com.wolfssl
Class WolfSSLContext

java.lang.Object
  extended by com.wolfssl.WolfSSLContext

public class WolfSSLContext
extends java.lang.Object

Wraps a native WolfSSL context object and contains methods directly related to the SSL/TLS context.

Version:
1.0, August 2013
Author:
wolfSSL

Constructor Summary
WolfSSLContext(long method)
          Creates a new SSL/TLS context for the desired SSL/TLS protocol level.
 
Method Summary
 int disableCRL()
          Turns off Certificate Revocation List (CRL) checking for the specified Context.
 int enableCRL(int options)
          Turns on Certificate Revocation List (CRL) checking when verifying certificates for the specified Context.
 void free()
          Frees an allocated SSL context.
 int getCertCacheMemsize()
          Gets how big the certificate cache save buffer needs to be.
 int loadCRL(java.lang.String path, int type, int monitor)
          Loads CRL files into wolfSSL from the specified path, using the specified Context.
 int loadVerifyBuffer(byte[] in, long sz, int format)
          Loads a CA certificate buffer into the SSL context.
 int loadVerifyLocations(java.lang.String file, java.lang.String path)
          Loads PEM-formatted CA certificates into the SSL context.
 int memrestoreCertCache(byte[] mem, int sz)
          Restores the certificate cache from memory.
 int memsaveCertCache(byte[] mem, int sz, int[] used)
          Persists the certificate cache to memory.
 int setCipherList(java.lang.String list)
          Sets the cipher suite list for a given SSL context.
 int setCRLCb(WolfSSLMissingCRLCallback cb)
          Registers CRL callback to be called when CRL lookup fails, using specified Context.
 void setDecryptVerifyCb(WolfSSLDecryptVerifyCallback callback)
          Allows caller to set the Atomic Record Processing Decrypt/Verify Callback.
 void setEccSignCb(WolfSSLEccSignCallback callback)
          Allows caller to set the Public Key Callback for ECC Signing.
 void setEccVerifyCb(WolfSSLEccVerifyCallback callback)
          Allows caller to set the Public Key Callback for ECC Verification.
 void setGenCookie(WolfSSLGenCookieCallback callback)
          Registers a DTLS cookie generation callback.
 int setGroupMessages()
          Turns on grouping of the handshake messages where possible using the SSL context.
 void setIORecv(WolfSSLIORecvCallback callback)
          Registers a receive callback for wolfSSL to get input data.
 void setIOSend(WolfSSLIOSendCallback callback)
          Registers a send callback for wolfSSL to write output data.
 void setMacEncryptCb(WolfSSLMacEncryptCallback callback)
          Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback.
 int setOCSPOptions(long options)
          Sets options to configure behavior of OCSP functionality in wolfSSL.
 int setOCSPOverrideUrl(java.lang.String url)
          Manually sets the URL for OCSP to use.
 void setRsaDecCb(WolfSSLRsaDecCallback callback)
          Allows caller to set the Public Key for RSA Private Decrypt.
 void setRsaEncCb(WolfSSLRsaEncCallback callback)
          Allows caller to set the Public Key Callback for RSA Public Encrypt.
 void setRsaSignCb(WolfSSLRsaSignCallback callback)
          Allows caller to set the Public Key Callback for RSA Signing.
 void setRsaVerifyCb(WolfSSLRsaVerifyCallback callback)
          Allows caller to set the Public Key Callback for RSA Verification.
 void setVerify(int mode, WolfSSLVerifyCallback callback)
          Sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session.
 int useCertificateBuffer(byte[] in, long sz, int format)
          Loads a certificate buffer into the SSL context.
 int useCertificateChainBuffer(byte[] in, long sz)
          Loads a certificate chain buffer into the SSL context.
 int useCertificateChainFile(java.lang.String file)
          Loads a chain of certificates into the SSL context.
 int useCertificateFile(java.lang.String file, int format)
          Loads a certificate file into the SSL context.
 int usePrivateKeyBuffer(byte[] in, long sz, int format)
          Loads a private key buffer into the SSL context.
 int usePrivateKeyFile(java.lang.String file, int format)
          Loads a private key file into the SSL context.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

WolfSSLContext

public WolfSSLContext(long method)
               throws WolfSSLException
Creates a new SSL/TLS context for the desired SSL/TLS protocol level.

Parameters:
method - a pointer (long) to the desired CYASSL_METHOD for use in the SSL context. This CYASSL_METHOD pointer is created with one of the protocol-specific methods (ex: TLSv1_2_ClientMethod()) matching to the desired SSL/TLS/DTLS protocol level.
Throws:
WolfSSLException
Method Detail

useCertificateFile

public int useCertificateFile(java.lang.String file,
                              int format)
Loads a certificate file into the SSL context. This file is provided by the file parameter. The format paramenter specifies the format type of the file - either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the CyaSSL examples for proper usage.

Parameters:
file - a file containing the certificate to be loaded into the wolfSSL SSL context.
format - format of the certificates pointed to by file . Possible options are SSL_FILETYPE_ASN1, for DER-encoded certificates, or SSL_FILETYPE_PEM for PEM-encoded certificates.
Returns:
SSL_SUCCESS upon success, otherwise SSL_FAILURE. Possible failure causes may be that the file is in the wrong format, the format argument was given incorrectly, the file doesn't exist, can't be read, or is corrupted, an out of memory condition occurs, or the Base16 decoding fails on the file.
See Also:
WolfSSLSession.useCertificateFile(String, int)

usePrivateKeyFile

public int usePrivateKeyFile(java.lang.String file,
                             int format)
Loads a private key file into the SSL context. This file is provided by the file parameter. The format paramenter specifies the format type of the file - either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the CyaSSL examples for proper usage.

Parameters:
file - a file containing the private key to be loaded into the wolfSSL SSL context.
format - format of the private key pointed to by file . Possible options are SSL_FILETYPE_ASN1, for a DER-encoded key, or SSL_FILETYPE_PEM for a PEM-encoded key.
Returns:
SSL_SUCCESS upon success, otherwise SSL_FAILURE. Possible failure causes may be that the file is in the wrong format, the format argument was given incorrectly, the file doesn't exist, can't be read, or is corrupted, an out of memory condition occurs, the Base16 decoding fails on the file, or the key file is encrypted but no password is provided.
See Also:
WolfSSLSession.usePrivateKeyFile(String, int)

loadVerifyLocations

public int loadVerifyLocations(java.lang.String file,
                               java.lang.String path)
Loads PEM-formatted CA certificates into the SSL context. These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake.

The root certificate provided by the file paramter may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order which they are presented in the file. The path parameter is a directory path which contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as null if not needed. If path is specified, and NO_CYASSL_DIR is defined when building the library, wolfSSL will load all CA certificates located in the given directory.

Parameters:
file - path to the file containing PEM-formatted CA certificates
path - path to directory containing PEM-formatted CA certificates to load
Returns:
SSL_SUCCESS on success. Otherwise
SSL_FAILURE if ctx is null, or if both file and path are null.
SSL_BAD_FILETYPE if the file is in the wrong format.
SSL_BAD_FILE if the file doesn't exist, can't be read, or is corrupted.
MEMORY_E if an out of memory condition occurs.
ASN_INPUT_E if Base16 decoding fails on the file.
BUFFER_E if a chain buffer is bigger than the recieving buffer.
BAD_PATH_ERROR if the native opendir() function call fails when trying to open path.
See Also:
useCertificateFile(String, int), usePrivateKeyFile(String, int), useCertificateChainFile(String), WolfSSLSession.useCertificateFile(String, int), WolfSSLSession.usePrivateKeyFile(String, int), WolfSSLSession.useCertificateChainFile(String)

useCertificateChainFile

public int useCertificateChainFile(java.lang.String file)
Loads a chain of certificates into the SSL context. The file containing the certificate chain is provided by the file parameter and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject cert.

Parameters:
file - path to the file containing the chain of certificates to be loaded into the wolfSSL SSL context. Certificates must be in PEM format.
Returns:
SSL_SUCCESS on success, otherwise SSL_FAILURE. If the function call fails, possible causes might include: the file is in the wrong format, the file doesn't exist, can't be read, or is corrupted, or an out of memory condition occurs.
See Also:
useCertificateFile(String, int), WolfSSLSession.useCertificateFile(String, int)

setVerify

public void setVerify(int mode,
                      WolfSSLVerifyCallback callback)
Sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. If no verify callback is desired, null can be used for callback.

The verification mode of peer certificates is a logically OR'd list of flags. The possible flag values include:

SSL_VERIFY_NONE
Client mode: the client will not verify the certificate received from teh server and the handshake will continue as normal.
Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled.

SSL_VERIFY_PEER
Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect.
Server mode: the server will send a certificate request to the client and verify the client certificate received.

SSL_VERIFY_FAIL_IF_NO_PEER_CERT
Client mode: no effect when used on the client side.
Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server).

Parameters:
mode - session timeout value in seconds
callback - custom verification callback to register with the SSL session. If no callback is desired, null may be used.

free

public void free()
Frees an allocated SSL context. This method decrements the CTX reference count and only frees the context when the reference count has reached zero.

See Also:
WolfSSLSession.freeSSL()

memsaveCertCache

public int memsaveCertCache(byte[] mem,
                            int sz,
                            int[] used)
Persists the certificate cache to memory. Use this method to store the current certificate cache to a memory buffer.

Parameters:
mem - the buffer to store the certificate cache in
sz - the size of the output buffer, mem
used - output parameter, the size of the cert cache in bytes is returned in the first element of this array.
Returns:
SSL_SUCCESS on success, SSL_FAILURE on general failure, BAD_FUNC_ARG if null or negative parameters are passed in, BAD_MUTEX_ERROR if the CA mutex lock fails, BUFFER_E if the output buffer is too small.
See Also:
WolfSSL.memsaveSessionCache(byte[], int), WolfSSL.memrestoreSessionCache(byte[], int), WolfSSL.getSessionCacheMemsize(), memsaveCertCache(byte[], int, int[]), memrestoreCertCache(byte[], int), getCertCacheMemsize()

memrestoreCertCache

public int memrestoreCertCache(byte[] mem,
                               int sz)
Restores the certificate cache from memory. This method restores the certificate cache from a saved memory buffer.

Parameters:
mem - memory buffer containing the stored certificate cache to restore
sz - size of the input memory buffer, mem
Returns:
SSL_SUCCESS upon success, SSL_FAILURE upon general failure, BAD_FUNC_ARG if null or negative parameters are passed in, BUFFER_E if the certificate cache memory buffer is too small, CACHE_MATCH_ERROR if the cert cache memory header match failed, BAD_MUTEX_ERROR if the CA mutex lock failed.
See Also:
WolfSSL.memsaveSessionCache(byte[], int), WolfSSL.memrestoreSessionCache(byte[], int), WolfSSL.getSessionCacheMemsize(), memsaveCertCache(byte[], int, int[]), getCertCacheMemsize()

getCertCacheMemsize

public int getCertCacheMemsize()
Gets how big the certificate cache save buffer needs to be. Use this method to get how big the output buffer needs to be in which to save the current certifiate cache to memory.

Returns:
size, in bytes, of how large the output buffer should be to store the certificate cache into memory.
See Also:
WolfSSL.memsaveSessionCache(byte[], int), WolfSSL.memrestoreSessionCache(byte[], int), WolfSSL.getSessionCacheMemsize(), memsaveCertCache(byte[], int, int[]), memrestoreCertCache(byte[], int)

setCipherList

public int setCipherList(java.lang.String list)
Sets the cipher suite list for a given SSL context. This cipher suite list becomes the default list for any new SSL sessions created using this context. The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to ctxSetCipherList() resets the cipher suite list for the specific SSL context to the provided list each time time the method is called.

The cipher suite list, list, is a null-terminated text String, and colon-delimited list. For example, one possible list may be:

"DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256"

Valid cipher values are the full name values from the cipher_names[] array in the native wolfSSL src/internal.c:

Parameters:
list - null-terminated text string and colon-delimited list of cipher suites to use with the specified SSL context.
Returns:
SSL_SUCCESS upon success. SSL_FAILURE upon failure.
See Also:
WolfSSLSession.setCipherList(String)

loadVerifyBuffer

public int loadVerifyBuffer(byte[] in,
                            long sz,
                            int format)
Loads a CA certificate buffer into the SSL context. This method behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer is provided by the in parameter of size sz. format specifies the format type of the buffer, either SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1. More than one CA certificate may be loaded per buffer as long as the format is in PEM format.

Parameters:
in - input buffer containing CA certificate to load
sz - size of the input buffer, in
format - format of the certificate buffer being loaded - either SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
Returns:
SSL_SUCCESS upon success, SSL_FAILURE upon general failure, SSL_BAD_FILETYPE if the file is in the wrong format, SSL_BAD_FILE if the file doesn't exist, can't be read, or is corrupted. MEMORY_E if an out of memory condition occurs, ASN_INPUT_E if Base16 decoding fails on the file, BUFFER_E will be returned if a chain buffer is bigger than the receiving buffer, and BAD_FUNC_ARG will be returned if invalid arguments are provided.
See Also:
loadVerifyLocations(String, String), useCertificateBuffer(byte[], long, int), usePrivateKeyBuffer(byte[], long, int), useCertificateChainBuffer(byte[], long), WolfSSLSession.useCertificateBuffer(byte[], long, int), WolfSSLSession.usePrivateKeyBuffer(byte[], long, int), WolfSSLSession.useCertificateChainBuffer(byte[], long)

useCertificateBuffer

public int useCertificateBuffer(byte[] in,
                                long sz,
                                int format)
Loads a certificate buffer into the SSL context. This method behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instea of a file.

Parameters:
in - input buffer containing the certificate to load
sz - size of the input buffer, in
format - format of the certificate buffer being loaded - either SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
Returns:
SSL_SUCCESS upon success, SSL_FAILURE upon general failure, SSL_BAD_FILETYPE if the file is in the wrong format, SSL_BAD_FILE if the file doesn't exist, can't be read, or is corrupted. MEMORY_E if an out of memory condition occurs, ASN_INPUT_E if Base16 decoding fails on the file, BAD_FUNC_ARG if invalid input arguments are provided.
See Also:
loadVerifyBuffer(byte[], long, int), usePrivateKeyBuffer(byte[], long, int), useCertificateChainBuffer(byte[], long), WolfSSLSession.useCertificateBuffer(byte[], long, int), WolfSSLSession.usePrivateKeyBuffer(byte[], long, int), WolfSSLSession.useCertificateChainBuffer(byte[], long)

usePrivateKeyBuffer

public int usePrivateKeyBuffer(byte[] in,
                               long sz,
                               int format)
Loads a private key buffer into the SSL context. This method behaves like the non-buffered version, only differing in its ability to be called with a buffer as input rather than a file.

Parameters:
in - the input buffer containing the private key to be loaded
sz - the size of the input buffer, in
format - format of the certificate buffer being loaded - either SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
Returns:
SSL_SUCCESS upon success, SSL_FAILURE upon general failure, SSL_BAD_FILETYPE if the file is in the wrong format, SSL_BAD_FILE if the file doesn't exist, can't be read, or is corrupted. MEMORY_E if an out of memory condition occurs, ASN_INPUT_E if Base16 decoding fails on the file, NO_PASSWORD if the key file is encrypted but no password is provided, and BAD_FUNC_ARG if invalid input arguments are provided.
See Also:
loadVerifyBuffer(byte[], long, int), useCertificateBuffer(byte[], long, int), useCertificateChainBuffer(byte[], long), WolfSSLSession.useCertificateBuffer(byte[], long, int), WolfSSLSession.usePrivateKeyBuffer(byte[], long, int), WolfSSLSession.useCertificateChainBuffer(byte[], long)

useCertificateChainBuffer

public int useCertificateChainBuffer(byte[] in,
                                     long sz)
Loads a certificate chain buffer into the SSL context. This method behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. The buffer must be in PEM format and start with the subject's certificate, ending with the root certificate.

Parameters:
in - the input buffer containing the PEM-formatted certificate chain to be loaded.
sz - the size of the input buffer, in
Returns:
SSL_SUCCESS upon success, SSL_FAILURE upon general failure, SSL_BAD_FILETYPE if the file is in the wrong format, SSL_BAD_FILE if the file doesn't exist, can't be read, or is corrupted. MEMORY_E if an out of memory condition occurs, ASN_INPUT_E if Base16 decoding fails on the file, BUFFER_E if a chain buffer is bigger than the receiving buffer, and BAD_FUNC_ARG if invalid input arguments are provided.
See Also:
loadVerifyBuffer(byte[], long, int), useCertificateBuffer(byte[], long, int), usePrivateKeyBuffer(byte[], long, int), WolfSSLSession.useCertificateBuffer(byte[], long, int), WolfSSLSession.usePrivateKeyBuffer(byte[], long, int), WolfSSLSession.useCertificateChainBuffer(byte[], long)

setGroupMessages

public int setGroupMessages()
Turns on grouping of the handshake messages where possible using the SSL context.

Returns:
SSL_SUCCESS upon success. BAD_FUNC_ARG if the input context is null.
See Also:
WolfSSLSession.setGroupMessages()

setIORecv

public void setIORecv(WolfSSLIORecvCallback callback)
Registers a receive callback for wolfSSL to get input data. By default, CyaSSL uses EmbedReceive() in src/io.c as the callback. This uses the system's TCP recv() function. The user can register a function to get input from memory, some other network module, or from anywhere. Please see the EmbedReceive() function in src/io.c as a guide for how the function should work and for error codes.

In particular, IO_ERR_WANT_READ should be returned for non-blocking receive when no data is ready.

Parameters:
callback - method to be registered as the receive callback for the wolfSSL context. The signature of this function must follow that as shown in WolfSSLIORecvCallback#receiveCallback(WolfSSLSession, byte[], int, long).
See Also:
setIOSend(WolfSSLIOSendCallback)

setIOSend

public void setIOSend(WolfSSLIOSendCallback callback)
Registers a send callback for wolfSSL to write output data. By default, wolfSSL uses EmbedSend() in src/io.c as the callback, which uses the system's TCP send() function. The user can register a function to send output to memory, some other network module, or to anywhere. Please see the EmbedSend() function in src/io.c as a guide for how the function should work and for error codes.

In particular, IO_ERR_WANT_WRITE should be returned for non-blocking send when the action cannot be taken yet.

Parameters:
callback - method to be registered as the send callback for the wolfSSL context. The signature of this function must follow that as shown in WolfSSLIOSendCallback#sendCallback(WolfSSLSession, byte[], int, Object).
See Also:
setIORecv(WolfSSLIORecvCallback)

setGenCookie

public void setGenCookie(WolfSSLGenCookieCallback callback)
Registers a DTLS cookie generation callback. By default, wolfSSL uses EmbedGenerateCookie() in src/io.c as the callback, which does a SHA hash of the peer's address and port. This method can be used to register a custom cookie generation callback, which is needed when the application is using custom I/O callbacks.

The cookie generation callback should return the size of the resulting cookie (normally, the size of the SHA hash generated), or WolfSSL.GEN_COOKIE_E upon error.

Parameters:
callback - method to be registered as the cookie generation callback for the wolfSSL context. The signature of this function must follow that as shown in WolfSSLGenCookieCallback#genCookieCallback( WolfSSLSession, byte[], int, Object).

enableCRL

public int enableCRL(int options)
Turns on Certificate Revocation List (CRL) checking when verifying certificates for the specified Context. By default, CRL checking is off. options include CYASSL_CRL_CHECKALL which performs CRL checking on each certificate in the chain versus the leaf certificate only (which is default).

Parameters:
options - options to use when enabling CRL
Returns:
SSL_SUCCESS upon success. NOT_COMPILED_IN if wolfSSL was not compiled with CRL enabled. MEMORY_E if an out of memory condition occurs. BAD_FUNC_ARG if a pointer is not provided, and SSL_FAILURE if the CRL context cannot be initialized properly.
See Also:
WolfSSLSession.enableCRL(int), WolfSSLSession.disableCRL(), WolfSSLSession.loadCRL(String, int, int), WolfSSLSession.setCRLCb(WolfSSLMissingCRLCallback), disableCRL(), setCRLCb(WolfSSLMissingCRLCallback)

disableCRL

public int disableCRL()
Turns off Certificate Revocation List (CRL) checking for the specified Context. By default, CRL checking is off. This function can be used to temporarily or permanently disable CRL checking for a given SSL session object that previously had CRL checking enabled.

Returns:
SSL_SUCCESS on success, BAD_FUNC_ARG if pointer is not provided.
See Also:
WolfSSLSession.enableCRL(int), WolfSSLSession.disableCRL(), WolfSSLSession.loadCRL(String, int, int), WolfSSLSession.setCRLCb(WolfSSLMissingCRLCallback), enableCRL(int), setCRLCb(WolfSSLMissingCRLCallback)

loadCRL

public int loadCRL(java.lang.String path,
                   int type,
                   int monitor)
Loads CRL files into wolfSSL from the specified path, using the specified Context. This method loads a list of CRL files into wolfSSL. The files can be in either PEM or DER format, as specified by the type parameter.

Parameters:
path - path to directory containing CRL files
type - type of files in path, either SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 .
monitor - OR'd list of flags to indicate if wolfSSL should monitor the provided CRL directory for changes. Flag values include CYASSL_CRL_MONITOR to indicate that the directory should be monitored and CYASSL_CRL_START_MON to start the monitor.
Returns:
SSL_SUCCESS upon success
SSL_FATAL_ERROR if enabling the internal CertManager fails
BAD_FUNC_ARG if the SSL pointer is null
BAD_PATH_ERROR if there is an error opening the provided directory
MEMORY_E if a memory error occurred
MONITOR_RUNNING_E if the CRL monitor is already running
THREAD_CREATE_E if there was an error when creating the CRL monitoring thread.
See Also:
WolfSSLSession.enableCRL(int), WolfSSLSession.disableCRL(), WolfSSLSession.loadCRL(String, int, int), WolfSSLSession.setCRLCb(WolfSSLMissingCRLCallback), enableCRL(int), disableCRL(), setCRLCb(WolfSSLMissingCRLCallback)

setCRLCb

public int setCRLCb(WolfSSLMissingCRLCallback cb)
Registers CRL callback to be called when CRL lookup fails, using specified Context.

Parameters:
cb - callback to be registered with SSL context, called when CRL lookup fails.
Returns:
SSL_SUCCESS upon success, BAD_FUNC_ARG if SSL pointer is null.
See Also:
WolfSSLSession.enableCRL(int), WolfSSLSession.disableCRL(), WolfSSLSession.loadCRL(String, int, int), WolfSSLSession.setCRLCb(WolfSSLMissingCRLCallback), enableCRL(int), disableCRL()

setOCSPOptions

public int setOCSPOptions(long options)
Sets options to configure behavior of OCSP functionality in wolfSSL. The value of options is formed by OR'ing one or more of the following options:
CYASSL_OCSP_ENABLE - enable OCSP lookups
CYASSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in certificates
This function only sets the OCSP options when wolfSSL has been compiled with OCSP support (--enable-ocsp, #define HAVE_OCSP).

Parameters:
options - value used to set the OCSP options
Returns:
SSL_SUCCESS upon success, SSL_FAILURE upon failure, NOT_COMPILED_IN when this function has been called, but OCSP support was not enabled when wolfSSL was compiled.
See Also:
setOCSPOverrideUrl(String)

setOCSPOverrideUrl

public int setOCSPOverrideUrl(java.lang.String url)
Manually sets the URL for OCSP to use. By default, OCSP will use the URL found in the individual certificate unless the CYASSL_OCSP_URL_OVERRIDE option is set using the setOCSPOptions() method.

Parameters:
url - the OCSP override URL for wolfSSL to use
Returns:
SSL_SUCCESS upon success, SSL_FAILURE upon failure, NOT_COMPILED_IN when this function has been called, but OCSP support was not enabled when wolfSSL was compiled.
See Also:
setOCSPOptions(long)

setMacEncryptCb

public void setMacEncryptCb(WolfSSLMacEncryptCallback callback)
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback. The callback should return 0 for success, or less than 0 for an error. The ssl and ctx pointers are available for the users convenience. macOut is the output buffer where the result of the mac should be stored. macIn is the mac input buffer and macinSz notes the size of the buffer. macContent and macVerify are needed for setTlsHmacInner() and can be passed along as-is. encOut is the output buffer where the result on encryption should be stored. encIn is the input buffer to encrypt while encSz is the size of the input.

An example Java callback can be found in examples/MyMacEncryptCallback.java.

Parameters:
callback - object to be registered as the MAC/encrypt callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLMacEncryptCallback.java, with macEncryptCallback().
See Also:
setDecryptVerifyCb(WolfSSLDecryptVerifyCallback)

setDecryptVerifyCb

public void setDecryptVerifyCb(WolfSSLDecryptVerifyCallback callback)
Allows caller to set the Atomic Record Processing Decrypt/Verify Callback. The callback should return 0 for success, or a negative value for an error. The ssl and ctx pointers are available for the users convenience. decOut is the output buffer where the result of the decryption should be stored. decIn is the encrypted input buffer and decInSz notes the size of the buffer. context and verify are needed for setTlsHmacInner() and can be passed along as-is. padSz is an output variable, where the first element in the array should be set with the total value of the padding. That is, the mac size plus any padding and pad bytes. An example callback can be found in examples/MyDecryptVerifyCallback.java.

Parameters:
callback - object to be registered as the decrypt/verify callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLDecryptVerifyCallback.java, inside decryptVerifyCallback().
See Also:
setMacEncryptCb(WolfSSLMacEncryptCallback)

setEccSignCb

public void setEccSignCb(WolfSSLEccSignCallback callback)
Allows caller to set the Public Key Callback for ECC Signing. The callback should return 0 for success or a negative value for an error. The ssl and ctx pointers are available for the users convenience. in is the inptu buffer to sign while inSz denotes the length of the input. out is the output buffer where the result of the signature should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation and the actual size of the signature should be stored there before returning. keyDer is the ECC Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found in examples/MyEccSignCallback.java.

Parameters:
callback - object to be registered as the ECC signing callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLEccSignCallback.java, inside eccSignCallback().
See Also:
WolfSSLSession.setEccSignCtx(Object)

setEccVerifyCb

public void setEccVerifyCb(WolfSSLEccVerifyCallback callback)
Allows caller to set the Public Key Callback for ECC Verification. The callback should return 0 for success or a negative value for an error. The ssl and ctx pointers are available for the users convenience. sig is the signature to verify and sigSz denotes the length of the signature. hash is an input buffer containing the digest of the message and hashSz denotes the length in bytes of the hash. result is an output variable where the result of the verification should be stored, 1 for success and 0 for failure. keyDer is the ECC Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found in examples/MyEccVerifyCallback.java.

Parameters:
callback - object to be registered as the ECC verification callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLEccVerifyCallback.java, inside eccVerifyCallback().
See Also:
WolfSSLSession.setEccVerifyCtx(Object)

setRsaSignCb

public void setRsaSignCb(WolfSSLRsaSignCallback callback)
Allows caller to set the Public Key Callback for RSA Signing. The callback should return 0 for success or a negative value for an error. The ssl and ctx pointers are available for the users convenience. in is the input buffer to sign while inSz denotes the length of the input. out is the output buffer where the result of the signature should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation. The actual size of the signature should be stored there before returning. keyDer is the RSA Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found in examples/MyRsaSignCallback.java.

Parameters:
callback - object to be registered as the RSA signing callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLRsaSignCallback.java, inside rsaSignCallback().
See Also:
WolfSSLSession.setRsaSignCtx(Object)

setRsaVerifyCb

public void setRsaVerifyCb(WolfSSLRsaVerifyCallback callback)
Allows caller to set the Public Key Callback for RSA Verification. The callback should return the number of plaintext bytes for success or a negative value for an error. The ssl and ctx pointers are available for the users convenience. sig is the signature to verify and sigSz denotes the length of the signature. out should be set to the beginning of the verification buffer after the decryption process and any padding. outSz denotes the size size of the output buffer. keyDer is the RSA Public key in ASN1 format and keySz is the length of the key in bytes. An example can be found in examples/MyRsaVerifyCallback.java.

Parameters:
callback - object to be registered as the RSA verify callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLRsaVerifyCallback.java, inside rsaVerifyCallback().
See Also:
WolfSSLSession.setRsaVerifyCtx(Object)

setRsaEncCb

public void setRsaEncCb(WolfSSLRsaEncCallback callback)
Allows caller to set the Public Key Callback for RSA Public Encrypt. The callback should return 0 for success or negative value for an error. The ssl and ctx objects are available for the users convenience. in is the input buffer to encrypt while inSz denotes the length of the input. out is the output buffer where the result of the encryption should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation and the actual size of the encryption should be stored there before returning. keyDer is the RSA Public key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found in examples/MyRsaEncCallback.java.

Parameters:
callback - object to be registered as the RSA public encrypt callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLRsaEncCallback.java, inside rsaEncCallback().
See Also:
WolfSSLSession.setRsaEncCtx(Object)

setRsaDecCb

public void setRsaDecCb(WolfSSLRsaDecCallback callback)
Allows caller to set the Public Key for RSA Private Decrypt. The callback should return the number of plaintext bytes for success or a negative value for an error. The ssl and ctx parameters are available for the users convenience. in is the input buffer to decrypt and inSz denotes the length of the input. out should be the decrypted buffer after the decryption process and any padding, with outSz denoting the size of the output buffer. keyDer is the RSA Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found in examples/MyRsaDecCallback.java.

Parameters:
callback - object to be registered as the RSA private decrypt callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLRsaDecCallback.java, inside rsaDecCallback().
See Also:
WolfSSLSession.setRsaDecCtx(Object)