|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.wolfssl.WolfSSLSession
public class WolfSSLSession
Wraps a native WolfSSL session object and contains methods directly related to the SSL/TLS session.
Constructor Summary | |
---|---|
WolfSSLSession(WolfSSLContext ctx)
Creates a new SSL/TLS session. |
Method Summary | |
---|---|
int |
accept()
Waits for an SSL client to initiate the SSL/TLS handshake. |
int |
checkDomainName(java.lang.String dn)
Adds a domain check to the list of checks performed during the peer verification. |
java.lang.String |
cipherGetName()
Returns the cipher suite name associated with the WolfSSL session in String format. |
int |
connect()
Initializes an SSL/TLS handshake with a server. |
int |
disableCRL()
Turns off Certificate Revocation List (CRL) checking. |
int |
dtls()
Used to determine if the SSL session has been configured to use DTLS. |
int |
dtlsGetCurrentTimeout()
Returns the current timeout value in seconds for the SSL session. |
java.net.InetSocketAddress |
dtlsGetPeer()
Gets the InetSocketAddress of the DTLS peer. |
int |
dtlsGotTimeout()
Performs the actions needed to retry the last retransmit, including adjusting the timeout value. |
int |
dtlsSetPeer(java.net.InetSocketAddress peer)
Sets the DTLS peer. |
int |
enableCRL(int options)
Turns on Certificate Revocation List (CRL) checking when verifying certificates. |
void |
freeSSL()
Frees an allocated SSL session. |
int |
getAeadMacSize()
Allows caller to determine the negotiated aead mac size from the handshake. |
int |
getBulkCipher()
Allows caller to determine the negotiated bulk cipher algorithm from the handshake. |
int |
getCipherBlockSize()
Allows callers to determine the negotiated cipher block size from the handshake. |
int |
getCipherType()
Allows caller to determine the negotiated cipher type from the handshake. |
byte[] |
getClientWriteIV()
Allows retrieval of the client write IV (initialization vector) from the handshake process. |
byte[] |
getClientWriteKey()
Allows retrieval of the client write key from the handshake process. |
long |
getCurrentCipher()
Returns a pointer to the native CYASSL_CIPHER object being used in with the SSL session. |
int |
getError(int ret)
Returns a unique error code describing why the previous API function call resulted in an error return code. |
int |
getFd()
Returns the file descriptor used as the input/output facility for the SSL connection. |
int |
getHmacSize()
Allows the caller to determine the negotiated (h)mac size from the handshake. |
int |
getHmacType()
Allows caller to determine the negotiated (h)mac type from the handshake. |
int |
getKeySize()
Allows retrieval of the key size from the handshake process. |
byte[] |
getMacSecret(int verify)
Allows retrieval of the Hmac/Mac secret from the handshake process. |
long |
getPeerCertificate()
Gets the native (long) CYASSL_X509 pointer to the peer's certificate. |
java.lang.String |
getPeerX509AltName(long x509)
Gets the peer X509 certificate's altname information. |
java.lang.String |
getPeerX509Issuer(long x509)
Gets the peer X509 certificate's issuer information. |
java.lang.String |
getPeerX509Subject(long x509)
Gets the peer X509 certificate's subject information. |
byte[] |
getServerWriteIV()
Allows retrieval of the server write IV (initialization vector) from the handshake process. |
byte[] |
getServerWriteKey()
Allows retrieval of the server write key from the handshake process. |
long |
getSession()
Returns a pointer to the current session used in the given SSL object. |
int |
getSide()
Allows retrieval of the side of this wolfSSL connection. |
int |
getUsingNonblock()
Allows the application to determine if wolfSSL is using non-blocking I/O. |
java.lang.String |
getVersion()
Returns the SSL/TLS version being used with this session object in String format. |
int |
isTLSv1_1()
Allows callers to determine if the negotiated protocol version is at least TLS version 1.1 or greater. |
int |
loadCRL(java.lang.String path,
int type,
int monitor)
Loads CRL files into wolfSSL from the specified path. |
int |
read(byte[] data,
int sz)
Reads bytes from the SSL session and returns the read bytes as a byte array. |
int |
sessionReused()
Determine if a reused session was negotiated during the SSL handshake. |
int |
setCipherList(java.lang.String list)
Sets the cipher suite list for a given SSL session. |
int |
setCRLCb(WolfSSLMissingCRLCallback cb)
Registers CRL callback to be called when CRL lookup fails. |
void |
setDecryptVerifyCtx(java.lang.Object ctx)
Allows caller to set the Atomic User Record Processing Decrypt/Verify Callback Context. |
void |
setEccSignCtx(java.lang.Object ctx)
Allows caller to set the Public Key ECC Signing Callback Context. |
void |
setEccVerifyCtx(java.lang.Object ctx)
Allows caller to set the Public Key ECC Verification Callback Context. |
int |
setFd(java.net.DatagramSocket sd)
Assigns a DatagramSocket file descriptor as the input/output facility for the SSL connection. |
int |
setFd(java.net.Socket sd)
Assigns a Socket file descriptor as the input/output facility for the SSL connection. |
void |
setGenCookieCtx(java.lang.Object ctx)
Registers a context for the SSL session's DTLS cookie generation callback method. |
int |
setGroupMessages()
Turns on grouping of the handshake messages where possible using the SSL session. |
void |
setIOReadCtx(java.lang.Object ctx)
Registers a context for the SSL session's receive callback method. |
void |
setIOWriteCtx(java.lang.Object ctx)
Registers a context for the SSL session's send callback method. |
void |
setMacEncryptCtx(java.lang.Object ctx)
Allows caller to set the Atomic Record Processing Mac/Encrypt Callback Context. |
void |
setRsaDecCtx(java.lang.Object ctx)
Allows caller to set the Public Key RSA Private Decrypt Callback Context. |
void |
setRsaEncCtx(java.lang.Object ctx)
Allows caller to set the Public Key RSA Public Encrypt Callback Context. |
void |
setRsaSignCtx(java.lang.Object ctx)
Allows caller to set the Public Key RSA Signing Callback Context. |
void |
setRsaVerifyCtx(java.lang.Object ctx)
Allows caller to set the Public Key RSA Verification Callback Context. |
int |
setSession(long session)
Sets the session to be used when the SSL object is used to create a SSL/TLS connection. |
int |
setTlsHmacInner(byte[] inner,
long sz,
int content,
int verify)
Allows caller to set the Hmac Inner vector for message sending/receiving. |
int |
setTmpDH(byte[] p,
int pSz,
byte[] g,
int gSz)
Sets up the group parameters to be used if the server negotiates a cipher suite that uses DHE. |
int |
setTmpDHFile(java.lang.String fname,
int format)
Sets up the group parameters from the specified file to be used if the server negotiates a cipher suite that uses DHE. |
void |
setUsingNonblock(int nonblock)
Informs wolfSSL session that the underlying I/O is non-blocking. |
int |
shutdownSSL()
Shuts down the active SSL/TLS connection using the SSL session. |
int |
useCertificateBuffer(byte[] in,
long sz,
int format)
Loads a certificate buffer into the SSL object. |
int |
useCertificateChainBuffer(byte[] in,
long sz)
Loads a certificate chain buffer into the SSL object. |
int |
useCertificateChainFile(java.lang.String file)
Loads a chain of certificates into the SSL session object. |
int |
useCertificateFile(java.lang.String file,
int format)
Loads a certificate file into the SSL session object. |
int |
usePrivateKeyBuffer(byte[] in,
long sz,
int format)
Loads a private key buffer into the SSL object. |
int |
usePrivateKeyFile(java.lang.String file,
int format)
Loads a private key file into the SSL session object. |
int |
write(byte[] data,
int length)
Write bytes from a byte array to the SSL connection. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public WolfSSLSession(WolfSSLContext ctx) throws WolfSSLException
ctx
- WolfSSLContext object used to create SSL session.
WolfSSLException
Method Detail |
---|
public int useCertificateFile(java.lang.String file, int format)
file
- a file containing the certificate to be loaded into
the wolfSSL SSL session object.format
- format of the certificates pointed to by file
. Possible options are SSL_FILETYPE_ASN1,
for DER-encoded certificates, or SSL_FILETYPE_PEM
for PEM-encoded certificates.
SSL_SUCCESS
upon success,
SSL_BAD_FILE
upon bad input file,
otherwise SSL_FAILURE
. Possible failure
causes may be that the file is in the wrong format, the
format argument was given incorrectly, the file
doesn't exist, can't be read, or is corrupted,
an out of memory condition occurs, or the Base16
decoding fails on the file.WolfSSLContext.useCertificateFile(String, int)
public int usePrivateKeyFile(java.lang.String file, int format)
file
- a file containing the private key to be loaded into
the wolfSSL SSL session.format
- format of the private key pointed to by file
. Possible options are SSL_FILETYPE_ASN1,
for a DER-encoded key, or SSL_FILETYPE_PEM
for a PEM-encoded key.
SSL_SUCCESS
upon success,
SSL_BAD_FILE
upon bad input file, otherwise
SSL_FAILURE
. Possible failure causes
may be that the file is in the wrong format, the
format argument was given incorrectly, the file
doesn't exist, can't be read, or is corrupted,
an out of memory condition occurs, the Base16
decoding fails on the file, or the key file is
encrypted but no password is provided.WolfSSLContext.usePrivateKeyFile(String, int)
public int useCertificateChainFile(java.lang.String file)
MAX_CHAIN_DEPTH
(default = 9, defined
in internal.h) certificates, plus the subject cert.
file
- path to the file containing the chain of certificates
to be loaded into the wolfSSL SSL session. Certificates
must be in PEM format.
SSL_SUCCESS
on success,
SSL_BAD_FILE
upon bad input file, otherwise
SSL_FAILURE
. If the function call fails,
possible causes might include: the file is in the wrong
format, the file doesn't exist, can't be read, or is
corrupted, or an out of memory condition occurs.WolfSSLContext.useCertificateFile(String, int)
,
useCertificateFile(String, int)
public int setFd(java.net.Socket sd)
sd
- Socket to be used as input/output facility.
SSL_SUCCESS
on success, otherwise
SSL_FAILURE
.getFd()
public int setFd(java.net.DatagramSocket sd)
sd
- Socket to be used as input/output facility.
SSL_SUCCESS
on success, otherwise
SSL_FAILURE
.getFd()
public void setUsingNonblock(int nonblock)
nonblock
- value used to set non-blocking flag on the SSL
session. Use 1 to specify non-blocking,
otherwise 0.getUsingNonblock()
,
dtlsGotTimeout()
,
dtlsGetCurrentTimeout()
public int getUsingNonblock()
setUsingNonblock()
on it.
This lets the SSL session object know that receiving EWOULDBLOCK means
that the recvfrom call would block rather than that it timed out.
setUsingNonblock(int)
,
setSession(long)
public int getFd()
setFd(Socket)
public int connect()
connect()
works with both blocking and non-blocking I/O.
When the underlying I/O is non-blocking, connect()
will
return when the underlying I/O could not satisfy the needs of
connect()
to continue the handshake. In this case, a call
to getError
will yield either SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE. The calling process must then repeat the
call to connect()
when the underlying I/O is ready and
CyaSSL will pick up where it left off.
If the underlying I/O is blocking, connect()
will only
return once the handshake has been finished or an error occurred.
CyaSSL takes a different approach to certificate verification than
OpenSSL does. The default policy for clients is to verify the server,
meaning that if the application doesn't load CA certificates to verify
the server, it will get a connect error, "unable to verify" (-155). If
the application wants to mimic OpenSSL behavior of having
connect()
succeed even if verifying the server fails (and
reducing security), the application can do this by calling:
WolfSSLContext#setVerify(ctx, SSL_VERIFY_NONE, 0);
before calling newSSL()
, though it's not recommended.
SSL_SUCCESS
if successful, otherwise
SSL_FATAL_ERROR
if an error occurred. To get
a more detailed error code, call getError()
.public int write(byte[] data, int length)
write()
will negotiate an SSL/TLS session
if the handshake has not already been performed yet by connect
or accept
.
write()
works with both blocking and non-blocking I/O.
When the underlying I/O is non-blocking, write()
will
return when the underlying I/O could not satisfy the needs of
write()
to continue. In this case, a call to getError
will yield either SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE. The calling process must then repeat the
call to write()
when the underlying I/O is ready.
If the underlying I/O is blocking, write()
will only
return once the buffer data of size length has been
completely written or an error occurred.
data
- data buffer which will be sent to peerlength
- size, in bytes, of data to send to the peer
0
will be returned upon failure.
SSL_FATAL_ERROR
upon failure when either an
error occurred or, when using non-blocking sockets,
the SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE error was received and the
application needs to call write()
again.
BAD_FUNC_ARC
when bad arguments are used.
Use getError
to get a specific error code.public int read(byte[] data, int sz)
If necessary, read()
will negotiate an SSL/TLS session
if the handshake has not already been performed yet by connect()
or accept()
.
The SSL/TLS protocol uses SSL records which have a maximum size of
16kB. As such, wolfSSL needs to read an entire SSL record internally
before it is able to process and decrypt the record. Because of this,
a call to read()
will only be able to return the
maximum buffer size which has been decrypted at the time of calling.
There may be additional not-yet-decrypted data waiting in the internal
wolfSSL receive buffer which will be retrieved and decrypted with the
next call to read()
.
data
- buffer where the data read from the SSL connection
will be placed.sz
- number of bytes to read into data
SSL_FAILURE
will be returned upon failure which may be caused
by either a clean (close notify alert) shutdown or just
that the peer closed the connection.
SSL_FATAL_ERROR
upon failure when either an error
occurred or, when using non-blocking sockets, the
SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE
error was received and the application needs to call
read()
again. Use getError
to
get a specific error code.
BAD_FUNC_ARC
when bad arguments are used.public int accept()
accept()
works with both blocking and non-blocking I/O.
When the underlying I/O is non-blocking, accept()
will
return when the underlying I/O could not satisfy the needs of
accept()
to continue the handshake. In this case, a call to
getError()
will yield either SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE. The calling process must then repeat the
call to accept()
when data is available to be read and
wolfSSL will pick up where it left off. When using a non-blocking
socket, nothing needs to be done, but select()
can be used
to check for the required condition.
If the underlying I/O is blocking, accept()
will only
return once the handshake has been finished or an error occurred.
SSL_SUCCESS
on success. SSL_FATAL_ERROR
if an error occurred. To get a more detailed
error code, call getError()
.getError(int)
,
connect()
public void freeSSL()
WolfSSLContext.newContext(long)
,
WolfSSLContext.free()
public int shutdownSSL()
The calling application can choose to wait for the peer to send its
"close notify" alert in response or just go ahead and shut down the
underlying connection after directly calling shutdownSSL
(to save resources). Either option is allowed by the TLS specification.
If the underlying connection will be used again in the future, the
complete two-directional shutdown procedure must be performed to keep
synchronization intact between the peers.
shutdownSSL()
works with both blocking and non-blocking
I/O. When the underlying I/O is non-blocking, shutdownSSL()
will return an error if the underlying I/O could not satisfy the
needs of shutdownSSL()
to continue. In this case, a call
to getError()
will yield either SSL_ERROR_WANT_READ
or SSL_ERROR_WANT_WRITE. The calling process must then repeat
the call to shutdownSSL()
when the underlying I/O is ready.
SSL_SUCCESS
on success,
SSL_FATAL_ERROR
upon failure. Call
getError()
for a more specific error code.freeSSL(long)
,
WolfSSLContext.free()
public int getError(int ret)
getError()
through ret
.
After getError()
is called and returns the unique error
code, getErrorString()
may be called to get a human-
readable error string.
ret
- return value of the previous function which resulted
in an error return code.
ret
> 0.WolfSSL.getErrorString(long)
public int setSession(long session)
shutdownSSL()
with your session object, an application should save the session ID
from the object with a call to getSession()
, which returns
a pointer to the session. Later, the application should create a new
SSL session object and assign the saved session with
setSession()
. At this point, the application may call
connect()
and wolfSSL will try to resume the session.
session
- pointer to the native CYASSL_SESSION structure used
to set the session for the SSL session object.
SSL_SUCCESS
upon successfully setting
the session. SSL_FAILURE
will be
returned on failure. This could be caused by the
session cache being disabled, or if the session has
timed out.getSession()
public long getSession()
For session resumption, before calling shutdownSSL()
with your session object, an appliation should save the session ID
from the object with a call to getSession()
, which returns
a pointer to the session. Later, the application should create a new
SSL object and assign the saved session with setSession
.
At this point, the application may call connect()
and
wolfSSL will try to resume the session.
null
ssl is null
,
the SSL session cache is disabled, wolfSSL doesn't have
the session ID available, or mutex functions fail.setSession(long)
public int setCipherList(java.lang.String list)
setCipherList()
resets
the cipher suite list for the specific SSL session to the provided list
each time time the method is called.
The cipher suite list, list, is a null-terminated text String, and colon-delimited list. For example, one possible list may be:
"DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256"
Valid cipher values are the full name values from the cipher_names[] array in the native wolfSSL src/internal.c:
list
- null-terminated text string and colon-delimited list
of cipher suites to use with the specified SSL
context.
SSL_SUCCESS
upon success.
SSL_FAILURE
upon failure.WolfSSLContext.setCipherList(String)
public int dtlsGetCurrentTimeout()
NOT_COMPILED_IN
if wolfSSL was not built
with DTLS support.dtls()
,
dtlsGetPeer()
,
dtlsGotTimeout()
,
dtlsSetPeer(InetSocketAddress)
public int dtlsGotTimeout()
SSL_SUCCESS
upon success.
SSL_FATAL_ERROR
if there have been too many
retransmissions/timeouts without getting a response from
the peer. NOT_COMPILED_IN
if wolfSSL was
not compiled with DTLS support.dtlsGetCurrentTimeout()
,
dtlsGetPeer()
,
dtlsSetPeer(InetSocketAddress)
,
dtls()
public int dtls()
1
if the SSL has been configured to use DTLS,
otherwise, 0
.dtlsGetCurrentTimeout()
,
dtlsGetPeer()
,
dtlsGotTimeout()
,
dtlsSetPeer(InetSocketAddress)
public int dtlsSetPeer(java.net.InetSocketAddress peer)
peer
- DTLS peer's InetSocketAddress
SSL_SUCCESS
upon success,
SSL_FAILURE
upon failure,
SSL_NOT_IMPLEMENTED
if wolfSSL was not compiled
with DTLS support.dtlsGetCurrentTimeout()
,
dtlsGetPeer()
,
dtlsGotTimeout()
,
dtls()
public java.net.InetSocketAddress dtlsGetPeer()
null
upon failure.dtlsGetCurrentTimeout()
,
dtlsGotTimeout()
,
dtlsSetPeer(InetSocketAddress)
,
dtls()
public int sessionReused()
setSession(long)
,
getSession()
public long getPeerCertificate()
getPeerX509Issuer(long)
,
getPeerX509Subject(long)
,
getVersion()
,
getCurrentCipher()
public java.lang.String getPeerX509Issuer(long x509)
x509
- pointer (long) to native CYASSL_X509 structure, obtained
from getPeerCertificate().
getPeerCertificate()
,
getPeerX509Subject(long)
,
getVersion()
,
getCurrentCipher()
public java.lang.String getPeerX509Subject(long x509)
x509
- pointer (long) to native CYASSL_X509 structure, obtained
from getPeerCertificate().
getPeerCertificate()
,
getPeerX509Issuer(long)
,
getVersion()
,
getCurrentCipher()
public java.lang.String getPeerX509AltName(long x509)
x509
- pointer (long) to native CYASSL_X509 structure, obtained
from getPeerCertificate().
getPeerCertificate()
,
getPeerX509Issuer(long)
,
getPeerX509Subject(long)
,
getVersion()
,
getCurrentCipher()
public java.lang.String getVersion()
public long getCurrentCipher()
getCipherName()
function
to get the name of the current cipher suite being used.
cipherGetName()
public int checkDomainName(java.lang.String dn)
connect()
or accept()
will add a domain name check to the
list of checks to perform.
dn
- domain name to check against the peer certificate
when received.
SSL_SUCCESS
on success, SSL_FAILURE
if a memory error was encountered.public int setTmpDH(byte[] p, int pSz, byte[] g, int gSz)
p
- Diffie-Hellman prime number parameterpSz
- size of p
g
- Diffie-Hellman "generator" parametergSz
- size of g
SSL_SUCCESS
on success. MEMORY_E
if a memory error was encountered.
SIDE_ERROR
if this function is called on an
SSL client instead of an SSL server.accept()
public int setTmpDHFile(java.lang.String fname, int format)
fname
- path to Diffie-Hellman parameter fileformat
- format of DH parameter file, either
SSL_FILETYPE_ASN1
or
SSL_FILETYPE_PEM
.
SSL_SUCCESS
on success. MEMORY_E
if a memory error was encountered.
SIDE_ERROR
if this function is called on an
SSL client instead of an SSL server,
SSL_BAD_FILETYPE
if the specified format is
incorrect, SSL_BAD_FILE
if there is a
problem with the input file.setTmpDH(byte[], int, byte[], int)
public int useCertificateBuffer(byte[] in, long sz, int format)
in
- input buffer containing the certificate to loadsz
- size of the input buffer, informat
- format of the certificate buffer being loaded - either
SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
SSL_SUCCESS
upon success,
SSL_BAD_FILETYPE
if the file is
in the wrong format, SSL_BAD_FILE
if the file doesn't exist, can't be read, or is
corrupted. MEMORY_E
if an out of
memory condition occurs, ASN_INPUT_E
if Base16 decoding fails on the file, and
BAD_FUNC_ARG
if invalid input parameters
are given.WolfSSLContext.loadVerifyBuffer(byte[], long, int)
,
WolfSSLContext.useCertificateBuffer(byte[], long, int)
,
WolfSSLContext.usePrivateKeyBuffer(byte[], long, int)
,
WolfSSLContext.useCertificateChainBuffer(byte[], long)
,
usePrivateKeyBuffer(byte[], long, int)
,
useCertificateChainBuffer(byte[], long)
public int usePrivateKeyBuffer(byte[] in, long sz, int format)
in
- the input buffer containing the private key to be
loadedsz
- the size of the input buffer, informat
- format of the certificate buffer being loaded - either
SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
SSL_SUCCESS
upon success,
SSL_BAD_FILETYPE
if the file is
in the wrong format, SSL_BAD_FILE
if the file doesn't exist, can't be read, or is
corrupted. MEMORY_E
if an out of
memory condition occurs, ASN_INPUT_E
if Base16 decoding fails on the file,
NO_PASSWORD
if the key file is
encrypted but no password is provided, and
BAD_FUNC_ARG
if invalid input parameters
are given.WolfSSLContext.loadVerifyBuffer(byte[], long, int)
,
WolfSSLContext.useCertificateBuffer(byte[], long, int)
,
WolfSSLContext.usePrivateKeyBuffer(byte[], long, int)
,
WolfSSLContext.useCertificateChainBuffer(byte[], long)
,
useCertificateBuffer(byte[], long, int)
,
useCertificateChainBuffer(byte[], long)
public int useCertificateChainBuffer(byte[] in, long sz)
in
- the input buffer containing the PEM-formatted
certificate chain to be loaded.sz
- the size of the input buffer, in
SSL_SUCCESS
upon success,
SSL_BAD_FILETYPE
if the file is
in the wrong format, SSL_BAD_FILE
if the file doesn't exist, can't be read, or is
corrupted. MEMORY_E
if an out of
memory condition occurs, ASN_INPUT_E
if Base16 decoding fails on the file,
BUFFER_E
if a chain buffer is
bigger than the receiving buffer, and
BAD_FUNC_ARG
if invalid input parameters
are given.WolfSSLContext.loadVerifyBuffer(byte[], long, int)
,
WolfSSLContext.useCertificateBuffer(byte[], long, int)
,
WolfSSLContext.usePrivateKeyBuffer(byte[], long, int)
,
WolfSSLContext.useCertificateChainBuffer(byte[], long)
,
useCertificateBuffer(byte[], long, int)
,
usePrivateKeyBuffer(byte[], long, int)
public int setGroupMessages()
SSL_SUCCESS
upon success.
BAD_FUNC_ARG
if the input session is null.WolfSSLContext.setGroupMessages()
public void setIOReadCtx(java.lang.Object ctx)
For example, if you're using memory buffers, the context may be a pointer to an object describing where and how to access the memory buffers.
ctx
- context object to be registered with the SSL session's
receive callback method.setIOWriteCtx(Object)
,
WolfSSLContext.setIORecv(WolfSSLIORecvCallback)
,
WolfSSLContext.setIOSend(WolfSSLIOSendCallback)
public void setIOWriteCtx(java.lang.Object ctx)
For example, if you're using memory buffers the context may be a pointer to an object describing where and how to access the memory buffers.
ctx
- context object to be registered with the SSL session's
send callback method.setIOReadCtx(Object)
,
WolfSSLContext.setIOSend(WolfSSLIOSendCallback)
,
WolfSSLContext.setIORecv(WolfSSLIORecvCallback)
public void setGenCookieCtx(java.lang.Object ctx)
ctx
- context object to be registered with the SSL session's
cookie generation method.WolfSSLContext.setGenCookie(WolfSSLGenCookieCallback)
public int enableCRL(int options)
options
- options to use when enabling CRL
SSL_SUCCESS
upon success.
NOT_COMPILED_IN
if wolfSSL was not compiled
with CRL enabled. MEMORY_E
if an out
of memory condition occurs. BAD_FUNC_ARG
if a pointer is not provided, and
SSL_FAILURE
if the CRL context cannot be
initialized properly.disableCRL()
,
loadCRL(String, int, int)
,
setCRLCb(WolfSSLMissingCRLCallback)
,
WolfSSLContext.enableCRL(int)
,
WolfSSLContext.disableCRL()
,
WolfSSLContext.setCRLCb(WolfSSLMissingCRLCallback)
public int disableCRL()
SSL_SUCCESS
on success,
BAD_FUNC_ARG
if pointer is not provided.enableCRL(int)
,
loadCRL(String, int, int)
,
setCRLCb(WolfSSLMissingCRLCallback)
,
WolfSSLContext.enableCRL(int)
,
WolfSSLContext.disableCRL()
,
WolfSSLContext.setCRLCb(WolfSSLMissingCRLCallback)
public int loadCRL(java.lang.String path, int type, int monitor)
path
- path to directory containing CRL filestype
- type of files in path, either
SSL_FILETYPE_PEM
or SSL_FILETYPE_ASN1
.monitor
- OR'd list of flags to indicate if wolfSSL should
monitor the provided CRL directory for changes.
Flag values include CYASSL_CRL_MONITOR
to indicate that the directory should be monitored
and CYASSL_CRL_START_MON
to start the
monitor.
SSL_SUCCESS
upon successSSL_FATAL_ERROR
if enabling the
internal CertManager failsBAD_FUNC_ARG
if the SSL pointer
is nullBAD_PATH_ERROR
if there is an
error opening the provided directoryMEMORY_E
if a memory error
occurredMONITOR_RUNNING_E
if the CRL
monitor is already runningTHREAD_CREATE_E
if there was an
error when creating the CRL monitoring thread.enableCRL(int)
,
disableCRL()
,
setCRLCb(WolfSSLMissingCRLCallback)
,
WolfSSLContext.enableCRL(int)
,
WolfSSLContext.disableCRL()
,
WolfSSLContext.setCRLCb(WolfSSLMissingCRLCallback)
public int setCRLCb(WolfSSLMissingCRLCallback cb)
cb
- callback to be registered with SSL session, called
when CRL lookup fails.
SSL_SUCCESS
upon success,
BAD_FUNC_ARG
if SSL pointer is
null.enableCRL(int)
,
disableCRL()
,
loadCRL(String, int, int)
,
WolfSSLContext.enableCRL(int)
,
WolfSSLContext.disableCRL()
,
WolfSSLContext.setCRLCb(WolfSSLMissingCRLCallback)
public java.lang.String cipherGetName()
getCurrentCipher()
public byte[] getMacSecret(int verify)
verify
- specifies whether this if for verification of a peer
message.
getHmacSize()
public byte[] getClientWriteKey()
getKeySize()
,
getClientWriteIV()
public byte[] getClientWriteIV()
getCipherBlockSize()
,
getClientWriteKey()
public byte[] getServerWriteKey()
getKeySize()
,
getServerWriteIV()
public byte[] getServerWriteIV()
getCipherBlockSize()
,
getServerWriteKey()
public int getKeySize()
BAD_FUNC_ARG
for an error state.getClientWriteKey()
,
getServerWriteKey()
public int getSide()
CYASSL_SERVER_END
or
CYASSL_CLIENT_END
depending on the side
of the wolfSSL session object.
BAD_FUNC_ARG
for an error state.getClientWriteKey()
,
getServerWriteKey()
public int isTLSv1_1()
1
for true, 0
for
false.
BAD_FUNC_ARG
for an error state.getSide()
public int getBulkCipher()
WolfSSL.cyassl_cipher_null
WolfSSL.cyassl_des
WolfSSL.cyassl_triple_des
WolfSSL.cyassl_aes
WolfSSL.cyassl_aes_gcm
WolfSSL.cyassl_aes_ccm
WolfSSL.cyassl_camellia
WolfSSL.hc128
WolfSSL.rabbit
BAD_FUNC_ARG
for an error state.
getCipherBlockSize()
,
getKeySize()
public int getCipherBlockSize()
BAD_FUNC_ARG
for an error state.getBulkCipher()
,
getKeySize()
public int getAeadMacSize()
BAD_FUNC_ARG
for an error state.getBulkCipher()
,
getKeySize()
public int getHmacSize()
BAD_FUNC_ARG
for an error state.getBulkCipher()
,
getHmacType()
public int getHmacType()
WolfSSL.MD5
WolfSSL.SHA
WolfSSL.SHA256
WolfSSL.SHA394
BAD_FUNC_ARG
or
SSL_FATAL_ERROR
will be returned for an
error state.
getBulkCipher()
,
getHmacSize()
public int getCipherType()
WolfSSL.CYASSL_BLOCK_TYPE
WolfSSL.CYASSL_STREAM_TYPE
WolfSSL.CYASSL_AEAD_TYPE
BAD_FUNC_ARG
will be returned for an
error state.
getBulkCipher()
,
getHmacType()
public int setTlsHmacInner(byte[] inner, long sz, int content, int verify)
1
upon success,
BAD_FUNC_ARG
for an error state.getBulkCipher()
,
getHmacType()
public void setMacEncryptCtx(java.lang.Object ctx)
ctx
- context object to be registered with the SSL session's
MAC/Encrypt method.WolfSSLContext.setMacEncryptCb(WolfSSLMacEncryptCallback)
public void setDecryptVerifyCtx(java.lang.Object ctx)
ctx
- context object to be registered with the SSL session's
decrypt/verify method.WolfSSLContext.setDecryptVerifyCb(WolfSSLDecryptVerifyCallback)
public void setEccSignCtx(java.lang.Object ctx)
ctx
- context object to be registered with the SSL session's
ECC signing method.WolfSSLContext.setEccSignCb(WolfSSLEccSignCallback)
public void setEccVerifyCtx(java.lang.Object ctx)
ctx
- context object to be registered with the SSL session's
ECC verification method.WolfSSLContext.setEccVerifyCb(WolfSSLEccVerifyCallback)
public void setRsaSignCtx(java.lang.Object ctx)
ctx
- context object to be registered with the SSL session's
RSA signing method.WolfSSLContext.setRsaSignCb(WolfSSLRsaSignCallback)
public void setRsaVerifyCtx(java.lang.Object ctx)
ctx
- context object to be registered with the SSL session's
RSA verification method.WolfSSLContext.setRsaVerifyCb(WolfSSLRsaVerifyCallback)
public void setRsaEncCtx(java.lang.Object ctx)
ctx
- context object to be registered with the SSL session's
RSA public encrypt method.WolfSSLContext.setRsaEncCb(WolfSSLRsaEncCallback)
public void setRsaDecCtx(java.lang.Object ctx)
ctx
- context object to be registered with the SSL session's
RSA private decrypt method.WolfSSLContext.setRsaDecCb(WolfSSLRsaDecCallback)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |