Package org.conscrypt
Class ConscryptEngine
java.lang.Object
javax.net.ssl.SSLEngine
org.conscrypt.AbstractConscryptEngine
org.conscrypt.ConscryptEngine
- All Implemented Interfaces:
NativeCrypto.SSLHandshakeCallbacks,SSLParametersImpl.AliasChooser,SSLParametersImpl.PSKCallbacks
final class ConscryptEngine
extends AbstractConscryptEngine
implements NativeCrypto.SSLHandshakeCallbacks, SSLParametersImpl.AliasChooser, SSLParametersImpl.PSKCallbacks
Implements the
SSLEngine API using OpenSSL's non-blocking interfaces.-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate ActiveSessionSet during startHandshake.private BufferAllocatorprivate OpenSSLKeyPrivate key for the TLS Channel ID extension.private static final SSLEngineResultprivate SessionSnapshotA snapshot of the active session when the engine was closed.private static BufferAllocatorprivate final SSLSessionThe session object exposed externally from this class.private booleanprivate HandshakeListenerprivate ByteBufferA lazy-created direct buffer used as a bridge between heap buffers provided by the application and JNI.private intprivate static final SSLEngineResultprivate static final SSLEngineResultprivate static final SSLEngineResultprivate static final SSLEngineResultprivate final NativeSsl.BioWrapperThe BIO used for reading/writing encrypted bytes.private StringHostname used with the TLS extension SNI hostname.private final PeerInfoProviderprivate final ByteBuffer[]private final ByteBuffer[]private final NativeSslWrapper around the underlying SSL object.private final SSLParametersImplprivate int -
Constructor Summary
ConstructorsConstructorDescriptionConscryptEngine(String host, int port, SSLParametersImpl sslParameters) ConscryptEngine(SSLParametersImpl sslParameters) ConscryptEngine(SSLParametersImpl sslParameters, PeerInfoProvider peerInfoProvider, SSLParametersImpl.AliasChooser aliasChooser) -
Method Summary
Modifier and TypeMethodDescriptionvoidprivate voidprivate static intcalcDstsLength(ByteBuffer[] dsts, int dstsOffset, int dstsLength) private static longcalcSrcsLength(ByteBuffer[] srcs, int srcsOffset, int srcsEndOffset) chooseClientAlias(X509KeyManager keyManager, X500Principal[] issuers, String[] keyTypes) chooseClientPSKIdentity(PSKKeyManager keyManager, String identityHint) chooseServerAlias(X509KeyManager keyManager, String keyType) chooseServerPSKIdentityHint(PSKKeyManager keyManager) voidclientCertificateRequested(byte[] keyTypeBytes, int[] signatureAlgs, byte[][] asn1DerEncodedPrincipals) Called on an SSL client when the server requests (or requires a certificate).intclientPSKKeyRequested(String identityHint, byte[] identity, byte[] key) Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.private ClientSessionContextprivate voidcloseAll()private voidvoidvoidprivate SSLExceptionprivate longdirectByteBufferAddress(ByteBuffer directBuffer, int pos) (package private) byte[]exportKeyingMaterial(String label, byte[] context, int length) Exports a value derived from the TLS master secret as described in RFC 5705.protected voidfinalize()private voidprivate void(package private) String[]Returns the list of supported ALPN protocols.(package private) byte[]Gets the TLS Channel ID for this server engine.(package private) static BufferAllocatorReturns the defaultBufferAllocator, which may benullif no default has been explicitly set.String[]String[]booleanprivate SSLEngineResult.Statusprivate SSLEngineResult.HandshakeStatusgetHandshakeStatus(int pending) private SSLEngineResult.HandshakeStatus(package private) StringReturns the hostname fromsetHostname(String)or supplied by thePeerInfoProviderupon creation.booleanprivate ByteBufferintgetPSKKey(PSKKeyManager keyManager, String identityHint, String identity) String[]String[](package private) byte[]Returns the tls-unique channel binding value for this connection, per RFC 5929.booleanbooleanprivate SSLEngineResult.HandshakeStatus(package private) SSLSessionWork-around to allow this method to be called on older versions of Android.private booleanbooleanboolean(package private) intReturns the maximum overhead, in bytes, of sealing a record with SSL.private SSLEngineResult.HandshakeStatusprivate SSLEngineResultnewResult(int bytesConsumed, int bytesProduced, SSLEngineResult.HandshakeStatus status) private static NativeSslnewSsl(SSLParametersImpl sslParameters, ConscryptEngine engine, SSLParametersImpl.AliasChooser aliasChooser) private SSLExceptionvoidonNewSessionEstablished(long sslSessionNativePtr) Called when a new session has been established and may be added to the session cache.voidonSSLStateChange(int type, int val) Called when SSL state changes.private int(package private) intprivate static SSLEngineResult.HandshakeStatuspendingStatus(int pendingOutboundBytes) private ConscryptSessionprivate ConscryptSessionprivate ConscryptSessionprivate intreadEncryptedData(ByteBuffer dst, int pending) Read encrypted data from the OpenSSL network BIOprivate intreadEncryptedDataDirect(ByteBuffer dst, int pos, int len) private intreadEncryptedDataHeap(ByteBuffer dst, int len) private SSLEngineResultreadPendingBytesFromBIO(ByteBuffer dst, int bytesConsumed, int bytesProduced, SSLEngineResult.HandshakeStatus status) private intRead plaintext data from the OpenSSL internal BIOprivate intreadPlaintextDataDirect(ByteBuffer dst, int pos, int len) private intreadPlaintextDataHeap(ByteBuffer dst, int len) private voidprivate voidintselectApplicationProtocol(byte[] protocols) Called when acting as a server, the socket has anApplicationProtocolSelectorAdapterassociated with it, and the application protocol needs to be selected.private voidvoidCalled when acting as a server during ClientHello processing before a decision to resume a session is made.intserverPSKKeyRequested(String identityHint, String identity, byte[] key) Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.longserverSessionRequested(byte[] id) Called for servers where TLS invalid input: '<' 1.3 (TLS 1.3 uses session tickets rather than application session caches).private AbstractSessionContext(package private) voidsetApplicationProtocols(String[] protocols) Sets the list of ALPN protocols.(package private) voidSets an application-provided ALPN protocol selector.(package private) void(package private) voidsetBufferAllocator(BufferAllocator bufferAllocator) (package private) voidsetChannelIdEnabled(boolean enabled) Enables/disables TLS Channel ID for this server engine.(package private) voidsetChannelIdPrivateKey(PrivateKey privateKey) Sets thePrivateKeyto be used for TLS Channel ID by this client engine.(package private) static voidsetDefaultBufferAllocator(BufferAllocator bufferAllocator) Configures the defaultBufferAllocatorto be used by all futureSSLEngineandConscryptEngineSocketinstances from this provider.voidsetEnabledCipherSuites(String[] suites) voidsetEnabledProtocols(String[] protocols) voidsetEnableSessionCreation(boolean flag) (package private) voidsetHandshakeListener(HandshakeListener handshakeListener) Sets the listener for the completion of the TLS handshake.(package private) voidsetHostname(String hostname) This method enables Server Name Indication (SNI) and overrides thePeerInfoProvidersupplied during engine creation.voidsetNeedClientAuth(boolean need) voidvoidsetUseClientMode(boolean mode) (package private) voidsetUseSessionTickets(boolean useSessionTickets) This method enables session ticket support.voidsetWantClientAuth(boolean want) private ByteBuffer[]private ByteBuffer[]private voidtransitionTo(int newState) (package private) SSLEngineResultunwrap(ByteBuffer[] srcs, int srcsOffset, int srcsLength, ByteBuffer[] dsts, int dstsOffset, int dstsLength) (package private) SSLEngineResultunwrap(ByteBuffer[] srcs, ByteBuffer[] dsts) unwrap(ByteBuffer src, ByteBuffer dst) unwrap(ByteBuffer src, ByteBuffer[] dsts) unwrap(ByteBuffer src, ByteBuffer[] dsts, int offset, int length) voidverifyCertificateChain(byte[][] certChain, String authMethod) Verify that the certificate chain is trusted.wrap(ByteBuffer[] srcs, int srcsOffset, int srcsLength, ByteBuffer dst) wrap(ByteBuffer src, ByteBuffer dst) private intwriteEncryptedData(ByteBuffer src, int len) Write encrypted data to the OpenSSL network BIO.private intwriteEncryptedDataDirect(ByteBuffer src, int pos, int len) private intwriteEncryptedDataHeap(ByteBuffer src, int pos, int len) private intwritePlaintextData(ByteBuffer src, int len) Write plaintext data to the OpenSSL internal BIO Calling this function with src.remaining == 0 is undefined.private intwritePlaintextDataDirect(ByteBuffer src, int pos, int len) private intwritePlaintextDataHeap(ByteBuffer src, int pos, int len) Methods inherited from class org.conscrypt.AbstractConscryptEngine
getHandshakeSessionMethods inherited from class javax.net.ssl.SSLEngine
getHandshakeApplicationProtocolSelector, setHandshakeApplicationProtocolSelector, wrap
-
Field Details
-
NEED_UNWRAP_OK
-
NEED_UNWRAP_CLOSED
-
NEED_WRAP_OK
-
NEED_WRAP_CLOSED
-
CLOSED_NOT_HANDSHAKING
-
defaultBufferAllocator
-
sslParameters
-
bufferAllocator
-
lazyDirectBuffer
A lazy-created direct buffer used as a bridge between heap buffers provided by the application and JNI. This avoids the overhead of calling JNI with heap buffers. Used only when nobufferAllocatorhas been provided. -
peerHostname
Hostname used with the TLS extension SNI hostname. -
state
private int state -
handshakeFinished
private boolean handshakeFinished -
ssl
Wrapper around the underlying SSL object. -
networkBio
The BIO used for reading/writing encrypted bytes. -
activeSession
Set during startHandshake. -
closedSession
A snapshot of the active session when the engine was closed. -
externalSession
The session object exposed externally from this class. -
channelIdPrivateKey
Private key for the TLS Channel ID extension. This field is client-side only. Set during startHandshake. -
maxSealOverhead
private int maxSealOverhead -
handshakeListener
-
singleSrcBuffer
-
singleDstBuffer
-
peerInfoProvider
-
-
Constructor Details
-
ConscryptEngine
ConscryptEngine(SSLParametersImpl sslParameters) -
ConscryptEngine
ConscryptEngine(String host, int port, SSLParametersImpl sslParameters) -
ConscryptEngine
ConscryptEngine(SSLParametersImpl sslParameters, PeerInfoProvider peerInfoProvider, SSLParametersImpl.AliasChooser aliasChooser)
-
-
Method Details
-
newSsl
private static NativeSsl newSsl(SSLParametersImpl sslParameters, ConscryptEngine engine, SSLParametersImpl.AliasChooser aliasChooser) -
setDefaultBufferAllocator
Configures the defaultBufferAllocatorto be used by all futureSSLEngineandConscryptEngineSocketinstances from this provider. -
getDefaultBufferAllocator
Returns the defaultBufferAllocator, which may benullif no default has been explicitly set. -
setBufferAllocator
- Specified by:
setBufferAllocatorin classAbstractConscryptEngine
-
maxSealOverhead
int maxSealOverhead()Returns the maximum overhead, in bytes, of sealing a record with SSL.- Specified by:
maxSealOverheadin classAbstractConscryptEngine
-
setChannelIdEnabled
void setChannelIdEnabled(boolean enabled) Enables/disables TLS Channel ID for this server engine.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdEnabledin classAbstractConscryptEngine- Throws:
IllegalStateException- if this is a client engine or if the handshake has already started.
-
getChannelId
Gets the TLS Channel ID for this server engine. Channel ID is only available once the handshake completes.- Specified by:
getChannelIdin classAbstractConscryptEngine- Returns:
- channel ID or
nullif not available. - Throws:
IllegalStateException- if this is a client engine or if the handshake has not yet completed.SSLException- if channel ID is available but could not be obtained.
-
setChannelIdPrivateKey
Sets thePrivateKeyto be used for TLS Channel ID by this client engine.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdPrivateKeyin classAbstractConscryptEngine- Parameters:
privateKey- private key (enables TLS Channel ID) ornullfor no key (disables TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).- Throws:
IllegalStateException- if this is a server engine or if the handshake has already started.
-
setHandshakeListener
Sets the listener for the completion of the TLS handshake.- Specified by:
setHandshakeListenerin classAbstractConscryptEngine
-
isHandshakeStarted
private boolean isHandshakeStarted() -
setHostname
This method enables Server Name Indication (SNI) and overrides thePeerInfoProvidersupplied during engine creation. If the hostname is not a valid SNI hostname, the SNI extension will be omitted from the handshake.- Specified by:
setHostnamein classAbstractConscryptEngine
-
getHostname
String getHostname()Returns the hostname fromsetHostname(String)or supplied by thePeerInfoProviderupon creation. No DNS resolution is attempted before returning the hostname.- Specified by:
getHostnamein classAbstractConscryptEngine
-
getPeerHost
- Specified by:
getPeerHostin classAbstractConscryptEngine
-
getPeerPort
public int getPeerPort()- Specified by:
getPeerPortin classAbstractConscryptEngine
-
beginHandshake
- Specified by:
beginHandshakein classSSLEngine- Throws:
SSLException
-
beginHandshakeInternal
- Throws:
SSLException
-
closeInbound
public void closeInbound()- Specified by:
closeInboundin classSSLEngine
-
closeOutbound
public void closeOutbound()- Specified by:
closeOutboundin classSSLEngine
-
getDelegatedTask
- Specified by:
getDelegatedTaskin classSSLEngine
-
getEnabledCipherSuites
- Specified by:
getEnabledCipherSuitesin classSSLEngine
-
getEnabledProtocols
- Specified by:
getEnabledProtocolsin classSSLEngine
-
getEnableSessionCreation
public boolean getEnableSessionCreation()- Specified by:
getEnableSessionCreationin classSSLEngine
-
getSSLParameters
- Overrides:
getSSLParametersin classSSLEngine
-
setSSLParameters
- Overrides:
setSSLParametersin classSSLEngine
-
getHandshakeStatus
- Specified by:
getHandshakeStatusin classSSLEngine
-
getHandshakeStatusInternal
-
pendingOutboundEncryptedBytes
int pendingOutboundEncryptedBytes() -
pendingInboundCleartextBytes
private int pendingInboundCleartextBytes() -
pendingStatus
-
getNeedClientAuth
public boolean getNeedClientAuth()- Specified by:
getNeedClientAuthin classSSLEngine
-
handshakeSession
SSLSession handshakeSession()Work-around to allow this method to be called on older versions of Android.- Specified by:
handshakeSessionin classAbstractConscryptEngine
-
getSession
- Specified by:
getSessionin classSSLEngine
-
provideSession
-
provideHandshakeSession
-
provideAfterHandshakeSession
-
getSupportedCipherSuites
- Specified by:
getSupportedCipherSuitesin classSSLEngine
-
getSupportedProtocols
- Specified by:
getSupportedProtocolsin classSSLEngine
-
getUseClientMode
public boolean getUseClientMode()- Specified by:
getUseClientModein classSSLEngine
-
getWantClientAuth
public boolean getWantClientAuth()- Specified by:
getWantClientAuthin classSSLEngine
-
isInboundDone
public boolean isInboundDone()- Specified by:
isInboundDonein classSSLEngine
-
isOutboundDone
public boolean isOutboundDone()- Specified by:
isOutboundDonein classSSLEngine
-
setEnabledCipherSuites
- Specified by:
setEnabledCipherSuitesin classSSLEngine
-
setEnabledProtocols
- Specified by:
setEnabledProtocolsin classSSLEngine
-
setEnableSessionCreation
public void setEnableSessionCreation(boolean flag) - Specified by:
setEnableSessionCreationin classSSLEngine
-
setNeedClientAuth
public void setNeedClientAuth(boolean need) - Specified by:
setNeedClientAuthin classSSLEngine
-
setUseClientMode
public void setUseClientMode(boolean mode) - Specified by:
setUseClientModein classSSLEngine
-
setWantClientAuth
public void setWantClientAuth(boolean want) - Specified by:
setWantClientAuthin classSSLEngine
-
unwrap
- Specified by:
unwrapin classAbstractConscryptEngine- Throws:
SSLException
-
unwrap
- Specified by:
unwrapin classAbstractConscryptEngine- Throws:
SSLException
-
unwrap
public SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts, int offset, int length) throws SSLException - Specified by:
unwrapin classAbstractConscryptEngine- Throws:
SSLException
-
unwrap
- Specified by:
unwrapin classAbstractConscryptEngine- Throws:
SSLException
-
unwrap
SSLEngineResult unwrap(ByteBuffer[] srcs, int srcsOffset, int srcsLength, ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws SSLException - Specified by:
unwrapin classAbstractConscryptEngine- Throws:
SSLException
-
calcDstsLength
-
calcSrcsLength
-
handshake
- Throws:
SSLException
-
finishHandshake
- Throws:
SSLException
-
writePlaintextData
Write plaintext data to the OpenSSL internal BIO Calling this function with src.remaining == 0 is undefined.- Throws:
SSLException
-
writePlaintextDataDirect
- Throws:
IOException
-
writePlaintextDataHeap
- Throws:
IOException
-
readPlaintextData
Read plaintext data from the OpenSSL internal BIO- Throws:
IOException
-
readPlaintextDataDirect
private int readPlaintextDataDirect(ByteBuffer dst, int pos, int len) throws IOException, CertificateException - Throws:
IOExceptionCertificateException
-
readPlaintextDataHeap
- Throws:
IOExceptionCertificateException
-
convertException
-
writeEncryptedData
Write encrypted data to the OpenSSL network BIO.- Throws:
SSLException
-
writeEncryptedDataDirect
- Throws:
IOException
-
writeEncryptedDataHeap
- Throws:
IOException
-
getOrCreateLazyDirectBuffer
-
directByteBufferAddress
-
readPendingBytesFromBIO
private SSLEngineResult readPendingBytesFromBIO(ByteBuffer dst, int bytesConsumed, int bytesProduced, SSLEngineResult.HandshakeStatus status) throws SSLException - Throws:
SSLException
-
readEncryptedData
Read encrypted data from the OpenSSL network BIO- Throws:
SSLException
-
readEncryptedDataDirect
- Throws:
IOException
-
readEncryptedDataHeap
- Throws:
IOException
-
mayFinishHandshake
private SSLEngineResult.HandshakeStatus mayFinishHandshake(SSLEngineResult.HandshakeStatus status) throws SSLException - Throws:
SSLException
-
getHandshakeStatus
-
getEngineStatus
-
closeAll
private void closeAll() -
freeIfDone
private void freeIfDone() -
newSslExceptionWithMessage
-
newResult
private SSLEngineResult newResult(int bytesConsumed, int bytesProduced, SSLEngineResult.HandshakeStatus status) throws SSLException - Throws:
SSLException
-
wrap
- Specified by:
wrapin classAbstractConscryptEngine- Throws:
SSLException
-
wrap
public SSLEngineResult wrap(ByteBuffer[] srcs, int srcsOffset, int srcsLength, ByteBuffer dst) throws SSLException - Specified by:
wrapin classAbstractConscryptEngine- Throws:
SSLException
-
clientPSKKeyRequested
Description copied from interface:NativeCrypto.SSLHandshakeCallbacksGets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.- Specified by:
clientPSKKeyRequestedin interfaceNativeCrypto.SSLHandshakeCallbacks- Parameters:
identityHint- PSK identity hint provided by the server ornullif no hint provided.identity- buffer to be populated with PSK identity (NULL-terminated modified UTF-8) by this method. This identity will be provided to the server.key- buffer to be populated with key material by this method.- Returns:
- number of bytes this method stored in the
keybuffer or0if an error occurred in which case the handshake will be aborted.
-
serverPSKKeyRequested
Description copied from interface:NativeCrypto.SSLHandshakeCallbacksGets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.- Specified by:
serverPSKKeyRequestedin interfaceNativeCrypto.SSLHandshakeCallbacks- Parameters:
identityHint- PSK identity hint provided by this server to the client ornullif no hint was provided.identity- PSK identity provided by the client.key- buffer to be populated with key material by this method.- Returns:
- number of bytes this method stored in the
keybuffer or0if an error occurred in which case the handshake will be aborted.
-
onSSLStateChange
public void onSSLStateChange(int type, int val) Description copied from interface:NativeCrypto.SSLHandshakeCallbacksCalled when SSL state changes. This could be handshake completion.- Specified by:
onSSLStateChangein interfaceNativeCrypto.SSLHandshakeCallbacks
-
serverCertificateRequested
Description copied from interface:NativeCrypto.SSLHandshakeCallbacksCalled when acting as a server during ClientHello processing before a decision to resume a session is made. This allows the selection of the correct server certificate based on things like Server Name Indication (SNI).- Specified by:
serverCertificateRequestedin interfaceNativeCrypto.SSLHandshakeCallbacks- Throws:
IOException- if there was an error during certificate selection.
-
onNewSessionEstablished
public void onNewSessionEstablished(long sslSessionNativePtr) Description copied from interface:NativeCrypto.SSLHandshakeCallbacksCalled when a new session has been established and may be added to the session cache. The callee is responsible for incrementing the reference count on the returned session.- Specified by:
onNewSessionEstablishedin interfaceNativeCrypto.SSLHandshakeCallbacks
-
serverSessionRequested
public long serverSessionRequested(byte[] id) Description copied from interface:NativeCrypto.SSLHandshakeCallbacksCalled for servers where TLS invalid input: '<' 1.3 (TLS 1.3 uses session tickets rather than application session caches). Looks up the session by ID in the application's session cache. If a valid session is returned, this callback is responsible for incrementing the reference count (and any required synchronization).- Specified by:
serverSessionRequestedin interfaceNativeCrypto.SSLHandshakeCallbacks- Parameters:
id- the ID of the session to find.- Returns:
- the cached session or
0if no session was found matching the given ID.
-
verifyCertificateChain
public void verifyCertificateChain(byte[][] certChain, String authMethod) throws CertificateException Description copied from interface:NativeCrypto.SSLHandshakeCallbacksVerify that the certificate chain is trusted.- Specified by:
verifyCertificateChainin interfaceNativeCrypto.SSLHandshakeCallbacks- Parameters:
certChain- chain of X.509 certificates in their encoded formauthMethod- auth algorithm name- Throws:
CertificateException- if the certificate is untrusted
-
clientCertificateRequested
public void clientCertificateRequested(byte[] keyTypeBytes, int[] signatureAlgs, byte[][] asn1DerEncodedPrincipals) throws CertificateEncodingException, SSLException Description copied from interface:NativeCrypto.SSLHandshakeCallbacksCalled on an SSL client when the server requests (or requires a certificate). The client can respond by using SSL_use_certificate and SSL_use_PrivateKey to set a certificate if has an appropriate one available, similar to how the server provides its certificate.- Specified by:
clientCertificateRequestedin interfaceNativeCrypto.SSLHandshakeCallbacks- Parameters:
keyTypeBytes- key types supported by the server, convertible to strings with #keyTypeasn1DerEncodedPrincipals- CAs known to the server- Throws:
CertificateEncodingExceptionSSLException
-
sendSSLShutdown
private void sendSSLShutdown() -
closeAndFreeResources
private void closeAndFreeResources() -
finalize
-
chooseServerAlias
- Specified by:
chooseServerAliasin interfaceSSLParametersImpl.AliasChooser
-
chooseClientAlias
public String chooseClientAlias(X509KeyManager keyManager, X500Principal[] issuers, String[] keyTypes) - Specified by:
chooseClientAliasin interfaceSSLParametersImpl.AliasChooser
-
chooseServerPSKIdentityHint
- Specified by:
chooseServerPSKIdentityHintin interfaceSSLParametersImpl.PSKCallbacks
-
chooseClientPSKIdentity
- Specified by:
chooseClientPSKIdentityin interfaceSSLParametersImpl.PSKCallbacks
-
getPSKKey
- Specified by:
getPSKKeyin interfaceSSLParametersImpl.PSKCallbacks
-
setUseSessionTickets
void setUseSessionTickets(boolean useSessionTickets) This method enables session ticket support.- Specified by:
setUseSessionTicketsin classAbstractConscryptEngine- Parameters:
useSessionTickets- True to enable session tickets
-
getApplicationProtocols
String[] getApplicationProtocols()Description copied from class:AbstractConscryptEngineReturns the list of supported ALPN protocols.- Specified by:
getApplicationProtocolsin classAbstractConscryptEngine
-
setApplicationProtocols
Description copied from class:AbstractConscryptEngineSets the list of ALPN protocols.- Specified by:
setApplicationProtocolsin classAbstractConscryptEngine- Parameters:
protocols- the list of ALPN protocols
-
setApplicationProtocolSelector
Description copied from class:AbstractConscryptEngineSets an application-provided ALPN protocol selector. If provided, this will override the list of protocols set byAbstractConscryptEngine.setApplicationProtocols(String[]).- Specified by:
setApplicationProtocolSelectorin classAbstractConscryptEngine
-
getTlsUnique
byte[] getTlsUnique()Description copied from class:AbstractConscryptEngineReturns the tls-unique channel binding value for this connection, per RFC 5929. This will returnnullif there is no such value available, such as if the handshake has not yet completed or this connection is closed.- Specified by:
getTlsUniquein classAbstractConscryptEngine
-
exportKeyingMaterial
Description copied from class:AbstractConscryptEngineExports a value derived from the TLS master secret as described in RFC 5705.- Specified by:
exportKeyingMaterialin classAbstractConscryptEngine- Parameters:
label- the label to use in calculating the exported value. This must be an ASCII-only string.context- the application-specific context value to use in calculating the exported value. This may benullto use no application context, which is treated differently than an empty byte array.length- the number of bytes of keying material to return.- Returns:
- a value of the specified length, or
nullif the handshake has not yet completed or the connection has been closed. - Throws:
SSLException- if the value could not be exported.
-
setApplicationProtocolSelector
-
selectApplicationProtocol
public int selectApplicationProtocol(byte[] protocols) Description copied from interface:NativeCrypto.SSLHandshakeCallbacksCalled when acting as a server, the socket has anApplicationProtocolSelectorAdapterassociated with it, and the application protocol needs to be selected.- Specified by:
selectApplicationProtocolin interfaceNativeCrypto.SSLHandshakeCallbacks- Parameters:
protocols- list of application protocols in length-prefix format- Returns:
- the index offset of the selected protocol
-
getApplicationProtocol
- Specified by:
getApplicationProtocolin classAbstractConscryptEngine
-
getHandshakeApplicationProtocol
- Specified by:
getHandshakeApplicationProtocolin classAbstractConscryptEngine
-
singleSrcBuffer
-
resetSingleSrcBuffer
private void resetSingleSrcBuffer() -
singleDstBuffer
-
resetSingleDstBuffer
private void resetSingleDstBuffer() -
clientSessionContext
-
sessionContext
-
transitionTo
private void transitionTo(int newState)
-