| /* |
| * Copyright (C) 2017 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.conscrypt; |
| |
| import java.nio.ByteBuffer; |
| import java.security.PrivateKey; |
| import javax.net.ssl.SSLEngine; |
| import javax.net.ssl.SSLEngineResult; |
| import javax.net.ssl.SSLException; |
| import javax.net.ssl.SSLSession; |
| |
| /** |
| * Abstract base class for all Conscrypt {@link SSLEngine} classes. |
| */ |
| abstract class AbstractConscryptEngine extends SSLEngine { |
| abstract void setBufferAllocator(BufferAllocator bufferAllocator); |
| |
| /** |
| * Returns the maximum overhead, in bytes, of sealing a record with SSL. |
| */ |
| abstract int maxSealOverhead(); |
| |
| /** |
| * Enables/disables TLS Channel ID for this server engine. |
| * |
| * <p>This method needs to be invoked before the handshake starts. |
| * |
| * @throws IllegalStateException if this is a client engine or if the handshake has already |
| * started. |
| */ |
| abstract void setChannelIdEnabled(boolean enabled); |
| |
| /** |
| * Gets the TLS Channel ID for this server engine. Channel ID is only available once the |
| * handshake completes. |
| * |
| * @return channel ID or {@code null} if not available. |
| * |
| * @throws IllegalStateException if this is a client engine or if the handshake has not yet |
| * completed. |
| * @throws SSLException if channel ID is available but could not be obtained. |
| */ |
| abstract byte[] getChannelId() throws SSLException; |
| |
| /** |
| * Sets the {@link PrivateKey} to be used for TLS Channel ID by this client engine. |
| * |
| * <p>This method needs to be invoked before the handshake starts. |
| * |
| * @param privateKey private key (enables TLS Channel ID) or {@code null} for no key (disables |
| * TLS Channel ID). The private key must be an Elliptic Curve (EC) key based on the NIST |
| * P-256 curve (aka SECG secp256r1 or ANSI X9.62 prime256v1). |
| * |
| * @throws IllegalStateException if this is a server engine or if the handshake has already |
| * started. |
| */ |
| abstract void setChannelIdPrivateKey(PrivateKey privateKey); |
| |
| /** |
| * Sets the listener for the completion of the TLS handshake. |
| */ |
| abstract void setHandshakeListener(HandshakeListener handshakeListener); |
| |
| /** |
| * This method enables Server Name Indication (SNI) and overrides the {@link PeerInfoProvider} |
| * supplied during engine creation. |
| */ |
| abstract void setHostname(String hostname); |
| |
| /** |
| * Returns the hostname from {@link #setHostname(String)} or supplied by the |
| * {@link PeerInfoProvider} upon creation. No DNS resolution is attempted before |
| * returning the hostname. |
| */ |
| abstract String getHostname(); |
| |
| @Override public abstract String getPeerHost(); |
| |
| @Override public abstract int getPeerPort(); |
| |
| /* @Override */ |
| @SuppressWarnings("MissingOverride") // For compilation with Java 6. |
| public final SSLSession getHandshakeSession() { |
| return handshakeSession(); |
| } |
| |
| /** |
| * Work-around to allow this method to be called on older versions of Android. |
| */ |
| abstract SSLSession handshakeSession(); |
| |
| @Override |
| public abstract SSLEngineResult unwrap(ByteBuffer src, ByteBuffer dst) throws SSLException; |
| |
| @Override |
| public abstract SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts) throws SSLException; |
| |
| @Override |
| public abstract SSLEngineResult unwrap(final ByteBuffer src, final ByteBuffer[] dsts, |
| final int offset, final int length) throws SSLException; |
| |
| abstract SSLEngineResult unwrap(final ByteBuffer[] srcs, final ByteBuffer[] dsts) |
| throws SSLException; |
| |
| abstract SSLEngineResult unwrap(final ByteBuffer[] srcs, int srcsOffset, final int srcsLength, |
| final ByteBuffer[] dsts, final int dstsOffset, final int dstsLength) |
| throws SSLException; |
| |
| @Override |
| public abstract SSLEngineResult wrap(ByteBuffer src, ByteBuffer dst) throws SSLException; |
| |
| @Override |
| public abstract SSLEngineResult wrap( |
| ByteBuffer[] srcs, int srcsOffset, int srcsLength, ByteBuffer dst) throws SSLException; |
| |
| /** |
| * This method enables session ticket support. |
| * |
| * @param useSessionTickets True to enable session tickets |
| */ |
| abstract void setUseSessionTickets(boolean useSessionTickets); |
| |
| /** |
| * Sets the list of ALPN protocols. |
| * |
| * @param protocols the list of ALPN protocols |
| */ |
| abstract void setApplicationProtocols(String[] protocols); |
| |
| /** |
| * Returns the list of supported ALPN protocols. |
| */ |
| abstract String[] getApplicationProtocols(); |
| |
| @SuppressWarnings("MissingOverride") // For compiling pre Java 9. |
| public abstract String getApplicationProtocol(); |
| |
| @SuppressWarnings("MissingOverride") // For compiling pre Java 9. |
| public abstract String getHandshakeApplicationProtocol(); |
| |
| /** |
| * Sets an application-provided ALPN protocol selector. If provided, this will override |
| * the list of protocols set by {@link #setApplicationProtocols(String[])}. |
| */ |
| abstract void setApplicationProtocolSelector(ApplicationProtocolSelector selector); |
| |
| /** |
| * Returns the tls-unique channel binding value for this connection, per RFC 5929. This |
| * will return {@code null} if there is no such value available, such as if the handshake |
| * has not yet completed or this connection is closed. |
| */ |
| abstract byte[] getTlsUnique(); |
| |
| /** |
| * Exports a value derived from the TLS master secret as described in RFC 5705. |
| * |
| * @param label the label to use in calculating the exported value. This must be |
| * an ASCII-only string. |
| * @param context the application-specific context value to use in calculating the |
| * exported value. This may be {@code null} to use no application context, which is |
| * treated differently than an empty byte array. |
| * @param length the number of bytes of keying material to return. |
| * @return a value of the specified length, or {@code null} if the handshake has not yet |
| * completed or the connection has been closed. |
| * @throws SSLException if the value could not be exported. |
| */ |
| abstract byte[] exportKeyingMaterial(String label, byte[] context, int length) |
| throws SSLException; |
| } |