-
Notifications
You must be signed in to change notification settings - Fork 317
Expand file tree
/
Copy pathAbstractConscryptEngine.java
More file actions
193 lines (159 loc) · 6.98 KB
/
AbstractConscryptEngine.java
File metadata and controls
193 lines (159 loc) · 6.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.conscrypt;
import java.nio.ByteBuffer;
import java.security.PrivateKey;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
/**
* Abstract base class for all Conscrypt {@link SSLEngine} classes.
*/
abstract class AbstractConscryptEngine extends SSLEngine {
abstract void setBufferAllocator(BufferAllocator bufferAllocator);
/**
* Returns the maximum overhead, in bytes, of sealing a record with SSL.
*/
abstract int maxSealOverhead();
/**
* Enables/disables TLS Channel ID for this server engine.
*
* <p>This method needs to be invoked before the handshake starts.
*
* @throws IllegalStateException if this is a client engine or if the handshake has already
* started.
*/
abstract void setChannelIdEnabled(boolean enabled);
/**
* Gets the TLS Channel ID for this server engine. Channel ID is only available once the
* handshake completes.
*
* @return channel ID or {@code null} if not available.
*
* @throws IllegalStateException if this is a client engine or if the handshake has not yet
* completed.
* @throws SSLException if channel ID is available but could not be obtained.
*/
abstract byte[] getChannelId() throws SSLException;
/**
* Sets the {@link PrivateKey} to be used for TLS Channel ID by this client engine.
*
* <p>This method needs to be invoked before the handshake starts.
*
* @param privateKey private key (enables TLS Channel ID) or {@code null} for no key (disables
* TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST
* P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1).
*
* @throws IllegalStateException if this is a server engine or if the handshake has already
* started.
*/
abstract void setChannelIdPrivateKey(PrivateKey privateKey);
/**
* Sets the listener for the completion of the TLS handshake.
*/
abstract void setHandshakeListener(HandshakeListener handshakeListener);
/**
* This method enables Server Name Indication (SNI) and overrides the {@link PeerInfoProvider}
* supplied during engine creation.
*/
abstract void setHostname(String hostname);
/**
* Returns the hostname from {@link #setHostname(String)} or supplied by the
* {@link PeerInfoProvider} upon creation. No DNS resolution is attempted before
* returning the hostname.
*/
abstract String getHostname();
@Override public abstract String getPeerHost();
@Override public abstract int getPeerPort();
public abstract void setEchParameters(EchParameters parameters);
public abstract EchParameters getEchParameters();
public abstract String getEchNameOverride();
public abstract byte[] getEchRetryConfigList();
public abstract boolean echAccepted();
/* @Override */
@SuppressWarnings("MissingOverride") // For compilation with Java 6.
public final SSLSession getHandshakeSession() {
return handshakeSession();
}
/**
* Work-around to allow this method to be called on older versions of Android.
*/
abstract SSLSession handshakeSession();
@Override
public abstract SSLEngineResult unwrap(ByteBuffer src, ByteBuffer dst) throws SSLException;
@Override
public abstract SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts) throws SSLException;
@Override
public abstract SSLEngineResult unwrap(final ByteBuffer src, final ByteBuffer[] dsts,
final int offset, final int length) throws SSLException;
abstract SSLEngineResult unwrap(final ByteBuffer[] srcs, final ByteBuffer[] dsts)
throws SSLException;
abstract SSLEngineResult unwrap(final ByteBuffer[] srcs, int srcsOffset, final int srcsLength,
final ByteBuffer[] dsts, final int dstsOffset, final int dstsLength)
throws SSLException;
@Override
public abstract SSLEngineResult wrap(ByteBuffer src, ByteBuffer dst) throws SSLException;
@Override
public abstract SSLEngineResult wrap(
ByteBuffer[] srcs, int srcsOffset, int srcsLength, ByteBuffer dst) throws SSLException;
/**
* This method enables session ticket support.
*
* @param useSessionTickets True to enable session tickets
*/
abstract void setUseSessionTickets(boolean useSessionTickets);
/**
* Sets the list of ALPN protocols.
*
* @param protocols the list of ALPN protocols
*/
abstract void setApplicationProtocols(String[] protocols);
/**
* Returns the list of supported ALPN protocols.
*/
abstract String[] getApplicationProtocols();
@SuppressWarnings("MissingOverride") // For compiling pre Java 9.
public abstract String getApplicationProtocol();
@SuppressWarnings("MissingOverride") // For compiling pre Java 9.
public abstract String getHandshakeApplicationProtocol();
/**
* Sets an application-provided ALPN protocol selector. If provided, this will override
* the list of protocols set by {@link #setApplicationProtocols(String[])}.
*/
abstract void setApplicationProtocolSelector(ApplicationProtocolSelector selector);
/**
* Returns the tls-unique channel binding value for this connection, per RFC 5929. This
* will return {@code null} if there is no such value available, such as if the handshake
* has not yet completed or this connection is closed.
*/
abstract byte[] getTlsUnique();
/**
* Exports a value derived from the TLS master secret as described in RFC 5705.
*
* @param label the label to use in calculating the exported value. This must be
* an ASCII-only string.
* @param context the application-specific context value to use in calculating the
* exported value. This may be {@code null} to use no application context, which is
* treated differently than an empty byte array.
* @param length the number of bytes of keying material to return.
* @return a value of the specified length, or {@code null} if the handshake has not yet
* completed or the connection has been closed.
* @throws SSLException if the value could not be exported.
*/
abstract byte[] exportKeyingMaterial(String label, byte[] context, int length)
throws SSLException;
}