public abstract class JSSEngine
extends javax.net.ssl.SSLEngine
Modifier and Type | Field and Description |
---|---|
protected boolean |
as_server
Whether or not this SSLEngine is acting as the client end of the
handshake.
|
protected static int |
BUFFER_SIZE
Size of the underlying BUFFERs.
|
protected PK11Cert |
cert
Certificate used by this JSSEngine instance.
|
protected java.lang.String |
certAlias
Certificate alias used by the JSSEngine instance.
|
protected java.util.HashMap<java.lang.Integer,java.lang.Integer> |
config
Set of configuration options to enable via SSL_OptionSet(...).
|
protected SSLCipher[] |
enabled_ciphers
A list of all ciphers enabled by this SSLEngine.
|
protected javax.net.ssl.SSLEngineResult.HandshakeStatus |
handshake_state
What the official SSLEngineResult handshake status is, at the present
time.
|
protected java.lang.String |
hostname
Peer's hostname, used for certificate validation.
|
protected boolean |
is_inbound_closed
Whether or not the inbound portion of this connection is closed.
|
protected boolean |
is_outbound_closed
Whether or not the outbound portion of this connection is closed.
|
protected PK11PrivKey |
key
Key corresponding to the local certificate.
|
protected javax.net.ssl.X509KeyManager[] |
key_managers
A list of all KeyManagers available to this JSSEngine instance.
|
static org.slf4j.Logger |
logger |
protected SSLVersion |
max_protocol
The maximum TLS protocol version we should attempt to handshake.
|
protected SSLVersion |
min_protocol
The minimum TLS protocol version we should attempt to handshake.
|
protected boolean |
need_client_auth
Whether or not we should fail to handshake if client authentication
is not passed by the peer and we are a server; if we are a client,
whether or not we offer our certificate to the server.
|
protected static java.util.HashMap<PK11Cert,SSLFDProxy> |
serverTemplates
Set of cached server sockets based on the PK11Cert they were
initialized with.
|
protected JSSSession |
session
A JSSSession extends the SSLSession, providing useful information not
otherwise contained in the SSLSession, but exposed by NSS.
|
protected SSLFDProxy |
ssl_fd
Internal SSLFDProxy instance; useful for JSSSession support and any
custom extensions the developer wishes to support.
|
protected javax.net.ssl.X509TrustManager[] |
trust_managers
A list of all TrustManagers available to this JSSEngine instance.
|
protected boolean |
want_client_auth
Whether or not we should attempt to handshake with client
authentication.
|
Constructor and Description |
---|
JSSEngine()
Constructor for a JSSEngine, providing no hints for an internal
session reuse strategy and no key.
|
JSSEngine(java.lang.String peerHost,
int peerPort)
Constructor for a JSSEngine, providing hints for an internal session
reuse strategy (the peer's hostname and port), but no local cert or key.
|
JSSEngine(java.lang.String peerHost,
int peerPort,
X509Certificate localCert,
PrivateKey localKey)
Constructor for a JSSEngine, providing hints for an internal session
reuse strategy (the peer's hostname and port), along with a chosen
certificate and key to use.
|
Modifier and Type | Method and Description |
---|---|
void |
addConfiguration(int key,
int value)
Updates the configuration with the given value.
|
abstract void |
cleanup()
Performs cleanup of internal data, closing both inbound and outbound
data streams if still open.
|
protected static java.lang.String |
errorText(int error)
Gets the error text from the NSPR layer
|
java.util.HashMap<java.lang.Integer,java.lang.Integer> |
getDefaultConfiguration()
Gets the default configuration.
|
java.lang.String[] |
getEnabledCipherSuites()
Lists cipher suites currently enabled on this JSSEngine instance.
|
java.lang.String[] |
getEnabledProtocols()
Gets the list of enabled SSL protocol versions on this particular
JSSEngine instance, as a list of JCA-standardized strings.
|
boolean |
getEnableSessionCreation()
Whether or not new sessions can be created by this SSLEngine instance.
|
boolean |
getNeedClientAuth()
Query whether or not we must have client authentication for the TLS
handshake to succeed.
|
protected static SSLFDProxy |
getServerTemplate(PK11Cert cert,
PK11PrivKey key)
Returns the templated server certificate, if one exists.
|
JSSSession |
getSession()
Gets the JSSSession object which reflects the status of this
JSS Engine's session.
|
SSLFDProxy |
getSSLFDProxy()
Get the internal SSLFDProxy object; this should be preferred to
directly accessing ssl_fd.
|
JSSParameters |
getSSLParameters()
Get the configuration from the current JSSEngine object as a
JSSParameters object.
|
abstract SecurityStatusResult |
getStatus()
Gets the current security status of this JSSEngine instance.
|
java.lang.String[] |
getSupportedCipherSuites()
Lists all cipher suites supported by JSS/NSS.
|
java.lang.String[] |
getSupportedProtocols()
Gets the list of SSL protocols supported, as a list of JCA-standardized
strings.
|
boolean |
getUseClientMode()
Query whether this JSSEngine is a client (true) or a server (false).
|
boolean |
getWantClientAuth()
Query whether or not we request client authentication.
|
static void |
initializeSessionCache(int maxCacheEntries,
long timeout,
java.lang.String directory)
Safely initializes the session cache if not already initialized.
|
boolean |
isInboundDone()
Query whether or not the inbound side of this connection is closed.
|
boolean |
isOutboundDone()
Query whether or not the outbound side of this connection is closed.
|
static SSLCipher[] |
queryEnabledCipherSuites()
Queries the list of cipher suites enabled by default, if a
corresponding setEnabledCIpherSuites call hasn't yet been made.
|
static SSLVersionRange |
queryEnabledProtocols()
Queries the list of protocols enabled by default.
|
protected abstract void |
reconfigureClientAuth()
Implementation-specific handler to handle reconfiguration of client
authentication after the handshake has completed.
|
void |
removeConfiguration(int key)
Removes the given key from the configuration.
|
void |
setCertFromAlias(java.lang.String alias)
Choose a certificate to give to the peer from the specified alias,
assuming KeyManagers have already been specified and at least one is
a JSSKeyManager.
|
void |
setConfiguration(java.util.HashMap<java.lang.Integer,java.lang.Integer> config)
Sets the configuration, replacing all current values.
|
void |
setEnabledCipherSuites(SSLCipher[] suites)
Sets the list of enabled cipher suites from a a list of SSLCipher enum
instances.
|
void |
setEnabledCipherSuites(java.lang.String[] suites)
Sets the list of enabled cipher suites from a list of JCA-approved
String names.
|
void |
setEnabledProtocols(SSLVersionRange vrange)
Sets the range of enabled SSL Protocols from a SSLVersionRange object.
|
void |
setEnabledProtocols(SSLVersion min,
SSLVersion max)
Sets the range of enabled SSL Protocols from a minimum and maximum
SSLVersion value.
|
void |
setEnabledProtocols(java.lang.String[] protocols)
Set the range of SSL protocols enabled by this SSLEngine instance, from
a list of JCA-standardized protocol String names.
|
void |
setEnableSessionCreation(boolean flag)
Whether or not to enable this SSLEngine instance to create new
sessions.
|
void |
setHostname(java.lang.String name)
Set the hostname used to validate the peer's certificate.
|
void |
setKeyManager(javax.net.ssl.X509KeyManager km)
Set the internal KeyManager, when present, replacing all previous
KeyManagers.
|
void |
setKeyManagers(javax.net.ssl.X509KeyManager[] xkms)
Set the internal list of KeyManagers.
|
void |
setKeyMaterials(PK11Cert our_cert,
PK11PrivKey our_key)
Set public and protected key material; useful when doing client auth or
if this wasn't provided to the constructor.
|
void |
setNeedClientAuth(boolean need)
Set whether or not client authentication is required for the TLS
handshake to succeed.
|
void |
setSSLParameters(javax.net.ssl.SSLParameters params)
Set the configuration from the given SSLParameters object onto this
JSSEngine.
|
void |
setTrustManager(JSSTrustManager tm)
Set the internal TrustManager, when present, replacing all previous
TrustManagers.
|
void |
setTrustManagers(javax.net.ssl.X509TrustManager[] xtms)
Set the internal list of TrustManagers.
|
void |
setUseClientMode(boolean mode)
Set whether or not to handshake as a client.
|
void |
setWantClientAuth(boolean want)
Set whether or not we should attempt client authentication.
|
abstract void |
tryCleanup()
Calls cleanup only if both inbound and outbound data streams are
closed.
|
beginHandshake, closeInbound, closeOutbound, getApplicationProtocol, getDelegatedTask, getHandshakeApplicationProtocol, getHandshakeApplicationProtocolSelector, getHandshakeSession, getHandshakeStatus, getPeerHost, getPeerPort, setHandshakeApplicationProtocolSelector, unwrap, unwrap, unwrap, wrap, wrap, wrap
public static org.slf4j.Logger logger
protected static int BUFFER_SIZE
protected boolean as_server
protected java.lang.String hostname
protected java.lang.String certAlias
protected PK11Cert cert
protected PK11PrivKey key
protected javax.net.ssl.X509KeyManager[] key_managers
protected javax.net.ssl.X509TrustManager[] trust_managers
protected boolean need_client_auth
protected boolean want_client_auth
protected javax.net.ssl.SSLEngineResult.HandshakeStatus handshake_state
protected SSLCipher[] enabled_ciphers
protected SSLVersion min_protocol
protected SSLVersion max_protocol
protected JSSSession session
protected SSLFDProxy ssl_fd
protected boolean is_outbound_closed
protected boolean is_inbound_closed
protected java.util.HashMap<java.lang.Integer,java.lang.Integer> config
protected static java.util.HashMap<PK11Cert,SSLFDProxy> serverTemplates
public JSSEngine()
public JSSEngine(java.lang.String peerHost, int peerPort)
public JSSEngine(java.lang.String peerHost, int peerPort, X509Certificate localCert, PrivateKey localKey)
protected static java.lang.String errorText(int error)
public static void initializeSessionCache(int maxCacheEntries, long timeout, java.lang.String directory) throws javax.net.ssl.SSLException
javax.net.ssl.SSLException
public SSLFDProxy getSSLFDProxy()
public JSSParameters getSSLParameters()
getSSLParameters
in class javax.net.ssl.SSLEngine
public void setSSLParameters(javax.net.ssl.SSLParameters params)
setSSLParameters
in class javax.net.ssl.SSLEngine
public void setHostname(java.lang.String name)
public void setCertFromAlias(java.lang.String alias) throws java.lang.IllegalArgumentException
java.lang.IllegalArgumentException
public void setEnabledCipherSuites(java.lang.String[] suites) throws java.lang.IllegalArgumentException
setEnabledCipherSuites
in class javax.net.ssl.SSLEngine
java.lang.IllegalArgumentException
public void setEnabledCipherSuites(SSLCipher[] suites) throws java.lang.IllegalArgumentException
java.lang.IllegalArgumentException
public static SSLCipher[] queryEnabledCipherSuites()
public java.lang.String[] getEnabledCipherSuites()
getEnabledCipherSuites
in class javax.net.ssl.SSLEngine
public java.lang.String[] getSupportedCipherSuites()
getSupportedCipherSuites
in class javax.net.ssl.SSLEngine
public void setEnabledProtocols(java.lang.String[] protocols) throws java.lang.IllegalArgumentException
setEnabledProtocols
in class javax.net.ssl.SSLEngine
java.lang.IllegalArgumentException
public void setEnabledProtocols(SSLVersion min, SSLVersion max) throws java.lang.IllegalArgumentException
java.lang.IllegalArgumentException
public void setEnabledProtocols(SSLVersionRange vrange)
public static SSLVersionRange queryEnabledProtocols()
public java.lang.String[] getEnabledProtocols()
getEnabledProtocols
in class javax.net.ssl.SSLEngine
public java.lang.String[] getSupportedProtocols()
getSupportedProtocols
in class javax.net.ssl.SSLEngine
public void setKeyMaterials(PK11Cert our_cert, PK11PrivKey our_key) throws java.lang.IllegalArgumentException
java.lang.IllegalArgumentException
public void setKeyManager(javax.net.ssl.X509KeyManager km)
public void setKeyManagers(javax.net.ssl.X509KeyManager[] xkms)
public void setTrustManager(JSSTrustManager tm)
public void setTrustManagers(javax.net.ssl.X509TrustManager[] xtms)
public JSSSession getSession()
getSession
in class javax.net.ssl.SSLEngine
public void setEnableSessionCreation(boolean flag)
setEnableSessionCreation
in class javax.net.ssl.SSLEngine
public boolean getEnableSessionCreation()
getEnableSessionCreation
in class javax.net.ssl.SSLEngine
public void setUseClientMode(boolean mode) throws java.lang.IllegalArgumentException
setUseClientMode
in class javax.net.ssl.SSLEngine
java.lang.IllegalArgumentException
public void setNeedClientAuth(boolean need)
setNeedClientAuth
in class javax.net.ssl.SSLEngine
public void setWantClientAuth(boolean want)
setWantClientAuth
in class javax.net.ssl.SSLEngine
protected abstract void reconfigureClientAuth()
public boolean getUseClientMode()
getUseClientMode
in class javax.net.ssl.SSLEngine
public boolean getNeedClientAuth()
getNeedClientAuth
in class javax.net.ssl.SSLEngine
public boolean getWantClientAuth()
getWantClientAuth
in class javax.net.ssl.SSLEngine
public boolean isInboundDone()
isInboundDone
in class javax.net.ssl.SSLEngine
public boolean isOutboundDone()
isOutboundDone
in class javax.net.ssl.SSLEngine
public abstract SecurityStatusResult getStatus()
public java.util.HashMap<java.lang.Integer,java.lang.Integer> getDefaultConfiguration()
public void addConfiguration(int key, int value)
public void removeConfiguration(int key)
public void setConfiguration(java.util.HashMap<java.lang.Integer,java.lang.Integer> config)
protected static SSLFDProxy getServerTemplate(PK11Cert cert, PK11PrivKey key)
public abstract void tryCleanup()
public abstract void cleanup()