Package org.conscrypt
Class ConscryptEngineSocket
java.lang.Object
java.net.Socket
javax.net.ssl.SSLSocket
org.conscrypt.AbstractConscryptSocket
org.conscrypt.OpenSSLSocketImpl
org.conscrypt.ConscryptEngineSocket
- All Implemented Interfaces:
Closeable,AutoCloseable,SSLParametersImpl.AliasChooser
- Direct Known Subclasses:
Java8EngineSocket
Implements crypto handling by delegating to
ConscryptEngine.-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate final classUnwrap bytes read from the underlying socket.private final classWrap bytes written to the underlying socket. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate BufferAllocatorprivate static final ByteBufferprivate final ConscryptEngineprivate final Objectprivate intprivate final ObjectFields inherited from class org.conscrypt.AbstractConscryptSocket
socket -
Constructor Summary
ConstructorsConstructorDescriptionConscryptEngineSocket(String hostname, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) ConscryptEngineSocket(String hostname, int port, SSLParametersImpl sslParameters) ConscryptEngineSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) ConscryptEngineSocket(InetAddress address, int port, SSLParametersImpl sslParameters) ConscryptEngineSocket(Socket socket, String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters) ConscryptEngineSocket(SSLParametersImpl sslParameters) -
Method Summary
Modifier and TypeMethodDescriptionfinal StringchooseClientAlias(X509KeyManager keyManager, X500Principal[] issuers, String[] keyTypes) final StringchooseServerAlias(X509KeyManager keyManager, String keyType) final voidclose()private voidprivate void(package private) byte[]exportKeyingMaterial(String label, byte[] context, int length) Exports a value derived from the TLS master secret as described in RFC 5705.(package private) final SSLSessionCalled byAbstractConscryptSocket.notifyHandshakeCompletedListeners()to get the currently active session.final String(package private) final String[]Returns the list of supported ALPN protocols.final byte[]Gets the TLS Channel ID for this server socket.private static X509TrustManagergetDelegatingTrustManager(X509TrustManager delegate, ConscryptEngineSocket socket) final String[]final String[]final booleanfinal Stringfinal SSLSessionfinal InputStreamfinal booleanfinal OutputStreamfinal SSLSessionfinal SSLParametersfinal String[]final String[](package private) byte[]Returns the tls-unique channel binding value for this connection, per RFC 5929.private InputStreamprivate OutputStreamfinal booleanfinal booleanprivate static ConscryptEnginenewEngine(SSLParametersImpl sslParameters, ConscryptEngineSocket socket) private void(package private) final voidsetApplicationProtocols(String[] protocols) Sets the list of ALPN protocols.final voidSets an application-provided ALPN protocol selector.(package private) final void(package private) voidsetBufferAllocator(BufferAllocator bufferAllocator) final voidsetChannelIdEnabled(boolean enabled) Enables/disables TLS Channel ID for this server socket.final voidsetChannelIdPrivateKey(PrivateKey privateKey) Sets thePrivateKeyto be used for TLS Channel ID by this client socket.final voidsetEnabledCipherSuites(String[] suites) final voidsetEnabledProtocols(String[] protocols) final voidsetEnableSessionCreation(boolean flag) voidsetHandshakeTimeout(int handshakeTimeoutMilliseconds) Set the handshake timeout on this socket.final voidsetHostname(String hostname) This method enables Server Name Indication.final voidsetNeedClientAuth(boolean need) final voidsetSSLParameters(SSLParameters sslParameters) final voidsetUseClientMode(boolean mode) final voidsetUseSessionTickets(boolean useSessionTickets) This method enables session ticket support.final voidsetWantClientAuth(boolean want) final voidprivate voidWaits for the handshake to complete.Methods inherited from class org.conscrypt.OpenSSLSocketImpl
getAlpnSelectedProtocol, getFileDescriptor$, getHostname, getHostnameOrIP, getNpnSelectedProtocol, getSoWriteTimeout, setAlpnProtocols, setAlpnProtocols, setNpnProtocols, setSoWriteTimeoutMethods inherited from class org.conscrypt.AbstractConscryptSocket
addHandshakeCompletedListener, bind, checkOpen, connect, connect, getChannel, getInetAddress, getKeepAlive, getLocalAddress, getLocalPort, getLocalSocketAddress, getOOBInline, getPort, getReceiveBufferSize, getRemoteSocketAddress, getReuseAddress, getSendBufferSize, getSoLinger, getSoTimeout, getTcpNoDelay, getTrafficClass, isBound, isClosed, isConnected, isInputShutdown, isOutputShutdown, notifyHandshakeCompletedListeners, peerInfoProvider, removeHandshakeCompletedListener, sendUrgentData, setKeepAlive, setOOBInline, setPerformancePreferences, setReceiveBufferSize, setReuseAddress, setSendBufferSize, setSoLinger, setSoTimeout, setTcpNoDelay, setTrafficClass, shutdownInput, shutdownOutput, toStringMethods inherited from class javax.net.ssl.SSLSocket
getHandshakeApplicationProtocolSelector, setHandshakeApplicationProtocolSelectorMethods inherited from class java.net.Socket
getOption, setOption, setSocketImplFactory, supportedOptions
-
Field Details
-
EMPTY_BUFFER
-
engine
-
stateLock
-
handshakeLock
-
out
-
in
-
bufferAllocator
-
state
private int state
-
-
Constructor Details
-
ConscryptEngineSocket
ConscryptEngineSocket(SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(String hostname, int port, SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(InetAddress address, int port, SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(String hostname, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(Socket socket, String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
-
Method Details
-
newEngine
private static ConscryptEngine newEngine(SSLParametersImpl sslParameters, ConscryptEngineSocket socket) -
getDelegatingTrustManager
private static X509TrustManager getDelegatingTrustManager(X509TrustManager delegate, ConscryptEngineSocket socket) -
getSSLParameters
- Overrides:
getSSLParametersin classSSLSocket
-
setSSLParameters
- Overrides:
setSSLParametersin classSSLSocket
-
startHandshake
- Specified by:
startHandshakein classSSLSocket- Throws:
IOException
-
doHandshake
- Throws:
IOException
-
getInputStream
- Overrides:
getInputStreamin classAbstractConscryptSocket- Throws:
IOException
-
getOutputStream
- Overrides:
getOutputStreamin classAbstractConscryptSocket- Throws:
IOException
-
getHandshakeSession
- Specified by:
getHandshakeSessionin classOpenSSLSocketImpl
-
getSession
- Specified by:
getSessionin classSSLSocket
-
getActiveSession
Description copied from class:AbstractConscryptSocketCalled byAbstractConscryptSocket.notifyHandshakeCompletedListeners()to get the currently active session. UnlikeSSLSocket.getSession(), this method must not block.- Specified by:
getActiveSessionin classAbstractConscryptSocket
-
getEnableSessionCreation
public final boolean getEnableSessionCreation()- Specified by:
getEnableSessionCreationin classSSLSocket
-
setEnableSessionCreation
public final void setEnableSessionCreation(boolean flag) - Specified by:
setEnableSessionCreationin classSSLSocket
-
getSupportedCipherSuites
- Specified by:
getSupportedCipherSuitesin classSSLSocket
-
getEnabledCipherSuites
- Specified by:
getEnabledCipherSuitesin classSSLSocket
-
setEnabledCipherSuites
- Specified by:
setEnabledCipherSuitesin classSSLSocket
-
getSupportedProtocols
- Specified by:
getSupportedProtocolsin classSSLSocket
-
getEnabledProtocols
- Specified by:
getEnabledProtocolsin classSSLSocket
-
setEnabledProtocols
- Specified by:
setEnabledProtocolsin classSSLSocket
-
setHostname
This method enables Server Name Indication. If the hostname is not a valid SNI hostname, the SNI extension will be omitted from the handshake.- Overrides:
setHostnamein classOpenSSLSocketImpl- Parameters:
hostname- the desired SNI hostname, or null to disable
-
setUseSessionTickets
public final void setUseSessionTickets(boolean useSessionTickets) Description copied from class:AbstractConscryptSocketThis method enables session ticket support.- Specified by:
setUseSessionTicketsin classOpenSSLSocketImpl- Parameters:
useSessionTickets- True to enable session tickets
-
setChannelIdEnabled
public final void setChannelIdEnabled(boolean enabled) Description copied from class:AbstractConscryptSocketEnables/disables TLS Channel ID for this server socket.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdEnabledin classOpenSSLSocketImpl
-
getChannelId
Description copied from class:AbstractConscryptSocketGets the TLS Channel ID for this server socket. Channel ID is only available once the handshake completes.- Specified by:
getChannelIdin classOpenSSLSocketImpl- Returns:
- channel ID or
nullif not available. - Throws:
SSLException- if channel ID is available but could not be obtained.
-
setChannelIdPrivateKey
Description copied from class:AbstractConscryptSocketSets thePrivateKeyto be used for TLS Channel ID by this client socket.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdPrivateKeyin classOpenSSLSocketImpl- Parameters:
privateKey- private key (enables TLS Channel ID) ornullfor no key (disables TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).
-
getTlsUnique
byte[] getTlsUnique()Description copied from class:AbstractConscryptSocketReturns the tls-unique channel binding value for this connection, per RFC 5929. This will returnnullif there is no such value available, such as if the handshake has not yet completed or this connection is closed.- Specified by:
getTlsUniquein classAbstractConscryptSocket
-
exportKeyingMaterial
Description copied from class:AbstractConscryptSocketExports a value derived from the TLS master secret as described in RFC 5705.- Specified by:
exportKeyingMaterialin classAbstractConscryptSocket- Parameters:
label- the label to use in calculating the exported value. This must be an ASCII-only string.context- the application-specific context value to use in calculating the exported value. This may benullto use no application context, which is treated differently than an empty byte array.length- the number of bytes of keying material to return.- Returns:
- a value of the specified length, or
nullif the handshake has not yet completed or the connection has been closed. - Throws:
SSLException- if the value could not be exported.
-
getUseClientMode
public final boolean getUseClientMode()- Specified by:
getUseClientModein classSSLSocket
-
setUseClientMode
public final void setUseClientMode(boolean mode) - Specified by:
setUseClientModein classSSLSocket
-
getWantClientAuth
public final boolean getWantClientAuth()- Specified by:
getWantClientAuthin classSSLSocket
-
getNeedClientAuth
public final boolean getNeedClientAuth()- Specified by:
getNeedClientAuthin classSSLSocket
-
setNeedClientAuth
public final void setNeedClientAuth(boolean need) - Specified by:
setNeedClientAuthin classSSLSocket
-
setWantClientAuth
public final void setWantClientAuth(boolean want) - Specified by:
setWantClientAuthin classSSLSocket
-
close
- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable- Overrides:
closein classAbstractConscryptSocket- Throws:
IOException
-
setHandshakeTimeout
Description copied from class:AbstractConscryptSocketSet the handshake timeout on this socket. This timeout is specified in milliseconds and will be used only during the handshake process.- Overrides:
setHandshakeTimeoutin classOpenSSLSocketImpl- Throws:
SocketException
-
setApplicationProtocols
Description copied from class:AbstractConscryptSocketSets the list of ALPN protocols.- Specified by:
setApplicationProtocolsin classAbstractConscryptSocket- Parameters:
protocols- the list of ALPN protocols
-
getApplicationProtocols
Description copied from class:AbstractConscryptSocketReturns the list of supported ALPN protocols.- Specified by:
getApplicationProtocolsin classAbstractConscryptSocket
-
getApplicationProtocol
- Specified by:
getApplicationProtocolin classAbstractConscryptSocket
-
getHandshakeApplicationProtocol
- Specified by:
getHandshakeApplicationProtocolin classAbstractConscryptSocket
-
setApplicationProtocolSelector
Description copied from class:AbstractConscryptSocketSets an application-provided ALPN protocol selector. If provided, this will override the list of protocols set byAbstractConscryptSocket.setApplicationProtocols(String[]).- Specified by:
setApplicationProtocolSelectorin classAbstractConscryptSocket
-
setApplicationProtocolSelector
- Specified by:
setApplicationProtocolSelectorin classAbstractConscryptSocket
-
setBufferAllocator
-
onHandshakeFinished
private void onHandshakeFinished() -
waitForHandshake
Waits for the handshake to complete.- Throws:
IOException
-
drainOutgoingQueue
private void drainOutgoingQueue() -
getUnderlyingOutputStream
- Throws:
IOException
-
getUnderlyingInputStream
- Throws:
IOException
-
chooseServerAlias
- Specified by:
chooseServerAliasin interfaceSSLParametersImpl.AliasChooser
-
chooseClientAlias
public final String chooseClientAlias(X509KeyManager keyManager, X500Principal[] issuers, String[] keyTypes) - Specified by:
chooseClientAliasin interfaceSSLParametersImpl.AliasChooser
-