diff --git a/build.xml b/build.xml
index 6973311..fcee195 100644
--- a/build.xml
+++ b/build.xml
@@ -30,6 +30,10 @@
+
+
+
+
@@ -88,8 +92,7 @@
-
+
+
+
+
+
-
+
+
+
+
+
@@ -157,7 +169,13 @@
-
+
+
+
+
+
+
+
diff --git a/native/com_wolfssl_WolfSSL.h b/native/com_wolfssl_WolfSSL.h
index 93fb733..26ee676 100644
--- a/native/com_wolfssl_WolfSSL.h
+++ b/native/com_wolfssl_WolfSSL.h
@@ -697,11 +697,11 @@ JNIEXPORT jobjectArray JNICALL Java_com_wolfssl_WolfSSL_getProtocols
/*
* Class: com_wolfssl_WolfSSL
- * Method: getProtocols
- * Signature: ()[Ljava/lang/String;
+ * Method: getProtocolsMask
+ * Signature: (J)[Ljava/lang/String;
*/
JNIEXPORT jobjectArray JNICALL Java_com_wolfssl_WolfSSL_getProtocolsMask
- (JNIEnv*, jclass, jlong);
+ (JNIEnv *, jclass, jlong);
#ifdef __cplusplus
}
diff --git a/native/com_wolfssl_WolfSSLCertificate.c b/native/com_wolfssl_WolfSSLCertificate.c
index 51e617e..c5cc408 100644
--- a/native/com_wolfssl_WolfSSLCertificate.c
+++ b/native/com_wolfssl_WolfSSLCertificate.c
@@ -603,7 +603,11 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1verify
int sz = (int)pubKeySz;
int ret;
unsigned char buff[sz];
+#if LIBWOLFSSL_VERSION_HEX >= 0x04004000
+ const unsigned char* ptr = buff;
+#else
unsigned char* ptr = buff;
+#endif
(void)jcl;
diff --git a/native/com_wolfssl_WolfSSLContext.h b/native/com_wolfssl_WolfSSLContext.h
index 6d416fa..d21e0ac 100644
--- a/native/com_wolfssl_WolfSSLContext.h
+++ b/native/com_wolfssl_WolfSSLContext.h
@@ -73,8 +73,8 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSLContext_setOptions
/*
* Class: com_wolfssl_WolfSSLContext
- * Method: setOptions
- * Signature: (JJ)J
+ * Method: getOptions
+ * Signature: (J)J
*/
JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSLContext_getOptions
(JNIEnv *, jobject, jlong);
diff --git a/native/com_wolfssl_WolfSSLSession.c b/native/com_wolfssl_WolfSSLSession.c
index ebcd8d0..6abad2b 100644
--- a/native/com_wolfssl_WolfSSLSession.c
+++ b/native/com_wolfssl_WolfSSLSession.c
@@ -2934,6 +2934,41 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_getShutdown
return (jint)wolfSSL_get_shutdown((WOLFSSL*)(uintptr_t)ssl);
}
+JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_useSNI
+ (JNIEnv* jenv, jobject jcl, jlong ssl, jbyte type, jbyteArray data)
+{
+ int ret = SSL_FAILURE;
+ (void)jcl;
+#ifdef HAVE_SNI
+ byte* dataBuf = NULL;
+ word32 dataSz = 0;
+
+ if (jenv == NULL || ssl <= 0) {
+ return BAD_FUNC_ARG;
+ }
+
+ dataBuf = (byte*)(*jenv)->GetByteArrayElements(jenv, data, NULL);
+ dataSz = (*jenv)->GetArrayLength(jenv, data);
+
+ if (dataBuf != NULL && dataSz > 0) {
+ ret = wolfSSL_UseSNI((WOLFSSL*)(uintptr_t)ssl, (byte)type,
+ dataBuf, (word16)dataSz);
+ }
+
+ (*jenv)->ReleaseByteArrayElements(jenv, data, (jbyte*)dataBuf, JNI_ABORT);
+
+#else
+ ret = NOT_COMPILED_IN;
+ (void)jenv;
+ (void)ssl;
+ (void)type;
+ (void)data;
+#endif /* HAVE_SNI */
+
+ return (jint)ret;
+
+}
+
JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setSSLIORecv
(JNIEnv* jenv, jobject jcl, jlong ssl)
{
diff --git a/native/com_wolfssl_WolfSSLSession.h b/native/com_wolfssl_WolfSSLSession.h
index 3a55a8f..a8e7f75 100644
--- a/native/com_wolfssl_WolfSSLSession.h
+++ b/native/com_wolfssl_WolfSSLSession.h
@@ -650,7 +650,7 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSLSession_setOptions
/*
* Class: com_wolfssl_WolfSSLSession
* Method: getOptions
- * Signature: (JJ)J
+ * Signature: (J)J
*/
JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSLSession_getOptions
(JNIEnv *, jobject, jlong);
@@ -679,6 +679,14 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setSSLIORecv
JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLSession_setSSLIOSend
(JNIEnv *, jobject, jlong);
+/*
+ * Class: com_wolfssl_WolfSSLSession
+ * Method: useSNI
+ * Signature: (JB[B)I
+ */
+JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_useSNI
+ (JNIEnv *, jobject, jlong, jbyte, jbyteArray);
+
#ifdef __cplusplus
}
#endif
diff --git a/platform/android_aosp/wolfssl/Android.mk b/platform/android_aosp/wolfssl/Android.mk
index 49ad0ec..3e24f71 100644
--- a/platform/android_aosp/wolfssl/Android.mk
+++ b/platform/android_aosp/wolfssl/Android.mk
@@ -4,7 +4,7 @@ include $(CLEAR_VARS)
LOCAL_MODULE:= libwolfssl
LOCAL_MODULE_TAGS := optional
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)
-LOCAL_CFLAGS:= -DHAVE_FFDHE_2048 -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING -DHAVE_AESGCM -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DHAVE_HKDF -DNO_DSA -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DWC_RSA_PSS -DWOLFSSL_BASE64_ENCODE -DNO_RC4 -DNO_HC128 -DNO_RABBIT -DWOLFSSL_SHA224 -DWOLFSSL_SHA3 -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH -DHAVE_CHACHA -DHAVE_HASHDRBG -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DWOLFSSL_JNI -DWOLFSSL_DTLS -DOPENSSL_EXTRA -DHAVE_CRL -DHAVE_OCSP -DHAVE_CRL_MONITOR -DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER -DHAVE_PK_CALLBACKS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DHAVE_ENCRYPT_THEN_MAC -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS -DUSE_FAST_MATH -DNO_DES3 -DKEEP_PEER_CERT -Os -fomit-frame-pointer
+LOCAL_CFLAGS:= -DHAVE_FFDHE_2048 -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING -DHAVE_AESGCM -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DHAVE_HKDF -DNO_DSA -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DWC_RSA_PSS -DWOLFSSL_BASE64_ENCODE -DNO_RC4 -DNO_HC128 -DNO_RABBIT -DWOLFSSL_SHA224 -DWOLFSSL_SHA3 -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH -DHAVE_CHACHA -DHAVE_HASHDRBG -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DHAVE_SNI -DWOLFSSL_JNI -DWOLFSSL_DTLS -DOPENSSL_EXTRA -DHAVE_CRL -DHAVE_OCSP -DHAVE_CRL_MONITOR -DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER -DHAVE_PK_CALLBACKS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DHAVE_ENCRYPT_THEN_MAC -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS -DUSE_FAST_MATH -DNO_DES3 -DKEEP_PEER_CERT -Os -fomit-frame-pointer
LOCAL_C_INCLUDES += \
external/wolfssl/wolfssl \
external/wolfssl \
diff --git a/platform/android_aosp/wolfssljni/Android.mk b/platform/android_aosp/wolfssljni/Android.mk
index 29522c8..5d2db13 100644
--- a/platform/android_aosp/wolfssljni/Android.mk
+++ b/platform/android_aosp/wolfssljni/Android.mk
@@ -8,7 +8,17 @@ native_cflags := -Wall
# Create the wolfSSL JNI library
include $(CLEAR_VARS)
+
+# Source file list to compile, exclude WolfSSLJDK8Helper on older Android
+# versions (ex: 23) that do not have newer SSLParameters methods (i.e. SNI)
+LOCAL_SRC_EXCLUDES :=
+ifeq ($(PLATFORM_VERSION),6.0.1)
+ LOCAL_SRC_EXCLUDES := \
+ src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java
+endif
LOCAL_SRC_FILES := $(call all-java-files-under,src/java)
+LOCAL_SRC_FILES := $(filter-out $(LOCAL_SRC_EXCLUDES), $(LOCAL_SRC_FILES))
+
LOCAL_JAVACFLAGS := $(javac_flags)
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE := wolfssljni
@@ -20,7 +30,7 @@ include $(BUILD_JAVA_LIBRARY)
# Create wolfSSL JNI native library
include $(CLEAR_VARS)
LOCAL_CFLAGS += $(native_cflags)
-LOCAL_CFLAGS:= -DHAVE_FFDHE_2048 -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING -DHAVE_AESGCM -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DHAVE_HKDF -DNO_DSA -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DWC_RSA_PSS -DWOLFSSL_BASE64_ENCODE -DNO_RC4 -DNO_HC128 -DNO_RABBIT -DWOLFSSL_SHA224 -DWOLFSSL_SHA3 -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH -DHAVE_CHACHA -DHAVE_HASHDRBG -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DWOLFSSL_JNI -DWOLFSSL_DTLS -DOPENSSL_EXTRA -DHAVE_CRL -DHAVE_OCSP -DHAVE_CRL_MONITOR -DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER -DHAVE_PK_CALLBACKS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DHAVE_ENCRYPT_THEN_MAC -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS -DUSE_FAST_MATH -DNO_DES3 -DKEEP_PEER_CERT -Os -fomit-frame-pointer
+LOCAL_CFLAGS:= -DHAVE_FFDHE_2048 -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING -DHAVE_AESGCM -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DHAVE_HKDF -DNO_DSA -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DWC_RSA_PSS -DWOLFSSL_BASE64_ENCODE -DNO_RC4 -DNO_HC128 -DNO_RABBIT -DWOLFSSL_SHA224 -DWOLFSSL_SHA3 -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH -DHAVE_CHACHA -DHAVE_HASHDRBG -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DHAVE_SNI -DWOLFSSL_JNI -DWOLFSSL_DTLS -DOPENSSL_EXTRA -DHAVE_CRL -DHAVE_OCSP -DHAVE_CRL_MONITOR -DPERSIST_SESSION_CACHE -DPERSIST_CERT_CACHE -DATOMIC_USER -DHAVE_PK_CALLBACKS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN -DHAVE_ENCRYPT_THEN_MAC -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS -DUSE_FAST_MATH -DNO_DES3 -DKEEP_PEER_CERT -Os -fomit-frame-pointer
LOCAL_SRC_FILES := \
native/com_wolfssl_wolfcrypt_ECC.c \
native/com_wolfssl_wolfcrypt_EccKey.c \
diff --git a/src/java/com/wolfssl/WolfSSLSession.java b/src/java/com/wolfssl/WolfSSLSession.java
index b923f8e..d0388b9 100644
--- a/src/java/com/wolfssl/WolfSSLSession.java
+++ b/src/java/com/wolfssl/WolfSSLSession.java
@@ -264,6 +264,7 @@ public class WolfSSLSession {
private native int getShutdown(long ssl);
private native void setSSLIORecv(long ssl);
private native void setSSLIOSend(long ssl);
+ private native int useSNI(long ssl, byte type, byte[] data);
/* ------------------- session-specific methods --------------------- */
@@ -2425,6 +2426,18 @@ public class WolfSSLSession {
setSSLIOSend(getSessionPtr());
}
+ public int useSNI(byte type, byte[] data) throws IllegalStateException {
+
+ int ret;
+
+ if (this.active == false)
+ throw new IllegalStateException("Object has been freed");
+
+ ret = useSNI(getSessionPtr(), type, data);
+
+ return ret;
+ }
+
/**
* Getter function to tell if shutdown has been sent or received
* @return WolfSSL.SSL_SENT_SHUTDOWN or WolfSSL.SSL_RECEIVED_SHUTDOWN
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java
index cb3df9c..8a4ba54 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLContext.java
@@ -56,7 +56,7 @@ public class WolfSSLContext extends SSLContextSpi {
private TLS_VERSION currentVersion = TLS_VERSION.SSLv23;
private WolfSSLAuthStore authStore = null;
private com.wolfssl.WolfSSLContext ctx = null;
- private SSLParameters params = null;
+ private WolfSSLParameters params = null;
private WolfSSLContext(TLS_VERSION version) {
this.currentVersion = version;
@@ -302,7 +302,7 @@ public class WolfSSLContext extends SSLContextSpi {
try {
authStore = new WolfSSLAuthStore(km, tm, sr, currentVersion);
- params = new SSLParameters();
+ params = new WolfSSLParameters();
createCtx();
} catch (IllegalArgumentException iae) {
@@ -423,7 +423,7 @@ public class WolfSSLContext extends SSLContextSpi {
*/
@Override
protected SSLParameters engineGetDefaultSSLParameters() {
- return WolfSSLEngineHelper.decoupleParams(this.params);
+ return WolfSSLParametersHelper.decoupleParams(this.params);
}
/**
@@ -432,7 +432,7 @@ public class WolfSSLContext extends SSLContextSpi {
*/
@Override
protected SSLParameters engineGetSupportedSSLParameters() {
- return WolfSSLEngineHelper.decoupleParams(this.params);
+ return WolfSSLParametersHelper.decoupleParams(this.params);
}
/* used internally by SSLSocketFactory() */
@@ -441,7 +441,7 @@ public class WolfSSLContext extends SSLContextSpi {
}
/* used internally by SSLSocketFactory() */
- protected SSLParameters getInternalSSLParams() {
+ protected WolfSSLParameters getInternalSSLParams() {
return this.params;
}
@@ -458,7 +458,7 @@ public class WolfSSLContext extends SSLContextSpi {
}
super.finalize();
}
-
+
public String[] getProtocolsMask(long noOpt) {
if(ctx != null)
ctx.setOptions(noOpt);
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java
index 218a6bf..1887b74 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java
@@ -35,8 +35,8 @@ import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLEngineResult.Status;
import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLParameters;
/**
* wolfSSL implementation of SSLEngine
@@ -49,7 +49,7 @@ public class WolfSSLEngine extends SSLEngine {
private WolfSSLSession ssl;
private com.wolfssl.WolfSSLContext ctx;
private WolfSSLAuthStore authStore;
- private SSLParameters params;
+ private WolfSSLParameters params;
private byte[] toSend; /* encrypted packet to send */
private byte[] toRead; /* encrypted packet coming in */
private int toReadSz = 0;
@@ -74,12 +74,12 @@ public class WolfSSLEngine extends SSLEngine {
* @throws WolfSSLException if there is an issue creating the engine
*/
protected WolfSSLEngine(com.wolfssl.WolfSSLContext ctx,
- WolfSSLAuthStore auth, SSLParameters params)
+ WolfSSLAuthStore auth, WolfSSLParameters params)
throws WolfSSLException {
super();
this.ctx = ctx;
this.authStore = auth;
- this.params = WolfSSLEngineHelper.decoupleParams(params);
+ this.params = params.copy();
try {
initSSL();
} catch (WolfSSLJNIException ex) {
@@ -102,12 +102,12 @@ public class WolfSSLEngine extends SSLEngine {
* @throws WolfSSLException if there is an issue creating the engine
*/
protected WolfSSLEngine(com.wolfssl.WolfSSLContext ctx,
- WolfSSLAuthStore auth, SSLParameters params, String host,
+ WolfSSLAuthStore auth, WolfSSLParameters params, String host,
int port) throws WolfSSLException {
super();
this.ctx = ctx;
this.authStore = auth;
- this.params = WolfSSLEngineHelper.decoupleParams(params);
+ this.params = params.copy();
try {
initSSL();
} catch (WolfSSLJNIException ex) {
@@ -520,6 +520,17 @@ public class WolfSSLEngine extends SSLEngine {
return EngineHelper.getEnableSessionCreation();
}
+ /**
+ * Set the SSLParameters for this SSLSocket.
+ *
+ * @param params SSLParameters to set for this SSLSocket object
+ */
+ synchronized public void setSSLParameters(SSLParameters params) {
+ if (params != null) {
+ WolfSSLParametersHelper.importParams(params, this.params);
+ }
+ }
+
/* encrypted packet ready to be sent out. Copies buffer to end of to send
* queue */
protected int setOut(byte[] in, int sz) {
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
index 8dea657..1c8ac35 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
@@ -48,7 +48,7 @@ import java.io.IOException;
public class WolfSSLEngineHelper {
private final WolfSSLSession ssl;
private WolfSSLImplementSSLSession session = null;
- private SSLParameters params;
+ private WolfSSLParameters params;
private WolfSSLDebug debug;
private int port;
private String host = null;
@@ -65,7 +65,7 @@ public class WolfSSLEngineHelper {
* @throws WolfSSLException if an exception happens during session creation
*/
protected WolfSSLEngineHelper(WolfSSLSession ssl, WolfSSLAuthStore store,
- SSLParameters params) throws WolfSSLException {
+ WolfSSLParameters params) throws WolfSSLException {
if (params == null || ssl == null || store == null) {
throw new WolfSSLException("Bad argument");
}
@@ -86,7 +86,7 @@ public class WolfSSLEngineHelper {
* @throws WolfSSLException if an exception happens during session resume
*/
protected WolfSSLEngineHelper(WolfSSLSession ssl, WolfSSLAuthStore store,
- SSLParameters params, int port, String host)
+ WolfSSLParameters params, int port, String host)
throws WolfSSLException {
if (params == null || ssl == null || store == null) {
throw new WolfSSLException("Bad argument");
@@ -334,14 +334,29 @@ public class WolfSSLEngineHelper {
}
}
+ /* sets SNI server names, if set by application in SSLParameters */
+ private void setLocalServerNames() {
+ if (this.clientMode) {
+ List names = this.params.getServerNames();
+ if (names != null && names.size() > 0) {
+ /* should only be one server name */
+ WolfSSLSNIServerName sni = names.get(0);
+ if (sni != null) {
+ this.ssl.useSNI((byte)sni.getType(), sni.getEncoded());
+ }
+ }
+ }
+ }
+
private void setLocalParams() {
this.setLocalCiphers(this.params.getCipherSuites());
this.setLocalProtocol(this.params.getProtocols());
this.setLocalAuth();
+ this.setLocalServerNames();
}
- /* sets all parameters from SSLParameters into WOLFSSL object and creates
- * session.
+ /* sets all parameters from WolfSSLParameters into WOLFSSL object and
+ * creates session.
* Should be called before doHandshake */
protected void initHandshake() throws SSLException {
if (!modeSet) {
@@ -418,7 +433,6 @@ public class WolfSSLEngineHelper {
}
}
-
/**
* Saves session on connection close for resumption
*/
@@ -428,40 +442,6 @@ public class WolfSSLEngineHelper {
}
}
- /**
- * Creates a new SSLPArameters class with the same settings as the one
- * passed in.
- *
- * @param in SSLParameters settings to copy
- * @return new parameters object holding same settings as "in"
- */
- protected static SSLParameters decoupleParams(SSLParameters in) {
- SSLParameters ret = new SSLParameters();
-
- ret.setCipherSuites(in.getCipherSuites());
- ret.setProtocols(in.getProtocols());
-
- ret.setNeedClientAuth(in.getNeedClientAuth());
- if (!ret.getNeedClientAuth()) {
- ret.setWantClientAuth(in.getWantClientAuth());
- }
-
- /* Supported by newer version of SSLParameters but to build with API 23
- * these are currently commented out
- ret.setAlgorithmConstraints(in.getAlgorithmConstraints());
- ret.setApplicationProtocols(in.getApplicationProtocols());
- ret.setEnableRetransmissions(in.getEnableRetransmissions());
- ret.setEndpointIdentificationAlgorithm(
- in.getEndpointIdentificationAlgorithm());
- ret.setMaximumPacketSize(in.getMaximumPacketSize());
- ret.setSNIMatchers(in.getSNIMatchers());
- ret.setServerNames(in.getServerNames());
- ret.setUseCipherSuitesOrder(in.getUseCipherSuitesOrder());
- */
-
- return ret;
- }
-
/* Internal verify callback. This is used when a user registers a
* TrustManager which is NOT com.wolfssl.provider.jsse.WolfSSLTrustManager
* and is used to call TrustManager checkClientTrusted() or
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLGenericHostName.java b/src/java/com/wolfssl/provider/jsse/WolfSSLGenericHostName.java
new file mode 100644
index 0000000..1b9ae8c
--- /dev/null
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLGenericHostName.java
@@ -0,0 +1,33 @@
+/* WolfSSLGenericHostName.java
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+package com.wolfssl.provider.jsse;
+
+/**
+ * Concrete class representing a generic host name, used with SNI and
+ * WolfSSLSNIServerName usage areas.
+ */
+public class WolfSSLGenericHostName extends WolfSSLSNIServerName
+{
+ WolfSSLGenericHostName(int type, byte[] encoded) {
+ super(type, encoded);
+ }
+}
+
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java b/src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java
new file mode 100644
index 0000000..b9a52bd
--- /dev/null
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java
@@ -0,0 +1,156 @@
+/* WolfSSLParameters.java
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+package com.wolfssl.provider.jsse;
+
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Collections;
+
+/**
+ * wolfJSSE implementation of SSLParameters
+ *
+ * This class includes the functionality of java SSLParameters, but allows
+ * wolfJSSE better control over settings, interop with older Java versions,
+ * etc. Strings set and returned should be cloned.
+ *
+ * This class is used internally to wolfJSSE. When a SSLParameters needs to
+ * be returned to an application (ex: SSLContext.getDefaultSSLParameters(),
+ * SSLContext.getSupportedSSLParameters()) wolfJSSE calls
+ * WolfSSLEngineHelper.decoupleParams() which creates a SSLParameters object
+ * from a WolfSSLParameters.
+ */
+final class WolfSSLParameters {
+
+ private String[] cipherSuites;
+ private String[] protocols;
+ private boolean wantClientAuth = false;
+ private boolean needClientAuth = false;
+ private String endpointIdAlgorithm;
+ private List serverNames;
+ private boolean useCipherSuiteOrder = true;
+ String[] applicationProtocols = new String[0];
+
+ /* create duplicate copy of these parameters */
+ protected WolfSSLParameters copy() {
+ WolfSSLParameters cp = new WolfSSLParameters();
+ cp.setCipherSuites(this.cipherSuites);
+ cp.setProtocols(this.protocols);
+ cp.wantClientAuth = this.wantClientAuth;
+ cp.needClientAuth = this.needClientAuth;
+ cp.setServerNames(this.getServerNames());
+
+ /* TODO: duplicate other properties here when WolfSSLParameters
+ * can handle them */
+
+ return cp;
+ }
+
+ String[] getCipherSuites() {
+ return this.cipherSuites.clone();
+ }
+
+ void setCipherSuites(String[] cipherSuites) {
+ /* cipherSuites array is sanitized by wolfJSSE caller */
+ this.cipherSuites = cipherSuites.clone();
+ }
+
+ String[] getProtocols() {
+ return this.protocols.clone();
+ }
+
+ void setProtocols(String[] protocols) {
+ /* protocols array is sanitized by wolfJSSE caller */
+ this.protocols = protocols.clone();
+ }
+
+ boolean getWantClientAuth() {
+ return this.wantClientAuth;
+ }
+
+ void setWantClientAuth(boolean wantClientAuth) {
+ /* wantClientAuth OR needClientAuth can be set, not both */
+ this.wantClientAuth = wantClientAuth;
+ this.needClientAuth = false;
+ }
+
+ boolean getNeedClientAuth() {
+ return this.needClientAuth;
+ }
+
+ void setNeedClientAuth(boolean needClientAuth) {
+ /* wantClientAuth OR needClientAuth can be set, not both */
+ this.needClientAuth = needClientAuth;
+ this.wantClientAuth = false;
+ }
+
+ String getEndpointIdentificationAlgorithm() {
+ return this.endpointIdAlgorithm;
+ }
+
+ void setEndPointIdentificationAlgorithm(String algorithm) {
+ this.endpointIdAlgorithm = algorithm;
+ }
+
+ void setServerNames(List serverNames) {
+ if (serverNames == null) {
+ this.serverNames = null;
+ } else {
+ this.serverNames = Collections.unmodifiableList(
+ new ArrayList(serverNames));
+ }
+ }
+
+ List getServerNames() {
+ if (this.serverNames == null) {
+ return null;
+ } else {
+ return Collections.unmodifiableList(
+ new ArrayList(this.serverNames));
+ }
+ }
+
+ /* TODO, create our own class for SNIMatcher, in case Java doesn't support it */
+ //void setSNIMatchers(Collection matchers) {
+ // /* TODO */
+ //}
+
+ /* TODO, create our own class for SNIMatcher, in case Java doesn't support it */
+ //Collection getSNIMatchers() {
+ // return null; /* TODO */
+ //}
+
+ void setUseCipherSuitesOrder(boolean honorOrder) {
+ this.useCipherSuiteOrder = honorOrder;
+ }
+
+ boolean getUseCipherSuitesOrder() {
+ return this.useCipherSuiteOrder;
+ }
+
+ String[] getApplicationProtocols() {
+ return this.applicationProtocols.clone();
+ }
+
+ void setApplicationProtocols(String[] protocols) {
+ this.applicationProtocols = protocols.clone();
+ }
+}
+
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java
new file mode 100644
index 0000000..b078372
--- /dev/null
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java
@@ -0,0 +1,198 @@
+/* WolfSSLEngineHelper.java
+ *
+ * Copyright (C) 2006-2020 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+package com.wolfssl.provider.jsse;
+
+import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import javax.net.ssl.SSLParameters;
+
+public class WolfSSLParametersHelper
+{
+ private static Method getServerNames = null;
+ private static Method setServerNames = null;
+
+ /* Runs upon class initialization to detect if this version of Java
+ * has SSLParameters methods that older versions may not have */
+ static
+ {
+ AccessController.doPrivileged(new PrivilegedAction