hostname) This method enables Server Name Indication
void	setNeedClientAuth(boolean need)
void	setNpnProtocols(byte[] npnProtocols) This method does nothing and is kept for backward compatibility.
void	setOOBInline(boolean on)
void	setSoWriteTimeout(int writeTimeoutMilliseconds) Note write timeouts are not part of the javax.net.ssl.SSLSocket API
void	setUseClientMode(boolean mode)
void	setUseSessionTickets(boolean useSessionTickets) This method enables session ticket support.
void	setWantClientAuth(boolean want)
void	startHandshake() Starts a TLS/SSL handshake on this connection using some native methods from the OpenSSL library.
void	verifyCertificateChain(long[] certRefs, String authMethod) Verify that we trust the certificate chain is trusted.

Methods inherited from class org.conscrypt.OpenSSLSocketImplWrapper

bind, connect, connect, getInetAddress, getKeepAlive, getLocalAddress, getLocalPort, getLocalSocketAddress, getOOBInline, getPort, getReceiveBufferSize, getRemoteSocketAddress, getReuseAddress, getSendBufferSize, getSoLinger, getSoTimeout, getTcpNoDelay, getTrafficClass, isBound, isClosed, isConnected, isInputShutdown, isOutputShutdown, setKeepAlive, setReceiveBufferSize, setReuseAddress, setSendBufferSize, setSoLinger, setTcpNoDelay, setTrafficClass, toString

Methods inherited from class org.conscrypt.OpenSSLSocketImpl

addHandshakeCompletedListener, clientCertificateRequested, clientPSKKeyRequested, getHandshakeSession, getHostname, getHostnameOrIP, getSSLParameters, removeHandshakeCompletedListener, serverPSKKeyRequested, setSoTimeout, setSSLParameters

Methods inherited from class java.net.Socket

setPerformancePreferences, setSocketImplFactory, shutdownInput, shutdownOutput

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

OpenSSLEngineSocketImpl

public OpenSSLEngineSocketImpl(Socket socket,
                               String hostname,
                               int port,
                               boolean autoClose,
                               SSLParametersImpl sslParameters)
                        throws IOException

Throws:

IOException

Method Detail

startHandshake

public void startHandshake()
                    throws IOException

Description copied from class: OpenSSLSocketImpl

Starts a TLS/SSL handshake on this connection using some native methods from the OpenSSL library. It can negotiate new encryption keys, change cipher suites, or initiate a new session. The certificate chain is verified if the correspondent property in java.Security is set. All listeners are notified at the end of the TLS/SSL handshake.

Overrides:

startHandshake in class OpenSSLSocketImpl

Throws:

IOException

onSSLStateChange

public void onSSLStateChange(int type,
                             int val)

Description copied from interface: NativeCrypto.SSLHandshakeCallbacks

Called when SSL state changes. This could be handshake completion.

Specified by:

onSSLStateChange in interface NativeCrypto.SSLHandshakeCallbacks

Overrides:

onSSLStateChange in class OpenSSLSocketImpl

verifyCertificateChain

public void verifyCertificateChain(long[] certRefs,
                                   String authMethod)
                            throws CertificateException

Description copied from interface: NativeCrypto.SSLHandshakeCallbacks

Verify that we trust the certificate chain is trusted.

Specified by:

verifyCertificateChain in interface NativeCrypto.SSLHandshakeCallbacks

Overrides:

verifyCertificateChain in class OpenSSLSocketImpl

Parameters:

certRefs - chain of X.509 certificate references

authMethod - auth algorithm name

Throws:

CertificateException - if the certificate is untrusted

getInputStream

public InputStream getInputStream()
                           throws IOException

Overrides:

getInputStream in class OpenSSLSocketImpl

Throws:

IOException

getOutputStream

public OutputStream getOutputStream()
                             throws IOException

Overrides:

getOutputStream in class OpenSSLSocketImpl

Throws:

IOException

getSession

public SSLSession getSession()

Overrides:

getSession in class OpenSSLSocketImpl

getEnableSessionCreation

public boolean getEnableSessionCreation()

Overrides:

getEnableSessionCreation in class OpenSSLSocketImpl

setEnableSessionCreation

public void setEnableSessionCreation(boolean flag)

Overrides:

setEnableSessionCreation in class OpenSSLSocketImpl

getSupportedCipherSuites

public String[] getSupportedCipherSuites()

Overrides:

getSupportedCipherSuites in class OpenSSLSocketImpl

getEnabledCipherSuites

public String[] getEnabledCipherSuites()

Overrides:

getEnabledCipherSuites in class OpenSSLSocketImpl

setEnabledCipherSuites

public void setEnabledCipherSuites(String[] suites)

Overrides:

setEnabledCipherSuites in class OpenSSLSocketImpl

getSupportedProtocols

public String[] getSupportedProtocols()

Overrides:

getSupportedProtocols in class OpenSSLSocketImpl

getEnabledProtocols

public String[] getEnabledProtocols()

Overrides:

getEnabledProtocols in class OpenSSLSocketImpl

setEnabledProtocols

public void setEnabledProtocols(String[] protocols)

Overrides:

setEnabledProtocols in class OpenSSLSocketImpl

setUseSessionTickets

public void setUseSessionTickets(boolean useSessionTickets)

Description copied from class: OpenSSLSocketImpl

This method enables session ticket support.

Overrides:

setUseSessionTickets in class OpenSSLSocketImpl

Parameters:

useSessionTickets - True to enable session tickets

setHostname

public void setHostname(String hostname)

Description copied from class: OpenSSLSocketImpl

This method enables Server Name Indication

Overrides:

setHostname in class OpenSSLSocketImpl

Parameters:

hostname - the desired SNI hostname, or null to disable

setChannelIdEnabled

public void setChannelIdEnabled(boolean enabled)

Description copied from class: OpenSSLSocketImpl

Enables/disables TLS Channel ID for this server socket.

This method needs to be invoked before the handshake starts.

Overrides:

setChannelIdEnabled in class OpenSSLSocketImpl

getChannelId

public byte[] getChannelId()
                    throws SSLException

Description copied from class: OpenSSLSocketImpl

Gets the TLS Channel ID for this server socket. Channel ID is only available once the handshake completes.

Overrides:

getChannelId in class OpenSSLSocketImpl

Returns:

channel ID or null if not available.

Throws:

SSLException - if channel ID is available but could not be obtained.

setChannelIdPrivateKey

public void setChannelIdPrivateKey(PrivateKey privateKey)

Description copied from class: OpenSSLSocketImpl

Sets the PrivateKey to be used for TLS Channel ID by this client socket.

This method needs to be invoked before the handshake starts.

Overrides:

setChannelIdPrivateKey in class OpenSSLSocketImpl

Parameters:

privateKey - private key (enables TLS Channel ID) or null for no key (disables TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).

getUseClientMode

public boolean getUseClientMode()

Overrides:

getUseClientMode in class OpenSSLSocketImpl

setUseClientMode

public void setUseClientMode(boolean mode)

Overrides:

setUseClientMode in class OpenSSLSocketImpl

getWantClientAuth

public boolean getWantClientAuth()

Overrides:

getWantClientAuth in class OpenSSLSocketImpl

getNeedClientAuth

public boolean getNeedClientAuth()

Overrides:

getNeedClientAuth in class OpenSSLSocketImpl

setNeedClientAuth

public void setNeedClientAuth(boolean need)

Overrides:

setNeedClientAuth in class OpenSSLSocketImpl

setWantClientAuth

public void setWantClientAuth(boolean want)

Overrides:

setWantClientAuth in class OpenSSLSocketImpl

sendUrgentData

public void sendUrgentData(int data)
                    throws IOException

Overrides:

sendUrgentData in class OpenSSLSocketImpl

Throws:

IOException

setOOBInline

public void setOOBInline(boolean on)
                  throws SocketException

Overrides:

setOOBInline in class OpenSSLSocketImpl

Throws:

SocketException

setSoWriteTimeout

public void setSoWriteTimeout(int writeTimeoutMilliseconds)
                       throws SocketException

Description copied from class: OpenSSLSocketImpl

Note write timeouts are not part of the javax.net.ssl.SSLSocket API

Overrides:

setSoWriteTimeout in class OpenSSLSocketImpl

Throws:

SocketException

getSoWriteTimeout

public int getSoWriteTimeout()
                      throws SocketException

Description copied from class: OpenSSLSocketImpl

Note write timeouts are not part of the javax.net.ssl.SSLSocket API

Overrides:

getSoWriteTimeout in class OpenSSLSocketImpl

Throws:

SocketException

setHandshakeTimeout

public void setHandshakeTimeout(int handshakeTimeoutMilliseconds)
                         throws SocketException

Description copied from class: OpenSSLSocketImpl

Set the handshake timeout on this socket. This timeout is specified in milliseconds and will be used only during the handshake process.

Overrides:

setHandshakeTimeout in class OpenSSLSocketImpl

Throws:

SocketException

close

public void close()
           throws IOException

Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

Overrides:

close in class OpenSSLSocketImpl

Throws:

IOException

finalize

protected void finalize()
                 throws Throwable

Overrides:

finalize in class OpenSSLSocketImpl

Throws:

Throwable

getChannel

public SocketChannel getChannel()

Overrides:

getChannel in class Socket

getFileDescriptor$

public FileDescriptor getFileDescriptor$()

Overrides:

getFileDescriptor$ in class OpenSSLSocketImpl

getNpnSelectedProtocol

public byte[] getNpnSelectedProtocol()

Description copied from class: OpenSSLSocketImpl

Returns null always for backward compatibility.

Overrides:

getNpnSelectedProtocol in class OpenSSLSocketImpl

getAlpnSelectedProtocol

public byte[] getAlpnSelectedProtocol()

Description copied from class: OpenSSLSocketImpl

Returns the protocol agreed upon by client and server, or null if no protocol was agreed upon.

Overrides:

getAlpnSelectedProtocol in class OpenSSLSocketImpl

setNpnProtocols

public void setNpnProtocols(byte[] npnProtocols)

Description copied from class: OpenSSLSocketImpl

This method does nothing and is kept for backward compatibility.

Overrides:

setNpnProtocols in class OpenSSLSocketImpl

setAlpnProtocols

public void setAlpnProtocols(byte[] alpnProtocols)

Description copied from class: OpenSSLSocketImpl

Sets the list of protocols this peer is interested in. If the list is null, no protocols will be used.

Overrides:

setAlpnProtocols in class OpenSSLSocketImpl

Parameters:

alpnProtocols - a non-empty array of protocol names. From SSL_select_next_proto, "vector of 8-bit, length prefixed byte strings. The length byte itself is not included in the length. A byte string of length 0 is invalid. No byte string may be truncated.".

chooseServerAlias

public String chooseServerAlias(X509KeyManager keyManager,
                                String keyType)

Specified by:

chooseServerAlias in interface SSLParametersImpl.AliasChooser

Overrides:

chooseServerAlias in class OpenSSLSocketImpl

chooseClientAlias

public String chooseClientAlias(X509KeyManager keyManager,
                                X500Principal[] issuers,
                                String[] keyTypes)

Specified by:

chooseClientAlias in interface SSLParametersImpl.AliasChooser

Overrides:

chooseClientAlias in class OpenSSLSocketImpl

chooseServerPSKIdentityHint

public String chooseServerPSKIdentityHint(PSKKeyManager keyManager)

Specified by:

chooseServerPSKIdentityHint in interface SSLParametersImpl.PSKCallbacks

Overrides:

chooseServerPSKIdentityHint in class OpenSSLSocketImpl

chooseClientPSKIdentity

public String chooseClientPSKIdentity(PSKKeyManager keyManager,
                                      String identityHint)

Specified by:

chooseClientPSKIdentity in interface SSLParametersImpl.PSKCallbacks

Overrides:

chooseClientPSKIdentity in class OpenSSLSocketImpl

getPSKKey

public SecretKey getPSKKey(PSKKeyManager keyManager,
                           String identityHint,
                           String identity)

Specified by:

getPSKKey in interface SSLParametersImpl.PSKCallbacks

Overrides:

getPSKKey in class OpenSSLSocketImpl