Package io.netty.handler.ssl
Class ReferenceCountedOpenSslEngine
- java.lang.Object
-
- javax.net.ssl.SSLEngine
-
- io.netty.handler.ssl.ReferenceCountedOpenSslEngine
-
- All Implemented Interfaces:
ApplicationProtocolAccessor
,ReferenceCounted
- Direct Known Subclasses:
OpenSslEngine
public class ReferenceCountedOpenSslEngine extends javax.net.ssl.SSLEngine implements ReferenceCounted, ApplicationProtocolAccessor
Implements aSSLEngine
using OpenSSL BIO abstractions.Instances of this class must be
released
or else native memory will leak!Instances of this class must be released before the
ReferenceCountedOpenSslContext
the instance depends upon are released. Otherwise if any method of this class is called which uses the theReferenceCountedOpenSslContext
JNI resources the JVM may crash.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private class
ReferenceCountedOpenSslEngine.AsyncTaskDecorator
private class
ReferenceCountedOpenSslEngine.DefaultOpenSslSession
private static class
ReferenceCountedOpenSslEngine.HandshakeState
private static interface
ReferenceCountedOpenSslEngine.NativeSslException
private static class
ReferenceCountedOpenSslEngine.OpenSslException
private static class
ReferenceCountedOpenSslEngine.OpenSslHandshakeException
private class
ReferenceCountedOpenSslEngine.TaskDecorator<R extends java.lang.Runnable>
-
Field Summary
Fields Modifier and Type Field Description private java.lang.Object
algorithmConstraints
(package private) ByteBufAllocator
alloc
private OpenSslApplicationProtocolNegotiator
apn
private java.lang.String
applicationProtocol
private ClientAuth
clientAuth
private boolean
clientMode
private static javax.net.ssl.SSLEngineResult
CLOSED_NOT_HANDSHAKING
private boolean
destroyed
private boolean
enableOcsp
private java.lang.String
endPointIdentificationAlgorithm
private OpenSslEngineMap
engineMap
private java.lang.String[]
explicitlyEnabledProtocols
private ReferenceCountedOpenSslEngine.HandshakeState
handshakeState
private boolean
isInboundDone
private static javax.security.cert.X509Certificate[]
JAVAX_CERTS_NOT_SUPPORTED
(package private) boolean
jdkCompatibilityMode
private long
lastAccessed
private ResourceLeakTracker<ReferenceCountedOpenSslEngine>
leak
private static ResourceLeakDetector<ReferenceCountedOpenSslEngine>
leakDetector
private static InternalLogger
logger
private java.util.Collection<?>
matchers
(package private) static int
MAX_PLAINTEXT_LENGTH
Depends upon tcnative ...(package private) static int
MAX_RECORD_SIZE
Depends upon tcnative ...private int
maxWrapBufferSize
private int
maxWrapOverhead
private static javax.net.ssl.SSLEngineResult
NEED_UNWRAP_CLOSED
private static javax.net.ssl.SSLEngineResult
NEED_UNWRAP_OK
private static javax.net.ssl.SSLEngineResult
NEED_WRAP_CLOSED
private static javax.net.ssl.SSLEngineResult
NEED_WRAP_OK
private boolean
needTask
private long
networkBIO
private static int
OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2
private static int
OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3
private static int
OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1
private static int
OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1
private static int
OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2
private static int
OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3
private static int[]
OPENSSL_OP_NO_PROTOCOLS
private boolean
outboundClosed
private ReferenceCountedOpenSslContext
parentContext
private java.lang.Throwable
pendingException
private boolean
receivedShutdown
private AbstractReferenceCounted
refCnt
private OpenSslSession
session
private boolean
sessionSet
private java.nio.ByteBuffer[]
singleDstBuffer
private java.nio.ByteBuffer[]
singleSrcBuffer
private java.util.List<java.lang.String>
sniHostNames
private long
ssl
-
Constructor Summary
Constructors Constructor Description ReferenceCountedOpenSslEngine(ReferenceCountedOpenSslContext context, ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, boolean jdkCompatibilityMode, boolean leakDetection)
Create a new instance.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description (package private) java.lang.String[]
authMethods()
void
beginHandshake()
(package private) void
bioSetFd(int fd)
private static long
bufferAddress(java.nio.ByteBuffer b)
(package private) int
calculateMaxLengthForWrap(int plaintextLength, int numComponents)
This method is intentionally not synchronized, only use if you know you are in the EventLoop thread and visibility onmaxWrapBufferSize
andmaxWrapOverhead
is achieved via other synchronized blocks.private void
calculateMaxWrapOverhead()
It is assumed this method is called in a synchronized block (or the constructor)!(package private) int
calculateOutNetBufSize(int plaintextLength, int numComponents)
This method is intentionally not synchronized, only use if you know you are in the EventLoop thread and visibility onmaxWrapOverhead
is achieved via other synchronized blocks.private void
checkEngineClosed()
(package private) boolean
checkSniHostnameMatch(byte[] hostname)
private void
closeAll()
void
closeInbound()
void
closeOutbound()
private boolean
doSSLShutdown()
Attempt to callSSL.shutdownSSL(long)
.java.lang.String
getApplicationProtocol()
java.lang.Runnable
getDelegatedTask()
java.lang.String[]
getEnabledCipherSuites()
java.lang.String[]
getEnabledProtocols()
boolean
getEnableSessionCreation()
java.lang.String
getHandshakeApplicationProtocol()
javax.net.ssl.SSLSession
getHandshakeSession()
javax.net.ssl.SSLEngineResult.HandshakeStatus
getHandshakeStatus()
private javax.net.ssl.SSLEngineResult.HandshakeStatus
getHandshakeStatus(int pending)
boolean
getNeedClientAuth()
java.lang.String
getNegotiatedApplicationProtocol()
Returns the name of the negotiated application-level protocol.byte[]
getOcspResponse()
Returns the OCSP response ornull
if the server didn't provide a stapled OCSP response.javax.net.ssl.SSLSession
getSession()
javax.net.ssl.SSLParameters
getSSLParameters()
java.lang.String[]
getSupportedCipherSuites()
java.lang.String[]
getSupportedProtocols()
boolean
getUseClientMode()
boolean
getWantClientAuth()
private javax.net.ssl.SSLEngineResult
handleUnwrapException(int bytesConsumed, int bytesProduced, javax.net.ssl.SSLException e)
private javax.net.ssl.SSLEngineResult.HandshakeStatus
handshake()
private javax.net.ssl.SSLEngineResult.HandshakeStatus
handshakeException()
(package private) void
initHandshakeException(java.lang.Throwable cause)
Should be called if the handshake will be failed due a callback that throws an exception.private boolean
isBytesAvailableEnoughForWrap(int bytesAvailable, int plaintextLength, int numComponents)
private boolean
isDestroyed()
private static boolean
isEmpty(byte[] cert)
private static boolean
isEmpty(java.lang.Object[] arr)
private static boolean
isEndPointVerificationEnabled(java.lang.String endPointIdentificationAlgorithm)
boolean
isInboundDone()
boolean
isOutboundDone()
private static boolean
isProtocolEnabled(int opts, int disableMask, java.lang.String protocolString)
(package private) boolean
isSessionReused()
(package private) javax.crypto.spec.SecretKeySpec
masterKey()
(package private) int
maxEncryptedPacketLength()
Visible only for testing!(package private) int
maxEncryptedPacketLength0()
This method is intentionally not synchronized, only use if you know you are in the EventLoop thread and visibility onmaxWrapOverhead
is achieved via other synchronized blocks.(package private) int
maxWrapOverhead()
Visible only for testing!private javax.net.ssl.SSLEngineResult.HandshakeStatus
mayFinishHandshake(javax.net.ssl.SSLEngineResult.HandshakeStatus status)
private javax.net.ssl.SSLEngineResult.HandshakeStatus
mayFinishHandshake(javax.net.ssl.SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced)
private boolean
needPendingStatus()
private boolean
needWrapAgain(int stackError)
private javax.net.ssl.SSLEngineResult
newResult(javax.net.ssl.SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced)
private javax.net.ssl.SSLEngineResult
newResult(javax.net.ssl.SSLEngineResult.Status status, javax.net.ssl.SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced)
private javax.net.ssl.SSLEngineResult
newResultMayFinishHandshake(javax.net.ssl.SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced)
private javax.net.ssl.SSLEngineResult
newResultMayFinishHandshake(javax.net.ssl.SSLEngineResult.Status status, javax.net.ssl.SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced)
private javax.net.ssl.SSLException
newSSLExceptionForError(int stackError)
private static javax.net.ssl.SSLEngineResult.HandshakeStatus
pendingStatus(int pendingStatus)
private int
readPlaintextData(java.nio.ByteBuffer dst)
Read plaintext data from the OpenSSL internal BIOint
refCnt()
Returns the reference count of this object.private void
rejectRemoteInitiatedRenegotiation()
boolean
release()
Decreases the reference count by1
and deallocates this object if the reference count reaches at0
.boolean
release(int decrement)
Decreases the reference count by the specifieddecrement
and deallocates this object if the reference count reaches at0
.private void
resetSingleDstBuffer()
private void
resetSingleSrcBuffer()
ReferenceCounted
retain()
Increases the reference count by1
.ReferenceCounted
retain(int increment)
Increases the reference count by the specifiedincrement
.private void
runAndResetNeedTask(java.lang.Runnable task)
private void
selectApplicationProtocol()
Select the application protocol used.private java.lang.String
selectApplicationProtocol(java.util.List<java.lang.String> protocols, ApplicationProtocolConfig.SelectedListenerFailureBehavior behavior, java.lang.String applicationProtocol)
private void
setClientAuth(ClientAuth mode)
void
setEnabledCipherSuites(java.lang.String[] cipherSuites)
void
setEnabledProtocols(java.lang.String[] protocols)
TLS doesn't support a way to advertise non-contiguous versions from the client's perspective, and the client just advertises the max supported version.private void
setEnabledProtocols0(java.lang.String[] protocols, boolean cache)
void
setEnableSessionCreation(boolean b)
(package private) boolean
setKeyMaterial(OpenSslKeyMaterial keyMaterial)
void
setNeedClientAuth(boolean b)
void
setOcspResponse(byte[] response)
Sets the OCSP response.(package private) void
setSessionId(OpenSslSessionId id)
void
setSSLParameters(javax.net.ssl.SSLParameters sslParameters)
void
setUseClientMode(boolean clientMode)
void
setVerify(int verifyMode, int depth)
See SSL_set_verify andSSL.setVerify(long, int, int)
.void
setWantClientAuth(boolean b)
private static boolean
shouldAddSuppressed(java.lang.Throwable target, int errorCode)
void
shutdown()
Destroys this engine.private javax.net.ssl.SSLException
shutdownWithError(java.lang.String operations, int sslError)
Log the error, shutdown the engine and throw an exception.private javax.net.ssl.SSLException
shutdownWithError(java.lang.String operation, int sslError, int error)
private java.nio.ByteBuffer[]
singleDstBuffer(java.nio.ByteBuffer src)
private java.nio.ByteBuffer[]
singleSrcBuffer(java.nio.ByteBuffer src)
(package private) int
sslPending()
private int
sslPending0()
long
sslPointer()
Returns the pointer to theSSL
object for thisReferenceCountedOpenSslEngine
.private javax.net.ssl.SSLEngineResult
sslReadErrorResult(int error, int stackError, int bytesConsumed, int bytesProduced)
private java.lang.String
toJavaCipherSuite(java.lang.String openSslCipherSuite)
Converts the specified OpenSSL cipher suite to the Java cipher suite.private static java.lang.String
toJavaCipherSuitePrefix(java.lang.String protocolVersion)
Converts the protocol version string returned bySSL.getVersion(long)
to protocol family string.ReferenceCounted
touch()
Records the current access location of this object for debugging purposes.ReferenceCounted
touch(java.lang.Object hint)
Records the current access location of this object with an additional arbitrary information for debugging purposes.javax.net.ssl.SSLEngineResult
unwrap(java.nio.ByteBuffer[] srcs, int srcsOffset, int srcsLength, java.nio.ByteBuffer[] dsts, int dstsOffset, int dstsLength)
javax.net.ssl.SSLEngineResult
unwrap(java.nio.ByteBuffer[] srcs, java.nio.ByteBuffer[] dsts)
javax.net.ssl.SSLEngineResult
unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer dst)
javax.net.ssl.SSLEngineResult
unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer[] dsts)
javax.net.ssl.SSLEngineResult
unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer[] dsts, int offset, int length)
javax.net.ssl.SSLEngineResult
wrap(java.nio.ByteBuffer[] srcs, int offset, int length, java.nio.ByteBuffer dst)
javax.net.ssl.SSLEngineResult
wrap(java.nio.ByteBuffer src, java.nio.ByteBuffer dst)
private ByteBuf
writeEncryptedData(java.nio.ByteBuffer src, int len)
Write encrypted data to the OpenSSL network BIO.private int
writePlaintextData(java.nio.ByteBuffer src, int len)
Write plaintext data to the OpenSSL internal BIO Calling this function with src.remaining == 0 is undefined.
-
-
-
Field Detail
-
logger
private static final InternalLogger logger
-
leakDetector
private static final ResourceLeakDetector<ReferenceCountedOpenSslEngine> leakDetector
-
OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2
private static final int OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV2
- See Also:
- Constant Field Values
-
OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3
private static final int OPENSSL_OP_NO_PROTOCOL_INDEX_SSLV3
- See Also:
- Constant Field Values
-
OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1
private static final int OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1
- See Also:
- Constant Field Values
-
OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1
private static final int OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_1
- See Also:
- Constant Field Values
-
OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2
private static final int OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_2
- See Also:
- Constant Field Values
-
OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3
private static final int OPENSSL_OP_NO_PROTOCOL_INDEX_TLSv1_3
- See Also:
- Constant Field Values
-
OPENSSL_OP_NO_PROTOCOLS
private static final int[] OPENSSL_OP_NO_PROTOCOLS
-
MAX_PLAINTEXT_LENGTH
static final int MAX_PLAINTEXT_LENGTH
Depends upon tcnative ... only use if tcnative is available!
-
MAX_RECORD_SIZE
static final int MAX_RECORD_SIZE
Depends upon tcnative ... only use if tcnative is available!
-
NEED_UNWRAP_OK
private static final javax.net.ssl.SSLEngineResult NEED_UNWRAP_OK
-
NEED_UNWRAP_CLOSED
private static final javax.net.ssl.SSLEngineResult NEED_UNWRAP_CLOSED
-
NEED_WRAP_OK
private static final javax.net.ssl.SSLEngineResult NEED_WRAP_OK
-
NEED_WRAP_CLOSED
private static final javax.net.ssl.SSLEngineResult NEED_WRAP_CLOSED
-
CLOSED_NOT_HANDSHAKING
private static final javax.net.ssl.SSLEngineResult CLOSED_NOT_HANDSHAKING
-
ssl
private long ssl
-
networkBIO
private long networkBIO
-
handshakeState
private ReferenceCountedOpenSslEngine.HandshakeState handshakeState
-
receivedShutdown
private boolean receivedShutdown
-
destroyed
private volatile boolean destroyed
-
applicationProtocol
private volatile java.lang.String applicationProtocol
-
needTask
private volatile boolean needTask
-
explicitlyEnabledProtocols
private java.lang.String[] explicitlyEnabledProtocols
-
sessionSet
private boolean sessionSet
-
leak
private final ResourceLeakTracker<ReferenceCountedOpenSslEngine> leak
-
refCnt
private final AbstractReferenceCounted refCnt
-
clientAuth
private volatile ClientAuth clientAuth
-
lastAccessed
private volatile long lastAccessed
-
endPointIdentificationAlgorithm
private java.lang.String endPointIdentificationAlgorithm
-
algorithmConstraints
private java.lang.Object algorithmConstraints
-
sniHostNames
private java.util.List<java.lang.String> sniHostNames
-
matchers
private volatile java.util.Collection<?> matchers
-
isInboundDone
private boolean isInboundDone
-
outboundClosed
private boolean outboundClosed
-
jdkCompatibilityMode
final boolean jdkCompatibilityMode
-
clientMode
private final boolean clientMode
-
alloc
final ByteBufAllocator alloc
-
engineMap
private final OpenSslEngineMap engineMap
-
apn
private final OpenSslApplicationProtocolNegotiator apn
-
parentContext
private final ReferenceCountedOpenSslContext parentContext
-
session
private final OpenSslSession session
-
singleSrcBuffer
private final java.nio.ByteBuffer[] singleSrcBuffer
-
singleDstBuffer
private final java.nio.ByteBuffer[] singleDstBuffer
-
enableOcsp
private final boolean enableOcsp
-
maxWrapOverhead
private int maxWrapOverhead
-
maxWrapBufferSize
private int maxWrapBufferSize
-
pendingException
private java.lang.Throwable pendingException
-
JAVAX_CERTS_NOT_SUPPORTED
private static final javax.security.cert.X509Certificate[] JAVAX_CERTS_NOT_SUPPORTED
-
-
Constructor Detail
-
ReferenceCountedOpenSslEngine
ReferenceCountedOpenSslEngine(ReferenceCountedOpenSslContext context, ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, boolean jdkCompatibilityMode, boolean leakDetection)
Create a new instance.- Parameters:
context
- Reference count release responsibility is not transferred! The callee still owns this object.alloc
- The allocator to use.peerHost
- The peer host name.peerPort
- The peer port.jdkCompatibilityMode
-true
to behave like described in https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html.false
allows for partial and/or multiple packets to be process in a single wrap or unwrap call.leakDetection
-true
to enable leak detection of this object.
-
-
Method Detail
-
authMethods
final java.lang.String[] authMethods()
-
setKeyMaterial
final boolean setKeyMaterial(OpenSslKeyMaterial keyMaterial) throws java.lang.Exception
- Throws:
java.lang.Exception
-
masterKey
final javax.crypto.spec.SecretKeySpec masterKey()
-
isSessionReused
boolean isSessionReused()
-
setOcspResponse
@UnstableApi public void setOcspResponse(byte[] response)
Sets the OCSP response.
-
getOcspResponse
@UnstableApi public byte[] getOcspResponse()
Returns the OCSP response ornull
if the server didn't provide a stapled OCSP response.
-
refCnt
public final int refCnt()
Description copied from interface:ReferenceCounted
Returns the reference count of this object. If0
, it means this object has been deallocated.- Specified by:
refCnt
in interfaceReferenceCounted
-
retain
public final ReferenceCounted retain()
Description copied from interface:ReferenceCounted
Increases the reference count by1
.- Specified by:
retain
in interfaceReferenceCounted
-
retain
public final ReferenceCounted retain(int increment)
Description copied from interface:ReferenceCounted
Increases the reference count by the specifiedincrement
.- Specified by:
retain
in interfaceReferenceCounted
-
touch
public final ReferenceCounted touch()
Description copied from interface:ReferenceCounted
Records the current access location of this object for debugging purposes. If this object is determined to be leaked, the information recorded by this operation will be provided to you viaResourceLeakDetector
. This method is a shortcut totouch(null)
.- Specified by:
touch
in interfaceReferenceCounted
-
touch
public final ReferenceCounted touch(java.lang.Object hint)
Description copied from interface:ReferenceCounted
Records the current access location of this object with an additional arbitrary information for debugging purposes. If this object is determined to be leaked, the information recorded by this operation will be provided to you viaResourceLeakDetector
.- Specified by:
touch
in interfaceReferenceCounted
-
release
public final boolean release()
Description copied from interface:ReferenceCounted
Decreases the reference count by1
and deallocates this object if the reference count reaches at0
.- Specified by:
release
in interfaceReferenceCounted
- Returns:
true
if and only if the reference count became0
and this object has been deallocated
-
release
public final boolean release(int decrement)
Description copied from interface:ReferenceCounted
Decreases the reference count by the specifieddecrement
and deallocates this object if the reference count reaches at0
.- Specified by:
release
in interfaceReferenceCounted
- Returns:
true
if and only if the reference count became0
and this object has been deallocated
-
getApplicationProtocol
public java.lang.String getApplicationProtocol()
- Overrides:
getApplicationProtocol
in classjavax.net.ssl.SSLEngine
-
getHandshakeApplicationProtocol
public java.lang.String getHandshakeApplicationProtocol()
- Overrides:
getHandshakeApplicationProtocol
in classjavax.net.ssl.SSLEngine
-
getHandshakeSession
public final javax.net.ssl.SSLSession getHandshakeSession()
- Overrides:
getHandshakeSession
in classjavax.net.ssl.SSLEngine
-
sslPointer
public final long sslPointer()
Returns the pointer to theSSL
object for thisReferenceCountedOpenSslEngine
. Be aware that it is freed as soon as therelease()
orshutdown()
methods are called. At this point0
will be returned.
-
shutdown
public final void shutdown()
Destroys this engine.
-
writePlaintextData
private int writePlaintextData(java.nio.ByteBuffer src, int len)
Write plaintext data to the OpenSSL internal BIO Calling this function with src.remaining == 0 is undefined.
-
bioSetFd
void bioSetFd(int fd)
-
writeEncryptedData
private ByteBuf writeEncryptedData(java.nio.ByteBuffer src, int len) throws javax.net.ssl.SSLException
Write encrypted data to the OpenSSL network BIO.- Throws:
javax.net.ssl.SSLException
-
readPlaintextData
private int readPlaintextData(java.nio.ByteBuffer dst) throws javax.net.ssl.SSLException
Read plaintext data from the OpenSSL internal BIO- Throws:
javax.net.ssl.SSLException
-
maxWrapOverhead
final int maxWrapOverhead()
Visible only for testing!
-
maxEncryptedPacketLength
final int maxEncryptedPacketLength()
Visible only for testing!
-
maxEncryptedPacketLength0
final int maxEncryptedPacketLength0()
This method is intentionally not synchronized, only use if you know you are in the EventLoop thread and visibility onmaxWrapOverhead
is achieved via other synchronized blocks.
-
calculateMaxLengthForWrap
final int calculateMaxLengthForWrap(int plaintextLength, int numComponents)
This method is intentionally not synchronized, only use if you know you are in the EventLoop thread and visibility onmaxWrapBufferSize
andmaxWrapOverhead
is achieved via other synchronized blocks.
Calculates the max size of a single wrap operation for the given plaintextLength and numComponents.
-
calculateOutNetBufSize
final int calculateOutNetBufSize(int plaintextLength, int numComponents)
This method is intentionally not synchronized, only use if you know you are in the EventLoop thread and visibility onmaxWrapOverhead
is achieved via other synchronized blocks.
Calculates the size of the out net buf to create for the given plaintextLength and numComponents. This is not related to the max size per wrap, as we can wrap chunks at a time into one out net buf.
-
sslPending
final int sslPending()
-
calculateMaxWrapOverhead
private void calculateMaxWrapOverhead()
It is assumed this method is called in a synchronized block (or the constructor)!
-
sslPending0
private int sslPending0()
-
isBytesAvailableEnoughForWrap
private boolean isBytesAvailableEnoughForWrap(int bytesAvailable, int plaintextLength, int numComponents)
-
wrap
public final javax.net.ssl.SSLEngineResult wrap(java.nio.ByteBuffer[] srcs, int offset, int length, java.nio.ByteBuffer dst) throws javax.net.ssl.SSLException
- Specified by:
wrap
in classjavax.net.ssl.SSLEngine
- Throws:
javax.net.ssl.SSLException
-
newResult
private javax.net.ssl.SSLEngineResult newResult(javax.net.ssl.SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced)
-
newResult
private javax.net.ssl.SSLEngineResult newResult(javax.net.ssl.SSLEngineResult.Status status, javax.net.ssl.SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced)
-
newResultMayFinishHandshake
private javax.net.ssl.SSLEngineResult newResultMayFinishHandshake(javax.net.ssl.SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
newResultMayFinishHandshake
private javax.net.ssl.SSLEngineResult newResultMayFinishHandshake(javax.net.ssl.SSLEngineResult.Status status, javax.net.ssl.SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
shutdownWithError
private javax.net.ssl.SSLException shutdownWithError(java.lang.String operations, int sslError)
Log the error, shutdown the engine and throw an exception.
-
shutdownWithError
private javax.net.ssl.SSLException shutdownWithError(java.lang.String operation, int sslError, int error)
-
handleUnwrapException
private javax.net.ssl.SSLEngineResult handleUnwrapException(int bytesConsumed, int bytesProduced, javax.net.ssl.SSLException e) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
unwrap
public final javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer[] srcs, int srcsOffset, int srcsLength, java.nio.ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
needWrapAgain
private boolean needWrapAgain(int stackError)
-
newSSLExceptionForError
private javax.net.ssl.SSLException newSSLExceptionForError(int stackError)
-
shouldAddSuppressed
private static boolean shouldAddSuppressed(java.lang.Throwable target, int errorCode)
-
sslReadErrorResult
private javax.net.ssl.SSLEngineResult sslReadErrorResult(int error, int stackError, int bytesConsumed, int bytesProduced) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
closeAll
private void closeAll() throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
rejectRemoteInitiatedRenegotiation
private void rejectRemoteInitiatedRenegotiation() throws javax.net.ssl.SSLHandshakeException
- Throws:
javax.net.ssl.SSLHandshakeException
-
unwrap
public final javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer[] srcs, java.nio.ByteBuffer[] dsts) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
singleSrcBuffer
private java.nio.ByteBuffer[] singleSrcBuffer(java.nio.ByteBuffer src)
-
resetSingleSrcBuffer
private void resetSingleSrcBuffer()
-
singleDstBuffer
private java.nio.ByteBuffer[] singleDstBuffer(java.nio.ByteBuffer src)
-
resetSingleDstBuffer
private void resetSingleDstBuffer()
-
unwrap
public final javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer[] dsts, int offset, int length) throws javax.net.ssl.SSLException
- Specified by:
unwrap
in classjavax.net.ssl.SSLEngine
- Throws:
javax.net.ssl.SSLException
-
wrap
public final javax.net.ssl.SSLEngineResult wrap(java.nio.ByteBuffer src, java.nio.ByteBuffer dst) throws javax.net.ssl.SSLException
- Overrides:
wrap
in classjavax.net.ssl.SSLEngine
- Throws:
javax.net.ssl.SSLException
-
unwrap
public final javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer dst) throws javax.net.ssl.SSLException
- Overrides:
unwrap
in classjavax.net.ssl.SSLEngine
- Throws:
javax.net.ssl.SSLException
-
unwrap
public final javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer src, java.nio.ByteBuffer[] dsts) throws javax.net.ssl.SSLException
- Overrides:
unwrap
in classjavax.net.ssl.SSLEngine
- Throws:
javax.net.ssl.SSLException
-
runAndResetNeedTask
private void runAndResetNeedTask(java.lang.Runnable task)
-
getDelegatedTask
public final java.lang.Runnable getDelegatedTask()
- Specified by:
getDelegatedTask
in classjavax.net.ssl.SSLEngine
-
closeInbound
public final void closeInbound() throws javax.net.ssl.SSLException
- Specified by:
closeInbound
in classjavax.net.ssl.SSLEngine
- Throws:
javax.net.ssl.SSLException
-
isInboundDone
public final boolean isInboundDone()
- Specified by:
isInboundDone
in classjavax.net.ssl.SSLEngine
-
closeOutbound
public final void closeOutbound()
- Specified by:
closeOutbound
in classjavax.net.ssl.SSLEngine
-
doSSLShutdown
private boolean doSSLShutdown()
Attempt to callSSL.shutdownSSL(long)
.- Returns:
false
if the call toSSL.shutdownSSL(long)
was not attempted or returned an error.
-
isOutboundDone
public final boolean isOutboundDone()
- Specified by:
isOutboundDone
in classjavax.net.ssl.SSLEngine
-
getSupportedCipherSuites
public final java.lang.String[] getSupportedCipherSuites()
- Specified by:
getSupportedCipherSuites
in classjavax.net.ssl.SSLEngine
-
getEnabledCipherSuites
public final java.lang.String[] getEnabledCipherSuites()
- Specified by:
getEnabledCipherSuites
in classjavax.net.ssl.SSLEngine
-
setEnabledCipherSuites
public final void setEnabledCipherSuites(java.lang.String[] cipherSuites)
- Specified by:
setEnabledCipherSuites
in classjavax.net.ssl.SSLEngine
-
getSupportedProtocols
public final java.lang.String[] getSupportedProtocols()
- Specified by:
getSupportedProtocols
in classjavax.net.ssl.SSLEngine
-
getEnabledProtocols
public final java.lang.String[] getEnabledProtocols()
- Specified by:
getEnabledProtocols
in classjavax.net.ssl.SSLEngine
-
isProtocolEnabled
private static boolean isProtocolEnabled(int opts, int disableMask, java.lang.String protocolString)
-
setEnabledProtocols
public final void setEnabledProtocols(java.lang.String[] protocols)
TLS doesn't support a way to advertise non-contiguous versions from the client's perspective, and the client just advertises the max supported version. The TLS protocol also doesn't support all different combinations of discrete protocols, and instead assumes contiguous ranges. OpenSSL has some unexpected behavior (e.g. handshake failures) if non-contiguous protocols are used even where there is a compatible set of protocols and ciphers. For these reasons this method will determine the minimum protocol and the maximum protocol and enabled a contiguous range from [min protocol, max protocol] in OpenSSL.- Specified by:
setEnabledProtocols
in classjavax.net.ssl.SSLEngine
-
setEnabledProtocols0
private void setEnabledProtocols0(java.lang.String[] protocols, boolean cache)
-
getSession
public final javax.net.ssl.SSLSession getSession()
- Specified by:
getSession
in classjavax.net.ssl.SSLEngine
-
beginHandshake
public final void beginHandshake() throws javax.net.ssl.SSLException
- Specified by:
beginHandshake
in classjavax.net.ssl.SSLEngine
- Throws:
javax.net.ssl.SSLException
-
checkEngineClosed
private void checkEngineClosed() throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
pendingStatus
private static javax.net.ssl.SSLEngineResult.HandshakeStatus pendingStatus(int pendingStatus)
-
isEmpty
private static boolean isEmpty(java.lang.Object[] arr)
-
isEmpty
private static boolean isEmpty(byte[] cert)
-
handshakeException
private javax.net.ssl.SSLEngineResult.HandshakeStatus handshakeException() throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
initHandshakeException
final void initHandshakeException(java.lang.Throwable cause)
Should be called if the handshake will be failed due a callback that throws an exception. This cause will then be used to give more details as part of theSSLHandshakeException
.
-
handshake
private javax.net.ssl.SSLEngineResult.HandshakeStatus handshake() throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
mayFinishHandshake
private javax.net.ssl.SSLEngineResult.HandshakeStatus mayFinishHandshake(javax.net.ssl.SSLEngineResult.HandshakeStatus hs, int bytesConsumed, int bytesProduced) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
mayFinishHandshake
private javax.net.ssl.SSLEngineResult.HandshakeStatus mayFinishHandshake(javax.net.ssl.SSLEngineResult.HandshakeStatus status) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
getHandshakeStatus
public final javax.net.ssl.SSLEngineResult.HandshakeStatus getHandshakeStatus()
- Specified by:
getHandshakeStatus
in classjavax.net.ssl.SSLEngine
-
getHandshakeStatus
private javax.net.ssl.SSLEngineResult.HandshakeStatus getHandshakeStatus(int pending)
-
needPendingStatus
private boolean needPendingStatus()
-
toJavaCipherSuite
private java.lang.String toJavaCipherSuite(java.lang.String openSslCipherSuite)
Converts the specified OpenSSL cipher suite to the Java cipher suite.
-
toJavaCipherSuitePrefix
private static java.lang.String toJavaCipherSuitePrefix(java.lang.String protocolVersion)
Converts the protocol version string returned bySSL.getVersion(long)
to protocol family string.
-
setUseClientMode
public final void setUseClientMode(boolean clientMode)
- Specified by:
setUseClientMode
in classjavax.net.ssl.SSLEngine
-
getUseClientMode
public final boolean getUseClientMode()
- Specified by:
getUseClientMode
in classjavax.net.ssl.SSLEngine
-
setNeedClientAuth
public final void setNeedClientAuth(boolean b)
- Specified by:
setNeedClientAuth
in classjavax.net.ssl.SSLEngine
-
getNeedClientAuth
public final boolean getNeedClientAuth()
- Specified by:
getNeedClientAuth
in classjavax.net.ssl.SSLEngine
-
setWantClientAuth
public final void setWantClientAuth(boolean b)
- Specified by:
setWantClientAuth
in classjavax.net.ssl.SSLEngine
-
getWantClientAuth
public final boolean getWantClientAuth()
- Specified by:
getWantClientAuth
in classjavax.net.ssl.SSLEngine
-
setVerify
@UnstableApi public final void setVerify(int verifyMode, int depth)
See SSL_set_verify andSSL.setVerify(long, int, int)
.
-
setClientAuth
private void setClientAuth(ClientAuth mode)
-
setEnableSessionCreation
public final void setEnableSessionCreation(boolean b)
- Specified by:
setEnableSessionCreation
in classjavax.net.ssl.SSLEngine
-
getEnableSessionCreation
public final boolean getEnableSessionCreation()
- Specified by:
getEnableSessionCreation
in classjavax.net.ssl.SSLEngine
-
getSSLParameters
public final javax.net.ssl.SSLParameters getSSLParameters()
- Overrides:
getSSLParameters
in classjavax.net.ssl.SSLEngine
-
setSSLParameters
public final void setSSLParameters(javax.net.ssl.SSLParameters sslParameters)
- Overrides:
setSSLParameters
in classjavax.net.ssl.SSLEngine
-
isEndPointVerificationEnabled
private static boolean isEndPointVerificationEnabled(java.lang.String endPointIdentificationAlgorithm)
-
isDestroyed
private boolean isDestroyed()
-
checkSniHostnameMatch
final boolean checkSniHostnameMatch(byte[] hostname)
-
getNegotiatedApplicationProtocol
public java.lang.String getNegotiatedApplicationProtocol()
Description copied from interface:ApplicationProtocolAccessor
Returns the name of the negotiated application-level protocol.- Specified by:
getNegotiatedApplicationProtocol
in interfaceApplicationProtocolAccessor
- Returns:
- the application-level protocol name or
null
if the negotiation failed or the client does not have ALPN/NPN extension
-
bufferAddress
private static long bufferAddress(java.nio.ByteBuffer b)
-
selectApplicationProtocol
private void selectApplicationProtocol() throws javax.net.ssl.SSLException
Select the application protocol used.- Throws:
javax.net.ssl.SSLException
-
selectApplicationProtocol
private java.lang.String selectApplicationProtocol(java.util.List<java.lang.String> protocols, ApplicationProtocolConfig.SelectedListenerFailureBehavior behavior, java.lang.String applicationProtocol) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
setSessionId
final void setSessionId(OpenSslSessionId id)
-
-