Package org.conscrypt

Class OpenSSLSocketImpl

    • Method Detail

      • startHandshake

        public void startHandshake()
                    throws IOException
        Starts a TLS/SSL handshake on this connection using some native methods from the OpenSSL library. It can negotiate new encryption keys, change cipher suites, or initiate a new session. The certificate chain is verified if the correspondent property in java.Security is set. All listeners are notified at the end of the TLS/SSL handshake.
        Specified by:
        startHandshake in class SSLSocket
        Throws:
        IOException - if an error occurs.

      • getPort

        public int getPort()
        Description copied from class: Socket
        Returns the port number of the target host this socket is connected to, or 0 if this socket is not yet connected.
        Overrides:
        getPort in class Socket

      • clientPSKKeyRequested

        public int clientPSKKeyRequested​(String identityHint,
                                 byte[] identity,
                                 byte[] key)
        Description copied from interface: NativeCrypto.SSLHandshakeCallbacks
        Gets the key to be used in client mode for this connection in Pre-Shared Key (PSK) key exchange.
        Specified by:
        clientPSKKeyRequested in interface NativeCrypto.SSLHandshakeCallbacks
        Parameters:
        identityHint - PSK identity hint provided by the server or null if no hint provided.
        identity - buffer to be populated with PSK identity (NULL-terminated modified UTF-8) by this method. This identity will be provided to the server.
        key - buffer to be populated with key material by this method.
        Returns:
        number of bytes this method stored in the key buffer or 0 if an error occurred in which case the handshake will be aborted.

      • serverPSKKeyRequested

        public int serverPSKKeyRequested​(String identityHint,
                                 String identity,
                                 byte[] key)
        Description copied from interface: NativeCrypto.SSLHandshakeCallbacks
        Gets the key to be used in server mode for this connection in Pre-Shared Key (PSK) key exchange.
        Specified by:
        serverPSKKeyRequested in interface NativeCrypto.SSLHandshakeCallbacks
        Parameters:
        identityHint - PSK identity hint provided by this server to the client or null if no hint was provided.
        identity - PSK identity provided by the client.
        key - buffer to be populated with key material by this method.
        Returns:
        number of bytes this method stored in the key buffer or 0 if an error occurred in which case the handshake will be aborted.

      • getInputStream

        public InputStream getInputStream()
                           throws IOException
        Description copied from class: Socket
        Returns an input stream to read data from this socket. If the socket has an associated SocketChannel and that channel is in non-blocking mode then reads from the stream will throw a IllegalBlockingModeException.
        Overrides:
        getInputStream in class Socket
        Returns:
        the byte-oriented input stream.
        Throws:
        IOException - if an error occurs while creating the input stream or the socket is in an invalid state.

      • getOutputStream

        public OutputStream getOutputStream()
                             throws IOException
        Description copied from class: Socket
        Returns an output stream to write data into this socket. If the socket has an associated SocketChannel and that channel is in non-blocking mode then writes to the stream will throw a IllegalBlockingModeException.
        Overrides:
        getOutputStream in class Socket
        Returns:
        the byte-oriented output stream.
        Throws:
        IOException - if an error occurs while creating the output stream or the socket is in an invalid state.

      • getSession

        public SSLSession getSession()
        Description copied from class: SSLSocket
        Returns the SSLSession for this connection. If necessary, a handshake will be initiated, in which case this method will block until the handshake has been established. If the handshake fails, an invalid session object will be returned.
        Specified by:
        getSession in class SSLSocket
        Returns:
        the session object.

      • addHandshakeCompletedListener

        public void addHandshakeCompletedListener​(HandshakeCompletedListener listener)
        Description copied from class: SSLSocket
        Registers the specified listener to receive notification on completion of a handshake on this connection.
        Specified by:
        addHandshakeCompletedListener in class SSLSocket
        Parameters:
        listener - the listener to register.

      • getEnableSessionCreation

        public boolean getEnableSessionCreation()
        Description copied from class: SSLSocket
        Returns whether new SSL sessions may be created by this socket or if existing sessions must be reused.
        Specified by:
        getEnableSessionCreation in class SSLSocket
        Returns:
        true if new sessions may be created, otherwise false.

      • setEnableSessionCreation

        public void setEnableSessionCreation​(boolean flag)
        Description copied from class: SSLSocket
        Sets whether new SSL sessions may be created by this socket or if existing sessions must be reused. If flag is false and there are no sessions to resume, handshaking will fail.
        Specified by:
        setEnableSessionCreation in class SSLSocket
        Parameters:
        flag - true if new sessions may be created.

      • setUseSessionTickets

        public void setUseSessionTickets​(boolean useSessionTickets)
        This method enables session ticket support.
        Parameters:
        useSessionTickets - True to enable session tickets

      • setHostname

        public void setHostname​(String hostname)
        This method enables Server Name Indication
        Parameters:
        hostname - the desired SNI hostname, or null to disable

      • setChannelIdEnabled

        public void setChannelIdEnabled​(boolean enabled)
        Enables/disables TLS Channel ID for this server socket.

        This method needs to be invoked before the handshake starts.

        Throws:
        IllegalStateException - if this is a client socket or if the handshake has already started.

      • getChannelId

        public byte[] getChannelId()
                    throws SSLException
        Gets the TLS Channel ID for this server socket. Channel ID is only available once the handshake completes.
        Returns:
        channel ID or null if not available.
        Throws:
        IllegalStateException - if this is a client socket or if the handshake has not yet completed.
        SSLException - if channel ID is available but could not be obtained.

      • setChannelIdPrivateKey

        public void setChannelIdPrivateKey​(PrivateKey privateKey)
        Sets the PrivateKey to be used for TLS Channel ID by this client socket.

        This method needs to be invoked before the handshake starts.

        Parameters:
        privateKey - private key (enables TLS Channel ID) or null for no key (disables TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).
        Throws:
        IllegalStateException - if this is a server socket or if the handshake has already started.

      • getUseClientMode

        public boolean getUseClientMode()
        Description copied from class: SSLSocket
        Returns true if this connection will act in client mode when handshaking.
        Specified by:
        getUseClientMode in class SSLSocket

      • setUseClientMode

        public void setUseClientMode​(boolean mode)
        Description copied from class: SSLSocket
        Sets whether this connection should act in client mode when handshaking.
        Specified by:
        setUseClientMode in class SSLSocket
        Parameters:
        mode - true if this connection should act in client mode, false if not.

      • getWantClientAuth

        public boolean getWantClientAuth()
        Description copied from class: SSLSocket
        Returns true if the server should request client authentication. This does not apply to sockets in client mode.
        Specified by:
        getWantClientAuth in class SSLSocket

      • getNeedClientAuth

        public boolean getNeedClientAuth()
        Description copied from class: SSLSocket
        Returns true if the server socket should require client authentication. This does not apply to sockets in client mode.
        Specified by:
        getNeedClientAuth in class SSLSocket

      • setNeedClientAuth

        public void setNeedClientAuth​(boolean need)
        Description copied from class: SSLSocket
        Sets whether the server should require client authentication. This does not apply to sockets in client mode. Client authentication is one of the following:
        • authentication required
        • authentication requested
        • no authentication needed
        This method overrides the setting of SSLSocket.setWantClientAuth(boolean).
        Specified by:
        setNeedClientAuth in class SSLSocket

      • sendUrgentData

        public void sendUrgentData​(int data)
                    throws IOException
        Description copied from class: Socket
        Sends the given single byte data which is represented by the lowest octet of value as "TCP urgent data".
        Overrides:
        sendUrgentData in class Socket
        Parameters:
        data - the byte of urgent data to be sent.
        Throws:
        IOException - if an error occurs while sending urgent data.

      • setSoTimeout

        public void setSoTimeout​(int readTimeoutMilliseconds)
                  throws SocketException
        Description copied from class: Socket
        Sets this socket's read timeout in milliseconds. Use 0 for no timeout. To take effect, this option must be set before the blocking method was called.
        Overrides:
        setSoTimeout in class Socket
        Throws:
        SocketException

      • setSoWriteTimeout

        public void setSoWriteTimeout​(int writeTimeoutMilliseconds)
                       throws SocketException
        Note write timeouts are not part of the javax.net.ssl.SSLSocket API
        Throws:
        SocketException

      • getSoWriteTimeout

        public int getSoWriteTimeout()
                      throws SocketException
        Note write timeouts are not part of the javax.net.ssl.SSLSocket API
        Throws:
        SocketException

      • setHandshakeTimeout

        public void setHandshakeTimeout​(int handshakeTimeoutMilliseconds)
                         throws SocketException
        Set the handshake timeout on this socket. This timeout is specified in milliseconds and will be used only during the handshake process.
        Throws:
        SocketException

      • close

        public void close()
           throws IOException
        Description copied from class: Socket
        Closes the socket. It is not possible to reconnect or rebind to this socket thereafter which means a new socket instance has to be created.
        Specified by:
        close in interface AutoCloseable
        Specified by:
        close in interface Closeable
        Overrides:
        close in class Socket
        Throws:
        IOException - if an error occurs while closing the socket.

      • finalize

        protected void finalize()
                 throws Throwable
        Description copied from class: Object
        Invoked when the garbage collector has detected that this instance is no longer reachable. The default implementation does nothing, but this method can be overridden to free resources.

        Note that objects that override finalize are significantly more expensive than objects that don't. Finalizers may be run a long time after the object is no longer reachable, depending on memory pressure, so it's a bad idea to rely on them for cleanup. Note also that finalizers are run on a single VM-wide finalizer thread, so doing blocking work in a finalizer is a bad idea. A finalizer is usually only necessary for a class that has a native peer and needs to call a native method to destroy that peer. Even then, it's better to provide an explicit close method (and implement Closeable), and insist that callers manually dispose of instances. This works well for something like files, but less well for something like a BigInteger where typical calling code would have to deal with lots of temporaries. Unfortunately, code that creates lots of temporaries is the worst kind of code from the point of view of the single finalizer thread.

        If you must use finalizers, consider at least providing your own ReferenceQueue and having your own thread process that queue.

        Unlike constructors, finalizers are not automatically chained. You are responsible for calling super.finalize() yourself.

        Uncaught exceptions thrown by finalizers are ignored and do not terminate the finalizer thread. See Effective Java Item 7, "Avoid finalizers" for more.

        Overrides:
        finalize in class Object
        Throws:
        Throwable

      • getNpnSelectedProtocol

        public byte[] getNpnSelectedProtocol()
        Returns the protocol agreed upon by client and server, or null if no protocol was agreed upon.

      • getAlpnSelectedProtocol

        public byte[] getAlpnSelectedProtocol()
        Returns the protocol agreed upon by client and server, or null if no protocol was agreed upon.

      • setNpnProtocols

        public void setNpnProtocols​(byte[] npnProtocols)
        Sets the list of protocols this peer is interested in. If null no protocols will be used.
        Parameters:
        npnProtocols - a non-empty array of protocol names. From SSL_select_next_proto, "vector of 8-bit, length prefixed byte strings. The length byte itself is not included in the length. A byte string of length 0 is invalid. No byte string may be truncated.".

      • setAlpnProtocols

        public void setAlpnProtocols​(byte[] alpnProtocols)
        Sets the list of protocols this peer is interested in. If the list is null, no protocols will be used.
        Parameters:
        alpnProtocols - a non-empty array of protocol names. From SSL_select_next_proto, "vector of 8-bit, length prefixed byte strings. The length byte itself is not included in the length. A byte string of length 0 is invalid. No byte string may be truncated.".