Package org.conscrypt
Class ConscryptEngineSocket
java.lang.Object
java.net.Socket
javax.net.ssl.SSLSocket
org.conscrypt.AbstractConscryptSocket
org.conscrypt.OpenSSLSocketImpl
org.conscrypt.ConscryptEngineSocket
- All Implemented Interfaces:
Closeable
,AutoCloseable
,SSLParametersImpl.AliasChooser
- Direct Known Subclasses:
Java8EngineSocket
Implements crypto handling by delegating to
ConscryptEngine
.-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate final class
Unwrap bytes read from the underlying socket.private final class
Wrap bytes written to the underlying socket. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate BufferAllocator
private static final ByteBuffer
private final ConscryptEngine
private final Object
private int
private final Object
Fields inherited from class org.conscrypt.AbstractConscryptSocket
socket
-
Constructor Summary
ConstructorsConstructorDescriptionConscryptEngineSocket
(String hostname, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) ConscryptEngineSocket
(String hostname, int port, SSLParametersImpl sslParameters) ConscryptEngineSocket
(InetAddress address, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) ConscryptEngineSocket
(InetAddress address, int port, SSLParametersImpl sslParameters) ConscryptEngineSocket
(Socket socket, String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters) ConscryptEngineSocket
(SSLParametersImpl sslParameters) -
Method Summary
Modifier and TypeMethodDescriptionfinal String
chooseClientAlias
(X509KeyManager keyManager, X500Principal[] issuers, String[] keyTypes) final String
chooseServerAlias
(X509KeyManager keyManager, String keyType) final void
close()
private void
private void
(package private) byte[]
exportKeyingMaterial
(String label, byte[] context, int length) Exports a value derived from the TLS master secret as described in RFC 5705.(package private) final SSLSession
Called byAbstractConscryptSocket.notifyHandshakeCompletedListeners()
to get the currently active session.final String
(package private) final String[]
Returns the list of supported ALPN protocols.final byte[]
Gets the TLS Channel ID for this server socket.private static X509TrustManager
getDelegatingTrustManager
(X509TrustManager delegate, ConscryptEngineSocket socket) final String[]
final String[]
final boolean
final String
final SSLSession
final InputStream
final boolean
final OutputStream
final SSLSession
final SSLParameters
final String[]
final String[]
(package private) byte[]
Returns the tls-unique channel binding value for this connection, per RFC 5929.private InputStream
private OutputStream
final boolean
final boolean
private static ConscryptEngine
newEngine
(SSLParametersImpl sslParameters, ConscryptEngineSocket socket) private void
(package private) final void
setApplicationProtocols
(String[] protocols) Sets the list of ALPN protocols.final void
Sets an application-provided ALPN protocol selector.(package private) final void
(package private) void
setBufferAllocator
(BufferAllocator bufferAllocator) final void
setChannelIdEnabled
(boolean enabled) Enables/disables TLS Channel ID for this server socket.final void
setChannelIdPrivateKey
(PrivateKey privateKey) Sets thePrivateKey
to be used for TLS Channel ID by this client socket.final void
setEnabledCipherSuites
(String[] suites) final void
setEnabledProtocols
(String[] protocols) final void
setEnableSessionCreation
(boolean flag) void
setHandshakeTimeout
(int handshakeTimeoutMilliseconds) Set the handshake timeout on this socket.final void
setHostname
(String hostname) This method enables Server Name Indication.final void
setNeedClientAuth
(boolean need) final void
setSSLParameters
(SSLParameters sslParameters) final void
setUseClientMode
(boolean mode) final void
setUseSessionTickets
(boolean useSessionTickets) This method enables session ticket support.final void
setWantClientAuth
(boolean want) final void
private void
Waits for the handshake to complete.Methods inherited from class org.conscrypt.OpenSSLSocketImpl
getAlpnSelectedProtocol, getFileDescriptor$, getHostname, getHostnameOrIP, getNpnSelectedProtocol, getSoWriteTimeout, setAlpnProtocols, setAlpnProtocols, setNpnProtocols, setSoWriteTimeout
Methods inherited from class org.conscrypt.AbstractConscryptSocket
addHandshakeCompletedListener, bind, checkOpen, connect, connect, getChannel, getInetAddress, getKeepAlive, getLocalAddress, getLocalPort, getLocalSocketAddress, getOOBInline, getPort, getReceiveBufferSize, getRemoteSocketAddress, getReuseAddress, getSendBufferSize, getSoLinger, getSoTimeout, getTcpNoDelay, getTrafficClass, isBound, isClosed, isConnected, isInputShutdown, isOutputShutdown, notifyHandshakeCompletedListeners, peerInfoProvider, removeHandshakeCompletedListener, sendUrgentData, setKeepAlive, setOOBInline, setPerformancePreferences, setReceiveBufferSize, setReuseAddress, setSendBufferSize, setSoLinger, setSoTimeout, setTcpNoDelay, setTrafficClass, shutdownInput, shutdownOutput, toString
Methods inherited from class javax.net.ssl.SSLSocket
getHandshakeApplicationProtocolSelector, setHandshakeApplicationProtocolSelector
Methods inherited from class java.net.Socket
getOption, setOption, setSocketImplFactory, supportedOptions
-
Field Details
-
EMPTY_BUFFER
-
engine
-
stateLock
-
handshakeLock
-
out
-
in
-
bufferAllocator
-
state
private int state
-
-
Constructor Details
-
ConscryptEngineSocket
ConscryptEngineSocket(SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(String hostname, int port, SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(InetAddress address, int port, SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(String hostname, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort, SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
ConscryptEngineSocket
ConscryptEngineSocket(Socket socket, String hostname, int port, boolean autoClose, SSLParametersImpl sslParameters) throws IOException - Throws:
IOException
-
-
Method Details
-
newEngine
private static ConscryptEngine newEngine(SSLParametersImpl sslParameters, ConscryptEngineSocket socket) -
getDelegatingTrustManager
private static X509TrustManager getDelegatingTrustManager(X509TrustManager delegate, ConscryptEngineSocket socket) -
getSSLParameters
- Overrides:
getSSLParameters
in classSSLSocket
-
setSSLParameters
- Overrides:
setSSLParameters
in classSSLSocket
-
startHandshake
- Specified by:
startHandshake
in classSSLSocket
- Throws:
IOException
-
doHandshake
- Throws:
IOException
-
getInputStream
- Overrides:
getInputStream
in classAbstractConscryptSocket
- Throws:
IOException
-
getOutputStream
- Overrides:
getOutputStream
in classAbstractConscryptSocket
- Throws:
IOException
-
getHandshakeSession
- Specified by:
getHandshakeSession
in classOpenSSLSocketImpl
-
getSession
- Specified by:
getSession
in classSSLSocket
-
getActiveSession
Description copied from class:AbstractConscryptSocket
Called byAbstractConscryptSocket.notifyHandshakeCompletedListeners()
to get the currently active session. UnlikeSSLSocket.getSession()
, this method must not block.- Specified by:
getActiveSession
in classAbstractConscryptSocket
-
getEnableSessionCreation
public final boolean getEnableSessionCreation()- Specified by:
getEnableSessionCreation
in classSSLSocket
-
setEnableSessionCreation
public final void setEnableSessionCreation(boolean flag) - Specified by:
setEnableSessionCreation
in classSSLSocket
-
getSupportedCipherSuites
- Specified by:
getSupportedCipherSuites
in classSSLSocket
-
getEnabledCipherSuites
- Specified by:
getEnabledCipherSuites
in classSSLSocket
-
setEnabledCipherSuites
- Specified by:
setEnabledCipherSuites
in classSSLSocket
-
getSupportedProtocols
- Specified by:
getSupportedProtocols
in classSSLSocket
-
getEnabledProtocols
- Specified by:
getEnabledProtocols
in classSSLSocket
-
setEnabledProtocols
- Specified by:
setEnabledProtocols
in classSSLSocket
-
setHostname
This method enables Server Name Indication. If the hostname is not a valid SNI hostname, the SNI extension will be omitted from the handshake.- Overrides:
setHostname
in classOpenSSLSocketImpl
- Parameters:
hostname
- the desired SNI hostname, or null to disable
-
setUseSessionTickets
public final void setUseSessionTickets(boolean useSessionTickets) Description copied from class:AbstractConscryptSocket
This method enables session ticket support.- Specified by:
setUseSessionTickets
in classOpenSSLSocketImpl
- Parameters:
useSessionTickets
- True to enable session tickets
-
setChannelIdEnabled
public final void setChannelIdEnabled(boolean enabled) Description copied from class:AbstractConscryptSocket
Enables/disables TLS Channel ID for this server socket.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdEnabled
in classOpenSSLSocketImpl
-
getChannelId
Description copied from class:AbstractConscryptSocket
Gets the TLS Channel ID for this server socket. Channel ID is only available once the handshake completes.- Specified by:
getChannelId
in classOpenSSLSocketImpl
- Returns:
- channel ID or
null
if not available. - Throws:
SSLException
- if channel ID is available but could not be obtained.
-
setChannelIdPrivateKey
Description copied from class:AbstractConscryptSocket
Sets thePrivateKey
to be used for TLS Channel ID by this client socket.This method needs to be invoked before the handshake starts.
- Specified by:
setChannelIdPrivateKey
in classOpenSSLSocketImpl
- Parameters:
privateKey
- private key (enables TLS Channel ID) ornull
for no key (disables TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).
-
getTlsUnique
byte[] getTlsUnique()Description copied from class:AbstractConscryptSocket
Returns the tls-unique channel binding value for this connection, per RFC 5929. This will returnnull
if there is no such value available, such as if the handshake has not yet completed or this connection is closed.- Specified by:
getTlsUnique
in classAbstractConscryptSocket
-
exportKeyingMaterial
Description copied from class:AbstractConscryptSocket
Exports a value derived from the TLS master secret as described in RFC 5705.- Specified by:
exportKeyingMaterial
in classAbstractConscryptSocket
- Parameters:
label
- the label to use in calculating the exported value. This must be an ASCII-only string.context
- the application-specific context value to use in calculating the exported value. This may benull
to use no application context, which is treated differently than an empty byte array.length
- the number of bytes of keying material to return.- Returns:
- a value of the specified length, or
null
if the handshake has not yet completed or the connection has been closed. - Throws:
SSLException
- if the value could not be exported.
-
getUseClientMode
public final boolean getUseClientMode()- Specified by:
getUseClientMode
in classSSLSocket
-
setUseClientMode
public final void setUseClientMode(boolean mode) - Specified by:
setUseClientMode
in classSSLSocket
-
getWantClientAuth
public final boolean getWantClientAuth()- Specified by:
getWantClientAuth
in classSSLSocket
-
getNeedClientAuth
public final boolean getNeedClientAuth()- Specified by:
getNeedClientAuth
in classSSLSocket
-
setNeedClientAuth
public final void setNeedClientAuth(boolean need) - Specified by:
setNeedClientAuth
in classSSLSocket
-
setWantClientAuth
public final void setWantClientAuth(boolean want) - Specified by:
setWantClientAuth
in classSSLSocket
-
close
- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceCloseable
- Overrides:
close
in classAbstractConscryptSocket
- Throws:
IOException
-
setHandshakeTimeout
Description copied from class:AbstractConscryptSocket
Set the handshake timeout on this socket. This timeout is specified in milliseconds and will be used only during the handshake process.- Overrides:
setHandshakeTimeout
in classOpenSSLSocketImpl
- Throws:
SocketException
-
setApplicationProtocols
Description copied from class:AbstractConscryptSocket
Sets the list of ALPN protocols.- Specified by:
setApplicationProtocols
in classAbstractConscryptSocket
- Parameters:
protocols
- the list of ALPN protocols
-
getApplicationProtocols
Description copied from class:AbstractConscryptSocket
Returns the list of supported ALPN protocols.- Specified by:
getApplicationProtocols
in classAbstractConscryptSocket
-
getApplicationProtocol
- Specified by:
getApplicationProtocol
in classAbstractConscryptSocket
-
getHandshakeApplicationProtocol
- Specified by:
getHandshakeApplicationProtocol
in classAbstractConscryptSocket
-
setApplicationProtocolSelector
Description copied from class:AbstractConscryptSocket
Sets an application-provided ALPN protocol selector. If provided, this will override the list of protocols set byAbstractConscryptSocket.setApplicationProtocols(String[])
.- Specified by:
setApplicationProtocolSelector
in classAbstractConscryptSocket
-
setApplicationProtocolSelector
- Specified by:
setApplicationProtocolSelector
in classAbstractConscryptSocket
-
setBufferAllocator
-
onHandshakeFinished
private void onHandshakeFinished() -
waitForHandshake
Waits for the handshake to complete.- Throws:
IOException
-
drainOutgoingQueue
private void drainOutgoingQueue() -
getUnderlyingOutputStream
- Throws:
IOException
-
getUnderlyingInputStream
- Throws:
IOException
-
chooseServerAlias
- Specified by:
chooseServerAlias
in interfaceSSLParametersImpl.AliasChooser
-
chooseClientAlias
public final String chooseClientAlias(X509KeyManager keyManager, X500Principal[] issuers, String[] keyTypes) - Specified by:
chooseClientAlias
in interfaceSSLParametersImpl.AliasChooser
-