|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.wolfssl.WolfSSLContext
public class WolfSSLContext
Wraps a native WolfSSL context object and contains methods directly related to the SSL/TLS context.
Constructor Summary | |
---|---|
WolfSSLContext(long method)
Creates a new SSL/TLS context for the desired SSL/TLS protocol level. |
Method Summary | |
---|---|
int |
disableCRL()
Turns off Certificate Revocation List (CRL) checking for the specified Context. |
int |
enableCRL(int options)
Turns on Certificate Revocation List (CRL) checking when verifying certificates for the specified Context. |
void |
free()
Frees an allocated SSL context. |
int |
getCertCacheMemsize()
Gets how big the certificate cache save buffer needs to be. |
int |
loadCRL(java.lang.String path,
int type,
int monitor)
Loads CRL files into wolfSSL from the specified path, using the specified Context. |
int |
loadVerifyBuffer(byte[] in,
long sz,
int format)
Loads a CA certificate buffer into the SSL context. |
int |
loadVerifyLocations(java.lang.String file,
java.lang.String path)
Loads PEM-formatted CA certificates into the SSL context. |
int |
memrestoreCertCache(byte[] mem,
int sz)
Restores the certificate cache from memory. |
int |
memsaveCertCache(byte[] mem,
int sz,
int[] used)
Persists the certificate cache to memory. |
int |
setCipherList(java.lang.String list)
Sets the cipher suite list for a given SSL context. |
int |
setCRLCb(WolfSSLMissingCRLCallback cb)
Registers CRL callback to be called when CRL lookup fails, using specified Context. |
void |
setDecryptVerifyCb(WolfSSLDecryptVerifyCallback callback)
Allows caller to set the Atomic Record Processing Decrypt/Verify Callback. |
void |
setEccSignCb(WolfSSLEccSignCallback callback)
Allows caller to set the Public Key Callback for ECC Signing. |
void |
setEccVerifyCb(WolfSSLEccVerifyCallback callback)
Allows caller to set the Public Key Callback for ECC Verification. |
void |
setGenCookie(WolfSSLGenCookieCallback callback)
Registers a DTLS cookie generation callback. |
int |
setGroupMessages()
Turns on grouping of the handshake messages where possible using the SSL context. |
void |
setIORecv(WolfSSLIORecvCallback callback)
Registers a receive callback for wolfSSL to get input data. |
void |
setIOSend(WolfSSLIOSendCallback callback)
Registers a send callback for wolfSSL to write output data. |
void |
setMacEncryptCb(WolfSSLMacEncryptCallback callback)
Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback. |
int |
setOCSPOptions(long options)
Sets options to configure behavior of OCSP functionality in wolfSSL. |
int |
setOCSPOverrideUrl(java.lang.String url)
Manually sets the URL for OCSP to use. |
void |
setRsaDecCb(WolfSSLRsaDecCallback callback)
Allows caller to set the Public Key for RSA Private Decrypt. |
void |
setRsaEncCb(WolfSSLRsaEncCallback callback)
Allows caller to set the Public Key Callback for RSA Public Encrypt. |
void |
setRsaSignCb(WolfSSLRsaSignCallback callback)
Allows caller to set the Public Key Callback for RSA Signing. |
void |
setRsaVerifyCb(WolfSSLRsaVerifyCallback callback)
Allows caller to set the Public Key Callback for RSA Verification. |
void |
setVerify(int mode,
WolfSSLVerifyCallback callback)
Sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. |
int |
useCertificateBuffer(byte[] in,
long sz,
int format)
Loads a certificate buffer into the SSL context. |
int |
useCertificateChainBuffer(byte[] in,
long sz)
Loads a certificate chain buffer into the SSL context. |
int |
useCertificateChainFile(java.lang.String file)
Loads a chain of certificates into the SSL context. |
int |
useCertificateFile(java.lang.String file,
int format)
Loads a certificate file into the SSL context. |
int |
usePrivateKeyBuffer(byte[] in,
long sz,
int format)
Loads a private key buffer into the SSL context. |
int |
usePrivateKeyFile(java.lang.String file,
int format)
Loads a private key file into the SSL context. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public WolfSSLContext(long method) throws WolfSSLException
method
- a pointer (long) to the desired CYASSL_METHOD for
use in the SSL context. This CYASSL_METHOD pointer
is created with one of the protocol-specific methods
(ex: TLSv1_2_ClientMethod()) matching to the desired
SSL/TLS/DTLS protocol level.
WolfSSLException
Method Detail |
---|
public int useCertificateFile(java.lang.String file, int format)
file
- a file containing the certificate to be loaded into
the wolfSSL SSL context.format
- format of the certificates pointed to by file
. Possible options are SSL_FILETYPE_ASN1,
for DER-encoded certificates, or SSL_FILETYPE_PEM
for PEM-encoded certificates.
SSL_SUCCESS
upon success, otherwise
SSL_FAILURE
. Possible failure causes
may be that the file is in the wrong format, the
format argument was given incorrectly, the file
doesn't exist, can't be read, or is corrupted,
an out of memory condition occurs, or the Base16
decoding fails on the file.WolfSSLSession.useCertificateFile(String, int)
public int usePrivateKeyFile(java.lang.String file, int format)
file
- a file containing the private key to be loaded into
the wolfSSL SSL context.format
- format of the private key pointed to by file
. Possible options are SSL_FILETYPE_ASN1,
for a DER-encoded key, or SSL_FILETYPE_PEM
for a PEM-encoded key.
SSL_SUCCESS
upon success, otherwise
SSL_FAILURE
. Possible failure causes
may be that the file is in the wrong format, the
format argument was given incorrectly, the file
doesn't exist, can't be read, or is corrupted,
an out of memory condition occurs, the Base16
decoding fails on the file, or the key file is
encrypted but no password is provided.WolfSSLSession.usePrivateKeyFile(String, int)
public int loadVerifyLocations(java.lang.String file, java.lang.String path)
The root certificate provided by the file paramter may be a
single certificate or a file containing multiple certificates. If
multiple CA certs are included in the same file, wolfSSL will load them
in the same order which they are presented in the file. The path
parameter is a directory path which contains certificates of trusted
root CAs. If the value of file is not NULL, path may be
specified as null
if not needed. If path is
specified, and NO_CYASSL_DIR
is defined when building the
library, wolfSSL will load all CA certificates located in the given
directory.
file
- path to the file containing PEM-formatted CA certificatespath
- path to directory containing PEM-formatted CA certificates
to load
SSL_SUCCESS
on success. OtherwiseSSL_FAILURE
if ctx is null, or if
both file and path are null.SSL_BAD_FILETYPE
if the file is in the
wrong format.
SSL_BAD_FILE
if the file doesn't exist, can't
be read, or is corrupted.
MEMORY_E
if an out of memory condition
occurs.ASN_INPUT_E
if Base16 decoding fails on the
file.
BUFFER_E
if a chain buffer is bigger than the
recieving buffer.
BAD_PATH_ERROR
if the native opendir()
function call fails when trying to open path.useCertificateFile(String, int)
,
usePrivateKeyFile(String, int)
,
useCertificateChainFile(String)
,
WolfSSLSession.useCertificateFile(String, int)
,
WolfSSLSession.usePrivateKeyFile(String, int)
,
WolfSSLSession.useCertificateChainFile(String)
public int useCertificateChainFile(java.lang.String file)
MAX_CHAIN_DEPTH
(default = 9, defined
in internal.h) certificates, plus the subject cert.
file
- path to the file containing the chain of certificates
to be loaded into the wolfSSL SSL context. Certificates
must be in PEM format.
SSL_SUCCESS
on success, otherwise
SSL_FAILURE
. If the function call fails, possible
causes might include: the file is in the wrong format,
the file doesn't exist, can't be read, or is corrupted, or
an out of memory condition occurs.useCertificateFile(String, int)
,
WolfSSLSession.useCertificateFile(String, int)
public void setVerify(int mode, WolfSSLVerifyCallback callback)
callback
.
The verification mode of peer certificates is a logically OR'd list of flags. The possible flag values include:
SSL_VERIFY_NONE
Client mode: the client will not verify the certificate
received from teh server and the handshake will continue as normal.
Server mode: the server will not send a certificate request to
the client. As such, client verification will not be enabled.
SSL_VERIFY_PEER
Client mode: the client will verify the certificate received
from the server during the handshake. This is turned on by default in
wolfSSL, therefore, using this option has no effect.
Server mode: the server will send a certificate request to the
client and verify the client certificate received.
SSL_VERIFY_FAIL_IF_NO_PEER_CERT
Client mode: no effect when used on the client side.
Server mode: the verification will fail on the server side if
the client fails to send a certificate when requested to do so (when
using SSL_VERIFY_PEER on the SSL server).
mode
- session timeout value in secondscallback
- custom verification callback to register with the SSL
session. If no callback is desired, null
may be used.public void free()
WolfSSLSession.freeSSL()
public int memsaveCertCache(byte[] mem, int sz, int[] used)
mem
- the buffer to store the certificate cache insz
- the size of the output buffer, memused
- output parameter, the size of the cert cache in bytes is
returned in the first element of this array.
SSL_SUCCESS
on success,
SSL_FAILURE
on general failure,
BAD_FUNC_ARG
if null or negative
parameters are passed in,
BAD_MUTEX_ERROR
if the CA mutex lock
fails, BUFFER_E
if the output buffer
is too small.WolfSSL.memsaveSessionCache(byte[], int)
,
WolfSSL.memrestoreSessionCache(byte[], int)
,
WolfSSL.getSessionCacheMemsize()
,
memsaveCertCache(byte[], int, int[])
,
memrestoreCertCache(byte[], int)
,
getCertCacheMemsize()
public int memrestoreCertCache(byte[] mem, int sz)
mem
- memory buffer containing the stored certificate cache
to restoresz
- size of the input memory buffer, mem
SSL_SUCCESS
upon success,
SSL_FAILURE
upon general failure,
BAD_FUNC_ARG
if null or negative
parameters are passed in,
BUFFER_E
if the certificate cache
memory buffer is too small,
CACHE_MATCH_ERROR
if the cert cache
memory header match failed,
BAD_MUTEX_ERROR
if the CA mutex lock
failed.WolfSSL.memsaveSessionCache(byte[], int)
,
WolfSSL.memrestoreSessionCache(byte[], int)
,
WolfSSL.getSessionCacheMemsize()
,
memsaveCertCache(byte[], int, int[])
,
getCertCacheMemsize()
public int getCertCacheMemsize()
WolfSSL.memsaveSessionCache(byte[], int)
,
WolfSSL.memrestoreSessionCache(byte[], int)
,
WolfSSL.getSessionCacheMemsize()
,
memsaveCertCache(byte[], int, int[])
,
memrestoreCertCache(byte[], int)
public int setCipherList(java.lang.String list)
ctxSetCipherList()
resets the cipher suite list for
the specific SSL context to the provided list each time time the
method is called.
The cipher suite list, list, is a null-terminated text String, and colon-delimited list. For example, one possible list may be:
"DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256"
Valid cipher values are the full name values from the cipher_names[] array in the native wolfSSL src/internal.c:
list
- null-terminated text string and colon-delimited list
of cipher suites to use with the specified SSL
context.
SSL_SUCCESS
upon success.
SSL_FAILURE
upon failure.WolfSSLSession.setCipherList(String)
public int loadVerifyBuffer(byte[] in, long sz, int format)
in
- input buffer containing CA certificate to loadsz
- size of the input buffer, informat
- format of the certificate buffer being loaded - either
SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
SSL_SUCCESS
upon success,
SSL_FAILURE
upon general failure,
SSL_BAD_FILETYPE
if the file is
in the wrong format, SSL_BAD_FILE
if the file doesn't exist, can't be read, or is
corrupted. MEMORY_E
if an out of
memory condition occurs, ASN_INPUT_E
if Base16 decoding fails on the file,
BUFFER_E
will be returned if a
chain buffer is bigger than the receiving buffer, and
BAD_FUNC_ARG
will be returned
if invalid arguments are provided.loadVerifyLocations(String, String)
,
useCertificateBuffer(byte[], long, int)
,
usePrivateKeyBuffer(byte[], long, int)
,
useCertificateChainBuffer(byte[], long)
,
WolfSSLSession.useCertificateBuffer(byte[], long, int)
,
WolfSSLSession.usePrivateKeyBuffer(byte[], long, int)
,
WolfSSLSession.useCertificateChainBuffer(byte[], long)
public int useCertificateBuffer(byte[] in, long sz, int format)
in
- input buffer containing the certificate to loadsz
- size of the input buffer, informat
- format of the certificate buffer being loaded - either
SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
SSL_SUCCESS
upon success,
SSL_FAILURE
upon general failure,
SSL_BAD_FILETYPE
if the file is
in the wrong format, SSL_BAD_FILE
if the file doesn't exist, can't be read, or is
corrupted. MEMORY_E
if an out of
memory condition occurs, ASN_INPUT_E
if Base16 decoding fails on the file,
BAD_FUNC_ARG
if invalid input arguments
are provided.loadVerifyBuffer(byte[], long, int)
,
usePrivateKeyBuffer(byte[], long, int)
,
useCertificateChainBuffer(byte[], long)
,
WolfSSLSession.useCertificateBuffer(byte[], long, int)
,
WolfSSLSession.usePrivateKeyBuffer(byte[], long, int)
,
WolfSSLSession.useCertificateChainBuffer(byte[], long)
public int usePrivateKeyBuffer(byte[] in, long sz, int format)
in
- the input buffer containing the private key to be
loadedsz
- the size of the input buffer, informat
- format of the certificate buffer being loaded - either
SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
SSL_SUCCESS
upon success,
SSL_FAILURE
upon general failure,
SSL_BAD_FILETYPE
if the file is
in the wrong format, SSL_BAD_FILE
if the file doesn't exist, can't be read, or is
corrupted. MEMORY_E
if an out of
memory condition occurs, ASN_INPUT_E
if Base16 decoding fails on the file,
NO_PASSWORD
if the key file is
encrypted but no password is provided, and
BAD_FUNC_ARG
if invalid input arguments
are provided.loadVerifyBuffer(byte[], long, int)
,
useCertificateBuffer(byte[], long, int)
,
useCertificateChainBuffer(byte[], long)
,
WolfSSLSession.useCertificateBuffer(byte[], long, int)
,
WolfSSLSession.usePrivateKeyBuffer(byte[], long, int)
,
WolfSSLSession.useCertificateChainBuffer(byte[], long)
public int useCertificateChainBuffer(byte[] in, long sz)
in
- the input buffer containing the PEM-formatted
certificate chain to be loaded.sz
- the size of the input buffer, in
SSL_SUCCESS
upon success,
SSL_FAILURE
upon general failure,
SSL_BAD_FILETYPE
if the file is
in the wrong format, SSL_BAD_FILE
if the file doesn't exist, can't be read, or is
corrupted. MEMORY_E
if an out of
memory condition occurs, ASN_INPUT_E
if Base16 decoding fails on the file,
BUFFER_E
if a chain buffer is
bigger than the receiving buffer, and
BAD_FUNC_ARG
if invalid input arguments
are provided.loadVerifyBuffer(byte[], long, int)
,
useCertificateBuffer(byte[], long, int)
,
usePrivateKeyBuffer(byte[], long, int)
,
WolfSSLSession.useCertificateBuffer(byte[], long, int)
,
WolfSSLSession.usePrivateKeyBuffer(byte[], long, int)
,
WolfSSLSession.useCertificateChainBuffer(byte[], long)
public int setGroupMessages()
SSL_SUCCESS
upon success.
BAD_FUNC_ARG
if the input context is null.WolfSSLSession.setGroupMessages()
public void setIORecv(WolfSSLIORecvCallback callback)
In particular, IO_ERR_WANT_READ should be returned for non-blocking receive when no data is ready.
callback
- method to be registered as the receive callback for
the wolfSSL context. The signature of this function
must follow that as shown in
WolfSSLIORecvCallback#receiveCallback(WolfSSLSession,
byte[], int, long).setIOSend(WolfSSLIOSendCallback)
public void setIOSend(WolfSSLIOSendCallback callback)
In particular, IO_ERR_WANT_WRITE should be returned for non-blocking send when the action cannot be taken yet.
callback
- method to be registered as the send callback for
the wolfSSL context. The signature of this function
must follow that as shown in
WolfSSLIOSendCallback#sendCallback(WolfSSLSession,
byte[], int, Object).setIORecv(WolfSSLIORecvCallback)
public void setGenCookie(WolfSSLGenCookieCallback callback)
The cookie generation callback should return the size of the resulting cookie (normally, the size of the SHA hash generated), or WolfSSL.GEN_COOKIE_E upon error.
callback
- method to be registered as the cookie generation
callback for the wolfSSL context. The signature
of this function must follow that as shown in
WolfSSLGenCookieCallback#genCookieCallback(
WolfSSLSession, byte[], int, Object).public int enableCRL(int options)
options
- options to use when enabling CRL
SSL_SUCCESS
upon success.
NOT_COMPILED_IN
if wolfSSL was not compiled
with CRL enabled. MEMORY_E
if an out
of memory condition occurs. BAD_FUNC_ARG
if a pointer is not provided, and
SSL_FAILURE
if the CRL context cannot be
initialized properly.WolfSSLSession.enableCRL(int)
,
WolfSSLSession.disableCRL()
,
WolfSSLSession.loadCRL(String, int, int)
,
WolfSSLSession.setCRLCb(WolfSSLMissingCRLCallback)
,
disableCRL()
,
setCRLCb(WolfSSLMissingCRLCallback)
public int disableCRL()
SSL_SUCCESS
on success,
BAD_FUNC_ARG
if pointer is not provided.WolfSSLSession.enableCRL(int)
,
WolfSSLSession.disableCRL()
,
WolfSSLSession.loadCRL(String, int, int)
,
WolfSSLSession.setCRLCb(WolfSSLMissingCRLCallback)
,
enableCRL(int)
,
setCRLCb(WolfSSLMissingCRLCallback)
public int loadCRL(java.lang.String path, int type, int monitor)
path
- path to directory containing CRL filestype
- type of files in path, either
SSL_FILETYPE_PEM
or SSL_FILETYPE_ASN1
.monitor
- OR'd list of flags to indicate if wolfSSL should
monitor the provided CRL directory for changes.
Flag values include CYASSL_CRL_MONITOR
to indicate that the directory should be monitored
and CYASSL_CRL_START_MON
to start the
monitor.
SSL_SUCCESS
upon successSSL_FATAL_ERROR
if enabling the
internal CertManager failsBAD_FUNC_ARG
if the SSL pointer
is nullBAD_PATH_ERROR
if there is an
error opening the provided directoryMEMORY_E
if a memory error
occurredMONITOR_RUNNING_E
if the CRL
monitor is already runningTHREAD_CREATE_E
if there was an
error when creating the CRL monitoring thread.WolfSSLSession.enableCRL(int)
,
WolfSSLSession.disableCRL()
,
WolfSSLSession.loadCRL(String, int, int)
,
WolfSSLSession.setCRLCb(WolfSSLMissingCRLCallback)
,
enableCRL(int)
,
disableCRL()
,
setCRLCb(WolfSSLMissingCRLCallback)
public int setCRLCb(WolfSSLMissingCRLCallback cb)
cb
- callback to be registered with SSL context, called
when CRL lookup fails.
SSL_SUCCESS
upon success,
BAD_FUNC_ARG
if SSL pointer is
null.WolfSSLSession.enableCRL(int)
,
WolfSSLSession.disableCRL()
,
WolfSSLSession.loadCRL(String, int, int)
,
WolfSSLSession.setCRLCb(WolfSSLMissingCRLCallback)
,
enableCRL(int)
,
disableCRL()
public int setOCSPOptions(long options)
options
- value used to set the OCSP options
SSL_SUCCESS
upon success,
SSL_FAILURE
upon failure,
NOT_COMPILED_IN
when this function
has been called, but OCSP support was not enabled when
wolfSSL was compiled.setOCSPOverrideUrl(String)
public int setOCSPOverrideUrl(java.lang.String url)
url
- the OCSP override URL for wolfSSL to use
SSL_SUCCESS
upon success,
SSL_FAILURE
upon failure,
NOT_COMPILED_IN
when this function has
been called, but OCSP support was not enabled when
wolfSSL was compiled.setOCSPOptions(long)
public void setMacEncryptCb(WolfSSLMacEncryptCallback callback)
An example Java callback can be found in examples/MyMacEncryptCallback.java.
callback
- object to be registered as the MAC/encrypt
callback for the WolfSSL context. The signature of
this object and corresponding method must match that
as shown in
WolfSSLMacEncryptCallback.java, with
macEncryptCallback().setDecryptVerifyCb(WolfSSLDecryptVerifyCallback)
public void setDecryptVerifyCb(WolfSSLDecryptVerifyCallback callback)
callback
- object to be registered as the decrypt/verify
callback for the WolfSSL context. The signature of
this object and corresponding method must match that
as shown in
WolfSSLDecryptVerifyCallback.java, inside
decryptVerifyCallback().setMacEncryptCb(WolfSSLMacEncryptCallback)
public void setEccSignCb(WolfSSLEccSignCallback callback)
callback
- object to be registered as the ECC signing callback
for the WolfSSL context. The signature of this
object and corresponding method must match that as
shown in WolfSSLEccSignCallback.java, inside
eccSignCallback().WolfSSLSession.setEccSignCtx(Object)
public void setEccVerifyCb(WolfSSLEccVerifyCallback callback)
callback
- object to be registered as the ECC verification
callback for the WolfSSL context. The signature of this
object and corresponding method must match that as
shown in WolfSSLEccVerifyCallback.java, inside
eccVerifyCallback().WolfSSLSession.setEccVerifyCtx(Object)
public void setRsaSignCb(WolfSSLRsaSignCallback callback)
callback
- object to be registered as the RSA signing callback
for the WolfSSL context. The signature of this object
and corresponding method must match that as shown
in WolfSSLRsaSignCallback.java, inside
rsaSignCallback().WolfSSLSession.setRsaSignCtx(Object)
public void setRsaVerifyCb(WolfSSLRsaVerifyCallback callback)
callback
- object to be registered as the RSA verify callback
for the WolfSSL context. The signature of this
object and corresponding method must match that as
shown in WolfSSLRsaVerifyCallback.java, inside
rsaVerifyCallback().WolfSSLSession.setRsaVerifyCtx(Object)
public void setRsaEncCb(WolfSSLRsaEncCallback callback)
callback
- object to be registered as the RSA public encrypt
callback for the WolfSSL context. The signature of
this object and corresponding method must match that
as shown in WolfSSLRsaEncCallback.java, inside
rsaEncCallback().WolfSSLSession.setRsaEncCtx(Object)
public void setRsaDecCb(WolfSSLRsaDecCallback callback)
callback
- object to be registered as the RSA private decrypt
callback for the WolfSSL context. The signature of
this object and corresponding method must match that
as shown in WolfSSLRsaDecCallback.java, inside
rsaDecCallback().WolfSSLSession.setRsaDecCtx(Object)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |